Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Upgrading Unbound version for latest pfSense Plus release?

    Scheduled Pinned Locked Moved DHCP and DNS
    3 Posts 3 Posters 77 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tman222
      last edited by

      Hi all,

      I wanted ask if it might be possible to include the latest version of the Unbound resolver in the upcoming pfSense Plus release? The 24.11 pfSense Plus release includes Unbound 1.22 (released in October 2024), and since then both Unbound versions 1.23 and 1.23.1 have been released with some key bug and security fixes:

      https://github.com/NLnetLabs/unbound/releases

      Apologies in advance if effort has already made to include a newer version of Unbound in the upcoming release (I didn't see it listed in the 25.07 release notes when I looked earlier). Thanks in advance.

      w0wW GertjanG 2 Replies Last reply Reply Quote 1
      • w0wW
        w0w @tman222
        last edited by w0w

        @tman222
        https://redmine.pfsense.org/issues/11921?tab=properties
        It looks like pfSense is unaffected by CVE-2025-5994, so the 1.23.1 update is not necessary.

        1 Reply Last reply Reply Quote 0
        • GertjanG
          Gertjan @tman222
          last edited by Gertjan

          @tman222 said in Upgrading Unbound version for latest pfSense Plus release?:

          (I didn't see it listed in the 25.07 release notes when I looked earlier).

          A couple of days (weeks ?) one of the latest pfSense Plus Beta or RC already included 1.23. That's the version I use right now.
          Since February 2025, 1.22.x was used, that's according my own release notes (I always log the upgrade process, executed form console, option 13, to a file. I don't use the GUI upgrader as that one tend to hide the obfuscate the interesting stuff.)

          If the newest unbound version, 1.23.1, concerns the 'pfSense' version of unbound, then 1.23.1 will probably be included soon.

          edit :
          @w0w => 👍

          We can actually check :

          [25.07-RC][root@pfSense.bhf.tld]/root: unbound -V
Version 1.23.0

Configure line: --with-libexpat=/usr/local --with-libnghttp2 --with-ssl=/usr --enable-dnscrypt --disable-dnstap --with-dynlibmodule --enable-ecdsa --enable-event-api --enable-gost --with-libevent --with-pythonmodule=yes --with-pyunbound=yes ac_cv_path_SWIG=/usr/local/bin/swig LDFLAGS=-L/usr/local/lib --disable-subnet --disable-tfo-client --disable-tfo-server --with-pthreads --prefix=/usr/local --localstatedir=/var --mandir=/usr/local/share/man --infodir=/usr/local/share/info/ --build=amd64-portbld-freebsd15.0
Linked libs: libevent 2.1.12-stable (it uses kqueue), OpenSSL 3.0.16 11 Feb 2025
Linked modules: dns64 python dynlib respip validator iterator
DNSCrypt feature available

BSD licensed, see LICENSE in source package for details.
Report bugs to unbound-bugs@nlnetlabs.nl or https://github.com/NLnetLabs/unbound/issues

          so the CVE deosn't apply.

          No "help me" PM's please. Use the forum, the community will thank you.
          Edit : and where are the logs ??

          1 Reply Last reply Reply Quote 1
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.