OPNsense Forum
Archive => 16.7 Legacy Series => Topic started by: StP on February 27, 2017, 11:26:42 am
-
With 17.1.2 now out what is the common sense about upgrading from 16.7.14?
Production systems on Deciso hardware (OPN20077R-EUPC3-S2YN).
Any known risks still lurking?
Is 16.7.14 still safe? Or are there known security issues?
Best regards
Stefan
-
Hi Stefan,
We're still addressing issues and looking for clues. Since Hyper-V had an existential problem that was addresses by FreeBSD just a few days ago we are almost ready to release new images. The Realtek transition also went well and we want that in images rather sooner than later too.
Though the sc / vt video driver also did give us issues with changing behaviour on retained defaults we may switch to vt for the next images.
Long story short: if you want to wait, wait for the new images just to be sure, maybe 17.1.3 or 17.1.4 if all else fails.
Cheers,
Franco
-
Thanks Franco.
So 16.7.14 does not have any known security flaws?
In that case I will wait.
Stefan
-
There's an audit scanner for packages that will tell you. Assigned CVEs should be inspected carefully, they don't always apply to the use of a software.
On the FreeBSD side there is only this one, but it doesn't apply because we use the ports OpenSSL which will pop up in the audit scanner as well:
https://www.freebsd.org/security/advisories/FreeBSD-SA-17:02.openssl.asc
But yes, 16.7 is EOL so there are bound to be issues and they are not getting fewer. 17.1.3 is coming out early next week, it is a good time to upgrade.
Cheers,
Franco