Is CE 2.7.2 fully patched as secure as CE 2.8 ?

bric

Hi,

From a security perspective, is it possible to delay the update to 2.8 if 2.7.2 is fully patched?

Thank you for your answer

Bric

Gertjan

@bric

The "system patches" are mostly GUI "script" corrections, they rarely influence the real security.
As 2.8.0 is FreeBSD 15, and a more recent OS is always better, I tend to so that 2.8.0 is a (very) little bit more safe.
Let's say you gain 0,01 % - the other 99,99 % is in the hands of the admin, as it depends how you've setup your pfSense, etc.
Afaik, 2.7.2 is still "supported", so you could wait with the upgrade.

Better / more info : Netgate Releases pfSense Community Edition Version 2.8.0.

stephenw10

Yup the system patches package can only update run-time scripts. Some things that are packages can be updated separately so you can pkg upgrade them in the current branch.

But a new release will have fixes and patches to core components that cannot be applied so would be considered more secure.

However at this point there are no known issues with 2.7.2 that would concern me.