Time keeps on slipping into the future.
-
I just realized that the current build of pfsense is based on freebsd 11.2 (https://docs.netgate.com/pfsense/en/latest/releases/versions-of-pfsense-and-freebsd.html#id1). According to (https://www.freebsd.org/releases/) 11.2 reached it's eol in June of 2018. We are all running obsolete software. Jimp that rough Idea sure would be helpful right about now. Thanks.
-
We are aware, but it's only as unsupported as we let it be. We can backport anything we need if we have to.
We're not making any promises on dates, that only leads to trouble. Even rough estimates.
-
@techpro2004 EOL doesn't mean it's going to explode. It means no new patches. If something big happens before the release of 2.5.0, they will likely issue a 2.4.4-p4 with backported fixes as JimP already mentioned. JimP has already told you what he can about release dates. Being pushy about it won't get you any farther.
-
So who decides what is important enough to get backported? No one knows my network and what it needs like I do and I am sure the same goes for anyone with a router out there as well.
-
How is your network special as compared to the thousands of others that pfSense services? To answer your question, Netgate themselves would determine that based on the severity of any reported issue.
-
Every network is special as they all have different hardware and uses running on them. Who determines what is most severe as every threat impacts every network differently ie: threat a acts on program/service b. I run program b but you use program c.
-
Netgate makes that determination based on what parts of FreeBSD are present and used on pfSense. There are frequently SA/EN announcements for things which have no possible relationship to pfSense (kernel drivers we do not include or build, modules we do not build, base system components we do not build or ship, components which cannot be enabled in any way in pfSense, etc).
Most things you hear about are not relevant to a firewall/appliance type role, but only endpoints. People still kick and scream about some of them, so they get patched, even if they aren't relevant for most (e.g. PTI, MDS)
-
I see, you backport everything for components that are actually in pfsense. that makes me feel better then picking and choosing ie: rejecting patches that apply to the system but are deemed not important enough.
-
Netgate isn't going to pump out 2.4.4-p4 just because there was an update to the man page for the tar command, for example. Only issues that affect the security of the system would be considered for backporting.
-
Right, issues that affect security but all issues that affect security no matter how minor they are deemed