Hello,
I am new here and have looked for an answer to my question but have been unable to. I have been getting this alert when I run the security checkup lately and I am not sure what to do. It states that it is inadvisable to update python on its own but I have been through a few minor upgrades and the issue still perists. I am on version 25.7.11_2
Thank you
Dave
Here is the full error.
***GOT REQUEST TO AUDIT SECURITY***
Currently running OPNsense 25.7.11_2 (amd64) at Wed Jan 21 09:44:22 MST 2026
Fetching vuln.xml.xz: .......... done
python311-3.11.14 is vulnerable:
python -- several vulnerabilities
CVE: CVE-2025-13836
CVE: CVE-2025-12084
WWW: https://vuxml.FreeBSD.org/freebsd/613d0f9e-d477-11f0-9e85-03ddfea11990.html
1 problem(s) in 1 package(s) found.
***DONE***
Wait for the next release which will probably address these issues. There is nothing you can do now.
Python has not gone ahead with releasing a new version yet. It was met with a bit of irritation. For now it is what it is.
Cheers,
Franco
Hi,
FYI
3.11.14_2 has been released yesterday which will fix the mentioned vulnerabilities:
https://vuxml.freebsd.org/freebsd/bfe9adc8-0224-11f1-8790-c5fb948922ad.html
best regards
realizelol
Which part of OPNsense uses Python exactly ?
I have started to seriously dislike it as a programming language over the last couple of years so I am really curious what it's purpose is :)
The backend uses quite some Python for fetching and managing data.
We did fix the two _1 CVEs in 26.1.1 but apparently there is _2 with two new ones. The circle of life. ;)
Cheers,
Franco
i am far more concerned about the openssl ones:
Fetching vuln.xml.xz: .......... done
openssl-3.0.18,1 is vulnerable:
OpenSSL -- Multiple vulnerabilities
CVE: CVE-2026-22796
CVE: CVE-2026-22795
CVE: CVE-2025-69421
CVE: CVE-2025-69420
CVE: CVE-2025-69419
CVE: CVE-2025-69418
CVE: CVE-2025-68160
CVE: CVE-2025-66199
CVE: CVE-2025-15469
CVE: CVE-2025-15468
CVE: CVE-2025-15467
CVE: CVE-2025-11187
WWW: https://vuxml.FreeBSD.org/freebsd/4b824428-fb93-11f0-b194-8447094a420f.html
python311-3.11.14 is vulnerable:
python -- several vulnerabilities
CVE: CVE-2025-13836
CVE: CVE-2025-12084
WWW: https://vuxml.FreeBSD.org/freebsd/613d0f9e-d477-11f0-9e85-03ddfea11990.html
python -- several security vulnerabilities
CVE: CVE-2026-0865
CVE: CVE-2026-1299
WWW: https://vuxml.FreeBSD.org/freebsd/bfe9adc8-0224-11f1-8790-c5fb948922ad.html
libsodium-1.0.19 is vulnerable:
security/libsodium -- crypto_core_ed25519_is_valid_point mishandles checks for whether an elliptic curve point is valid
CVE: CVE-2025-69277
WWW: https://vuxml.FreeBSD.org/freebsd/583b63f5-ebae-11f0-939f-47e3830276dd.html
4 problem(s) in 3 package(s) found.
Context business edition I presume? We'll do 25.10.2 in the coming week.
Cheers,
Franco
Quote from: franco on February 08, 2026, 05:51:17 PMContext business edition I presume? We'll do 25.10.2 in the coming week.
Cheers,
Franco
Yes Sir. Thank you and the team for keeping us secured
25.10.2 is out since yesterday. We're planning for 26.1.2 at the end of this week to pick up the newer Python batch into community as well.
Cheers,
Franco