OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 16.7 Legacy Series »
  • Time to upgrade?
« previous next »
  • Print
Pages: [1]

Author Topic: Time to upgrade?  (Read 3937 times)

StP

  • Jr. Member
  • **
  • Posts: 58
  • Karma: 2
    • View Profile
Time to upgrade?
« on: February 27, 2017, 11:26:42 am »
With 17.1.2 now out what is the common sense about upgrading from 16.7.14?
Production systems on Deciso hardware (OPN20077R-EUPC3-S2YN).
Any known risks still lurking?

Is 16.7.14 still safe? Or are there known security issues?

Best regards
  Stefan
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 13653
  • Karma: 1174
    • View Profile
Re: Time to upgrade?
« Reply #1 on: February 27, 2017, 01:00:32 pm »
Hi Stefan,

We're still addressing issues and looking for clues. Since Hyper-V had an existential problem that was addresses by FreeBSD just a few days ago we are almost ready to release new images. The Realtek transition also went well and we want that in images rather sooner than later too.

Though the sc / vt video driver also did give us issues with changing behaviour on retained defaults we may switch to vt for the next images.

Long story short: if you want to wait, wait for the new images just to be sure, maybe 17.1.3 or 17.1.4 if all else fails.


Cheers,
Franco
Logged

StP

  • Jr. Member
  • **
  • Posts: 58
  • Karma: 2
    • View Profile
Re: Time to upgrade?
« Reply #2 on: February 28, 2017, 08:38:53 am »
Thanks Franco.

So 16.7.14 does not have any known security flaws?
In that case I will wait.

Stefan
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 13653
  • Karma: 1174
    • View Profile
Re: Time to upgrade?
« Reply #3 on: March 02, 2017, 08:10:31 am »
There's an audit scanner for packages that will tell you. Assigned CVEs should be inspected carefully, they don't always apply to the use of a software.

On the FreeBSD side there is only this one, but it doesn't apply because we use the ports OpenSSL which will pop up in the audit scanner as well:

https://www.freebsd.org/security/advisories/FreeBSD-SA-17:02.openssl.asc

But yes, 16.7 is EOL so there are bound to be issues and they are not getting fewer. 17.1.3 is coming out early next week, it is a good time to upgrade.


Cheers,
Franco
Logged

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 16.7 Legacy Series »
  • Time to upgrade?
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2