Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Redazione RHC : 6 December 2025 09:11
Behind many of the digital applications and services we take for granted every day lies a silent giant: FreeBSD . Known primarily to insiders, this Unix-like operating system has become the beating heart of some of the most sophisticated networking infrastructures in the world.
Its stability, exceptional performance, and flexibility in network optimization make it the preferred choice for mission-critical and high-traffic environments. Yet, few know that FreeBSD is behind the smooth operation of platforms like WhatsApp , some components of Netflix , Sony PlayStation consoles, and even Juniper Networks firewalls and routers.
Thanks to its ability to handle large volumes of simultaneous connections , route complex traffic and guarantee low latency , FreeBSD confirms itself as the “invisible engine” of modern digital communications : reliable, powerful and surprisingly unobtrusive.
Nearly two years after the release of version 14.0, the FreeBSD project has released a new major release, FreeBSD 15.0 . Installation images are now available for download for the amd64, aarch64, armv7, powerpc64, powerpc64le, and riscv64 architectures.
Images have also been prepared for virtualization systems in QCOW2, VHD, VMDK, and raw formats, as well as for cloud options, including Amazon EC2, Google Compute Engine, and Vagrant environments.
At the same time, developers have updated their lifecycle policy. Starting with branch 15, the support period for significant branches after the first release (15.0) has been reduced from five to four years, with new major branches appearing every two years.
The intermediate versions (15.1, 15.2, 15.3) are planned to be released approximately every six months , and given the simultaneous support of two branches, a new version will be released approximately every three months: 15.4, 16.1, 15.5, 16.2, and so on, with a six-month break before the next major release, such as 16.0. The official release notes, in addition to the new features of version 15.0, also summarize the changes previously introduced in the 14.1, 14.2, and 14.3 branches.
One of the major changes introduced in version 15.0 concerns the base system maintenance model. Base components can now be installed and updated using the pkg package manager: so-called pkgbase packages can be included on the installation media for offline installation or downloaded from the pkg.freebsd.org repository.
In the pkg configuration (/etc/pkg/FreeBSD.conf), the FreeBSD-base repository is disabled by default, but the new method is already used by default in virtual machine and cloud images and is currently considered experimental for standard installations . The bsdinstall installer offers two installation modes: the traditional one with a monolithic base system and updates via freebsd-update, and a new option with separate packages.
An important step has also been taken towards build chain security. FreeBSD 15.0 can be compiled in unprivileged environments, without root privileges, and both installation ISOs and virtual machine images can be created without privileges. Reproducible builds have also been implemented: the resulting binaries are deterministic and can be verified against the source code, reducing the risk of unseen modifications.
The release also changes the architecture. The project has discontinued installation images and binary repositories for i386, ARMv6, and 32-bit PowerPC, leaving ARMv7 as the only supported 32-bit platform. However, the ability to compile 32-bit applications locally and use COMPAT_FREEBSD32 mode on a 64-bit kernel will remain at least until the end of the FreeBSD 16 branch’s lifecycle.
System calls implementing the Linux-compatible inotify mechanism for monitoring file system changes have been added to the kernel, simplifying porting of programs that rely on this notification model. Solaris-style named file attributes have been implemented, providing an alternative extended attribute mechanism for ZFS and NFSv4: attributes are stored in a service directory, invisible to the normal namespace, and are treated like regular files; a list of them can be retrieved, for example, with readdir().
The security subsystem has received a new permission management tool. The mac_do module, which allows you to define policies that allow unprivileged users to change process credentials, has been declared ready for use. The mdo utility, functionally similar to su, is now available for running commands as a different user without the suid root.
Finally, FreeBSD 15.0 includes a major update to the userspace and development tools. This includes LLVM 19.1.7, OpenSSH 10.0p2, OpenSSL 3.5.4, OpenZFS 2.4.0rc4, Lua 5.4.8, jemalloc 5.3.0, Awk 20250804 with UTF-8 support, bc 7.1.0, unicode 16.0.0, ncurses 6.5, libarchive 3.8.2, tcpdump 4.99.5, unbound 1.24.1, less 679, file 5.46, GoogleTest 1.15.2, and other updated components, making the 15 branch more modern for both server and desktop scenarios.
Redazione