2.2.6 New Features and Changes

Security/Errata Notices

• Updated to FreeBSD 10.1-RELEASE-p25

  • FreeBSD-SA-15:26.openssl Multiple vulnerabilities in OpenSSL

• Updated to strongSwan 5.3.5

  • Includes fix for CVE-2015-8023 authentication bypass vulnerability in the eap-mschapv2 plugin.

• pfSense-SA-15_09.webgui: Local File Inclusion Vulnerability in the pfSense® WebGUI

• pfSense-SA-15_10.captiveportal: SQL Injection Vulnerability in the pfSense captive portal logout

• pfSense-SA-15_11.webgui: Multiple XSS and CSRF Vulnerabilities in the pfSense WebGUI

Logging

• Fixed log duplication for some log entries. #5606

IPsec

• strongSwan 5.3.5 update fixes several bugs.

Config sync

• Fixed config synchronization failure in some circumstances. #5509

Captive Portal

• Fixed captive portal database handling issue that could reset database instead of waiting for lock to clear. #5622

• Fixed problem with 0 byte files in captive portal file manager. #5642