Thursday, December 07, 2023, saw the release of the latest version of pfSense. Version 2.7.2.
This new version comes less than a month after the release of pfSense 2.71.
pfSense 2.7.2 mainly corrects potential ZFS file system corruption problems, as well as other bugs and security issues.
In this article, we take a quick look at the highlights of this update.
Main changes
This latest version of pfSense is primarily aimed at correcting problems with the ZFS file system.
Indeed, shortly after the release of pfSense 2.7.1, several serious anomalies were announced, and then quickly corrected, on FreeBSD 14 (the operating system on which pfSense is based).
In detail, pfSense 2.7.2 includes changes relating to three problems with the ZFS file system, two of which could lead to data corruption.
The first relates to block cloning, a ZFS feature not currently enabled in pfSense.
The second relates to the reporting of holes in sparse files. This is normally a very difficult case to encounter in typical use on a system equipped with pfSense software. However, given that other data corruption problems have been reported in the same area in the past, the editor preferred to quickly integrate the corrections proposed by FreeBSD. This correction may result in a slight increase in storage space used.
Finally, pfSense 2.7.2 also corrects a third ZFS problem that can lead to high CPU usage.
In addition to these ZFS-specific issues, this new release also brings the following fixes:
- Correction of a security advisory concerning a potential denial-of-service attack on the TCP stack using spoofed RST packets;
- OpenVPN updated to version 2.6.8_1;
- Update of strongSwan (IPsec) to resolve a potential buffer overflow problem (CVE-2023-41913);
- Fixed bugs in AES-GCM fallback implementation;
- Fixed several PHP errors on the PPP interface creation and DHCPv6 service modification pages ;
- Several other bugs, security holes and other minor issues have also been corrected
Update process
This new version is available for updates and as a download for new installations.
If no update is offered, it may be useful to refresh your pfSense repositories using the following commands (to be entered in console or from a shell) :
pkg-static clean -ay; pkg-static install -fy pkg pfSense-repo pfSense-upgrade
If your pfSense is installed on a ZFS file system, remember to create a restore point.
In all cases, remember to make a backup before launching the upgrade, and follow our full tutorial: [pfSense] Upgrade your pfSense server.
Finally, you can consult the complete list of changes by visiting the following page: 2.7.2 New Features and Changes.