1.1.1 downloads spike
Dmitry Misharov
Fri 30 Jan 2026 10:40AM
Public
Seen by 67
I find it interesting that recent security releases caused download spike of end of life 1.1.1. Do people try to apply security patches by themself?
Peter Gutmann Fri 30 Jan 2026 11:07AM
The following is purely speculation but it would tie in with a discussion I recently had with some networking guys about Internet security appliances running ancient out-of-support versions of FreeRADIUS with OpenSSL (because it wouldn't be a proper Internet security appliance if it wasn't riddled with years-old unpatched vulnerabilities). What vendors were doing was customising, pronounced "hacking up", the code to do whatever vendor-specific things they needed and then not being enthusiastic over having to re-hack-up the latest release to match. There could be something similar happening here.
John Haxby · Fri 30 Jan 2026 10:50AM
I think they probably do. Distros related to OpenELA (Oracle, Rocky, Alma, etc) and RHEL8 would account for a handful of downloads, but otherwise I suspect that either people don't want to wait for an "official" patch for their distro or are doing their own maintenance. (And for the latter, well, I worry.)