Monday, November 12, 2012
Manuel Kasper has announced the release of m0n0wall 1.34, a tiny FreeBSD-based operating system for firewalls: "m0n0wall 1.34 released. m0n0wall 1.34 is a maintenance release with low-priority security fixes for CSRF/XSS issues in the webGUI. Changes in this release: eliminate modifying GETs from webGUI pages; make rule moving and deletion on shaper rules page work like for firewall rules; add csrf-magic for CSRF protection in webGUI; fix potential XSS in diag_ping.php and diag_traceroute.php; increase key size of auto-generated webGUI certificates to 2,048 bits; update default webGUI certificate/key; remove domain name handling from dhclient-script and change ARP command not to use sed (not used/available in m0n0wall); change virtualHW version to 7 for VMWare image to avoid errors in ESX 4." Visit the project's download page to read the full changelog. Download from here: cdrom-1.34.iso (17.8MB, SHA256).