12.0-U8

February 2, 2022

TrueNAS 12.0-U8 has been released, and includes a number of fixes, improvements, and features. These include:

• OpenZFS 2.0.7
• New “Console Port” and “TLS Server URI” input fileds in S3 service configuration form.
• Direct link to TrueNAS Upgrades article from Update screen.

For those with FreeNAS installed on your system, we recommend updating or upgrading to FreeNAS 11.3-U5 first and then upgrading to TrueNAS 12.0-U8 with a single click to retain roll-back options. While it is an easy web update, we do recommend waiting to update your system’s zpool feature flags until you are finished validating your performance and functionality.

For those with TrueNAS HA systems and support contracts, we recommend contacting iXsystems Support to schedule an upgrade. We will verify your system health, configuration, and support the upgrade process as part of the “white glove” service that comes with any support contract.

Please check out the updated TrueNAS documentation even if you don’t upgrade today. We’re extremely grateful for all the contributions received thus far and encourage more user suggestions going forward.

“All versions of Samba prior to 4.13.17 are vulnerable to an out-of-bounds heap read write vulnerability that allows remote attackers to execute arbitrary code as root on affected Samba installations that use the VFS module vfs_fruit.

The specific flaw exists within the parsing of EA metadata when opening files in smbd. Access as a user that has write access to a file’s extended attributes is required to exploit this vulnerability. Note that this could be a guest or unauthenticated user if such users are allowed write access to file extended attributes.

The problem in vfs_fruit exists in the default configuration of the fruit VFS module using fruit:metadata=netatalk or fruit:resource=file. If both options are set to different settings than the default values, the system is not affected by the security issue.”

Source: CVE-2022-44142

The CVE does not affect TrueNAS in its default configuration. However, it does impact configurations where users have opted to share same paths via AFP and SMB simultaneously. We recommend users upgrade to 12.0-U8 as soon as possible to eliminate this security risk.

• [FreeBSD EN 22.01] - FreeBSD EN 22.01
• [FreeBSD EN 22.03] - FreeBSD EN 22.03
• [FreeBSD EN 22.04] - FreeBSD EN 22.04
• [FreeBSD SA 22.01] - FreeBSD SA 22.01

• [NAS-113985] - Merge OpenZFS 2.0.7
• [NAS-114028] - Add an input field for tls_server_uri into in S3 configuration form
• [NAS-114137] - Add an input field console_bindport into in S3 configuration form
• [NAS-114297] - Add link to docs from Update page

• [NAS-114103] - Include igc(4) driver for I225 Intel NICs

• [NAS-106633] - Cron tasks are run on wrong time zone after initial setup
• [NAS-112371] - Misleading and ambiguous description for creating a new pool with encryption
• [NAS-113240] - smbd crashes while freeing tree connection if user can't chdir() into connectpath
• [NAS-113323] - System locks up with all CPUs performing arc_prune
• [NAS-113356] - intermittent smbd crash during session logoff
• [NAS-113368] - Jail stopped working after upgrade to 12.0-U6.1 with utf-8 decoding error
• [NAS-113393] - crash during snapshot enumeration in zfs_fsrvp - regression in port to samba 4.13
• [NAS-113409] - iSCSi Initiators not showing any connected after 12.ou5 update
• [NAS-113513] - Files Copied to SMB Shares Have File Modified Time Adjusted
• [NAS-113621] - smbd assertion - failure to chdir() to share connectpath when session has multiple tcons with different credentials
• [NAS-113631] - Fix bug in initializing hwm in winbindd_idmap.tdb
• [NAS-113727] - Web gui unresponsive after a few days
• [NAS-113741] - 4 port FC NICs Duplicate WWPN from isp0 and isp1 to isp2 and isp3
• [NAS-113744] - regression in hook_setup_ha on CORE
• [NAS-113751] - httpd.core after upgrade to 12.U7
• [NAS-113813] - Update plugin artifact before executing pre update script
• [NAS-113814] - Graphs are empty
• [NAS-113823] - Asigra jail upgrade failed, and couldn't rollback
• [NAS-113863] - Samba Kerberos authentication fails in MIT realms since 12.0-U6.1
• [NAS-113925] - Provide correct file generation number
• [NAS-114020] - Despite NAS-110600 being marked as resolved, the same bug continues to prevent me from disconnecting two outdated pools.
• [NAS-114034] - Installing Nextcloud as a plugin leads to php error
• [NAS-114047] - core file found
• [NAS-114052] - Checkboxes on Alert Services Page have strange behavior
• [NAS-114116] - Make minio console port configurable
• [NAS-114125] - Memory leak in snmp-agent.py
• [NAS-114164] - Disable SMB1 Unix Extensions by default
• [NAS-114177] - fix disk.sync with multipath disks
• [NAS-114178] - enclosure plugin doesn't account for multipath
• [NAS-114239] - Add alert for CVE-2021-20316-related misconfiguration
• [NAS-114277] - sesutil fails to control LEDs on ES102
• [NAS-114278] - Merge FreeBSD SA-22:01 EN-22:02-04
• [NAS-114320] - Fix handling of errors from dmu_write_uio_dbuf() on FreeBSD
• [NAS-114468] - CVE-2022-44142 (SMB) - update samba to 4.13.17 (12.0) and 4.15.5 (13.0 and SCALE)
• [NAS-114491] - net/samba - update to version 4.13.16