Squid package should be upgraded to v4.9

NetVicious

Check these CVS which they seem to be fixed on squid v4.9. There it's no 4.4.x (the current version pfSense has) with those fixes.
CVE-2019-12526 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12526
CVE-2019-18679 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18679
CVE-2019-18678 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18678

The first and second seem to be high impact.
https://nsfocusglobal.com/advisory-squid-multiple-high-risk-vulnerability/

jimp

pfSense 2.4.x is still on squid-3.5.27_3. pfSense 2.5.x is on squid-4.9.

The "4.4.x" you are seeing is just the GUI package version and is actually 0.4.44_9, but that's not relevant to squid issues.

NetVicious

Thanks for the clarification. But squid v3.5 has the same problem and at this moment doesn't has a fix.
The last version of 3.5 branch it's 3.5.28 ant it's affected too.