There will be a blog post. I may update announce@, but my thinking on security@ is that it is for notices.
We dropped the price, too. -- Jim > On Apr 13, 2014, at 22:21, linbloke <linbl...@fastmail.fm> wrote: > > > Thanks Jim. There's still no sign of them in the AWS AMI public images > library. Can you post the AMI IDs here or to the security announce list when > they're available please? > > Kind regards, > lb > > >> On 12/04/2014 4:19 pm, Jim Thompson wrote: >> They're built; we're waiting on Amazon. >> >> -- Jim >> >>> On Apr 11, 2014, at 22:41, linbloke <linbl...@fastmail.fm> wrote: >>> >>> >>>> On 11/04/2014 5:23 am, Jim Thompson wrote: >>>> https://blog.pfsense.org/?p=1253 >>>> >>>> pfSense release 2.1.2 is now available. pfSense release 2.1.2 follows >>>> less than a week after pfSense release 2.1.1, and is primarily a security >>>> release. >>> Thanks for the new release. Any sign of updated AWS AMIs? >>> >>> Regards, >>> lb >>> >>>> The Heartbleed OpenSSL bug and another OpenSSL bug which enables a >>>> side-channel attack are both covered by the following security >>>> announcements: >>>> • pfSense-SA-14_04.openssl >>>> • FreeBSD-SA-14:06.openssl >>>> • CVE-2014-0160 (Heartbleed) >>>> • CVE-2014-0076 (ECDSA Flaw) >>>> >>>> Packages also have their own independent fixes and need updating. During >>>> the firmware update process the packages will be properly reinstalled. >>>> If this fails for any reason, uninstall and then reinstall packages to >>>> ensure that the latest version of the binaries is in use. >>>> >>>> Other Fixes >>>> • On packages that use row_helper, when user clicks on an add or delete >>>> button, the page scrolls to top. #3569 >>>> • Correct a typo on function name in Captive Portal bandwidth >>>> allocation. >>>> • Make extra sure that we do not start multiple instances of dhcpleases >>>> if, for example, the PID is stale or invalid, and there is still a running >>>> instance. >>>> • Fix for CRL editing. Use an alphanumeric test rather than purely >>>> is_numericint because the ID is generated by uniqid and is not purely >>>> numeric. #3591 >>>> >>>> You will want to perform a full security audit of your pfSense >>>> installations, renewing any passwords, generating or fitting new >>>> certificates, placing the old certificates on a CRL, etc. >>>> _______________________________________________ >>>> List mailing list >>>> List@lists.pfsense.org >>>> https://lists.pfsense.org/mailman/listinfo/list >>> _______________________________________________ >>> List mailing list >>> List@lists.pfsense.org >>> https://lists.pfsense.org/mailman/listinfo/list >> _______________________________________________ >> List mailing list >> List@lists.pfsense.org >> https://lists.pfsense.org/mailman/listinfo/list > > _______________________________________________ > List mailing list > List@lists.pfsense.org > https://lists.pfsense.org/mailman/listinfo/list _______________________________________________ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list