pfSense® CE 2.1.2 note di rilascio

Questa pagina contiene il riassunto delle innovazioni, aggiunte e migliorie di pfSense® CE 2.1.2.
pfSense® CE 2.1.2 è principalmente una release di sicurezza.

Aggiornamenti di sicurezza

The Heartbleed OpenSSL bug and another OpenSSL bug which enables a side-channel attack are both covered by the following security announcements:

• pfSense-SA-14_04.openssl
• FreeBSD-SA-14:06.openssl
• CVE-2014-0160 (Heartbleed)
• CVE-2014-0076 (ECDSA Flaw)

Altre correzioni

• On packages that use row_helper, when user clicks on an add or delete button, the page scrolls to top
• Correct a typo on function name in Captive Portal bandwidth allocation
• Make extra sure that we do not start multiple instances of dhcpleases if, for example, the PID is stale or invalid, and there is still a running instance
• Fix for CRL editing. Use an alphanumeric test rather than purely is_numericint because the ID is generated by uniqid and is not purely numeric

You will want to perform a full security audit of your pfSense® CE installations, renewing any passwords, generating or fitting new certificates, placing the old certificates on a CRL, etc.
Note for AutoConfigBackup users – If you’re not already on the most recent AutoConfigBackup package version, make sure you upgrade it under System>Packages before upgrading to 2.1.2.