Outdated NGINX SERVER

R

Robust

Cadet
Joined
Jul 1, 2022
Messages
3
Hi,

After I do the Pentest, has found Outdated NGINX SERVER on FreeNAS.
I used FreeNAS-9.10.2
Why it happens and any solutions/steps that I need to do for solve this issue?

Thanks
 
sretalla

sretalla

Powered by Neutrality
Moderator
Joined
Jan 1, 2016
Messages
9,700
Robust said:
Why it happens and any solutions/steps that I need to do for solve this issue?
Click to expand...
You're using a version that's many years old and has not received new updates in years either... no surprises that some of the component products are old and unsupported/vulnerable.

In any case you shouldn't be exposing a FreeNAS server to any unprotected network.

If you want to improve your "up to date-ness" you'll need to upgrade to a supported version of FreeNAS (which is now TrueNAS CORE).

Even after that, a Pentest isn't going to tell you anything interesting since you still shouldn't expose a TrueNAS server to an unprotected network.
 
danb35

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,504
Robust said:
FreeNAS-9.10.2
Click to expand...
This release is six years old, and the product has seen three major releases (and countless minor releases) since then--of course nginx is outdated; everything else likely is too.
Robust said:
any solutions/steps that I need to do for solve this issue?
Click to expand...
"Upgrade to a newer version of Free/TrueNAS" seems like obvious enough advice that you wouldn't even need to ask about it, but apparently it wasn't. Is there a reason that solution didn't immediately suggest itself to you?
 
Ericloewe

Ericloewe

Server Wrangler
Moderator
Joined
Feb 15, 2014
Messages
20,194
I just want to point out that posting the same thing after the weekend is not likely to change the answers you get. It is, however, likely to make moderators grumpy. Your installed version of FreeNAS is not getting any younger, so please update it instead of posting duplicate threads.
 
winnielinnie

winnielinnie

MVP
Joined
Oct 22, 2019
Messages
3,641
I found some outdated software and vulnerabilities when I ran a pentest on Ubuntu 12.04. I'm drafting a detailed report to send to Canonical Ltd. by tomorrow or Wednesday.
 
danb35

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,504
There may be language issues here. @Robust, no, this has nothing to do with any firmware. If you don't want to be running an ancient version of your file server appliance (with its included ancient version of a web server), upgrade to a less-ancient (or preferably a current) version of the file server appliance.

As I posted nearly a week ago, this should have been blindingly obvious. Why wasn't it?
 
You must log in or register to reply here.

Important Announcement for the TrueNAS Community.

The TrueNAS Community has now been moved. This forum will now become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums.

Related topics on forums.truenas.com for thread: "Outdated NGINX SERVER"

Similar threads

R
  • Locked
Outdated NGINX SERVER
Replies
1
Views
744
sretalla
sretalla
I
  • Locked
FreeNAS dokuwiki, nginx
Replies
1
Views
5K
ilium007
I
DrKK
  • Locked
On disk compression in jails...
Replies
8
Views
3K
cyberjock
C
pixel8383
nginx error 99
Replies
0
Views
2K
pixel8383
pixel8383
Dice
Flag/prefix for outdated resources
Replies
3
Views
2K
Ericloewe
Ericloewe
Top