24.11 New Features and Changes

Added: Allow user-defined rules to utilize built-in system aliases #1979

Fixed: sshguard is not properly detecting GUI login failures #15687

Fixed: GUI logout messages do not use the auth log facility #15719

Fixed: Special characters in the ACB configuration change description can cause PHP errors #15711

Fixed: AutoConfigBackup tries to upload backups before the system has finished booting #15718

Fixed: Factory resetting the configuration removes WireGuard #15511

Fixed: Skip Packages option for Configuration Backups fails with large configurations #15624

Fixed: HA node with CARP VIP in backup state is unable to ping the active node using that CARP VIP address #14026

Fixed: Captive Portal logo fails to load after authenticated redirect #15404

Fixed: Captive Portal zones can fail to start due to ID conflict #15772

Fixed: CA certificates are not added to the Trust Store #15440

Fixed: Certificate Manager GUI inconsistency in Revocation tab titles #15454

Fixed: System proxy credentials with certain characters may fail to authenticate #15565

Fixed: Declining to reset the admin account via the console menu still prompts to change the password #15751

Added: Settings tab for global Kea DHCP server options #5080

Fixed: Kea fails to restart due to race between process termination and startup #14977

Fixed: Kea will not start with identical MAC address filters on multiple interfaces #15130

Fixed: Changes in Kea DHCP interface pools may invalidate lease database content #15328

Fixed: Kea does not send configured TFTP server name #15518

Added: Kea High Availability Support (IPv4 and IPv6) #15575

Added: Kea DNS Resolver (Unbound) Integration (IPv4 and IPv6) #15651

Fixed: IPv4 DHCP client responses may be routed unexpectedly out unrelated WANs #15702

Fixed: Hostnames for ISC DHCP leases are not removed from Unbound when switching to Kea #15750

Added: Kea DHCP lease database RAM disk support (IPv4 and IPv6) #15828

Fixed: DNS Forwarder ignores “Use remote DNS Servers, ignore local DNS” setting #15434

Changed: Update dnsmasq to version 2.90 #15465

Fixed: Reduce disruptions when changing DNS records from DHCP leases in Unbound #5413

Changed: Update Unbound to 1.22.0 #15483

Fixed: Automatic EDNS value may be lower than expected #15704

Fixed: Unbound configuration file contains Localhost address in forwarding mode with TLS enabled #15722

Fixed: unbound-checkconf fails with python mode enabled #15723

Added: Improve Thermal Sensors Dashboard widget readability #13520

Fixed: Traffic Graph widget displays bandwidth usage values which are half the actual usage amount #14933

Fixed: Firewall Logs Dashboard widget update interval does not behave as expected #15373

Added: Show current boot method in System Information Dashboard widget #15422

Fixed: Incorrect icon on collapsed dashboard widgets #15439

Fixed: Dashboard widgets refresh at unintended intervals #15725

Changed: Improve Thermal Sensors Dashboard widget refresh code #15728

Fixed: Session cookie warnings #15729

Fixed: Sanitize RFC 2136 Dynamic DNS update keys in status.php output #15490

Fixed: File browser on diag_edit.php does not encode directory names before display #15525

Fixed: State table entries printed on diag_dump_states.php may contain an unexpected interface #15657

Added: Enable @ support for Azure in Dynamic DNS #10000

Added: Enable @ support for name.com in Dynamic DNS #14289

Changed: Update Dynamic DNS API URL for porkbun.com #15779

Fixed: Dynamic DNS attempts to resolve entries with disabled interfaces #15802

Fixed: Kernel panic in HA nodes when under high load #15413

Fixed: Gateway monitoring includes disabled gateways #15635

Fixed: No default route after boot #15791

Fixed: Removing a route from the High Availability primary node does not remove the entry from the routing table on the secondary node #15795

Fixed: Kernel Panic when IGMPProxy gets CIDR Removed #15831

Fixed: Mobile IPsec does not automatically switch to failover gateway #15685

Fixed: Mobile IPsec sends incorrect DNS attribute IDs #15755

Fixed: Non Link-Local IPv6 CARP address does not get advertised to endpoints with RADVD #12581

Fixed: Installing to ZFS mirror does not format or populate EFI partition on additional disks #15083

Fixed: Adding MSS and MTU values on a LAGG VLAN interface breaks connectivity #14083

Fixed: PHP error when applying interface settings if the /tmp/.interfaces.apply file is present but empty #15423

Added: Use natural sorting when sorting interfaces #15437

Fixed: OpenVPN QinQ interface creation fails #15692

Fixed: Interface group members are not validated on load/save on interfaces_groups_edit.php, and are printed without encoding on interfaces_groups.php #15778

Fixed: Restarting the logging daemon during rotation also restarts sshguard, leading to frequent log messages #12747

Fixed: State Killing on Gateway Recovery fails for the default gateway group with the “Kill all” option selected #15694

Added: NTP authentication support #8794

Added: More GUI options for OpenVPN Client-Specific Overrides #12522

Fixed: PHP error with OpenVPN server certificate verification if the certificate has multiple CN attributes #15133

Fixed: Kernel panic with pflow configured and active #15446

Fixed: Proxy variables in crontab contents are improperly formatted #15502

Fixed: resizewin occasionally gets fed a spurious line feed over certain serial console+client combinations #15777

Changed: Update PHP to 8.3.x #15053

Fixed: Memory leak in pfSense module function pfSense_get_ifaddrs() #15471

Fixed: Updates fail against an authenticated upstream proxy #15094

Fixed: Package navigation menus can be duplicated when reinstalling the package #15700

Added: Allow filtering packet captures by system-defined protocols #15609

Fixed: Interface-bound state policy does not handle IPsec VTI traffic as expected when filtering on enc0 interface #15430

Fixed: IPsec VTI static routes may not be added after the system boots #15449

Fixed: Saving an IPv6 gateway overrides the IPv4 gateway #15589

Fixed: Routes with IPv6 Address as Next Hop for IPv4 Destination Causes Kernel Panic #15601

Fixed: Static routes using null gateways are not installed #15669

Fixed: Per-rule byte counter values lost across a filter reload #15516

Fixed: Separator positions are incorrect when copying interface group rules #15537

Added: GUI options to change default SCTP state timeouts #15661

Fixed: Setting the Port Forward interface to an interface group selects an invalid destination #15671

Changed: Query for SMART data only on root disk devices #15586

Fixed: File descriptor leak in bsnmpd #15481

Fixed: NTP option “DNS Resolution” has no effect when using NTP pool hostnames #15552

Fixed: Port forward rules created by miniupnpd do not expire #15470

Fixed: Upgrading an EFI system installed to ZFS mirror does not upgrade EFI loader on additional disks #15084

Fixed: CLI password check exits with a write access error when checking is a read-only operation #15442

Fixed: Network and broadcast address input validation is incorrectly applied to IPv6 VIPs #15361

Changed: Remove deprecated HTTP/1.0 Pragma header #15781

Changed: Use minified nvd3 vendor files #15782