6 minute read.Last Modified 2023-08-24 14:36 EDT
TrueNAS Quality Lifecycle
|Release Stage||Completed QA Cycles||Typical Use||Description|
|ALPHA||1||Testers||Not much field testing|
|BETA||2||Enthusiasts||Major Feature Complete, but expect some bugs|
|RC||4||Home Users||Suitable for non-critical deployments|
|RELEASE||6||General Use||Suitable for less complex deployments|
|U1||7||Business Use||Suitable for more complex deployments|
|U2+||8||Larger Systems||Suitable for higher uptime deployments|
February 2, 2022
TrueNAS 12.0-U8 has been released, and includes a number of fixes, improvements, and features. These include:
- OpenZFS 2.0.7
- New “Console Port” and “TLS Server URI” input fileds in S3 service configuration form.
- Direct link to TrueNAS Upgrades article from Update screen.
For those with FreeNAS installed on your system, we recommend updating or upgrading to FreeNAS 11.3-U5 first and then upgrading to TrueNAS 12.0-U8 with a single click to retain roll-back options. While it is an easy web update, we do recommend waiting to update your system’s zpool feature flags until you are finished validating your performance and functionality.
For those with TrueNAS HA systems and support contracts, we recommend contacting iXsystems Support to schedule an upgrade. We will verify your system health, configuration, and support the upgrade process as part of the “white glove” service that comes with any support contract.
Customers who purchase iXsystems hardware or that want additional support must have a support contract to use iXsystems Support Services. The TrueNAS Community forums provides free support for users without an iXsystems Support contract.
|Contact Method||Contact Options|
|Telephone||Monday - Friday, 6:00AM to 6:00PM Pacific Standard Time:|
US-only toll-free: 1-855-473-7449 option 2
Local and international: 1-408-943-4100 option 2
|Telephone||After Hours (24x7 Gold Level Support only):|
US-only toll-free: 1-855-499-5131
International: 1-408-878-3140 (international calling
Please check out the updated TrueNAS documentation even if you don’t upgrade today. We’re extremely grateful for all the contributions received thus far and encourage more user suggestions going forward.
“All versions of Samba prior to 4.13.17 are vulnerable to an out-of-bounds heap read write vulnerability that allows remote attackers to execute arbitrary code as root on affected Samba installations that use the VFS module vfs_fruit.
The specific flaw exists within the parsing of EA metadata when opening files in smbd. Access as a user that has write access to a file’s extended attributes is required to exploit this vulnerability. Note that this could be a guest or unauthenticated user if such users are allowed write access to file extended attributes.
The problem in vfs_fruit exists in the default configuration of the fruit VFS module using fruit:metadata=netatalk or fruit:resource=file. If both options are set to different settings than the default values, the system is not affected by the security issue.”
The CVE does not affect TrueNAS in its default configuration. However, it does impact configurations where users have opted to share same paths via AFP and SMB simultaneously. We recommend users upgrade to 12.0-U8 as soon as possible to eliminate this security risk.
- [FreeBSD EN 22.01] - FreeBSD EN 22.01
- [FreeBSD EN 22.03] - FreeBSD EN 22.03
- [FreeBSD EN 22.04] - FreeBSD EN 22.04
- [FreeBSD SA 22.01] - FreeBSD SA 22.01
- [NAS-113985] - Merge OpenZFS 2.0.7
- [NAS-114028] - Add an input field for tls_server_uri into in S3 configuration form
- [NAS-114137] - Add an input field console_bindport into in S3 configuration form
- [NAS-114297] - Add link to docs from Update page
- [NAS-114103] - Include igc(4) driver for I225 Intel NICs
- [NAS-106633] - Cron tasks are run on wrong time zone after initial setup
- [NAS-112371] - Misleading and ambiguous description for creating a new pool with encryption
- [NAS-113240] - smbd crashes while freeing tree connection if user can't chdir() into connectpath
- [NAS-113323] - System locks up with all CPUs performing arc_prune
- [NAS-113356] - intermittent smbd crash during session logoff
- [NAS-113368] - Jail stopped working after upgrade to 12.0-U6.1 with utf-8 decoding error
- [NAS-113393] - crash during snapshot enumeration in zfs_fsrvp - regression in port to samba 4.13
- [NAS-113409] - iSCSi Initiators not showing any connected after 12.ou5 update
- [NAS-113513] - Files Copied to SMB Shares Have File Modified Time Adjusted
- [NAS-113621] - smbd assertion - failure to chdir() to share connectpath when session has multiple tcons with different credentials
- [NAS-113631] - Fix bug in initializing hwm in winbindd_idmap.tdb
- [NAS-113727] - Web gui unresponsive after a few days
- [NAS-113741] - 4 port FC NICs Duplicate WWPN from isp0 and isp1 to isp2 and isp3
- [NAS-113744] - regression in hook_setup_ha on CORE
- [NAS-113751] - httpd.core after upgrade to 12.U7
- [NAS-113813] - Update plugin artifact before executing pre update script
- [NAS-113814] - Graphs are empty
- [NAS-113823] - Asigra jail upgrade failed, and couldn't rollback
- [NAS-113863] - Samba Kerberos authentication fails in MIT realms since 12.0-U6.1
- [NAS-113925] - Provide correct file generation number
- [NAS-114020] - Despite NAS-110600 being marked as resolved, the same bug continues to prevent me from disconnecting two outdated pools.
- [NAS-114034] - Installing Nextcloud as a plugin leads to php error
- [NAS-114047] - core file found
- [NAS-114052] - Checkboxes on Alert Services Page have strange behavior
- [NAS-114116] - Make minio console port configurable
- [NAS-114125] - Memory leak in snmp-agent.py
- [NAS-114164] - Disable SMB1 Unix Extensions by default
- [NAS-114177] - fix disk.sync with multipath disks
- [NAS-114178] - enclosure plugin doesn't account for multipath
- [NAS-114239] - Add alert for CVE-2021-20316-related misconfiguration
- [NAS-114277] - sesutil fails to control LEDs on ES102
- [NAS-114278] - Merge FreeBSD SA-22:01 EN-22:02-04
- [NAS-114320] - Fix handling of errors from dmu_write_uio_dbuf() on FreeBSD
- [NAS-114468] - CVE-2022-44142 (SMB) - update samba to 4.13.17 (12.0) and 4.15.5 (13.0 and SCALE)
- [NAS-114491] - net/samba - update to version 4.13.16
|NAS-113284||Samba CVE-2021-20316: Symlink race error can allow metadata read and modify outside of the exported share.||Do not enable SMB1 (this is disabled by default in TrueNAS 11.2 and later). If SMB1 must be enabled for backwards compatibility then add the auxiliary parameter: |
For versions prior to TrueNAS 13.0, we recommend only exporting areas of the file system by either SMB2 or NFS, not both.
|Minio Project: Certificate errors in distributed mode with docker compose||Wild card certificates do not work with Minio||Reset the Minio domain configuration to localhost when the Minio SAN/CN configuration is empty except for a wildcard domain.|
|Asigra Plugin Upgrades||Asigra users running version 188.8.131.52 or earlier requires a TrueNAS CLI upgrade procedure to update to a new plugin version. In the TrueNAS web interface, open the **Shell** and enter |
|NAS-106992||Persistent L2ARC is disabled by default.||While the underlying issues have been fixed, this setting continues to be disabled by default for additional performance investigation. To manually reactivate persistent L2ARC, log in to the TrueNAS Web Interface, go to System > Tunables, and add a new tunable with these values:|
|TrueNAS "root" user account cannot be an SMB user.||This is an intentional change to improve software security and suitability for deployment in a variety of environments. Update the SMB configuration to use a different user account.|
|Netatalk CVEs||Netatalk anounced CVEs||On March 21st 2022, the Netatalk project commited an update announcing 7 CVEs. See the linked Security article for more details.|