OPNsense Forum
Archive => 18.1 Legacy Series => Topic started by: SecAficionado on January 28, 2018, 04:23:24 am
-
Hi there,
First, there's a couple of fresh vulnerabilities in curl, so 7.58 is out. Can you please include it in 18.1?
Second, this one might be a more mid to long term request: can you please migrate the rest of the legacy pages that put stuff in /var to their proper place? Unbound is the one example I ran into.
I would like to get my feet wet on contributing to opnsense. Is this something I can try? I'll take a look and see if it's not too above my head.
Thanks!!
-
Hi there,
Unfortunately, it's impossible to create a vulnerability-free release if we give the major update a code freeze period of a week to provide stability and on the fifth day after the build some software needs a patch. We have to take packages, plugins and core components into account for LibreSSL, OpenSSL, both on amd64 and i386. On top of that image integrity for 4 image types on both architectures again.
Nevertheless, 18.1.1 will be out rather sooner than later to address this properly.
It's a long-term plan to replace the legacy code, but that does not simply include moving /var/etc configuration files somewhere else as that has no user impact. We'd rather start with the GUI to provide an API and associated cleanups. Since components are working that is hard to find a good roadmap spot for.
Instead, we can work on individual changes that you have in mind regarding config files?
Cheers,
Franco
-
Hi Franco,
it's impossible to create a vulnerability-free release if we give the major update a code freeze period of a week to provide stability
Yes, that makes perfect sense to me. This is an endless job and needs a disciplined approach, so thanks for doing precisely that.
Instead, we can work on individual changes that you have in mind regarding config files?
Sure, I think Unbound needs a small tweak, but I am still getting familiar with the setup and opnsense's inner workings for this particular item. For example, I found the config files, but I cannot find the anchor certificates and related files. I'll have to dig deeper before I have more intelligent questions...
Thanks!!
-
Thanks, we'll work it out together. :)
Cheers,
Franco