Any urgency to upgrade from 2.4.3-RELEASE to 2.4.3-RELEASE-p1?



  • I have read the release announcement for PfSense 2.4.3-RELEASE-p1, and:

    • I do not permit remote pfSense administration
      -I am the sole user with admin access
      -I have no WiFi (i.e. No Drivers) on the pfSense box
      -I use NoScript on my browser to mitigate XSS

    If I understand correctly, this doesn't appear to be a high priority update for me-or am I missing something?


  • Rebel Alliance Global Moderator

    There is also other changes and fixes in this release.. Not just security stuff.

    You should always be current on your firewall software.. Not saying you have to pull the trigger 2 hours after it releases.. But makes zero sense to say.. .Ah, nothing there I need, Ah nothing in this one either.. Now your multiple versions behind and when something doesn't work you try and jump to latest and greatest, might have issue with that upgrade - did pfsense test every possible previous release with update to current, etc. etc..

    Stuff like these fixes
    Fixed a premature session timeout issue on pages which update exclusively using AJAX, such as status_graph.php

    Fixed a missing global variable declaration in interface IP address detection

    Packages that you might be using.. And update to a package might not work if using outdated version of pfsense, etc.

    If you have change control to follow, or just haven't had a spare moment ok sure.. My NY office branch sg-2440 has not been updated to p1 as of yet. But its just a matter of scheduling the update for min disruption to the users there, etc.



  • @johnpoz said in Any urgency to upgrade from 2.4.3-RELEASE to 2.4.3-RELEASE-p1?:

    There is also other changes and fixes in this release.. Not just security stuff.

    You should always be current on your firewall software.. Not saying you have to pull the trigger 2 hours after it releases.. But makes zero sense to say.. .Ah, nothing there I need, Ah nothing in this one either.. Now your multiple versions behind and when something doesn't work you try and jump to latest and greatest, might have issue with that upgrade - did pfsense test every possible previous release with update to current, etc. etc..

    Stuff like these fixes
    Fixed a premature session timeout issue on pages which update exclusively using AJAX, such as status_graph.php

    Fixed a missing global variable declaration in interface IP address detection

    Packages that you might be using.. And update to a package might not work if using outdated version of pfsense, etc.

    If you have change control to follow, or just haven't had a spare moment ok sure.. My NY office branch sg-2440 has not been updated to p1 as of yet. But its just a matter of scheduling the update for min disruption to the users there, etc.

    I get where you are coming from, and I do my best to keep things current. My challenge is that updates are a balance between fixing existing issues/improvements and the risk of breaking something that is working well.

    An upgrade can just as easily break an existing package and then I either have a mess to roll back or live with something broken till a fix gets issued.

    Unless there is a compelling reason to update I like to wait about 2-3 weeks for anything non-urgent (I've seen many projects issue a p1 and then have to issue a p2 a few days later) so that if there are serious problems I won't have to deal with them (my FreeBSD skills are not great and I can't afford to have my firewall down for any significant amount of time).

    Once I upgrade to a ZFS install I would hope that would solve the problem-If it's implemented correctly (like the FreeNAS projects has done), a botched update is gone with a simple zfs rollback.