diff --git a/Makefile b/Makefile
index b2bf29b3a..89012fc4a 100644
--- a/Makefile
+++ b/Makefile
@@ -149,7 +149,7 @@ CORE_DEPENDS?=		${CORE_DEPENDS_${CORE_ARCH}} \
 			php${CORE_PHP}-openssl \
 			php${CORE_PHP}-pdo \
 			php${CORE_PHP}-pecl-radius \
-			php${CORE_PHP}-phalcon \
+			php${CORE_PHP}-phalcon4 \
 			php${CORE_PHP}-phpseclib \
 			php${CORE_PHP}-session \
 			php${CORE_PHP}-simplexml \
diff --git a/plist b/plist
index 8c4831b34..3728c8220 100644
--- a/plist
+++ b/plist
@@ -394,7 +394,6 @@
 /usr/local/opnsense/mvc/app/library/OPNsense/Backup/IBackupProvider.php
 /usr/local/opnsense/mvc/app/library/OPNsense/Backup/Local.php
 /usr/local/opnsense/mvc/app/library/OPNsense/Backup/Nextcloud.php
-/usr/local/opnsense/mvc/app/library/OPNsense/Base/Filters/QueryFilter.php
 /usr/local/opnsense/mvc/app/library/OPNsense/Base/UIModelGrid.php
 /usr/local/opnsense/mvc/app/library/OPNsense/Base/ViewTranslator.php
 /usr/local/opnsense/mvc/app/library/OPNsense/Core/Backend.php
diff --git a/src/etc/inc/authgui.inc b/src/etc/inc/authgui.inc
index d849c8d1b..09759b809 100644
--- a/src/etc/inc/authgui.inc
+++ b/src/etc/inc/authgui.inc
@@ -72,17 +72,16 @@ function session_auth(&$Login_Error)
         closelog();
     }
 
-    // Handle HTTPS httponly and secure flags
-    $currentCookieParams = session_get_cookie_params();
-    session_set_cookie_params(
-        $currentCookieParams["lifetime"],
-        $currentCookieParams["path"],
-        null,
-        ($config['system']['webgui']['protocol'] == "https"),
-        true
-    );
-
     if (session_status() == PHP_SESSION_NONE) {
+        // Handle HTTPS httponly and secure flags
+        $currentCookieParams = session_get_cookie_params();
+        session_set_cookie_params(
+            $currentCookieParams["lifetime"],
+            $currentCookieParams["path"],
+            null,
+            ($config['system']['webgui']['protocol'] == "https"),
+            true
+        );
         session_start();
     }
 
diff --git a/src/opnsense/mvc/app/config/services.php b/src/opnsense/mvc/app/config/services.php
index cfef07a93..0ffc72345 100644
--- a/src/opnsense/mvc/app/config/services.php
+++ b/src/opnsense/mvc/app/config/services.php
@@ -5,7 +5,8 @@ use Phalcon\Mvc\View;
 use Phalcon\Mvc\Url as UrlResolver;
 use Phalcon\Mvc\View\Engine\Volt as VoltEngine;
 use Phalcon\Mvc\Model\Metadata\Memory as MetaDataAdapter;
-use Phalcon\Session\Adapter\Files as SessionAdapter;
+use Phalcon\Session\Manager;
+use Phalcon\Session\Adapter\Stream;
 use OPNsense\Core\Config;
 use OPNsense\Core\Routing;
 
@@ -43,13 +44,13 @@ $di->set('view', function () use ($config) {
         $view->setViewsDir($viewDirs);
     }
     $view->registerEngines(array(
-        '.volt' => function ($view, $di) use ($config) {
+        '.volt' => function ($view) use ($config) {
 
-            $volt = new VoltEngine($view, $di);
+            $volt = new VoltEngine($view, $this);
 
             $volt->setOptions(array(
-                'compiledPath' => $config->application->cacheDir,
-                'compiledSeparator' => '_'
+                'path' => $config->application->cacheDir,
+                'separator' => '_'
             ));
             // register additional volt template functions
             $volt->getCompiler()->addFunction('theme_file_or_default', 'view_fetch_themed_filename');
@@ -75,7 +76,12 @@ $di->set('modelsMetadata', function () {
  * Start the session the first time some component request the session service
  */
 $di->setShared('session', function () {
-    $session = new SessionAdapter();
+    $session = new Manager();
+    $files = new Stream([
+        'savePath' => session_save_path(),
+        'prefix'   => 'sess_',
+    ]);
+    $session->setAdapter($files);
     $session->start();
     // Set session response cookie, unfortunalty we need to read the config here to determine if secure option is
     // a valid choice.
@@ -97,6 +103,6 @@ $di->setShared('session', function () {
  */
 $di->set('router', function () use ($config) {
     $routing = new Routing($config->application->controllersDir, "ui");
-    $routing->getRouter()->handle();
+    $routing->getRouter()->handle($_SERVER['REQUEST_URI']);
     return $routing->getRouter();
 });
diff --git a/src/opnsense/mvc/app/config/services_api.php b/src/opnsense/mvc/app/config/services_api.php
index db69dcca7..c339d06f1 100644
--- a/src/opnsense/mvc/app/config/services_api.php
+++ b/src/opnsense/mvc/app/config/services_api.php
@@ -31,7 +31,8 @@ use Phalcon\DI\FactoryDefault;
 use Phalcon\Mvc\Url as UrlResolver;
 use Phalcon\Mvc\View;
 use Phalcon\Mvc\Model\Metadata\Memory as MetaDataAdapter;
-use Phalcon\Session\Adapter\Files as SessionAdapter;
+use Phalcon\Session\Manager;
+use Phalcon\Session\Adapter\Stream;
 use OPNsense\Core\Config;
 use OPNsense\Core\Routing;
 
@@ -63,7 +64,12 @@ $di->set('url', function () use ($config) {
  * Start the session the first time some component request the session service
  */
 $di->setShared('session', function () {
-    $session = new SessionAdapter();
+    $session = new Manager();
+    $files = new Stream([
+        'savePath' => session_save_path(),
+        'prefix'   => 'sess_',
+    ]);
+    $session->setAdapter($files);
     $session->start();
     // Set session response cookie, unfortunalty we need to read the config here to determine if secure option is
     // a valid choice.
@@ -84,14 +90,14 @@ $di->setShared('session', function () {
  */
 $di->set('router', function () use ($config) {
     $routing = new Routing($config->application->controllersDir, "api");
-    $routing->getRouter()->handle();
+    $routing->getRouter()->handle($_SERVER['REQUEST_URI']);
     return $routing->getRouter();
 });
 
 // exception handling
 $di->get('eventsManager')->attach("dispatch:beforeException", function ($event, $dispatcher, $exception) {
     switch ($exception->getCode()) {
-        case Phalcon\Dispatcher::EXCEPTION_HANDLER_NOT_FOUND:
+        case Phalcon\Dispatcher\Exception::EXCEPTION_HANDLER_NOT_FOUND:
             // send to error action on default index controller
             $dispatcher->forward(array(
                 'controller' => 'index',
@@ -103,7 +109,7 @@ $di->get('eventsManager')->attach("dispatch:beforeException", function ($event,
                 )
             ));
             return false;
-        case Phalcon\Dispatcher::EXCEPTION_ACTION_NOT_FOUND:
+        case Phalcon\Dispatcher\Exception::EXCEPTION_ACTION_NOT_FOUND:
             // send to error action on default index controller
             $dispatcher->forward(array(
                 'controller' => 'index',
diff --git a/src/opnsense/mvc/app/controllers/OPNsense/Base/ControllerBase.php b/src/opnsense/mvc/app/controllers/OPNsense/Base/ControllerBase.php
index 207e873b6..0a25e73ca 100644
--- a/src/opnsense/mvc/app/controllers/OPNsense/Base/ControllerBase.php
+++ b/src/opnsense/mvc/app/controllers/OPNsense/Base/ControllerBase.php
@@ -120,6 +120,7 @@ class ControllerBase extends ControllerRoot
     {
         // set base template
         $this->view->setTemplateBefore('default');
+        $this->view->session = $this->session;
     }
 
     /**
@@ -178,7 +179,8 @@ class ControllerBase extends ControllerRoot
         $cnf = Config::getInstance();
 
         $this->view->setVar('lang', $this->translator);
-        $this->view->menuSystem = $menu->getItems($this->router->getRewriteUri());
+        $rewrite_uri = explode("?", $_SERVER["REQUEST_URI"])[0];
+        $this->view->menuSystem = $menu->getItems($rewrite_uri);
         /* XXX generating breadcrumbs requires getItems() call */
         $this->view->menuBreadcrumbs = $menu->getBreadcrumbs();
 
diff --git a/src/opnsense/mvc/app/controllers/OPNsense/Base/ControllerRoot.php b/src/opnsense/mvc/app/controllers/OPNsense/Base/ControllerRoot.php
index 345f38e88..c4ef1fbfe 100644
--- a/src/opnsense/mvc/app/controllers/OPNsense/Base/ControllerRoot.php
+++ b/src/opnsense/mvc/app/controllers/OPNsense/Base/ControllerRoot.php
@@ -30,7 +30,9 @@ namespace OPNsense\Base;
 
 use OPNsense\Core\Config;
 use Phalcon\Mvc\Controller;
+use Phalcon\Logger;
 use Phalcon\Logger\Adapter\Syslog;
+use Phalcon\Translate\InterpolatorFactory;
 use OPNsense\Core\ACL;
 
 /**
@@ -44,6 +46,12 @@ class ControllerRoot extends Controller
      */
     public $translator;
 
+
+    /**
+     * log handle
+     */
+    protected $logger = null;
+
     /**
      * @var null|string logged in username, populated during authentication
      */
@@ -84,7 +92,8 @@ class ControllerRoot extends Controller
 
         $locale = $lang . '.UTF-8';
         bind_textdomain_codeset('OPNsense', $locale);
-        $this->translator = new ViewTranslator(array(
+        $interpolator = new InterpolatorFactory();
+        $this->translator = new ViewTranslator($interpolator, array(
             'directory' => '/usr/local/share/locale',
             'defaultDomain' => 'OPNsense',
             'locale' => $locale,
@@ -98,12 +107,18 @@ class ControllerRoot extends Controller
      */
     protected function getLogger($ident = "api")
     {
-        $logger = new Syslog($ident, array(
-            'option' => LOG_PID,
-            'facility' => LOG_LOCAL4
-        ));
-
-        return $logger;
+        if ($this->logger == null) {
+            $this->logger = new Logger(
+                'messages',
+                [
+                    'main' => new Syslog($ident, array(
+                        'option' => LOG_PID,
+                        'facility' => LOG_LOCAL4
+                    ))
+                ]
+            );
+        }
+        return $this->logger;
     }
 
     /**
diff --git a/src/opnsense/mvc/app/controllers/OPNsense/CaptivePortal/Api/ServiceController.php b/src/opnsense/mvc/app/controllers/OPNsense/CaptivePortal/Api/ServiceController.php
index c9b5c8b13..a49d96013 100644
--- a/src/opnsense/mvc/app/controllers/OPNsense/CaptivePortal/Api/ServiceController.php
+++ b/src/opnsense/mvc/app/controllers/OPNsense/CaptivePortal/Api/ServiceController.php
@@ -35,7 +35,7 @@ use OPNsense\Core\Backend;
 use OPNsense\CaptivePortal\CaptivePortal;
 use OPNsense\Core\Config;
 use OPNsense\Base\UIModelGrid;
-use Phalcon\Filter;
+use Phalcon\Filter\FilterFactory;
 
 /**
  * Class ServiceController
@@ -94,9 +94,9 @@ class ServiceController extends ApiControllerBase
     public function getTemplateAction($fileid = null)
     {
         // get template name
-        $paramfilter = new Filter();
+        $paramfilter = (new FilterFactory())->newInstance();
         if ($fileid != null) {
-            $templateFileId = $paramfilter->sanitize($fileid, 'alphanum');
+            $templateFileId = $paramfilter->sanitize($fileid, 'alnum');
         } else {
             $templateFileId = 'default';
         }
diff --git a/src/opnsense/mvc/app/controllers/OPNsense/Core/Api/FirmwareController.php b/src/opnsense/mvc/app/controllers/OPNsense/Core/Api/FirmwareController.php
index 88941c806..4de63b848 100644
--- a/src/opnsense/mvc/app/controllers/OPNsense/Core/Api/FirmwareController.php
+++ b/src/opnsense/mvc/app/controllers/OPNsense/Core/Api/FirmwareController.php
@@ -328,10 +328,11 @@ class FirmwareController extends ApiControllerBase
 
         $this->sessionClose(); // long running action, close session
 
-        $filter = new \Phalcon\Filter();
-        $filter->add('version', function ($value) {
-            return preg_replace('/[^0-9a-zA-Z\.]/', '', $value);
-        });
+        $filter = new \Phalcon\Filter([
+            'version' => function ($value) {
+                return preg_replace('/[^0-9a-zA-Z\.]/', '', $value);
+            }
+        ]);
         $version = $filter->sanitize($version, 'version');
 
         $backend = new Backend();
@@ -359,10 +360,11 @@ class FirmwareController extends ApiControllerBase
 
         if ($this->request->isPost()) {
             // sanitize package name
-            $filter = new \Phalcon\Filter();
-            $filter->add('scrub', function ($value) {
-                return preg_replace('/[^0-9a-zA-Z._-]/', '', $value);
-            });
+            $filter = new \Phalcon\Filter([
+                'scrub' => function ($value) {
+                    return preg_replace('/[^0-9a-zA-Z._-]/', '', $value);
+                }
+            ]);
             $package = $filter->sanitize($package, 'scrub');
             $text = trim($backend->configdRun(sprintf('firmware license %s', $package)));
             if (!empty($text)) {
@@ -527,10 +529,11 @@ class FirmwareController extends ApiControllerBase
         if ($this->request->isPost()) {
             $response['status'] = 'ok';
             // sanitize package name
-            $filter = new \Phalcon\Filter();
-            $filter->add('pkgname', function ($value) {
-                return preg_replace('/[^0-9a-zA-Z._-]/', '', $value);
-            });
+            $filter = new \Phalcon\Filter([
+                'pkgname' => function ($value) {
+                    return preg_replace('/[^0-9a-zA-Z._-]/', '', $value);
+                }
+            ]);
             $pkg_name = $filter->sanitize($pkg_name, "pkgname");
             // execute action
             $response['msg_uuid'] = trim($backend->configdpRun("firmware reinstall", array($pkg_name), true));
@@ -596,10 +599,11 @@ class FirmwareController extends ApiControllerBase
         if ($this->request->isPost()) {
             $response['status'] = 'ok';
             // sanitize package name
-            $filter = new \Phalcon\Filter();
-            $filter->add('pkgname', function ($value) {
-                return preg_replace('/[^0-9a-zA-Z._-]/', '', $value);
-            });
+            $filter = new \Phalcon\Filter([
+                'pkgname' => function ($value) {
+                    return preg_replace('/[^0-9a-zA-Z._-]/', '', $value);
+                }
+            ]);
             $pkg_name = $filter->sanitize($pkg_name, "pkgname");
             // execute action
             $response['msg_uuid'] = trim($backend->configdpRun("firmware install", array($pkg_name), true));
@@ -625,10 +629,11 @@ class FirmwareController extends ApiControllerBase
         if ($this->request->isPost()) {
             $response['status'] = 'ok';
             // sanitize package name
-            $filter = new \Phalcon\Filter();
-            $filter->add('pkgname', function ($value) {
-                return preg_replace('/[^0-9a-zA-Z._-]/', '', $value);
-            });
+            $filter = new \Phalcon\Filter([
+                'pkgname' => function ($value) {
+                    return preg_replace('/[^0-9a-zA-Z._-]/', '', $value);
+                }
+            ]);
             $pkg_name = $filter->sanitize($pkg_name, "pkgname");
             // execute action
             $response['msg_uuid'] = trim($backend->configdpRun("firmware remove", array($pkg_name), true));
@@ -652,10 +657,11 @@ class FirmwareController extends ApiControllerBase
         $response = array();
 
         if ($this->request->isPost()) {
-            $filter = new \Phalcon\Filter();
-            $filter->add('pkgname', function ($value) {
-                return preg_replace('/[^0-9a-zA-Z._-]/', '', $value);
-            });
+            $filter = new \Phalcon\Filter([
+                'pkgname' => function ($value) {
+                    return preg_replace('/[^0-9a-zA-Z._-]/', '', $value);
+                }
+            ]);
             $pkg_name = $filter->sanitize($pkg_name, "pkgname");
         } else {
             $pkg_name = null;
@@ -684,10 +690,11 @@ class FirmwareController extends ApiControllerBase
         $response = array();
 
         if ($this->request->isPost()) {
-            $filter = new \Phalcon\Filter();
-            $filter->add('pkgname', function ($value) {
-                return preg_replace('/[^0-9a-zA-Z._-]/', '', $value);
-            });
+            $filter = new \Phalcon\Filter([
+                'pkgname' => function ($value) {
+                    return preg_replace('/[^0-9a-zA-Z._-]/', '', $value);
+                }
+            ]);
             $pkg_name = $filter->sanitize($pkg_name, "pkgname");
         } else {
             $pkg_name = null;
@@ -754,10 +761,11 @@ class FirmwareController extends ApiControllerBase
 
         if ($this->request->isPost()) {
             // sanitize package name
-            $filter = new \Phalcon\Filter();
-            $filter->add('scrub', function ($value) {
-                return preg_replace('/[^0-9a-zA-Z._-]/', '', $value);
-            });
+            $filter = new \Phalcon\Filter([
+                'scrub' => function ($value) {
+                    return preg_replace('/[^0-9a-zA-Z._-]/', '', $value);
+                }
+            ]);
             $package = $filter->sanitize($package, 'scrub');
             $text = trim($backend->configdRun(sprintf('firmware details %s', $package)));
             if (!empty($text)) {
diff --git a/src/opnsense/mvc/app/controllers/OPNsense/Diagnostics/Api/LogController.php b/src/opnsense/mvc/app/controllers/OPNsense/Diagnostics/Api/LogController.php
index 67ccb44bb..0985cace7 100644
--- a/src/opnsense/mvc/app/controllers/OPNsense/Diagnostics/Api/LogController.php
+++ b/src/opnsense/mvc/app/controllers/OPNsense/Diagnostics/Api/LogController.php
@@ -30,7 +30,6 @@ namespace OPNsense\Diagnostics\Api;
 
 use OPNsense\Base\ApiControllerBase;
 use OPNsense\Core\Backend;
-use OPNsense\Base\Filters\QueryFilter;
 use Phalcon\Filter;
 
 /**
@@ -45,8 +44,12 @@ class LogController extends ApiControllerBase
         $action = count($arguments) > 1 ? $arguments[1] : "";
         $searchPhrase = '';
         // create filter to sanitize input data
-        $filter = new Filter();
-        $filter->add('query', new QueryFilter());
+        $filter = new Filter([
+            'query' => function($value){
+                return preg_replace("/[^0-9,a-z,A-Z, ,*,\-,_,.,\#]/", "", $value);
+            }
+        ]);
+
         $backend = new Backend();
         if ($this->request->isPost() && substr($name, -6) == 'Action') {
             $this->sessionClose();
diff --git a/src/opnsense/mvc/app/controllers/OPNsense/Diagnostics/Api/NetworkinsightController.php b/src/opnsense/mvc/app/controllers/OPNsense/Diagnostics/Api/NetworkinsightController.php
index 09fbb3f5d..e22bc1e23 100644
--- a/src/opnsense/mvc/app/controllers/OPNsense/Diagnostics/Api/NetworkinsightController.php
+++ b/src/opnsense/mvc/app/controllers/OPNsense/Diagnostics/Api/NetworkinsightController.php
@@ -34,7 +34,7 @@ use OPNsense\Base\ApiControllerBase;
 use OPNsense\Diagnostics\Netflow;
 use OPNsense\Core\Config;
 use OPNsense\Core\Backend;
-use Phalcon\Filter;
+use Phalcon\Filter\FilterFactory;
 
 /**
  * Class NetworkinsightController
@@ -62,8 +62,8 @@ class NetworkinsightController extends ApiControllerBase
         $emulation = null
     ) {
         // cleanse input
-        $filter = new Filter();
-        $provider = $filter->sanitize($provider, "alphanum");
+        $filter = (new FilterFactory())->newInstance();
+        $provider = $filter->sanitize($provider, "alnum");
         $measure = $filter->sanitize($measure, "string");
         $from_date = $filter->sanitize($from_date, "int");
         $to_date = $filter->sanitize($to_date, "int");
@@ -135,8 +135,8 @@ class NetworkinsightController extends ApiControllerBase
         $max_hits = null
     ) {
         // cleanse input
-        $filter = new Filter();
-        $provider = $filter->sanitize($provider, "alphanum");
+        $filter = (new FilterFactory())->newInstance();
+        $provider = $filter->sanitize($provider, "alnum");
         $from_date = $filter->sanitize($from_date, "int");
         $to_date = $filter->sanitize($to_date, "int");
         $field = $filter->sanitize($field, "string");
diff --git a/src/opnsense/mvc/app/controllers/OPNsense/IDS/Api/ServiceController.php b/src/opnsense/mvc/app/controllers/OPNsense/IDS/Api/ServiceController.php
index e3899d586..68e2be9b0 100644
--- a/src/opnsense/mvc/app/controllers/OPNsense/IDS/Api/ServiceController.php
+++ b/src/opnsense/mvc/app/controllers/OPNsense/IDS/Api/ServiceController.php
@@ -29,12 +29,12 @@
 namespace OPNsense\IDS\Api;
 
 use OPNsense\Base\ApiMutableServiceControllerBase;
-use OPNsense\Base\Filters\QueryFilter;
 use OPNsense\Core\Backend;
 use OPNsense\Core\Config;
 use OPNsense\Cron\Cron;
 use OPNsense\IDS\IDS;
 use Phalcon\Filter;
+use Phalcon\Filter\FilterFactory;
 
 /**
  * Class ServiceController
@@ -173,8 +173,11 @@ class ServiceController extends ApiMutableServiceControllerBase
         if ($this->request->isPost()) {
             $this->sessionClose();
             // create filter to sanitize input data
-            $filter = new Filter();
-            $filter->add('query', new QueryFilter());
+            $filter = new Filter([
+                'query' => function($value){
+                    return preg_replace("/[^0-9,a-z,A-Z, ,*,\-,_,.,\#]/", "", $value);
+                }
+            ]);
 
             // fetch query parameters (limit results to prevent out of memory issues)
             $itemsPerPage = $this->request->getPost('rowCount', 'int', 9999);
@@ -219,7 +222,7 @@ class ServiceController extends ApiMutableServiceControllerBase
     {
         $this->sessionClose();
         $backend = new Backend();
-        $filter = new Filter();
+        $filter = (new FilterFactory())->newInstance();
         $id = $filter->sanitize($alertId, "int");
         $response = $backend->configdpRun("ids query alerts", array(1, 0, "filepos/" . $id, $fileid));
         $result = json_decode($response, true);
diff --git a/src/opnsense/mvc/app/controllers/OPNsense/IDS/Api/SettingsController.php b/src/opnsense/mvc/app/controllers/OPNsense/IDS/Api/SettingsController.php
index 29880e312..ab6d11107 100644
--- a/src/opnsense/mvc/app/controllers/OPNsense/IDS/Api/SettingsController.php
+++ b/src/opnsense/mvc/app/controllers/OPNsense/IDS/Api/SettingsController.php
@@ -28,9 +28,8 @@
 
 namespace OPNsense\IDS\Api;
 
-use Phalcon\Filter;
+use Phalcon\Filter\FilterFactory;
 use OPNsense\Base\ApiMutableModelControllerBase;
-use OPNsense\Base\Filters\QueryFilter;
 use OPNsense\Core\Backend;
 use OPNsense\Core\Config;
 use OPNsense\Base\UIModelGrid;
@@ -71,8 +70,10 @@ class SettingsController extends ApiMutableModelControllerBase
         if ($this->request->isPost()) {
             $this->sessionClose();
             // create filter to sanitize input data
-            $filter = new Filter();
-            $filter->add('query', new QueryFilter());
+            $filter = (new FilterFactory())->newInstance();
+            $filter->set('query', function($value){
+                return preg_replace("/[^0-9,a-z,A-Z, ,*,\-,_,.,\#]/", "", $value);
+            });
 
             // fetch query parameters (limit results to prevent out of memory issues)
             $itemsPerPage = $this->request->getPost('rowCount', 'int', 9999);
diff --git a/src/opnsense/mvc/app/controllers/OPNsense/Syslog/Api/SettingsController.php b/src/opnsense/mvc/app/controllers/OPNsense/Syslog/Api/SettingsController.php
index 3e7557726..62c2c716f 100644
--- a/src/opnsense/mvc/app/controllers/OPNsense/Syslog/Api/SettingsController.php
+++ b/src/opnsense/mvc/app/controllers/OPNsense/Syslog/Api/SettingsController.php
@@ -30,7 +30,6 @@ namespace OPNsense\Syslog\Api;
 
 use Phalcon\Filter;
 use OPNsense\Base\ApiMutableModelControllerBase;
-use OPNsense\Base\Filters\QueryFilter;
 use OPNsense\Core\Backend;
 use OPNsense\Core\Config;
 use OPNsense\Base\UIModelGrid;
diff --git a/src/opnsense/mvc/app/library/OPNsense/Base/Filters/QueryFilter.php b/src/opnsense/mvc/app/library/OPNsense/Base/Filters/QueryFilter.php
deleted file mode 100644
index 52ce7f520..000000000
--- a/src/opnsense/mvc/app/library/OPNsense/Base/Filters/QueryFilter.php
+++ /dev/null
@@ -1,50 +0,0 @@
-<?php
-
-/**
- *    Copyright (C) 2015 Deciso B.V.
- *
- *    All rights reserved.
- *
- *    Redistribution and use in source and binary forms, with or without
- *    modification, are permitted provided that the following conditions are met:
- *
- *    1. Redistributions of source code must retain the above copyright notice,
- *       this list of conditions and the following disclaimer.
- *
- *    2. Redistributions in binary form must reproduce the above copyright
- *       notice, this list of conditions and the following disclaimer in the
- *       documentation and/or other materials provided with the distribution.
- *
- *    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- *    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- *    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- *    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- *    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- *    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- *    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- *    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- *    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- *    POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-namespace OPNsense\Base\Filters;
-
-use Phalcon\Filter;
-
-/**
- * Class queryFilter sanitize query expressions (normal text + wildcard)
- * @package OPNsense\Base\Filters
- */
-class QueryFilter
-{
-    /**
-     * sanitize query string
-     * @param $value sanitize input
-     * @return mixed sanitize output
-     */
-    public function filter($value)
-    {
-        return preg_replace("/[^0-9,a-z,A-Z, ,*,\-,_,.,\#]/", "", $value);
-    }
-}
diff --git a/src/opnsense/mvc/app/library/OPNsense/Base/ViewTranslator.php b/src/opnsense/mvc/app/library/OPNsense/Base/ViewTranslator.php
index 9cb364151..76517db43 100644
--- a/src/opnsense/mvc/app/library/OPNsense/Base/ViewTranslator.php
+++ b/src/opnsense/mvc/app/library/OPNsense/Base/ViewTranslator.php
@@ -36,9 +36,9 @@ use Phalcon\Translate\Adapter\Gettext;
  */
 class ViewTranslator extends Gettext
 {
-    public function _($translateKey, $placeholders = null)
+    public function query(string $translateKey, array $placeholders = []): string
     {
-        $translateValue = parent::_($translateKey, $placeholders);
+        $translateValue = parent::query($translateKey, $placeholders);
         /* gettext() embedded in JavaScript can cause syntax errors */
         return htmlspecialchars($translateValue, ENT_QUOTES | ENT_HTML401);
     }
diff --git a/src/opnsense/mvc/app/library/OPNsense/Core/Backend.php b/src/opnsense/mvc/app/library/OPNsense/Core/Backend.php
index 9e2eaf45c..e8f0d6d2e 100644
--- a/src/opnsense/mvc/app/library/OPNsense/Core/Backend.php
+++ b/src/opnsense/mvc/app/library/OPNsense/Core/Backend.php
@@ -28,6 +28,7 @@
 
 namespace OPNsense\Core;
 
+use Phalcon\Logger;
 use Phalcon\Logger\Adapter\Syslog;
 
 /**
@@ -55,10 +56,15 @@ class Backend
      */
     protected function getLogger($ident = 'configd')
     {
-        $logger = new Syslog($ident, array(
-            'facility' => LOG_LOCAL4,
-            'option' => LOG_PID,
-        ));
+        $logger = new Logger(
+            'messages',
+            [
+                'main' => new Syslog($ident, array(
+                    'option' => LOG_PID,
+                    'facility' => LOG_LOCAL4
+                ))
+            ]
+        );
 
         return $logger;
     }
diff --git a/src/opnsense/mvc/app/library/OPNsense/Core/Config.php b/src/opnsense/mvc/app/library/OPNsense/Core/Config.php
index 289744794..b2be0139c 100644
--- a/src/opnsense/mvc/app/library/OPNsense/Core/Config.php
+++ b/src/opnsense/mvc/app/library/OPNsense/Core/Config.php
@@ -29,6 +29,7 @@
 namespace OPNsense\Core;
 
 use Phalcon\DI\FactoryDefault;
+use Phalcon\Logger;
 use Phalcon\Logger\Adapter\Syslog;
 
 /**
@@ -285,7 +286,15 @@ class Config extends Singleton
             $this->simplexml = null;
             // there was an issue with loading the config, try to restore the last backup
             $backups = $this->getBackups();
-            $logger = new Syslog("config", array('option' => LOG_PID, 'facility' => LOG_LOCAL4));
+            $logger = new Logger(
+                'messages',
+                [
+                    'main' => new Syslog("config", array(
+                        'option' => LOG_PID,
+                        'facility' => LOG_LOCAL4
+                    ))
+                ]
+            );
             if (count($backups) > 0) {
                 // load last backup
                 $logger->error(gettext('No valid config.xml found, attempting last known config restore.'));
@@ -620,7 +629,15 @@ class Config extends Singleton
                     // use syslog to trigger a new configd event, which should signal a syshook config (in batch).
                     // Althought we include the backup filename, the event handler is responsible to determine the
                     // last processed event itself. (it's merely added for debug purposes)
-                    $logger = new Syslog("config", array('option' => LOG_PID, 'facility' => LOG_LOCAL5));
+                    $logger = new Logger(
+                        'messages',
+                        [
+                            'main' => new Syslog("config", array(
+                                'option' => LOG_PID,
+                                'facility' => LOG_LOCAL5
+                            ))
+                        ]
+                    );
                     $logger->info("config-event: new_config " . $backup_filename);
                 }
                 flock($this->config_file_handle, LOCK_UN);
diff --git a/src/opnsense/mvc/app/library/OPNsense/Core/Routing.php b/src/opnsense/mvc/app/library/OPNsense/Core/Routing.php
index e11893637..e23bbc1ae 100644
--- a/src/opnsense/mvc/app/library/OPNsense/Core/Routing.php
+++ b/src/opnsense/mvc/app/library/OPNsense/Core/Routing.php
@@ -173,9 +173,6 @@ class Routing
                     }
                 }
             }
-            $this->router->setUriSource(
-                Router::URI_SOURCE_SERVER_REQUEST_URI
-            );
             $this->router->removeExtraSlashes(true);
         }
     }
diff --git a/src/opnsense/mvc/app/models/OPNsense/Base/BaseModel.php b/src/opnsense/mvc/app/models/OPNsense/Base/BaseModel.php
index 6629c38a4..e82905cec 100644
--- a/src/opnsense/mvc/app/models/OPNsense/Base/BaseModel.php
+++ b/src/opnsense/mvc/app/models/OPNsense/Base/BaseModel.php
@@ -33,7 +33,7 @@ use OPNsense\Base\FieldTypes\ContainerField;
 use OPNsense\Core\Config;
 use Phalcon\Logger\Adapter\Syslog;
 use Phalcon\Validation;
-use Phalcon\Validation\Message\Group;
+use Phalcon\Messages\Messages;
 use ReflectionClass;
 use ReflectionException;
 use SimpleXMLElement;
@@ -439,7 +439,7 @@ abstract class BaseModel
         if (count($validation_data) > 0) {
             $messages = $validation->validate($validation_data);
         } else {
-            $messages = new Group();
+            $messages = new Messages();
         }
 
         return $messages;
diff --git a/src/opnsense/mvc/app/models/OPNsense/Base/Constraints/AllOrNoneConstraint.php b/src/opnsense/mvc/app/models/OPNsense/Base/Constraints/AllOrNoneConstraint.php
index b7c9c8051..694e36655 100644
--- a/src/opnsense/mvc/app/models/OPNsense/Base/Constraints/AllOrNoneConstraint.php
+++ b/src/opnsense/mvc/app/models/OPNsense/Base/Constraints/AllOrNoneConstraint.php
@@ -43,7 +43,7 @@ class AllOrNoneConstraint extends BaseConstraint
      * @param string $attribute
      * @return boolean
      */
-    public function validate(\Phalcon\Validation $validator, $attribute)
+    public function validate(\Phalcon\Validation $validator, $attribute): bool
     {
         $node = $this->getOption('node');
         if ($node) {
diff --git a/src/opnsense/mvc/app/models/OPNsense/Base/Constraints/BaseConstraint.php b/src/opnsense/mvc/app/models/OPNsense/Base/Constraints/BaseConstraint.php
index 3a6d9d11e..fc86cd0b1 100644
--- a/src/opnsense/mvc/app/models/OPNsense/Base/Constraints/BaseConstraint.php
+++ b/src/opnsense/mvc/app/models/OPNsense/Base/Constraints/BaseConstraint.php
@@ -30,13 +30,12 @@
 
 namespace OPNsense\Base\Constraints;
 
-use Phalcon\Validation\Validator;
+use Phalcon\Validation\AbstractValidator;
 use Phalcon\Validation\ValidatorInterface;
-use Phalcon\Validation\Message;
+use Phalcon\Messages\Message;
 
-abstract class BaseConstraint extends Validator implements ValidatorInterface
+abstract class BaseConstraint extends AbstractValidator implements ValidatorInterface
 {
-
     /**
      * check if field is empty  (either boolean field as false or an empty field)
      * @param $node
diff --git a/src/opnsense/mvc/app/models/OPNsense/Base/Constraints/ComparedToFieldConstraint.php b/src/opnsense/mvc/app/models/OPNsense/Base/Constraints/ComparedToFieldConstraint.php
index d08ad516f..8d82b423d 100644
--- a/src/opnsense/mvc/app/models/OPNsense/Base/Constraints/ComparedToFieldConstraint.php
+++ b/src/opnsense/mvc/app/models/OPNsense/Base/Constraints/ComparedToFieldConstraint.php
@@ -49,7 +49,7 @@ class ComparedToFieldConstraint extends BaseConstraint
      * @param string $attribute
      * @return boolean
      */
-    public function validate(\Phalcon\Validation $validator, $attribute)
+    public function validate(\Phalcon\Validation $validator, $attribute): bool
     {
         $node = $this->getOption('node');
         $field_name = $this->getOption('field');
diff --git a/src/opnsense/mvc/app/models/OPNsense/Base/Constraints/DependConstraint.php b/src/opnsense/mvc/app/models/OPNsense/Base/Constraints/DependConstraint.php
index 3d06325e8..c94d5f4d1 100644
--- a/src/opnsense/mvc/app/models/OPNsense/Base/Constraints/DependConstraint.php
+++ b/src/opnsense/mvc/app/models/OPNsense/Base/Constraints/DependConstraint.php
@@ -46,7 +46,7 @@ class DependConstraint extends BaseConstraint
      * @param string $attribute
      * @return boolean
      */
-    public function validate(\Phalcon\Validation $validator, $attribute)
+    public function validate(\Phalcon\Validation $validator, $attribute): bool
     {
         $node = $this->getOption('node');
         if ($node) {
diff --git a/src/opnsense/mvc/app/models/OPNsense/Base/Constraints/SetIfConstraint.php b/src/opnsense/mvc/app/models/OPNsense/Base/Constraints/SetIfConstraint.php
index f365cd2f2..d02479cec 100644
--- a/src/opnsense/mvc/app/models/OPNsense/Base/Constraints/SetIfConstraint.php
+++ b/src/opnsense/mvc/app/models/OPNsense/Base/Constraints/SetIfConstraint.php
@@ -49,7 +49,7 @@ class SetIfConstraint extends BaseConstraint
      * @param string $attribute
      * @return boolean
      */
-    public function validate(\Phalcon\Validation $validator, $attribute)
+    public function validate(\Phalcon\Validation $validator, $attribute): bool
     {
         $node = $this->getOption('node');
         $field_name = $this->getOption('field');
diff --git a/src/opnsense/mvc/app/models/OPNsense/Base/Constraints/SingleSelectConstraint.php b/src/opnsense/mvc/app/models/OPNsense/Base/Constraints/SingleSelectConstraint.php
index 0051042e4..d9789e1bb 100644
--- a/src/opnsense/mvc/app/models/OPNsense/Base/Constraints/SingleSelectConstraint.php
+++ b/src/opnsense/mvc/app/models/OPNsense/Base/Constraints/SingleSelectConstraint.php
@@ -44,7 +44,7 @@ class SingleSelectConstraint extends BaseConstraint
      * @param string $attribute
      * @return boolean
      */
-    public function validate(\Phalcon\Validation $validator, $attribute)
+    public function validate(\Phalcon\Validation $validator, $attribute): bool
     {
         $node = $this->getOption('node');
         if ($node) {
diff --git a/src/opnsense/mvc/app/models/OPNsense/Base/Constraints/UniqueConstraint.php b/src/opnsense/mvc/app/models/OPNsense/Base/Constraints/UniqueConstraint.php
index c35887f78..e1d0bf041 100644
--- a/src/opnsense/mvc/app/models/OPNsense/Base/Constraints/UniqueConstraint.php
+++ b/src/opnsense/mvc/app/models/OPNsense/Base/Constraints/UniqueConstraint.php
@@ -43,7 +43,7 @@ class UniqueConstraint extends BaseConstraint
      * @param string $attribute
      * @return boolean
      */
-    public function validate(\Phalcon\Validation $validator, $attribute)
+    public function validate(\Phalcon\Validation $validator, $attribute): bool
     {
         $node = $this->getOption('node');
         $fieldSeparator = chr(10) . chr(0);
diff --git a/src/opnsense/mvc/app/models/OPNsense/Base/Validators/CallbackValidator.php b/src/opnsense/mvc/app/models/OPNsense/Base/Validators/CallbackValidator.php
index 0174c4393..270a15f3d 100644
--- a/src/opnsense/mvc/app/models/OPNsense/Base/Validators/CallbackValidator.php
+++ b/src/opnsense/mvc/app/models/OPNsense/Base/Validators/CallbackValidator.php
@@ -30,16 +30,16 @@
 
 namespace OPNsense\Base\Validators;
 
-use Phalcon\Validation\Validator;
+use Phalcon\Validation\AbstractValidator;
 use Phalcon\Validation\ValidatorInterface;
 use Phalcon\Validation;
-use Phalcon\Validation\Message;
+use Phalcon\Messages\Message;
 
 /**
  * Class CallbackValidator
  * @package OPNsense\Base\Validators
  */
-class CallbackValidator extends Validator implements ValidatorInterface
+class CallbackValidator extends AbstractValidator implements ValidatorInterface
 {
 
     /**
@@ -49,7 +49,7 @@ class CallbackValidator extends Validator implements ValidatorInterface
     * @param string $attribute
     * @return boolean
     */
-    public function validate(Validation $validator, $attribute)
+    public function validate(Validation $validator, $attribute): bool
     {
         $callback = $this->getOption('callback');
         if ($callback) {
diff --git a/src/opnsense/mvc/app/models/OPNsense/Base/Validators/CsvListValidator.php b/src/opnsense/mvc/app/models/OPNsense/Base/Validators/CsvListValidator.php
index aac29cdb1..3c11faae9 100644
--- a/src/opnsense/mvc/app/models/OPNsense/Base/Validators/CsvListValidator.php
+++ b/src/opnsense/mvc/app/models/OPNsense/Base/Validators/CsvListValidator.php
@@ -30,15 +30,15 @@
 
 namespace OPNsense\Base\Validators;
 
-use Phalcon\Validation\Validator;
+use Phalcon\Validation\AbstractValidator;
 use Phalcon\Validation\ValidatorInterface;
-use Phalcon\Validation\Message;
+use Phalcon\Messages\Message;
 
 /**
  * Class CsvListValidator validate a string list against a list of options
  * @package OPNsense\Base\Validators
  */
-class CsvListValidator extends Validator implements ValidatorInterface
+class CsvListValidator extends AbstractValidator implements ValidatorInterface
 {
 
     /**
@@ -48,7 +48,7 @@ class CsvListValidator extends Validator implements ValidatorInterface
      * @param string $attribute
      * @return boolean
      */
-    public function validate(\Phalcon\Validation $validator, $attribute)
+    public function validate(\Phalcon\Validation $validator, $attribute): bool
     {
         $value = $validator->getValue($attribute);
         $domain = $this->getOption('domain');
diff --git a/src/opnsense/mvc/app/models/OPNsense/Base/Validators/HostValidator.php b/src/opnsense/mvc/app/models/OPNsense/Base/Validators/HostValidator.php
index 8cc4dadc8..ec277d0f1 100644
--- a/src/opnsense/mvc/app/models/OPNsense/Base/Validators/HostValidator.php
+++ b/src/opnsense/mvc/app/models/OPNsense/Base/Validators/HostValidator.php
@@ -30,15 +30,15 @@
 
 namespace OPNsense\Base\Validators;
 
-use Phalcon\Validation\Validator;
+use Phalcon\Validation\AbstractValidator;
 use Phalcon\Validation\ValidatorInterface;
-use Phalcon\Validation\Message;
+use Phalcon\Messages\Message;
 
 /**
  * Class NetworkValidator validate domain and hostnames
  * @package OPNsense\Base\Validators
  */
-class HostValidator extends Validator implements ValidatorInterface
+class HostValidator extends AbstractValidator implements ValidatorInterface
 {
     /**
      *
@@ -46,7 +46,7 @@ class HostValidator extends Validator implements ValidatorInterface
      * @param string $attribute
      * @return boolean
      */
-    public function validate(\Phalcon\Validation $validator, $attribute)
+    public function validate(\Phalcon\Validation $validator, $attribute): bool
     {
         $result = true;
         $msg = $this->getOption('message');
diff --git a/src/opnsense/mvc/app/models/OPNsense/Base/Validators/IntegerValidator.php b/src/opnsense/mvc/app/models/OPNsense/Base/Validators/IntegerValidator.php
index 3b9b11f44..c657f5a4e 100644
--- a/src/opnsense/mvc/app/models/OPNsense/Base/Validators/IntegerValidator.php
+++ b/src/opnsense/mvc/app/models/OPNsense/Base/Validators/IntegerValidator.php
@@ -30,15 +30,15 @@
 
 namespace OPNsense\Base\Validators;
 
-use Phalcon\Validation\Validator;
+use Phalcon\Validation\AbstractValidator;
 use Phalcon\Validation\ValidatorInterface;
-use Phalcon\Validation\Message;
+use Phalcon\Messages\Message;
 
 /**
  * Class IntegerValidator
  * @package OPNsense\Base\Validators
  */
-class IntegerValidator extends Validator implements ValidatorInterface
+class IntegerValidator extends AbstractValidator implements ValidatorInterface
 {
 
     /**
@@ -48,7 +48,7 @@ class IntegerValidator extends Validator implements ValidatorInterface
     * @param string $attribute
     * @return boolean
     */
-    public function validate(\Phalcon\Validation $validator, $attribute)
+    public function validate(\Phalcon\Validation $validator, $attribute): bool
     {
         $value = $validator->getValue($attribute);
         $msg = $this->getOption('message');
diff --git a/src/opnsense/mvc/app/models/OPNsense/Base/Validators/MinMaxValidator.php b/src/opnsense/mvc/app/models/OPNsense/Base/Validators/MinMaxValidator.php
index f175b7b7f..5d8517aec 100644
--- a/src/opnsense/mvc/app/models/OPNsense/Base/Validators/MinMaxValidator.php
+++ b/src/opnsense/mvc/app/models/OPNsense/Base/Validators/MinMaxValidator.php
@@ -30,15 +30,15 @@
 
 namespace OPNsense\Base\Validators;
 
-use Phalcon\Validation\Validator;
+use Phalcon\Validation\AbstractValidator;
 use Phalcon\Validation\ValidatorInterface;
-use Phalcon\Validation\Message;
+use Phalcon\Messages\Message;
 
 /**
  * Class MinMaxValidator
  * @package OPNsense\Base\Validators
  */
-class MinMaxValidator extends Validator implements ValidatorInterface
+class MinMaxValidator extends AbstractValidator implements ValidatorInterface
 {
     /**
     * Executes MinMax validation
@@ -47,7 +47,7 @@ class MinMaxValidator extends Validator implements ValidatorInterface
     * @param string $attribute
     * @return boolean
     */
-    public function validate(\Phalcon\Validation $validator, $attribute)
+    public function validate(\Phalcon\Validation $validator, $attribute): bool
     {
         $value = $validator->getValue($attribute);
 
diff --git a/src/opnsense/mvc/app/models/OPNsense/Base/Validators/NetworkValidator.php b/src/opnsense/mvc/app/models/OPNsense/Base/Validators/NetworkValidator.php
index 6a044895a..e2d5fe1b5 100644
--- a/src/opnsense/mvc/app/models/OPNsense/Base/Validators/NetworkValidator.php
+++ b/src/opnsense/mvc/app/models/OPNsense/Base/Validators/NetworkValidator.php
@@ -30,15 +30,15 @@
 
 namespace OPNsense\Base\Validators;
 
-use Phalcon\Validation\Validator;
+use Phalcon\Validation\AbstractValidator;
 use Phalcon\Validation\ValidatorInterface;
-use Phalcon\Validation\Message;
+use Phalcon\Messages\Message;
 
 /**
  * Class NetworkValidator validate networks and ip addresses
  * @package OPNsense\Base\Validators
  */
-class NetworkValidator extends Validator implements ValidatorInterface
+class NetworkValidator extends AbstractValidator implements ValidatorInterface
 {
     /**
      * Executes network / ip validation, accepts the following parameters as attributes:
@@ -53,7 +53,7 @@ class NetworkValidator extends Validator implements ValidatorInterface
      * @param string $attribute
      * @return boolean
      */
-    public function validate(\Phalcon\Validation $validator, $attribute)
+    public function validate(\Phalcon\Validation $validator, $attribute): bool
     {
         $result = true;
         $msg = $this->getOption('message');
diff --git a/src/opnsense/mvc/app/models/OPNsense/Diagnostics/Netflow.php b/src/opnsense/mvc/app/models/OPNsense/Diagnostics/Netflow.php
index 81dec940f..5a3c1389a 100644
--- a/src/opnsense/mvc/app/models/OPNsense/Diagnostics/Netflow.php
+++ b/src/opnsense/mvc/app/models/OPNsense/Diagnostics/Netflow.php
@@ -28,6 +28,7 @@
 
 namespace OPNsense\Diagnostics;
 
+use Phalcon\Messages\Message;
 use OPNsense\Base\BaseModel;
 
 /**
@@ -66,7 +67,7 @@ class Netflow extends BaseModel
         }
 
         if (count($missing)) {
-            $messages->appendMessage(new \Phalcon\Validation\Message(
+            $messages->appendMessage(new Message(
                 sprintf(
                     gettext('WAN interfaces missing in listening interfaces: %s'),
                     implode(', ', $missing)
diff --git a/src/opnsense/mvc/app/models/OPNsense/Firewall/FieldTypes/AliasContentField.php b/src/opnsense/mvc/app/models/OPNsense/Firewall/FieldTypes/AliasContentField.php
index dd4355c2d..7c49a8d3a 100644
--- a/src/opnsense/mvc/app/models/OPNsense/Firewall/FieldTypes/AliasContentField.php
+++ b/src/opnsense/mvc/app/models/OPNsense/Firewall/FieldTypes/AliasContentField.php
@@ -34,7 +34,7 @@ use OPNsense\Base\FieldTypes\BaseField;
 use OPNsense\Base\Validators\CallbackValidator;
 use Phalcon\Validation\Validator\Regex;
 use Phalcon\Validation\Validator\ExclusionIn;
-use Phalcon\Validation\Message;
+use Phalcon\Messages\Message;
 use OPNsense\Firewall\Util;
 
 /**
diff --git a/src/opnsense/mvc/app/models/OPNsense/IPsec/IPsec.php b/src/opnsense/mvc/app/models/OPNsense/IPsec/IPsec.php
index 63e59db47..91c4ca54b 100644
--- a/src/opnsense/mvc/app/models/OPNsense/IPsec/IPsec.php
+++ b/src/opnsense/mvc/app/models/OPNsense/IPsec/IPsec.php
@@ -28,6 +28,7 @@
 
 namespace OPNsense\IPsec;
 
+use Phalcon\Messages\Message;
 use OPNsense\Base\BaseModel;
 
 /**
@@ -69,7 +70,7 @@ class IPsec extends BaseModel
      * and private key contents with a sanitized representation as well as storing the key size and fingerprint.
      * @param $nodeKey string Fully-qualified key of the keyPair instance within a model
      * @param $keyPair \OPNsense\Base\FieldTypes\BaseField Field instance of a keyPair
-     * @param $messages \Phalcon\Validation\Message\Group Validation message group
+     * @param $messages \Phalcon\Messages\Messages Validation message group
      */
     private function validateKeyPair($nodeKey, $keyPair, $messages)
     {
@@ -86,7 +87,7 @@ class IPsec extends BaseModel
                     (string)$keyPair->keyType . '-public'
                 );
             } catch (\Exception $e) {
-                $messages->appendMessage(new \Phalcon\Validation\Message($e->getMessage(), $nodeKey . '.publicKey'));
+                $messages->appendMessage(new Message($e->getMessage(), $nodeKey . '.publicKey'));
             }
         }
 
@@ -98,14 +99,14 @@ class IPsec extends BaseModel
                     (string)$keyPair->keyType . '-private'
                 );
             } catch (\Exception $e) {
-                $messages->appendMessage(new \Phalcon\Validation\Message($e->getMessage(), $nodeKey . '.privateKey'));
+                $messages->appendMessage(new Message($e->getMessage(), $nodeKey . '.privateKey'));
             }
         }
 
         // Compare SHA1 fingerprint of public and private keys to check if they belong to each other
         if ($publicKey && $privateKey) {
             if ($publicKey['fingerprint'] !== $privateKey['fingerprint']) {
-                $messages->appendMessage(new \Phalcon\Validation\Message(
+                $messages->appendMessage(new Message(
                     gettext('This private key does not belong to the given public key.'),
                     $nodeKey . '.privateKey'
                 ));
diff --git a/src/opnsense/mvc/app/models/OPNsense/Monit/Monit.php b/src/opnsense/mvc/app/models/OPNsense/Monit/Monit.php
index 9d15a32c8..607fd176c 100644
--- a/src/opnsense/mvc/app/models/OPNsense/Monit/Monit.php
+++ b/src/opnsense/mvc/app/models/OPNsense/Monit/Monit.php
@@ -29,6 +29,7 @@
 
 namespace OPNsense\Monit;
 
+use Phalcon\Messages\Message;
 use OPNsense\Base\BaseModel;
 
 /**
@@ -149,7 +150,7 @@ class Monit extends BaseModel
     /**
      * validate full model using all fields and data in a single (1 deep) array
      * @param bool $validateFullModel validate full model or only changed fields
-     * @return \Phalcon\Validation\Message\Group
+     * @return \Phalcon\Messages\Messages
      */
     public function performValidation($validateFullModel = false)
     {
@@ -172,7 +173,7 @@ class Monit extends BaseModel
                                     $node->isFieldChanged() &&
                                     $this->isTestServiceRelated($testUuid)
                                 ) {
-                                    $messages->appendMessage(new \Phalcon\Validation\Message(
+                                    $messages->appendMessage(new Message(
                                         sprintf(
                                             gettext("Cannot change the test type to '%s'. Test '%s' is linked to a service."),
                                             (string)$node,
@@ -191,7 +192,7 @@ class Monit extends BaseModel
                                     strcmp((string)$parentNode->type, $type) != 0 &&
                                     $this->isTestServiceRelated($parentNode->getAttribute('uuid'))
                                 ) {
-                                    $messages->appendMessage(new \Phalcon\Validation\Message(
+                                    $messages->appendMessage(new Message(
                                         sprintf(
                                             gettext("Condition '%s' would change the type of the test '%s' but it is linked to a service."),
                                             (string)$node,
@@ -223,7 +224,7 @@ class Monit extends BaseModel
                                                     $test->type->getNodeData()[(string)$test->type]['value']
                                                 );
                                                 $messages->appendMessage(
-                                                    new \Phalcon\Validation\Message($validationMsg, $key)
+                                                    new Message($validationMsg, $key)
                                                 );
                                             }
                                         }
@@ -235,7 +236,7 @@ class Monit extends BaseModel
                                     empty((string)$node) && (string)$parentNode->type == 'process'
                                       && empty((string)$parentNode->match)
                                 ) {
-                                    $messages->appendMessage(new \Phalcon\Validation\Message(
+                                    $messages->appendMessage(new Message(
                                         gettext("Please set at least one of Pidfile or Match."),
                                         $key
                                     ));
@@ -246,7 +247,7 @@ class Monit extends BaseModel
                                     empty((string)$node) && (string)$parentNode->type == 'process'
                                       && empty((string)$parentNode->pidfile)
                                 ) {
-                                    $messages->appendMessage(new \Phalcon\Validation\Message(
+                                    $messages->appendMessage(new Message(
                                         gettext("Please set at least one of Pidfile or Match."),
                                         $key
                                     ));
@@ -254,7 +255,7 @@ class Monit extends BaseModel
                                 break;
                             case 'address':
                                 if (empty((string)$node) && (string)$parentNode->type == 'host') {
-                                    $messages->appendMessage(new \Phalcon\Validation\Message(
+                                    $messages->appendMessage(new Message(
                                         gettext("Address is mandatory for 'Remote Host' checks."),
                                         $key
                                     ));
@@ -262,7 +263,7 @@ class Monit extends BaseModel
                                     empty((string)$node) && (string)$parentNode->type == 'network'
                                       && empty((string)$parentNode->interface)
                                 ) {
-                                    $messages->appendMessage(new \Phalcon\Validation\Message(
+                                    $messages->appendMessage(new Message(
                                         gettext("Please set at least one of Address or Interface."),
                                         $key
                                     ));
@@ -273,7 +274,7 @@ class Monit extends BaseModel
                                     empty((string)$node) && (string)$parentNode->type == 'network'
                                       && empty((string)$parentNode->address)
                                 ) {
-                                    $messages->appendMessage(new \Phalcon\Validation\Message(
+                                    $messages->appendMessage(new Message(
                                         gettext("Please set at least one of Address or Interface."),
                                         $key
                                     ));
@@ -286,7 +287,7 @@ class Monit extends BaseModel
                                         ['file', 'fifo', 'filesystem', 'directory']
                                     )
                                 ) {
-                                    $messages->appendMessage(new \Phalcon\Validation\Message(
+                                    $messages->appendMessage(new Message(
                                         gettext("Path is mandatory."),
                                         $key
                                     ));
diff --git a/src/opnsense/mvc/app/models/OPNsense/Proxy/Proxy.php b/src/opnsense/mvc/app/models/OPNsense/Proxy/Proxy.php
index 832ddbcf5..b2401c637 100644
--- a/src/opnsense/mvc/app/models/OPNsense/Proxy/Proxy.php
+++ b/src/opnsense/mvc/app/models/OPNsense/Proxy/Proxy.php
@@ -51,7 +51,7 @@ class Proxy extends BaseModel
                     switch ($match_type) {
                         case 'url_matches':
                             if (strlen((string)$match->url) == 0) {
-                                $result->appendMessage(new \Phalcon\Validation\Message(
+                                $result->appendMessage(new \Phalcon\Messages\Message(
                                     gettext('URL must be set.'),
                                     'pac.match.url'
                                 ));
@@ -61,7 +61,7 @@ class Proxy extends BaseModel
                         case 'dns_domain_is':
                         case 'is_resolvable':
                             if (strlen((string)$match->hostname) == 0) {
-                                $result->appendMessage(new \Phalcon\Validation\Message(
+                                $result->appendMessage(new \Phalcon\Messages\Message(
                                     gettext('Hostname must be set.'),
                                     'pac.match.hostname'
                                 ));
@@ -70,7 +70,7 @@ class Proxy extends BaseModel
                         case 'destination_in_net':
                         case 'my_ip_in_net':
                             if (strlen((string)$match->network) == 0) {
-                                $result->appendMessage(new \Phalcon\Validation\Message(
+                                $result->appendMessage(new \Phalcon\Messages\Message(
                                     gettext('Network must be set.'),
                                     'pac.match.network'
                                 ));
diff --git a/src/opnsense/mvc/app/models/OPNsense/Routes/Route.php b/src/opnsense/mvc/app/models/OPNsense/Routes/Route.php
index c8c8693da..7becf0f46 100644
--- a/src/opnsense/mvc/app/models/OPNsense/Routes/Route.php
+++ b/src/opnsense/mvc/app/models/OPNsense/Routes/Route.php
@@ -31,6 +31,7 @@
 
 namespace OPNsense\Routes;
 
+use Phalcon\Messages\Message;
 use OPNsense\Base\BaseModel;
 
 /**
@@ -42,7 +43,7 @@ class Route extends BaseModel
     /**
      * extended validations
      * @param bool $validateFullModel validate full model or only changed fields
-     * @return \Phalcon\Validation\Message\Group
+     * @return \Phalcon\Messages\Messages
      */
     public function performValidation($validateFullModel = false)
     {
@@ -71,7 +72,7 @@ class Route extends BaseModel
                     // When protocols don't match, add a message for this field to the validation result.
                     if (empty($gateway_ip) || $gateway_proto != $proto_net) {
                         $node_validators = $node->getValidators();
-                        $result->appendMessage(new \Phalcon\Validation\Message(
+                        $result->appendMessage(new Message(
                             $node_validators[0]->getOption("message"),
                             $key
                         ));
diff --git a/src/opnsense/mvc/app/models/OPNsense/Syslog/Syslog.php b/src/opnsense/mvc/app/models/OPNsense/Syslog/Syslog.php
index a79a91ed7..c5f11c409 100644
--- a/src/opnsense/mvc/app/models/OPNsense/Syslog/Syslog.php
+++ b/src/opnsense/mvc/app/models/OPNsense/Syslog/Syslog.php
@@ -28,6 +28,7 @@
 
 namespace OPNsense\Syslog;
 
+use Phalcon\Messages\Message;
 use OPNsense\Base\BaseModel;
 use OPNsense\Firewall\Util;
 
@@ -56,7 +57,7 @@ class Syslog extends BaseModel
                         $ipproto = ((string)$parentNode->transport)[3];
                         $hostproto = strpos((string)$parentNode->hostname, ":") === false ? "4" : "6";
                         if (Util::isIpAddress((string)$parentNode->hostname) && $ipproto != $hostproto) {
-                            $messages->appendMessage(new \Phalcon\Validation\Message(
+                            $messages->appendMessage(new Message(
                                 gettext("Transport protocol does not match address in hostname"),
                                 $key
                             ));
diff --git a/src/opnsense/www/api.php b/src/opnsense/www/api.php
index b31dd4a10..fdd22492f 100644
--- a/src/opnsense/www/api.php
+++ b/src/opnsense/www/api.php
@@ -23,7 +23,7 @@ try {
      */
     $application = new \Phalcon\Mvc\Application($di);
 
-    echo $application->handle()->getContent();
+    echo $application->handle($_SERVER['REQUEST_URI'])->getContent();
 } catch (Exception $e) {
     $response = array();
     $response['errorMessage'] = $e->getMessage();
diff --git a/src/opnsense/www/index.php b/src/opnsense/www/index.php
index 598f81f56..af9ec8c8c 100644
--- a/src/opnsense/www/index.php
+++ b/src/opnsense/www/index.php
@@ -69,7 +69,7 @@ try {
      */
     $application = new \Phalcon\Mvc\Application($di);
 
-    echo $application->handle()->getContent();
+    echo $application->handle($_SERVER['REQUEST_URI'])->getContent();
 } catch (\Exception $e) {
     if (
         isset($application) || (
diff --git a/src/www/csrf.inc b/src/www/csrf.inc
index 0f927e632..05e781e95 100644
--- a/src/www/csrf.inc
+++ b/src/www/csrf.inc
@@ -33,37 +33,36 @@ class LegacyCSRF
     private $session = null;
     private $is_html_output = false;
     public function __construct()
-    {
-        $this->di = new \Phalcon\DI\FactoryDefault();
-        $this->security = new Phalcon\Security();
-        $this->security->setDi($this->di);
-        // register rewrite handler
-        ob_start(array($this,'csrfRewriteHandler'), 5242880);
-    }
-
-    private function Session()
     {
         global $config;
-        if ($this->session == null) {
-            $this->session = new Phalcon\Session\Adapter\Files();
-            $this->session->start();
+        // register rewrite handler
+        if (session_status() == PHP_SESSION_NONE) {
+            // Handle HTTPS httponly and secure flags
+            $currentCookieParams = session_get_cookie_params();
+            session_set_cookie_params(
+                $currentCookieParams["lifetime"],
+                $currentCookieParams["path"],
+                null,
+                ($config['system']['webgui']['protocol'] == "https"),
+                true
+            );
+            session_start();
             $secure = $config['system']['webgui']['protocol'] == 'https';
             setcookie(session_name(), session_id(), null, '/', null, $secure, true);
-            $this->di->setShared('session', $this->session);
         }
+        ob_start(array($this,'csrfRewriteHandler'), 5242880);
     }
 
     public function checkToken()
     {
         $result = false; // default, not valid
-        $this->Session();
         $securityTokenKey = $_SESSION['$PHALCON/CSRF/KEY$'];
         if (empty($_POST[$securityTokenKey])) {
             if (!empty($_SERVER['HTTP_X_CSRFTOKEN'])) {
-                $result = $this->security->checkToken(null, $_SERVER['HTTP_X_CSRFTOKEN'], false);
+                $result = $_SERVER['HTTP_X_CSRFTOKEN'] == $_SESSION['$PHALCON/CSRF$'];
             }
         } else {
-            $result = $this->security->checkToken($securityTokenKey, $_POST[$securityTokenKey], false);
+            $result = $_POST[$securityTokenKey] == $_SESSION['$PHALCON/CSRF$'];
         }
         // close session after validation
         session_write_close();
@@ -72,15 +71,13 @@ class LegacyCSRF
 
     private function newToken()
     {
-        $this->Session();
+        $random = new \Phalcon\Security\Random();
         // only request new token when session has none
-        $securityTokenKey = $_SESSION['$PHALCON/CSRF/KEY$'];
-        $securityToken = $_SESSION['$PHALCON/CSRF$'];
-        if (empty($securityToken) || empty($securityTokenKey)) {
-            $securityToken = $this->security->getToken();
-            $securityTokenKey = $this->security->getTokenKey();
+        if (empty($_SESSION['$PHALCON/CSRF/KEY$']) || empty($_SESSION['$PHALCON/CSRF$'])) {
+            $_SESSION['$PHALCON/CSRF$'] = $random->base64Safe(16);
+            $_SESSION['$PHALCON/CSRF/KEY$'] = $random->base64Safe(16);
         }
-        return array('token'=>$securityToken, 'key' => $securityTokenKey);
+        return array('token' => $_SESSION['$PHALCON/CSRF$'], 'key' => $_SESSION['$PHALCON/CSRF/KEY$']);
     }
 
     public function csrfRewriteHandler($buffer)
@@ -113,6 +110,7 @@ class LegacyCSRF
 
 $LegacyCSRFObject = new LegacyCSRF();
 
+
 if ($_SERVER['REQUEST_METHOD'] !== 'GET' && !$LegacyCSRFObject->checkToken()) {
     header($_SERVER['SERVER_PROTOCOL'] . ' 403 Forbidden');
     echo sprintf("<html><head><title>%s</title></head>