update notifications - business edition

Started by osn1803, May 24, 2026, 08:04:51 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 24, 2026, 08:04:51 PM Last Edit: May 24, 2026, 08:24:02 PM by osn1803
Hello -

I have been using the business edition for about a year.

I have noted that minor version bumps happen automatically and smoothly via the cron job "Automatic firmware updates".

Major version updates aren't automatic, and I'm not clear on what is the correct way to engage with those to avoid being silently stranded in a dead-end branch and not getting updates.

I also have a cron job for "Firmware update check", but it doesn't notify me of its results. Because of this, it appears I missed the security updates for CVE-2026-44194 & 45158 due to being on 25.10.2, and the host was waiting for manual intervention to upgrade to 26.4.

I see a couple of things I could do:

  • Since monit does email its output, I could create a custom monit task to run or wrap /usr/local/opnsense/scripts/firmware/check.sh.
  • I can subscribe to notifications for https://github.com/opnsense/core/security/advisories, but that requires me to verify that each is addressed, whereas I'd like to simply know that it's automated.

Is there a better or more supported way to manage the transition to new major versions without surprises or gaps? (Even better, is an LTS version on the roadmap someday?)

Thank you, and apologies for my ignorance.
May 24, 2026, 08:49:31 PM #1
Major releases for the business edition are published exactly every April and every October. Just check this space for announcements, then.

The moment a new major release is published all prior ones are EOL. There is only ever one supported release, community or business.

So I don't get what you mean by silently stranded. If you don't run 26.4 you run EOL software.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
May 24, 2026, 10:45:58 PM #2
If you put this as cron job parameter it will also do major upgrades automatically:

https://github.com/opnsense/core/blob/eb2800a9bd76060fa17937840e3498c31e4081d2/src/etc/rc.firmware.subr#L34

ALLOW_RISKY_MAJOR_UPGRADE
Hardware:
DEC740
May 24, 2026, 11:08:35 PM #3 Last Edit: May 24, 2026, 11:17:18 PM by osn1803
Quote from: Patrick M. Hausen on May 24, 2026, 08:49:31 PMSo I don't get what you mean by silently stranded.

Right, and by "silently" I mean it simply stopped getting updates. What I was asking is where I should have tuned in to be warned that the version I'm running was about to be EOL.

I wasn't aware that it's simply scheduled semiannually, so thank you.

I would really like to see an LTS release with some dwell time / overlap. Forcing commercial customers to upgrade twice a year at a specific time isn't great.

May 24, 2026, 11:09:12 PM #4
Quote from: Monviech (Cedrik) on May 24, 2026, 10:45:58 PMIf you put this as cron job parameter it will also do major upgrades automatically:

https://github.com/opnsense/core/blob/eb2800a9bd76060fa17937840e3498c31e4081d2/src/etc/rc.firmware.subr#L34

ALLOW_RISKY_MAJOR_UPGRADE

That's potentially useful, thank you.
Print
Go Up Pages1
User actions