### Version 6.8.3 2020-03-05 Base distro: - btrfs-progs: version 5.4.1 - cryptsetup: version 2.3.0 - mozilla-firefox: version 73.0.1 (CVE-2020-6796, CVE-2020-6797, CVE-2020-6798, CVE-2020-6799, CVE-2020-6800, CVE-2020-6801) - libarchive: version 3.4.2 - libwebsockets: version 3.2.2 - smartmontools: version 7.1 - ttyd: version 20200211 - wireguard-tools: version 1.0.20200206 (build 2) - xfsprogs: version 5.4.0 Linux kernel: - version 4.19.107 (CVE-2020-2732) - kernel-firmware: version 20200207_6f89735 - oot: wireguard: version 0.0.20200215 Management: - rc.docker: Allow host access to containers on IPv6 subnets other then /64 - rc.inet1: add delay to allow bond initialization - smb: add case-sensitiviy config setting per share - webgui: removed obsolete 'Notify My Android' notification agent - webgui: Docker settings: updated help text - webgui: Added "Reboot Now" in banner when OS upgrade is available - webgui: dockerMan: Add Security as a category - webgui: Docker: added container vpn network support: - allow extra parameters using --net= to overrule default network assignment - add vpn containers are referenced by name in network assignment - add update containers reference when vpn container is updated - webgui: Updated: animated spinner logic - webgui: Fixed VM settings: allow to stop service when no hardware support - webgui: Fixed plugin manager - show correct version for "next" branch - webgui: remove 'nl-be' from VM keyboard types - webgui: Dont force single threaded VMs for AMD - webgui: VMs: enable cpu cache passthrough; AMD + multithreaded - webgui: Other miscellaneous updates and css style corrections - webgui: Array button renaming - webgui: Docker: curl connection time to 15s - webgui: Fixed cloning of share attributes - webgui: Updated VMs table styling - webgui: Updated icon fonts - webgui: dockerMan: Add Security as a category - webgui: Block referrals to 3rd Party Sites - webgui: Fix: /mnt/user path transpose for VM disks - webgui: Preserve Reboot Required Notifications across pages - webgui: dockerMan: Preserve \n on overview in basic mode - webgui: diagnostics: Remove plain-text VNC password - webgui: Device Info: added automatic status updating - webgui: Added BTRFS balance mode dropdown options - webgui: Disallow characters incompatible with FAT32 in share names - webgui: Support dropbox/zxcvbn password stregth meter (requires plugin) - webgiu: dockerMan: Security enhancements - webgui: Notifications: Add switch to not send a browser notification - Will be utilized by CA to send a notification, but not have the notification appear on the browser but rather as a banner warning ### Version 6.8.2 2020-01-26 Base distro: - fuse3: version 3.9.0 - php: version 7.3.14 (CVE-2020-7060, CVE-2020-7059) - rpcbind: version 1.2.5 (rebuilt with --enable-rmtcalls option) - ttyd: version 20200120 - wireguard-tools: version 1.0.20200121 Linux kernel: - version 4.19.98 (CVE-2019-14615) - CONFIG_ENIC: Cisco VIC Ethernet NIC Support - removed: CONFIG_IGB: Intel(R) 82575/82576 PCI-Express Gigabit Ethernet support - removed: CONFIG_IGBVF: Intel(R) 82576 Virtual Function Ethernet support - kernel-firmware: version 20200122_1eb2408 - oot: Intel igb: version 5.3.5.42 - oot: wireguard: version 0.0.20200121 Management: - rc.docker: include missing changes to suppoort new setting "Host access to custom networks" - rc.nginx: support custom wildcard SSL certs - webgui: User password: hide base64 conversion - webgui: Select username field when login page is loaded - webgui: login: autocapitalize="none" - webgui: Passphrase printable charcaters only - webgui: Encryption: enforced keyfile selection/deletion when file exists - webgui: Use php json_encode to properly encode notifications - webgui: Changed Delete keyfile button placement - webgui: Detect missing key when keyfile is deleted - webgui: Add Network:VPN as an application category - webgui: further hardening in auth_request.php - webgui: Style adjustment: buttons min-width - webgui: login page favicon now matches the green/yellow/red icon from the other webgui pages - webgui: VM Manager: add 'virtio-win-0.1.173-2' to VirtIO-ISOs list - webgui: Add Network:VPN as an application category - webgui: Network settings: updated help text - webgui: Fix link for Password Recovery on login screen ### Version 6.8.1 2020-01-10 Base distro: - libuv: version 1.34.0 - libvirt: version 5.10.0 - mozilla-firefox: version 72.0.1 (CVE-2019-17026, CVE-2019-17015, CVE-2019-17016, CVE-2019-17017, CVE-2019-17018, CVE-2019-17019, CVE-2019-17020, CVE-2019-17021, CVE-2019-17022, CVE-2019-17023, CVE-2019-17024, CVE-2019-17025) - php: version 7.3.13 (CVE-2019-11044 CVE-2019-11045 CVE-2019-11046 CVE-2019-11047 CVE-2019-11049 CVE-2019-11050) - qemu: version 4.2.0 - samba: version 4.11.4 - ttyd: version 20200102 - wireguard-tools: version 1.0.20200102 Linux kernel: - version 4.19.94 - CONFIG_THUNDERBOLT: Thunderbolt support - CONFIG_INTEL_WMI_THUNDERBOLT: Intel WMI thunderbolt force power driver - CONFIG_THUNDERBOLT_NET: Networking over Thunderbolt cable - kernel_firmware: version 20191218_c4586ff (with additional Intel BT firmware) - oot: Highpoint rr3740a: version v1.19.0_19_04_04 - oot: Highpoint r750: version v1.2.11-18_06_26 [restored] - oot: wireguard: version 0.0.20200105 Management: - add cache-busting params for noVNC url assets - emhttpd: fix cryptsetup passphrase input - network: disable IPv6 for an interface when its settings is "IPv4 only". - webgui: Management page: fixed typos in help text - webgui: VM settings: fixed Apply button sometimes not working - webgui: Dashboard: display CPU load full width when no HT - webgui: Docker: show 'up-to-date' when status is unknown - webgui: Fixed: handle race condition when updating share access rights in Edit User - webgui: Docker: allow to set container port for custom bridge networks - webgui: Better support for custom themes (not perfect yet) - webgui: Dashboard: adjusted table positioning - webgui: Add user name and user description verification - webgui: Edit User: fix share access assignments - webgui: Management page: remove UPnP conditional setting - webgui: Escape shell arg when logging csrf mismatch - webgui: Terminal button: give unsupported warning when Edge/MSIE is used - webgui: Patched vulnerability in auth_request.php - webgui: Docker: added new setting "Host access to custom networks" - webgui: Patched vulnerability in template.php ### Version 6.8.0 2019-12-10 Base distro: - aaa_elflibs: version 15.0 build 16 - acpid: version 2.0.32 - adwaita-icon-theme: version 3.34.3 - at-spi2-atk: version 2.34.1 - at-spi2-core: version 2.34.0 - at: version 3.2.1 - atk: version 2.34.1 - bash: version 5.0.011 - binutils: version 2.33.1 - btrfs-progs: version 5.4 - bzip2: version 1.0.8 - ca-certificates: version 20191130 - cifs-utils: version 6.9 - cpio: version 2.13 - cryptsetup: version 2.2.2 - curl: version 7.67.0 - dbus-glib: version 0.110 - dbus: version 1.12.16 - dhcpcd: version 8.1.2 - docker: version 19.03.5 - e2fsprogs: version 1.45.4 - ebtables: version 2.0.11 - encodings: version 1.0.5 - etc: version 15.0 - ethtool: version 5.3 - expat: version 2.2.9 - file: version 5.37 - findutils: version 4.7.0 - freetype: version 2.10.1 - fuse3: version 3.6.2 - gdbm: version 1.18.1 - gdk-pixbuf2: version 2.40.0 - git: version 2.24.0 - glib2: version 2.62.3 - glibc-solibs: version 2.30 - glibc-zoneinfo: version 2019c - glibc: version 2.30 - glu: version 9.0.1 - gnutls: version 3.6.11.1 - gtk+3: version 3.24.13 - harfbuzz: version 2.6.4 - haveged: version 1.9.8 - hostname: version 3.23 - hwloc: version 1.11.13 - icu4c: version 65.1 - intel-microcode: version 20191115 - iproute2: version 5.4.0 - iptables: version 1.8.4 - iputils: version 20190709 - irqbalance: version 1.6.0 - kernel-firmware: version 20191118_e8a0f4c - keyutils: version 1.6 - less: version 551 - libICE: version 1.0.10 - libX11: version 1.6.9 - libXi: version 1.7.10 - libXt: version 1.2.0 - libarchive: version 3.4.0 - libcap-ng: version 0.7.10 - libcroco: version 0.6.13 - libdrm: version 2.4.99 - libedit: version 20191025_3.1 - libepoxy: version 1.5.4 - libevdev: version 1.7.0 - libevent: version 2.1.11 - libgcrypt: version 1.8.5 - libgudev: version 233 - libidn2: version 2.3.0 - libjpeg-turbo: version 2.0.3 - libnftnl: version 1.1.5 - libnl3: version 3.5.0 - libpcap: version 1.9.1 - libpciaccess: version 0.16 - libpng: version 1.6.37 - libpsl: version 0.21.0 - librsvg: version 2.46.4 - libseccomp: version 2.4.1 - libssh2: version 1.9.0 - libtasn1: version 4.15.0 - libusb: version 1.0.23 - libvirt-php: version 20190803 - libvirt: version 5.8.0 (CVE-2019-10161, CVE-2019-10166, CVE-2019-10167, CVE-2019-10168) - libwebp: version 1.0.3 - libxml2: version 2.9.10 - libxslt: version 1.1.34 - libzip: version 1.5.2 - lm_sensors: version 3.6.0 - logrotate: version 3.15.1 - lsof: version 4.93.2 - lsscsi: version 0.30 - lvm2: version 2.03.07 - lz4: version 1.9.1 - mkfontscale: version 1.2.1 - mozilla-firefox: version 71.0 (CVE-2019-11751, CVE-2019-11746, CVE-2019-11744, CVE-2019-11742, CVE-2019-11736, CVE-2019-11753, CVE-2019-11752, CVE-2019-9812, CVE-2019-11741, CVE-2019-11743, CVE-2019-11748, CVE-2019-11749, CVE-2019-5849, CVE-2019-11750, CVE-2019-11737, CVE-2019-11738, CVE-2019-11747, CVE-2019-11734, CVE-2019-11735, CVE-2019-11740, CVE-2019-11754, CVE-2019-9811, CVE-2019-11711, CVE-2019-11712, CVE-2019-11713, CVE-2019-11714, CVE-2019-11729, CVE-2019-11715, CVE-2019-11716, CVE-2019-11717, CVE-2019-1 1718, CVE-2019-11719, CVE-2019-11720, CVE-2019-11721, CVE-2019-11730, CVE-2019-11723, CVE-2019-11724, CVE-2019-11725, CVE-2019-11727, CVE-2019-11728, CVE-2019-11710, CVE-2019-11709) (CVE-2018-6156, CVE-2019-15903, CVE-2019-11757, CVE-2019-11759, CVE-2019-11760, CVE-2019-11761, CVE-2019-11762, CVE-2019-11763, CVE-2019-11765, CVE-2019-17000, CVE-2019-17001, CVE-2019-17002, CVE-2019-11764) (CVE-2019-11756, CVE-2019-17008, CVE-2019-13722, CVE-2019-11745, CVE-2019-17014, CVE-2019-17009, CVE-2019-17010, CVE-2019-17005, CVE-2019-17011, CVE-2019-17012, CVE-2019-17013) - nano: version 4.6 - ncurses: version 6.1_20191026 - net-tools: version 20181103_0eebece - nettle: version 3.5.1 - network-scripts: version 15.0 - nghttp2: version 1.40.0 - nginx: version 1.16.1 (CVE-2019-9511, CVE-2019-9513, CVE-2019-9516) - nodejs: version 10.16.3 - nss-mdns: version 0.14.1 - ntp: version 4.2.8p13 - openldap-client: version 2.4.48 - openssh: version 8.1p1 - openssl-solibs: version 1.1.1d - openssl: version 1.1.1d - p11-kit: version 0.23.18.1 - pcre2: version 10.34 - php: version 7.3.12 (CVE-2019-11042, CVE-2019-11041) (CVE-2019-11043) - pixman: version 0.38.4 - pkgtools: version 15.0 build 28 - procps-ng: version 3.3.15 - qemu: version 4.1.1 (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091) (CVE-2019-14378, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-12068, CVE-2019-11091) - qrencode: version 4.0.2 - rpcbind: version 1.2.5 - rsyslog: version 8.1908.0 - samba: version 4.11.3 (CVE-2019-10197) (CVE-2019-10197) (CVE-2019-10218, CVE-2019-14833, CVE-2019-14847) (CVE-2019-14861, CVE-2019-14870) - sdparm: version 1.10 - sessreg: version 1.1.2 - setxkbmap: version 1.3.2 - sg3_utils: version 1.44 - shadow: version 4.7 - shared-mime-info: version 1.15 - sqlite: version 3.30.1 - sudo: version 1.8.29 - sysvinit-scripts: version 2.1 - sysvinit: version 2.96 - talloc: version 2.3.0 - tdb: version 1.4.2 - tevent: version 0.10.1 - ttyd: version 20191025 - usbutils: version 012 - util-linux: version 2.34 - wget: version 1.20.3 - wireguard: version 0.0.20191206 - wsdd: version 20180618 build 2 - xauth: version 1.1 - xclock: version 1.0.9 - xfsprogs: version 5.3.0 - xkeyboard-config: version 2.28 - xorg-server: version 1.20.6 - xrandr: version 1.5.1 - xterm: version 351 - xwininfo: version 1.1.5 - zstd: version 1.4.4 Linux kernel: - version 4.19.88 - CONFIG_BINFMT_MISC: Kernel support for MISC binaries - CONFIG_CGROUP_NET_PRIO: Network priority cgroup - CONFIG_DEBUG_FS: Debug Filesystem - CONFIG_DUMMY: Dummy net driver support - CONFIG_HUGETLBFS: HugeTLB file system support - CONFIG_ICE: Intel(R) Ethernet Connection E800 Series Support - CONFIG_IGC: Intel(R) Ethernet Controller I225-LM/I225-V support - CONFIG_IPVLAN: IP-VLAN support - CONFIG_IPVTAP: IP-VLAN based tap driver - CONFIG_IP_VS: IP virtual server support - CONFIG_IP_VS_NFCT: Netfilter connection tracking - CONFIG_IP_VS_PROTO_TCP: TCP load balancing support - CONFIG_IP_VS_PROTO_UDP: UDP load balancing support - CONFIG_IP_VS_RR: round-robin scheduling - CONFIG_MLX5_CORE_IPOIB: Mellanox 5th generation network adapters (connectX series) IPoIB offloads support - CONFIG_NETFILTER_XT_MATCH_IPVS: "ipvs" match support - CONFIG_NET_CLS_CGROUP: Control Group Classifier - CONFIG_SCSI_MQ_DEFAULT: SCSI: use blk-mq I/O path by default - CONFIG_SCSI_SMARTPQI: Microsemi PQI Driver - CONFIG_WIREGUARD: IP: WireGuard secure network tunnel - chelsio: add missing firmware - change schedulers from modules to built-ins - default scheduler now mq-deadline - md/unraid: version 2.9.13 (multi-stream support, do not fail read-ahead, more tunables) - increase BLK_MAX_REQUEST_COUNT from 16 to 32 - oot: Highpoint rr3740a: version: v1.17.0_18_06_15 - oot: Highpoint rsnvme: version v1.2.16_19_05_06 - oot: Highpoint r750 removed (does not work) - oot: Intel ixgbe: version 5.6.5 - oot: Realtek r8125: version 9.002.02 - oot: Tehuti tn40xx: version 0.3.6.17.2 - oot: Tehuti tn40xx: add x3310fw_0_3_4_0_9445.hdr firmware Management: - add 'scheduler' tunable for array devices - auto-mount hugetlbfs to support kernel huge pages - emhttpd: fix improper handling of embedded quote characters in a password - emhttpd: correct footer notifications - emhttpd: do not write /root/keyfile if encryption passphrase provided via webGUI - emhttpd: properly handle encoded passwords - emhttpd: solve deadlock issue with 'emcmd' called from a plugin - extract OS upgrade directly to USB flash - fix btrfs bug where converting from single to multiple pool did not balance metadata to raid1, and converting from multiple to single did not balance metadata back to single. - fix shfs hard link initially reported as enabled but not actually enabled - fstab: mount USB flash boot device with root-only access - nginx.conf: configure all nginx worker threads to run as 'root'. - nginx: disable php session expiration - php: set very long session timeout - samba: if netbios enabled, set 'server min protocol = NT1' - shfs: fix bug not accounting for device(s) not mounted yet - shfs: support FUSE3 API changes; hard links report same st_ino; hard link support configurable - start/stop WireGuard upon server start/shutdown - support WS-Discovery method - support disabling NetBIOS, and set Samba 'min server procotol' and 'min client protocol' to SMB2 if disabled - support forms-based authentication - support mDNS local name resolution via avahi - unRAIDServer.plg (update OS) now executes 'sync -f /boot' instead of full sync at end of update - webgui: Add share access to user edit - webgui: Add shares: slashes are not allowed in share name - webgui: Add support for the self-hosted Gotify notification agent. - webgui: Added 'F1' key to toggle help text - webgui: Added AFP deprecated notice - webgui: Added UPnP to access script (to support WireGuard plugin) - webgui: Added VM XML files to diagnostics - webgui: Added cache and disk type to shares page - webgui: Added conditional UPnP setting on Management page - webgui: Aligned management page layout - webgui: Allow Safari to use websockets - webgui: Allow outside click to close popups - webgui: Change PluginHelpers download to be PHP Curl - webgui: Change dashbord link for mb/mem - webgui: Changed config folder of TELEGRAM - webgui: Dashboard: WG tunnel handshake in days when longer than 24 hours - webgui: Dashboard: add up/down arrows to VPN tunnel traffic - webgui: Dashboard: adjust column width for themes azure/gray - webgui: Dashboard: fix WG direction arrows - webgui: Dashboard: fixed user write + read counts - webgui: Dashboard: show titles without text-transform - webgui: Diagnostics: Adjust for timezone from webGUI - webgui: Diagnostics: Remove OSK info from VM xml - webgui: Do not display error if docker log files manually deleted - webgui: Docker and VM settings: validate path and name input - webgui: Docker: fixed multi container updates display oddity - webgui: Enable notifications by default - webgui: Enhanced display of network settings - webgui: Ensure spinner always ontop - webgui: Expanded help for Use Cache setting - webgui: Fix custom case png not surviving reboot - webgui: Fixed diagnostics errors when array was never started - webgui: Fixed docker container update state - webgui: Fixed misalignment of absent disk on Main page - webgui: Fixed popup window in foreground - webgui: Fixed typo in help text - webgui: Fixed typo in shares settings - webgui: Fixed: footer always on foreground - webgui: Fixed: undo cleanup of disk.png - webgui: Font, Icon and image cleanup - webgui: If a page is loaded via https, prevent it from loading resources via http (ie, block mixed content) - webgui: Improve Use Cache option - webgui: Integrate CAs Plugin Helper - webgui: Made notify script compatible with 6.8 new security scheme - webgui: Main page: consolidate spin up/down action and device status into one - webgui: Modified notify script to allow overriding email recipients in notification settings - webgui: Only create session when user successfully logs in; also enable session.use_strict_mode to prevent session fixation attacks - webgui: Open banner system to 3rd party apps - webgui: Plugin Helpers: Follow redirects on downloads - webgui: Rename docker repositories tab to template repositories - webgui: Revamp Banner Warning System - webgui: Select case correction + replace MD1510 for AVS-10/4 - webgui: Standardize on lang="en" - webgui: Submit passphrases and passwords in base64 format - webgui: Support wireguard plugin in download.php - webgui: Switch download routine to be PHP Curl - webgui: Syslog: allow up to 5 digits port numbers - webgui: Telegram notification agent: enable group chat IDs, update helper description - webgui: Unraid fonts and cases update - webgui: Update ArrayDevices.page help text - webgui: Upgrade noVNC to git commit 9f557f5 - webgui: Use complete HTML documents in popups - webgui: Warning alert for Format operations - webgui: dockerMan - Deprecate TemplateURL - webgui: dockerMan: Redownload Icon if URL changes - webgui: other minor text corrections - webgui: show warning on login page when browser cookies are disabled - webgui: support changed tunables on Disk Settings page