%201.png?width=302&name=Netgate%20Logo%20PMS%20(horizontal)%201.png "NetgateColorLogoRegisteredRGB.png")
We are excited to announce the release of pfSense® software versions 2.4.3-p1 and 2.3.5-p2, now available for upgrades!
pfSense software versions 2.4.3-p1 and 2.3.5-p2 are maintenance releases bringing security patches and stability fixes for issues present in the pfSense 2.4.3 and 2.3.5-p1 releases.
Highlights
This release includes several important security patches, including the issues discussed last week:
- FreeBSD Security Advisory for CVE-2018-8897 FreeBSD-SA-18:06.debugreg
- FreeBSD Errata Notice for CVE-2018-6920 and CVE-2018-6921 FreeBSD-EN-18:05.mem
- Fixed a potential LFI in pkg_mgr_install.php #8485 pfSense-SA-18_04.webgui
- Fixed a potential XSS in pkg_mgr_install.php #8486 pfSense-SA-18_05.webgui
Additionally, 2.3.5-p2 includes corrections for items already addressed in the 2.4.x release branch:
- Fixed a potential XSS vector in RRD error output encoding #8269 pfSense-SA-18_01.packages
- Fixed a potential XSS vector in diag_system_activity.php output encoding #8300 pfSense-SA-18_02.webgui
- Changed sshd to use delayed compression #8245
- Added encoding for firewall schedule range descriptions #8259
Aside from security updates, the new versions include a handful of beneficial bug fixes for various minor issues.
For a complete list of changes, see the 2.4.3-p1 Release Notes and 2.3.5-p2 Release Notes.
Important Information
At this time, pfSense 2.3.x is a Security and Errata maintenance branch only. pfSense 2.4.x is the primary stable supported branch. If the firewall hardware is capable of running pfSense 2.4.x, consider upgrading to that release instead.
If you have not yet upgraded to pfSense version 2.4.0 or later, read the information in the 2.4.0 Release Announcement before updating for important information that may impact the ability of a firewall to upgrade to pfSense version 2.4.x.
If either by choice or by hardware limitations a firewall cannot be upgraded to pfSense 2.4.x, see the pfSense 2.3.5-RELEASE announcement for information on obtaining the latest 2.3.x release.
Upgrading to pfSense 2.4.3-RELEASE-p1
Updating from an earlier pfSense 2.4.x release to 2.4.3-RELEASE-p1 is possible via the usual methods:
From the GUI:
- Navigate to System > Update, Update Settings tab
- Set Branch to Latest stable version (2.4.x)
- Navigate back to the Update tab to see the pfSense 2.4.x update
From the console or ssh:
- Select option 13 OR select option 8 and run
pfSense-upgrade
Upgrading to pfSense 2.3.5-RELEASE-p2
Updating from an earlier pfSense 2.3.x release to pfSense 2.3.5-p2 on an amd64 installation that could otherwise use pfSense 2.4.x requires configuring the firewall to stay on pfSense 2.3.x releases as follows:
- Navigate to System > Update, Update Settings tab
- Set Branch to Legacy stable version (Security / Errata Only 2.3.x)
- Navigate back to the Update tab to see the latest pfSense 2.3.x update
The same change is required to see pfSense 2.3.x packages for users staying on pfSense 2.3.x.
Firewalls running 32-bit (i386) installations of pfSense software do not need to take any special actions to remain on 2.3.x as they are unable to run later versions.
Update Troubleshooting
If the update system offers an upgrade to pfSense but the upgrade will not proceed, ensure that the firewall is set to the correct update branch as mentioned above. If the firewall is on the correct branch, refresh the repository configuration and upgrade script by running the following commands from the console or shell:
pkg-static clean -ay; pkg-static install -fy pkg pfSense-repo pfSense-upgrade
In some cases, the repository information may need to be rewritten, this can be accomplished by switching to a development branch, checking for updates, and then switching back to the appropriate branch and checking for updates again.
Reporting Issues
This release is ready for a production use. Should any issues come up with pfSense 2.4.3-RELEASE-p1 or 2.3.5-RELEASE-p2, please post about them on the the forum, or on the /r/pfSense subreddit.
Thanks!
pfSense CE software is Open Source
For those who wish to review the source code in full detail, the changes are all publicly available in three repositories on GitHub:
- Main repository - the web GUI, back end configuration code, and build tools.
- FreeBSD source - the source code, with patches of the FreeBSD base.
- FreeBSD ports - the FreeBSD ports used.
Download
Using the automatic update process is typically easier than reinstalling to upgrade. See the Upgrade Guide page for details.
Supporting the Project
Our efforts are made possible by the support of our customers and the community. You can support our efforts via one or more of the following.
- Official appliances direct from Netgate. Our appliances are the fast, easy way to get up and running with a fully-optimized firewall.
- Commercial Support – Purchasing support from us provides you with direct access to Netgate Global Support.
- Professional Services – For more involved and complex projects outside the scope of support, our most senior engineers are available under professional services.