| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision |
| start [2018/11/19 18:22] – typos hauke | start [2024/11/09 21:56] – [OpenWrt Summit 2024 & Battlemesh v16] remove ynezz |
|---|
| See the [[toh:start|Table of Hardware]] for supported devices. For more information about OpenWrt project organization, see the [[:about|About OpenWrt]] pages. | See the [[toh:start|Table of Hardware]] for supported devices. For more information about OpenWrt project organization, see the [[:about|About OpenWrt]] pages. |
| |
| ===== CCC and OpenWrt: Technical guideline of German BSI for secure routers insufficient ===== | ===== Project statement about xz 5.6.1 (CVE-2024-3094) ==== |
| |
| The recently released technical guideline for secure broadband routers is simply a disservice to customers. This guideline will not prevent widespread malfunction of routers and their security problems in the future. The consumers will not get a useful way to distinguish secure and long living devices from risky devices or the possibility to take care of the security by them self. | OpenWrt appears to be unaffected by [[https://nvd.nist.gov/vuln/detail/CVE-2024-3094|CVE-2024-3094]], as the compromised versions of //xz// used were sourced from GitHub releases, which only included a dormant segment of the malicious code. The essential component required to activate the backdoor during the build process was not found in the examined tarball archives. For the details see [[https://lists.openwrt.org/pipermail/openwrt-announce/2024-March/000052.html|email announcement]] or the [[https://forum.openwrt.org/t/project-statement-about-xz-5-6-1-cve-2024-3094/193250|forum post]]. |
| | ===== Current stable series: OpenWrt 23.05 ===== |
| |
| Vendors are still allowed to block OpenWrt from the devices they sold, even after security support for the device was already terminated, making the device useless. | {{section>releases:23.05:start#openwrt_2305&firstseconly&noheader&nofooter&readmore&noeditbutton}} |
| |
| The Chaos Computer Club (CCC) and OpenWrt took part in multiple review and discussion rounds with the Bundesamt für Sicherheit in der Informationstechnik (BSI) and representatives of multiple device vendors and network operators. These are our two main demands: | ===== Old stable series: OpenWrt 22.03 ===== |
| |
| - Vendors have to inform customer before buying the product for all devices being sold in Germany, how long the device will get security updates in case problems are found. | {{section>releases:22.03:start#openwrt_2203&firstseconly&noheader&nofooter&readmore&noeditbutton}} |
| - The customer must have the possibility to install custom software on their devices, to have the possibility to fix security problems even after the official vendor support ended. | |
| | |
| [[https://www.ccc.de/de/updates/2018/risikorouter|Press release in German]] | |
| | |
| ===== Download OpenWrt ===== | |
| | |
| {{section>releases:18.06:start#openwrt_1806&firstseconly&noheader&nofooter&readmore&noeditbutton}} | |
| | |
| ==== Old Stable Release ==== | |
| | |
| {{section>releases:17.01:start#openwrt_1701_reboot&firstseconly&noheader&nofooter&readmore&noeditbutton}} | |
| |
| ===== Why use OpenWrt? ===== | ===== Why use OpenWrt? ===== |
| * **Extensibility:** OpenWrt provides many capabilities found only in high-end devices. Its 3000+ application packages are standardized, so you can easily replicate the same setup on any supported device, including two (or even five) year old routers. [[reasons_to_use_openwrt#extensibility|More...]] | * **Extensibility:** OpenWrt provides many capabilities found only in high-end devices. Its 3000+ application packages are standardized, so you can easily replicate the same setup on any supported device, including two (or even five) year old routers. [[reasons_to_use_openwrt#extensibility|More...]] |
| |
| * **Security:** OpenWrt's standard installation is secure by default, with Wi-Fi disabled, no poor passwords or backdoors. OpenWrt's software components are kept up-to-date, so vulnerabilities get closed shortly after they are discovered. [[reasons_to_use_openwrt#security|More...]] | * **Security:** OpenWrt's standard installation is secure by default, with Wi-Fi disabled, no poor passwords or backdoors. OpenWrt's software components are kept up-to-date, so [[advisory:start|vulnerabilities get closed shortly after they are discovered]]. [[reasons_to_use_openwrt#security|More...]] |
| |
| * **Performance and Stability:** OpenWrt firmware is made of standardized modules used in all supported devices. This means each module will likely receive more testing and bug fixing than stock firmware which can be tweaked for each product line and never touched again. [[reasons_to_use_openwrt#performance_stability|More...]] | * **Performance and Stability:** OpenWrt firmware is made of standardized modules used in all supported devices. This means each module will likely receive more testing and bug fixing than stock firmware which can be tweaked for each product line and never touched again. [[reasons_to_use_openwrt#performance_stability|More...]] |
| |
| |
| ===== Announcing the OpenWrt/LEDE merge ===== | ===== OpenWrt Joins Software Freedom Conservancy (SFC) ===== |
| |
| {{section>about#announcing_the_openwrtlede_merge&firstseconly&noheader&nofooter&readmore&noeditbutton}} | {{section>openwrt_joins_conservancy&firstseconly&noheader&nofooter&readmore&noeditbutton}} |
| |
| ===== OpenWrt wants you! ===== | ===== OpenWrt wants you! ===== |