2.4.3-p1 New Features and Changes

New features and changes for this release of pfSense® software:

Security / Errata

• FreeBSD SA for CVE-2018-8897 FreeBSD-SA-18:06.debugreg

• FreeBSD EN for CVE-2018-6920 and CVE-2018-6921 FreeBSD-EN-18:05.mem

• Fixed a potential LFI in pkg_mgr_install.php pfSense-SA-18_04.webgui #8485

• Fixed a potential XSS in pkg_mgr_install.php pfSense-SA-18_05.webgui #8486

Misc

• Added a check to avoid creating route-to rules for proxy ARP addresses

• Corrected alias name input validation text referring to well-known and registered ports #8409

• Corrected the list of pf reserved keywords to prevent aliases from using invalid custom names #8445

• Fixed an issue with Captive Portal access rules being left behind on disconnect #8441

• Fixed an issue with pressing Enter in the filter field of diag_pftop.php #8494

• Fixed an issue with invalid rules generated due to the presence of IPv6 Alias VIPs #8408

• Fixed an issue with IPsec mobile Pre-Shared Keys and iOS devices #8426

• Fixed an issue with selecting a gateway when switching a firewall rule away from IPv4+IPv6 mode #8447

• Fixed firewall rules generated by the OpenVPN wizard #8391

• Fixed handling of OpenVPN RADIUS attribute firewall rules #8480

• Fixed handling of XMLRPC user/group synchronization when that section is disabled on the primary #8450

• Fixed input validation to allow named services to be used in firewall rules rather than numbers alone #8410

• Fixed issues with IP alias VIPs on Localhost at boot time #8393

• Increased the default Firewall Maximum Table Entries value to 400000 to cope with the increased size of the IPv6 bogon address lists #8417

• Updated SimplePie RSS to 1.5.1 #8423

• Added more fields to the list that status.php uses to redact private information #8394