Hi Michelangelo,
no manual install. I used the download to write a fresh 2.285 to each of the 2 SD cards 2 weeks ago. Nothing modified but enabling ssh via volumio/DEV and connecting my NAS via cifs.
Once I read about KRACK and learned the Volumio team published ver 2.296 solving the issue I just went to the web interface of my 1st RPI and did the upgrade.
Yesterday I did it the same way (with same result) on my 2nd system.
Both are connected via WLAN only, not via cable.
Hope this helps?
Tom
Did you notice the wpasupplicant version before updating to dev v2.298?
(I assume 2.3-1+deb8u5 was there before you did the dev upgrade via OTA?)
Nonetheless, when i read in the volumio changelog that v2.296 contains a Patch against KRACK vulnerability (https://volumio.org/forum/changelog-t1575.html), I understood OTA update to v2.296 will do the job, no need to reflash the SD Card with v2.296.
additionally I understood the only way to patch this is to update the wpasupplicant package to 2.3-1+deb8u5.
My findings on 2 different RPI systems as well as your quote points to:
A reflash is needed to get rid of the KRACK issue, to get the updated wpasupplicant package?!
(But I am absolutely unsure and still wondering that no one else in this forum confirms or negates this whith own checks)