Well, <snort> stable 6.43 just got released. How many of you will push that out over the next few days? :) Alas it doesn't look like it has RB3011 hardware AES yet which is in the RC. On Mon, 10 Sep 2018 at 17:32, Mike Everest <mike@duxtel.com> wrote:
Absolutely!
Security fixes are DEFINITELY "want or need", and agreed - emphasis is on 'need' in those cases ;)
However, updates that only offer new features that you don’t currently use, or fix bugs that don't affect you are not worth the downtime caused by install, or potential break in functionality caused by introducing new bugs that did not previously exist! :-D
So,... our advice still stands :-}
(and we follow our own advice too! ;)
Incidentally, we also encourage bugfix release stream as well for all production equipment (unless there is a 'want or need' type feature in other streams.
Cheers!
Mike.
-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Jason Ross Sent: Monday, 10 September 2018 5:06 PM To: MikroTik Australia Public List <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] MT Uptime
Hi Mike,
On 10 Sep 2018, at 3:27 pm, Mike Everest <mike@duxtel.com> wrote:
Officially, our advice to all of our customers and partners is, and has always been, "never upgrade routerOS unless there is something in the new version that you need or want”
Unfortunately this isn’t great advice today, although I can understand the reasoning behind it.
That is still the case now - noting that 'fix severe security vulnerability' definitely comes in under the category of 'want or need' ;-)
Cheers!
My POV is security fixes are more need than want. In some situations you won’t want to upgrade immediately for any number of reasons. If this is the case you should perform a risk analysis and implement the necessary mitigation strategies to minimise your risk.
As soon as you can upgrade, you should upgrade in my opinion.
Some food for thought - From memory the average time most people take to discover they've been compromised is 18 months.
Jason
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au