Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Advantages of upgrading to latest CE version

    General pfSense Questions
    5
    7
    718
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      marchand.guy
      last edited by

      I am using the last 2.6.0-RELEASE (amd64) vesion of psSense without any problems.
      The packages I am running without problems also are;
      squid proxy
      pfblockerNG
      acme certificate manager.

      Of course the is no updates to these packages anymore.

      My question is then:
      Should I upgrade/follow the latest CE version?
      I just don't see why.

      Thank you for your opinion.

      johnpozJ A 2 Replies Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator @marchand.guy
        last edited by johnpoz

        @marchand-guy so your still running windows 95, because you don't see why you should upgrade?

        Forgetting any new features, which there are many from 2.6 to 2.7.2 - your not going to get much help from anyone if you do run into problems because you are no longer on a supported version.

        Here is the stuff that changed and is new in just 2.7

        https://docs.netgate.com/pfsense/en/latest/releases/2-7-0.html

        Not only is that version of pfsense no longer supported, neither is the freebsd 12.3 it runs on.

        edit: this isn't well my printer or tv works, never had any issues with it no reason to upgrade its firmware.. This is your firewall.. There are quite a few CVEs address with updates. And I know php and openssl were major updates from 2.6..

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

        1 Reply Last reply Reply Quote 1
        • A
          ameinild @marchand.guy
          last edited by ameinild

          To make it easier for you ...

          From 2.7.0 release notes:

          General

          • PHP has been upgraded from 7.4.x to 8.2.6
          • The base operating system has been upgraded to FreeBSD 14-CURRENT

          Security

          pfSense CE 2.7.0-RELEASE includes fixes for the following potential vulnerabilities:

          • pfSense-SA-22_05.webgui: A potential XSS vulnerability in firewall_aliases.php from URL table alias URLs.
          • pfSense-SA-23_01.webgui: A potential XSS vulnerability in diag_edit.php from browsing directories containing specially crafted filenames on the filesystem.
          • pfSense-SA-23_02.webgui: A potential XSS vulnerability in system_camanager.php and system_certmanager.php from specially crafted descriptions when editing entries.
          • pfSense-SA-23_03.webgui: A potential authenticated arbitrary file creation vulnerability from the name parameter when creating or editing URL table aliases.
          • pfSense-SA-23_04.webgui: A potential authenticated arbitrary command execution vulnerability in status.php from specially crafted filenames on the filesystem.
          • pfSense-SA-23_05.sshguard: Anti-brute force protection bypass for GUI authentication requests containing certain proxy headers.
          • pfSense-SA-23_06.webgui A potential Authenticated Command Execution vulnerability from the bridgeif parameter on interfaces_bridge_edit.php in the GUI.

          From 2.7.1 release notes:

          General

          • Kea DHCP Server has been added as an opt-in feature preview for IPv4 and IPv6 DHCP service. Kea will eventually replace the ISC DHCPD daemon which is EOL.
          • OpenSSL has been upgraded to 3.0.12 from 1.1.1 in FreeBSD. This change was necessary as OpenSSL 1.1.1 reached its End of Life (EOL) on September 11, 2023. This means there will be no security patches for vulnerabilities affecting OpenSSL 1.1.1.

          Security

          In addition to OpenSSL and other concerns in the base OS and packages, this release addresses the following vulnerabilities in pfSense software:

          • pfSense-SA-23_08.webgui (XSS in getserviceproviders.php, #14547)
          • pfSense-SA-23_09.webgui (XSS in status_logs_filter_dynamic.php, #14548)
          • pfSense-SA-23_10.webgui (Authenticated Command Execution in interfaces_gif_edit.php and interfaces_gre_edit.php, #14549)
          • pfSense-SA-23_11.webgui (Authenticated Command Execution in packet_capture.php, #14809)

          From 2.7.2 release notes:

          Security / Errata

          This release includes corrections for several FreeBSD Errata Notices and Security Advisories, including:

          • FreeBSD-SA-23:17.pf - TCP spoofing vulnerability in pf(4)
          • FreeBSD-EN-23:16.openzfs - Potential ZFS Data Corruption
          • For more information about ZFS data corruption, see ZFS Data Corruption Details later in this document.
          • FreeBSD-EN-23:18.openzfs - High CPU usage by ZFS kernel threads
          • FreeBSD-EN-23:17.ossl - ossl(4)’s AES-GCM implementation may give incorrect results
          • FreeBSD-EN-23:20.vm - Incorrect results from the kernel physical memory allocator
          • Performance issues in OpenSSL have also been identified and corrected, notably with acceleration such as AES-NI.
          1 Reply Last reply Reply Quote 2
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by stephenw10

            Yes, that list of security issues should convince you. 😉

            1 Reply Last reply Reply Quote 2
            • M
              marchand.guy
              last edited by

              "so your still running windows 95, because you don't see why you should upgrade?"
              What is wrong with you? Bad day?
              Who the f*** was talking about windows 95? Why not windows 3.0 if you get some kicks outta your "argument"?

              Thanks to all the others who raised the security concerns for me to look at.

              johnpozJ 1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator @marchand.guy
                last edited by

                @marchand-guy it was an attempt at some fun, and to make a point.. Your running a version that is quite old, 2 years.. It is EOL, why would you think you should not update it?

                "I just don't see why."

                Why should someone need to point out to you to keep your security stuff updated?

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                S 1 Reply Last reply Reply Quote 2
                • S
                  Shack @johnpoz
                  last edited by

                  @johnpoz No joke. I started using pfSense when 2.6 was current, pretty soon after its release, and I was getting concerned that no updates came out for like a year. It was a relief when 2.7 arrived and the two point releases that followed.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.