From changelogs
MAJOR CHANGES IN v6.45.1:
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control;
!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap, eap-mschapv2) as initiator;
!) security - fixed vulnerabilities CVE-2019-13954, CVE-2019-13955;
!) security - fixed vulnerabilities CVE-2019-11477, CVE-2019-11478, CVE-2019-11479;
!) security - fixed vulnerability CVE-2019-13074;
!) user - removed insecure password storage;
MAJOR CHANGES IN v6.45.7:
!) lora - added support for LoRaWAN low-power wide-area network technology for MIPSBE, MMIPS and ARM;
!) package - accept only packages with original filenames (CVE-2019-3976);
!) package - improved package signature verification (CVE-2019-3977);
!) security - fixed improper handling of DNS responses (CVE-2019-3978, CVE-2019-3979);
Very very personal gut feeling:
My next “proven” ROS after 6.44.5 is 6.45.6 (yes stable, not LT). Things got bad in 6.45.8, improved again in .9 and might be OK.
Next in my list is 6.47.10, but now I have seen things missing in the export file (like WLAN freq) for that release. Damn.
6.48.5 started as a real mess, don’t trust 6.48 yet enough for production deployment.
Running all latest @home.