pfsense CE is not being worked on , errta

michmoor

A post yesterday about the lack of 2.7 updates in the CE edition of pfsense really got me thinking. How much effort is being taken place behind the scenes to fix the issues seen?
Another thing is that sometimes its not fully appreciated how much work it takes to make secure software. . Let me provide some contexts at least.

1. PFsense is very secure. It requires tons of hard work to get there.
   CVE Details. Look at the CVE work here compared to a large, gartner #2 rated big huge mumbo jumbo vendor Yikes

2. 2.7 is not being worked on...
   
   How do you see over 400 issues closed and think Netgate is leaving CE?

We all care about the project. We all want the firewall to have certain features and functionality. When feeling a bit frustrated just take a step back and look at the progress. All things considered for free software this aint bad folks.

Dobby_

They were working on, more then we were able to see as I
am informed! The bugs where scaling up since 2022;

• 25.09.2023 / 45 open "bugs" and 88% solved
• 18.03.2023 / 86 open "bugs" and 87% solved

23.01 is announced for may 2023 with 5 open "bugs"

The change from PHP 7.x to PHP 8.1 is more then we might be thinking of because it is not "only" a version higher as many peoples are thinking from. And the
jump to FreeBSD 14 was also nice in my eyes.

And other things like TNSR, QAT, VPP, StrongSwan and
other`s came by site and last but not least as today there
are some versions and not like before only one 32Bit version was present.

• TNSR version
• ARM based pfSense
• CE version and the Plus version

All must be maintained, all must be updated and all must
be solved with patches (new patches system) and this is also "eating" manpower and time as I see it.

joshgreyz

@dobby_ so next CE version in 2024 then?

Dobby_

@joshgreyz

Going step by step like before or doing one great step together with swapping over to FreeBSD 14 and PHP 8.x
is for me not that question. Also why they are doing it and were marching that way, at one day this work or step must be done or gone. I think it is more to pointed to the more
architecture's (cpu arches) there are here in the game.

So perhaps it is for many long time users a little bit unusual now or plain the situation was changing but the entire workload for them will be even the same as I see it.

pfS+ 23.05 is announced for May 2023
pfS+ 23.09 is announced for September 2023

So being fair this is in 2023 and not in 2024

pfSense 2.7 CE´s bug list is gaining from 85 to 93 but holding even the 87 % so other things where worked out
and/or over to hold the standpoint, or plain they are working on it. As I see it we will get hands on 2.7 in this
year 2023 else where. And on the other site what is the
difference we get fast hands on 2.7 and all bugs will be then swaped over to the version 2.8? Then all are waiting for 2.8 and saing thinkgs must be done!

Patch

@michmoor
Currently there’s still a high degree of overlap between the CE and plus versions, so work on the CE version is most of what is added to the plus version.

Where the CE version lacks is regular stable releases.

joshgreyz

@Dobby_ so CE 2.7.0 is never going to happen then? Should the concerned CE users, myself included, be looking at a more secure solution if CE will never be updated? Does anyone have any suggestions on alternatives?

Dobby_

@joshgreyz said in pfsense CE is not being worked on , errta:

@Dobby_ so CE 2.7.0 is never going to happen then?

I have never said and also heart something about!
I run 2.7 Devel and have seen several updates and
I was taking (installing) them all! In real we will be
able to see a really good, fast and stable running
2.7 as I see it (not joking around here)! I was more
then one time installing 2.7 again and again, but
get then also a nicer felling for it, you will see
we get once a better 2.7 then we were thinking of, because my own meaning is that there was
changing something more then "only" the code
from PHP7.x to PHP 8.x and FreeBSD 14.x will be used. My first impression of the Developer release is that it will be much better, but this would be also pending on the entire hardware that is used.

Should the concerned CE users, myself
included,

Me too, please have a look on my signature!
23.05 release and 2.7 Devel

be looking at a more secure solution if

What is unsecure in 2.7 Devel? Ok it is not ready,
and at the time there will be more then one thing
on a change, but why it is now unsecure?

This is my package list

And this is the vuln. report

CE will never be updated?

During the time I am dropping you here that lines
of words there is again an update/upgrade from
or for 2.7 Devel so I have now several of them
seen and installed over the month and so I can
say there are working on each month.

Dashboard

System > update

Does anyone have any suggestions on
alternatives?

You will be free to go with any solution on the
market that is serving you all you need and wich
like anyone else. But why asking here in the forum for that? pfSense CE is free of charge and will be
needing a that time, during a greater step of work, more entire time to build. My question would be to you,

• Why must it going fast for you?
• Why you can´t wait for the or a ready release?

Here are some of the most or well known distros
that have here and there some other or the same abilities;

Untangle (Firewall)

• They have a version to buy and a CE version
  -- What is there better then in pfSense CE?
  -- Or what is more secure there?

Endian (Firewall)

• They have a version to buy and a CE version
  -- What is there better then in pfSense CE?
  -- Or what is more secure there?

IPFire (Firewall)

• They have a version to buy and a CE version
  -- What is there better then in pfSense CE?
  -- Or what is more secure there?

ClearOS (Gateway)

• They have a version to buy and a CE version
  -- What is there better then in pfSense CE?
  -- Or what is more secure there?

Sophos XG UTM (UTM)

• They have a version to buy and a CE version
  -- What is there better then in pfSense CE?
  -- Or what is more secure there?

OpenWRT (Router)

• There version is free of charge like the CE version from pfSense!
  -- What is there better then in pfSense CE?
  -- Or what is more secure there?

MikroTik RouterOS (Router)

• They have a version to buy and a CE version
  -- What is there better then in pfSense CE?
  -- Or what is more secure there?

VyOS (Router)

• They have a version to buy and a CE version
  -- What is there better then in pfSense CE?
  -- Or what is more secure there?

rcoleman-netgate

@michmoor said in pfsense CE is not being worked on , errta:

A post yesterday about the lack of 2.7 updates in the CE edition of pfsense really got me thinking. How much effort is being taken place behind the scenes to fix the issues seen?

There is a release pending. The CTO has gone on the record to state it's the next focus.

michmoor

@rcoleman-netgate my post is in support not complaining….I’m confused by your response

Dobby_

So I think after the 23.05 became a release it should be going
on faster as the past time.