NOTE: Feel Free To Skip Ahead

OpenBSD Release Model Explained

OpenBSD uses a strict, time-based release model focused on predictability and continuous development. OpenBSD releases new versions on a fixed six-month cycle.

Flavors

OpenBSD maintains three distinct “flavors” of the operating system simultaneously:

-release: The official, static version of the OS released every six months (e.g., 7.5, 7.6). It is intended for users who prioritize stability and do not need the absolute latest features.

-stable: This is the -release version plus critical security and reliability patches. It does not receive new features, making it the recommended choice for production servers.

-current: The “bleeding edge” development branch where all new code and features are integrated. Developers and power users often run daily “snapshots” of this branch to test new changes before they are finalized for the next release.

Key Characteristics

Predictable 6 Month Cycle: Releases occur every six months regardless of whether a specific feature is “finished”. If a feature isn’t ready, it is deferred to the next cycle rather than rushing the release.

One-Year Support Window: Only the two most recent releases are supported with security and reliability patches. Once a third release comes out, the oldest supported one reaches End-of-Life (EOL).

Atomic “Full System” Updates: OpenBSD is developed as a single, cohesive unit (kernel + userland). When you upgrade, you typically upgrade the entire base system at once using tools like the sysupgrade(8) utility.

No Long-Term Support (LTS): There is no special “long-term” version. Users are expected to upgrade at least once a year to remain on a supported version.

Binary Patching: Security fixes for the -stable branch are provided as binary patches via the syspatch(8) tool, making it easy to keep systems secure without recompiling the entire source tree.

Versioning: The version numbers increment simply by 0.1 every six months (e.g., 7.4 -> 7.5 -> 7.6). There are no “minor” point releases (like 7.6.1); instead, security fixes are applied directly to the -stable branch of the existing version.

Updating

NOTE: This is for binary updates and not relevant for -current

Update System - Start by updating the system using “syspatch”:

NOTE: You will be prompted if the patch requires a reboot.

# /usr/sbin/syspatch

Update Packages - Update installed packages ( if any ) using “pkg_add”:

NOTE: -u = update installed packages, -v = verbose output, -i = interactive

# /usr/sbin/pkg_add -uvi

Update Firmware - Update any required firmware.

# /usr/sbin/fw_update

Now your system is up to date.

Upgrading

Upgrade System - Once a new release comes out ( i.e. 7.8 -> 7.9 ):

NOTE: You will need a console for this one as you will reboot and upgrade via console. Keep this in mind for remote installations.

# /usr/sbin/sysupgrade

Once this completes you should go through each step previously used to update the system:

Update System - Start by updating the system using “syspatch”:

NOTE: You will be prompted if the patch requires a reboot.

# /usr/sbin/syspatch

Update Packages - Update installed packages ( if any ) using “pkg_add”:

NOTE: -u = update installed packages, -v = verbose output, -i = interactive

# /usr/sbin/pkg_add -uvi

Update Firmware - Update any required firmware.

# /usr/sbin/fw_update