diff --git a/website/content/en/releng/_index.adoc b/website/content/en/releng/_index.adoc index ce4d3f854c..1e1176cf28 100644 --- a/website/content/en/releng/_index.adoc +++ b/website/content/en/releng/_index.adoc @@ -1,141 +1,141 @@ --- title: "Release Engineering Information" sidenav: developers --- include::shared/authors.adoc[] include::shared/en/urls.adoc[] = Release Engineering Information This page contains documentation about the FreeBSD release engineering process. * <> * <> * link:../releng/charter/[Charter for the Release Engineering Team] * <> * <> * <> //// General information about committing to -STABLE. //// [[schedule]] == Upcoming Release Schedule Note: Release dates are approximate and may be subject to schedule slippage. //As of 2021-12-07, the next release has not yet been announced. [.tblbasic] [cols=",,",options="header",] |=== |Date |Event |Information |April 2022 |FreeBSD 13.1 |link:../releases/13.1R/schedule/[Target Schedule] |=== [[freeze]] == Code-Freeze Status This table lists the code freeze status for major branches of the `src/` repository of the FreeBSD Git repositories. Commits to any branch listed as "frozen" must first be reviewed and approved by the relevant contact party. The status of other repositories such as `ports/` and `doc/` is also provided below. [.tblbasic] [cols=",,,",options="header",] |=== |Branch |Status |Contact |Notes |`main` |Open |committers |Active development branch for 14.0-CURRENT. |`stable/13` |Open |committers |Development branch for FreeBSD 13-STABLE. |`releng/13.1` |Frozen |re@FreeBSD.org |FreeBSD 13.1 supported errata fix branch. |`releng/13.0` |Frozen |so@FreeBSD.org |FreeBSD 13.0 supported errata fix branch. |`stable/12` |Open |committers |Development branch for FreeBSD 12-STABLE. |`releng/12.3`|Frozen|security-officer@FreeBSD.org|FreeBSD 12.3 supported errata fix branch. -|`releng/12.2`|Frozen|security-officer@FreeBSD.org|FreeBSD 12.2 supported errata fix branch. +|`releng/12.2` |Frozen |security-officer@FreeBSD.org |FreeBSD 12.2 errata fix branch (not officially supported). |`releng/12.1` |Frozen |security-officer@FreeBSD.org |FreeBSD 12.1 errata fix branch (not officially supported). |`releng/12.0` |Frozen |security-officer@FreeBSD.org |FreeBSD 12.0 errata fix branch (not officially supported). |`stable/11` |Open |committers |Maintenance branch for FreeBSD 11-STABLE (not officially supported). |`releng/11.4` |Frozen |security-officer@FreeBSD.org |FreeBSD 11.4 errata fix branch (not officially supported). |`releng/11.3` |Frozen |security-officer@FreeBSD.org |FreeBSD 11.3 errata fix branch (not officially supported). |`releng/11.2` |Frozen |security-officer@FreeBSD.org |FreeBSD 11.2 errata fix branch (not officially supported). |`releng/11.1` |Frozen |security-officer@FreeBSD.org |FreeBSD 11.1 errata fix branch (not officially supported). |`releng/11.0` |Frozen |security-officer@FreeBSD.org |FreeBSD 11.0 errata fix branch (not officially supported). |`stable/10` |Open |committers |Maintenance branch for 10-STABLE (not officially supported). |`releng/10.4` |Frozen |security-officer@FreeBSD.org |FreeBSD 10.4 errata fix branch (not officially supported). |`releng/10.3` |Frozen |security-officer@FreeBSD.org |FreeBSD 10.3 errata fix branch (not officialy supported). |`releng/10.2` |Frozen |security-officer@FreeBSD.org |FreeBSD 10.2 errata fix branch (not officially supported). |`releng/10.1` |Frozen |security-officer@FreeBSD.org |FreeBSD 10.1 errata fix branch (not officially supported). |`releng/10.0` |Frozen |security-officer@FreeBSD.org |FreeBSD 10.0 errata fix branch (not officially supported). |`stable/9` |Open |committers |Maintenance branch for FreeBSD 9-STABLE (not officially supported). |`releng/9.3` |Frozen |security-officer@FreeBSD.org |FreeBSD 9.3 errata fix branch (not officially supported). |`releng/9.2` |Frozen |security-officer@FreeBSD.org |FreeBSD 9.2 errata fix branch (not officially supported). |`releng/9.1` |Frozen |security-officer@FreeBSD.org |FreeBSD 9.1 errata fix branch (not officially supported). |`releng/9.0` |Frozen |security-officer@FreeBSD.org |FreeBSD 9.0 errata fix branch (not officially supported). |`stable/8` |Open |committers |Maintenance branch for 8-STABLE (not officially supported). |`releng/8.4` |Frozen |security-officer@FreeBSD.org |FreeBSD 8.4 errata fix branch (not officially supported). |`releng/8.3` |Frozen |security-officer@FreeBSD.org |FreeBSD 8.3 errata fix branch (not officially supported). |`releng/8.2` |Frozen |security-officer@FreeBSD.org |FreeBSD 8.2 errata fix branch (not officially supported). |`releng/8.1` |Frozen |security-officer@FreeBSD.org |FreeBSD 8.1 errata fix branch (not officially supported). |`releng/8.0` |Frozen |security-officer@FreeBSD.org |FreeBSD 8.0 errata fix branch (not officially supported). |`stable/7` |Open |committers |Maintenance branch for 7-STABLE (not officially supported). |`releng/7.4` |Frozen |security-officer@FreeBSD.org |FreeBSD 7.4 errata fix branch (not officially supported). |`releng/7.3` |Frozen |security-officer@FreeBSD.org |FreeBSD 7.3 errata fix branch (not officially supported). |`releng/7.2` |Frozen |security-officer@FreeBSD.org |FreeBSD 7.2 errata fix branch (not officially supported). |`releng/7.1` |Frozen |security-officer@FreeBSD.org |FreeBSD 7.1 errata fix branch (not officially supported). |`releng/7.0` |Frozen |security-officer@FreeBSD.org |FreeBSD 7.0 errata fix branch (not officially supported). |`stable/6` |Open |committers |Maintenance branch for 6-STABLE (not officially supported). |`releng/6.4` |Frozen |security-officer@FreeBSD.org |FreeBSD 6.4 errata fix branch (not officially supported). |`releng/6.3` |Frozen |security-officer@FreeBSD.org |FreeBSD 6.3 errata fix branch (not officially supported). |`releng/6.2` |Frozen |security-officer@FreeBSD.org |FreeBSD 6.2 errata fix branch (not officially supported). |`releng/6.1` |Frozen |security-officer@FreeBSD.org |FreeBSD 6.1 errata fix branch (not officially supported). |`releng/6.0` |Frozen |security-officer@FreeBSD.org |FreeBSD 6.0 errata fix branch (not officially supported). |`stable/5` |Open |committers |Maintenance branch for 5-STABLE (not officially supported). |`releng/5.5` |Frozen |security-officer@FreeBSD.org |FreeBSD 5.5 errata fix branch (not officially supported). |`releng/5.4` |Frozen |security-officer@FreeBSD.org |FreeBSD 5.4 errata fix branch (not officially supported). |`releng/5.3` |Frozen |security-officer@FreeBSD.org |FreeBSD 5.3 errata fix branch (not officially supported). |`releng/5.2` |Frozen |security-officer@FreeBSD.org |FreeBSD 5.2 / 5.2.1 security fix branch (not officially supported). |`releng/5.1` |Frozen |security-officer@FreeBSD.org |FreeBSD 5.1 security fix branch (not officially supported). |`releng/5.0` |Frozen |security-officer@FreeBSD.org |FreeBSD 5.0 security fix branch (not officially supported). |`stable/4` |Open |committers |Maintenance branch for 4-STABLE (not officially supported). |`releng/4.11` |Frozen |security-officer@FreeBSD.org |FreeBSD 4.11 errata fix branch (not officially supported). |`releng/4.10` |Frozen |security-officer@FreeBSD.org |FreeBSD 4.10 security fix branch (not officially supported). |`releng/4.9` |Frozen |security-officer@FreeBSD.org |FreeBSD 4.9 security fix branch (not officially supported). |`releng/4.8` |Frozen |security-officer@FreeBSD.org |FreeBSD 4.8 security fix branch (not officially supported). |`releng/4.7` |Frozen |security-officer@FreeBSD.org |FreeBSD 4.7 security fix branch (not officially supported). |`releng/4.6` |Frozen |security-officer@FreeBSD.org |FreeBSD 4.6 security fix branch (not officially supported). |`releng/4.5` |Frozen |security-officer@FreeBSD.org |FreeBSD 4.5 security fix branch (not officially supported). |`releng/4.4` |Frozen |security-officer@FreeBSD.org |FreeBSD 4.4 security fix branch (not officially supported). |`releng/4.3` |Frozen |security-officer@FreeBSD.org |FreeBSD 4.3 security fix branch (not officially supported). |`stable/3` |Open |committers |Maintenance branch for 3-STABLE (not officially supported). |`stable/2.2` |Open |committers |Maintenance branch for 2.2-STABLE (not officially supported). |*Repository* |*Status* |*Contact* |*Notes* |`ports/` |Open |portmgr@FreeBSD.org |FreeBSD Ports Collection. |`doc/` |Open |freebsd-doc@FreeBSD.org |ASCIIDoc-based documentation set. |=== [[docs]] == Release Engineering Documentation * link:{freebsd-releng}[FreeBSD Release Engineering] + This document details the approach used by the FreeBSD release engineering team to make production-quality releases of the FreeBSD Operating System. It describes the tools available for those interested in producing customized FreeBSD releases for corporate rollouts or commercial productization. [[team]] == Release Engineering Team The primary release engineering team is responsible for approving link:{handbook}#mfc-glossary[MFC] requests during code freezes, setting release schedules, and all of the other responsibilities laid out in our link:../releng/charter/[charter]. *Primary RE Team (re@FreeBSD.org)* : {re-members} form the primary release engineering decision-making group. The builders release engineering team is responsible for building and packaging FreeBSD releases on the various supported platforms. *Builders REs (re-builders@FreeBSD.org)* : {re-builders} The third party packages in the Ports Collection are managed by the portmgr@ team. Among many other responsibilities, the port managers keep the ports cluster running smoothly to produce binary packages. *Package Builders (portmgr@FreeBSD.org)* : {portmgr-members} [[old]] == Old Releases The FreeBSD Project does not maintain a complete archive of old release ISO images, but many of them are available at ftp://ftp-archive.FreeBSD.org/pub/FreeBSD-Archive/old-releases/. Older releases that are no longer present on any FTP mirror might still be available from CD-ROM vendors. diff --git a/website/content/en/security/_index.adoc b/website/content/en/security/_index.adoc index 3fa19716e9..3d379404e7 100644 --- a/website/content/en/security/_index.adoc +++ b/website/content/en/security/_index.adoc @@ -1,113 +1,112 @@ --- title: "FreeBSD Security Information" sidenav: support --- include::shared/releases.adoc[] = FreeBSD Security Information == Introduction FreeBSD takes security very seriously and its developers are constantly working on making the operating system as secure as possible. This page will provide information about what to do in the event of a security vulnerability affecting your system == Table of Contents * <> * <> * <> * <> * <> * <> [[reporting]] == Reporting FreeBSD security incidents FreeBSD security issues specific to the base system should be reported via email to the mailto:secteam@FreeBSD.org[FreeBSD Security Team] or, if a higher level of confidentiality is required, via PGP encrypted email to the mailto:security-officer@FreeBSD.org[Security Officer Team] using the link:so_public_key.asc[Security Officer PGP key]. Additional information can be found at the link:reporting/[reporting FreeBSD security incidents] page. [[when-reporting]] == When is a Security Advisory considered? For every issue that gets reported, an internal tracking number is created, unless something is very obviously not a security issue. To determine whether or not a Security Advisory is warranted we use the following scheme: * Is it a privilege escalation vulnerability? * Is it a code injection vulnerability? * Is it a memory disclosure or dataleak vulnerability? ** From either the kernel ** From a privileged process ** From a process owned by another user? * Is it a Denial of Service vulnerability? ** Only when remotely exploitable, where remotely means that it comes from a different broadcast domain, so ARP and/or NDP based attacks do not qualify. * Is it an unassisted jailbreak vulnerability? * Is it a malfunction that could lead to generating insecure crypto keys, such as a PRNG bug? For items that fall under these categories, a Security Advisory is very likely. Items that are not on this list are looked into individually and it will be determined then whether or not it will receive a Security Advisory or an Errata Notice. Once it had been determined that a Security Advisory is warranted, either the submitter delivers a CVE number if he/she already requested one, or we use one from the FreeBSD pool available. [[recent]] == Recent FreeBSD security vulnerabilities A full list of all security vulnerabilities affecting the base system can be found link:advisories[on this page]. [[advisories]] == Understanding FreeBSD security advisories Advisories affecting the base system are sent to the following mailing lists: * FreeBSD-security-notifications@FreeBSD.org * FreeBSD-security@FreeBSD.org * FreeBSD-announce@FreeBSD.org The list of released advisories can be found on the link:advisories[FreeBSD Security Advisories] page. Advisories are always signed using the FreeBSD Security Officer link:so_public_key.asc[PGP key] and are archived, along with their associated patches, at the http://security.FreeBSD.org/ web server in the http://security.FreeBSD.org/advisories/[advisories] and http://security.FreeBSD.org/patches/[patches] subdirectories. The FreeBSD Security Officer provides security advisories for _-STABLE Branches_ and the _Security Branches_. (Advisories are not issued for the _-CURRENT Branch_, which is primarily oriented towards FreeBSD developers.) * The -STABLE branch tags have names like `stable/13`. The corresponding builds have names like `FreeBSD 13.0-STABLE`. * Each FreeBSD Release has an associated Security Branch. The Security Branch tags have names like `releng/13.0`. The corresponding builds have names like `FreeBSD 13.0-RELEASE-p1`. Issues affecting the FreeBSD Ports Collection are covered separately in http://vuxml.FreeBSD.org/[the FreeBSD VuXML document]. [[how]] == How to update your system -For users that have previously installed a binary version of FreeBSD (e.g., {rel130-current} or {rel122-current}), commands: +For users that have previously installed a binary version of FreeBSD (e.g., {rel130-current} or {rel123-current}), commands: `# freebsd-update fetch` `# freebsd-update install` If that fails, follow the other instructions in the security advisory you care about. Note that the above procedure is only for users who have previously installed a binary distribution. Those who have built from source will need to update their source tree to upgrade. [[sup]] == Supported FreeBSD releases Each release is supported by the Security Officer for a limited time only. The designation and expected lifetime of all currently supported branches and their respective releases are given below. The _Expected EoL (end-of-life)_ column indicates the earliest date on which support for that branch or release will end. Please note that these dates may be pushed back if circumstances warrant it. link:unsupported[Older releases] are not supported and users are strongly encouraged to upgrade to one of these supported releases: [.tblbasic] [cols=",,,",options="header",] |=== |Branch |Release |Release Date |Expected EoL |stable/13 |n/a |n/a |January 31, 2026 |releng/13.0 |13.0-RELEASE |April 13, 2021 |13.1-RELEASE + 3 months |stable/12 |n/a |n/a |June 30, 2024 |releng/12.3 |12.3-RELEASE |December 7, 2021 |12.4-RELEASE + 3 months -|releng/12.2 |12.2-RELEASE |October 27, 2020 |March 31, 2022 |=== In the run-up to a release, a number of -BETA and -RC releases may be published for testing purposes. These releases are only supported for a few weeks, as resources permit, and will not be listed as supported on this page. Users are strongly discouraged from running these releases on production systems. [[model]] == The FreeBSD support model Under the current support model, each major version's stable branch is explicitly supported for 5 years, while each individual point release is only supported for three months after the next point release. The details and rationale behind this model can be found in the https://lists.freebsd.org/pipermail/freebsd-announce/2015-February/001624.html[official announcement] sent in February 2015. diff --git a/website/content/en/security/unsupported.adoc b/website/content/en/security/unsupported.adoc index dc2b61f6b3..93363a81ff 100644 --- a/website/content/en/security/unsupported.adoc +++ b/website/content/en/security/unsupported.adoc @@ -1,55 +1,56 @@ --- title: "Unsupported FreeBSD Releases" sidenav: support --- = Unsupported FreeBSD Releases The following releases are no longer supported but are listed here for reference purposes. [.tblbasic] [cols=",,,,",options="header",] |=== |Branch |Release |Type |Release Date |EoL |stable/4 |n/a |n/a |n/a |January 31, 2007 |releng/4.11 |4.11-RELEASE |Extended |January 25, 2005 |January 31, 2007 |stable/5 |n/a |n/a |n/a |May 31, 2008 |releng/5.3 |5.3-RELEASE |Extended |November 6, 2004 |October 31, 2006 |releng/5.4 |5.4-RELEASE |Normal |May 9, 2005 |October 31, 2006 |releng/5.5 |5.5-RELEASE |Extended |May 25, 2006 |May 31, 2008 |stable/6 |n/a |n/a |n/a |November 30, 2010 |releng/6.0 |6.0-RELEASE |Normal |November 4, 2005 |January 31, 2007 |releng/6.1 |6.1-RELEASE |Extended |May 9, 2006 |May 31, 2008 |releng/6.2 |6.2-RELEASE |Normal |January 15, 2007 |May 31, 2008 |releng/6.3 |6.3-RELEASE |Extended |January 18, 2008 |January 31, 2010 |releng/6.4 |6.4-RELEASE |Extended |November 28, 2008 |November 30, 2010 |stable/7 |n/a |n/a |n/a |February 28, 2013 |releng/7.0 |7.0-RELEASE |Normal |February 27, 2008 |April 30, 2009 |releng/7.1 |7.1-RELEASE |Extended |January 4, 2009 |February 28, 2011 |releng/7.2 |7.2-RELEASE |Normal |May 4, 2009 |June 30, 2010 |releng/7.3 |7.3-RELEASE |Extended |March 23, 2010 |March 31, 2012 |releng/7.4 |7.4-RELEASE |Extended |February 24, 2011 |February 28, 2013 |stable/8 |n/a |n/a |n/a |August 1, 2015 |releng/8.0 |8.0-RELEASE |Normal |November 25, 2009 |November 30, 2010 |releng/8.1 |8.1-RELEASE |Extended |July 23, 2010 |July 31, 2012 |releng/8.2 |8.2-RELEASE |Normal |February 24, 2011 |July 31, 2012 |releng/8.3 |8.3-RELEASE |Extended |April 18, 2012 |April 30, 2014 |releng/8.4 |8.4-RELEASE |Extended |June 9, 2013 |August 1, 2015 |stable/9 |n/a |n/a |n/a |December 31, 2016 |releng/9.0 |9.0-RELEASE |Normal |January 10, 2012 |March 31, 2013 |releng/9.1 |9.1-RELEASE |Extended |December 30, 2012 |December 31, 2014 |releng/9.2 |9.2-RELEASE |Normal |September 30, 2013 |December 31, 2014 |releng/9.3 |9.3-RELEASE |Extended |July 16, 2014 |December 31, 2016 |releng/10.0 |10.0-RELEASE |Normal |January 20, 2014 |February 28, 2015 |releng/10.1 |10.1-RELEASE |Extended |November 14, 2014 |December 31, 2016 |releng/10.2 |10.2-RELEASE |Normal |August 13, 2015 |December 31, 2016 |releng/10.3 |10.3-RELEASE |Extended |April 4, 2016 |April 30, 2018 |releng/10.4 |10.4-RELEASE |Normal |October 3, 2017 |October 31, 2018 |releng/11.0 |11.0-RELEASE |n/a |October 10, 2016 |November 30, 2017 |releng/11.1 |11.1-RELEASE |n/a |July 26, 2017 |September 30, 2018 |releng/11.2 |11.2-RELEASE |n/a |June 28, 2018 |October 31, 2019 |releng/11.3 |11.3-RELEASE |n/a |July 9, 2019 |September 30, 2020 |releng/11.4 |11.4-RELEASE |n/a |June 16, 2020 |September 30, 2021 |releng/12.0 |12.0-RELEASE |n/a |December 11, 2018 |February 29, 2020 |releng/12.1 |12.1-RELEASE |n/a |November 4, 2019 |January 31, 2021 +|releng/12.2 |12.2-RELEASE |n/a |October 27, 2020 |March 31, 2022 |===