FreeBSD 11.3 End of Life

  • Hi, I just a little concerned that FreeBSD 11.3 appears to go end of life on the 30th September 2020 which is in 14 days. Are there plans to move to FreeBSD 11.4 or go live with pfSence 2.5 before this date?

  • There are no known vulnerabilities with pfSense 2.4.5_p1. None.

    pfSense is not FreeBSD. It is derived from FreeBSD with substantial changes.

  • If pfSense has diverged from FreeBSD where it's, it's own thing then there seems little point in displaying the FreeBSD version in the web GUI?

    If pfSense 2.4.x base takes the majority of it's patches from FreeBSD 11.3 then surely it makes sense to stay on a supported version?

    I fully accept I'm just an outsider here looking in here so have limited understanding of pfsense internals I just see it as a red flag when a derived project allows itself to run a from an unsupported upstream.

  • @MrClayPole What red-flags are you concerned about? Specifically.

    Yes, 11.3 is going into EOL status. That doesn't mean what is a secure release today stops being secure in two weeks. EOL means the FreeBSD team will stop actively developing that version. If something is discovered after that point in time it will go unaddressed by FreeBSD. pfSense/Netgate develop pfSense and they would address any vulnerabilities as they surface, although that is unlikely to be necessary. 2.5 will be out in due course.

    Look, I'm not trying to be a pain. What I am saying is that you have very little to be concerned with. No one is trying to sell you something that isn't secure. Searching this forum will result in many-many similar posts over the last few years. The answer each time has been the same. There are no exploitable vulnerabilities in the current (at that time) pfSense release.

    Ideally we would be on 2.5 now. That has proven to be a non trivial task. FreeBSD 12.x is a different beast and presents challenges. Best thing to do is support that effort by testing the development release and reporting what you discover.

  • Rebel Alliance Developer Netgate

    pfSense 2.4.5-p1 is not running FreeBSD 11.3-RELEASE, it's running FreeBSD 11.3-STABLE@r357046, which is closer to 11.4 than 11.3.

    The main advantage to moving to 11.4 is for security patches from upstream, which we can always apply manually if needed. We employ several FreeBSD developers, so such changes are not typically problematic.

    If something comes along which needs addressed, we'll address it.

Log in to reply