June 4, 2024

FreeBSD is an exceptional choice for organizations needing a modern, enterprise-class open source operating system. Its permissive licensing, superior security, exceptional performance, and rock-solid stability make it ideal for businesses and organizations of all sizes. 

The FreeBSD 14.x series demonstrates the Project’s unwavering commitment to continuous improvement, security, and modernization. FreeBSD has consistently enhanced system robustness, security, and hardware compatibility, keeping pace with and sometimes surpassing contemporary technological advancements in other operating systems. 

14.1-RELEASE reaffirms FreeBSD’s dedication to meeting the evolving needs of its users, solidifying its position as one of the top choices among open source operating systems. FreeBSD 14.1-RELEASE offers significant enhancements to infrastructure, hardware compatibility, and security, further demonstrating its value to the industry. 

This version builds upon the strong foundation established with 14.0 (released in November 2023) and aligns with the development timeline that includes the FreeBSD 13 branch, which was introduced in August 2022.

FreeBSD 14.x overview

The FreeBSD 14.x series enhances the system’s overall performance, security, and stability. The release includes substantial updates in various areas, such as networking, storage, virtualization, userland, and kernel improvements.

FreeBSD 14.1-RELEASE is the latest version in the 14-STABLE branch. It includes enhancements, security patches, and updated features to improve user experience and system stability. This section discusses the notable changes and improvements that FreeBSD 14.x offers.

In the sections below, if a feature/improvement was implemented in FreeBSD 13.x (such as the previous 13.3 release), it has been marked with (*)

Upgrading from previous releases

Users upgrading from earlier versions of FreeBSD will find the transition smooth, with comprehensive documentation available to navigate the upgrade process. Consulting the release errata for any late-breaking issues or updates is advised before proceeding with the installation.

General network improvements in FreeBSD 14.x

FreeBSD 14.0 introduced key networking enhancements to improve performance, security, and overall system capabilities. These updates reflect FreeBSD’s commitment to maintaining a state-of-the-art networking stack.

FreeBSD 14.1 continues to build upon its strong networking capabilities, providing several notable enhancements and new features to improve performance, security, and compatibility. These updates reflect FreeBSD’s commitment to maintaining a robust and modern networking stack.

  • Kernel TLS (KTLS) Enhancements: Added receive offload support for TLS 1.3, improving performance for encrypted network traffic. This enhancement builds on the existing support for TLS 1.0 through TLS 1.3, ensuring better security and performance for encrypted communications​​.
  • CUBIC as Default TCP Congestion Control: Adopted CUBIC as the default congestion control algorithm for TCP, offering improved performance for long-duration data transfers by allocating a higher fraction of the available bandwidth than NewReno​​.
  • ARP Support for 802-Standard Networks: Restored support for Address Resolution Protocol (ARP) on 802-standard networks, which had been accidentally removed with FDDI support.
  • Kernel WireGuard Driver: Reintegrated the kernel WireGuard driver, offering efficient and secure Virtual Private Network (VPN) connectivity using the WireGuard protocol.
  • Radix Tables for MAC Addresses: Implemented support for radix tables in ipfw(4) for MAC address filtering. This feature allows for more efficient handling and filtering of MAC addresses.
  • IPv6 Rapid Deployment (6rd): Added support for IPv6 Rapid Deployment (6rd) as per RFC 5969, which facilitates the deployment of IPv6 over IPv4 infrastructure.
  • Netlink Protocol: Expanded and improved the netlink(4) user/kernel communication protocol, primarily used for network configuration. The enhancements include better support and conversion of network configuration utilities to use netlink, enhancing the efficiency of network management).
  • pfsync Enhancements: Updated pfsync(4) to support IPv6 transport and extended its packet format to improve queuing, scrubbing, and route-to rules, enhancing the synchronization of state tables across firewalls.
  • Layer 3 Filtering on Bridges: Improved the behavior of Layer 3 filtering on if_bridge(4) by setting net.link.bridge.pfil_member and net.link.bridge.pfil_bridge to default to zero, addressing fail-safety concerns in network configurations.
  • CARP Unicast Address Support: Updated carp(4) to allow configuration of the address to which CARP messages are sent, supporting unicast addresses for certain virtual configurations.

Storage and virtualization improvements in FreeBSD 14.x


  • ZFS Enhancements: OpenZFS upgraded to version 2.2.4, includes performance improvements like adaptive ARC, zstd early abort, and I/O prefetch improvements. New zfskeys service for automatic decryption of ZFS datasets at boot.
  • Block Cloning: Optional support for shallow copies of blocks in file copies, enabled via sysctl.
  • Scrub Error Log: zpool scrub -e command to log scrub errors.
  • BLAKE3 Checksums: Introduction of BLAKE3 checksums, recommended for secure checksums.
  • Corrective zfs receive: Allows for healing corrupted data during receive operations.
  • Vdev and Zpool User Properties: Similar to dataset user properties for better customization.
  • Adaptive ARC: Fully adaptive ARC minimizes the need for manual tuning.
  • Zstd Early Abort: Efficiency improvements for handling uncompressible data.
  • I/O Prefetch: General improvements and optimizations for I/O prefetch.
  • 32-bit PowerPC Support: ZFS enabled on 32-bit powerpc/powerpcspe architectures.
  • UFS Updates: Soft updates enabled by default for new UFS file systems, allowing background dumps on live systems.
  • Background File System Checks: Using a snapshot for UFS with journaled soft updates.
  • Superblock Check Hashes: Added to detect corruption in superblocks, cylinder group maps, and inodes.
  • Libufs(3) Library Update: Inclusion of corruption checks in all filesystem utilities.
  • Tarfs Support: Added support for tarfs(5), a file system backed by POSIX tar archives, optionally compressed with zstd(1).
  • Msdosfs(5) Enhancements:
    • Records available directory entries in the root directory of FAT12 and FAT16 file systems.
    • Correctly calculates available and used blocks of FAT12 and FAT16 file systems.
  • Synthetic File Systems: Synthetic file systems like devfs(5) and procfs(5) now report 0 blocks used, avoiding 100% full reports.
  • NFS Enhancements: Support for Kerberized NFSv4.1/4.2 mounts and SP4_MACH_CRED.
  • Syskrb5 Mount Option: For Kerberized NFSv4.1/4.2 mounts using AUTH_SYS authentication without requiring Kerberos credentials at mount time.
  • Updated NFS (*): The NFS client and server have been updated to support NFSv4.2, including extended attributes.
  • Secure NFS (*): Support for configuring NFS over TLS, emphasizing secure storage solutions.


  • Enhanced Guest Support in bhyve (*): The bhyve hypervisor and kernel module vmm(4) now support more than 16 vCPUs in a guest, allowing guests to utilize host CPU resources more effectively​​.
  • Bhyve TPM Passthrough: Added support for TPM passthrough in bhyve.
  • Bhyve GPU Passthrough: Improved GPU passthrough support for AMD and Intel GPUs.
  • Virtio-Input Device Emulation: Bhyve now supports injecting keyboard/mouse input events into a guest.
  • Firecracker VMM: FreeBSD can now run inside the Firecracker VMM via the amd64 FIRECRACKER kernel configuration.
  • Cloud Support:
  • Experimental ZFS-root EC2 AMIs on AWS with cloud-init support.
  • Arm64 images for Azure with Gen2 VM support.

By integrating these storage and virtualization improvements, FreeBSD 14.1 ensures a robust, secure, and high-performance environment suitable for various applications and deployment scenarios.

Userland and kernel enhancements in FreeBSD 14.x

The FreeBSD 14.x series has undergone significant improvements in both the user environment and the kernel, making it more robust, secure, and adaptable. These enhancements improve the system’s functionality and ensure it remains up-to-date with the latest technological standards and user expectations.

Shell and MTA defaults

  • Default Shell: The root user’s default shell is now sh(1), which includes many new features for interactive use. This change simplifies the environment and improves security by using a shell with fewer historical vulnerabilities than other shells like csh or bash.
  • Default MTA: The default Mail Transport Agent (MTA) is now the Dragonfly Mail Agent (dma(8)), replacing sendmail(8). This change simplifies mail configuration and management. Configuration is handled through mailer.conf(5), and sendmail(8) is still available for those who need it. Additionally, the mta_start_script configuration variable has been retired from rc.conf(5) along with the othermta startup script​​.

Userland enhancements

  • Base64 utility: A new utility, base64(1), has been introduced. This utility allows users to encode and decode data in base64 format, which is commonly used for encoding binary data in text files such as email attachments and XML data
  • Capsicum sandbox support for existing utilities like sockstat(1).
  • New kdc_restart Variable: Manages kdc(8) under daemon(8), auto restarting kdc on abnormal termination.
  • Adduser Utility Enhancements: The adduser(8) utility now automatically creates a ZFS dataset for new user home directories if the parent directory resides on a ZFS dataset. This feature supports ZFS encryption, providing enhanced security for user data.
  • Locale and Keyboard Updates: Locale handling upgraded to CLDR 41.0 and Unicode 14.0; Support for the new French bépo keyboard layout (version 1.1rc2) has been added. This layout is normalized by the French national organization for standardization as “NF Z71‐300″​​.
  • Process Management (*): Enhancements to utilities like login introduce the capability to set process priorities directly from ~/.login_conf, offering refined control over process management.
  • Data Archiving and Extraction (*): Upgrading libarchive to version 3.6.2 for enhanced data archiving and extraction.

New utilities and enhancements

  • Package Upgrades: Major upgrades to software such as tcpdump, libpcap, OpenSSL to version 3.0.12, One True Awk to 2nd Edition, and Clang/LLVM to version 18.1.5.
  • Systat Utility Update: The systat(1) utility has a new command, iolat, which reports I/O latencies computed by the CAM I/O scheduler. This is useful for diagnosing performance issues related to disk I/O.
  • Tcpsso Utility: A new utility, tcpsso(8), has been added. It allows users to apply a socket option to an existing TCP endpoint, changing the congestion control module or the TCP stack on the fly.
  • Periodic Facility: By default, the changes shown in email by the periodic(8) facility from the daily scripts now show less context to reduce the output size. This behavior can be controlled by the daily_diff_flags variable in periodic.conf(5). Similarly, the changes shown by the security scripts are controlled by the security_status_diff_flags variable​​.
  • Date Utility Update: The date(1) program now supports nanoseconds, allowing for more precise timestamping. For example, date -Ins prints “2024-04-22T12:20:28,763742224+02:00” and date +%N prints “415050400”.
  • Locale Handling: Locale handling has been upgraded to CLDR 41.0 and Unicode 14.0. This ensures better support for internationalization and localization, including new characters and improved collation rules​​.
  • Unprivileged Chroot: The chroot(8) facility now supports unprivileged operation, with a new -n option to enable its use. This enhancement increases the flexibility and security of using chroot environments​​.
  • Md5sum Utility: New md5sum(1) and similar message-digest programs have been added, which are compatible with the Linux versions. This provides easier cross-platform script compatibility​​.
  • Improved Documentation: Enhancements in kernel documentation, making it easier for users and developers to understand and utilize new features.
  • Cloud Support: 14.1-RELEASE supports cloudinit, compatible with OpenStack and many hosting facilities.

Kernel enhancements

  • Enhanced Cryptographic Framework: FreeBSD 14.x has expanded its cryptographic framework to support modern ciphers and encryption methods, including support for XChaCha20-Poly1035 AEAD cipher and an API for curve25519, providing robust options for secure communications and data protection.
  • Hardware Support: New drivers for the Intel I225 Ethernet controller and Microchip LAN7430/7431 Ethernet controllers, and improvements in the iwlwifi driver for Intel Wi-Fi devices.
  • AddressSanitizer: Usable in amd64 kernels.
  • Security Improvements (*): Introducing Address Space Layout Randomization (ASLR) for 64-bit executables.
  • Debugging Enhancements (*): A new SPLIT_KERNEL_DEBUG configuration option enables separate kernel and module debug data handling.

Hardware support improvements in FreeBSD 14.x

FreeBSD 14.x introduced several significant enhancements to hardware support, ensuring improved compatibility and performance across various modern systems. Key updates include:

  • Intel Wi-Fi (iwlwifi(4)): Numerous stability improvements have been made in the iwlwifi(4) driver for Intel Wi-Fi devices, supporting newer chipsets.
  • Intel E800 Series (ice(4)): A driver is available for the Intel E800 series’ ice(4) Ethernet network controllers, which support 100 Gb/s operation. This driver has been upgraded to version 1.39.13-k​​.
  • Multiple PCI MCFG Regions: Added support for multiple PCI MCFG regions on amd64 and i386 architectures, allowing PCI configuration space access for domains (segments) other than 0​​.
  • Raspberry Pi (smsc(4)): The smsc(4) Ethernet driver can now fetch the value of smsc95xx.macaddr passed by some Raspberry Pi models and use it for the MAC address, ensuring a stable MAC address even if there is no address in EEPROM​​.
  • Sound System (snd_clone): The snd_clone framework, including related sysctls, was removed from the sound subsystem, simplifying the system. The per-channel nodes (/dev/dspX.Y) are no longer created; only the primary device (/dev/dspX)​​ is.
  • Asynchronous Audio Device Detach: Audio now supports asynchronous device detach, greatly simplifying the hot-plugging and unplugging of USB headsets and easing the use of PulseAudio in cases requiring system sleep and wake (suspend and resume)​​.
  • NVMe Disks (nda(4)): NVMe disks are now nda devices by default. Symbolic links for the previous nvd(4) device names are created in /dev, and configurations like fstab(5) should be updated to refer to the new device names​​.
  • Intel QAT Driver (qat(4)): The previous qat(4) driver has been replaced with Intel’s QAT driver, providing additional interfaces to the chipset’s cryptographic and compression offload functionality. The new driver does not support Atom C2000 chipsets; the old driver has been renamed to qat_c2xxx​​.
  • DPAA2 (NXP SoCs): Improvements in DPAA2 (second-generation Data Path Acceleration Architecture), including better isolation of DMA resources and cleanup operations, FDT/ACPI MDIO support, netboot over DPAA2, and separate command portals (DPMCP) support​​.
  • Realtek Wireless (rtw88(4)): The rtw88(4) driver for Realtek wireless PCI interfaces has been updated​​.
  • KVM Paravirtualized Clock (kvm_clock): A new driver has been added for the KVM paravirtualized clock​​.
  • ARM Corelink DMC-620 and CMN-600: hwpmc (4) and libpmc now support the Arm Corelink DMC-620 Memory Controller and CMN-600 Coherent Mesh Network Controller​​.
  • Frame Buffer Addressing: A fix for frame buffer addressing has been implemented, affecting frame buffers mapped above 4 GB physical on i386 and Book-E powerpc​​.

Deprecated features and removed support in 14.x

Throughout the FreeBSD 14.x series, several features and supports were deprecated or removed entirely, indicating the project’s forward-looking approach and dedication to embracing modern technologies and standards.

  • Deprecated Drivers: Removed obsolete drivers such as amr(4), iir(4), twa(4), mn(4), mly(4), and nlmrsa(4). Drivers for ISA sound cards have been removed.
  • MIPS Architecture: Support for the MIPS architecture and related hardware has been removed.
  • Other Removals: Deprecated utilities like mergemaster(8) and the Telnet daemon have been removed.

On future releases and development strategy

As FreeBSD continues to evolve, the Project’s development strategy and roadmap for future releases reflect a commitment to embracing modern computing architectures while ensuring broad compatibility and support. FreeBSD 15.0 will mark a pivotal point in this journey, with several key decisions shaping the direction of the operating system:

  • Phasing Out 32-bit Platform Support: FreeBSD 15.0 is not expected to include support for 32-bit platforms other than armv7, signaling a strategic shift towards focusing on 64-bit computing. The armv6, i386, and powerpc platforms are deprecated and slated for removal, though 64-bit systems will retain the capability to run older 32-bit binaries.
  • Tier 2 Architecture and armv7: The armv7 architecture is anticipated to be supported as a Tier 2 architecture in FreeBSD 15.0 and the stable/15 branch. However, there is an expectation that armv7 support may be discontinued in FreeBSD 16.0, with updates on the status of armv7 support to be provided around the time of the 15.0 release.
  • Continued Support for 32-bit Binaries and Applications: Despite the shift towards 64-bit platforms, FreeBSD will continue to support the execution of 32-bit binaries on 64-bit platforms through the COMPAT_FREEBSD32 option for at least the stable/15 and stable/16 branches. Moreover, the compilation of individual 32-bit applications will be supported in the stable/15 branch, ensuring compatibility with a broad range of software.
  • Ports and Package Infrastructure: Future releases, starting from FreeBSD 15.0, will not include support for building packages from ports for deprecated 32-bit platforms. This decision reflects the broader industry trend of moving away from 32-bit architectures and focuses development efforts on more widely used 64-bit platforms.
  • End of Life (EOL) for 32-bit Support: The stable/14 branch will retain support for 32-bit kernel and world, along with the ports system’s support for 32-bit systems, until it reaches end of life (EOL) five years after the release of FreeBSD 14.0. This timeline provides a transition period for users and developers relying on 32-bit platforms to migrate to supported architectures.
  • Community Feedback and Future Decisions: The FreeBSD Project acknowledges the importance of community feedback and committed efforts in shaping the support strategy for deprecated platforms. The community’s needs and contributions will inform decisions regarding extending support for certain platforms in FreeBSD 15.0 or later.


For those interested in exploring FreeBSD’s detailed evolution through the 14.x series, the official FreeBSD documentation, and release notes offer comprehensive insights into each version’s advancements and improvements.