Although these security issues warrant upgrading in your next maintenance window, they aren’t applicable to our default configuration and won’t impact the average user. According to the FreeBSD SA, the TCP flaw is mitigated by scrub in pf, which is enabled by default in pfSense. The OpenSSL flaw is not used by any daemons in the pfSense base system and only certain packages make use of the affected feature, so the impact there is also minimal.
Packages also have their own independent fixes and need updating. During the firmware update process the packages will be properly reinstalled. If this fails for any reason, uninstall and then reinstall packages to ensure that the latest version of the binaries is in use.
- Various fixes to accommodate recent changes/optimizations in the tools repository
- Move clog binary to its proper place in /usr/local/ to respect hier(7)
- Fix remove button on Diagnostics > Tables #3627
- Fix more potential places for interface looping in OpenVPN and with normal interfaces
- Fixes for URL table alias updates (locking, reload)
- Fix IPsec Phase 1 duplication
- Fix ‘add rule on top of the list’ allowing after param to be -1
- Correct Captive Portal redirection URL to unbreak ones passed through Radius attributes and repsect user choices.
- Make miniupnpd listen on interface instead of IP
- Don’t refuse to delete a bridge in the GUI just because its bridge interface doesn’t exist, just log that it doesn’t exist and don’t attempt to ifconfig destroy it, delete it from config
- Fixes for DynDNS to allow configurable check host.
- Resolver has no option for remote syslog, remove wrong copy/paste that was adding it when apinger was enabled
- Fix typo for GIF tunnels to work over IPv6
- Fix for dhcrelay target using default GW
- List Gateway Groups in Interface to send update from for custom DynDNS entries