The FreeBSD Foundation has just recently released version 8.4-RELEASE which featured an array of security advisories, kernel changes, hardware support fixes and updates to contributed software. The entire release notes are available at the FreeBSD Foundation website.  We have added 8.4-RELEASE to our signup form, and is now available as an install option for all of our VPS and Dedicated Server packages.

The major question most face is, do I need to upgrade? The answer depends on what you are using your system for and what subsystems you are using. If you have a highly customized FreeBSD configuration, it will be far more important that you read through all of the release notes. If you’re considering migrating to FreeBSD 9.0 or 9.1 you might want to wait until 9.2 is released, especially if you’re using ZFS pools with feature flags (see below). Version 9.x does offer some major changes from 8.x including high performance SSH, ZFS v28, updated ATA/SATA drivers with AHCI support and the NFS system is upgraded to support NFSv4.  Version 9.2 could be available as early as December (unconfirmed) as for end of life on the current versions, 8.3 and 8.4 are extended (24 month security officer support) while 9.0 and 9.2 are slated to be normal (12 month). That also puts 9.1 and 9.3 at extended with 9.1 being supported until Dec. 31, 2014.

In FreeBSD 8.4-RELEASE there were a lot of bug fixes in the network interface support area as well as some new hardware support. Network protocols also had a major list of updates including some bug fixes to IPv6. FreeBSD 8.4-RELEASE also includes updates to major contributed software like OpenSSH, OpenSSL, and sendmail and the KDE desktop environment.

As security is always a major concern, here is a quick overview of what was fixed in FreeBSD 8.4-RELEASE based on previous security advisories. The oldest and most outstanding of these are the OpenSSL vulnerabilities that were fixed which dated back to May 2012 (SA-12:01.openssl and SA-13:03.openssl). Other security updates including changes to crypt(), named, bind, and input validation for the NFS server which could potentially have been exploited to allow arbitrary code to be run in kernel context.

In terms of the kernel itself, several bugs were fixed including those dealing with CPU affinity, VIMAGE and mmap. Other changes include some workarounds dealing with old versions of QEMU and Xen, and big changes to the FreeBSD sched_ule scheduler in terms of CPU selection in systems with symmetrical multithreading (or hyperthreading for Intel CPUs).

It you are considering migrating to FreeBSD 9.0 or 9.1 and are using the ZFS subsystem it’s important to note that FreeBSD 8.4-RELEASE can now support feature flags in ZFS pools, but the default version number will still be 28. FreeBSD 9.0 and 9.1 do not support these feature flags and so they cannot be used but a version 8.x system can be upgraded to version 9.0 or 9.1 without problem provided the ZFS pools are v28. If a ZFS pool is upgraded from v28 it would then prevent upgrade. However, FreeBSD 9.2 and later are slated to support ZFS pools with feature flags.