[morley]

Is OpenWRT safe to use? The latest release, at least according to https://openwrt.org, was in April 2013. I'm not intimately familiar with what software packages it uses, but it seems like it could, at the very least, be vulnerable to Heartbleed.

[hoggle]

OpenWRT has a pretty decent developer base and in general has always been very stable for me (I've been using many WRT54GLs and Foneras over the years). That said it seems off that they wouldn't have fixed heartbleed by now, it would be significant for the web administration interface - especially for people who make it accessible externally via the Internet.

If anybody wishes to contribute to OpenWRT, this talk from 30c3 should give you a good overview on the "current" state of the project (hint: apart from system programmers, web developers are also very much welcome/needed):

https://www.youtube.com/watch?v=Y-OlUxeS57E

[magila]

OpenWRT's OpenSSL package has been updated to 1.0.1g, so it's not vulnerable to Heartbleed. The default install doesn't use OpenSSL so there is no need to update the install images.

[zdw]

Additionally, many packages can use alternate, embedded focused SSL libraries (PolarSSL, etc.) that will also ship with OpenWRT.

[josteink]

Their latest stable/official releases are indeed lagging. One of the things openwrt does (for good and bad) is to spend a lot of time testing and stabilizing before a release.

Many people therefore prefer to run the nightly builds to get a (much) more up to date build. It may sound scary, but it's not really.

Anyway: openwrt is definitely not dead, definitely safe and I consider it about the only routing firmware I fully trust.