11.2-U5

July 9, 2019

We are pleased to announce the general availability of TrueNAS 11.2-U5, the initial TrueNAS offering on the 11.2 series. This release represents nearly a year of bug fixes, automated code testing , manual testing, and performance testing on M-Series, X-Series, and Z-Series hardware. There are significant improvements to High Availability, Alerts, SMB, and ZFS performance. Support for many cloud providers and OAuth cloud credentials has been added and the OS and software have been updated to address known security vulnerabilities.

Before updating, contact iXsystems Technical Support for a pre-update health check and to answer any technical questions regarding this update. You can contact Support by calling 1-855-GREP-4-iX or emailing support@ixsystems.com.

New or Changed UI Fields

  • 9053 AFP home share configuration moved from Services to Sharing
  • 19397 Rename TFTP umask field to File Permissions and use permissions selection grid
  • 24283 Add exec property to dataset configuration screen
  • 26679 Add (System > Alerts for configuring alert frequency
  • 27842 Add MSDOSFS locale field to Import Disk screen
  • 27881 Set the default setting for the SMB > Sharing > SMB > Apply Default Permissions checkbox to checked
  • 34432 Display root email in Wizard
  • 36523 Hide Auxiliary Arguments from Cloud Sync task
  • 37408 Remove Console Screensaver option as it is no longer supported
  • 41172 Remove unused Enable automatic upload of daily telemetry field
  • 51546 Rename Automatic check for updates checkbox on System > Update
  • 62892 Disallow import or creation of certificates with key lengths less than 1024
  • 72459 Add two new checkboxes for S3 Cloud Sync credentials to legacy UI
  • 76360 Update tooltip in legacy UI to indicate that only ASCII is allowed for email password
  • NAS-102439 UI Changes

ZFS Improvements

  • 23893 Enhance compressed ARC performance
  • 27123 Fix range locking in ZIL commit codepath
  • 27514 Break potential recursion involving getnewvnode and zfs_rmnode
  • 28544 Merge in compressed ARC patches
  • 32736 Change default ZFS indirect block size from 128 to 32 for new files and zvols
  • 33852 Specify replication bandwidth limit in kbps
  • 37570 Fix ZFS ZIOs leak in ddt_sync()
  • 40712 Reduce taskqueue congestion caused by ZFS ZIO pipeline activity
  • 42803 Unblock speculative prefetcher on pool creation
  • 53280 Bring in some FreeBSD fixes to improve ZFS device removal
  • 58371 Properly encode ZFS properties
  • 63153 Separate ARC reclamation threads to prevent blocking disk I/O under heavy use
  • 73110 Fix integer math overflow in UMA hash_alloc() that prevented ARC from growing above 512GB
  • 79860 Merge some ZFS-on-SSD performance optimizations from FreeBSD
  • 80319 Merge from FreeBSD fix for deadlock in ZFS IO pipeline
  • NAS-100915 Set vfs.zfs.dirty_data_max_max for TrueNAS M-Series

New or Updated Software

  • 25970 Add devel/py-xattr to base install
  • 27656 Include Intel Meltdown workaround code
  • 27285 Add sysutils/ncdu to base system
  • 27820 Add sysutils/devcpu-data
  • 28183 Update minio to version 2018-04-04T05
  • 28519 Update to Netatalk 3.1.12
  • 28798 Add security/gnupg to base as needed by update-smart-drivedb
  • 29161 Update rsync to version 3.1.3
  • 30177 Add msdosfs_iconv kernel module
  • 31893 Rebase Ports Tree
  • 31920 Fix memory leak in net-snmp
  • 32361 Add CURL support to collectd
  • 32931 Add p5-IO-Socket-INET6 as a run dependency for asip-status.pl
  • 33171 Update FreeBSD cam driver
  • 33180 Add nut.so to /usr/local/lib/collectd/
  • 33483 Fix KERBEROS5 option in netatalk3 port
  • 37308 Update base OS to FreeBSD 11.2
  • 38105 Do not count ARC against available RAM (NetData)
  • 38255 Update zsh to 5.5.1
  • 47140 Update multidict to version 4.3.1
  • 54072 Update rclone to 1.44 and add support for Microsoft OneDrive
  • 63816 Update base OpenSSL to 1.0.2q
  • 64071 Update curl to 7.62.0
  • 64620 Address Netatalk CVE-2018-1160
  • 65187 Fix FreeBSD-EN-18:18.zfs
  • 69022 Fix FreeBSD security advisories 19:03 through 19:05
  • 73792 Merge FreeBSD-SA-19:01.syscall fix
  • 75361 Update dns/mDNSResponder_nss to fix proftpd crash
  • 77790 Update net/zerotier to 1.2.12-1
  • NAS-102406 Updated Software

Documentation Improvements

  • 23958 Clarify Guide entry for UPS Port field when SNMP is selected
  • 27384 Update instructions on how to replace disk in encrypted pool
  • 27878 Rework L2ARC encryption warning in User Guide
  • 28615 Fix the description of Validate Remote Path checkbox in Guide
  • 28649 Clarify create option of Boot menu in Guide
  • 29074 Clarify meaning of cloud sync times
  • 31299 Separate S.M.A.R.T. email addresses with spaces
  • 34327 Add note to Guide for UPS polling interval
  • 34384 Indicate in Guide to disable Physical Block Size Reporting when using an iSCSI target for VMware
  • 35305 Correct the use of MSDOS in Import Disk section of Guide
  • 38791 Correct the example for generating a keytab in Guide
  • 40480 Add link to Guide that further explains ssh-keygen
  • 40596 Update NFS Share section of Guide
  • 42419 Update AFP section of Guide
  • 42755 Update Lagg instructions in Guide
  • 48526 Add section for removing log and cache devices to Guide
  • 51579 Fix tense of subtitle in Guide
  • 54261 Standardize on delete for removing snapshots and datasets in Guide
  • 56250 Clarify Full disk encryption in Guide
  • 56538 Update swap description in Guide
  • 58083 Clarify TLS and SSL descriptions in Guide
  • 58086 Fix incorrect wording in LDAP section of Guide
  • 58392 Add ZFS flag information to Guide
  • 60192 Increase 50% capacity recommendation in Guide for a pool hosting iSCSI LUNs
  • 61188 Add instructions for adding spare devices to an encrypted pool to Guide
  • 61323 Update Replacing an Encrypted Disk section of Guide
  • 66430 Clarify replication process in Guide
  • 67870 Rework Domain Controller and Global Catalog Server field descriptions in Guide
  • 69607 Add note to Guide explaining common rclone sync error
  • 75397 Update default list of sysctl and loader tunables in Guide
  • NAS-102435 Guide Improvements

HA Improvements

  • NAS-102401 HA Improvements
  • Improvements to Alerts and Warnings
  • 21458 Provide alert if configured NTP server can not be contacted
  • 27700 Generate warning when a scrub is paused
  • 29389 Show errors on boot pool attach or replace
  • 31400 Silence warning about nut_upsshut not being set when it is disabled
  • 33021 Try to show the reason a VMware snapshot failed
  • 62478 Do not raise SSL invalid alert when SSL is not in use
  • 70140 Fix spurious warning about bridge capabilities
  • NAS-202399 Improvements to Alerts

Improvements to SMB and Directory Services

  • 25938 Mimic Windows-style ACLs for NFSv4
  • 27735 Use FreeBSD file flags to store Samba DOS modes
  • 27895 Remove popup message that refers to defunct Change Email button
  • 32937 Clean up krb5.conf and pam.d/* after stopping AD
  • 59121 Store workgroup discovered via LDAP in configuration database
  • 61116 Do not monitor disabled directory services
  • 63108 Improve krb5.conf generation and fix some bugs for edge cases
  • 65949 Allow Windows 10 and Server 2019 to pass security check during SMB connect
  • 68293 Prevent sharesec_reset from incorrectly adding owner and group entries to the ACLs of an SMB share
  • 68835 Add support for Time Machine over SMB
  • 71785 Address Samba listen queue overflows and issues found in vfs_ixnas
  • 73657 Fix ordering issue to allow recycle bin across ZFS datasets
  • 74262 Set appropriate permissions on .recycle directory
  • 74848 Fix shell errors when Active Directory is enabled but not working
  • 74911 Optimize reading and writing ACLs in Samba
  • 75873 Add support for nested ZFS datasets via shadow_copy_zfs vfs module
  • 76000 Fix regression with user/group validation in AD environments
  • 76269 Fix guest account initialization in read-only LDAP environments
  • 76386 Allow multiple SMB shares to have same path but prevent multiple shares with same name
  • 78132 Fix idmap settings for LDAP
  • NAS-101069 Update smb4.conf generation to reflect optimization recommendations

Improvements to AFP, NFS, and iSCSI

  • 24282 Make ctlstat -n option work reasonably for sparse LUN list
  • 29265 Generate a unique serial for each LUN
  • 30010 Fix UI display bug for iSCSI LUNs
  • 32373 Sort NFS shares by path in legacy UI
  • 34204 Strengthen locking for the NFSv4.1 server DestroySession operation
  • 39213 Password fix for CHAP authentication
  • 43437 Limit the number of GSS request retries to prevent NFS from hanging
  • 55728 Remove listen queue limit and avoid some DNS requests in mountd
  • 73335 Pull in FreeBSD fixes so that ESXi 6.7 does not force NFSv4 datastores to mount read-only
  • NAS-100855 Fix quoting of generated values in ctl.conf
  • NAS-101329 Correctly write multiple ISNS servers to iSCSI configuration file
  • NAS-101435 Fix traceback when iSCSI service fails to reload

Cloud Improvements

  • 26924 Add file-level encryption to Cloud Sync
  • 27756 Show cloud sync logs for all statuses
  • 28156 Escape quotes for S3 secret key
  • 28508 Fix winacl issue in minio
  • 28784 Fix minio config directory permissions
  • 29020 Encrypt cloud credentials in configuration database
  • 33441 Support all cloud sync services that rclone supports
  • 41640 Add Google Team Drive support to middleware
  • 59571 Add support for Azure Blob storage
  • NAS-102403 Cloud Improvements

Networking Improvements

  • 25973 Set net.link.ether.inet.log_arp_movements to 0 by default
  • 26104 Validate vlan number when configuring via the console
  • 26912 Do not require reboot when adding additional DNS domains
  • 28566 Do not allow underscores in hostname
  • 28572 Fix issue with SNMP over IPv6
  • 30813 Make SNMP indexes 1-based as described in RFC 2578
  • 44196 Add support for IPv6 static routes
  • 56646 Fix creation of vlan parent interface when using netcli
  • 66880 Fix dhclient network device flapping
  • NAS-101255 Cherrypick IPFW fixes for VRRP and VERSRCREACH

Miscellaneous Improvements

  • 25705 Use HTTPS for updates
  • 26374 Make ZSH the default root shell for new installs
  • 28175 Add disk temperature graph to Reporting
  • 28470 Display graphs for network interfaces with a colon in the interface name
  • 28592 Automatically unlock SEDs during boot
  • 29566 Increase size of MOTD
  • 30675 Configure the serial console to support both BIOS and UEFI
  • 32793 Report actual physical (compressed) L2ARC size
  • 36118 Add support to boot from dataset with a colon in its name
  • 36473 Improve zsh prompt and add useful bindkeys
  • 38978 Add support for NVMe device replacement
  • 42090 Add -a and -p to arcstat
  • 64215 Fix trusted domain users/groups error message in legacy UI
  • 64251 Speed up pool.query for hundreds of datasets
  • 68932 Bring in FreeBSD sesutil fixes
  • 75829 Remove unsupported replication ciphers
  • 76215 Add product name and hostname to alerts email
  • NAS-100637 Remove unnecessary “camcontrol rescan all” call
  • NAS-100810 Deprecate notifier update methods
  • NAS-100865 Set higher vfs.zfs.dirty_data_max_max on M-Series systems
  • NAS-101153 Improve datastore listing in VMware-Snapshots
  • NAS-101226 Clarify reset interface message in console
  • NAS-101854 Increase performance when creating/destroying a pool with many disks
  • NAS-102154 Optimize kern.geom.conf* sysctls performance on large systems

Bug Fixes

  • 25010 Resolve keymap warning during boot by getting keymaps from vt instead of syscons
  • 25420 Reenable Chelsio TCP offload now that bug in T580-SO-CR 4x10G is fixed
  • 25659 Reset UPS shutdown timer when shutdown mode changes
  • 26281 Validate that first certificate in chain matches private key
  • 26547 Do not run scrub if the pool is unlocked or not online
  • 26586 Prevent Volume Manager from switching to stripe after selecting cache device
  • 26594 Only show detach button when the boot pool is mirrored
  • 26659 Ensure that disks attached to a pool are not available for use as a spare
  • 26668 Ensure that a disk can not be selected to replace itself
  • 27272 Prevent IPv6 from slowing down the console
  • 32685 Fix alias bug that prevented certain users from not being added to /etc/aliases
  • 34969 Properly handle dataset recordsize of 1M
  • 35347 Fix Export Password Secret Seed setting in legacy UI
  • 35428 Disable RRD write cache when Reporting Database is unchecked
  • 35446 Fix System -> Advanced -> Console Footer not displaying in legacy UI
  • 37694 Allow users to paste the contents of certificates signed by an external CA
  • 37970 Increase loader autoboot timeouts
  • 38435 Fix INFO alerts being shown as CRITICAL
  • 38545 Avoid further CAM retries when drive asks for a recovery action which fails
  • 41910 Fix system crash/freeze when deleting many files
  • 42749 Remove NTP alert code that was generating false positives
  • 44581 Fix bug that prevented deletion of Volume/Pool comments
  • 50233 Remove ^H bindkey as it is incompatible with some terminals
  • 54393 Fix bug where legacy UI did not handle cron values of 30 and 31
  • 54693 Always free memory before swapping
  • 56598 Ensure crontab contains created Cron Jobs
  • 58176 Fix race condition in swap pager
  • 58653 Fix kernel panic due to leak in physical memory accounting
  • 64716 Suppress default Netdata RAM usage warning
  • 65052 Use correct permissions for /var/log/netdata/debug.log
  • 69825 Fix TFTP listen host option
  • 69787 Fix UPS shutdown logic
  • 71130 Fix bug in manual volume creation in legacy UI
  • 75019 Fix resetting root password from netcli
  • 77224 Ensure replication variables are stripped of leading/trailing whitespace
  • NAS-102240 Bug Fixes

Known Issues

TrueNAS NFSv4 exports do not work in a VMWare cluster at this time. NFSv3 will need to be used as a work-around.

Cloud providers are third-party commercial vendors not directly affiliated with iXsystems. Cloud Sync Tasks which connect to cloud providers are provided on a best-effort basis. Cloud providers may charge for their services, change their rates, or disable access to their services at any time. Please investigate and fully understand the provider’s pricing policies and services before creating any Cloud Sync task. iXsystems is not responsible for any charges incurred from the use of third-party vendors with the Cloud Sync feature.

When configuring Microsoft OneDrive Cloud, OAuth populates all of the credentials except for the “Drive ID”. To determine the Drive ID, log into OneDrive, copy the string after cid= from the browser address bar, and enter that value as the Drive ID. This bug will be fixed for 11.2-U6.

The hubiC cloud service has suspended creation of new accounts.

Amazon Cloud Drive is known to be broken and may be removed from a future release.

The Mega cloud service is currently broken. The new version of rclone which fixes this will be available in 11.3.

Authorization refresh is not working for Box and will be fixed for 11.2-U6. As a workaround, reauthenticate should the authorization stop working.

When performing an update on HA systems, the “Apply Pending Updates” button does not apply the update. Instead, select the “Check Now” option.

If the email address configured in Services > S.M.A.R.T. > Email differs from the root user email address configured in Account > Users, only the root user email address will receive an email alert when there is a S.M.A.R.T. failure. If these email addresses need to differ, the workaround is to configure System > Alert Services.

Tickets can be viewed at the iXsystems & FreeNAS Redmine page or our Open Issues page.