In february 2024 i've installed openwrt for the first time on the Asus-TUF-AX4200, for seurity reasons should the firmware be updated? If so does this happen automatically or do i have to do it, or is there an option to enable automatic security updates?
Most definitely!
Updates do not occur automatically, but you typically follow the sysupgrade procedure for your device found on it’s Device Page. You can find this by navigating the Table of Hardware wiki.
Recent Security updates can always be found here
3 Likes
You are probably on 23.05.2
Check if there is a new service release at the address @RuralRoots pointed to (and there is 23.05.3) and update if there is new service release available
You can subscribe to the announce mailing list:
http://lists.openwrt.org/mailman/listinfo/openwrt-announce
5 Likes
Adding to @RuralRoots comments...
If you would prefer an email whenever a new release is made, you can subscribe to the openwrt-announce list at https://lists.openwrt.org/mailman/listinfo/openwrt-announce
There are a couple of utilities that make updating fairly painless (at least within a given release series, say, going from 23.05.2 to 23.05.3). The LuCI Attended Sysupgrade package provides a web-based tool that does upgrades and maintains your current collection of installed "extra" packages (a generic sysupgrade requires that you reinstall those packages after the upgrade). If you are a CLI user, then the auc package provides that same functionality from an ssh session. More details on the various upgrade methods may be found at
https://openwrt.org/docs/guide-user/installation/generic.sysupgrade
https://openwrt.org/docs/guide-user/installation/attended.sysupgrade
3 Likes
Thanks everyone for your help!
How does the updating work exactly, do i just download the update file and flash it from openwrt or is there more to be done?
When i open the link you shared: https://lists.openwrt.org/mailman/subscribe/openwrt-announce
This happens:
Please subscribe by email instead:
Due to abuse, the web-based subscription has been disabled. You can join by sending email to the list's -join address instead.
It looks like you were trying to subscribe to openwrt-announce@lists.openwrt.org.
In that case you should be able to subscribe by sending a PLAIN TEXT (not HTML) mail containing only the single word subscribe to openwrt-announce-join@lists.openwrt.org.
It must be plain text, and it must go to the -join address, not to the list itself.
So i sent an email to openwrt-announce-join@lists.openwrt.org but then this happened:
This is the mail system at Proton Mail.
Your email could not be delivered to one or more recipients.
See below for the delivery error and email.
The most common reasons for undelivered email are wrong recipient address or wrong configuration on the recipient mail server.
Essentially, yes. If you are using the GUI, you would go to System/Backup / Flash Firmware and select Flash Firmware’, then browse to your downloaded sysupgrade.bin`, select it and follow the prompts.
You should also Generate Archive prior to flashing new firmware to backup your current configuration settings.
I will have to let @efahl or @egc help you with the “notifications” as I build my own firmware and have not used them myself.
2 Likes
For generic sysupgrade, yes, you download the image to your local machine, then go to System -> Backup / Flash Firmware. The bottom button "Flash Image..." will let you browse to that image that you downloaded, and once you've selected on, you can then flash it to the router.
With LuCI Attended Sysupgrade, you just go to it's main control page (System -> Attended Sysupgrade), pick the version you want from the drop down and it does all the target and file system selection automatically, then builds, downloads and installs the image. (Much simpler as you don't have to know the device particulars it "just works.")
Not sure what's up with the list server. I subbed a couple years ago, so maybe the spam filters or something have changed? I used my proton email, so???
Oh, yeah! I completely forgot to reinforce the "ALWAYS do a backup first!" message...
Ah, so the list server isn’t working then. I posted an issue here back in mid January when I was trying to subscribe to the openwrt-dev mailing list that never got a response. I just figured it was something I was doing wrong.
Hmm, I got Hauke's announcement about 23.05.3 at the same time as he published it on the forums, so at least the relay/send bit is working (https://lists.openwrt.org/pipermail/openwrt-announce/2024-March/000051.html). I get a bunch of emails daily on the -devel list; on rare occasion I post there and it always gets through.
It sounds to me like there's some filter on the listserv that's overzealous and not letting subscription requests in.
Seems so. I had no problem subscribing to the “bugs” list though at the same date/time (nothing there since 2023). Maybe @psherman can shed some light on the issue.
Honestly, I have no idea -- this is not a system that I work with (for that matter, I'm not even subscribed to any of those lists... I probably should be, lol).
Maybe @thess knows and/or can direct the questions to the right person?
2 Likes
Got it, thank you very much.
Does that mean flashing a new firmware will overwride and configurations / settings that have been changed by the user? Like wifi passwords?
How do i backup the current settings?
Will the router restart after the sysupgrade? Will the internet temporarly go offline?
https://openwrt.org/docs/guide-user/troubleshooting/backup_restore
https://openwrt.org/docs/guide-user/installation/generic.sysupgrade
What happens when you restart your TV? Can you keep watching while it restarts?
The same applies when you restart a router 
3 Likes
When you update firmware from the sysupgrade.bin, you will have the option to retain your current settings and carry those over to the new firmware on flashing.
On the same GUI page System > Backup Flash/Firmware the first option presented will have a Generate Backup button. Selecting it will backup your current configuration settings. It is suggested to do this routinely prior to Flashing new Firmware just in case something goes wrong during the flashing.
2 Likes
Thank you.
Apologies to necro this again, just one question
since the mailing service doesnt seem to work, how often should i manually check for security releases, once a month ? is there an average schedule for security patches?
You can still point your browser here and follow any subsequent threads for updates:
(https://lists.openwrt.org/pipermail/openwrt-announce/2024-March/000052.html)
For general information how OpenWrt handles Security go here.
1 Like
I know this is a very late reply, just havent checked back since, thanks for the info!
Just checked the changelog and holy crap theres so many secuirty fixes?!
https://openwrt.org/releases/23.05/changelog-23.05.3
The list of CVE's goes on and on, how come so?
Edit: the sysupdate worked, thank you.