We are excited to announce the release of pfSense® software versions 2.4.2-p1 and 2.3.5-p1, now available for upgrades!

pfSense software versions 2.4.2-p1 and 2.3.5-p1 are maintenance releases bringing security patches and stability fixes for issues present in the pfSense 2.4.2 and 2.3.5 releases.

Highlights

This release includes several important security patches:

Updated OpenSSL for CVE-2017-3737 and CVE-2017-3738 / FreeBSD-SA-17:12.openssl (2.4.x and 2.3.x)

Fixed a potential authenticated command execution issue in certificate data handling #8153 / pfSense-SA-17_10.webgui.asc (2.4.x and 2.3.x)

Fixed a potential XSS issue in status_filter_reload.php #8143 / pfSense-SA-17_11.webgui.asc (2.4.x and 2.3.x)

Fixed a potential clickjacking issue in the CSRF error page (2.3.x only, this fix was included in 2.4.2-RELEASE)

Aside from security updates, the new versions include a handful of beneficial bug fixes for various minor issues.

For a complete list of changes, see the 2.4.2-p1 Release Notes and 2.3.5-p1 Release Notes.

The AutoConfigBackup package has recently had several improvements. Many of these are on the server side but on the client side there is a new feature to ignore backups generated by Captive Portal voucher updates. These writes happen frequently and push updates to the ACB server with such high volume that more significant backups for that host may be pushed off the server. By setting the option to ignore updates from vouchers, the online backups are able to contain more useful history of manual changes.

The ACME package was recently updated to address issues with Standalone mode validation and the new multi-VA method used by Let’s Encrypt.

Important Information

At this time, pfSense 2.3.x is a Security and Errata maintenance branch only. pfSense 2.4.x is the primary stable supported branch. If the firewall hardware is capable of running pfSense 2.4.x, consider upgrading to that release instead.

If you have not yet upgraded to pfSense version 2.4.0 or later, read the information in the 2.4.0 Release Announcement before updating for important information that may impact the ability of a firewall to upgrade to pfSense version 2.4.x.

If either by choice or by hardware limitations a firewall cannot be upgraded to pfSense 2.4.x, see the pfSense 2.3.5-RELEASE announcement for information on obtaining the latest 2.3.x release.

Upgrading to pfSense 2.4.2-RELEASE-p1

Updating from an earlier pfSense 2.4.x release to 2.4.2-RELEASE-p1 is possible via the usual methods:

From the GUI:

Navigate to System > Update , Update Settings tab

, tab Set Branch to Latest stable version (2.4.x)

to Navigate back to the Update tab to see the pfSense 2.4.x update

From the console or ssh:

Select option 13 OR select option 8 and run pfSense-upgrade

Upgrading to pfSense 2.3.5-RELEASE-p1

Updating from an earlier pfSense 2.3.x release to pfSense 2.3.5-p1 on an amd64 installation that could otherwise use pfSense 2.4.x requires configuring the firewall to stay on pfSense 2.3.x releases as follows:

Navigate to System > Update , Update Settings tab

, tab Set Branch to Legacy stable version (Security / Errata Only 2.3.x)

to Navigate back to the Update tab to see the latest pfSense 2.3.x update

The same change is required to see pfSense 2.3.x packages for users staying on pfSense 2.3.x.

Firewalls running 32-bit (i386) installations of pfSense software do not need to take any special actions to remain on 2.3.x as they are unable to run later versions.

If the update system offers an upgrade to pfSense but the upgrade will not proceed, ensure that the firewall is set to the correct update branch as mentioned above. If the firewall is on the correct branch, refresh the repository configuration and upgrade script by running the following commands from the console or shell:

pkg-static clean -ay; pkg-static install -fy pkg pfSense-repo pfSense-upgrade

In some cases, the repository information may need to be rewritten, this can be accomplished by switching to a development branch, checking for updates, and then switching back to the appropriate branch and checking for updates again.

Reporting Issues

This release is ready for a production use. Should any issues come up with pfSense 2.4.2-RELEASE-p1 or 2.3.5-RELEASE-p1, please post about them on the the forum, the mailing list, or on the /r/pfSense subreddit.

Thanks!

pfSense software is Open Source

For those who wish to review the source code in full detail, the changes are all publicly available in three repositories on GitHub:

Main repository - the web GUI, back end configuration code, and build tools.

FreeBSD source - the source code, with patches of the FreeBSD base.

FreeBSD ports - the FreeBSD ports used.

Download

Downloads for New Installs

Using the automatic update process is typically easier than reinstalling to upgrade. See the Upgrade Guide page for details.

Supporting the Project

Our efforts are made possible by the support of our customers and the community. You can support our efforts via one or more of the following.