Is 3.4.x still being maintained? Is 3.4.28 in particular still safe in a non-NAT environment?
Long story, for those who care: During a security scan, a customer noticed that some of their systems were crashing, while one didn't weren't. I did some inspecting, and noticed that the ones that crashed were patched identically to the one that didn't crash -- except that the one that didn't crash was running ipf 3.4.28, while the ones that did crash were running a somewhat older version. This customer is very conservative about software. The only security fix I see documented for 3.4.x after 3.4.28 is a crash bug involving NAT and fragmentation, and they're not doing NAT on these boxes. So my temptation is to tell them it's OK to upgrade to 3.4.28, which they've already validated, rather than the latest-and-greatest 4.1.29. But I still have residual concerns that 3.4.x might not be maintained, or that I am not understanding the "HISTORY" file that came with 3.4.35. Thanks! - Morty
