14 DAY TRIAL // If you haven't upgraded your pfSense BSD-based firewall to the major 2.4.x stable series yet, we have some good news for you today as the pfSense 2.3.5 security update is now available to download.
pfSense 2.3.5 is a maintenance and bugfix release for the pfSense 2.3 stable series of the world's most trusted open source firewall, and it's here to patch a few critical security vulnerabilities, including that nasty WPA2 KRACK (Key Reinstallation Attack) issue.
It also addresses an XSS vulnerability in the RRD graphs, bumps the version number for some core components, including cURL, Perl, and Dnsmasq, to fix more security issues, and improves the web-based interface with a bunch of goodies.
These include a new login page, vital improvements to the Dashboard and the AJAX handling, as well as better handling of GET/POST CSRF. For more details on what's changed in the pfSense 2.3.5 update, check out the full release notes.
"As we have promised, we will continue to deliver security and stability fixes to the pfSense 2.3.x line even after we have released pfSense 2.4.0, since i386 and NanoBSD were deprecated in pfSense 2.4.0," said Jim Pingle in the release announcement.
pfSense 2.3 series to be supported until October 2018
More such updates are coming to the pfSense 2.3 stable series in the coming months, until at least October 2018, so it's safe to stay on this branch if you have no plans to upgrade to the more advanced pfSense 2.4 series, which got its first point release last week.
Existing pfSense 2.3.x users can update to version 2.3.5 right now using the instructions provided in the announcement, and newcomers will be able to download the pfSense 2.3.5 installation images right now from our web portal.