pfSense 2.4.3 已发布,本次更新包含重要的安全修复和 bug 修复,还引入了一些新特性,具体如下。
值得关注的更新
包含一些重要的安全修复补丁:
-
Kernel PTI mitigations for Meltdown (optional tunable) FreeBSD-SA-18:03.speculative_execution.asc
-
IBRS mitigation for Spectre V2 (requires updated CPU microcode) FreeBSD-SA-18:03.speculative_execution.asc
-
Fixes for FreeBSD-SA-18:01.ipsec
-
Fixed three potential XSS vectors, and two potential CSRF issues
-
CSRF protection for all dashboard widgets
-
Updated several base system packages to address CVEs
除了安全修复,pfSense 还包含重要的 bug 修复,如修复 pfSense PHP 模块的内存泄露问题,具体如下:
-
Fixed hangs due to Limiters and pfsync in High Availability configurations
-
Imported anetstatfix to improve performance and reduce CPU usage, especially on the Dashboard and ARM platforms
-
Fixed a memory leak in the pfSense PHP module
-
Fixed DHCPv6 lease display for entries that were not parsed properly from the lease database
-
Fixed issues on assign_interfaces.php with large numbers of interfaces
-
Fixed multiple issues that could result in an invalid ruleset being generated
-
Fixed multiple Captive Portal voucher synchronization issues with HA
-
Fixed issues with XMLRPC user account synchronization causing GUI inaccessibility on secondary HA nodes
-
… and many more!
重要的新特性:
-
Changed IPsec Phase 1 to allow selecting both IPv4 and IPv6 so the local side can allow inbound connections to either address family
-
Changed IPsec Phase 1 to allow configuration of multiple IKE encryption algorithms, key lengths, hashes, and DH groups
-
Changed SMTP notifications handling so they are batched, to avoid sending multiple e-mail messages in a short amount of time
-
Added options to RFC 2136 Dynamic DNS for server key algorithm and to change the source address used to send updates
-
Added VLAN priority tagging for DHCPv6 client requests
-
Hardware support for the new XG-7100 including C3000 SoC support, C3000 NIC support, and Marvell 88E6190 switch support (Factory installations only)
-
… and more!
详细更新内容请查看发布说明。
下载地址:https://www.pfsense.org/download/
