CVE 25th Anniversary
On the long-term scale of human history, 25 years is nothing.
Read postISC plans to end maintenance of the ISC DHCP client and relay by the end of Q1, 2022. We will continue maintaining the DHCP server, and any code that is common between the server, client, and relay, for at least a couple more years. Our January 2020 and 2022 releases of ISC DHCP incorporated a number of submitted patches, mostly for the client, but otherwise we have done little recent maintenance on the client or relay. To be honest, those components have simply not been a focus of ours for several years. As a small non-profit organization, we have to allocate our limited resources carefully and we think the ISC DHCP server and Kea distribution have more future value for users.
The ISC DHCP code is extremely mature, and is not designed for unit-test ability. The test coverage is just not good enough to inspire confidence that any change, even a seemingly minor one, would not cause some unidentified breakage.
ISC has no support customers for the ISC DHCP client or relay, and we haven’t for at least a decade, so there is no funding stream to support continuing effort on them. We are not even sure whether anyone is even updating their client or relay code from our distribution anymore. We think it is likely that some operating systems are maintaining DHC client or relay implementations or forks that are “better maintained” and more modern than our current client or relay code. For numerous reasons - most notably, for software security - it is important to use software that is actively maintained.
We know that ISC DHCP has a large user base, but nearly all those users get the software via a package or distribution and we have no way to communicate with them directly.
ISC DHCP has been, and remains, open source. Anyone can fork it and develop or maintain it. Users still have all the open source freedoms with ISC DHCP that they have always had. We are just announcing that ISC will no longer maintain this code. The client and relay code is findable in the ISC DHCP open repository. Older releases of ISC DHCP (going all the way back to 1998) are archived on ISC’s FTP server.
If you are using an operating system that relies on the ISC DHCP client, there is no reason to worry that it will stop working. Your OS maintainer’s team is already providing the client script for DHCP, and they are probably testing it with each release. If you do encounter an issue with the DHCP client, you should report it to your OS provider. Several of them do already accept and address issues with the DHCP client.
There are forks of the ISC client and relay included in operating system packages, and there are also alternative client and relay implementations available. For example:
We welcome your comments, questions, and suggestions. If you are aware of a well-maintained implementation of either a DHC client or relay, and would like to suggest users switch to that alternative, please feel free to email us at marketing@isc.org with that information and we will update this blog post.
We have maintained ISC DHCP for over 20 years, and it is time to archive the ISC DHC client and relay. We would like to thank all the contributors who have sent us patches (mostly upstreaming client patches from operating system distributions) over the years.
What's New from ISC