Oh, hey, wpa_supplicant and hostapd just got a new release for the first time in a couple of years.
https://w1.fi/cgit/hostap/plain/wpa_supplicant/ChangeLog
https://w1.fi/cgit/hostap/plain/hostapd/ChangeLog
What's that I see, CVE-2017-13082 fixed? I thought FT was unfixable?
I thought you said it was already fixed?
I never said CVE-2017-13082 was "unfixable", I said (in summary) that it still poses a real security risk and most manufacturers are recommending against its use. You were the one claiming it had already been fixed and that it wasn't a security risk when this is simply not true in the vast majority of cases.
But this is good news, now that we've seen actual changes to the WPA supplicant (which I see was dated just a few days ago), this offers some reassurance to those customers who want to use 802.11r / Fast Roaming on their network, once manufacturers start adopting the changes. However don't expect this to be rolled out across the board, especially to older devices. One should always check whether their device is still vulnerable or not.
My professional advice is, if you aren't sure, leave Fast Roaming turned off. For most people, it really doesn't offer much of an advantage.