Just after updating to 26.4_6 the security audit produces a list of 7 vulnerabilities with CVE. Is this the new normal now that AI is searching for them?
This is not meant to discredit the OPNsense maintainers, just a general question. I just want to be prepared for a time when running a firewall with known vulnerabilities is the new normal.
Welcome to 2026.
Most of it is Python. According to https://peps.python.org/pep-0719/ 3.13.14 will be out by Tuesday, 2026-06-09.
In the meantime we'd have to put in a lot of effort to micro manage Python fixes and potentially clashing with similar efforts in FreeBSD ports. It's not a good option for us at the moment with the priorities we have.
So, yes, 2026. Welcome to the future.
Cheers,
Franco
PS: OpenVPN 2.6.20 is not vulnerable. The FreeBSD ports database is wrong but since they skipped the version there's no effort there to be more diligent.