The 4.0.7 maintenance release is now available.
I've included a summary of the changes below.
14910 L2TP enhancement
Enhance the L2TP support to handle NAT-Traversal and
14936 Reflexted XSS problem
Remove a cross site scripting vulnerability with the web
14959 DPD can take down a live connection
Under some unusual conditions, DPD (dead peer detection) would
restart a functional IPsec tunnel.
14981 ipsec failover problems
Fix various IPsec routing issues which were causing packets for
individual hosts to be held once the tunnel was established.
14992 ifmond default route race with firewall
A race condition between firewall and ipsec has been removed
prevented unneeded tunnels restarts.
14993 IPSec ipcomp can run units out of memory
IPsec tunnels running IP compression with high data loads on low
resource devices will no longer run out of memory and hang or reboot.
14994 Update ssh/openssl packages
Update of openssh and openssl to address CVE-2009-3245,
CVE-2008-1678, CVE-2009-1378, CVE-2009-1377, CVE-2009-1379.
14999 Export restrictions refresh for affected units
Review of export restriction settings across all devices.
15001 Update openssl to fix CVE-2010-0740.
New version of openssl that fixes CVE-2010-0740.
15004 ifmond %defaultroute is broken with multiple default routes
IPsec tunnels using the default route will now select the right device
for the tunnel, utilising the preferred gateway if set.
15005 nflogd failing to parse family
nflogd will now display the IPv4 field of a packet correctly on all
13796 Trusted Source doesn't create an ACCEPT rule for Internet aliases
Aliases on WAN/Internet inetrfaces now have suitable ACCEPT rules
14862 netflash doesn't complain on full USB devices
USB based devices now limited the space used by firmware updates
and fail gracefully if there is insufficient space on the USB device.
14955 Failover default test description
Updated to something more meaningful
14916 SG560D: We don't support Annex B, so remove it from the GUI
SG560D: We don't support Annex B, so remove it from the GUI
14962 kernel oops on held packets for ipsec tunnels
Fixed a crash when packets were held on a tunnel that is down.
The crash would happen when the tunnel came back up and retransmitted
the held packet.