OPNsense Forum

Archive => 16.7 Legacy Series => Topic started by: StP on February 27, 2017, 11:26:42 am

Title: Time to upgrade?
Post by: StP on February 27, 2017, 11:26:42 am

With 17.1.2 now out what is the common sense about upgrading from 16.7.14?
Production systems on Deciso hardware (OPN20077R-EUPC3-S2YN).
Any known risks still lurking?

Is 16.7.14 still safe? Or are there known security issues?

Best regards
  Stefan

Title: Re: Time to upgrade?
Post by: franco on February 27, 2017, 01:00:32 pm

Hi Stefan,

We're still addressing issues and looking for clues. Since Hyper-V had an existential problem that was addresses by FreeBSD just a few days ago we are almost ready to release new images. The Realtek transition also went well and we want that in images rather sooner than later too.

Though the sc / vt video driver also did give us issues with changing behaviour on retained defaults we may switch to vt for the next images.

Long story short: if you want to wait, wait for the new images just to be sure, maybe 17.1.3 or 17.1.4 if all else fails.


Cheers,
Franco

Title: Re: Time to upgrade?
Post by: StP on February 28, 2017, 08:38:53 am

Thanks Franco.

So 16.7.14 does not have any known security flaws?
In that case I will wait.

Stefan

Title: Re: Time to upgrade?
Post by: franco on March 02, 2017, 08:10:31 am

There's an audit scanner for packages that will tell you. Assigned CVEs should be inspected carefully, they don't always apply to the use of a software.

On the FreeBSD side there is only this one, but it doesn't apply because we use the ports OpenSSL which will pop up in the audit scanner as well:

https://www.freebsd.org/security/advisories/FreeBSD-SA-17:02.openssl.asc

But yes, 16.7 is EOL so there are bound to be issues and they are not getting fewer. 17.1.3 is coming out early next week, it is a good time to upgrade.


Cheers,
Franco