 PF Sense 244 released P3 now available as of May 2019. It's a blog post on Nekhate's blog and it says that there's some updates including a lot of ones around privilege escalation for users and what this is is not a zero day or a major problem with PF Sense but if you have users that you did not grant full privileges to, there was some techniques that could use something similar to directory traversal for an unprivileged user but someone who has a login credentials to some parts of PF Sense to gain parts to other sections in PF Sense maybe they didn't have permission for. So they have some updates for that and because they did a lot of reworking of the user privilege part, there was kind of a bug introduced and we'll get to that in a second. Couple of other reasons you may wanna run this update though is it does fix the security advisory under the micro architectural data sampling the kind of blanketed list of Intel recent flaws that were out there so there's some micro code updates and kernel updates to help mitigate the problems created by zombie load and a couple of the others out there. So these are the MDS patches that got fixed in there. There's probably gonna be more soon cause this is the first round of them, et cetera, et cetera and the same thing with Spectre Meltdown it takes time to really work all these bugs out of the kernel but it is in the BSD line therefore it is now in the PF Sense line for their updates. Now back to the non admin user with admin rights has given wrong URL from the user manager problem. And this was an immediate thing we noticed because we always recommend turning off the admin user and creating a separate user with a different name you know one less way people aren't just guessing away at the admin user if they're trying to log into it. So this obviously created a problem for us because though we do this for our production units and our customers and we're like, hey I can't change the password anymore and let me demonstrate how that works. So I'm logged in as Tom right now so Tom and local database. So when you're logged in as yourself or not admin I go to the user manager and instead of the user manager I get a password change option. But if we log out and log in as admin and go to the same spot works as intended. So it's just giving the wrong URL because if we go here we're gonna go to log back in as Tom again where it's broken but you can see it's a different URL. And if I put this URL in the user Tom has permission to do this and it works. So that's like the temporary work around but this bug isn't destined to be fixed until version 2.5. So that's you know, I'm not patient enough to wait for that. So there's two options. I can look because it's all open source we can look at the code changes and make the changes. Obviously it's a URL change so it's not anything huge but Jim P on Twitter and I'll link to his tweet reminded me that there is a system patch package that you can load in PF sense. And this allows you to apply patches to the system either officially or unofficially or however you wanna do this. I highly recommend only official ones where you'll probably end up breaking the system in new and creative ways. But let's show you how that works. It's actually really simple. System and we'll show you the package manager to show you it's installed. It's not gonna be an available because I would put it in here but it's just the system patches module. So and once you install it, it shows up here under patches and we're gonna add a patch. So fix user URL issue till I've done this before. So this fixes that silly problem and we're going to put this commit ID in here and nothing else. Now there's different ways you can do this. We're gonna show you, you can do the commit ID because it knows to pull from the PF sense. So we're gonna repository, save, fetch. Now once you've fetched it, here's what the patch looks like and you can see the change and it's just swapping out the URL. Here's how the patch is working. It's pulling now from the GitHub commit. That's actually where that number came from. So you could put it in as the GitHub URL and commit that information to it. So we're gonna hit save again. Now the test will tell you patch can be cleanly applied. Patch cannot be reverted cleanly and it gives you the details of what that means and shows what's gonna happen there. But we wanna actually go ahead and apply the patch and now patch is applied and this one's safe to apply. I'm testing it and showing it right here. So the patch is now applied and it's because the page refreshed we can actually go right here to user manager back to where it's supposed to be. Now what if I wanted to undo that patch? Well, that's easy enough too. Patches revert and we're back to the broken problem. So this is a really nice feature like this. I don't think I've ever done a video on it that I can recall and it's definitely a great feature with PF Sense being able to apply a specific code fix. It's kind of related to the fact that doing everything open source makes this a whole lot easier to either A, do yourself, B, be able to see what the patches are actually doing, not mystery patch. We know how we're fixing something in here. And also it's simple, it's easy. It's edit the source code if you wanted to edit yourself or change something yourself you could. So the only other thing you may want to do is you can set this to like auto-apply patches when possible, useful for patches to survive updates if this was an issue. Like if they ever, hopefully this will be fixed within one of the next updates maybe before the 2.5. But either way, it's arbitrary to fix. This is, like I said, one of the many reasons I like tools like PF Sense and open source software they generally make it easy for you to fix things. And obviously this works not just for fixing this issue but if you wanted to test out a feature and you're doing some testing you could apply and pull patches but completely at your own risk. This one I'm linking directly to the tweet from Jim P who is a developer at PF Sense who tweeted this and related to this solving of a problem. And so it's an easy, quick way to fix it. That's all you have to do. It's kind of a no-brainer. It doesn't require any coding or technical skills and it's now nice and fixed and life can go on. Pretty arbitrary to do. All right, thanks. Thanks for watching. If you liked this video, give it a thumbs up. If you want to subscribe to this channel to see more content, hit that subscribe button and the bell icon and maybe YouTube will send you a notice when we post. If you want to hire us for a project that you've seen or discussed in this video head over to LawrenceSystems.com where we offer both business IT services and consulting services and are excited to help you with whatever project you want to throw at us. Also, if you want to carry on the discussion further head over to forums.laurancesystems.com where we can keep the conversation going. And if you want to help the channel out in other ways, we offer affiliate links below which offer discounts for you and a small cut for us that does help fund this channel. And once again, thanks again for watching this video and see you next time.