2.3.5-p1 New Features and Changes

New features and changes for this release of pfSense® software:

Security / Errata

• Updated OpenSSL to address CVE-2017-3737 and CVE-2017-3738 FreeBSD-SA-17:12.openssl

• Fixed a potential authenticated command execution issue in certificate data handling #8153 pfSense-SA-17_10.packages.asc

• Fixed a potential clickjacking issue in the CSRF error page

• Fixed a potential XSS issue in status_filter_reload.php #8143 pfSense-SA-17_11.packages.asc

Misc

• Fixed an issue in the User and Group Manager pages when operating on entries immediately after deleting an entry #7733

• Fixed sorting of Services on the dashboard widget and Services Status page #8069

• Fixed display of available updates on the Installed Packages Dashboard widget #8035

• Fixed display of packages which have been removed from the repository in the Package Manager #7946

• Fixed the OpenVPN Client Certificate Revocation List option #8088

• Fixed an issue with the Pictures widget when there is no valid picture saved #7896

• Fixed an indexing issue when deleting Host Override entries from the DNS Forwarder #8159

• Fixed a premature session timeout issue on pages which update exclusively using AJAX, such as status_graph.php #8116

• Fixed ping_hosts.sh so it does not unnecessarily run a CARP check when there are no IPsec hosts to ping #8172

• Fixed a missing global variable declaration in interface IP address detection