Two BIND 9 Security Vulnerabilities Announced Today
ISC is releasing updated versions of BIND 9 to address two newly-discovered security vulnerabilities We have released new versions of BIND: 9.Read post
1) New development releases
The biggest change will be the addition of development releases. Starting as soon as we release 9.12.0, we plan to create frequent releases of the Master branch, naming them 9.13.0, 9.13.1, etc. Thus, we will start issuing new versions as soon as we start development on the branch, and will not wait for a year or more of development to pass, as we have traditionally done. When we near the end of 2018 and the development of the BIND 9.13 version has had a handful of releases, we will renumber it and release it as BIND 9.14. This way, the new BIND version should be much more stable and well-tested than if there was a year’s worth of new changes since the prior release.
2) Annual Stable versions
We plan to bring out new branches approximately every 12 months. Releases that are not designated as ESV will be supported for 12 months and then replaced with a new branch. Historically, our .0 and .1 releases were not stable enough for large-scale production use. We believe that by issuing frequent development releases off of our master branch and then renumbering that at the end of a year’s development, we can achieve stability with the initial release on the subsequent branch. This change is in line with our recent efforts to shorten the gap between new branches, already begun with 9.12.
ESV and Subscription versions are not changing.
3) Extended Support Version - Supported for Four Years
The Extended Support Version (ESV) is intended for users who update infrequently, or who have a long pre-deployment integration or validation cycle. BIND 9.11 will be our next extended support version, followed by BIND 9.16. Every other Stable version after that will be designated for extended support.
We will continue to support ESV versions for 4 years from development but late in the cycle we may only update these branches if there are security vulnerabilities in them - which will minimize churn for those long-stable versions. The only real change in our ESV commitment is, we will indicate which releases will become ESV at the start of the branch, rather than waiting for several maintenance releases.
4) Subscription Edition
The Subscription Edition was created for our support customers who want to enjoy some of our newest BIND features, while running an older stable version. It is also known as our ‘Supported Preview’ edition because we selectively backport and integrate new features (including unreleased ones) into an old stable version. Because we are willing to incorporate experimental new features into the Subscription Edition, we also may later remove or change some of these features, based on subscriber feedback.
See this updated Knowledgebase article on selecting a BIND version.
We are confident that this updated plan will serve the wide range of BIND users well. If you have any feedback or concerns about this please don’t hesitate to email me at firstname.lastname@example.org.
Example Release Plan
The example below illustrates the contrast between the long-lived ESV releases and the 12-month stable and development releases. The 9.11 ESV will be even more long-lived than the planned 4 years from release, in order to help us transition to this new model.
What you can’t really see from this is, the new stable release will effectively just be a renumbering of the prior year’s development release. Once we make the transition, odd-numbered versions (9.13 and above) will be development versions, and even-numbered versions will be stable. We will also note which is which on our downloads page.
Sharp observers might see below that we were considering removing the “9” from the release numbers, a change we decided not to make at this time.
What's New from ISC