Mordechai T. Abzug wrote:
Is 3.4.x still being maintained? Is 3.4.28 in particular still safe
in a non-NAT environment?
Long story, for those who care:
This customer is very conservative about software. The only security
fix I see documented for 3.4.x after 3.4.28 is a crash bug involving
NAT and fragmentation, and they're not doing NAT on these boxes. So
my temptation is to tell them it's OK to upgrade to 3.4.28, which
they've already validated, rather than the latest-and-greatest 4.1.29.
But I still have residual concerns that 3.4.x might not be maintained,
or that I am not understanding the "HISTORY" file that came with
3.4.35.
It depends on what you consider a "security" problem...
..for example, the non-fragmented logging problem (fixed in 3.4.34)
might worry some
..the fix for ipf_pullup() in 3.4.33 could be cause for concern about
reliability
..the ftp proxy fixes for .29 might be cause for concern if you use that
Darren
