PCI Compliance Scan Fail: lighttpd
I have a client who is failing a PCI compliance audit. One of the points of failure is because lighttpd is not version 1.4.34 or higher.
The client is currently running 2.1.2-RELEASE (i386). According to the scan, the current version of lighttpd is version 1.4.32. Do later versions of pfSense upgrade lighttpd?
I have another client with 2.1.4-RELEASE (x64) but I don't know how to tell the version of lighttpd to see if it's updated in the newest release.
2.1.4 has the latest 1.4.35. There are a number of other security issues in 2.1.2, maybe an automated scanner wouldn't find, but need to upgrade to 2.1.4 regardless.
Thank you for the info, it's greatly appreciated!