The developers of pfSense have made available version 2.2.1 RELEASE.
Original post: https://blog.pfsense.org/?p=1661
pfSense® software 2.2.1 release is now available, bringing a number of bug fixes and some security fixes.
- pfSense-SA-15_02.igmp: Integer overflow in IGMP protocol (FreeBSD-SA-15:04.igmp)
- pfSense-SA-15_03.webgui: Multiple XSS Vulnerabilities in the pfSense WebGUI
- pfSense-SA-15_04.webgui: Arbitrary file deletion vulnerability in the pfSense WebGUI
- FreeBSD-EN-15:01.vt: vt(4) crash with improper ioctl parameters
- FreeBSD-EN-15:02.openssl: Update to include reliability fixes from OpenSSL
A note on the OpenSSL “FREAK” vulnerability:
- Does not affect the web server configuration on the firewall as it does not have export ciphers enabled.
- pfSense 2.2 already included OpenSSL 1.0.1k which addressed the client-side vulnerability.
- If packages include a web server or similar component, such as a proxy, an improper user configuration may be affected. Consult the package documentation or forum for details.
- Rules / NAT
- DNS Resolver
- Traffic Shaping
- Misc Binary/OS Changes
As always, you can upgrade from any previous version straight to 2.2.1. For those already running any 2.2 version, this is a low risk upgrade. For those on 2.1.x or earlier versions, there are a number of significant changes which may impact you. Pay close attention to the 2.2 Upgrade Notes for the details.
Downloads are available on the mirrors as usual.
Downloads to Upgrade Existing Systems – note it’s usually easier to just use the auto-update functionality, in which case you don’t need to download anything from here. Check the Firmware Updates page for details.
Supporting the Project
Our efforts are made possible by the support of the community. We encourage you to contribute to the cause via one or more of the following.
Commercial Support – Purchasing support from us provides you with direct access to the pfSense team.
Professional Services – For more involved and complex projects outside the scope of support, our most senior engineers are available under professional services.
pfSense Store – stickers, apparel, pre-loaded USB sticks, and hardware direct from the source. Our pre-installed appliances are the fast, easy way to get up and running with a fully-optimized system. All are now shipping with 2.2.1 release installed.