Just after updating to 26.4_6 the security audit produces a list of 7 vulnerabilities with CVE. Is this the new normal now that AI is searching for them?
This is not meant to discredit the OPNsense maintainers, just a general question. I just want to be prepared for a time when running a firewall with known vulnerabilities is the new normal.
Welcome to 2026.
Most of it is Python. According to https://peps.python.org/pep-0719/ 3.13.14 will be out by Tuesday, 2026-06-09.
In the meantime we'd have to put in a lot of effort to micro manage Python fixes and potentially clashing with similar efforts in FreeBSD ports. It's not a good option for us at the moment with the priorities we have.
So, yes, 2026. Welcome to the future.
Cheers,
Franco
PS: OpenVPN 2.6.20 is not vulnerable. The FreeBSD ports database is wrong but since they skipped the version there's no effort there to be more diligent.
Quote from: franco on May 06, 2026, 05:26:48 PMMost of it is Python. According to https://peps.python.org/pep-0719/ 3.13.14 will be out by Tuesday, 2026-06-09.
In the meantime we'd have to put in a lot of effort to micro manage Python fixes and potentially clashing with similar efforts in FreeBSD ports. It's not a good option for us at the moment with the priorities we have.
So, yes, 2026. Welcome to the future.
Does that future include kicking out that weird snake at some point ?? :P
Quote from: nero355 on May 07, 2026, 12:00:47 AMDoes that future include kicking out that weird snake at some point ?? :P
There's nothing to kick.
So many things depend on python is not even funny. And the goal is to be on a supported version that can be used with everything that depends on it.
FWIW, FreeBSD 14.x branch is still lagging on python311 while OPNsense was able to jump on the python313 train shortly after 26.1 —- which in turn caused issues on the mimugmail repo with things not building properly.
Thankfully it would appear some if not all of the mimugmail issues have been ironed out as I just found today a new Unifi update along with the associated dependencies.
Yep, looking at the current open source ecosystem Python isn't going anywhere in many projects. We're also using it in backend scripting.
Cheers,
Franco
Quote from: newsense on May 07, 2026, 05:36:57 AMQuote from: nero355 on May 07, 2026, 12:00:47 AMDoes that future include kicking out that weird snake at some point ?? :P
There's nothing to kick.
So many things depend on python is not even funny. And the goal is to be on a supported version that can be used with everything that depends on it.
Quote from: franco on May 07, 2026, 10:10:06 AMYep, looking at the current open source ecosystem Python isn't going anywhere in many projects.
We're also using it in backend scripting.
I will keep dreaming of a Python-free World then :)
As long as there are no snakes on a plane I guess we're fine.
Cheers,
Franco