Today a list of very serious problems in the WPA2 protocol has been discovered: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, etc.
All these bugs open the way to an attack of the “man in the middle” type.
I’d wish to ask to the developers when, and for which devices, an update with the patched wpa_supplicant (version 1:2.6-11) will be released.
I think this is a very serious bug that should be patched as soon as possible.
As soon as the patched wpa_supplicant (and probably hostapd as well) will make it into raspbian jessie repo, Volumio will incorporate the new version as default in the next version. No ETA at the moment