Recent Releases

2.1915 Apr 2016 13:05 minor feature: It is a great moment to us and we are very proud to release the 100th Core Update today.. This update will bring you IPF ire 2.19 which we release for 64 bit on Intel (x86_64) for the first time. This release was delayed by the various security vulnerabilities in. openssl and. glibc, but is packed with many improvements under the hood and various.. 64 bit. There will be no automatic update path from a 32 bit installation to a 64 bit installation. It is required to manually reinstall the system for those who want to change, but a previously generated backup can be restored so that the entire procedure takes usually less than half an hour.. There are not too many advantages over a 64 bit version except some minor performance increases for some use cases and of course the ability to address more memory. IPF ire is able to address up to 64GB of RAM on 32 bit, so there is not much need to migrate. We recommend to use 64 bit images for new installations and stick with existing installations as they are.. Kernel Update. As with all major releases, this one comes with an updated Linux kernel to and improve hardware compatibility. Linux 3.14.65 with many backported drivers from Linux 4.2 is also hardened stronger against common attacks like stack buffer overflows.. Many firmware blobs for wireless cards and other components have been updated just as the hardware database.. Hyper-V performance. A backport of a recent version of the Microsoft Hyper-V network driver module will allow transferring data at higher speeds again. Previous versions had only very poor throughput on some versions of Hyper-V.. Firewall Updates. It is now possible to enable or disable certain connection tracking modules. These Application Layer Gateway ( ALG ) modules help certain protocols like SIP or FTP to work with NAT. Some VoIP phones or PBX es have problems with those so that they can now be disabled. Some need them.. The firewall has also been optimised to allow more throughput with
2.1716 Jun 2015 03:15 minor feature: This is the official release announcement for IPFire 2.17 #8211; Core Update 91. This update comes with various security fixes #8211; most notably fixes for six security vulnerabilities in the OpenSSL library and two more vulnerabilities in strongSwan.. OpenSSL security vulnerabilities. There are six security vulnerabilities that are fixed in version 1.0.2b of openssl. This version contained an ABI breakage bug that required us to wait for a fix for that and rebuild this Core Update.. Among these are fixes for the Logjam vulnerability and others that are filed under CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1792, CVE-2015-1791, and CVE-2014-8176.. StrongSwan IPsec security vulnerability. In strongSwan 5.3.1, a security vulnerability that is filed under CVE-2015-3991 was fixed. A denial-of-service and potential code execution was possible with specially crafted IKE messages.. IPFire ships now version 5.3.2 which fixes an second vulnerability (CVE-2015-4171).. Other package updates. A number of other packages have been updated: libnet 1.16, libxml2 2.9.2, libxslt 1.1.28, newt 0.52.19, slang 2.3.0, pcre 8.37. Minor changes.. The P2P block feature is now disabled by default on new installations. There are many false-positive cases and the usage of P2P networks has declined in the past so that we do not consider this a good default setting any longer. Existing installations remain unchanged.. DHCP Server: The list of static leases is now searchable. Static leases created from the list of dynamic leases are now added and the user menu will allow editing the new entry right away. We. strongly recommend to install this update as soon as possible and reboot the system afterwards.. Please do not forget to donate if you want to support the IPFire project.
2.17 - Core Update 9013 Jun 2015 01:26 minor feature: Comes with some new features, many updates of software packages and various minor bug fixes. SSLv3 and SSLv2 are now disabled by default. Performance improvements. Removing legacy code. strongSwan has been updated to version 5.3.0. It provides much better stability of IPsec VPN connections. The kernel has been updated to version 3.14.43. glibc: Fix CVE-2013-7423 and CVE-2015-1781 Apache will not show its version and loaded modules any more in the server signature. Connections in the list of connections that are using Destination NAT are Now coloured in the colour of the new destination host. dnsmasq has been fixed so that it will correctly fall back to TCP for DNS replies larger than the DNS packet size. udev: Network interface names are now assigned from the configuration in /var/ipfire/ethernet/settings instead of the setup tool generating a native /udev configuration file. ovpnmain.cgi: Some certificate authority (CA) related elements have been /displayed outside the site layout.
2.15 Core 7909 Jul 2014 17:42 minor feature: The kernel has been updated to 3.10.44 for better support for some hardware. Feature enhancements that massively increase the security level of OpenVPN connections. Some enhancements of the web user interface, update of the Squid web proxy, new features in general and many other changes.