PacketFence 15.0 released

October 27, 2025

The Inverse team is pleased to announce the immediate availability of PacketFence 15.0 - a major release bringing many improvements!

Here’s the complete list of changes included in this release:

New Features

• Support for downloadable ACLs (dACLs) on Cisco WLC (Wireless LAN Controller) IOS XE (#8643)
• Default Apache Kafka configuration for simplified deployment (#8711)
• Admin UI for pfflow network flow monitoring (#8613)
• Security Event Purge feature for automated cleanup (#8615)
• Dynamic iptables rules management system (#8688)
• Cisco Easy PSK (Pre-Shared Key) support (#8637)
• RADIUS proxy support via pfconnector (#8676)
• RADIUS accounting rate limiting for httpd.aaa API calls (#8494)
• Local account creation support for Null authentication source (#8608)
• Base64 JSON decoding for RADIUS attributes (decode strings prefixed with base64:) (#8619)

Enhancements

• Simplified Unbound DPSK (Dynamic Pre-Shared Key) code (#8519)
• Reduced CPU and memory usage for pfdhcp with code refactoring (#8631)
• Moved pfsetacl to pfdebian Docker image (#8599)
• Updated to Golang 1.24.1 and improved tests to pass go vet (#8589)
• Added pprof profiling support for Caddy web server (#8636)
• Implemented automatic SSH reconnection for pfconnector (#8656)
• Generated encryption keys with local path for material artifacts (#8560)
• Added upgrade capability to easily download latest RPM or DEB packages (#8526)
• Enabled GitLab pipeline creation via API matching web interface (#8752)
• Implemented KISS (Keep It Simple, Stupid) EAP-TLS (Extensible Authentication Protocol - Transport Layer Security) tests (#8665)
• Configurable Azure AD OAuth URLs (scope, graph, and OAuth endpoints) (#8612)
• Moved Fingerbank database to pfdebian Docker image (#8600)
• Major documentation overhaul with improved structure, troubleshooting guides, and cross-references (#8772)
• Updated Kafka, pfflow, and Fingerbank Collector documentation (#8614)
• Updated PKI certificate documentation (#8748)
• Improved documentation build process with includes (#8716)
• Added additional fields for improved troubleshooting in NTLM Auth API (#8567)

Bug Fixes

• Fixed form validation issues (#8776)
• Fixed UID/GID (User ID/Group ID) ownership for PacketFence and Fingerbank (#8749)
• Fixed additional cluster UID/GID ownership issues (#8790)
• Fixed Firefox browser compatibility issues (#8758)
• Fixed email activation expiration handling (#8780)
• Fixed database backup behavior on cluster non-master nodes (#8789)
• Added double quotes when searching upgrade files in export (#8731)
• Fixed cluster-to-standalone migration documentation reference (#8724)
• Moved 11.x upgrade documentation to archive, added copy buttons, fixed documentation links (#8762)
• Fixed various issues (#8778, #8755, #8718, #8693, #8686, #8659, #8652, #8605, #8522)
• Fixed dynamic ACL (Access Control List) feature for HP AOS Switch v16 (#8583)
• Fixed pfperl-api manager exit triggered by pfperl-api worker termination (#8629)
• Disabled common name validation in certificate checks (#8606)
• Fixed logic conflict when pfacct and radius-acct are both enabled (#8175)
• Fixed skipped entries in RADIUS audit log (#8621)
• Improved VM (Virtual Machine) handling in paused state and test runner cleanup (#8655)
• Increased Cypress test timeout to 10 minutes (#8558)
• Updated VirtualBox version in test environment (#8568)

Security Fixes

• Library dependency updates:
  • Bump github.com/cloudflare/circl from 1.6.0 to 1.6.1 (#8725)
  • Bump github.com/go-chi/chi/v5 from 5.0.12 to 5.2.2 (#8679)
  • Bump golang.org/x/net from 0.28.0 to 0.38.0 (#8626)

See the complete list of changes and the upgrade guide file for notes about upgrading.

This release is considered ready for production use and upgrading from previous versions is strongly advised.