Security / Errata

• FreeBSD SA for CVE-2018-8897 FreeBSD-SA-18:06.debugreg
• FreeBSD EN for CVE-2018-6920 and CVE-2018-6921 FreeBSD-EN-18:05.mem
• Fixed a potential XSS vector in RRD error output encoding #8269 pfSense-SA-18_01.packages
• Fixed a potential XSS vector in diag_system_activity.php output encoding #8300 pfSense-SA-18_02.webgui
• Fixed a potential LFI in pkg_mgr_install.php #8485 pfSense-SA-18_04.webgui
• Fixed a potential XSS in pkg_mgr_install.php #8486 pfSense-SA-18_05.webgui
• Changed sshd to use delayed compression #8245
• Added encoding for firewall schedule range descriptions #8259

Misc

• Added an option to disable HSTS for the GUI web server #6650
• Added filtering to pfTop page
• Added ospf6d to the routing log
• Change get_interface_subnet() to use configured value if available
• Corrected sethelp call on firewall_rules_edit.php #8242
• Fixed an issue with selecting a gateway when switching a firewall rule away from IPv4+IPv6 mode #8447
• Fixed an issue with the address familiy selection for remote syslog servers using IPv6 #8323
• Fixed a problem when IPsec bypasslan was enabled while the LAN interface is disabled or doesn’t have an IP address #8239
• Fixed config.xml corruption handling
• Fixed input validation for Certificate SAN values to disallow IP addresses for FQDN/Hostname entries #8275
• Fixed issues with OpenVPN when using a /31 IPv4 Tunnel Network #8261
• Fixed NTP Status server time for zones with minute offsets (fractions of an hour) #8129
• Fixed selection of IPv6 gateways when creating a new firewall rule #8053
• Fixed various pf “busy” errors when the ruleset is reloaded
• Improved handling of aliases that mix IP addresses and FQDNs #8290
• Improved update repository controls
• Increased the default Firewall Maximum Table Entries value to 400000 to cope with the increased size of the IPv6 bogon address lists #8417