Download pfSense 2.4.5

Version 2.4.5 of pfSense has been released. This package is based on the FreeBSD operating system and focuses on router and firewall tasks. It started in 2004 as a fork of m0n0wall due to differing views among the developers and over the years has grown into a router and firewall package that can be deployed in both small and very large environments. For more information, please refer to this page. The highlights for this release are as follows:

New Features

2.4.5 adds several new features, including:

• OS Upgrade: Base Operating System upgraded to FreeBSD 11-STABLE after FreeBSD 11.3
• Added sorting and search/filtering to several pages including the Certificate Manager, DHCP Leases, and ARP/NDP Tables.
• Added DNS Resolver (Unbound) Python Integration
• Added IPsec DH and PFS groups 25, 26, 27, and 31
• Changed UFS filesystem defaults to noatime on new installations to reduce unnecessary disk writes
• Set autocomplete=new-password for forms containing authentication fields to help prevent browser auto-fill from completing irrelevant fields
• Added new Dynamic DNS providers Linode and Gandi

For a complete list of new features, see the Release Notes.

Security / Errata

pfSense software release version 2.4.5 addresses several security issues:

• Potential cross-site scripting (XSS) vectors in several GUI pages
• A privilege escalation issue where an authenticated user granted access to the picture widget could run arbitrary PHP code or gain access to pages for which they otherwise would not have privileges
• Added a fsck run with -z for UFS filesystems on upgrade to address FreeBSD-SA-19:10.ufs
• Fixed the format of XMLRPC authentication failure messages so they can be acted upon by sshguard
• Added a custom CSRF Error page with warnings and confirmation prompts before resubmitting potentially harmful data
• Addressed FreeBSD Security Advisories & Errata Notices

For complete details about these issues, see the Release Notes.

Notable Bug Fixes

In addition to security fixes, pfSense software version 2.4.5 also includes important bug fixes.

• The default GUI certificate lifetime has been reduced to 825 days, to comply with current standards. These standards are being enforced strictly on platforms such as iOS 13 and macOS 10.15. After upgrading to pfSense software version 2.4.5, a new compatible GUI certificate may be generated from the console or SSH with the command pfSsh.php playback generateguicert
• Several IPsec VTI fixes, including improved handling of IPsec restarts breaking VTI routing
• Fixed several issues with custom view management in Status > Monitoring
• Fixed serial console terminal size handling issues
• Fixed privilege matching issues which may have prevented some users from accessing pages to which they should have had access, such as the User Manager
• Fixed an issue when resolving FQDN entries in aliases where some entries could be missing

For a complete list of corrected bugs, see the Release Notes.