pfSense® software version 2.3.5 is now available for upgrades!
As we have promised, will will continue to deliver security and stability fixes to the pfSense 2.3.x line even after we have released pfSense 2.4.0, since i386 and NanoBSD were deprecated in pfSense 2.4.0. These updates will continue for a minimum of one year after the pfSense 2.4.0 release date, which means they will continue through at least October 2018.
At this time, pfSense 2.3.x is a Security and Errata maintenance branch only. pfSense 2.4.x is the primary stable supported branch. If the firewall hardware is capable of running pfSense 2.4.x, consider upgrading to that release instead.
Upgrading to pfSense 2.3.5-RELEASE
Updating to pfSense 2.3.5 from pfSense 2.3.4 on an amd64 installation that could otherwise use pfSense 2.4.x requires configuring the firewall to stay on pfSense 2.3.x releases as follows:
- Navigate to System > Update, Update Settings tab
- Set Branch to Security / Errata Only
- Navigate back to the Update tab to see the latest pfSense 2.3.x update
The same change is required to see pfSense 2.3.x packages for users staying on pfSense 2.3.x.
If the update system offers an upgrade to pfSense 2.3.5 but the upgrade will not proceed, ensure that the firewall is set to the correct update branch as mentioned above. If the firewall is on the correct branch, refresh the repository configuration and upgrade script by running the following commands from the console or shell:
pkg install -fy pfSense-repo pfSense-upgrade
Firewalls running 32-bit (i386) installations of pfSense software do not need to take any special actions to remain on 2.3.x as they are unable to run later versions.
pfSense software version 2.3.5 includes the following changes, and more:
- Fixes for the set of WPA2 Key Reinstallation Attack issues commonly known as KRACK (FreeBSD-SA-17:07.wpa)
- A number of base system packages have been updated to address security issues, including dnsmasq, perl, cURL, and others.
- Fixed an XSS in RRD graphs
- WebGUI improvements, such as a new login page, improved GET/POST CSRF handling, significant improvements to the Dashboard and its AJAX handling
For more details, see the Release Notes.
pfSense software is Open Source
For those who wish to review the source code in full detail, the changes are all publicly available in three repositories on GitHub:
- Main repository - the web GUI, back end configuration code, and build tools.
- FreeBSD source - the source code, with patches of the FreeBSD base.
- FreeBSD ports - the FreeBSD ports used.
Downloads are available on the mirrors as usual.
Downloads for New Installs and Upgrades to Existing Firewalls – note that it is typically easier to use the auto-update functionality, then there is no need to download anything manually. Check the Firmware Updates page for details.
Supporting the Project
Our efforts are made possible by the support of our customers and the community. You can support our efforts via one or more of the following.
- Official appliances, apparel and pre-loaded USB sticks direct from the source. Our appliances are the fast, easy way to get up and running with a fully-optimized firewall.
- Gold subscription – Immediate access to past hang out recordings as well as the latest version of the book after logging in to the members’ area.
- Commercial Support – Purchasing support from us provides you with direct access to Netgate Global Support.
- Professional Services – For more involved and complex projects outside the scope of support, our most senior engineers are available under professional services.