Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
| docs:guide-developer:security [2021/09/21 21:51] – redundant spaces vgaetera | docs:guide-developer:security [2023/10/13 09:25] – add 23.05 hauke | ||
|---|---|---|---|
| Line 9: | Line 9: | ||
| ===== Security advisories ===== | ===== Security advisories ===== | ||
| - | ==== Security advisories 2021 ==== | ||
| - | <nspages advisory -actualtitle -textPages="" | ||
| - | ==== Security advisories 2020 ==== | + | /** Omit the footer because the edit/create date is inaccurate because the page's contents are autogenerated. */ |
| - | <nspages advisory -actualtitle -textPages="" | + | {{page>advisory: |
| - | ==== Security | + | This only lists security |
| - | <nspages advisory | + | |
| ===== Support status ===== | ===== Support status ===== | ||
| Line 22: | Line 19: | ||
| ^ Version ^ Current status ^ Projected EoL ^ | ^ Version ^ Current status ^ Projected EoL ^ | ||
| - | | 21.02 | Fully supported | | | + | | 23.05 | Fully supported | - | |
| - | | 19.07 | Fully supported | + | | 22.03 | Security maintenance | EoL (April 2024) | |
| - | | 18.06 | End of life | December 2020 | | + | | 21.02 | End of life | EoL (May 2023) | |
| + | | 19.07 | End of life | EoL (April 2022) | | ||
| + | | 18.06 | End of life | EoL | | ||
| | 17.01 | End of life | EoL | | | 17.01 | End of life | EoL | | ||
| | 15.05 | End of life | EoL | | | 15.05 | End of life | EoL | | ||
| + | |||
| + | The projected EoL can be extended later, depending on the future situation, like the release date of the next release. | ||
| The Version references the most recent stable version from this release branch. | The Version references the most recent stable version from this release branch. | ||
| Line 34: | Line 35: | ||
| * End of life means that we will *not* provide any updates also for severe security problem. Please update to more recent versions. | * End of life means that we will *not* provide any updates also for severe security problem. Please update to more recent versions. | ||
| - | The projected EoL can be extended later, depending on the future situation, like the release | + | A OpenWrt major version will get into fully supported status after it was initially released. |
| + | When the next OpenWrt major version is released the old version will move into security maintenance mode. | ||
| + | A OpenWrt major version will move into end of Life 1 year after the initial release or 6 months after the release of the next major versions. The later date will be used. We plan to do a final minor release | ||
| This only covers the core OpenWrt packages and not the external package feeds hosted on github. | This only covers the core OpenWrt packages and not the external package feeds hosted on github. | ||
| Line 58: | Line 61: | ||
| ===== Deliver to users ===== | ===== Deliver to users ===== | ||
| - | OpenWrt operates multiple [[: | + | OpenWrt operates multiple [[: |
| - | When a change to a package is committed to the OpenWrt base repository of package feed the build bots are automatically | + | When a change to a package is committed to the OpenWrt base repository of package feed, the build bots are automatically |
| - | The new newly build package can then be installed with opkg or be integrated with the image builder by users of OpenWrt. | + | The newly built package can then be installed with opkg or be integrated with the image builder by users of OpenWrt. |
| This allows us to ship updates in about 2 days to the end users. | This allows us to ship updates in about 2 days to the end users. | ||
| The kernel is normally located in its own partition and upgrades are not so easily possible. | The kernel is normally located in its own partition and upgrades are not so easily possible. | ||
| - | Therefore this mechanism currently does not work for the kernel itself and kernel modules, there a new minor release is needed to ship fixes to end users. | + | Therefore this mechanism currently does not work for the kernel itself and kernel modules |
| ===== Hardening build options ===== | ===== Hardening build options ===== | ||
| - | OpenWrt activates some build hardening options in the [[https:// | + | OpenWrt activates some build hardening options in the [[https:// |
| Note that individual packages and/or targets may ignore or otherwise not respect these settings. | Note that individual packages and/or targets may ignore or otherwise not respect these settings. | ||
| - | ^ .config line ^ Enabled by default ^ Notes ^ | + | ^ .config line |
| - | | '' | + | | '' |
| - | | '' | + | | '' |
| - | | '' | + | | '' |
| - | | '' | + | | '' |
| - | | '' | + | | '' |
| - | | '' | + | | '' |
| - | | '' | + | | '' |
| - | | '' | + | | '' |
| - | | '' | + | | '' |
| + | | '' | ||
| + | | '' | ||
| + | | '' | ||