github inverse-inc/packetfence v15.1.0
on GitHub

4 hours ago

The Inverse team is pleased to announce the immediate availability of PacketFence 15.1 - a minor release bringing many improvements!

Here's the complete list of changes included in this release:

New Features

  • Support Intelbras Switch and AP equipment — adds wireless and switch templates (#8836)
  • Additional admin roles — bypass roles and per-node bypass VLANs (#8717)
  • Read-only roles — per-role acls_enabled toggle (#8970)
  • SNMP port enable/disable from the admin UI (#7606)
  • SSO triggered on role change — admin UI toggle, applies on autoreg (#8881)
  • EAP-PEAP authentication via pfconnector to on-premises Active Directory — NTLM Auth API remote (#8700)
  • NetFlow UDP proxy — pfudpproxy forwards NetFlow/sFlow to a fingerbank-collector (#8909)
  • Switch observability — new switch_observability and switch_observability_acls tables (#8952)
  • Kafka cluster support — multi-broker setup script with iptables and keepalived (#8844)
  • sFlow, NetFlow and IPFIX support declarations on switch modules (#9017)
  • Standalone discovery of switches on the network — SNMP scan extracted to standalone module (#8979)
  • Network device discovery — new discover-network-device plugin (#8891)
  • Admin UI and API endpoints for sending password reset emails (#8877)
  • Captive portal local password authentication — unauthenticated password recovery flow (#8872)
  • Fortinet dACL chewer (#8879)
  • Bootable ISO installer for PacketFence — USB ISO builder with system-requirements check (#8818)
  • USB bootable ISO: self-contained PacketFence installer for Debian 12 — Makefile-driven offline installer (#9027)
  • Cloud NAC — git-crypt and git-sync added to pfdebian image for cloud config syncing (#8808)
  • Elasticsearch log integration — live logs viewer in admin UI (#8936)
  • Configurable SMTP sender name via alerting.smtp_name (#8871)

Enhancements

  • Upgrade to Caddy 2.11 (with bundled CoreDNS update) (#8961)
  • Tweak API restart timing to wait for the API to be ready (#9053)
  • Rename "Azure Active Directory"/"Azure" to "Microsoft Entra ID"/"Entra ID" in documentation (#9048)
  • Update Go to 1.25.5 (#8856)
  • Migrated Perl report/dynamic_report endpoint to Go — adds endpoint scaffolding and dev docs (#8843)
  • pfdhcp performance optimizations — fixes race conditions, goroutine leaks, missing error checks (#8803)
  • ProxySQL master/slave — multi-backend with read/write hostgroups for failover (#8931)
  • Faster loading of the switch page — role list virtualization and iterative pagination (#9009)
  • Optimize bulk_update for roles by reusing form and config store (#9001)
  • Fingerbank settings: single bulk_update PATCH replaces per-section loop (#9034)
  • Default parent role configurable via advanced.default_role_parent_id (#9011)
  • Add switch_id to locationlog and locationlog_history (#8904)
  • Reduce memory usage on role creation; respawn worker if memory > 1GB (#8947)
  • Reduce time in cache between Fingerbank lookups when API is unavailable (#8829)
  • Better UniFi controller detection using cookie-based reconnect (#8908)
  • Install Inverse GPG key during upgrade script (#8825)
  • Development support for Debian 12 — auto-install Node.js, prerequisite checks, idempotent setup script (#8805)
  • Cloud connector UI — install commands and updated hostname/install script (#9030)
  • Selective test execution in GitLab CI via the TEST_ONLY variable (#8857)
  • Virtualswitch-based Venom acceptance test suites — new venom executors, CI jobs, Ansible scenarios (#8907)
  • Generate switch summary as JSON for new PacketFence site CI flow (#8928)
  • Documentation overhaul — PF-by-Akamai references, app.css for HTML, Instrument Sans for PDF (#8944)
  • Pin clean-css-cli to skip npx confirmation when building documentation styles (#9015)
  • Include Triggers parameters in admin UI (#8885)
  • Use sharedutils.IsEnabled for consistency in Go services (#8892)
  • Test whether a User or Machine AD account is disabled — escape LDAP username, support bitwise filter operators (#8971)
  • Fingerbank data moved into the main PacketFence repo (#7994)
  • Update copyright headers for the new year (#8886)
  • Avoid unnecessary calls to the fingerbank api (#9046)

Bug Fixes

  • Fix parent_id semantics across role create, update, and admin UI — distinguish payload-omitted vs explicit-null (#9029)
  • Fix duplicate IP addresses returned from the pfdhcp pool (#9043)
  • Fix CoA timeouts when deauth is tunneled via pfconnector — omit LocalAddr on the connector path so the kernel picks the correct source IP (#9049)
  • EntraID source: fix device group lookup that stopped working since 15.x (#9044, #8812)
  • Reject empty or unparseable CA certificate on save to prevent RADIUS EAP from silently breaking (#9042)
  • Fix SSO portaltoken validation — use HttpdPortal URL and add X-Forwarded-For-PacketFence header (#8962, #8951)
  • Security event purge: batch by 100 nodes and fix SQL syntax (#8740, #7293)
  • Install tcpdump for Go unit tests on EL8 (#8981, #8978)
  • Remove extra ports for management interface in iptables (#8946, #8945)
  • Fix _unitFileExists() for Docker via systemctl show; fix log string interpolation (#8939)
  • Use legacy GPG key for Samba 4.16 deployment in Vagrant (#8926, #8925)
  • Fix NTLM auth API service stop in Venom — use systemctl with graceful monitor shutdown (#8912)
  • Fix ProxySQL crash — calculate endBucket Go-side to avoid unsupported SQL (#8893, #8887)
  • Fix log levels in Go services — configstore, pfacct, pfconnector (#8884)
  • Replace %mgmtip% tag with the management interface IP in the Kafka pfconfig resource (#8882)
  • VLAN filter: return true when there is no condition (#8869, #8842)
  • Use the same method everywhere to find the next certificate serial number, in a transaction (#8868, #8855)
  • Queue ansible configuration generation job to avoid delay (#8866)
  • Move pfconnector installation to its own preseed file (#8865, #8702)
  • More advanced filter to catch the DHCP packet (#8858)
  • Fix pfflow job hanging when Kafka is unresponsive at startup (#8849)
  • Fix portal preview in cloud — env-driven config, drop pf-apache-wrapper (#8838)
  • Only manage systemd units starting with packetfence-xyz.services (#8834)
  • Remove duplicate scroll handler on material page search (#8833, #8832)
  • Retry Kafka connection until Kafka is up and running (#8824)
  • Allow fingerbank-collector port through iptables on RADIUS interfaces (#8820)
  • Fix ISO build — update to latest Debian 12, move PF repo setup to a script (#8819, #8817)
  • Fix table view when reloading in the middle of a page (#8807)
  • Ensure /usr/local/pf/conf/system_init_key is created in package preinst (#8571)
  • Fixes for OpenAPI spec — missing $ref, ConfigInterfaceVlan (#8840)

Security Fixes

  • Library dependency updates:
    • Bump github.com/coredns/coredns from 1.14.1 to 1.14.3 (#8942, #9028)
    • Bump github.com/jackc/pgx/v5 from 5.8.0 to 5.9.2 (#9006, #9018)
    • Bump github.com/smallstep/certificates from 0.26.1 to 0.30.0 (#8848, #8954)
    • Bump google.golang.org/grpc from 1.79.1 to 1.79.3 (#8953)
    • Bump github.com/buger/jsonparser from 1.1.1 to 1.1.2 (#8956)
    • Bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 (#8990)
    • Bump github.com/go-jose/go-jose/v3 from 3.0.4 to 3.0.5 (#8989)
    • Bump go.opentelemetry.io/otel/sdk from 1.40.0 to 1.43.0 (#8993)
    • Bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp from 1.40.0 to 1.43.0 (#8992)
    • Bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.40.0 to 1.43.0 (#8994)
    • Bump go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp from 0.16.0 to 0.19.0 (#8991)
    • Bump filippo.io/edwards25519 from 1.1.0 to 1.1.1 (#8927)
Check out latest releases or
releases around inverse-inc/packetfence v15.1.0

Don't miss a new packetfence release

NewReleases is sending notifications on new releases.

Get notifications