FreeBSD takes security very seriously and its developers are constantly working on making the operating system as secure as possible. This page will provide information about what to do in the event of a security vulnerability affecting your system
FreeBSD security issues specific to the base system should be reported via email to the FreeBSD Security Team or, if a higher level of confidentiality is required, via PGP encrypted email to the Security Officer Team using the Security Officer PGP key. Additional information can be found at the reporting FreeBSD security incidents page.
A full list of all security vulnerabilities affecting the base system can be found on this page.
Advisories affecting the base system are sent to the following mailing lists:
The list of released advisories can be found on the FreeBSD Security Advisories page.
Advisories are always signed using the FreeBSD Security Officer PGP key and are archived, along with their associated patches, at the http://security.FreeBSD.org/ web server in the advisories and patches subdirectories.
The FreeBSD Security Officer provides security advisories for -STABLE Branches and the Security Branches. (Advisories are not issued for the -CURRENT Branch, which is primarily oriented towards &os; developers.)
The -STABLE branch tags have names like stable/10. The corresponding builds have names like FreeBSD 10.1-STABLE.
Each FreeBSD Release has an associated Security Branch. The Security Branch tags have names like releng/10.1. The corresponding builds have names like FreeBSD 10.1-RELEASE-p4.
Issues affecting the FreeBSD Ports Collection are covered separately in the FreeBSD VuXML document.
For users that have previously installed a binary version of &os; (e.g., &rel.current; or &rel2.current;), commands:
# freebsd-update fetchIf that fails, follow the other instructions in the security advisory you care about.
Note that the above procedure is only for users who have previously installed a binary distribution. Those who have built from source will need to update their source tree to upgrade.
Each release is supported by the Security Officer for a limited time only.
The designation and expected lifetime of all currently supported branches and their respective releases are given below. The Expected EoL (end-of-life) column indicates the earliest date on which support for that branch or release will end. Please note that these dates may be pushed back if circumstances warrant it.
Older releases are not maintained and users are strongly encouraged to upgrade to one of the supported releases mentioned above. A list of unsupported releases can be found here.
| Branch | Release | Type | Release Date | Expected EoL |
|---|---|---|---|---|
| stable/9 | -n/a | -n/a | -n/a | -December 31, 2016 | -
| releng/9.3 | -9.3-RELEASE | -Extended | -July 16, 2014 | -December 31, 2016 | -
| stable/10 | n/a | n/a | n/a | last release + 2 years | -
| releng/10.1 | -10.1-RELEASE | -Extended | -November 14, 2014 | -December 31, 2016 | -
| releng/10.2 | -10.2-RELEASE | -Normal | -August 13, 2015 | -December 31, 2016 |
| releng/10.3 | 10.3-RELEASE | Extended | April 4, 2016 | April 30, 2018 |
| stable/11 | n/a | n/a | n/a | September 30, 2021 |
| releng/11.0 | 11.0-RELEASE | n/a | October 10, 2016 | 11.1-RELEASE + 3 months |
In the run-up to a release, a number of -BETA and -RC releases may be published for testing purposes. These releases are only supported for a few weeks, as resources permit, and will not be listed as supported on this page. Users are strongly discouraged from running these releases on production systems.
Effective &os; 11.0-RELEASE, the support model has been changed to allow more rapid development while also providing timely security updates for all supported releases.
Under the new support model, each major version's stable branch is explicitly supported for 5 years, while each individual point release is only supported for three months after the next point release.
The details and rationale behind this change can be found in the official announcement sent in February 2015.
Previously, branches were designated as either Normal or Extended. The designation was used as a guideline for determining the lifetime of the branch as follows:
The following releases are no longer supported but are listed here for reference purposes.
| Branch | Release | Type | Release Date | EoL |
|---|---|---|---|---|
| stable/4 | n/a | n/a | n/a | January 31, 2007 |
| releng/4.11 | 4.11-RELEASE | Extended | January 25, 2005 | January 31, 2007 |
| stable/5 | n/a | n/a | n/a | May 31, 2008 |
| releng/5.3 | 5.3-RELEASE | Extended | November 6, 2004 | October 31, 2006 |
| releng/5.4 | 5.4-RELEASE | Normal | May 9, 2005 | October 31, 2006 |
| releng/5.5 | 5.5-RELEASE | Extended | May 25, 2006 | May 31, 2008 |
| stable/6 | n/a | n/a | n/a | November 30, 2010 |
| releng/6.0 | 6.0-RELEASE | Normal | November 4, 2005 | January 31, 2007 |
| releng/6.1 | 6.1-RELEASE | Extended | May 9, 2006 | May 31, 2008 |
| releng/6.2 | 6.2-RELEASE | Normal | January 15, 2007 | May 31, 2008 |
| releng/6.3 | 6.3-RELEASE | Extended | January 18, 2008 | January 31, 2010 |
| releng/6.4 | 6.4-RELEASE | Extended | November 28, 2008 | November 30, 2010 |
| stable/7 | n/a | n/a | n/a | February 28, 2013 |
| releng/7.0 | 7.0-RELEASE | Normal | February 27, 2008 | April 30, 2009 |
| releng/7.1 | 7.1-RELEASE | Extended | January 4, 2009 | February 28, 2011 |
| releng/7.2 | 7.2-RELEASE | Normal | May 4, 2009 | June 30, 2010 |
| releng/7.3 | 7.3-RELEASE | Extended | March 23, 2010 | March 31, 2012 |
| releng/7.4 | 7.4-RELEASE | Extended | February 24, 2011 | February 28, 2013 |
| stable/8 | n/a | n/a | n/a | August 1, 2015 |
| releng/8.0 | 8.0-RELEASE | Normal | November 25, 2009 | November 30, 2010 |
| releng/8.1 | 8.1-RELEASE | Extended | July 23, 2010 | July 31, 2012 |
| releng/8.2 | 8.2-RELEASE | Normal | February 24, 2011 | July 31, 2012 |
| releng/8.3 | 8.3-RELEASE | Extended | April 18, 2012 | April 30, 2014 |
| releng/8.4 | 8.4-RELEASE | Extended | June 9, 2013 | August 1, 2015 |
| stable/9 | +n/a | +n/a | +n/a | +December 31, 2016 | +
| releng/9.0 | 9.0-RELEASE | Normal | January 10, 2012 | March 31, 2013 |
| releng/9.1 | 9.1-RELEASE | Extended | December 30, 2012 | December 31, 2014 |
| releng/9.2 | 9.2-RELEASE | Normal | September 30, 2013 | December 31, 2014 |
| releng/9.3 | +9.3-RELEASE | +Extended | +July 16, 2014 | +December 31, 2016 | +
| releng/10.0 | 10.0-RELEASE | Normal | January 20, 2014 | February 28, 2015 | +
| releng/10.1 | +10.1-RELEASE | +Extended | +November 14, 2014 | +December 31, 2016 | +
| releng/10.2 | +10.2-RELEASE | +Normal | +August 13, 2015 | +December 31, 2016 |