12.0-U8

TrueNAS Quality Lifecycle

Release StageCompleted QA CyclesTypical UseDescription
NIGHTLY0DevelopersIncomplete
ALPHA1TestersNot much field testing
BETA2EnthusiastsMajor Feature Complete, but expect some bugs
RC4Home UsersSuitable for non-critical deployments
RELEASE6General UseSuitable for less complex deployments
U17Business UseSuitable for more complex deployments
U2+8Larger SystemsSuitable for higher uptime deployments

February 2, 2022

TrueNAS 12.0-U8 has been released, and includes a number of fixes, improvements, and features. These include:

  • OpenZFS 2.0.7
  • New “Console Port” and “TLS Server URI” input fileds in S3 service configuration form.
  • Direct link to TrueNAS Upgrades article from Update screen.

For those with FreeNAS installed on your system, we recommend updating or upgrading to FreeNAS 11.3-U5 first and then upgrading to TrueNAS 12.0-U8 with a single click to retain roll-back options. While it is an easy web update, we do recommend waiting to update your system’s zpool feature flags until you are finished validating your performance and functionality.

For those with TrueNAS HA systems and support contracts, we recommend contacting iXsystems Support to schedule an upgrade. We will verify your system health, configuration, and support the upgrade process as part of the “white glove” service that comes with any support contract.

Contacting iXsystems Support

Customers who purchase iXsystems hardware or that want additional support must have a support contract to use iXsystems Support Services. The TrueNAS Community forums provides free support for users without an iXsystems Support contract.

iXsystems Customer Support
Support Portalhttps://support.ixsystems.com
Emailsupport@ixsystems.com
Telephone and Other Resourceshttps://www.ixsystems.com/support/

Please check out the updated TrueNAS documentation even if you don’t upgrade today. We’re extremely grateful for all the contributions received thus far and encourage more user suggestions going forward.

Samba CVE Notice

“All versions of Samba prior to 4.13.17 are vulnerable to an out-of-bounds heap read write vulnerability that allows remote attackers to execute arbitrary code as root on affected Samba installations that use the VFS module vfs_fruit.

The specific flaw exists within the parsing of EA metadata when opening files in smbd. Access as a user that has write access to a file’s extended attributes is required to exploit this vulnerability. Note that this could be a guest or unauthenticated user if such users are allowed write access to file extended attributes.

The problem in vfs_fruit exists in the default configuration of the fruit VFS module using fruit:metadata=netatalk or fruit:resource=file. If both options are set to different settings than the default values, the system is not affected by the security issue.”

Source: CVE-2022-44142

The CVE does not affect TrueNAS in its default configuration. However, it does impact configurations where users have opted to share same paths via AFP and SMB simultaneously. We recommend users upgrade to 12.0-U8 as soon as possible to eliminate this security risk.

FreeBSD Security Patches

TrueNAS 12.0-U8 Changelog

Improvement

  • [NAS-113985] - Merge OpenZFS 2.0.7
  • [NAS-114028] - Add an input field for tls_server_uri into in S3 configuration form
  • [NAS-114137] - Add an input field console_bindport into in S3 configuration form
  • [NAS-114297] - Add link to docs from Update page

New Feature

  • [NAS-114103] - Include igc(4) driver for I225 Intel NICs

Bug

  • [NAS-106633] - Cron tasks are run on wrong time zone after initial setup
  • [NAS-112371] - Misleading and ambiguous description for creating a new pool with encryption
  • [NAS-113240] - smbd crashes while freeing tree connection if user can't chdir() into connectpath
  • [NAS-113323] - System locks up with all CPUs performing arc_prune
  • [NAS-113356] - intermittent smbd crash during session logoff
  • [NAS-113368] - Jail stopped working after upgrade to 12.0-U6.1 with utf-8 decoding error
  • [NAS-113393] - crash during snapshot enumeration in zfs_fsrvp - regression in port to samba 4.13
  • [NAS-113409] - iSCSi Initiators not showing any connected after 12.ou5 update
  • [NAS-113513] - Files Copied to SMB Shares Have File Modified Time Adjusted
  • [NAS-113621] - smbd assertion - failure to chdir() to share connectpath when session has multiple tcons with different credentials
  • [NAS-113631] - Fix bug in initializing hwm in winbindd_idmap.tdb
  • [NAS-113727] - Web gui unresponsive after a few days
  • [NAS-113741] - 4 port FC NICs Duplicate WWPN from isp0 and isp1 to isp2 and isp3
  • [NAS-113744] - regression in hook_setup_ha on CORE
  • [NAS-113751] - httpd.core after upgrade to 12.U7
  • [NAS-113813] - Update plugin artifact before executing pre update script
  • [NAS-113814] - Graphs are empty
  • [NAS-113823] - Asigra jail upgrade failed, and couldn't rollback
  • [NAS-113863] - Samba Kerberos authentication fails in MIT realms since 12.0-U6.1
  • [NAS-113925] - Provide correct file generation number
  • [NAS-114020] - Despite NAS-110600 being marked as resolved, the same bug continues to prevent me from disconnecting two outdated pools.
  • [NAS-114034] - Installing Nextcloud as a plugin leads to php error
  • [NAS-114047] - core file found
  • [NAS-114052] - Checkboxes on Alert Services Page have strange behavior
  • [NAS-114116] - Make minio console port configurable
  • [NAS-114125] - Memory leak in snmp-agent.py
  • [NAS-114164] - Disable SMB1 Unix Extensions by default
  • [NAS-114177] - fix disk.sync with multipath disks
  • [NAS-114178] - enclosure plugin doesn't account for multipath
  • [NAS-114239] - Add alert for CVE-2021-20316-related misconfiguration
  • [NAS-114277] - sesutil fails to control LEDs on ES102
  • [NAS-114278] - Merge FreeBSD SA-22:01 EN-22:02-04
  • [NAS-114320] - Fix handling of errors from dmu_write_uio_dbuf() on FreeBSD
  • [NAS-114468] - CVE-2022-44142 (SMB) - update samba to 4.13.17 (12.0) and 4.15.5 (13.0 and SCALE)
  • [NAS-114491] - net/samba - update to version 4.13.16

Known Issues

KeySummaryWorkaround
NAS-113284Samba CVE-2021-20316: Symlink race error can allow metadata read and modify outside of the exported share.Do not enable SMB1 (this is disabled by default in TrueNAS 11.2 and later). If SMB1 must be enabled for backwards compatibility then add the auxiliary parameter: unix extensions = no to the Services > SMB configuration form and restart the service.
For versions prior to TrueNAS 13.0, we recommend only exporting areas of the file system by either SMB2 or NFS, not both.
Minio Project: Certificate errors in distributed mode with docker composeWild card certificates do not work with MinioReset the Minio domain configuration to localhost when the Minio SAN/CN configuration is empty except for a wildcard domain.
Asigra Plugin UpgradesAsigra users running version 14.2.0.2 or earlier requires a TrueNAS CLI upgrade procedure to update to a new plugin version. In the TrueNAS web interface, open the **Shell** and enter iocage upgrade asigra-plugin-name, replacing asigra-plugin-name with whatever unique name was created for the plugin.
NAS-106992Persistent L2ARC is disabled by default.While the underlying issues have been fixed, this setting continues to be disabled by default for additional performance investigation. To manually reactivate persistent L2ARC, log in to the TrueNAS Web Interface, go to System > Tunables, and add a new tunable with these values:
  • Type = sysctl
  • Variable = vfs.zfs.l2arc.rebuild_enabled
  • Value = 1
TrueNAS "root" user account cannot be an SMB user.This is an intentional change to improve software security and suitability for deployment in a variety of environments. Update the SMB configuration to use a different user account.
Netatalk CVEsNetatalk anounced CVEsOn March 21st 2022, the Netatalk project commited an update announcing 7 CVEs. See the linked Security article for more details.