# 2.4.0 - Sudo, FreeBSD vuln.xml improvements

*Released March 10, 2026*

A minor update that resolves two annoyances:

1. The FreeBSD provider's `reposync` operation now fetches the latest `vuln.xml` as part of its run, preventing failures on fresh installs where the vulnerability database has not been downloaded yet, and ensuring it is up to date alongside the repositories.
2. Sudo authentication failures now surface a much clearer error message, instead of confusing, out of context Fabric/invoke messages. The error message will now point users towards the documentation chapter about configuring sudoers.

It gets a minor version bump due to user-facing configuration changes, detailed in the next section.

## User Actions Required

The minor change to the FreeBSD provider implies a change to sudoers configuration. The `reposync` operation, which runs through sudo, now also runs `/usr/sbin/pkg audit -qF` as part of the process.

If you have FreeBSD hosts with a sudo policy of NOPASSWD within exosphere, **you will need to update or regenerate your sudoers configuration**.

This can be done very simply via `exosphere sudo generate`. Failure to do so will result in an error message that will point you to the {ref}`documentation on how to configure this <generating-a-sudoers-configuration>`.

If you use SKIP (the default) as a sudo policy, or do not have FreeBSD hosts in your inventory, no action is required.

## What's Changed

* FreeBSD Provider: Ensure sync refreshes vuln.xml
* Add sudo failure error handling to requires_sudo
