## Version 6.11.5 2022-11-20 This release reverts a change which modified the wrong file. This resulted in not being able to select 'macvlan' custom docker network type. New installations only will now have 'ipvlan' selected by default. ### Docker - fix: Set IPVLAN as default only for new installations. ## Version 6.11.4 2022-11-18 This release is focused on bug fixes and minor improvements. ### Diagnostics - Fix share information in Diagnostics. ### Docker - docker: version 20.10.21 (CVE-2022-39253 CVE-2022-2879 CVE-2022-2880 CVE-2022-41715) - Fix: "please wait" message after removing orphan image. - Set IPVLAN as default for new installations. ### Samba - samba: version 4.17.3 (CVE-2022-42898) - Set the default "max open files" to the value of 'ulimit -n' which is currently set to 40960. ### VM Manager - Allow Network PCI devices to have boot order. - Change to use libvirt_domain_interface_addresses which has been available for a long time but was not documented in the API manual. Using this function stops tainted warnings being written to the log, ex: "Domain id=4 is tainted: custom-ga-command". - Fix for VM Rename. ### Misc - Fixed issue which prevented array Autostart with a Trial key. - Fixed encoding issue when passwords contain multi-byte UTF-8 characters. - Parity History: add day of week to date. - Shares: Fix: do not allow creation of hidden share names. - Main page: reinitialize disk transfer statistics upon opening new broswer session. - Management Access page: improved messaging for SSL - Firefox: version 107.0.r20221110173214 (AppImage) - When all browser sessions close, stop unnecessary background processes. ### Base Distro - bash: version 5.2.009 - btrfs-progs: version 6.0.1 - gdk-pixbuf2: version 2.42.10 - glibc-zoneinfo: version 2022f - intel-microcode: version 20221108 - libX11: version 1.8.2 - libnftnl: version 1.2.4 - nghttp2: version 1.51.0 - php: version 7.4.33 (CVE-2022-31630 CVE-2022-37454) - sed: version 4.9 - sysstat: version 12.7.1 - xkbevd: version 1.1.5 - xkill: version 1.0.6 - xlsatoms: version 1.1.4 - xlsclients: version 1.1.5 - xz: version 5.2.8 ## Version 6.11.3 2022-11-08 This release is focused on bug fixes and minor improvements. In particular, we need to revert a base library due to a bug which prevents formatting devices >2TB in size. ### Management - Reverted 'libpopt.so.0.0.1' to workaround 'sgdisk' bug used to format devices larger than 2TB. - Fixed issue where description setting for 'root' user was not preserved across reboots. - Fix issue that sometimes information window opens empty. ### VM Manager - Set correct values when edit for USB Boot and correct Share Selection. - Add Nic boot order. ### Base Distro - gptfdisk: version 1.0.8 (revert from version 1.0.9) - libXext: version 1.3.5 - libXinerama: version 1.1.5 - libdrm: version 2.4.114 - libedit: version 20221030_3.1 - mcelog: version 190 - ntfs-3g: version 2022.10.3 - openssl: version 1.1.1s - openssl-solibs: version 1.1.1s - pixman: version 0.42.2 - sessreg: version 1.1.3 - sudo: version 1.9.12p1 - xsetroot: version 1.1.3 ## Version 6.11.2 2022-11-04 This release is focused on bug fixes and minor improvements. Please note there are important security mitigations in Samba, all uses are encouraged to update. ### VM Manager If you boot a VM from a passed physical USB device there is a new setting called **Enable USB boot** which must be set to **Yes**. This is due to feature change in the latest OVMF component. Changes: - Add boot order for USB and USB Boot option. Using 'boot order' field VM can boot from a passed-through NVMe controller/device. - Add virtiofs/9p Unraid share mapping. - CD Hotplug bug fix. - Fix Hotplug within Templates. - Fix changing from passthru to custom CPU. - Test for guest agent to suppress error message in libvirt log, and show text for guest not running or guest agent is not installed. - Fix unable to change HyperV settings. - Add 'start with console' option. - OVMF for QEMU: version edk2-stable202208 ### Wireguard Changes: - Fixed problem setting up tunnels if using default network.cfg settings. - Fix typo setting up routes. ### Plugin manager Changes: - If plugin files cannot be read from CDN URL, fall back to non-CDN URL. - Enforce plugin files must end in '.plg'. - Fix post hook failing when plugin download fails. - Adjust the wget parameters to keep it from indefinitely hanging. ### Scheduler For scheduled Parity Checks, change default mode to Non-correcting. In case there are disk issues during a parity check it would be safer to have the default be non-correct. If sync errors are detected then the user can analyze the log and act accordingly. ### Misc. webGUI Changes: - DashStats: The inbound networkstats is out of place when numeric value is xxx.x. - Docker: Add/clarify Help to Docker Custom Network settings. - Docker: Fix display aberration on orphan images - SMART attributes: clarify message: "Can not read attributes" to "Attributes not available" - ShareEdit/ShareList: show pool not defined when share pool is not a defined pool ### Linux kernel - version 5.19.17 - patch: additional NVMe BOGUS_NID quirks for non-compliant devices reported by users - sound support: - CONFIG_SOUND: Sound card support - CONFIG_SND: Advanced Linux Sound Architecture - CONFIG_SND_OSSEMUL: Enable OSS Emulation - CONFIG_SND_PCM_OSS: OSS PCM (digital audio) API - CONFIG_SND_HRTIMER: HR-timer backend support - CONFIG_SND_SUPPORT_OLD_API: Support old ALSA API - CONFIG_SND_PROC_FS: Sound Proc FS Support - CONFIG_IPV6: The IPv6 protocol (change from module to built-in) ### Base Distro Package updates including CVE mitigations: - bash: version 5.2.002 - bind: version 9.18.8 (CVE-2022-38178 CVE-2022-38178 CVE-2022-3080 CVE-2022-2795) - btrfs-progs: version 6.0 - curl: version 7.86.0 - dbus: version 1.14.4 - freeglut: version 3.4.0 - git: version 2.38.1 (CVE-2022-39253 CVE-2022-39260) - glibc-zoneinfo: version 2022e - harfbuzz: version 5.3.1 - icu4c: version 72.1 - iproute2: version 6.0.0 - kernel-firmware: version 20221017_48407ff - less: version 608 - libXmu: version 1.1.4 - libXrender: version 0.9.11 - libedit: version 20221009_3.1 - libffi: version 3.4.4 - libgpg-error: version 1.46 - libpciaccess: version 0.17 - libunistring: version 1.1 - libxkbfile: version 1.1.1 - libxshmfence: version 1.3.1 - lsof: version 4.96.4 - nginx: version 1.22.1 - openssh: version 9.1p1 - php: version 7.4.32 - pixman: version 0.42.0 - rsync: version 3.2.7 - samba: version 4.17.2 (CVE-2021-20251 CVE-2022-3437 CVE-2022-3592) - sudo: version 1.9.12 - tree: version 2.0.4 - xkeyboard-config: version 2.37 - xterm: version 375 - zlib: version 1.2.13 (CVE-2022-37434) ## Version 6.11.1 2022-10-06 ### Improvements Updated both qemu and libvirt to latest versions: - Added ppc, riscv32/riscv64, and aarch64 support. Updated docker to v20.10.18 and improved networking: - When DHCP is used, wait for IPv4 assignment before proceeding on system startup, this avoids a possible race-condition at boot time when host access to custom networks is enabled. - Allow user defined networks to be reconnected at docker service start. Now all defined networks will be automatically reconnected. VM Manager improvements: - Implemented option to use Virtiofs for mapping of Unraid host shares into a VM. - Added Spice html client for Virtual Machines (experimental). ### Notable Bug fixes - Fixed issue where opening certain pages, eg, Dashboard, needlessly causes writes to the USB Flash boot device. - Fixed the issue of docker containers can reach the Internet when the WG tunnel is not autostarted at system boot up. **Users are advised to regenerate the WG configs.** This can be done, e.g., by clicking in a field to change a value and then change it back in order to get the Apply button to light up. Then click Apply. - Fixed issue where empty popup windows gets displayed with certain browsers and devices. - Restored "NTLMv1 authenication" for incoming SMB connections. ## Change Log vs. Unraid OS 6.11.0 #### Base distro: - acpid: version 2.0.34 - bash: version 5.2.000 - bind: version 9.18.7 - ca-certificates: version 20220922 - dbus: version 1.14.2 - dnsmasq: version 2.87 - docker: version 20.10.18 (CVE-2022-27664 CVE-2022-32190 CVE-2022-36109) - git: version 2.38.0 - glib2: version 2.72.4 - glibc-zoneinfo: version 2022d - gnutls: version 3.7.8 - harfbuzz: version 5.2.0 - intel-microcode: version 20220809 - libXtst: version 1.2.4 - libXxf86vm: version 1.1.5 - libffi: version 3.4.3 - libvirt: version 8.7.0 - libvirt-php: version 0.5.6 - lsof: version 4.96.3 - nghttp2: version 1.50.0 - pango: version 1.50.11 - qemu: version 7.1.0 (built adding ppc, riscv32/64 support, replace arm with aarch64) - sqlite: version 3.39.4 - xterm: version 373 - xz: version 5.2.7 #### Linux kernel: - version 5.19.14 - CONFIG_DRM_MGAG200: Matrox G200 - CONFIG_X86_SGX: Software Guard eXtensions (SGX) - CONFIG_X86_SGX_KVM: Software Guard eXtensions (SGX) Virtualization - CONFIG_CRYPTO_ZSTD: Zstd compression algorithm - md/unraid: version 2.9.25 - patch: silence EDID "block all zeros" and "has corrupt header" notices - patch: add NVMe quirks for non-compliant devices reported by users #### Management: - webgui: VM Manager: Update GUI Options - Include 9P and Virtiofs - Remove 9P option for Windows. - Update XML if virtiofs and Windows in addition to Linux. - Update VM Share GUI Options - webgui: Fixed: wrong feedback display on VM page - webgui: Dashboard: store graph data in file instead of cookie - webgui: Ask user to provide diagnostics before downgrading the OS - webgui: Spice html client in addition to VNC - webgui: improve handling of windows-style config files - webgui: WireGuard: add explicit interface name in routing - webgui: SWAL: intercept "esc" button to stop nchan upon window closing - webgui: nchan: delayed command execution - This prevents an empty popup window in certain browsers and devices ## Version 6.11.0 2022-09-23 ### Improvements - With this release there have been many base package updates including several CVE mitigations. - The Linux kernel update includes mitigation for [Processor MMIO stale-data vulnerabilities](https://lwn.net/Articles/898011/). - The plugin system has been refactored so that 'plugin install' can proceed in the background. This alleviates issue where a user may think installation has crashed and closes the window, when actually it has not crashed. - Many other webGUI improvements. - Added support for specifying custom VNC ports in VM manager form editor. Custom port number specified using XML editor will be preserved when switching to forms-based editor. - Spin down for non-rotational devices now places those devices in standby mode if supported by the device. Similarly, spin up, or any I/O to the device will restore normal operation. - Display NVMe device capabilities obtained from SMART info. - Added necessary kernel CONFIG options to support Sr-iov with mellanox connectx4+ cards - Merged Dynamix SSD Trim plugin into Unraid OS webGUI. - Preliminary support for cgroup2. Pass 'unraidcgroup2' on syslinux append line to activate. - Included perl in base distro. ### Bug fixes - Fixed issue in VM manager where VM log can not open when VM name has an embedded '#' character. - Fixed issue where Parity check pause/resume on schedule was broken. - Fixed issue installing registration keys. - Updated 'samba' to address security mitigations. Also should get rid of kernel message complaining about "Attempt to set a LOCK_MAND lock via flock(2)." - Fixed issue switching from 'test' branch to 'next'. - Quit trying to spin down devices which do not support standby mode. - Fixed AD join issued caused by outdated cyras-sasl library - Do not start mcelog daemon if CPU is unsupported (most AMD processors). - Fix nginx not recognizing SSL certificate renewal. - wireguard: check the reachability of the gateway (next-hop) before starting the WG tunnel. - Ignore "ERROR:" strings mixed in "btrfs filesystem show" command output. This solves problem where libblkid could tag a parity disk as having btrfs file system because the place it looks for the "magic number" happens to matches btrfs. Subsequent "btrfs fi" commands will attempt to read btrfs metadata from this device which fails because there really is not a btrfs filesystem there. - Fixed bug in mover that prevented files from being moved from unRAID array to a cache pool (mode Prefer) if the share name contains a space. ## Change Log vs. Unraid OS 6.10.3 #### Management: - Add sha256 checks of un-zipped files in unRAIDServer.plg. - bash: in /etc/profile omit "." (current directory) from PATH - docker: do not call 'docker stop' if there are no running containers - emhttpd: improve standby (spinning) support - mover: fixed issue preventing moving filed from array to cache if share name contains a space - rc.nginx: enable OCSP stapling on certs which include an OCSP responder URL - rc.nginx: compress 'woff' font files and instruct browser to cache - rc.wireguard: add better troubleshooting for WireGuard autostart - rc.S: support early load of plugin driver modules - SMB: fixed 'fruit' settings for the USB Flash boot device - SMB: remove NTLMv1 support since removed from Linux kernel - SMB: (temporarily) move vfs_fruit settings into separate /etc/samba/smb-fruit.conf file - SMB: (temporarily) get rid of Samba 'idmap_hash is deprecated' nag lines - startup: Prevent installing downgraded versions of packages which might exist in /boot/extra - upc: version v1.3.0 - webgui: Plugin system update - Detach frontend and backend operation - Use nchan as communication channel - Allow window to be closed while backend continues - Use SWAL as window manager - Added multi remove ability on Plugins page - Added update all plugins with details - webgui: docker: use docker label as primary source for WebUI - This makes the 'net.unraid.docker.webui' docker label the primary source when parsing the web UI address. If the docker label is missing, the template value will be used instead. - webgui: Update Credits.page - webgui: VM manager: Fix VM log can not open when VM name has an embedded '#' - webgui: Management Access page: add details for self-signed certs - webgui: Parity check: fix regression error - webgui: Remove session creation in scripts - webgui: Update ssh key regex - Add support for ed25519/sk-ed25519 - Remove support for ecdsa (insecure) - Use proper regex to check for valid key types - webgui: misc. style updates - webgui: Management access: HTTP port setting should always be enabled - webgui: Fix: preserve vnc port settings - webgui: Fix regression error in plugin system - webgui: Fix issue installing registration keys - webgui: Highlight case selection when custom image is selected - webgui: fix(upc): v1.4.2 apiVersion check regression - webgui: Update Disk Capabilities pages for NVME drives - webgui: chore(upc): v1.6.0 - webgui: Plugin system and docker update - webgui: System info - style update - webgui: Plugins: keep header buttons in same position - webgui: Prevent overflow in container size for low resolutions - webgui: VM Manager: Add boot order to GUI and CD hot plug function - webgui: Docker Manager: add ability to specify shell with container label. - webgui: fix: Discord notification agent url - webgui: Suppress info icon in banner message when no info is available - webgui: Add Spindown message and use -n for identity if scsi drive. - webgui: Fix SAS Selftest - webgui: Fix plugin multi updates - webgui: UPS display enhancements: - Add icon for each category - Add translation in UPS section on dashboard - Add Output voltage / frequency value - Add coloring depending on settings - Normalize units - Make updates near real-time - Added UPS model field - webgui: JQuery: version 3.6.1 - webgui: JQueryUI: version 1.13.2 - webgui: improved 'cache busting' on font file urls - webgui: Fixed: text color in docker popup window sometimes wrong - webgui: Fixed: show read errors during Read Check - webgui: VM Manager: Add USB Startup policy; add Missing USB support - webgui: Docker: fixed javascript error when no containers exist - webgui: added 3rd party system diagnostics - added diagnostics for third party plugin packages - added diagnostics for /dev/dri devices - added diagnostics for /dev/dvb devices - added diagnostics for nvidia devices #### Linux kernel: - version 5.19.9 (CVE-2022-21123 (CVE-2022-21123 CVE-2022-21125 CVE-2022-21166) - md/unraid: version 2.9.24 - CONFIG_IOMMU_DEFAULT_PASSTHROUGH: Passthrough - CONFIG_VIRTIO_IOMMU: Virtio IOMMU driver - CONFIG_X86_AMD_PSTATE: AMD Processor P-State driver - CONFIG_FIREWIRE: FireWire driver stack - CONFIG_FIREWIRE_OHCI: OHCI-1394 controllers - CONFIG_FIREWIRE_SBP2: Storage devices (SBP-2 protocol) - CONFIG_FIREWIRE_NET: IP networking over 1394 - CONFIG_INPUT_UINPUT: User level driver support - CONFIG_INPUT_JOYDEV: Joystick interface - CONFIG_INPUT_JOYSTICK: Joysticks/Gamepads - CONFIG_JOYSTICK_XPAD: X-Box gamepad support - CONFIG_JOYSTICK_XPAD_FF: X-Box gamepad rumble support - CONFIG_JOYSTICK_XPAD_LEDS: LED Support for Xbox360 controller 'BigX' LED - CONFIG_MLX5_TLS: Mellanox Technologies TLS Connect-X support - CONFIG_MLX5_ESWITCH: Mellanox Technologies MLX5 SRIOV E-Switch suppor - CONFIG_MLX5_CLS_ACT: MLX5 TC classifier action support - CONFIG_MLX5_TC_SAMPLE: MLX5 TC sample offload support - CONFIG_MLXSW_SPECTRUM: Mellanox Technologies Spectrum family support - CONFIG_NET_SWITCHDEV: Switch (and switch-ish) device support - CONFIG_TLS: Transport Layer Security support - CONFIG_TLS_DEVICE: Transport Layer Security HW offload - CONFIG_TLS_TOE: Transport Layer Security TCP stack bypass - CONFIG_VMD: Intel Volume Management Device Driver - added additional sensor drivers: - CONFIG_AMD_SFH_HID: AMD Sensor Fusion Hub - CONFIG_SENSORS_AQUACOMPUTER_D5NEXT: Aquacomputer D5 Next watercooling pump - CONFIG_SENSORS_MAX6620: Maxim MAX6620 fan controller - CONFIG_SENSORS_NZXT_SMART2: NZXT RGB & Fan Controller/Smart Device v2 - CONFIG_SENSORS_SBRMI: Emulated SB-RMI sensor - CONFIG_SENSORS_SHT4x: Sensiron humidity and temperature sensors. SHT4x and compat. - CONFIG_SENSORS_SY7636A: Silergy SY7636A - CONFIG_SENSORS_INA238: Texas Instruments INA238 - CONFIG_SENSORS_TMP464: Texas Instruments TMP464 and compatible - CONFIG_SENSORS_ASUS_WMI: ASUS WMI X370/X470/B450/X399 - CONFIG_SENSORS_ASUS_WMI_EC: ASUS WMI B550/X570 - CONFIG_SENSORS_ASUS_EC: ASUS EC Sensors - patch: add reference to missing firmware in drivers/bluetooth/btrtl.c - rtl8723d_fw.bin - rtl8761b_fw.bin - rtl8761bu_fw.bin - rtl8821c_fw.bin - rtl8822cs_fw.bin - rtl8822cu_fw.bin - CONFIG_BPF_UNPRIV_DEFAULT_OFF: Disable unprivileged BPF by default - patch: quirk for Team Group MP33 M.2 2280 1TB NVMe (globally duplicate IDs for nsid) - turn on all IPv6 kernel options: - CONFIG_INET6_* - CONFIG_IPV6_* - CONFIG_RC_CORE: Remote Controller support - CONFIG_SFC_SIENA: Solarflare SFC9000 support - CONFIG_SFC_SIENA_MCDI_LOGGING: Solarflare SFC9000-family MCDI logging support - CONFIG_SFC_SIENA_MCDI_MON: Solarflare SFC9000-family hwmon support - CONFIG_SFC_SIENA_SRIOV: Solarflare SFC9000-family SR-IOV support - CONFIG_ZRAM: Compressed RAM block device support - CONFIG_ZRAM_DEF_COMP_LZ4: Default ram compressor (lz4) - turn on all EDAC kernel options - CONFIG_EDAC: EDAC (Error Detection And Correction) reporting - CONFIG_EDAC_* #### Base distro: - aaa_base: version 15.1 - aaa_glibc-solibs: version 2.36 - aaa_libraries: version 15.1 - at: version 3.2.3 - bind: version 9.18.6 - btrfs-progs: version 5.19.1 - ca-certificates: version 20220622 - cifs-utils: version 7.0 - coreutils: version 9.1 - cracklib: version 2.9.8 - cryptsetup: version 2.5.0 - curl: version 7.85.0 - cyrus-sasl: version 2.1.28 - dbus: version 1.14.0 - dhcpcd: version 9.4.1 - dmidecode: version 3.4 - docker: version 20.10.17 (CVE-2022-29526 CVE-2022-30634 CVE-2022-30629 CVE-2022-30580 CVE-2022-29804 CVE-2022-29162 CVE-2022-31030) - etc: version 15.1 - ethtool: version 5.19 - eudev: version 3.2.11 - file: version 5.43 - findutils: version 4.9.0 - firefox: version 105.0.r20220922151854-x86_64 (AppImage) - fuse3: version 3.12.0 - gawk: version 5.2.0 - gdbm: version 1.23 - git: version 2.37.3 - glib2: version 2.72.3 - glibc: version 2.36 - glibc-zoneinfo: version 2022c - gnutls: version 3.7.7 - gptfdisk: version 1.0.9 - grep: version 3.8 - gzip: version 1.12 - hdparm: version 9.65 - htop: version 3.2.1 - icu4c: version 71.1 - inotify-tools: version 3.22.6.0 - iperf3: version 3.11 - iproute2: version 5.19.0 - iptables: version 1.8.8 - jemalloc: version 5.3.0 - json-c: version 0.16_20220414 - json-glib: version 1.6.6 - kmod: version 30 - krb5: version 1.20 - libaio: version 0.3.113 - libarchive: version 3.6.1 - libcap-ng: version 0.8.3 - libcgroup: version 3.0.0 - libdrm: version 2.4.113 - libepoxy: version 1.5.10 - libffi: version 3.4.2 - libgcrypt: version 1.10.1 - libgpg-error: version 1.45 - libidn: version 1.41 - libjpeg-turbo: version 2.1.4 - libmnl: version 1.0.5 - libnetfilter_conntrack: version 1.0.9 - libnfnetlink: version 1.0.2 - libnftnl: version 1.2.3 - libnl3: version 3.7.0 - libpng: version 1.6.38 - libssh: version 0.10.4 - libtasn1: version 4.19.0 - libtirpc: version 1.3.3 - liburcu: version 0.13.1 - libusb: version 1.0.26 - libwebp: version 1.2.4 - libxml2: version 2.9.14 - libxslt: version 1.1.36 - libzip: version 1.9.2 - logrotate: version 3.20.1 - lsof: version 4.95.0 - lzip: version 1.23 - mc: version 4.8.28 - mcelog: version 189 - nano: version 6.4 - nfs-utils: version 2.6.2 - nghttp2: version 1.49.0 - nginx: version 1.22.0 - ntfs-3g: version 2022.5.17 - ntp: version 4.2.8p15 - oniguruma: version 6.9.8 - openssh: version 9.0p1 - openssl: version 1.1.1q (CVE-2022-1292 CVE-2022-2097 CVE-2022-2274) - openssl-solibs: version 1.1.1q (CVE-2022-1292) - p11-kit: version 0.24.1 - pciutils: version 3.8.0 - pcre2: version 10.40 - perl: version 5.36.0 - php: version 7.4.30 (CVE-2022-31625 CVE-2022-31626) - pkgtools: version 15.1 - rpcbind: version 1.2.6 - rsync: version 3.2.6 - samba: version 4.17.0 (CVE-2022-2031 CVE-2022-32744 CVE-2022-32745 CVE-2022-32746 CVE-2022-32742) - sqlite: version 3.39.3 - sudo: version 1.9.11p3 - sysfsutils: version 2.1.1 - sysstat: version 12.6.0 - sysvinit-scripts: version 15.1 - talloc: version 2.3.4 - tar: version 1.34 - tevent: version 0.13.0 - tree: version 2.0.2 - util-linux: version 2.38.1 - wayland: version 1.21.0 - wget: version 1.21.3 - xfsprogs: version 5.18.0 - xz: version 5.2.6 - zlib: version 1.2.12