2.4.5-RC Now Available

dennis_s

We're happy to announce the 2.4.5-RC (release candidate) is now available for users to download and test. We appreciate all of you who help us test these releases to help ensure the stability of the final release.

For existing installs - System > Update and pick the next 2.4.x release candidate version (2.4.5-RC)
For fresh installs, you can download the 2.4.5 installer here.

If you have a problem:

• Check to see if an issue already exists on redmine
• Check for an existing thread in the development category and reply there
• If no thread exists, create a new thread

Reminder: Take a backup before, and a snapshot if it's a VM. Also, uninstall all packages before upgrading to ensure things go smoothly.

techpro2004

Nice sounds good. Any Idea of when we will have a release instead of a rc? thanks.

johnpoz

When there has been sufficient time for a large population of installs, and time to allow for feedback, and then any sort of adjustments that need to be made..

So when its ready is the correct answer ;)

Every single one of your posts have been asking when 2.4.5 or 2.5 is going to be released - wtf dude???

mcury

Upgraded a SG-3100 from 2.4.4p3, sucessfully.
Removed all the packages before doing it.

After the update, found my OPT1 down, logs:
arpresolve: can't allocate llinfo for 192.168.2.121 on mvneta0

Tried to reboot and got some errors:
[28-Jan-2020 16:05:15 Etc/GMT+3] PHP Warning: stream_socket_client(): php_network_getaddresses: getaddrinfo failed: hostname nor servname provided, or not known in /usr/local/share/pear/Net/Socket.php on line 159
[28-Jan-2020 16:05:15 Etc/GMT+3] PHP Warning: stream_socket_client(): unable to connect to ssl://smtp.gmail.com:465 (php_network_getaddresses: getaddrinfo failed: hostname nor servname provided, or not known) in /usr/local/share/pear/Net/Socket.php on line 159

Forced this interface from default negotiate to 100baseTX fullduplex and it fixed the arpresolve problem, also no more PHP errors observed after reboot, guess those PHP errors were related to the interface arpresolve.

Reinstalling packages, in case I see something, I'll post in the forum to help.

seanmcb

Is 'removing all packages' something that should normally be done before updating pfsense, or a particularity to this rc?

jimp

@seanmcb said in 2.4.5-RC Now Available:

Is 'removing all packages' something that should normally be done before updating pfsense, or a particularity to this rc?

It's been a part of the recommended upgrade procedure for a long time, no matter what the release is.

You don't always have to do it, but it has the best possible positive outcome that way.

If you're just going from 2.4.4-p3 to 2.4.5-RC you should be fine leaving packages installed in most cases. I'd probably still remove squid at least, though, if you have it.

occamsrazor

@jimp I've never removed packages and so far have been lucky. But a question - does removing packages also remove the settings associated with them? I.E. if you remove packages, update OS, then re-install the same packages..... do you have to set them up all over again? Thanks.

ptt

I'm not Jim, but i'll answer....

Package settings will remain in the "config.xml" (even when you uninstall them)

Derelict

I will add that some packages have options that can remove the settings when you remove the package:

This is from Squid.

ramup

Just an complementary information to the posting of Derelict. Some packages have under their package settings options to preserve or delete the settings during deinstallation/reinstallation.
Like Derelict said e.g. Squid package but also Snort...
So you should check the custom preferences for each package installed in advance. I would recommend further to backup settings in advance to have the necessary settings in config.xml just in case.

techpro2004

Any idea of when we will see a release. The RC has been out for almost a month. Thanks

johnpoz

When its ready dude - JFC your like a broken record.. What exactly is the rush... What exactly are you needing 2.4.5 to be released for.. Is there something not working?

As soon as you 2.4.5 comes out, are you just going to be asking about 2.4.6?

jimp

When we stop finding things that have to be fixed before it's released. We're not going to shove out something half-baked because people want it fast. It will be out when it's ready.

techpro2004

Jimp, You previously mentioned you have an internal redmine I know you can't tell me details about what is on it but can you say how many items is left? thanks

Johnpoz, I used to have a hdhomerun, the tv cut out with that. I am having the same issue now that I am on tivo. I also switched cable providers. I have upgraded the hardware pfsense runs on (not the nic) The only thing constant is pfsense. I have always been running 2.4.4* and I am hoping that 2.4.5 or 2.5 will help. Just wondering is there any issues with this nic here (https://www.amazon.com/gp/product/B000P0NX3G/ref=ppx_yo_dt_b_search_asin_title?ie=UTF8&psc=1)

jimp

@techpro2004 said in 2.4.5-RC Now Available:

Jimp, You previously mentioned you have an internal redmine I know you can't tell me details about what is on it but can you say how many items is left? thanks

No, because the number of issues does not reflect the complexity of the issues or the time it may take to resolve them.

It will be ready when it is ready. Not a moment sooner.

seanmcb

@johnpoz said in 2.4.5-RC Now Available:

What exactly is the rush...

How about the fact that there are 9 months of unpatched security vulnerabilities? Take a look a the output of pkg audit -F. 9 months is a really long time to get not a single security patch, especially for something meant to defend your network. Don't you think?

jimp

@seanmcb said in 2.4.5-RC Now Available:

How about the fact that there are 9 months of unpatched security vulnerabilities? Take a look a the output of pkg audit -F. 9 months is a really long time to get not a single security patch, especially for something meant to defend your network. Don't you think?

That is a reason to produce an update, but it is not a reason to rush it out before it is ready.

johnpoz

@techpro2004 said in 2.4.5-RC Now Available:

there any issues with this nic here

Well both 2.4.5 and 2.5 out to test wtih... You could try those to see if works with whatever issue your having..

But pfsense is a firewall/router - it doesn't care what packets your moving unless you block them... Nor does it manipulate them in any way other than NAT.. There 1000's if not 10s of thousands if not even 100s of thousands using pfsense with their streaming devices behind them.. If there was some issue, the boards would be lit up and on fire!!!

I stream multiple services, I serve plex to public.. What specific issues are you having - the nic is not seen, it goes offline? Thinking an updating will fix some issue with your TV is able to stream data is very unlikely.

A Former User

Please correct me if my interpretation is wrong.

1. There are 0 CVE's for the current pfsense version (2.4.4p3)
2. Not all freebsd vulnerabilities are relevant to pfsense.
3. The underlying freebsd is EOL for pfsense 2.4.4p3.
4. 2.4.5 gets pfsense on freebsd 11.3 which is the 11.x stable version.
5. 2.5.0 gets pfsense to freebsd 12.x (whatever is the stable .x version when the pfsense release is frozen)

There are NO known vulnerabilities being exploited at this moment (2/24/2020). There is no valid reason to panic or whine.

Of course it will be nice to get shiny new versions. New features and improvements. If you are really in a rush then setup a test environment and help test. Unfortunately, many of us we don't have a test environment and the current setup is mission critical (according to my wife and kids) so I will just wait politely.

Rico

@jwj said in 2.4.5-RC Now Available:

and the current setup is mission critical (according to my wife and kids)

So it‘s your wife and my 1500 Users.
Agree...they don‘t care about version numbers, just have the services we provide 100% rock stable and secure.
pfSense 2.4.4-p3

-Rico