2.3.5-p2 New Features and Changes

New features and changes for this release of pfSense® software:

Security / Errata

• FreeBSD SA for CVE-2018-8897 FreeBSD-SA-18:06.debugreg

• FreeBSD EN for CVE-2018-6920 and CVE-2018-6921 FreeBSD-EN-18:05.mem

• Fixed a potential XSS vector in RRD error output encoding #8269 pfSense-SA-18_01.packages

• Fixed a potential XSS vector in diag_system_activity.php output encoding #8300 pfSense-SA-18_02.webgui

• Fixed a potential LFI in pkg_mgr_install.php #8485 pfSense-SA-18_04.webgui

• Fixed a potential XSS in pkg_mgr_install.php #8486 pfSense-SA-18_05.webgui

• Changed sshd to use delayed compression #8245

• Added encoding for firewall schedule range descriptions #8259

Misc

• Added an option to disable HSTS for the GUI web server #6650

• Added filtering to pfTop page

• Added ospf6d to the routing log

• Change get_interface_subnet() to use configured value if available

• Corrected sethelp call on firewall_rules_edit.php #8242

• Fixed an issue with selecting a gateway when switching a firewall rule away from IPv4+IPv6 mode #8447

• Fixed an issue with the address family selection for remote syslog servers using IPv6 #8323

• Fixed a problem when IPsec bypasslan was enabled while the LAN interface is disabled or doesn’t have an IP address #8239

• Fixed config.xml corruption handling

• Fixed input validation for Certificate SAN values to disallow IP addresses for FQDN/Hostname entries #8275

• Fixed issues with OpenVPN when using a /31 IPv4 Tunnel Network #8261

• Fixed NTP Status server time for zones with minute offsets (fractions of an hour) #8129

• Fixed selection of IPv6 gateways when creating a new firewall rule #8053

• Fixed various pf “busy” errors when the ruleset is reloaded

• Improved handling of aliases that mix IP addresses and FQDNs #8290

• Improved update repository controls

• Increased the default Firewall Maximum Table Entries value to 400000 to cope with the increased size of the IPv6 bogon address lists #8417