Leaderboard

Welcome (again) to 6.9 release development! This release marks hopefully the last beta before moving to -rc phase. The reason we still mark beta is because we'd like to get wider testing of new multiple-pool feature, as well as perhaps sneak in a couple more refinements. With that in mind, the obligatory disclaimer: Important: Beta code is not fully tested and not feature-complete. We recommend running on test servers only! That said, here's what's new in this release... Multiple Pools This features permits you to define up to 35 named pools, of up to 30 storage devices/pool. The current "cache pool" is now simply a pool named "cache". Pools are created and managed via the Main page. Note: When you upgrade a server which has a cache pool defined, a backup of config/disk.cfg will be saved to config/disk.cfg.bak, and then cache device assignment settings are moved out of disk.cfg and into a new file, config/pools/cache.cfg. If later you revert back to a pre-6.9 Unraid OS release you will lose your cache device assignments and you will have to manually re-assign devices to cache. As long as you reassign the correct devices, data should remain intact. When you create a user share, or edit an existing user share, you can specify which pool should be associated with that share. The assigned pool functions identically to current cache pool operation. Something to be aware of: when a directory listing is obtained for a share, the unRAID array disk volumes and all pools which contain that share are merged in this order: pool assigned to share disk1 : disk28 all the other pools in strverscmp() order. As with the current "cache pool", a single-device pool may be formatted with either xfs, btrfs, or reiserfs. A multiple-device pool may only be formatted with btrfs. A future release will include support for multiple "unRAID array" pools. We are also considering zfs support. Something else to be aware of: Let's say you have a 2-device btrfs pool. This will be what btrfs calls "raid1" and what most people would understand to be "mirrored disks". Well this is mostly true in that the same data exists on both disks but not necessarily at the block-level. Now let's say you create another pool, and what you do is unassign one of the devices from the existing 2-device btrfs pool and assign it to this pool. Now you have x2 1-device btrfs pools. Upon array Start user might understandably assume there are now x2 pools with exactly the same data. However this is not the case. Instead, when Unraid OS sees that a btrfs device has been removed from an existing multi-device pool, upon array Start it will do a 'wipefs' on that device so that upon mount it will not be included in the old pool. This of course effectively deletes all the data on the moved device. Language Translation A huge amount of work and effort has been implemented by @bonienl to provide multiple-language support in the Unraid OS Management Utility, aka, webGUI. There are several language packs now available, and several more in the works. Thanks to @Squid, language packs are installed via the Community Applications plugin - look for a new category entitled Language. Note: Community Applications HAS to be up to date to install languages. Versions of CA prior to 2020.05.12 will not even load on this release. As of this writing, the current version of CA is 2020.06.13a. See also here. Each language pack exists in public Unraid organization github repos. Interested users are encouraged to clone and issue Pull Requests to correct translations errors. Language translations and PR merging is managed by @SpencerJ. Linux Kernel Upgraded to 5.7. Unfortunately, none of the out-of-tree drivers compile with this kernel. In particular, these drivers are omitted: Highpoint RocketRaid r750 Highpoint RocketRaid rr3740a Tehuti Networks tn40xx If you require one of these drivers, please create a Bug Report and we'll spend some time looking for alternatives. Better yet, pester the manufacturer of the controller and get them to update their drivers. Base Packages All updated to latest versions. In addition, Linux PAM has been integrated. This will permit us to install 2-factor authentication packages in a future release. Docker Updated to version 19.03.11 Also now possible to select different icons for multiple containers of the same type. This change necessitates a re-download of the icons for all your installed docker applications. A delay when initially loading either the dashboard or the docker tab while this happens is to be expected prior to the containers showing up. Virtualization libvirt updated to version 6.4.0 qemu updated to version 5.0.0 In addition, integrated changes to System Devices page by user @Skitals with modifications by user @ljm42. You can now select PCI devices to isolate from Linux upon boot simply by checking some boxes. This makes it easier to reserve those devices for assignment to VM's. Note: If you had the VFIO-PCI Config plugin installed, you should remove it as that functionality is now built-in to Unraid OS 6.9. Refer also @ljm42's excellent guide. In a future release we will include the NVIDIA and AMD GPU drivers natively into Unraid OS. The primary use case is to facilitate accelerated transcoding in docker containers. For this we require Linux to detect and auto-install the appropriate driver. However, in order to reliably pass through an NVIDIA or AMD GPU to a VM, it's necessary to prevent Linux from auto-installing a GPU driver for those devices upon boot, which can be easily done now through System Devices page. Users passing GPU's to VM's are encouraged to set this up now. "unexpected GSO errors" If your system log is being flooded with errors such as: Jun 20 09:09:21 Tower kernel: tun: unexpected GSO type: 0x0, gso_size 31, hdr_len 66 You need to edit each VM and change the model type for the Ethernet bridge from "virtio" to "virtio-net". In most cases this can be accomplished simply by clicking Update in "Form View" on the VM Edit page. For other network configs it may be necessary to directly edit the xml. For example: <interface type='bridge'> <mac address='xx:xx:xx:xx:xx:xx'/> <source bridge='br0'/> <model type='virtio-net'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/> </interface> Other AFP support has been removed. Numerous other Unraid OS and webGUI bug fixes and improvements. Version 6.9.0-beta22 2020-06-16 Caution! This is beta sofware, consider using on test servers only. Base distro: aaa_base: version 14.2 aaa_elflibs: version 15.0 build 23 acl: version 2.2.53 acpid: version 2.0.32 apcupsd: version 3.14.14 at: version 3.2.1 attr: version 2.4.48 avahi: version 0.8 bash: version 5.0.017 beep: version 1.3 bin: version 11.1 bluez-firmware: version 1.2 bridge-utils: version 1.6 brotli: version 1.0.7 btrfs-progs: version 5.6.1 bzip2: version 1.0.8 ca-certificates: version 20191130 build 1 celt051: version 0.5.1.3 cifs-utils: version 6.10 coreutils: version 8.32 cpio: version 2.13 cpufrequtils: version 008 cryptsetup: version 2.3.3 curl: version 7.70.0 cyrus-sasl: version 2.1.27 db48: version 4.8.30 dbus: version 1.12.18 dcron: version 4.5 devs: version 2.3.1 build 25 dhcpcd: version 8.1.9 diffutils: version 3.7 dmidecode: version 3.2 dnsmasq: version 2.81 docker: version 19.03.11 dosfstools: version 4.1 e2fsprogs: version 1.45.6 ebtables: version 2.0.11 eject: version 2.1.5 elvis: version 2.2_0 etc: version 15.0 ethtool: version 5.7 eudev: version 3.2.5 file: version 5.38 findutils: version 4.7.0 flex: version 2.6.4 floppy: version 5.5 fontconfig: version 2.13.92 freetype: version 2.10.2 fuse3: version 3.9.1 gawk: version 4.2.1 gd: version 2.2.5 gdbm: version 1.18.1 genpower: version 1.0.5 getty-ps: version 2.1.0b git: version 2.27.0 glib2: version 2.64.3 glibc-solibs: version 2.30 glibc-zoneinfo: version 2020a build 1 glibc: version 2.30 gmp: version 6.2.0 gnutls: version 3.6.14 gptfdisk: version 1.0.5 grep: version 3.4 gtk+3: version 3.24.20 gzip: version 1.10 harfbuzz: version 2.6.7 haveged: version 1.9.8 hdparm: version 9.58 hostname: version 3.23 htop: version 2.2.0 icu4c: version 67.1 inetd: version 1.79s infozip: version 6.0 inotify-tools: version 3.20.2.2 intel-microcode: version 20200609 iproute2: version 5.7.0 iptables: version 1.8.5 iputils: version 20190709 irqbalance: version 1.6.0 jansson: version 2.13.1 jemalloc: version 4.5.0 jq: version 1.6 keyutils: version 1.6.1 kmod: version 27 lbzip2: version 2.5 lcms2: version 2.10 less: version 551 libaio: version 0.3.112 libarchive: version 3.4.3 libcap-ng: version 0.7.10 libcgroup: version 0.41 libdaemon: version 0.14 libdrm: version 2.4.102 libedit: version 20191231_3.1 libestr: version 0.1.11 libevent: version 2.1.11 libfastjson: version 0.99.8 libffi: version 3.3 libgcrypt: version 1.8.5 libgpg-error: version 1.38 libgudev: version 233 libidn: version 1.35 libjpeg-turbo: version 2.0.4 liblogging: version 1.0.6 libmnl: version 1.0.4 libnetfilter_conntrack: version 1.0.8 libnfnetlink: version 1.0.1 libnftnl: version 1.1.7 libnl3: version 3.5.0 libpcap: version 1.9.1 libpciaccess: version 0.16 libpng: version 1.6.37 libpsl: version 0.21.0 librsvg: version 2.48.7 libseccomp: version 2.4.3 libssh2: version 1.9.0 libssh: version 0.9.4 libtasn1: version 4.16.0 libtirpc: version 1.2.6 libunistring: version 0.9.10 libusb-compat: version 0.1.5 libusb: version 1.0.23 libuv: version 1.34.0 libvirt-php: version 0.5.5 libvirt: version 6.4.0 libwebp: version 1.1.0 libwebsockets: version 3.2.2 libx86: version 1.1 libxml2: version 2.9.10 libxslt: version 1.1.34 libzip: version 1.7.0 lm_sensors: version 3.6.0 logrotate: version 3.16.0 lshw: version B.02.17 lsof: version 4.93.2 lsscsi: version 0.31 lvm2: version 2.03.09 lz4: version 1.9.1 lzip: version 1.21 lzo: version 2.10 mc: version 4.8.24 miniupnpc: version 2.1 mpfr: version 4.0.2 nano: version 4.9.3 ncompress: version 4.2.4.6 ncurses: version 6.2 net-tools: version 20181103_0eebece nettle: version 3.6 network-scripts: version 15.0 build 9 nfs-utils: version 2.1.1 nghttp2: version 1.41.0 nginx: version 1.16.1 nodejs: version 13.12.0 nss-mdns: version 0.14.1 ntfs-3g: version 2017.3.23 ntp: version 4.2.8p14 numactl: version 2.0.11 oniguruma: version 6.9.1 openldap-client: version 2.4.49 openssh: version 8.3p1 openssl-solibs: version 1.1.1g openssl: version 1.1.1g p11-kit: version 0.23.20 patch: version 2.7.6 pciutils: version 3.7.0 pcre2: version 10.35 pcre: version 8.44 php: version 7.4.7 (CVE-2019-11048) pixman: version 0.40.0 pkgtools: version 15.0 build 33 pm-utils: version 1.4.1 procps-ng: version 3.3.16 pv: version 1.6.6 qemu: version 5.0.0 qrencode: version 4.0.2 reiserfsprogs: version 3.6.27 rpcbind: version 1.2.5 rsync: version 3.1.3 rsyslog: version 8.2002.0 samba: version 4.12.3 (CVE-2020-10700, CVE-2020-10704) sdparm: version 1.11 sed: version 4.8 sg3_utils: version 1.45 shadow: version 4.8.1 shared-mime-info: version 2.0 smartmontools: version 7.1 spice: version 0.14.1 sqlite: version 3.32.2 ssmtp: version 2.64 sudo: version 1.9.0 sysfsutils: version 2.1.0 sysvinit-scripts: version 2.1 build 31 sysvinit: version 2.96 talloc: version 2.3.1 tar: version 1.32 tcp_wrappers: version 7.6 tdb: version 1.4.3 telnet: version 0.17 tevent: version 0.10.2 traceroute: version 2.1.0 tree: version 1.8.0 ttyd: version 20200606 usbredir: version 0.7.1 usbutils: version 012 utempter: version 1.2.0 util-linux: version 2.35.2 vbetool: version 1.2.2 vsftpd: version 3.0.3 wget: version 1.20.3 which: version 2.21 wireguard-tools: version 1.0.20200513 wsdd: version 20180618 xfsprogs: version 5.6.0 xkeyboard-config: version 2.30 xorg-server: version 1.20.8 xterm: version 356 xz: version 5.2.5 yajl: version 2.1.0 zlib: version 1.2.11 zstd: version 1.4.5 Linux kernel: version 5.7.2 CONFIG_WIREGUARD: WireGuard secure network tunnel CONFIG_IP_SET: IP set support CONFIG_SENSORS_DRIVETEMP: Hard disk drives with temperature sensors enabled additional hwmon native drivers enabled additional hyperv drivers firmware added: BCM20702A1-0b05-180a.hcd out-of-tree driver status: igb: using in-tree version ixgbe: using in-tree version r8125: using in-tree version r750: (removed) rr3740a: (removed) tn40xx: (removed) Management: AFP support removed Multiple pool support added Multi-language support added avoid sending spinup/spindown to non-rotational devices get rid of 'system' plugin support (never used) integrate PAM integrate ljm42 vfio-pci script changes webgui: turn off username autocomplete in login form webgui: Added new display setting: show normalized or raw device identifiers webgui: Add 'Portuguese (pt)' key map option for libvirt webgui: Added "safe mode" one-shot safemode reboot option webgui: Tabbed case select window webgui: Updated case icons webgui: Show message when too many files for browsing webgui: Main page: hide Move button when user shares are not enabled webgui: VMs: change default network model to virtio-net webgui: Allow duplicate containers different icons webgui: Allow markdown within container descriptions webgui: Fix Banner Warnings Not Dismissing without reload of page webgui: Network: allow metric value of zero to set no default gateway webgui: Network: fix privacy extensions not set webgui: Network settings: show first DNSv6 server webgui: SysDevs overhaul with vfio-pci.cfg binding webgui: Icon buttons re-arrangement webgui: Add update dialog to docker context menu webgui: Update Feedback.php webgui: Use update image dialog for update entry in docker context menu webgui: Task Plugins: Providing Ability to define Display_Name

A different way of announcing RC releases. Instead of having a series of topics: Unraid OS version 6.11.0-rc1 available Unraid OS version 6.11.0-rc2 available etc. We'll have a single topic: Unraid OS version 6.11.0-rc series And also lock the topic so there can be no direct replies. When another RC is published, then we will add a post to the topic that specifies the changes vs. the previous RC release. If there are N rc releases there will be N posts in the topic. An exception might occur if another developer wanted to add a post providing more detail for a specific change. There are two reasons I want to make this change: First is to simplify and streamline my release workflow since we want to move to smaller, more frequent releases. Second, is to get away from people posting bug reports and other issues right in the release topic. Instead we would like you to post separate reports for bugs and other issues. Our philosophy up until now has been to make it as easy as possible for someone to give us feedback, hence leaving the release topics open for reply. But this has always been a problem and as the OS becomes more and more complex this is becoming a larger issue. So let's give this a try. Comments welcome (this topic is not locked LOL).

Since I can remember Unraid has never been great at simultaneous array disk performance, but it was pretty acceptable, since v6.7 there have been various users complaining for example of very poor performance when running the mover and trying to stream a movie. I noticed this myself yesterday when I couldn't even start watching an SD video using Kodi just because there were writes going on to a different array disk, and this server doesn't even have a parity drive, so did a quick test on my test server and the problem is easily reproducible and started with the first v6.7 release candidate, rc1. How to reproduce: -Server just needs 2 assigned array data devices (no parity needed, but same happens with parity) and one cache device, no encryption, all devices are btrfs formatted -Used cp to copy a few video files from cache to disk2 -While cp is going on tried to stream a movie from disk1, took a long time to start and would keep stalling/buffering Tried to copy one file from disk1 (still while cp is going one on disk2), with V6.6.7: with v6.7rc1: A few times transfer will go higher for a couple of seconds but most times it's at a few KB/s or completely stalled. Also tried with all unencrypted xfs formatted devices and it was the same: Server where problem was detected and test server have no hardware in common, one is based on X11 Supermicro board, test server is X9 series, server using HDDs, test server using SSDs so very unlikely to be hardware related.

6.10.0 Summary of New Features As always, prior to updating, create a backup of your USB flash device: "Main/Flash/Flash Device Settings" - click "Flash Backup". UPC and My Servers Plugin The most visible new feature is located in the upper right of the webGUI header. We call this the User Profile Component, or UPC. The UPC allows a user to associate their server(s) and license key(s) with their Unraid Community forum account. Starting with this release, it will be necessary for a new user to either sign-in with existing forum credentials or sign-up, creating a new account via the UPC in order to download a Trial key. All key purchases and upgrades are also handled exclusively via the UPC. Signing-in provides these benefits: No more reliance on email and having to copy/paste key file URLs in order to install a license key - keys are delivered and installed automatically to your server. Notification of critical security-related updates. In the event a serious security vulnerability has been discovered and patched, we will send out a notification to all email addresses associated with registered servers. Ability to install the My Servers plugin (see below). Posting privilege in a new set of My Servers forum boards. Once a license key has been provisioned, it is not necessary to remain signed-in, though there is no particular reason to sign-out. Exception: if you have installed the My Servers plugin, signed-in servers will maintain a websocket connection to a Lime Technology cloud server for the purpose of transmitting real-time status. My Servers Plugin My Servers is what we call our set of cloud-based or cloud-enabled services and features that integrate with your Unraid server(s). Once installed here are some of the features of My Servers: My Servers Dashboard - when logged into the forum a new My Servers menu item appears. Clicking this brings up a Dashboard which displays a set of tiles representing each signed-in server. Here you can see real-time status such as whether the server is online or offline, storage utilization and other information. In addition, links are created to bring up a server webGUI, either locally on the LAN or remotely over the Internet (if Remote Access has been enabled). flash backup - every registered server is provided with a private git repo initially populated with the contents of your USB flash boot device (except for certain files which contain private information such as passwords). Thereafter, configuration changes are automatically committed. Through the My Servers webApp it's possible to download a custom zip file that can be fed as input to the USB Flash Creator tool to move your configuration to a new USB flash device. License key download - Again, through the My Servers webApp you can download your license key directly. My Servers is an optional add-on, installed through Community Apps or via direct plugin URL. Detailed instructions can be found here. Security Changes It is now mandatory to define a root password. We also created a division in the Users page to distinguish root from other user names. The root UserEdit page includes a text box for pasting SSH authorized keys. For new configurations, the flash share default export setting is No. For all new user shares, the default export setting is No. For new configurations, SMBv1 is disabled by default. For new configurations, telnet, ssh, and ftp are disabled by default. We removed certain strings from Diagnostics such as passwords found in the 'go' file. Virtualization Both libvirt and qemu have been updated. In addition qemu has been compiled with OpenGL support. The built-in FireFox browser available in GUI-mode boot is built as an AppImage and located in the bzfirmware compressed file system image. This saves approximately 60MB of RAM. The Wireguard plugin has been integrated into webGUI, that is, no need for the plugin. If you had the plugin installed previously, it will be uninstalled and moved to the "Plugins/Plugin File Install Errors" page. No action is needed unless you want to press the Delete button to remove it from that page. Your WireGuard tunnels and settings will be preserved. Simplified installation of the Community Apps plugin. The webGUI automatically includes the Apps menu item, and if CA is not already installed, the page offers an Install button. No need to hunt for the plugin link. Let's Encrypt SSL provisioning change. In previous releases code that provisions (allocates and downloads) a LE SSL certificate would first test if DNS Rebinding Protection was enforced on the user's LAN; and, if so, would not provision the certificate. Since there are other uses for a LE certificate we changed the code so that provision would always proceed. Next, we changed the logic behind the Auto selection of "Use SSL/TLS" setting on the Management Access page. Now it is only possible to select Auto if both a LE certificate has been provisioned and DNS Rebinding Protection is not enforced. This is a subtle change but permits certain My Servers features such as Remote Access. Linux Kernel Upgrade to Linux 5.13.8 kernel which includes so-called Sequoia vulnerability mitigation. In-tree GPU drivers are now loaded by default if corresponding hardware is detected: amdgpu ast i915 radeon These drivers are required mostly for motherboard on-board graphics used in GUI boot mode. Loading of a driver can be prohibited by creating the appropriate file named after the driver: echo "blacklist i915" > /boot/config/modprobe.d/i915.conf Alternately, the device can be isolated from Linux entirely via the System Devices page. Note that in Unraid OS 6.9 releases the in-tree GPU drivers are blacklisted by default and to enabling loading a driver you need to create an empty "conf" file. After upgrading to Unraid OS 6.10 you may delete those files, or leave them as-is. This change was made to greatly improve the Desktop GUI experience for new users. Added support for Intel GVT-g, which lets you split your Intel i915 iGPU into multiple virtual GPUs and pass them through to multiple VMs, using @ich777's Intel-GVT-g plugin. Added support for gnif/vendor-reset. This simplifies @ich777's AMD Vendor Reset plugin which permits users to get their AMD video cards to reset properly. Base Packages Virtually the entire base package set has been updated. Other improvements available in 6.10, which are maybe not so obvious to spot from the release notes and some of these improvements are internal and not really visible: Event driven model to obtain server information and update the webGUI in real-time The advantage of this model is its scalability. Multiple browsers can be opened simultaneously to the webGUI without much impact In addition stale browser sessions won't create any CSRF errors anymore People who keep their browser open 24/7 will find the webGUI stays responsive at all times Docker labels Docker labels are added to allow people using Docker compose to make use of icons and GUI access Look at a Docker 'run' command output to see exactly what labels are used Docker custom networks A new setting for custom networks is available. Originally custom networks are created using the macvlan mode, and this mode is kept when upgrading to version 6.10 The new ipvlan mode is introduced to battle the crashes some people experience when using macvlan mode. If that is your case, change to ipvlan mode and test. Changing of mode does not require to reconfigure anything on Docker level, internally everything is being taken care off. Docker bridge network (docker0) docker0 now supports IPv6. This is implemented by assigning docker0 a private IPv6 subnet (fd17::/64), similar to what is done for IPv4 and use network translation to communicate with the outside world Containers connected to the bridge network now have both IPv4 and IPv6 connectivity (of course the system must have IPv6 configured in the network configuration) In addition several enhancements are made in the IPv6 implementation to better deal with the use (or no-use) of IPv6 Plugins page The plugins page now loads information in two steps. First the list of plugins is created and next the more time consuming plugin status field is retrieved in the background. The result is a faster loading plugins page, especially when you have a lot of plugins installed Dashboard graphs The dashboard has now two graphs available. The CPU graph is displayed by default, while the NETWORK graph is a new option under Interface (see the 'General Info' selection) The CPU graph may be hidden as well in case it is not desired Both graphs have a configurable time-line, which is by default 30 seconds and can be changed independently for each graph to see a longer or shorter history. Graphs are updated in real-time and are useful to observe the behavior of the server under different circumstances Other Changes We switched to a better-maintained version of the WSD server component called wsdd2 in an effort to eliminate instances where the wsd daemon would start consuming 100% of a CPU core. Fixed issue where you couldn't create a docker image on a share name that contains a space. Fixed issue where 'mover' would not move to a pool name that contains a space. Fixed issue in User Share file system where permissions were not being honored. We increased the font size in Terminal. Many other small bug fixes and improvements. Credits Special thanks to all our beta testers and especially: @bonienl for his continued refinement and updating of the Dynamix webGUI. @Squid for continued refinement of Community Apps and associated feed. @dlandon for continued refinement of Unassigned Devices plugin and patience as we change things under the hood. @ich777 for assistance and passing on knowledge of Linux kernel config changes to support third party drivers and other kernel-related functionality via plugins. @SimonF for refinements to System Devices page and other webGUI improvements. We intend to merge your mover progress changes during this RC series. Version 6.10.0-rc1 2021-08-07 Base distro: aaa_base: version 15.0 aaa_glibc-solibs: version 2.33 aaa_libraries: version 15.0 acl: version 2.3.1 acpid: version 2.0.32 adwaita-icon-theme: version 40.1.1 apcupsd: version 3.14.14 appres: version 1.0.5 at: version 3.2.2 at-spi2-atk: version 2.38.0 at-spi2-core: version 2.40.3 atk: version 2.36.0 attr: version 2.5.1 avahi: version 0.8 bash: version 5.1.008 beep: version 1.3 bin: version 11.1 bind: version 9.16.19 bluez-firmware: version 1.2 bridge-utils: version 1.7.1 brotli: version 1.0.9 btrfs-progs: version 5.13.1 bzip2: version 1.0.8 ca-certificates: version 20210526 cairo: version 1.16.0 celt051: version 0.5.1.3 cifs-utils: version 6.13 coreutils: version 8.32 cpio: version 2.13 cpufrequtils: version 008 cracklib: version 2.9.7 cryptsetup: version 2.3.6 curl: version 7.78.0 cyrus-sasl: version 2.1.27 db48: version 4.8.30 dbus: version 1.12.20 dbus-glib: version 0.112 dcron: version 4.5 dejavu-fonts-ttf: version 2.37 devs: version 2.3.1 dhcpcd: version 8.1.9 diffutils: version 3.8 dmidecode: version 3.3 dnsmasq: version 2.85 docker: version 20.10.6 dosfstools: version 4.2 e2fsprogs: version 1.46.3 ebtables: version 2.0.11 editres: version 1.0.7 eject: version 2.1.5 elogind: version 246.10 elvis: version 2.2_0 encodings: version 1.0.5 etc: version 15.0 ethtool: version 5.13 eudev: version 3.2.10 file: version 5.40 findutils: version 4.8.0 flex: version 2.6.4 floppy: version 5.5 fluxbox: version 1.3.7 fontconfig: version 2.13.92 freeglut: version 3.2.1 freetype: version 2.11.0 fribidi: version 1.0.10 fuse3: version 3.10.4 gawk: version 5.1.0 gd: version 2.3.2 gdbm: version 1.20 gdk-pixbuf2: version 2.42.6 genpower: version 1.0.5 getty-ps: version 2.1.0b git: version 2.32.0 glew: version 2.2.0 glib2: version 2.68.3 glibc: version 2.33 glibc-zoneinfo: version 2021a glu: version 9.0.2 gmp: version 6.2.1 gnutls: version 3.6.16 gptfdisk: version 1.0.8 graphite2: version 1.3.14 grep: version 3.6 gtk+3: version 3.24.30 gzip: version 1.10 harfbuzz: version 2.8.2 haveged: version 1.9.14 hdparm: version 9.62 hicolor-icon-theme: version 0.17 hostname: version 3.23 htop: version 3.0.5 hwloc: version 2.2.0 icu4c: version 69.1 imlib2: version 1.7.1 inetd: version 1.79s infozip: version 6.0 inih: version 53 inotify-tools: version 3.20.11.0 iproute2: version 5.13.0 iptables: version 1.8.7 iputils: version 20210722 irqbalance: version 1.7.0 jansson: version 2.13.1 jemalloc: version 5.2.1 jq: version 1.6 json-c: version 0.15_20200726 keyutils: version 1.6.3 kmod: version 29 krb5: version 1.19.2 lbzip2: version 2.5 less: version 590 libICE: version 1.0.10 libSM: version 1.2.3 libX11: version 1.7.2 libXau: version 1.0.9 libXaw: version 1.0.14 libXcomposite: version 0.4.5 libXcursor: version 1.2.0 libXdamage: version 1.1.5 libXdmcp: version 1.1.3 libXevie: version 1.0.3 libXext: version 1.3.4 libXfixes: version 6.0.0 libXfont: version 1.5.2 libXfont2: version 2.0.5 libXfontcache: version 1.0.5 libXft: version 2.3.4 libXi: version 1.7.10 libXinerama: version 1.1.4 libXmu: version 1.1.3 libXpm: version 3.5.13 libXrandr: version 1.5.2 libXrender: version 0.9.10 libXres: version 1.2.1 libXt: version 1.2.1 libXtst: version 1.2.3 libXxf86dga: version 1.1.5 libXxf86misc: version 1.0.4 libXxf86vm: version 1.1.4 libaio: version 0.3.112 libarchive: version 3.5.1 libcap-ng: version 0.8.2 libcgroup: version 0.41 libdaemon: version 0.14 libdmx: version 1.1.4 libdrm: version 2.4.107 libedit: version 20210714_3.1 libepoxy: version 1.5.8 libestr: version 0.1.9 libevdev: version 1.11.0 libevent: version 2.1.12 libfastjson: version 0.99.9 libffi: version 3.3 libfontenc: version 1.1.4 libgcrypt: version 1.9.3 libglvnd: version 1.3.3 libgpg-error: version 1.42 libgudev: version 236 libidn: version 1.38 libjpeg-turbo: version 2.1.0 liblogging: version 1.0.6 libmnl: version 1.0.4 libnetfilter_conntrack: version 1.0.8 libnfnetlink: version 1.0.1 libnftnl: version 1.2.0 libnl3: version 3.5.0 libpcap: version 1.10.1 libpciaccess: version 0.16 libpng: version 1.6.37 libpsl: version 0.21.1 libpthread-stubs: version 0.4 libseccomp: version 2.5.1 libssh: version 0.9.5 libssh2: version 1.9.0 libtasn1: version 4.17.0 libtiff: version 4.3.0 libtiff: version 4.3.0 libtirpc: version 1.3.2 libunistring: version 0.9.10 libunwind: version 1.5.0 libusb: version 1.0.24 libusb-compat: version 0.1.7 libuv: version 1.41.0 libvirt: version 7.3.0 libvirt-php: version 0.5.5 libwebp: version 1.2.0 libwebsockets: version 4.2.0 libx86: version 1.1 libxcb: version 1.14 libxkbcommon: version 1.3.0 libxkbfile: version 1.1.0 libxml2: version 2.9.12 libxshmfence: version 1.3 libxslt: version 1.1.34 libzip: version 1.8.0 listres: version 1.0.4 lm_sensors: version 3.6.0 lmdb: version 0.9.29 logrotate: version 3.18.1 lshw: version B.02.19.2 lsof: version 4.94.0 lsscsi: version 0.32 lvm2: version 2.03.12 lz4: version 1.9.3 lzip: version 1.22 lzo: version 2.10 mc: version 4.8.26 miniupnpc: version 2.1 mkfontscale: version 1.2.1 mpfr: version 4.1.0 mtdev: version 1.1.6 nano: version 5.8 ncompress: version 5.0 ncurses: version 6.2_20201219 net-tools: version 20181103_0eebece nettle: version 3.7.3 network-scripts: version 15.0 nfs-utils: version 2.5.4 nghttp2: version 1.44.0 nginx: version 1.19.9 nss-mdns: version 0.14.1 ntfs-3g: version 2017.3.23 ntp: version 4.2.8p15 numactl: version 2.0.13 oniguruma: version 6.9.7 openssh: version 8.6p1 openssl: version 1.1.1k openssl-solibs: version 1.1.1k p11-kit: version 0.24.0 pam: version 1.5.1 pango: version 1.48.7 patch: version 2.7.6 pciutils: version 3.7.0 pcre: version 8.45 pcre2: version 10.37 php: version 7.4.18 pixman: version 0.40.0 pkgtools: version 15.0 procps-ng: version 3.3.17 pv: version 1.6.6 qemu: version 6.0.0 qrencode: version 4.1.1 reiserfsprogs: version 3.6.27 rpcbind: version 1.2.5 rsync: version 3.2.3 rsyslog: version 8.2102.0 sakura: version 3.5.0 samba: version 4.12.15 sdparm: version 1.12 sed: version 4.8 sessreg: version 1.1.2 setxkbmap: version 1.3.2 sg3_utils: version 1.46 shadow: version 4.8.1 shared-mime-info: version 2.1 slim: version 1.3.6 smartmontools: version 7.2 spice: version 0.15.0 sqlite: version 3.36.0 ssmtp: version 2.64 startup-notification: version 0.12 sudo: version 1.9.7p2 sysfsutils: version 2.1.0 sysvinit: version 2.99 sysvinit-scripts: version 15.0 talloc: version 2.3.2 tar: version 1.34 tcp_wrappers: version 7.6 tdb: version 1.4.5 telnet: version 0.17 tevent: version 0.11.0 traceroute: version 2.1.0 transset: version 1.0.2 tree: version 1.8.0 ttyd: version 20210507 usbredir: version 0.8.0 usbutils: version 013 utempter: version 1.2.0 util-linux: version 2.37.1 vbetool: version 1.2.2 vsftpd: version 3.0.5 vte3: version 0.50.2 wayland: version 1.19.0 wget: version 1.21.1 which: version 2.21 wireguard-tools: version 1.0.20210424 wsdd2: version 1.8.3.2 xauth: version 1.1 xcb-util: version 0.4.0 xclock: version 1.0.9 xdpyinfo: version 1.3.2 xdriinfo: version 1.0.6 xev: version 1.2.4 xf86-input-evdev: version 2.10.6 xf86-input-keyboard: version 1.9.0 xf86-input-mouse: version 1.9.3 xf86-input-synaptics: version 1.9.1 xf86-video-ast: version 1.1.5 xf86-video-mga: version 2.0.0 xf86-video-vesa: version 2.5.0 xfsprogs: version 5.12.0 xhost: version 1.0.8 xinit: version 1.4.1 xkbcomp: version 1.4.5 xkbevd: version 1.1.4 xkbutils: version 1.0.4 xkeyboard-config: version 2.33 xkill: version 1.0.5 xload: version 1.1.3 xlsatoms: version 1.1.3 xlsclients: version 1.1.4 xmessage: version 1.0.5 xmodmap: version 1.0.10 xorg-server: version 1.20.13 xprop: version 1.2.5 xrandr: version 1.5.1 xrdb: version 1.2.0 xrefresh: version 1.0.6 xset: version 1.2.4 xsetroot: version 1.1.2 xsm: version 1.0.4 xterm: version 368 xtrans: version 1.4.0 xwd: version 1.0.8 xwininfo: version 1.1.5 xwud: version 1.0.5 xxHash: version 0.8.0 xz: version 5.2.5 yajl: version 2.1.0 zlib: version 1.2.11 zstd: version 1.5.0 Linux kernel: version 5.13.8 (CVE-2021-33909 CVE-2021-33910) CONFIG_USB4: Unified support for USB4 and Thunderbolt CONFIG_USB4_NET: Networking over USB4 and Thunderbolt cables CONFIG_DRM_I915_GVT: Enable Intel GVT-g graphics virtualization host support CONFIG_DRM_I915_GVT_KVMGT: Enable KVM/VFIO support for Intel GVT-g CONFIG_VFIO_MDEV: Mediated device driver framework CONFIG_VFIO_MDEV_DEVICE: VFIO driver for Mediated devices CONFIG_FTRACE: Tracers CONFIG_FUNCTION_TRACER: Kernel Function Tracer CONFIG_KPROBES: Kprobes CONFIG_DEBUG_KERNEL: Kernel debugging CONFIG_KALLSYMS_ALL: Include all symbols in kallsyms CONFIG_X86_X32: removed md_unraid: version 2.9.18 Management: emhttp new defaults: - root password required - newly created shares not exported by default - predefined 'flash' share not exported by default - ftp, ssh, telnet: disabled by default - NetBIOS disabled by default - WSD enabled (and using newer 'wsdd2' package) - Enhanced macOS interoperability enabled mover: fix bug not moving shares with embedded spaces shfs: fix bug where permissions being ingored ('default_permissions' was missing in mount command) webgui: support simultanious LAN SSL with self-signed cert and DNS-based SSL with Lets Encrypt cert webgui: Suppress non-relevant IPv6 routes in routing table webgui: Fixed smart temperature settings sometimes not possible webgui: Add internal container reference webgui: Diagnostics: Remove lines from go containing passwords etc webgui: Better translation of docker container variables webgui: Fix monitor false positives webgui: Allow ruleset for local rules in rsyslog.conf webgui: Include links in email and Discord agent notifications webgui: Allow all notification agents to send links webgui: Validate WebGUI ports before applying webgui: Add vmxnet3 and e1000 into available NICs for VMs webgui: Error checking etc on ports for syslog server webgui: Check for flash offline / quick check on if it is corrupted webgui: Only allow png files to be uploaded as user image webgui: Diagnostics: Revamp anonymization webgui: Add WireGuard GUI webgui: Update DashStats.page webgui: Bug fix in DashStats webgui: Fix corruption check after a New Config is issued webgui: Update alert text webgui: Translation support (Unraid.net) webgui: WireGuard: preset peer DNS server with "Remote tunneled access" webgui: Plugins page loading improvements webgui: Docker page loading improvements webgui: Make WireGuard trademark visible on "full" page webgui: Replace polling scripts with event driven Nchan interface webgui: Improved format of stale and error plugin pages webgui: Docker: Add crypto as a category webgui: Dashboard: add CPU and NETWORK chart webgui: Docker: compress too long author names webgui: Convert notify polling to Nchan webgui: Docker: process bash ANSI colors in web log display webgui: dockerMan: remove HTML from descriptions webgui: SSH authorized keys UI webgui: Device_list replace .png icon with font icon webgui: Compress too long share names in dropdown menus webgui: Show management access and shares access groups for users webgui: Added "User 'root'" reference on Management Access page webgui: Show warning when javascript is disabled webgui: Force creation of root password webgui: Edit/Add Container: Fix browser console error webgui: WireGuard: warn when directly connected with public IP webgui: Fix network bonding display webgui: Add tracking after system shutdown webgui: Added notify when plugin fails to install webgui: Add Apps link to install CA webgui: Diagnostics: Add share summary webgui: Suppress IPv6 anycast addresses in routing table webgui: Diagnostics: Add share summary webgui: Diagnostics: Include current plugin versions webgui: Diagnostics: add DHCP log webgui: Diagnostics fix plugin deprecated max version error webgui: Docker: Support CA tag webgui: Delete DockerRepositories.page webgui: dockerMan Security: Remove HTML tags from Config elements webgui: When viewing source, identify which .page file is responsible webgui: System devices additions webgui: Create syslog entry when user logs out webgui: privatize host in diagnostics webgui: Create favicon.ico webgui: Update Credits.page

As always, prior to updating, create a backup of your USB flash device: "Main/Flash/Flash Device Settings" - click "Flash Backup". Besides bug fixing, most of the work in this release is related to upgrading to the Linux 5.9 kernel where, due to kernel API changes, it has become necessary to move device spin-up/down and spin-up group handling out of the md/unraid driver and have it handled entirely in user space. This also let us fix an issue where device spin-up of devices in user-defined pools was executed serially instead of in parallel. We should also now be able to properly support SAS device spin-up/down (finally) and with extraordinary help from @doron we are almost there. SAS devices are generally designed for enterprise environments where device spin-down is rare, and many devices have inconsistent behavior surrounding this functionality. This release itself does not include SAS device spin handling built-in but @doron is providing a plugin where we continue to address some nagging details. We expect to have this ironed out before stable release. Along with re-work of device spin control, we have also integrated spin-up/down and temperature monitoring for unassigned devices. We have coordinated with @dlandon to ensure proper integration with the Unassigned Devices plugin. If you've read this far, and you are using the Unassigned Devices plugin, please remove it first before upgrading and then re-install UD via Community Apps. Since we have not identified any data loss bugs related to the user-defined pools feature, I have removed the -beta designation and we now enter the -rc phase. Our plan is for this to be relatively short and limited to squashing bugs. We are in the process of writing up more thorough release notes in preparation for stable release. A lot of exciting changes and features are coming to Unraid OS and I want to thank everyone for participating in our Pre-release program! Version 6.9.0-rc1 2020-12-09 (vs -beta35) Base distro: aaa_elflibs: version 15.0 build 27 hdparm: version 9.60 icu4c: version 68.1 intel-microcode: version 20201118 kernel-firmware: version 20201130_7455a36 nginx: version 1.19.5 openssh: version 8.4p1 pam: version 1.5.1 php: version 7.4.13 samba: version 4.12.10 xfsprogs: version 5.9.0 Linux kernel: version 5.9.13 md/unraid: version 2.9.17 removed spinup group spinup/spdindown support (functionality moved to emhttpd) added configurable sync start offset added iSCSI kernel support: CONFIG_ISCSI_TARGET: Linux-iSCSI.org iSCSI Target Mode Stack CONFIG_ISCSI_TARGET_CXGB4: Chelsio iSCSI target offload driver CONFIG_LOOPBACK_TARGET: TCM Virtual SAS target and Linux/SCSI LDD fabric loopback module CONFIG_NVME_TARGET: NVMe Target support CONFIG_NVME_TARGET_LOOP: NVMe loopback device support CONFIG_NVME_TARGET_PASSTHRU: NVMe Target Passthrough support CONFIG_TARGET_CORE: Generic Target Core Mod (TCM) and ConfigFS Infrastructure CONFIG_TCM_FILEIO: TCM/FILEIO Subsystem Plugin for Linux/VFS CONFIG_TCM_IBLOCK: TCM/IBLOCK Subsystem Plugin for Linux/BLOCK CONFIG_TCM_PSCSI: TCM/pSCSI Subsystem Plugin for Linux/SCSI CONFIG_TCM_USER2: TCM/USER Subsystem Plugin for Linux added USB/IP kernel support: CONFIG_USBIP_CORE: USB/IP support CONFIG_USBIP_VHCI_HCD: VHCI hcd Management: emhttpd: implement spinup group spinup/spindown; add spinup/spindown callouts emhttpd: get rid of poll_attributes event emhttpd: fix disk "SMART controller type" not being honored when reading temperatures rsyslog: fix broken "Mirror syslog to flash" webgui: Fix wrong docker run URL reference webgui: Fix crash when reading very large log files (limiting output to 1000 lines). webgui: Fix dismiss all notification webgui: Fix Started VMs not appearing in dashboard webgui: VM manager: add virtio-win-0.1.190-1 webgui: Notifications: Fix gap on white / black webgui: Do not show CA profiles in Add Container list webgui: support spin-up/down and temperature monitoring of unassigned devices webgui: VM manager: Fix: Changing from VM VNC graphics to GPU passthrough webgui: Change Icon for Motherboard Info from cog (settings) to info

The 6.12 release includes initial ZFS support in addition to the usual set of bug fixes, kernel, and package updates. Please create new topics here in this board to report Bugs or other Issues. As always, prior to updating, create a backup of your USB flash device: "Main/Flash/Flash Device Settings" - click "Flash Backup". Note regarding plugins: This release includes upgrading PHP from v7.4 to v8.2.3, necessary for continued PHP security updates. We recommend you upgrade all your plugins before updating the OS, and be aware that any plugin which hasn't been updated recently (with a comment about PHP 8 in the change logs) may not work correctly. You may want to uninstall that plugin until the author has had time to update it. Plugin authors are aware of necessary changes and many plugins have already been updated. If you encounter an issue with a plugin, please create a nice post in the plugins support topic. Special thanks to all our beta testers and especially: @bonienl for his continued refinement and updating of the Dynamix webGUI. @Squid for continued refinement of Community Apps and associated feed. @dlandon for continued refinement of Unassigned Devices plugin. @ich777 for continued support of third-party drivers, recommendations for base OS enhancements and beta testing. @JorgeB for rigorous testing of the storage subsystem and helping us understand ZFS nuances, of which there are many. @SimonF for curating our VM Manager and adding some very nice enhancements. Thanks to everyone above and our Plugin Authors for identifying and putting up with all the changes which came about from upgrading PHP from v7 to v8. Finally a big Thank You! to @steini84 who brought ZFS to Unraid via plugin several years ago. Version 6.12.0-rc1 2023-03-14 If you created any zpools using 6.12.0-beta5 please Erase those pools and recreate. If you revert back from 6.12 to 6.11.5 or ealier, you have to force update all your Docker containers and start them manually after downgrading. This is necessary because of the underlying change to cgroup v2 in 6.12.0-rc1. ZFS Pools New in this release is the ability to create a ZFS file system in a user-defined pool. In addition you may format any data device in the unRAID array with a single-device ZFS file system. We are splitting full ZFS implementation across two Unraid OS releases. Initial support in this release includes: Support raid0, mirror, raidz1, raidz2 and raidz3 root profiles. Up to 4 devices in a mirror vdev. Multiple vdev groups. Support removing single device: if device still present in server, 'wipefs' is used to clear the partition table. Support replacing single missing device with a new device of same or larger size. Support pool rename. Pool names must begin with a lowercase letter and only contain lowercase letters, digits, the underscore and dash. Pool names must not end with a digit. Non-root vdev cannot be configured in this release, however, they can be imported. Pools created on other systems may or may not import depending on how the the pool was created. A future update will permit importing pools from any system. A ZFS pool has three variables: profile - the root data organization: raid0, mirror, raidz1, raidz2, raidz3 width - the number of devices per root vdev groups - the number of root vdevs in the pool At time of ZFS pool creation, the webGUI will present all topology options based on the number of devices assigned to the pool. Special treatment for root single-vdev mirrors: A single-device ZFS pool can be converted to multiple-device mirror by adding up to 3 additional devices in one operation. A 2-device mirror can be increased to 3-device by adding a single device; similarly a 3-device mirror can be increased to 4-device mirror by adding a single device. To add an additional root vdev, you must assign 'width' number of new devices to the pool at the same time. The new vdev will be created with the same 'profile' as the existing vdevs. Additional flexibility in adding/expanding vdevs will be provided in a future update. Pools created with the 'steini84' plugin can be imported as follows: First create a new pool with the number of slots corresponding to the number of devices in the pool to be imported. Next assign all the devices to the new pool. Upon array Start the pool should be recognized, though certain zpool topologies may not be recognized (please report). Mixed topologies are not supported. For example, a pool with both a mirror root vdev and a raidz root vdev is not recognized. Autotrim can be configured as "on" or "off" (except for single-device ZFS volumes in the unRAID array). Compression can be configured as "on" or "off", where "on" selects "lz4". Future update will permit specifying other algorithms/levels. When creating a new ZFS pool you may choose "zfs - encrypted", which, like other encrypted volumes, applies device-level encryption via LUKS. ZFS native encryption is not supported at this time. During system boot, the file /etc/modprobe.d/zfs.conf is auto-generated to limit the ZFS ARC to 1/8 of installed memory. This can be overridden if necessary by creating a custom 'config/modprobe.d/zfs.conf' file. Future update will include ability to configure the ARC via webGUI, including auto-adjust according to memory pressure, e.g., VM start/stop. btrfs pools Autotrim can be configured as "on" or "off" when used in a pool. Compression can be configured as "on" or "off". "on" selects "zstd". Future update to permit specifying other algorithms/levels. xfs Autotrim can be configured as "on" or "off" when used as a single-slot pool. Docker CreateDocker: changed label "Docker Hub URL" to "Registry URL" because of GHCR and other new container registries becoming more and more popular. Honor user setting of stop time-out. Accept images in OCI format. Add option to disable readmore-js on container table VM Manager If you enable copy/paste for virtual consoles you need to install additional software on the client in addition to the QEMU agent if that has been installed. Here is the location for spice-vdagent for both Windows and Linux. Note copy/paste function will not work with web spice viewer you need to use virt-viewer. Add Serial option to vdisk. Spice Bug fix for users with non standard GUI ports defined. OVMF for QEMU: version stable202302 Fix for bus text. Enable copy paste option for virtual consoles Update Memory Backup processing for Virtiofs. Fix lockup when no VMs are present Add support for rtl8139 network model. fix translation omission added lock/unlock for sortable items Fix for Spice Mouse if Copy paste enabled. Dashboard The webGUI Dashboard has been redesigned, and it is now possible to move elements (tiles) up and down and between columns. This allows the user to organize the tiles in any way they desire. There is a small "lock" icon on the menu bar which must be clicked to enable this function. Note: The "lock" icon also appears on the Docker and VM pages and must be clicked to rearrange the startup order. Linux kernel version 6.1.19 md/unraid: version 2.9.27 CONFIG_FS_DAX: File system based Direct Access (DAX) support CONFIG_VIRTIO_FS: Virtio Filesystem CONFIG_ZONE_DEVICE: Device memory (pmem, HMM, etc...) hotplug support CONFIG_USBIP_HOST: Host driver CONFIG_INTEL_MEI: Intel Management Engine Interface CONFIG_INTEL_MEI_ME: ME Enabled Intel Chipsets CONFIG_INTEL_MEI_GSC: Intel MEI GSC embedded device CONFIG_INTEL_MEI_PXP: Intel PXP services of ME Interface CONFIG_INTEL_MEI_HDCP: Intel HDCP2.2 services of ME Interface CONFIG_DRM_I915_PXP: Enable Intel PXP support CONFIG_SCSI_FC_ATTRS: FiberChannel Transport Attributes CONFIG_FUSION_SPI: Fusion MPT ScsiHost drivers for SPI CONFIG_FUSION_FC: Fusion MPT ScsiHost drivers for FC CONFIG_FUSION_CTL: Fusion MPT misc device (ioctl) driver CONFIG_FUSION_LOGGING: Fusion MPT logging facility Base Distro aaa_glibc-solibs: version 2.37 adwaita-icon-theme: version 43 at-spi2-core: version 2.46.0 bash: version 5.2.015 bind: version 9.18.12 btrfs-progs: version 6.2.1 ca-certificates: version 20221205 cryptsetup: version 2.6.1 curl: version 7.88.1 dbus: version 1.14.6 diffutils: version 3.9 dnsmasq: version 2.89 docker: version 20.10.23 e2fsprogs: version 1.47.0 encodings: version 1.0.7 file: version 5.44 freetype: version 2.13.0 fuse3: version 3.12.0 gawk: version 5.2.1 git: version 2.39.2 glib2: version 2.74.6 glibc: version 2.37 glibc-zoneinfo: version 2022g gnutls: version 3.7.9 gptfdisk: version 1.0.9 gtk+3: version 3.24.37 harfbuzz: version 7.1.0 htop: version 3.2.2 iproute2: version 6.2.0 iptables: version 1.8.9 iputils: version 20221126 less: version 612 libICE: version 1.1.1 libSM: version 1.2.4 libX11: version 1.8.4 libXau: version 1.0.11 libXcomposite: version 0.4.6 libXdamage: version 1.1.6 libXdmcp: version 1.1.4 libXpm: version 3.5.15 libXrandr: version 1.5.3 libXres: version 1.2.2 libXxf86dga: version 1.1.6 libarchive: version 3.6.2 libdrm: version 2.4.115 libfontenc: version 1.1.7 libglvnd: version 1.6.0 libjpeg-turbo: version 2.1.5.1 libpcap: version 1.10.3 libpng: version 1.6.39 libpsl: version 0.21.2 libwebp: version 1.3.0 libxkbcommon: version 1.5.0 libxkbfile: version 1.1.2 libxshmfence: version 1.3.2 lmdb: version 0.9.30 logrotate: version 3.21.0 lsof: version 4.98.0 lz4: version 1.9.4 lzlib: version 1.13 mc: version 4.8.29 mcelog: version 191 mpfr: version 4.2.0 nano: version 7.2 ncurses: version 6.4 nginx: version 1.23.3 nghttp2: version 1.52.0 openssh: version 9.2p1 openssl: version 1.1.1t openssl-solibs: version 1.1.1t openzfs: version 2.1.9 pango: version 1.50.14 pciutils: version 3.9.0 pcre2: version 10.42 php: version 8.2.3 php-libvirt: version 0.5.7 php-markdown: version 2.0.0 samba: version 4.17.4 sqlite: version 3.41.0 sudo: version 1.9.13p2 sysstat: version 12.7.2 tdb: version 1.4.8 tevent: version 0.14.1 traceroute: version 2.1.2 transset: version 1.0.3 tree: version 2.1.0 usbutils: version 015 xcb-util: version 0.4.1 xdriinfo: version 1.0.7 xf86-video-vesa: version 2.6.0 xfsprogs: version 5.13.0 xhost: version 1.0.9 xinit: version 1.4.2 xkbcomp: version 1.4.6 xkeyboard-config: version 2.38 xorg-server: version 21.1.7 xprop: version 1.2.6 xrandr: version 1.5.2 xset: version 1.2.5 xterm: version 379 xz: version 5.4.1 zstd: version 1.5.4 Misc cgroup2 now the default do not mount loopback images using directio Patch upgradepkg to prevent replacing existing package with older version. NFS: enable UPD transport emhttp: fix cache pool (null) syslog strings emhttp: fix cache pool display wrong device size for selected replacement device mover: fixed bug: improper handling of symlinks shfs: igonore top-level hidden directoris (names beginning with '.') wireguard: add SSL support for WG tunnel IP addresses (myunraid.net wildcard certs only) webgui: support PHP8, increase PHP max memory from 128M to 256M webgui: ManagementAccess: Disable Provision/Renew/Upgrade buttons when no IP on eth0 webgui: ManagementAccess: Support wireguard local IP addresses in combination with myservers.unraid.net SSL cert webgui: Move "view" icon on Main and Shares page to the left webgui: Dashboard: fix regression error in "select case" webgui: Dashboard: make items moveable between columns webgui: Keep dismissed banners hidden for a month webgui: Dashboard: API for adding custom tiles webgui: Dashboard: rearrange processor information webgui: Dashboard: rearrange UPS info webgui: Dashboard: rearrange memory info webgui: Dashboard: VPN header rearrangement webgui: Dashboard: header rearrangements webgui: Add jqueryUI touch punch for mobile devices webgui: Changed ID to CLASS for elements occurring more than once webgui: Make header in white and black themes scrollable When more items are present than screen space, the user can now scroll through them (previously these items were invisible) webgui: Dashboard and Docker: introduce lock button for sortable items By default sortable items are locked, which allows mobile devices to scroll the page. Upon request items can be made sortable webgui: Users: add icon to title bar webgui: Tools: new function -> PHP Settings View PHP info Configure error reporting Open LOG to see errors in real-time webgui: System info: fix reading inactive ports webgui: Plugin: Include the actual command, being executed webgui: System info: cache enhancement webgui: System info: memory enhancement webgui: DeviceInfo: disable buttons when erase operation is running webgui: Docker: filetree corrections webgui: Fixed: Dashboard: show heat alarm per pool webgui: Notifications: revised operation Autoclose new notifications after 3 seconds Fix notifications reappearing after closure webgui: DeviceList: add FS type in offline state webgui: Add notification agent for Bark webgui: Main: hide browse icon when disk is not mounted webgui: Diagnostics: add additional btrfs and zfs info webgui: Dashboard: add ZFS memory usage webgui: Revised New Permissions Select either disks or shares (not both) webgui: Add testparm to diagnostics webgui: Support new UD reserved mount point of /mnt/addons

6.10.0 Summary of Changes and New Features As always, prior to updating, create a backup of your USB flash device: "Main/Flash/Flash Device Settings" - click "Flash Backup". [rc3] Plugin Authors: We patched the upgradepkg script to prevent it from replacing an installed package with an earlier version of the same package, i.e., no downgrading. If a plugin really needs to replace a package with a downgraded version it can include the '--reinstall' option. Also be sure to check out the Dynamix File Manager plugin available now through Community Apps! UPC and My Servers Plugin The most visible new feature is located in the upper right corner of the webGUI header. We call this the User Profile Component, or UPC. The UPC allows a user to associate their server(s) and license key(s) with their Unraid Community forum account, also known as an Unraid.net account. Starting with this release, it will be necessary for a new user to either sign-in with existing forum credentials or sign-up, creating a new account via the UPC in order to download a Trial key. All key purchases and upgrades are also handled exclusively via the UPC. Signing-in provides these benefits: My Servers Dashboard - when logged into the forum a new My Servers menu item appears. Clicking this brings up a Dashboard which displays a set of tiles representing servers associated with this account. Each tile includes a link to bring up the servers webGUI on your LAN. Install the My Servers plugin to provide real-time status and other advanced features (see below). Notification of critical security-related updates. In the event a serious security vulnerability has been discovered and patched, we will send out a notification to all email addresses associated with registered servers. Posting privilege in a new set of My Servers forum boards. No more reliance on email and having to copy/paste key file URLs in order to install a license key - keys are delivered and installed automatically to your server. Once a license key has been provisioned, it is not necessary to remain signed-in, though there is no particular reason to sign-out. My Servers Plugin My Servers is what we call our set of cloud-based or cloud-enabled services and features that integrate with your Unraid server(s). Once installed here are some of the features of My Servers: Real-time Status - with the plugin installed each server tile on the My Servers Dashboard will display real-time status such as whether the server is online or offline, storage utilization and other information. Remote Access link - if enabled, a link is displayed on the My Servers Dashboard to bring up a server webGUI remotely and over the Internet. Automatic Flash Backup - every registered server is provided with a private git repo initially populated with the contents of your USB flash boot device (except for certain files which contain private information such as passwords). Thereafter, configuration changes are automatically committed. A link is provided to download a custom zip file that can be fed as input to the USB Flash Creator tool to move your configuration to a new USB flash device. My Servers is an optional add-on, installed through Community Apps or via direct plugin URL. Detailed instructions can be found here. If you have installed the My Servers plugin, signed-in servers will maintain a websocket connection to a cloud-based Lime Technology proxy server for the purpose of relaying real-time status. Security Changes It is now mandatory to define a root password. We also created a division in the Users page to distinguish root from other user names. The root UserEdit page includes a text box for pasting SSH authorized keys. For new configurations, the flash share default export setting is No. For all new user shares, the default export setting is No. For new configurations, SMBv1 is disabled by default. For new configurations, telnet, ssh, and ftp are disabled by default. We removed certain strings from Diagnostics such as passwords found in the 'go' file. Virtualization Both libvirt and qemu have been updated. In addition, qemu has been compiled with OpenGL support, and [rc2] ARM emulation (experimental). [rc2] To support Windows 11 which requires TPM and Secure boot, we have added TPM emulation; and, added a "Windows 11" VM template which automatically selects TPM-aware OVMF bios. Also, here are instructions for upgrading a Windows 10 VM to Windows 11. Special thanks to @ich777 who researched and determined what changes and components were necessary to provide this functionality. The built-in Firefox browser available in GUI-mode boot is built as an AppImage and located in the bzfirmware compressed file system image. This saves approximately 60MB of RAM. The Wireguard plugin has been integrated into webGUI, that is, no need for the plugin. If you had the plugin installed previously, it will be uninstalled and moved to the "Plugins/Plugin File Install Errors" page. No action is needed unless you want to press the Delete button to remove it from that page. Your WireGuard tunnels and settings will be preserved. Simplified installation of the Community Apps plugin. The webGUI automatically includes the Apps menu item, and if CA is not already installed, the page offers an Install button. No need to hunt for the plugin link. [rc3] Moving to Let's Encrypt wildcard SSL certificates. Starting with this release, we no longer issue new single-host SSL certificates (which we're calling legacy certificates). Instead, all new Unraid.net SSL certificates are wildcard certificates (still provided by Let's Encrypt). In order to provision a new wildcard certificate, or upgrade a legacy certificate, you must be signed-in to Unraid.net. You do not need to be signed-in however, to have either type of certificate automatically renewed when it is within 30 days of expiration. The URL used to access your server making use of a wildcard certificate has this form: https://[lan-ip].[hash].myunraid.net where, [lan-ip] is your severs LAN IP address with dots changed to dashes [hash] is a 40-character hex string (160 bits) unique to this server (and different from similar [hash] in legacy certificates) example: https://192-168-100-1.af01305221921f93aabae93f13800dcea41dc681e.myunraid.net We added a new DDNS server which listens at "myunraid.net". This server extracts [lan-ip] from the domain name and returns the IP address where the dashes are changed back into dots. There are several benefits to this approach for both our users and for us: Eliminates DNS propagation delays when you first provision a certificate or when a server LAN IP address (or WAN IP address) changes. Since the domain name includes the IP address, any IP address change also changes the domain name, hence will not be contained in any intermediate DNS cache. We also changed the TTL from 1 hour to 7 days further reducing overhead and alleviating issues where someone's internet goes down for brief periods. Improves privacy because your remote access WAN IP address can't be determined by simply prepending "www" to your local access URL. Moves DNS functionality off the 'unraid.net' domain and isolates it on 'myunraid.net' domain. In previous releases code that provisions (allocates and downloads) an Unraid.net SSL certificate would first test if DNS Rebinding Protection was enforced on the user's LAN; and, if so, would not provision the certificate. Since there are other uses for a LE certificate we changed the code so that provision would always proceed. Next, we changed the logic behind the Auto selection of "Use SSL/TLS" setting on the Management Access page. Now it is only possible to select Auto if both a LE certificate has been provisioned and DNS Rebinding Protection is not enforced. This is a subtle change but permits certain My Servers features such as Remote Access. Upon upgrading, you will need to modify any server bookmarks with new the URL; however, if you server is signed-in to Unraid.net then the My Servers dashboard maintains the correct Local Access URL for each of your servers. More information including use cases may be found in Documentation here. Linux Kernel Upgrade to [rc3] Linux 5.15.27 kernel which includes so-called Sequoia and Dirty Pipe vulnerability mitigations. In-tree GPU drivers are now loaded by default if corresponding hardware is detected: amdgpu ast i915 radeon These drivers are required mostly for motherboard on-board graphics used in GUI boot mode. Loading of a driver can be prohibited by creating the appropriate file named after the driver: echo "blacklist i915" > /boot/config/modprobe.d/i915.conf Alternately, the device can be isolated from Linux entirely via the System Devices page. Note that in Unraid OS 6.9 releases the in-tree GPU drivers are blacklisted by default and to enabling loading a driver you need to create an empty "conf" file. After upgrading to Unraid OS 6.10 you may delete those files, or leave them as-is. This change was made to greatly improve the Desktop GUI experience for new users. Added support for Intel GVT-g, which lets you split your Intel i915 iGPU into multiple virtual GPUs and pass them through to multiple VMs, using @ich777's Intel-GVT-g plugin. Added support for gnif/vendor-reset. This simplifies @ich777's AMD Vendor Reset plugin which permits users to get their AMD video cards to reset properly. [rc2] Added so-called "add-relaxable-rmrr-5_8_and_up.patch" modified for our kernel https://github.com/kiler129/relax-intel-rmrr/blob/master/patches/add-relaxable-rmrr-5_8_and_up.patch Thanks to @ich777 for pointing this out. [rc2] Enabled additional ACPI kernel options [rc2] Updated out-of-tree drivers [rc2] Enabled TPM kernel modules (not utilized yet) - note this is for Unraid host utilizing physical TPM, not emulated TPM support for virtual machnes. Base Packages Virtually the entire base package set has been updated. [rc2] For SMB: Samba version 4.15 SMB3 multi-channel is no longer marked "experimental" and is enabled by default. [rc2] Per request we added the mcelog package. With inclusion of this package, if you have an AMD processor you may see this error message in the system log: mcelog: ERROR: AMD Processor family 23: mcelog does not support this processor. Please use the edac_mce_amd module instead. We're not sure what to make of this. It appears mcelog is being deprecated in favor of rasdaemon. This is something we need to research further. Other improvements available in 6.10, which are maybe not so obvious to spot from the release notes and some of these improvements are internal and not really visible: Event driven model to obtain server information and update the webGUI in real-time The advantage of this model is its scalability. Multiple browsers can be opened simultaneously to the webGUI without much impact In addition stale browser sessions won't create any CSRF errors anymore People who keep their browser open 24/7 will find the webGUI stays responsive at all times [rc3] Consistent state information is maintained across all browser instances open to a particular server Docker labels Docker labels are added to allow people using Docker compose to make use of icons and GUI access Look at a Docker 'run' command output to see exactly what labels are used Docker custom networks A new setting for custom networks is available. Originally custom networks are created using the macvlan mode, and this mode is kept when upgrading to version 6.10 The new ipvlan mode is introduced to battle the crashes some people experience when using macvlan mode. If that is your case, change to ipvlan mode and test. Changing of mode does not require to reconfigure anything on Docker level, internally everything is being taken care off. Docker bridge network (docker0) docker0 now supports IPv6. This is implemented by assigning docker0 a private IPv6 subnet (fd17::/64), similar to what is done for IPv4 and use network translation to communicate with the outside world Containers connected to the bridge network now have both IPv4 and IPv6 connectivity (of course the system must have IPv6 configured in the network configuration) In addition several enhancements are made in the IPv6 implementation to better deal with the use (or no-use) of IPv6 Plugins page The plugins page now loads information in two steps. First the list of plugins is created and next the more time consuming plugin status field is retrieved in the background. The result is a faster loading plugins page, especially when you have a lot of plugins installed Dashboard graphs The dashboard has now two graphs available. The CPU graph is displayed by default, while the NETWORK graph is a new option under Interface (see the 'General Info' selection) The CPU graph may be hidden as well in case it is not desired Both graphs have a configurable time-line, which is by default 30 seconds and can be changed independently for each graph to see a longer or shorter history. Graphs are updated in real-time and are useful to observe the behavior of the server under different circumstances Scheduler Improvements [rc3] You can now split a parity check into smaller pieces and let it run over multiple days or weeks. For example a check can be performed in a time frame of 01:00am to 06:00am for several days in a row until it is completed. This way a long parity check won’t interfere with the normal day activities, like watching a movie. [rc3] Added ability to schedule pool 'balance' and 'scrub' operations and calculate whether a full balance is recommended. Other Changes We switched to a better-maintained version of the WSD server component called wsdd2 in an effort to eliminate instances where the wsd daemon would start consuming 100% of a CPU core. [rc2] Automatically restrict wsdd to listen only at the primary network interface (br0, bond0, or eth0, depending on config). Fixed issue where you couldn't create a docker image on a share name that contains a space. Fixed issue where 'mover' would not move to a pool name that contains a space. Fixed issue in User Share file system where permissions were not being honored. We increased the font size in Terminal and [rc2] fixed issue with macOS Monterey. [rc2] Fixed jumbo frames not working. [rc2] sysctl: handle net.netfilter.nf_conntrack_count max exceeded (increase setting to 131072) - hattip to Community Member @DieFalse [rc2] Mover will create '.partial' file and then rename upon completion. [rc2] Check bz file sha256sums at boot time. [rc3] Fixed bug found by @thohell where md_sync_limit was not being honored to limit stripe_head cache usage when other I/O is active. The effect of this fix is to drastically slow down parity operations if other I/O is happening (such as streaming a video). Throttling of parity sync operations can be adjusted by changing the 'Settings/Disk Settings/Tunable (md_sync_limit)' value. [rc3] Fixed btrfs pool device replace corner cases. Important note: if you 'unassign' a device from a btrfs multiple-device pool, and that device is still physically present, upon array Start we will erase the LUKS header on the device if present, and delete the partition structure, thereby effectively erasing all the data contained on the device. This is necessary in order to convince btrfs to no longer use the device and to free it for assignment to another pool. [rc3] For cookies managed by webGUI, changed sameSite cookie attribute from 'strict' to 'lax'. This change was made to solve an issue with Terminal window not opening in Safari. Credits Special thanks to all our beta testers and especially: @bonienl for his continued refinement and updating of the Dynamix webGUI. @Squid for continued refinement of Community Apps and associated feed. @dlandon for continued refinement of Unassigned Devices plugin and patience as we change things under the hood. @ich777 for assistance and passing on knowledge of Linux kernel config changes to support third party drivers and other kernel-related functionality via plugins. @SimonF for refinements to System Devices page and other webGUI improvements. We intend to merge your mover progress changes during this RC series. @thohell for an extra set of eyes looking at md/unraid driver and for work-in-progress of adding changes to support multiple Unraid arrays. Version 6.10.0-rc3 2022-03-09 (vs. 6.10.0-rc2) Base distro: bash: version 5.1.016 bind: version 9.16.24 btrfs-progs: version 5.15.1 ca-certificates: version 20211216 cryptsetup: version 2.4.3 curl: version 7.81.0 e2fsprogs: version 1.46.5 ethtool: version 5.15 freetype: version 2.11.1 gawk: version 5.1.1 git: version 2.34.1 glib2: version 2.70.2 gtk+3: version 3.24.31 harfbuzz: version 3.2.0 haveged: version 1.9.16 htop: version 3.1.2 intel-microcode: version 20220207 iproute2: version 5.15.0 iputils: version 20211215 kernel-firmware: version 20220228_ee0667a libX11: version 1.7.3.1 libdrm: version 2.4.109 libevdev: version 1.12.0 libgpg-error: version 1.43 libjpeg-turbo: version 2.1.2 libnftnl: version 1.2.1 libtasn1: version 4.18.0 libvirt: version 7.10.0 mcelog: version 180 nano: version 6.0 nginx: version 1.21.5 with nchan: version 1.2.15 oniguruma: version 6.9.7.1 openssl: version 1.1.1m openssl-solibs: version 1.1.1m pcre2: version 10.39 php: version 7.4.28 (CVE-2021-21708) qemu: version 6.2.0 samba: version 4.15.5 (CVE-2021-44141 CVE-2021-44142 CVE-2022-0336) sg3_utils: version 1.47 sqlite: version 3.37.2 wayland: version 1.20.0 wsdd2: version 20111022 xauth: version 1.1.1 xfsprogs: version 5.13.0 build 2 xorg-server: version 1.20.14 xterm: version 370 xxHash: version 0.8.1 zstd: version 1.5.1 Linux kernel: version 5.15.27 (CVE-2022-0847) CONFIG_ISCSI_TCP: iSCSI Initiator over TCP/IP (per Community Member @ich777) oot: md/unraid: version 2.9.21 fix: md_sync_limit was being ignored Management: diagnostics: add bz*.sha256 values diagnostics: Improved anonymization diagnostics: Anonymize mover diagnostics: better package listings in folders.txt diagnostics: do not anonymize 169.254.x.x addresses emhttpd: use shfs ioctl to invalidate shfs cached share info when share cfg changes emhttpd: fix incorrect handling of unassigned device read/write counters emhttpd: fix sometimes wrong device name assigned to hotplugged unassigned devices emhttpd: fix btrfs-replace case rc.nginx: change fastcgi_read_timeout from 120s to 640s rc.nginx: remove ttyd side-loading rc.nginx: support LE wildcard certs rc.nginx: self-signed cert subject OU change from "unRAID" to "Unraid" upgradepkg: do not upgrade if existing package is newer webgui: Docker: fix overlapping container ID display webgui: Docker: fixed template removal when no containers exist webgui: Do not highlight false positive ERST error webgui: VMs: automatically update virtio-win iso list webgui: Allow CA to get all docker info without having to download icons if not present webgui: Docker: fixed filetree sometimes not visible webgui: Docker: add time unit in settings webgui: Plugin manager: fix branch select gets unnecessary disabled webgui: require sign in to provision cert webgui: refactor UpdateDNS.php: anonymize verbose output by default, other improvements webgui: Use ttyd for logging windows webgui: Add new setting "Terminal font size" webgui: Fix missing csrf-token in Notify webgui: VM: fix missing path selection (for GPU firmware file) webgui: Docker: Support ReadMe in context menus webgui: Relax SMART detection logic webgui: Fix CPU model sometimes not present webgui: Dashboard: fix bar color when disk thresholds are disabled webgui: Update GUI with latest helptext webgui: Update FileTree.php webgui: Updated bitstream font to support more languages webgui: Fixed parity duration + speed when paused/resumed webgui: Added: Cumulative parity check. This allows a parity check to be divided over multiple time windows. webgui: ContextMenu: added option "button": defaults to "left" (current behavior), other options are "right" and "both" webgui: Docker: optimized contextmenu webgui: VMs: optimized contextmenu webgui: Fixed comments field only for selected disks webgui: Open terminal window with dynamic size webgui: Docker: remove close button in popup windiow webgui: Docker: update window uses color of selected theme webgui: Fixed: speed calculation of parity check webgui: Fixes and enhancements in Browse function webgui: remove(upc): usage of sendCrashInfo webgui: Move Start button below encryption field webgui: Limit popup window width on ultrawide monitors webgui: NFS: fix copying of hostList after READ operation webgui: Expand ipaddr() with protocol: protocol defaults to ipv4 in case of ipv4 + ipv6 webgui: Nchan: Use multiplexed channels and add error reporting webgui: Docker: Do not update installed user templates webgui: Docker: fix GUI may hang when multiple screens are opened webgui: Docker: fix spinner will not disappear after attempting to uninstall a non-existent container webgui: Updated help text for Display settings and Docker webgui: Docker utilization warning only when image file webgui: Validate destination of VirtIO ISO downloads webgui: Use tabbed view for device information page webgui: System info: fix translation webgui: CSS minor corrections webgui: Fixed: VM 9p add share issue webgui: Parity check: re-introduce Done button when finished webgui: css scrollbar enhancements webgui: Always show "WebUI" for user specified URLs webgui: Docker: Handle edge case involving browser back button when within CA in certain unlikely circumstances webgui: Parity operation enhancements: - Separate Parity-Sync and Data-Rebuild as individual actions - Add parity operation action to history view - Correct calculations for data-rebuild smaller than parity - Add disk clear action - Use Nchan updates for copying/clearing progress - CSS adjustment in SMART attributes - Show additional buttons in Array Stopped state - Textual enhancements - Added "size" column to parity history webgui: Dashboard: separate cpu details and graph view webgui: Better array sync when multiple sessions are opened webgui: Enable/Disable SMART extended test depending on spin down delay setting webgui: Fixed: spinner stays visible after docker command webgui: Fixed: buttons not working in device info when no device is present webgui: Fixed: race condition when array is stopped and device assignments are changed webgui: VM editor style update webgui: Fixed: parity history sometimes wrongly processed webgui: BTRFS balance and scrub scheduler webgui: Change Dashboard Parity status to be invalid and not emulated. webgui: Improved background process detection and handling webgui: jQuery: version 3.6.0 webgui: DisplaySettings: add "showBannerGradient"

Listening to the Community we decided to remove the requirement for all users to register their server with an Unraid.net account. Making use of the My Servers plugin, providing a growing number of online-enabled features, does still require use of an Unraid.net account. Upon upgrade to this release, users who currently have the My Servers plugin installed should upgrade the plugin on their server(s). Servers without the plugin will no longer need, or be able to sign in to Unraid.net and as timeouts kick in, they will automatically be removed from the My Servers Dashboard and disassociated with your Unraid.net account. To continue using the My Servers Dashboard please install the My Servers plugin. Please note: It would be extremely helpful to us to report issues by creating separate Reports here rather than creating a reply in this topic. 6.10.0 Summary of Changes and New Features As always, prior to updating, create a backup of your USB flash device: "Main/Flash/Flash Device Settings" - click "Flash Backup". [rc3] Plugin Authors: We patched the upgradepkg script to prevent it from replacing an installed package with an earlier version of the same package, i.e., no downgrading. If a plugin really needs to replace a package with a downgraded version it can include the '--reinstall' option. Also be sure to check out the Dynamix File Manager plugin available now through Community Apps! UPC and My Servers Plugin The most visible new feature is located in the upper right corner of the webGUI header. We call this the User Profile Component, or UPC. The UPC allows a user to better manage their registration keys and install the optional My Servers plugin. My Servers is what we call our set of cloud-based services and features that integrate with your Unraid server(s). After installing the My Servers plugin, you will be prompted to sign-in your server with an existing Unraid.net account, or create a new Unraid.net account. Once installed here are some of the features of My Servers: Real-time Status - with the plugin installed each server tile on the My Servers Dashboard will display real-time status such as whether the server is online or offline, storage utilization and other information. Local Access link - this is a direct link the the server webGUI on your LAN. Remote Access link - if enabled, a link is displayed on the My Servers Dashboard to bring up a server webGUI remotely and over the Internet. Automatic Flash Backup - every registered server is provided with a private git repo initially populated with the contents of your USB flash boot device (except for certain files which contain private information such as passwords). Thereafter, configuration changes are automatically committed. A link is provided to download a custom zip file that can be fed as input to the USB Flash Creator tool to move your configuration to a new USB flash device. Notification of critical security-related updates. In the event a serious security vulnerability has been discovered and patched, we will send out a notification to all email addresses associated with registered servers. Posting privilege in a new set of My Servers forum boards. Signed-in servers maintain a websocket connection to a cloud-based Lime Technology proxy server for the purpose of relaying real-time status. Refer to the Privacy section for more information. Security Changes It is now mandatory to define a root password. We also created a division in the Users page to distinguish root from other user names. The root UserEdit page includes a text box for pasting SSH authorized keys. For new configurations, the flash share default export setting is No. For all new user shares, the default export setting is No. For new configurations, SMBv1 is disabled by default. For new configurations, telnet, ssh, and ftp are disabled by default. We removed certain strings from Diagnostics such as passwords found in the 'go' file. Virtualization Both libvirt and qemu have been updated. In addition, qemu has been compiled with OpenGL support, and [rc2] ARM emulation (experimental). [rc2] To support Windows 11 which requires TPM and Secure boot, we have added TPM emulation; and, added a "Windows 11" VM template which automatically selects TPM-aware OVMF bios. Also, here are instructions for upgrading a Windows 10 VM to Windows 11. Special thanks to @ich777 who researched and determined what changes and components were necessary to provide this functionality. The built-in Firefox browser available in GUI-mode boot is built as an AppImage and located in the bzfirmware compressed file system image. This saves approximately 60MB of RAM. The Wireguard plugin has been integrated into webGUI, that is, no need for the plugin. If you had the plugin installed previously, it will be uninstalled and moved to the "Plugins/Plugin File Install Errors" page. No action is needed unless you want to press the Delete button to remove it from that page. Your WireGuard tunnels and settings will be preserved. [rc5] Resident network guru @bonienl has added the capability to bind a Wireguard virtual network interface to a docker container. One use of this feature is to configure a Wireguard-enabled VPN which may then be exclusively used by that container, while you main server makes use of the normal LAN network interface. Please refer to this post for additional details. Simplified installation of the Community Apps plugin. The webGUI automatically includes the Apps menu item, and if CA is not already installed, the page offers an Install button. No need to hunt for the plugin link. [rc3] Moving to Let's Encrypt wildcard SSL certificates. Starting with this release, we no longer issue new single-host SSL certificates (which we're calling legacy certificates). Instead, all new Unraid.net SSL certificates are wildcard certificates (still provided by Let's Encrypt). The URL used to access your server making use of a wildcard certificate has this form: https://[lan-ip].[hash].myunraid.net where, [lan-ip] is your severs LAN IP address with dots changed to dashes [hash] is a 40-character hex string (160 bits) unique to this server (and different from similar [hash] in legacy certificates) example: https://192-168-100-1.af01305221921f93aabae93f13800dcea41dc681e.myunraid.net We added a new DDNS server which listens at "myunraid.net". This server extracts [lan-ip] from the domain name and returns the IP address where the dashes are changed back into dots. There are several benefits to this approach for both our users and for us: Eliminates DNS propagation delays when you first provision a certificate or when a server LAN IP address (or WAN IP address) changes. Since the domain name includes the IP address, any IP address change also changes the domain name, hence will not be contained in any intermediate DNS cache. We also changed the TTL from 1 hour to 7 days further reducing overhead and alleviating issues where someone's internet goes down for brief periods. There is no longer a requirement for the server to actively update a DDNS server. Improves privacy because your remote access WAN IP address can't be determined by simply prepending "www" to your local access URL. Moves DNS functionality off the 'unraid.net' domain and isolates it on 'myunraid.net' domain. In previous releases code that provisions (allocates and downloads) an Unraid.net SSL certificate would first test if DNS Rebinding Protection was enforced on the user's LAN; and, if so, would not provision the certificate. Since there are other uses for a LE certificate we changed the code so that provision would always proceed. Next, we changed the logic behind the Auto selection of "Use SSL/TLS" setting on the Management Access page. Now it is only possible to select Auto if both a LE certificate has been provisioned and DNS Rebinding Protection is not enforced. This is a subtle change but permits certain My Servers features such as Remote Access. Upon upgrading, you will need to modify any server bookmarks with the new the URL. Alternately, if you have installed the My Servers plugin, a local access link is included for each server on your Dashboard. If you have not installed My Servers plugin, since there is no DDNS update daemon, we recommend setting up either a static DHCP lease, or assign a static IP address for your server. Finally, we have set up nginx such that the URL's: http://<server-name>.<local-tld>/ or https://<server-name>.<local-tld>/ will redirect to https://[lan-ip].[hash].myunraid.net More information including use cases may be found in Documentation here. Linux Kernel Upgrade to [rc4] Linux 5.15.x kernel which includes so-called Sequoia and Dirty Pipe vulnerability mitigations. In-tree GPU drivers are now loaded by default if corresponding hardware is detected: amdgpu ast i915 radeon These drivers are required mostly for motherboard on-board graphics used in GUI boot mode. Loading of a driver can be prohibited by creating the appropriate file named after the driver: echo "blacklist i915" > /boot/config/modprobe.d/i915.conf Alternately, the device can be isolated from Linux entirely via the System Devices page. Note that in Unraid OS 6.9 releases the in-tree GPU drivers are blacklisted by default and to enabling loading a driver you need to create an empty "conf" file. After upgrading to Unraid OS 6.10 you may delete those files, or leave them as-is. This change was made to greatly improve the Desktop GUI experience for new users. Added support for Intel GVT-g, which lets you split your Intel i915 iGPU into multiple virtual GPUs and pass them through to multiple VMs, using @ich777's Intel-GVT-g plugin. Added support for gnif/vendor-reset. This simplifies @ich777's AMD Vendor Reset plugin which permits users to get their AMD video cards to reset properly. [rc2] Added so-called "add-relaxable-rmrr-5_8_and_up.patch" modified for our kernel https://github.com/kiler129/relax-intel-rmrr/blob/master/patches/add-relaxable-rmrr-5_8_and_up.patch Thanks to @ich777 for pointing this out. [rc2] Enabled additional ACPI kernel options [rc2] Enabled TPM kernel modules (not utilized yet) - note this is for Unraid host utilizing physical TPM, not emulated TPM support for virtual machnes. [rc4] Updated out-of-tree drivers [rc5] Support Realtek RTL8152/RTL8153 Based USB Ethernet Adapters Base Packages Virtually the entire base package set has been updated. [rc2] For SMB: Samba version 4.15 SMB3 multi-channel is no longer marked "experimental", however is disabled by default. This may be enabled on the Settings/SMB Settings page. Some users have reported issues with SMB3 multi-channel in conjunction with certain network bond configurations. [rc2] Per request we added the mcelog package. With inclusion of this package, if you have an AMD processor you may see this error message in the system log: mcelog: ERROR: AMD Processor family 23: mcelog does not support this processor. Please use the edac_mce_amd module instead. We're not sure what to make of this. It appears mcelog is being deprecated in favor of rasdaemon. This is something we need to research further. Other improvements available in 6.10, which are maybe not so obvious to spot from the release notes and some of these improvements are internal and not really visible: Event driven model to obtain server information and update the webGUI in real-time The advantage of this model is its scalability. Multiple browsers can be opened simultaneously to the webGUI without much impact In addition stale browser sessions won't create any CSRF errors anymore People who keep their browser open 24/7 will find the webGUI stays responsive at all times [rc3] Consistent state information is maintained across all browser instances open to a particular server Docker labels Docker labels are added to allow people using Docker compose to make use of icons and GUI access Look at a Docker 'run' command output to see exactly what labels are used Docker custom networks A new setting for custom networks is available. Originally custom networks are created using the macvlan mode, and this mode is kept when upgrading to version 6.10 The new ipvlan mode is introduced to battle the crashes some people experience when using macvlan mode. If that is your case, change to ipvlan mode and test. Changing of mode does not require to reconfigure anything on Docker level, internally everything is being taken care off. Docker bridge network (docker0) docker0 now supports IPv6. This is implemented by assigning docker0 a private IPv6 subnet (fd17::/64), similar to what is done for IPv4 and use network translation to communicate with the outside world Containers connected to the bridge network now have both IPv4 and IPv6 connectivity (of course the system must have IPv6 configured in the network configuration) In addition several enhancements are made in the IPv6 implementation to better deal with the use (or no-use) of IPv6 Plugins page The plugins page now loads information in two steps. First the list of plugins is created and next the more time consuming plugin status field is retrieved in the background. The result is a faster loading plugins page, especially when you have a lot of plugins installed Dashboard graphs The dashboard has now two graphs available. The CPU graph is displayed by default, while the NETWORK graph is a new option under Interface (see the 'General Info' selection) The CPU graph may be hidden as well in case it is not desired Both graphs have a configurable time-line, which is by default 30 seconds and can be changed independently for each graph to see a longer or shorter history. Graphs are updated in real-time and are useful to observe the behavior of the server under different circumstances Scheduler Improvements [rc3] You can now split a parity check into smaller pieces and let it run over multiple days or weeks. For example a check can be performed in a time frame of 01:00am to 06:00am for several days in a row until it is completed. This way a long parity check won’t interfere with the normal day activities, like watching a movie. [rc3] Added ability to schedule pool 'balance' and 'scrub' operations and calculate whether a full balance is recommended. Other Changes We switched to a better-maintained version of the WSD server component called wsdd2 in an effort to eliminate instances where the wsd daemon would start consuming 100% of a CPU core. Fixed issue where you couldn't create a docker image on a share name that contains a space. Fixed issue where 'mover' would not move to a pool name that contains a space. Fixed issue in User Share file system where permissions were not being honored. We increased the font size in Terminal and [rc2] fixed issue with macOS Monterey. Terminal font size is configurable via Settings/Display Settings page. [rc2] Fixed jumbo frames not working. [rc2] sysctl: handle net.netfilter.nf_conntrack_count max exceeded (increase setting to 131072) - hattip to Community Member @DieFalse [rc2] Mover will create '.partial' file and then rename upon completion. [rc2] Enabled NFSv4 support. [rc2] Check bz file sha256sums at boot time. [rc3] Fixed bug found by @thohell where md_sync_limit was not being honored to limit stripe_head cache usage when other I/O is active. The effect of this fix is to drastically slow down parity operations if other I/O is happening (such as streaming a video). Throttling of parity sync operations can be adjusted by changing the 'Settings/Disk Settings/Tunable (md_sync_limit)' value. [rc3] Fixed btrfs pool device replace corner cases. Important note: if you 'unassign' a device from a btrfs multiple-device pool, and that device is still physically present, upon array Start we will erase the LUKS header on the device if present, and delete the partition structure, thereby effectively erasing all the data contained on the device. This is necessary in order to convince btrfs to no longer use the device and to free it for assignment to another pool. [rc3] For cookies managed by webGUI, changed sameSite cookie attribute from 'strict' to 'lax'. This change was made to solve an issue with Terminal window not opening in Safari. [rc5] Fixed a bug where replacing a device in a multiple-device btrfs pool would still tag the old device as missing. [rc5] Fixed an issue where hot plugging a device in a server with spun-down SAS drive(s) could cause the SAS drive(s) to appear unassigned. [rc5] Fixed an issue where the server would disappear from Windows Network after docker and/or VM startup. [rc5] Fixed md/unraid driver regression which would confuse XFS, making it think an online shrink had occurred. [rc5] Fixed: Prevent Unraid from hanging when the array is stopped, while VMs are in paused or suspended state. Numerous other small bug fixes and improvements. Credits Special thanks to all our beta testers and especially: @bonienl for his continued refinement and updating of the Dynamix webGUI. @Squid for continued refinement of Community Apps and associated feed. @dlandon for continued refinement of Unassigned Devices plugin and patience as we change things under the hood. @ich777 for assistance and passing on knowledge of Linux kernel config changes to support third party drivers and other kernel-related functionality via plugins. @SimonF for refinements to System Devices page and other webGUI improvements. @thohell for an extra set of eyes looking at md/unraid driver and for work-in-progress of adding changes to support multiple Unraid arrays. Version 6.10.0-rc5 2022-04-26 (vs. 6.10.0-rc4) Base distro: at: version 3.2.3 bind: version 9.16.27 btrfs-progs: version 5.16 ca-certificates: version 20220403 ethtool: version 5.16 eudev: version 3.2.11 git: version 2.35.3-x86_64-1 (CVE-2022-24765) glib2: version 2.70.3 glibc-zoneinfo: version 2022a gzip: version 1.12-x86_64-1 (CVE-2022-1271) haveged: [removed] hdparm: version 9.63 iproute2: version 5.16.0 libarchive: version 3.6.1-x86_64-1 libgpg-error: version 1.44 libunwind: version 1.6.2 libwebp: version 1.2.2 libxml2: version 2.9.13 libxslt: version 1.1.35 openssl: version 1.1.1n openssl-solibs: version 1.1.1n p11-kit: version 0.24.1 pango: version 1.48.11 sudo: version 1.9.9 tdb: version 1.4.6 util-linux: version 2.37.4 wsdd2: version 20111022 build 2 xz: version 5.2.5-x86_64-4 (CVE-2022-1271) zlib: version 1.2.12 zstd: version 1.5.2 Linux kernel: Linux 5.15.35-Unraid added CONFIG_USB_RTL8152: Realtek RTL8152/RTL8153 Based USB Ethernet Adapters Management: emhttpd: fix btrfs pool device replace still showing 'missing' rc.docker: fix startup network race condition rc.libvirt: Prevent Unraid from hanging when the array is stopped, while VMs are in paused or suspended state rc.nginx: read IP address from management interfact (eth0) only rc.samba: disable SMB Multi Channel by default; add control to Settings/SMB Settings page ttyd: fix garbled text in local FireFox Termainl windows upc: refactor(upc):base-6.10 remove sign in requirement webgui: improve: Highlight selected row when hovering over array or shares webgui: Right-clicking or long-clicking a menu item should open the selected menu webgui: Make links in help text standout (red) webgui: Update Outlook/Hotmail smtp settings webgui: UpdateDNS to prefer IPv4 first and then IPv6 webgui: Allow simultaneous log and console windows for containers webgui: Fixed: missing samesite attribute in cookies webgui: WireGuard: user nginx settings and unraid.net api webgui: Parity: shown duration time excluding idle time webgui: Miscellaneous updates and fixes webgui: fix: password lockouts not being cleared properly webgui: Support future T2FA webgui: Expand file type icon selection webgui: Show IP on VM Manager VM Page webgui: Docker: Silence PHP errors when editing a template if corruption exists webgui: Fixed PHP errors for share and disk calculations webgui: Main page - lower table update frequency for better responsiveness of links webgui: Change page switching to better suit Safari on mobile devices webgui: Set Main page update frequency to 1s for better support of mobile devices webgui: Docker settings: suppress browser presets webgui: Lower update frequency of monitor function to better suit mobile devices webgui: Docker: fixed list display in fixed view mode webgui: Docker: fixed header display causes gap webgui: WireGuard updates: Make import config file of VPN providers more robust. Add tunnel routing for docker containers Automatically make the WG tunnel available to containers (custom network) webgui: WireGuard: Introduce new network modes: VPN tunneled access for system VPN tunneled access for docker webgui: WireGuard: Add warning when tunnel deletion fails webgui: WireGuard: use kill switch when tunnel inactive webgui: Docker: add route for remote WireGuard access Containers with network 'br0' can be remotely accessed by WireGuard without the need to configure static routes on the home router (gateway) "Host access to custom networks" must be enabled to allow access webgui: WireGuard: add logic to recreate networks after reboot webgui: Docker: add route for remote WireGuard access webgui: Wireguard: make management interface seletable Defaults to eth0 - future expansion webgui: Docker: add wireguard description in network selection webgui: diagnostics: fix: anonymize myunraid.net urls webgui: BTRFS balance: fix recommendation message when volume is empty webgui: Log docker icon download failures webgui: Docker: add description to all custom networks webgui: Management: fix ports in use check webgui: Fixed: specific disk settings for pool devices only

EDIT (March 9th 2021): Solved in 6.9 and up. Reformatting the cache to new partition alignment and hosting docker directly on a cache-only directory brought writes down to a bare minimum. ### Hey Guys, First of all, I know that you're all very busy on getting version 6.8 out there, something I'm very much waiting on as well. I'm seeing great progress, so thanks so much for that! Furthermore I won't be expecting this to be on top of the priority list, but I'm hoping someone of the developers team is willing to invest (perhaps after the release). Hardware and software involved: 2 x 1TB Samsung EVO 860, setup with LUKS encryption in BTRFS RAID1 pool. ### TLDR (but I'd suggest to read on anyway 😀) The image file mounted as a loop device is causing massive writes on the cache, potentially wearing out SSD's quite rapidly. This appears to be only happening on encrypted caches formatted with BTRFS (maybe only in RAID1 setup, but not sure). Hosting the Docker files directory on /mnt/cache instead of using the loopdevice seems to fix this problem. Possible idea for implementation proposed on the bottom. Grateful for any help provided! ### I have written a topic in the general support section (see link below), but I have done a lot of research lately and think I have gathered enough evidence pointing to a bug, I also was able to build (kind of) a workaround for my situation. More details below. So to see what was actually hammering on the cache I started doing all the obvious, like using a lot of find commands to trace files that were written to every few minutes and also used the fileactivity plugin. Neither was able trace down any writes that would explain 400 GBs worth of writes a day for just a few containers that aren't even that active. Digging further I moved the docker.img to /mnt/cach/system/docker/docker.img, so directly on the BTRFS RAID1 mountpoint. I wanted to check whether the unRAID FS layer was causing the loop2 device to write this heavy. No luck either. This gave me a situation I was able to reproduce on a virtual machine though, so I started with a recent Debian install (I know, it's not Slackware, but I had to start somewhere ☺️). I create some vDisks, encrypted them with LUKS, bundled them in a BTRFS RAID1 setup, created the loopdevice on the BTRFS mountpoint (same of /dev/cache) en mounted it on /var/lib/docker. I made sure I had to NoCow flags set on the IMG file like unRAID does. Strangely this did not show any excessive writes, iotop shows really healthy values for the same workload (I migrated the docker content over to the VM). After my Debian troubleshooting I went back over to the unRAID server, wondering whether the loopdevice is created weirdly, so I took the exact same steps to create a new image and pointed the settings from the GUI there. Still same write issues. Finally I decided to put the whole image out of the equation and took the following steps: - Stopped docker from the WebGUI so unRAID would properly unmount the loop device. - Modified /etc/rc.d/rc.docker to not check whether /var/lib/docker was a mountpoint - Created a share on the cache for the docker files - Created a softlink from /mnt/cache/docker to /var/lib/docker - Started docker using "/etc/rd.d/rc.docker start" - Started my BItwarden containers. Looking into the stats with "iotstat -ao" I did not see any excessive writing taking place anymore. I had the containers running for like 3 hours and maybe got 1GB of writes total (note that on the loopdevice this gave me 2.5GB every 10 minutes!) Now don't get me wrong, I understand why the loopdevice was implemented. Dockerd is started with options to make it run with the BTRFS driver, and since the image file is formatted with the BTRFS filesystem this works at every setup, it doesn't even matter whether it runs on XFS, EXT4 or BTRFS and it will just work. I my case I had to point the softlink to /mnt/cache because pointing it /mnt/user would not allow me to start using the BTRFS driver (obviously the unRAID filesystem isn't BTRFS). Also the WebGUI has commands to scrub to filesystem inside the container, all is based on the assumption everyone is using docker on BTRFS (which of course they are because of the container 😁) I must say that my approach also broke when I changed something in the shares, certain services get a restart causing docker to be turned off for some reason. No big issue since it wasn't meant to be a long term solution, just to see whether the loopdevice was causing the issue, which I think my tests did point out. Now I'm at the point where I would definitely need some developer help, I'm currently keeping nearly all docker container off all day because 300/400GB worth of writes a day is just a BIG waste of expensive flash storage. Especially since I've pointed out that it's not needed at all. It does defeat the purpose of my NAS and SSD cache though since it's main purpose was hosting docker containers while allowing the HD's to spin down. Again, I'm hoping someone in the dev team acknowledges this problem and is willing to invest. I did got quite a few hits on the forums and reddit without someone actually pointed out the root cause of issue. I missing the technical know-how to troubleshoot the loopdevice issues on a lower level, but have been thinking on possible ways to implement a workaround. Like adjusting the Docker Settings page to switch off the use of a vDisk and if all requirements are met (pointing to /mnt/cache and BTRFS formatted) start docker on a share on the /mnt/cache partition instead of using the vDisk. In this way you would still keep all advantages of the docker.img file (cross filesystem type) and users who don't care about writes could still use it, but you'd be massively helping out others that are concerned over these writes. I'm not attaching diagnostic files since they would probably not point out the needed. Also if this should have been in feature requests, I'm sorry. But I feel that, since the solution is misbehaving in terms of writes, this could also be placed in the bugreport section. Thanks though for this great product, have been using it so far with a lot of joy! I'm just hoping we can solve this one so I can keep all my dockers running without the cache wearing out quick, Cheers!

tldr: If you require hardware support offered by the Linux 5.x kernel then I suggest you remain on 6.8.0-rc7 and wait until 6.9.0-rc1 is published before upgrading. The "unexpected GSO type" bug is looking to be a show stopper for Unraid 6.8 using Linux kernel 5.3 or 5.4 kernel. We can get it to happen easily and quickly simply by having any VM running and then also start a docker App where Network Type has been set to "Custom : br0" (in my case) and I've set a static IP for the container or toggle between setting static IP and letting docker dhcp assign one. There are probably a lot of users waiting for a stable release who will see this issue, and therefore, I don't think we can publish with this bug. The bug does not occur with any 4.19.x or 4.20.x Linux kernel; but does occur with all kernels starting with 5.0. This implies the bug was introduced with some code change in the initial 5.0 kernel. The problem is that we are not certain where to report the bug; it could be a kernel issue or a docker issue. Of course, it could also be something we are doing wrong, since this issue is not reported in any other distro AFAIK. We are continuing investigation and putting together a report to submit either to kernel mailing list or as a docker issue. In any case, an actual fix will probably take quite a bit more time, especially since we are heading into the holidays. Therefore this is what we plan to do: For 6.8: revert kernel to 4.19.87 and publish 6.8.0-rc8. Those currently running stable (6.7.2) will see no loss of functionality because that release is also on 4.19 kernel. Hopefully this will be last or next to last -rc and then we can publish 6.8 stable. Note: we cannot revert to 4.20 kernel because that kernel is EOL and has not had any updates in months. For 6.9: as soon as 6.8 stable is published we'll release 6.9.0-rc1 on next release branch. This will be exactly the same as 6.8 except that we'll update to latest 5.4 kernel (and "unexpected GSO type" bug will be back). We will use the next branch to try and solve this bug. New features, such as multiple pools, will be integrated into 6.10 release, which is current work-in-progress. We'll wait a day or two to publish 6.8-rc8 with reverted kernel in hopes those affected will see this post first.

The 6.12.5-rc1 release mainly contains bug fixes and security updates that we'd like feedback on before releasing it as 6.12.5. Upgrade steps for this release As always, prior to upgrading, create a backup of your USB flash device: "Main/Flash/Flash Device Settings" - click "Flash Backup". Update all of your plugins. This is critical for the NVIDIA and Realtek plugins in particular. If the system is currently running 6.12, we're going to suggest that you stop the array at this point. If it gets stuck on "Retry unmounting shares", open a web terminal and type: umount /var/lib/docker The array should now stop successfully (issues related to Docker not stopping should be resolved in this release.) Go to Tools -> Update OS. Change to the "Next" branch and click "Check for Updates". Wait for the update to download and install If you have any plugins that install 3rd party drivers (NVIDIA, Realtek, etc), wait for the notification that the new version of the driver has been downloaded. Reboot This thread is perfect for quick questions or comments, but if you suspect there will be back and forth for your specific issue, please start a new topic. Be sure to include your diagnostics.zip. Upgrade notes This release includes bug fixes and security updates. All users are encouraged to upgrade. Known issues Please see the 6.12.0 release notes for general known issues. Rolling back If rolling back earlier than 6.12.4, also see the 6.12.4 release notes. Changes vs. 6.12.4 Bug fixes and improvements Replace very old 'MemTest86+' with Memtest86+ version: 6.20 There are also Boot Options available. When 'mirror syslog to flash' is enabled, view syslog-previous at Tools -> Syslog, and in diagnostics Docker: Docker containers were not always stopping, preventing docker from unmounting Docker containers using IPv6 on custom networks were unable to start emhttpd: if User Shares not enabled, update_cron was not called during array Start sequence rc.nginx stop - force nginx to stop shfs: Allocation method was not working correctly if 6 or more disks were specified in the 'include' mask webgui: Downgrade.php was not updated for 6.12 always show ipvlan / macvlan setting ZFS: use 'zfs import -f' to ensure pools from other systems get imported prevent auto-spindown of unformatted devices Package updates curl: version 8.4.0 (CVE-2023-38546 CVE-2023-38545 CVE-2023-38039) firefox: 119.0.r20231019122658 (AppImage) intel-microcode: version 20231114 kernel-firmware: 20231024_4ee0175 qemu: version 7.2.0 samba: version 4.17.12 (CVE-2023-3961 CVE-2023-4091 CVE-2023-4154 CVE-2023-42669 CVE-2023-42670) smartmontools: version 7.4 zfs: version 2.1.13 Linux kernel version 6.1.63 CONFIG_USB_NET_CDC_NCM: CDC NCM support CONFIG_NFS_V4_1: NFS client support for NFSv4.1 CONFIG_NFS_V4_1_MIGRATION: NFSv4.1 client support for migration CONFIG_NFS_V4_2: NFS client support for NFSv4.2 CONFIG_NFS_V4_2_READ_PLUS: NFS: Enable support for the NFSv4.2 READ_PLUS operation CONFIG_NFSD_V4_2_INTER_SSC: NFSv4.2 inter server to server COPY

Please refer to the 6.12.0-rc1 topic for a general overview. Version 6.12.0-rc3 2023-04-14 (This is consolidated change log vs. Unraid OS 6.11) Upgrade notes If you created any zpools using 6.12.0-beta5 please Erase those pools and recreate. If you revert back from 6.12 to 6.11.5 or earlier, you have to force update all your Docker containers and start them manually after downgrading. This is necessary because of the underlying change to cgroup v2 in 6.12.0-rc1. Upon boot, if all PCI devices specified in 'config/vfio-pci.cfg' file do not properly bind, VM Autostart is prevented. You may still start individual VMs. This is to prevent Unraid host crash if hardware PCI IDs changed because of a kernel update or physical hardware change. To restore VM autostart, examine '/var/log/vfio-pci-error' and remove offending PCI IDs from 'config/vfio-pci.cfg' file and reboot. Linux Multi-Gen LRU is a relatively new feature now included but not enabled by default. You can enable by adding this line to your 'config/go' file: echo y > /sys/kernel/mm/lru_gen/enabled If you revert back from 6.12 to 6.11.5 or earlier you many need to remove that line. Obsolete/Broken Plugins There are a few plugins which are known to be incompatible with Unraid 6.12, and upon boot will not be installed. You will get a notification for each plugin that is affected, and can review the list by going to Plugins/Plugin File Install Errors. disklocation-master version 2022.06.18 (Disk Location by olehj, breaks the dashboard) plexstreams version 2022.08.31 (Plex Streams by dorgan, breaks the dashboard) corsairpsu version 2021.10.05 (Corsair PSU Statistics by Fma965, breaks the dashboard) gpustat version 2022.11.30a (GPU Statistics by b3rs3rk, breaks the dashboard) ipmi version 2021.01.08 (IPMI Tools by dmacias72, breaks the dashboard) nut version 2022.03.20 (NUT - Network UPS Tools by dmacias72, breaks the dashboard) NerdPack version 2021.08.11 (Nerd Tools by dmacias72) upnp-monitor version 2020.01.04c (UPnP Monitor by ljm42, not PHP 8 compatible) ZFS-companion version 2021.08.24 (ZFS-Companion Monitor by campusantu, breaks the dashboard) Some of the affected plugins have been taken over by different developers, we recommend that you go to the Apps page and search for replacements. Please ask plugin-specific questions in the support thread for that plugin. ZFS Pools New in this release is the ability to create a ZFS file system in a user-defined pool. In addition you may format any data device in the unRAID array with a single-device ZFS file system. We are splitting full ZFS implementation across two Unraid OS releases. Initial support in this release includes: Support raid0, mirror, raidz1, raidz2 and raidz3 root profiles. Up to 4-way mirror in a mirror vdev. Multiple vdev groups. Support removing single device: if device still present in server, 'wipefs' is used to clear the partition table. Support replacing single missing device with a new device of same or larger size. Support scheduled trimming of ZFS pools. Support pool rename. Pool names must begin with a lowercase letter and only contain lowercase letters, digits, the underscore and dash. Pool names must not end with a digit. Non-root vdev cannot be configured in this release, however, they can be imported. Note: imported hybrid pools may not be expanded in this release. Pools created on other systems may or may not import depending on how the the pool was created. A future update will permit importing pools from any system. A ZFS pool has three variables: profile - the root data organization: raid0, mirror (up to 4-way), raidz1, raidz2, raidz3 width - the number of devices per root vdev groups - the number of root vdevs in the pool At time of ZFS pool creation, the webGUI will present all topology options based on the number of devices assigned to the pool. Special treatment for root single-vdev mirrors: A single-device ZFS pool can be converted to multiple-device mirror by adding up to 3 additional devices in one operation. A 2-device mirror can be increased to 3-device by adding a single device; similarly a 3-device mirror can be increased to 4-device mirror by adding a single device. To add an additional root vdev, you must assign 'width' number of new devices to the pool at the same time. The new vdev will be created with the same 'profile' as the existing vdevs. Additional flexibility in adding/expanding vdevs will be provided in a future update. Pools created with the steini84 plugin can be imported as follows: First create a new pool with the number of slots corresponding to the number of devices in the pool to be imported. Next assign all the devices to the new pool. Upon array Start the pool should be recognized, though certain zpool topologies may not be recognized (please report). Mixed topologies are not supported. For example, a pool with both a mirror root vdev and a raidz root vdev is not recognized. Autotrim can be configured as on or off (except for single-device ZFS volumes in the unRAID array). Compression can be configured as on or off, where on selects lz4. Future update will permit specifying other algorithms/levels. When creating a new ZFS pool you may choose zfs - encrypted, which, like other encrypted volumes, applies device-level encryption via LUKS. ZFS native encryption is not supported at this time. During system boot, the file /etc/modprobe.d/zfs.conf is auto-generated to limit the ZFS ARC to 1/8 of installed memory. This can be overridden if necessary by creating a custom 'config/modprobe.d/zfs.conf' file. Future update will include ability to configure the ARC via webGUI, including auto-adjust according to memory pressure, e.g., VM start/stop. Top-level user shares in a ZFS pool are created as datasets instead of ordinary directories. btrfs pools Autotrim can be configured as on or off when used in a pool. Compression can be configured as on or off. on selects zstd. Future update to permit specifying other algorithms/levels. xfs Autotrim can be configured as on or off when used as a single-slot pool. Docker It is possible to configure the Docker data-root to be placed in a directory on a ZFS storage pool. In this case Docker will use the 'zfs' storage driver. This driver creates a separate dataset for each image layer. Because of this, here is our recommendation for setting up Docker using directory: First, create a docker user share configured as follows: Share name: docker Use cache pool: Only Select cache pool: name of your ZFS pool Next, on Docker settings page: Enable docker: Yes Docker data-root: directory Docker directory: /mnt/user/docker If you ever need to delete the docker persistent state, then bring up the Docker settings page and set Enable docker to No and click Apply. After docker has shut down click the Delete directory checkbox and then click Delete. This will result in deleting not only the various files and directories, but also all layers stored as datasets. Before enabling Docker again, be sure to first re-create the docker share as described above. Other changes: CreateDocker: changed label Docker Hub URL to Registry URL because of GHCR and other new container registries becoming more and more popular. Honor user setting of stop time-out. Accept images in OCI format. Add option to disable readmore-js on container table Fix: Docker Containers console will not use bash if selected VM Manager If you enable copy/paste for virtual consoles you need to install additional software on the client in addition to the QEMU agent if that has been installed. Here is the location for spice-vdagent for both Windows and Linux. Note copy/paste function will not work with web spice viewer you need to use virt-viewer. Add Serial option to vdisk. Spice Bug fix for users with non standard GUI ports defined. OVMF for QEMU: version stable202302 Fix for bus text. Enable copy paste option for virtual consoles Update Memory Backup processing for Virtiofs. Fix lockup when no VMs are present Add support for rtl8139 network model. fix translation omission added lock/unlock for sortable items Fix for Spice Mouse if Copy paste enabled. Dashboard The webGUI Dashboard has been redesigned and it is now possible to move elements (tiles) up and down and between columns. This allows the user to organize the tiles in any way they desire. There is a small lock icon on the menu bar which must be clicked to enable this function. Note: The lock icon also appears on the Docker and VM pages and must be clicked to rearrange the startup order. Release bz file differences Unraid OS is comprised of a set of 5 so-called bz files in the root of the USB Flash boot device: bzimage - the Linux kernel bzroot - the root file system, sans console desktop bzroot-gui - additional files needed for console desktop bzmodules - modules (drivers) associated with the Linux kernel bzfirmware - device firmware required by certain modules Starting with 6.12 release, the content of these files has been rearranged: bzimage - the Linux kernel (same as before) bzroot - the root file system excluding the /usr directory tree bzroot-gui - a single file which auto-starts the console desktop (for compatibility) bzmodules - modules (drivers) associated with the Linux kernel and device firmware required by certain modules bzfirmware - the /usr directory and all files contained therein, including console desktop The results of this change is to speed up the boot process and free up nearly 1G of RAM. It also permits us to add more "stuff" to Unraid OS in the future without requiring more RAM. Finally, when booted in non-GUI mode, the desktop can be started by logging in at the console and typig the 'slim' command. The files bzfirmware and bzmodules are squashfs images mounted using overlayfs at /usr and /lib respectively. Since these files are loopback-mounted, care must be taken if ever you want to perform a manual update. What is a manual update? This is a method of updating Unraid OS on your USB flash boot device without using the Tools/Update OS function. Typically one would either: open a Terminal window, wget the release zip file, unzip the release, and then 'cp' the bz files to root of the boot device. or export the 'flash' share on your network and drag the bz files from a PC directly to the flash. Either method, starting with 6.12 can fail because the bzfirmware file will be overwritten while it is still mounted - not good. To get around this, you must first create a temp directory on the flash device and then 'mv' (or drag) all the bz files to this temp directly. Now you can copy the new bz files in place and reboot. Linux kernel version 6.1.23 md/unraid: version 2.9.27 CONFIG_FS_DAX: File system based Direct Access (DAX) support CONFIG_VIRTIO_FS: Virtio Filesystem CONFIG_ZONE_DEVICE: Device memory (pmem, HMM, etc...) hotplug support CONFIG_USBIP_HOST: Host driver CONFIG_INTEL_MEI: Intel Management Engine Interface CONFIG_INTEL_MEI_ME: ME Enabled Intel Chipsets CONFIG_INTEL_MEI_GSC: Intel MEI GSC embedded device CONFIG_INTEL_MEI_PXP: Intel PXP services of ME Interface CONFIG_INTEL_MEI_HDCP: Intel HDCP2.2 services of ME Interface CONFIG_INTEL_PMC_CORE: Intel PMC Core driver CONFIG_DRM_I915_PXP: Enable Intel PXP support CONFIG_SCSI_FC_ATTRS: FiberChannel Transport Attributes CONFIG_FUSION_SPI: Fusion MPT ScsiHost drivers for SPI CONFIG_FUSION_FC: Fusion MPT ScsiHost drivers for FC CONFIG_FUSION_CTL: Fusion MPT misc device (ioctl) driver CONFIG_FUSION_LOGGING: Fusion MPT logging facility CONFIG_X86_AMD_PSTATE: AMD Processor P-State driver CONFIG_LRU_GEN: Multi-Gen LRU CONFIG_SERIAL_8250_NR_UARTS=32: Maximum number of 8250/16550 serial ports CONFIG_SERIAL_8250_RUNTIME_UARTS=4: Number of 8250/16550 serial ports to register at runtime Misc cgroup2 now the default loopback images no longer mounted using directio upgradepkg patched to prevent replacing existing package with older version. current PCI bus/device information saved in file '/boot/previous/hardware' upon Unraid OS upgrade. NFS: enable UPD transport emhttp: fix cache pool (null) syslog strings emhttp: fix cache pool display wrong device size for selected replacement device networking: fix nginx recognizing IP address from slow dhcp servers mover: fix: improper handling of symlinks mover: fix: Mover logging syslog entries format different from previous releases plugin: Display Run command retval in error message shfs: igonore top-level hidden directoris (names beginning with '.') terminal: OpenTerminal: change termination signal (hard stop) upgrade Unraid OS: check for earlier upgrade without reboot VM Manager: let page load even when PCI devices appear missing or are misassigned wireguard: add SSL support for WG tunnel IP addresses (myunraid.net wildcard certs only) webgui: support PHP8, increase PHP max memory from 128M to 256M webgui: ManagementAccess: Disable Provision/Renew/Upgrade buttons when no IP on eth0 webgui: ManagementAccess: Support wireguard local IP addresses in combination with myservers.unraid.net SSL cert webgui: Move "view" icon on Main and Shares page to the left webgui: Dashboard: fix regression error in "select case" webgui: Dashboard: make items moveable between columns webgui: Keep dismissed banners hidden for a month webgui: Dashboard: API for adding custom tiles webgui: Dashboard: rearrange processor information webgui: Dashboard: rearrange UPS info webgui: Dashboard: rearrange memory info webgui: Dashboard: VPN header rearrangement webgui: Dashboard: header rearrangements webgui: Add jqueryUI touch punch for mobile devices webgui: Changed ID to CLASS for elements occurring more than once webgui: Make header in white and black themes scrollable When more items are present than screen space, the user can now scroll through them (previously these items were invisible) webgui: Dashboard and Docker: introduce lock button for sortable items By default sortable items are locked, which allows mobile devices to scroll the page. Upon request items can be made sortable webgui: Users: add icon to title bar webgui: Tools: new function -> PHP Settings View PHP info Configure error reporting Open LOG to see errors in real-time webgui: System info: fix reading inactive ports webgui: Plugin: Include the actual command, being executed webgui: System info: cache enhancement webgui: System info: memory enhancement webgui: DeviceInfo: disable buttons when erase operation is running webgui: Docker: filetree corrections webgui: Fixed: Dashboard: show heat alarm per pool webgui: Notifications: revised operation Autoclose new notifications after 3 seconds Fix notifications reappearing after closure webgui: DeviceList: add FS type in offline state webgui: Add notification agent for Bark webgui: Main: hide browse icon when disk is not mounted webgui: Diagnostics: add additional btrfs and zfs info webgui: Dashboard: add ZFS memory usage webgui: Revised New Permissions Select either disks or shares (not both) webgui: Add testparm to diagnostics webgui: Support new UD reserved mount point of /mnt/addons webgui: fix issue displaying Attributes when temperature display set to Fahrenheit webgui: Dashboard changes: lock the Dashboard completely: Editing/moving only becomes possible when unlocking the page An empty column is refilled when the respective tiles are made visible again, no need to reset everything added a visual "move indicator" on the Docker and VM page, to make clearer that rows can be moved now. change cursor shape when moving is enabled use tile title as index webgui: fix: Local Firefox account pop-up postmessages not working webgui: VM Manager: fix VM marked as Autostart not starting following manual array Start webgui: SMART test cannot be run on a UD disk because there is no spin down delay selection webgui: status footer stuck on "Starting services" when applying share config setting chagnes. webgui: Fix table layout for orphan images webgui: Plugin: Do not show update button if incompatible webgui: OpenTerminal: limit clients webgui: Context menu: automatic triangle placement webgui: Dashboard: fix pool warnings webgui: Allow SMART long test for UD webgui: Read processor type from /proc/cpuinfo webgui: CSS: solve scrollbar issue in firefox webgui: plugin: Make wget percentage detection more robust webgui: Add share: fix hidden share name check webgui: Display settings: add missing defaults webgui: Array Operation: prevent double clicking of Start button wireguard: fix nginx issue when partial WireGuard config Base Distro aaa_glibc-solibs: version 2.37 adwaita-icon-theme: version 43 at-spi2-core: version 2.46.0 bash: version 5.2.015 bind: version 9.18.12 btrfs-progs: version 6.2.1 ca-certificates: version 20221205 cryptsetup: version 2.6.1 curl: version 7.88.1 dbus: version 1.14.6 diffutils: version 3.9 dnsmasq: version 2.89 docker: version 20.10.23 e2fsprogs: version 1.47.0 encodings: version 1.0.7 file: version 5.44 firefox: version 111.0 (AppImage) freetype: version 2.13.0 fuse3: version 3.12.0 gawk: version 5.2.1 git: version 2.39.2 glib2: version 2.74.6 glibc: version 2.37 glibc-zoneinfo: version 2022g gnutls: version 3.7.9 gptfdisk: version 1.0.9 gtk+3: version 3.24.37 harfbuzz: version 7.1.0 htop: version 3.2.2 iproute2: version 6.2.0 iptables: version 1.8.9 iputils: version 20221126 less: version 612 libICE: version 1.1.1 libSM: version 1.2.4 libX11: version 1.8.4 libXau: version 1.0.11 libXcomposite: version 0.4.6 libXdamage: version 1.1.6 libXdmcp: version 1.1.4 libXpm: version 3.5.15 libXrandr: version 1.5.3 libXres: version 1.2.2 libXxf86dga: version 1.1.6 libarchive: version 3.6.2 libdrm: version 2.4.115 libfontenc: version 1.1.7 libglvnd: version 1.6.0 libjpeg-turbo: version 2.1.5.1 libpcap: version 1.10.3 libpng: version 1.6.39 libpsl: version 0.21.2 liburcu: version 0.14.0 libwebp: version 1.3.0 libxkbcommon: version 1.5.0 libxkbfile: version 1.1.2 libxshmfence: version 1.3.2 lmdb: version 0.9.30 logrotate: version 3.21.0 lsof: version 4.98.0 lz4: version 1.9.4 lzlib: version 1.13 mc: version 4.8.29 mcelog: version 191 mpfr: version 4.2.0 nano: version 7.2 ncurses: version 6.4 nginx: version 1.23.3 nghttp2: version 1.52.0 openssh: version 9.2p1 openssl: version 1.1.1t openssl-solibs: version 1.1.1t openzfs: version 2.1.9 pango: version 1.50.14 pciutils: version 3.9.0 pcre2: version 10.42 php: version 8.2.4 php-libvirt: version 0.5.7 php-markdown: version 2.0.0 samba: version 4.17.7 sqlite: version 3.41.0 sudo: version 1.9.13p2 sysstat: version 12.7.2 tdb: version 1.4.8 tevent: version 0.14.1 traceroute: version 2.1.2 transset: version 1.0.3 tree: version 2.1.0 usbutils: version 015 xcb-util: version 0.4.1 xdriinfo: version 1.0.7 xf86-video-vesa: version 2.6.0 xfsprogs: version 6.1.1 xhost: version 1.0.9 xinit: version 1.4.2 xkbcomp: version 1.4.6 xkeyboard-config: version 2.38 xorg-server: version 21.1.7 xprop: version 1.2.6 xrandr: version 1.5.2 xset: version 1.2.5 xterm: version 379 xz: version 5.4.1 zstd: version 1.5.4

This release includes some bug fixes and update of base packages. Sorry no major new feature in this release, but instead we are paying some "technical debt" and laying the groundwork necessary to add better third-party driver and ZFS support. We anticipate a relatively short -rc series. Special thanks to @bonienl for implementation of background downloading, and @ich777 for working with us for better third-party driver integration, still a work-in-process. Please note: It would be extremely helpful to us to report issues by creating separate Reports here rather than creating a reply in this topic. As always, prior to updating, create a backup of your USB flash device: "Main/Flash/Flash Device Settings" - click "Flash Backup". Credits Special thanks to all our beta testers and especially: @bonienl for his continued refinement and updating of the Dynamix webGUI. @Squid for continued refinement of Community Apps and associated feed. @dlandon for continued refinement of Unassigned Devices plugin and patience as we change things under the hood. @ich777 for assistance and passing on knowledge of Linux kernel config changes to support third party drivers and other kernel-related functionality via plugins. @JorgeB for rigorous testing of storage subsystem Version 6.11.0-rc1 2022-07-25 Improvements With this release there have been many base package updates including several CVE mitigations. The Linux kernel update includes mitigation for Processor MMIO stale-data vulnerabilities. The plugin system has been refactored so that 'plugin install' can proceed in the background. This alleviates issue where a user may think installation has crashed and closes the window, when actually it has not crashed. Many other webGUI immprovements. Bug fixes Fixed issue in VM manager where VM log can not open when VM name has an embedded '#' character. Fixed issue where Parity check pause/resume on schedule was broken. Change Log vs. Unraid OS 6.10 Base distro: aaa_base: version 15.1 aaa_glibc-solibs: version 2.35 aaa_libraries: version 15.1 adwaita-icon-theme: version 42.0 appres: version 1.0.6 at-spi2-core: version 2.44.1 atk: version 2.38.0 bind: version 9.18.5 btrfs-progs: version 5.18.1 ca-certificates: version 20220622 cifs-utils: version 6.15 coreutils: version 9.1 curl: version 7.84.0 dbus: version 1.14.0 dmidecode: version 3.4 docker: version 20.10.17 (CVE-2022-29526 CVE-2022-30634 CVE-2022-30629 CVE-2022-30580 CVE-2022-29804 CVE-2022-29162 CVE-2022-31030) editres: version 1.0.8 ethtool: version 5.18 file: version 5.42 findutils: version 4.9.0 freeglut: version 3.2.2 freetype: version 2.12.1 fribidi: version 1.0.12 fuse3: version 3.11.0 gdbm: version 1.23 gdk-pixbuf2: version 2.42.8 git: version 2.37.1 glib2: version 2.72.3 glibc: version 2.35 gnutls: version 3.7.6 gptfdisk: version 1.0.9 harfbuzz: version 4.4.1 hdparm: version 9.64 htop: version 3.2.1 icu4c: version 71.1 inotify-tools: version 3.22.6.0 iproute2: version 5.18.0 iptables: version 1.8.8 json-c: version 0.16_20220414 kernel-firmware: version 20220705_f5f02da kernel-headers: version 5.18.9 kmod: version 30 libX11: version 1.8.1 libXcursor: version 1.2.1 libaio: version 0.3.113 libcap-ng: version 0.8.3 libdrm: version 2.4.110 libepoxy: version 1.5.10 libevdev: version 1.12.1 libgcrypt: version 1.10.1 libgpg-error: version 1.45 libidn: version 1.41 libjpeg-turbo: version 2.1.3 libmnl: version 1.0.5 libnetfilter_conntrack: version 1.0.9 libnfnetlink: version 1.0.2 libnftnl: 1.2.2 libnl3: version 3.6.0 libtiff: version 4.4.0 libtiff: version 4.4.0 liburcu: version 0.13.1 libusb: version 1.0.26 libxcb: version 1.15 libxkbcommon: version 1.4.1 libzip: version 1.9.2 libX11: version 1.8.1 listres: version 1.0.5 logrotate: version 3.20.1 lsof: version 4.95.0 lzip: version 1.23 mc: version 4.8.28 mcelog: version 184 mkfontscale: version 1.2.2 nano: version 6.3 nettle: version 3.8 nfs-utils: version 2.6.1 nghttp2: version 1.48.0 ntfs-3g: version 2022.5.17 oniguruma: version 6.9.8 openssh: version 9.0p1 openssl: version 1.1.1q (CVE-2022-1292 CVE-2022-2097 CVE-2022-2274) openssl-solibs: version 1.1.1q (CVE-2022-1292) pango: version 1.50.8 pciutils: version 3.8.0 pcre2: version 10.40 php: version 7.4.30 (CVE-2022-31625 CVE-2022-31626) rsync: version 3.2.4 samba: version 4.15.8 setxkbmap: version 1.3.3 shared-mime-info: version 2.2 sqlite: version 3.39.2 sudo: version 1.9.11p3 sysfsutils: version 2.1.1 tdb: version 1.4.7 tevent: version 0.12.1 tree: version 2.0.2 util-linux: version 2.38 wget: version 1.21.3 xauth: version 1.1.2 xclock: version 1.1.1 xdpyinfo: version 1.3.3 xfsprogs: version 5.18.0 xkeyboard-config: version 2.36 xload: version 1.1.4 xmodmap: version 1.0.11 xsm: version 1.0.5 xterm: version 372 xwud: version 1.0.6 Linux kernel: version 5.18.14 (CVE-2022-21123 (CVE-2022-21123 CVE-2022-21125 CVE-2022-21166) oot: md/unraid: version 2.9.23 CONFIG_IOMMU_DEFAULT_PASSTHROUGH: Passthrough CONFIG_VIRTIO_IOMMU: Virtio IOMMU driver CONFIG_X86_AMD_PSTATE: AMD Processor P-State driver CONFIG_FIREWIRE: FireWire driver stack CONFIG_FIREWIRE_OHCI: OHCI-1394 controllers CONFIG_FIREWIRE_SBP2: Storage devices (SBP-2 protocol) CONFIG_FIREWIRE_NET: IP networking over 1394 CONFIG_INPUT_UINPUT: User level driver support CONFIG_INPUT_JOYDEV: Joystick interface CONFIG_INPUT_JOYSTICK: Joysticks/Gamepads CONFIG_JOYSTICK_XPAD: X-Box gamepad support CONFIG_JOYSTICK_XPAD_FF: X-Box gamepad rumble support CONFIG_JOYSTICK_XPAD_LEDS: LED Support for Xbox360 controller 'BigX' LED Management: rc.nginx: enable OCSP stapling on certs which include an OCSP responder URL rc.wireguard: add better troubleshooting for WireGuard autostart rc.S: support early load of plugin driver modules upc: version v1.3.0 webgui: Plugin system update Detach frontend and backend operation Use nchan as communication channel Allow window to be closed while backend continues Use SWAL as window manager Added multi remove ability on Plugins page Added update all plugins with details webgui: docker: use docker label as primary source for WebUI This makes the 'net.unraid.docker.webui' docker label the primary source when parsing the web UI address. If the docker label is missing, the template value will be used instead. webgui: Update Credits.page webgui: VM manager: Fix VM log can not open when VM name has an embedded '#' webgui: Management Access page: add details for self-signed certs webgui: Parity check: fix regression error webgui: Remove session creation in scripts webgui: Update ssh key regex Add support for ed25519/sk-ed25519 Remove support for ecdsa (insecure) Use proper regex to check for valid key types webgui: misc. style updates

New in this release: GPU Driver Integration Unraid OS now includes selected in-tree GPU drivers: ast (Aspeed), i915 (Intel), amdgpu and radeon (AMD). These drivers are blacklisted by default via 'conf' files in /etc/modprobe.d: /etc/modprobe.d/ast.conf /etc/modprobe.d/amdgpu.conf /etc/modprobe.d/i915.conf /etc/modprobe.d/radeon.conf Each of these files has a single line which blacklists the driver, preventing it from being loaded by the Linux kernel. However it is possible to override the settings in these files by creating the directory 'config/modprobe.d' on your USB flash boot device and then creating the same named-file in that directory. For example, to unblacklist amdgpu type these commands in a Terminal session: mkdir /boot/config/modprobe.d touch /boot/config/modprobe.d/amdgpu.conf When Unraid OS boots, before the Linux kernel executes device discovery, we copy any files from /boot/config/modprobe.d to /etc/modprobe.d. Since amdgpu.conf on the flash is an empty file, it will effectively cancel the driver from being blacklisted. This technique can be used to set boot-time options for any driver as well. Better Support for Third Party Drivers Recall that we distribute Linux modules and firmware in separate squashfs files which are read-only mounted at /lib/modules and /lib/firmware. We now set up an overlayfs on each of these mount points, making it possible to install 3rd party modules at boot time, provided those modules are built against the same kernel version. This technique may be used by Community Developers to provide an easier way to add modules not included in base Unraid OS: no need to build custom bzimage, bzmodules, bzfirmware and bzroot files. To go along with the other GPU drivers included in this release, we have created a separate installable Nvidia driver package. Since each new kernel version requires drivers to be rebuilt, we have set up a feed that enumerates each driver available with each kernel. The easiest way to install the Nvdia driver, if you require it, is to make use of a plugin provided by Community member @ich777. This plugin uses the feed to install the correct driver for the currently running kernel. A big thank you! to @ich777 for providing assistance and coding up the the plugin: Linux Kernel This release includes Linux kernel 5.8.18. We realize the 5.8 kernel has reached EOL and we are currently busy upgrading to 5.9. Version 6.9.0-beta35 2020-11-12 (vs -beta30) Base distro: aaa_elflibs: version 15.0 build 25 brotli: version 1.0.9 build 2 btrfs-progs: version 5.9 ca-certificates: version 20201016 curl: version 7.73.0 dmidecode: version 3.3 ethtool: version 5.9 freetype: version 2.10.4 fuse3: version 3.10.0 git: version 2.29.1 glib2: version 2.66.2 glibc-solibs: version 2.30 build 2 glibc-zoneinfo: version 2020d glibc: version 2.30 build 2 iproute2: version 5.9.0 jasper: version 2.0.22 less: version 563 libcap-ng: version 0.8 build 2 libevdev: version 1.10.0 libgcrypt: version 1.8.7 libnftnl: version 1.1.8 librsvg: version 2.50.1 libwebp: version 1.1.0 build 3 libxml2: version 2.9.10 build 3 lmdb: version 0.9.27 nano: version 5.3 ncurses: version 6.2_20201024 nginx: version 1.19.4 ntp: version 4.2.8p15 build 3 openssh: version 8.4p1 build 2 pam: version 1.4.0 build 2 rpcbind: version 1.2.5 build 2 samba: version 4.12.9 (CVE-2020-14318 CVE-2020-14318 CVE-2020-14318) talloc: version 2.3.1 build 4 tcp_wrappers: version 7.6 build 3 tdb: version 1.4.3 build 4 tevent: version 0.10.2 build 4 usbutils: version 013 util-linux: version 2.36 build 2 vsftpd: version 3.0.3 build 7 xfsprogs: version 5.9.0 xkeyboard-config: version 2.31 xterm: version 361 Linux kernel: version 5.8.18 added GPU drivers: CONFIG_DRM_RADEON: ATI Radeon CONFIG_DRM_RADEON_USERPTR: Always enable userptr support CONFIG_DRM_AMDGPU: AMD GPU CONFIG_DRM_AMDGPU_SI: Enable amdgpu support for SI parts CONFIG_DRM_AMDGPU_CIK: Enable amdgpu support for CIK parts CONFIG_DRM_AMDGPU_USERPTR: Always enable userptr write support CONFIG_HSA_AMD: HSA kernel driver for AMD GPU devices kernel-firmware: version 20201005_58d41d0 md/unraid: version 2.9.16: correction recording disk info with array Stopped; remove 'superblock dirty' handling oot: Realtek r8152: version 2.14.0 Management: emhttpd: fix 'auto' setting where pools enabled for user shares should not be exported emhttpd: permit Erase of 'DISK_DSBL_NEW' replacement devices emhtptd: track clean/unclean shutdown using file 'config/forcesync' emhttpd: avoid unnecessarily removing mover.cron file modprobe: blacklist GPU drivers by default, config/modprobe.d/* can override at boot samba: disable aio by default startup: setup an overlayfs for /lib/modules and /lib/firmware webgui: pools not enabled for user shares should not be selectable for cache webgui: Add pools information to diagnostics webgui: vnc: add browser cache busting webgui: Multilanguage: Fix unable to delete / edit users webgui: Prevent "Add" reverting to English when adding a new user with an invalid username webgui: Fix Azure / Gray Switch Language being cut-off webgui: Fix unable to use top right icons if notifications present webgui: Changed: Consistency between dashboard and docker on accessing logs webgui: correct login form wrong default case icon displayed webgui: set 'mid-tower' default case icon webgui: fix: jGrowl covering buttons webgui: New Perms: Support multi-cache pools webgui: Remove WG from Dashboard if no tunnels defined webgui: dockerMan: Allow readmore in advanced view webgui: dockerMan: Only allow name compatible with docker

Please refer to the 6.12.0-rc1 topic for a general overview. Version 6.12.0-rc2 2023-03-18 Bug fixes networking: fix nginx recognizing IP address from slow dhcp servers VM Manager: let page load even when PCI devices appear missing or are misassigned webgui: Dashboard fixes: lock the Dashboard completely: Editing/moving only becomes possible when unlocking the page An empty column is refilled when the respective tiles are made visible again, no need to reset everything added a visual "move indicator" on the Docker and VM page, to make clearer that rows can be moved now. change cursor shape when moving is enabled use tile title as index webgui: fix issue displaying Attributes when temperature display set to Fahrenheit zfs: fixed issue importing ZFS pools with additional top-level sections besides the root section ZFS Pools Add scheduled trimming of ZFS pools. Replace Scrub button with Clear button when pool is in error state. Base Distro php: version 8.2.4 Linux kernel version 6.1.20 CONFIG_X86_AMD_PSTATE: AMD Processor P-State driver Misc save current PCI bus/device information in file '/boot/previous/hardware' upon Unraid OS upgrade.

Thank you for the feedback on the previous rc release, we have one more small set of updates to test before releasing 6.12.4. Highlights include: Resolved an issue with VMs on the macvtap interface not being able to connect to the Internet Additional IPv6 improvements The delay before auto-closing notifications is now configurable (see Settings/Notification Settings) Fix the custom network DHCP subnet options on the Settings/Docker Settings page If you are already on 6.12.4-rc18 this should be a simple update, no need to change any settings. If you are coming from an earlier release please see the 6.12.4-rc18 announce post for info on how to solve macvlan issues and other changes. Upgrade steps for this release As always, prior to upgrading, create a backup of your USB flash device: "Main/Flash/Flash Device Settings" - click "Flash Backup". Update all of your plugins. This is critical for the NVIDIA and Realtek plugins in particular. If the system is currently running 6.12.0 - 6.12.2, we're going to suggest that you stop the array at this point. If it gets stuck on "Retry unmounting shares", open a web terminal and type: umount /var/lib/docker The array should now stop successfully (This issue was resolved with 6.12.3) Go to Tools -> Update OS, change the Branch to "Next". If the update doesn't show, click "Check for Updates" Wait for the update to download and install If you have any plugins that install drivers (NVIDIA, Realtek, etc), wait for the notification that the new version of the driver has been downloaded. Reboot Known Issues Please see the 6.12.4-rc18 release notes Rolling Back Please see the 6.12.4-rc18 release notes Changes vs. 6.12.4-rc18 docker: add routing when shim or macvtap network is used docker: fix routing when "host access" is enabled docker: remove IPv6 from shim/vhost interface (some routers are incompatible) New notification option: auto-closure time New notification option: notification life time Set default notifications life time to 5 seconds network: print public ipv6 address network: shim interface gets MAC address of parent, no need to generate one Docker settings: fix subnet sizes CSS: set overflow-x to 'auto' Helptext: fix typo Linux kernel version 6.1.47

6.10.0 Summary of Changes and New Features As always, prior to updating, create a backup of your USB flash device: "Main/Flash/Flash Device Settings" - click "Flash Backup". Note: In order to permit ongoing development, some changes/features are marked experimental. This means underlying support is included in the release, but high level functionality or UI has not been included yet. UPC and My Servers Plugin - [rc2] reworded The most visible new feature is located in the upper right of the webGUI header. We call this the User Profile Component, or UPC. The UPC allows a user to associate their server(s) and license key(s) with their Unraid Community forum account, also known as an Unraid.net account. Starting with this release, it will be necessary for a new user to either sign-in with existing forum credentials or sign-up, creating a new account via the UPC in order to download a Trial key. All key purchases and upgrades are also handled exclusively via the UPC. Signing-in provides these benefits: My Servers Dashboard - when logged into the forum a new My Servers menu item appears. Clicking this brings up a Dashboard which displays a set of tiles representing servers associated with this account. Each tile includes a link to bring up the servers webGUI on your LAN. Install the My Servers plugin to provide real-time status and other advanced features (see below). Notification of critical security-related updates. In the event a serious security vulnerability has been discovered and patched, we will send out a notification to all email addresses associated with registered servers. Posting privilege in a new set of My Servers forum boards. No more reliance on email and having to copy/paste key file URLs in order to install a license key - keys are delivered and installed automatically to your server. Once a license key has been provisioned, it is not necessary to remain signed-in, though there is no particular reason to sign-out. [rc2] Exception: A server must be signed-in to Provision and Renew a Let's Encrypt SSL certificate. My Servers Plugin My Servers is what we call our set of cloud-based or cloud-enabled services and features that integrate with your Unraid server(s). Once installed here are some of the features of My Servers: Real-time Status - with the plugin installed each server tile on the My Servers Dashboard will display real-time status such as whether the server is online or offline, storage utilization and other information. Remote Access link - if enabled, a link is displayed on the My Servers Dashboard to bring up a server webGUI remotely over the Internet. Automatic Flash Backup - every registered server is provided with a private git repo initially populated with the contents of your USB flash boot device (except for certain files which contain private information such as passwords). Thereafter, configuration changes are automatically committed. A link is provided to download a custom zip file that can be fed as input to the USB Flash Creator tool to move your configuration to a new USB flash device. My Servers is an optional add-on, installed through Community Apps or via direct plugin URL. Detailed instructions can be found here. If you have installed the My Servers plugin, signed-in servers will maintain a websocket connection to a cloud-based Lime Technology proxy server for the purpose of relaying real-time status. Security Changes It is now mandatory to define a root password. We also created a division in the Users page to distinguish root from other user names. The root UserEdit page includes a text box for pasting SSH authorized keys. For new configurations, the flash share default export setting is No. For all new user shares, the default export setting is No. For new configurations, SMBv1 is disabled by default. For new configurations, telnet, ssh, and ftp are disabled by default. We removed certain strings from Diagnostics such as passwords found in the 'go' file. Virtualization Both libvirt and qemu have been updated. In addition qemu has been compiled with OpenGL support, and [rc2] ARM emulation (experimental). [rc2] To support Windows 11 which requires TPM and Secure boot, we have added TPM emulation; and, added a "Windows 11" VM template which automatically selects TPM-aware OVMF bios. Also, here are instructions for upgrading a Windows 10 VM to Windows 11. Special thanks to @ich777 who researched and determined what changes and components were necessary to provide this functionality. The built-in FireFox browser available in GUI-mode boot is built as an AppImage and located in the bzfirmware compressed file system image. This saves approximately 60MB of RAM. The Wireguard plugin has been integrated into webGUI, that is, no need for the plugin. If you had the plugin installed previously, it will be uninstalled and moved to the "Plugins/Plugin File Install Errors" page. No action is needed unless you want to press the Delete button to remove it from that page. Your WireGuard tunnels and settings will be preserved. Simplified installation of the Community Apps plugin. The webGUI automatically includes the Apps menu item, and if CA is not already installed, the page offers an Install button. No need to hunt for the plugin link. Let's Encrypt SSL provisioning change. In previous releases code that provisions (allocates and downloads) a LE SSL certificate would first test if DNS Rebinding Protection was enforced on the user's LAN; and, if so, would not provision the certificate. Since there are other uses for a LE certificate we changed the code so that provision would always proceed. Next, we changed the logic behind the Auto selection of "Use SSL/TLS" setting on the Management Access page. Now it is only possible to select Auto if both a LE certificate has been provisioned and DNS Rebinding Protection is not enforced. This is a subtle change but permits certain My Servers features such as Remote Access. Linux Kernel Upgrade to [rc2] Linux 5.14.15 kernel which includes so-called Sequoia vulnerability mitigation. In-tree GPU drivers are now loaded by default if corresponding hardware is detected: amdgpu ast i915 radeon These drivers are required mostly for motherboard on-board graphics used in GUI boot mode. Loading of a driver can be prohibited by creating the appropriate file named after the driver: echo "blacklist i915" > /boot/config/modprobe.d/i915.conf Alternately, the device can be isolated from Linux entirely via the System Devices page. Note that in Unraid OS 6.9 releases the in-tree GPU drivers are blacklisted by default and to enabling loading a driver you need to create an empty "conf" file. After upgrading to Unraid OS 6.10 you may delete those files, or leave them as-is. This change was made to greatly improve the Desktop GUI experience for new users. Added support for Intel GVT-g, which lets you split your Intel i915 iGPU into multiple virtual GPUs and pass them through to multiple VMs, using @ich777's Intel-GVT-g plugin. Added support for gnif/vendor-reset. This simplifies @ich777's AMD Vendor Reset plugin which permits users to get their AMD video cards to reset properly. [rc2] Added so-called "add-relaxable-rmrr-5_8_and_up.patch" modified for our kernel https://github.com/kiler129/relax-intel-rmrr/blob/master/patches/add-relaxable-rmrr-5_8_and_up.patch Thanks to @ich777 for pointing this out, [rc2] Enabled additional ACPI kernel options [rc2] Updated out-of-tree drivers [rc2] Enabled TPM kernel modules (not utilized yet) - note this is for Unraid host utilizing physical TPM, not emulated TPM support for virtual machnes. Base Packages Virtually the entire base package set has been updated. [rc2] For SMB: Samba version 4.15 SMB3 multi-channel is no longer marked "experimental" and is enabled by default. [rc2] Per request we added the mcelog package. With inclusion of this package, if you have an AMD processor you may see this error message in the system log: mcelog: ERROR: AMD Processor family 23: mcelog does not support this processor. Please use the edac_mce_amd module instead. We're not sure what to make of this. It appears mcelog is begin deprecated in favor of rasdaemon. This is something we need to research further. Other improvements available in 6.10, which are maybe not so obvious to spot from the release notes and some of these improvements are internal and not really visible: Event driven model to obtain server information and update the webGUI in real-time The advantage of this model is its scalability. Multiple browsers can be opened simultaneously to the webGUI without much impact In addition stale browser sessions won't create any CSRF errors anymore People who keep their browser open 24/7 will find the webGUI stays responsive at all times Docker labels Docker labels are added to allow people using Docker compose to make use of icons and GUI access Look at a Docker 'run' command output to see exactly what labels are used Docker custom networks A new setting for custom networks is available. Originally custom networks are created using the macvlan mode, and this mode is kept when upgrading to version 6.10 The new ipvlan mode is introduced to battle the crashes some people experience when using macvlan mode. If that is your case, change to ipvlan mode and test. Changing of mode does not require to reconfigure anything on Docker level, internally everything is being taken care off. Docker bridge network (docker0) docker0 now supports IPv6. This is implemented by assigning docker0 a private IPv6 subnet (fd17::/64), similar to what is done for IPv4 and use network translation to communicate with the outside world Containers connected to the bridge network now have both IPv4 and IPv6 connectivity (of course the system must have IPv6 configured in the network configuration) In addition several enhancements are made in the IPv6 implementation to better deal with the use (or no-use) of IPv6 Plugins page The plugins page now loads information in two steps. First the list of plugins is created and next the more time consuming plugin status field is retrieved in the background. The result is a faster loading plugins page, especially when you have a lot of plugins installed Dashboard graphs The dashboard has now two graphs available. The CPU graph is displayed by default, while the NETWORK graph is a new option under Interface (see the 'General Info' selection) The CPU graph may be hidden as well in case it is not desired Both graphs have a configurable time-line, which is by default 30 seconds and can be changed independently for each graph to see a longer or shorter history. Graphs are updated in real-time and are useful to observe the behavior of the server under different circumstances Other Changes We switched to a better-maintained version of the WSD server component called wsdd2 in an effort to eliminate instances where the wsd daemon would start consuming 100% of a CPU core. [rc2] Automatically restrict wsdd to listen only at the primary network interface (br0, bond0, or eth0, depending on config). Fixed issue where you couldn't create a docker image on a share name that contains a space. Fixed issue where 'mover' would not move to a pool name that contains a space. Fixed issue in User Share file system where permissions were not being honored. We increased the font size in Terminal and [rc2] fixed issue with macOS Monterey. [rc2] Fixed jumbo frames not working. [rc2] sysctl: handle net.netfilter.nf_conntrack_count max exceeded (increase setting to 131072) - hattip to Community Member @DieFalse [rc2] Mover will create '.partial' file and then rename upon completion. [rc2] Check bz file sha256sums at boot time. Credits Special thanks to all our beta testers and especially: @bonienl for his continued refinement and updating of the Dynamix webGUI. @Squid for continued refinement of Community Apps and associated feed. @dlandon for continued refinement of Unassigned Devices plugin and patience as we change things under the hood. @ich777 for assistance and passing on knowledge of Linux kernel config changes to support third party drivers and other kernel-related functionality via plugins. @SimonF for refinements to System Devices page and other webGUI improvements. We intend to merge your mover progress changes during this RC series. Version 6.10.0-rc2 2021-11-01 (vs. 6.10.0-rc1) Base distro: acpid: version 2.0.33 at-spi2-core: version 2.42.0 bind: version 9.16.22 btrfs-progs: version 5.14.2 ca-certificates: version 20211005 cifs-utils: version 6.14 coreutils: version 9.0 cryptsetup: version 2.4.1 curl: version 7.79.1 dhcpcd: version 9.4.1 dnsmasq: version 2.86 docker: version 20.10.9 e2fsprogs: version 1.46.4 ethtool: version 5.14 file: version 5.41 fribidi: version 1.0.11 fuse3: version 3.10.5 gd: version 2.3.3 gdbm: version 1.22 git: version 2.33.1 glib2: version 2.70.0 glibc-zoneinfo: version 2021e gnutls: version 3.7.2 grep: version 3.7 gzip: version 1.11 harfbuzz: version 3.0.0 haveged: version 1.9.15 htop: version 3.1.1 iproute2: version 5.14.0 jansson: version 2.14 json-glib: version 1.6.6 libXi: version 1.8 libarchive: version 3.5.2 libedit: version 20210910_3.1 libepoxy: version 1.5.9 libgcrypt: version 1.9.4 libgudev: version 237 libjpeg-turbo: version 2.1.1 libssh: version 0.9.6 libssh2: version 1.10.0 libtpms: version 0.9.0 libvirt: version 7.8.0 libvirt-php: version 0.5.6a libwebp: version 1.2.1 libxkbcommon: version 1.3.1 lvm2: version 2.03.13 mc: version 4.8.27 mcelog: version 179 nano: version 5.9 ncurses: version 6.3 nghttp2: version 1.46.0 nginx: version 1.19.10 ntfs-3g: version 2021.8.22 openssh: version 8.8p1 openssl: version 1.1.1l openssl-solibs: version 1.1.1l pam: version 1.5.2 pango: version 1.48.10 pcre2: version 10.38 php: version 7.4.24 qemu: version 6.1.0 samba: version 4.15.0 sudo: version 1.9.8p2 swtpm: version 0.6.1 ttyd: version 20211023 usbutils: version 014 util-linux: version 2.37.2 wget: version 1.21.2 wireguard-tools: version 1.0.20210914 wsdd2: version 1.8.6 xfsprogs: version 5.13.0 xkeyboard-config: version 2.34 xrdb: version 1.2.1 xterm: version 369 Linux kernel: version 5.14.15 restore CONFIG_X86_X32: x32 ABI for 64-bit mode added so-called "add-relaxable-rmrr-5_8_and_up.patch" modified for this kernel added several ACPI-related CONFIG settings added CONFIG_TCG_TPM and associated TPM chip drivers added CONFIG_NFSD_V4: NFS server support for NFS version 4 added CONFIG_USB_NET_AQC111: Aquantia AQtion USB to 5/2.5GbE Controllers support added NFS_V4: NFS client support for NFS version 4 oot: md/unriad: version 2.9.19 oot: nvidia: version 470.63.01 [via plugin] oot: r8125:version 9.006.04 oot: r8152: version 2.15.0 Management: emhttpd: fix regression: user shares should be enabled by default emhttpd: minimize information transmitted by 'stock' UpdateDNS function firefox: version 91.0.r20210823123856 (AppImage) mover: append '.partial' suffix to filename when move in-progess rc.mcelog: mcelog added to base distro rc.nginx: support custom wildcard self-signed certs rc.S: check bz file sha256 during initial boot sysctl: handle net.netfilter.nf_conntrack_count max exceeded (increase setting to 131072) wsdd2: listen only on active interface by default (br0, bond0, or eth0) webgui: remove 'My Servers' skeleton page webgui: present CA-signed certificate subject as a link webgui: Relax update frequency a bit webgui: Docker: Only save templates as v2 webgui: Fix pools display on Main page when empty pool exists webgui: Escape double quotes in text input submit webgui: Add 'root' folder protection to filetree webgui: Support multi-language in filetree display webgui: Use background checking for flash corruption webgui: Proactive script security hardening webgui: Diagnostics: add check for DNS Rebinding Protection webgui: Diagnostics: privatize routable IPs webgui: Diagnostics: add url details webgui: Docker: Fix incorrect caching when deleting / recreating image webgui: Silence PHP error on syslinux page if flash drive is missing webgui: various Multi-language corrections webgui: VM Manager: added Windows 11 template and OVMF TPM webgui: VM Manager: add virtio-win-0.1.208.iso download link webgui: Sign-in required to provision/renew Unraid LE SSL certificate

This release includes some bug fixes and update of base packages. Notable changes: Revert out-of-tree Intel ixgbe network driver back to in-tree version. Changing root user password will log out all webGUI browser sessions. Changed the row highlighting on Main and Shares page. WireGuard improvments Improved IPv6 support Please note: It would be extremely helpful to us to report issues by creating separate Reports here rather than creating a reply in this topic. 6.10.0 Summary of Changes and New Features As always, prior to updating, create a backup of your USB flash device: "Main/Flash/Flash Device Settings" - click "Flash Backup". [rc3] Plugin Authors: We patched the upgradepkg script to prevent it from replacing an installed package with an earlier version of the same package, i.e., no downgrading. If a plugin really needs to replace a package with a downgraded version it can include the '--reinstall' option. Also be sure to check out the Dynamix File Manager plugin available now through Community Apps! UPC and My Servers Plugin The most visible new feature is located in the upper right corner of the webGUI header. We call this the User Profile Component, or UPC. The UPC allows a user to better manage their registration keys and install the optional My Servers plugin. My Servers is what we call our set of cloud-based services and features that integrate with your Unraid server(s). After installing the My Servers plugin, you will be prompted to sign-in your server with an existing Unraid.net account, or create a new Unraid.net account. Once installed here are some of the features of My Servers: Real-time Status - with the plugin installed each server tile on the My Servers Dashboard will display real-time status such as whether the server is online or offline, storage utilization and other information. Local Access link - this is a direct link the the server webGUI on your LAN. Remote Access link - if enabled, a link is displayed on the My Servers Dashboard to bring up a server webGUI remotely and over the Internet. Automatic Flash Backup - every registered server is provided with a private git repo initially populated with the contents of your USB flash boot device (except for certain files which contain private information such as passwords). Thereafter, configuration changes are automatically committed. A link is provided to download a custom zip file that can be fed as input to the USB Flash Creator tool to move your configuration to a new USB flash device. Notification of critical security-related updates. In the event a serious security vulnerability has been discovered and patched, we will send out a notification to all email addresses associated with registered servers. Posting privilege in a new set of My Servers forum boards. Signed-in servers maintain a websocket connection to a cloud-based Lime Technology proxy server for the purpose of relaying real-time status. Refer to the Privacy section for more information. Security Changes It is now mandatory to define a root password. We also created a division in the Users page to distinguish root from other user names. The root UserEdit page includes a text box for pasting SSH authorized keys. For new configurations, the flash share default export setting is No. For all new user shares, the default export setting is No. For new configurations, SMBv1 is disabled by default. For new configurations, telnet, ssh, and ftp are disabled by default. We removed certain strings from Diagnostics such as passwords found in the 'go' file. [rc6] Changing root user password will log out all webGUI browser sessions. Virtualization Both libvirt and qemu have been updated. In addition, qemu has been compiled with OpenGL support, and [rc2] ARM emulation (experimental). [rc2] To support Windows 11 which requires TPM and Secure boot, we have added TPM emulation; and, added a "Windows 11" VM template which automatically selects TPM-aware OVMF bios. Also, here are instructions for upgrading a Windows 10 VM to Windows 11. Special thanks to @ich777 who researched and determined what changes and components were necessary to provide this functionality. The built-in Firefox browser available in GUI-mode boot is built as an AppImage and located in the bzfirmware compressed file system image. This saves approximately 60MB of RAM. The Wireguard plugin has been integrated into webGUI, that is, no need for the plugin. If you had the plugin installed previously, it will be uninstalled and moved to the "Plugins/Plugin File Install Errors" page. No action is needed unless you want to press the Delete button to remove it from that page. Your WireGuard tunnels and settings will be preserved. [rc5] Resident network guru @bonienl has added the capability to bind a Wireguard virtual network interface to a docker container. One use of this feature is to configure a Wireguard-enabled VPN which may then be exclusively used by that container, while you main server makes use of the normal LAN network interface. Please refer to this post for additional details. Simplified installation of the Community Apps plugin. The webGUI automatically includes the Apps menu item, and if CA is not already installed, the page offers an Install button. No need to hunt for the plugin link. [rc3] Moving to Let's Encrypt wildcard SSL certificates. Starting with this release, we no longer issue new single-host SSL certificates (which we're calling legacy certificates). Instead, all new Unraid.net SSL certificates are wildcard certificates (still provided by Let's Encrypt). The URL used to access your server making use of a wildcard certificate has this form: https://[lan-ip].[hash].myunraid.net where, [lan-ip] is your severs LAN IP address with dots changed to dashes [hash] is a 40-character hex string (160 bits) unique to this server (and different from similar [hash] in legacy certificates) example: https://192-168-100-1.af01305221921f93aabae93f13800dcea41dc681e.myunraid.net We added a new DDNS server which listens at "myunraid.net". This server extracts [lan-ip] from the domain name and returns the IP address where the dashes are changed back into dots. There are several benefits to this approach for both our users and for us: Eliminates DNS propagation delays when you first provision a certificate or when a server LAN IP address (or WAN IP address) changes. Since the domain name includes the IP address, any IP address change also changes the domain name, hence will not be contained in any intermediate DNS cache. We also changed the TTL from 1 hour to 7 days further reducing overhead and alleviating issues where someone's internet goes down for brief periods. There is no longer a requirement for the server to actively update a DDNS server. Improves privacy because your remote access WAN IP address can't be determined by simply prepending "www" to your local access URL. Moves DNS functionality off the 'unraid.net' domain and isolates it on 'myunraid.net' domain. In previous releases code that provisions (allocates and downloads) an Unraid.net SSL certificate would first test if DNS Rebinding Protection was enforced on the user's LAN; and, if so, would not provision the certificate. Since there are other uses for a LE certificate we changed the code so that provision would always proceed. Next, we changed the logic behind the Auto selection of "Use SSL/TLS" setting on the Management Access page. Now it is only possible to select Auto if both a LE certificate has been provisioned and DNS Rebinding Protection is not enforced. This is a subtle change but permits certain My Servers features such as Remote Access. Upon upgrading, you will need to modify any server bookmarks with the new the URL. Alternately, if you have installed the My Servers plugin, a local access link is included for each server on your Dashboard. If you have not installed My Servers plugin, since there is no DDNS update daemon, we recommend setting up either a static DHCP lease, or assign a static IP address for your server. Finally, we have set up nginx such that the URL's: http://<server-name>.<local-tld>/ or https://<server-name>.<local-tld>/ will redirect to https://[lan-ip].[hash].myunraid.net More information including use cases may be found in Documentation here. Linux Kernel Upgrade to [rc4] Linux 5.15.x kernel which includes so-called Sequoia and Dirty Pipe vulnerability mitigations. In-tree GPU drivers are now loaded by default if corresponding hardware is detected: amdgpu ast i915 radeon These drivers are required mostly for motherboard on-board graphics used in GUI boot mode. Loading of a driver can be prohibited by creating the appropriate file named after the driver: echo "blacklist i915" > /boot/config/modprobe.d/i915.conf Alternately, the device can be isolated from Linux entirely via the System Devices page. Note that in Unraid OS 6.9 releases the in-tree GPU drivers are blacklisted by default and to enabling loading a driver you need to create an empty "conf" file. After upgrading to Unraid OS 6.10 you may delete those files, or leave them as-is. This change was made to greatly improve the Desktop GUI experience for new users. Added support for Intel GVT-g, which lets you split your Intel i915 iGPU into multiple virtual GPUs and pass them through to multiple VMs, using @ich777's Intel-GVT-g plugin. Added support for gnif/vendor-reset. This simplifies @ich777's AMD Vendor Reset plugin which permits users to get their AMD video cards to reset properly. [rc2] Added so-called "add-relaxable-rmrr-5_8_and_up.patch" modified for our kernel https://github.com/kiler129/relax-intel-rmrr/blob/master/patches/add-relaxable-rmrr-5_8_and_up.patch Thanks to @ich777 for pointing this out. [rc2] Enabled additional ACPI kernel options [rc2] Enabled TPM kernel modules (not utilized yet) - note this is for Unraid host utilizing physical TPM, not emulated TPM support for virtual machnes. [rc4] Updated out-of-tree drivers [rc5] Support Realtek RTL8152/RTL8153 Based USB Ethernet Adapters Base Packages Virtually the entire base package set has been updated. [rc2] For SMB: Samba version 4.15 SMB3 multi-channel is no longer marked "experimental", however is disabled by default. This may be enabled on the Settings/SMB Settings page. Some users have reported issues with SMB3 multi-channel in conjunction with certain network bond configurations. [rc2] Per request we added the mcelog package. With inclusion of this package, if you have an AMD processor you may see this error message in the system log: mcelog: ERROR: AMD Processor family 23: mcelog does not support this processor. Please use the edac_mce_amd module instead. We're not sure what to make of this. It appears mcelog is being deprecated in favor of rasdaemon. This is something we need to research further. Other improvements available in 6.10, which are maybe not so obvious to spot from the release notes and some of these improvements are internal and not really visible: Event driven model to obtain server information and update the webGUI in real-time The advantage of this model is its scalability. Multiple browsers can be opened simultaneously to the webGUI without much impact In addition stale browser sessions won't create any CSRF errors anymore People who keep their browser open 24/7 will find the webGUI stays responsive at all times [rc3] Consistent state information is maintained across all browser instances open to a particular server Docker labels Docker labels are added to allow people using Docker compose to make use of icons and GUI access Look at a Docker 'run' command output to see exactly what labels are used Docker custom networks A new setting for custom networks is available. Originally custom networks are created using the macvlan mode, and this mode is kept when upgrading to version 6.10 The new ipvlan mode is introduced to battle the crashes some people experience when using macvlan mode. If that is your case, change to ipvlan mode and test. Changing of mode does not require to reconfigure anything on Docker level, internally everything is being taken care off. Docker bridge network (docker0) docker0 now supports IPv6. This is implemented by assigning docker0 a private IPv6 subnet (fd17::/64), similar to what is done for IPv4 and use network translation to communicate with the outside world Containers connected to the bridge network now have both IPv4 and IPv6 connectivity (of course the system must have IPv6 configured in the network configuration) In addition several enhancements are made in the IPv6 implementation to better deal with the use (or no-use) of IPv6 Plugins page The plugins page now loads information in two steps. First the list of plugins is created and next the more time consuming plugin status field is retrieved in the background. The result is a faster loading plugins page, especially when you have a lot of plugins installed Dashboard graphs The dashboard has now two graphs available. The CPU graph is displayed by default, while the NETWORK graph is a new option under Interface (see the 'General Info' selection) The CPU graph may be hidden as well in case it is not desired Both graphs have a configurable time-line, which is by default 30 seconds and can be changed independently for each graph to see a longer or shorter history. Graphs are updated in real-time and are useful to observe the behavior of the server under different circumstances Scheduler Improvements [rc3] You can now split a parity check into smaller pieces and let it run over multiple days or weeks. For example a check can be performed in a time frame of 01:00am to 06:00am for several days in a row until it is completed. This way a long parity check won’t interfere with the normal day activities, like watching a movie. [rc3] Added ability to schedule pool 'balance' and 'scrub' operations and calculate whether a full balance is recommended. Other Changes We switched to a better-maintained version of the WSD server component called wsdd2 in an effort to eliminate instances where the wsd daemon would start consuming 100% of a CPU core. Fixed issue where you couldn't create a docker image on a share name that contains a space. Fixed issue where 'mover' would not move to a pool name that contains a space. Fixed issue in User Share file system where permissions were not being honored. We increased the font size in Terminal and [rc2] fixed issue with macOS Monterey. Terminal font size is configurable via Settings/Display Settings page. [rc2] Fixed jumbo frames not working. [rc2] sysctl: handle net.netfilter.nf_conntrack_count max exceeded (increase setting to 131072) - hattip to Community Member @DieFalse [rc2] Mover will create '.partial' file and then rename upon completion. [rc2] Enabled NFSv4 support. [rc2] Check bz file sha256sums at boot time. [rc3] Fixed bug found by @thohell where md_sync_limit was not being honored to limit stripe_head cache usage when other I/O is active. The effect of this fix is to drastically slow down parity operations if other I/O is happening (such as streaming a video). Throttling of parity sync operations can be adjusted by changing the 'Settings/Disk Settings/Tunable (md_sync_limit)' value. [rc3] Fixed btrfs pool device replace corner cases. Important note: if you 'unassign' a device from a btrfs multiple-device pool, and that device is still physically present, upon array Start we will erase the LUKS header on the device if present, and delete the partition structure, thereby effectively erasing all the data contained on the device. This is necessary in order to convince btrfs to no longer use the device and to free it for assignment to another pool. [rc3] For cookies managed by webGUI, changed sameSite cookie attribute from 'strict' to 'lax'. This change was made to solve an issue with Terminal window not opening in Safari. [rc5] Fixed a bug where replacing a device in a multiple-device btrfs pool would still tag the old device as missing. [rc5] Fixed an issue where hot plugging a device in a server with spun-down SAS drive(s) could cause the SAS drive(s) to appear unassigned. [rc5] Fixed an issue where the server would disappear from Windows Network after docker and/or VM startup. [rc5] Fixed md/unraid driver regression which would confuse XFS, making it think an online shrink had occurred. [rc5] Fixed: Prevent Unraid from hanging when the array is stopped, while VMs are in paused or suspended state. [rc6] Added ServerChan and Pushplus notification agents, thanks to @ludoux Numerous other small bug fixes and improvements. Credits Special thanks to all our beta testers and especially: @bonienl for his continued refinement and updating of the Dynamix webGUI. @Squid for continued refinement of Community Apps and associated feed. @dlandon for continued refinement of Unassigned Devices plugin and patience as we change things under the hood. @ich777 for assistance and passing on knowledge of Linux kernel config changes to support third party drivers and other kernel-related functionality via plugins. @SimonF for refinements to System Devices page and other webGUI improvements. @thohell for an extra set of eyes looking at md/unraid driver and for work-in-progress of adding changes to support multiple Unraid arrays. Version 6.10.0-rc6 2022-05-04 (vs. 6.10.0-rc5) Base distro: curl: version 7.83.0 (CVE-2022-22576 CVE-2022-27774 CVE-2022-27775 CVE-2022-27776) docker: version 20.10.14 (CVE-2022-24769) intel-microcode: version 20220419 kernel-firmware: version 20220425_ac21ab5 libvirt: 8.2.0 nginx: verstion 1.21.6 php: version 7.4.29 samba: version 4.15.7 (CVE-2021-44141 CVE-2021-441412 CVE-2022-0336) swtpm:version 0.7.3 (CVE-2022-23645) Linux kernel: Linux 5.15.37-Unraid GIGABYTE_WMI: Gigabyte WMI temperature driver patch: "drm/i915/gen11: Moving WAs to icl_gt_workarounds_init()" oot: ixgbe: revert back to in-tree driver Management: better IPv6 suport emhttpd: delete all PHP sessions when root password is changed (logs everyone out) rc.libvirt: test the existence of a VM before adding it to the NAMES list webgui: Adjusted row highlighting on main and shares page to better suit people with color impairment webgui: Shares: fix wrong size computation webgui: Wireguard: fix import function to accept all keys webgui: Parity check: allow spinup/spindown when operation is paused webgui: fix: remove reauthentication msg from email notifications webgui: Docker: Ignore icon references to default question mark webgui: Docker: translation optimization webgui: Translations: fix creation of empty sessions webgui: Add notification agent for ServerChan webgui: Add notification agent for Pushplus webgui: fix(upc): postmessage interference v1.0.1

This is primarily a bug fix release. We have not addressed every issue that has been reported. In the past we would typically delay releases until most things were addressed; however, we are committed to producing releases as quickly as possible as issues are fixed and small improvements are made. It would be extremely helpful to us to report issues by creating separate Reports here rather than creating a reply in this topic. The main issues addressed here have to do with nchan errors, DNS Rebinding Protection check, and XFS formatting issue. 6.10.0 Summary of Changes and New Features As always, prior to updating, create a backup of your USB flash device: "Main/Flash/Flash Device Settings" - click "Flash Backup". [rc3] Plugin Authors: We patched the upgradepkg script to prevent it from replacing an installed package with an earlier version of the same package, i.e., no downgrading. If a plugin really needs to replace a package with a downgraded version it can include the '--reinstall' option. Also be sure to check out the Dynamix File Manager plugin available now through Community Apps! UPC and My Servers Plugin The most visible new feature is located in the upper right corner of the webGUI header. We call this the User Profile Component, or UPC. The UPC allows a user to associate their server(s) and license key(s) with their Unraid Community forum account, also known as an Unraid.net account. Starting with this release, it will be necessary for a new user to either sign-in with existing forum credentials or sign-up, creating a new account via the UPC in order to download a Trial key. All key purchases and upgrades are also handled exclusively via the UPC. Signing-in provides these benefits: My Servers Dashboard - when logged into the forum a new My Servers menu item appears. Clicking this brings up a Dashboard which displays a set of tiles representing servers associated with this account. Each tile includes a link to bring up the servers webGUI on your LAN. Install the My Servers plugin to provide real-time status and other advanced features (see below). Notification of critical security-related updates. In the event a serious security vulnerability has been discovered and patched, we will send out a notification to all email addresses associated with registered servers. Posting privilege in a new set of My Servers forum boards. No more reliance on email and having to copy/paste key file URLs in order to install a license key - keys are delivered and installed automatically to your server. Once a license key has been provisioned, it is not necessary to remain signed-in, though there is no particular reason to sign-out. My Servers Plugin My Servers is what we call our set of cloud-based or cloud-enabled services and features that integrate with your Unraid server(s). Once installed here are some of the features of My Servers: Real-time Status - with the plugin installed each server tile on the My Servers Dashboard will display real-time status such as whether the server is online or offline, storage utilization and other information. Remote Access link - if enabled, a link is displayed on the My Servers Dashboard to bring up a server webGUI remotely and over the Internet. Automatic Flash Backup - every registered server is provided with a private git repo initially populated with the contents of your USB flash boot device (except for certain files which contain private information such as passwords). Thereafter, configuration changes are automatically committed. A link is provided to download a custom zip file that can be fed as input to the USB Flash Creator tool to move your configuration to a new USB flash device. My Servers is an optional add-on, installed through Community Apps or via direct plugin URL. Detailed instructions can be found here. If you have installed the My Servers plugin, signed-in servers will maintain a websocket connection to a cloud-based Lime Technology proxy server for the purpose of relaying real-time status. Security Changes It is now mandatory to define a root password. We also created a division in the Users page to distinguish root from other user names. The root UserEdit page includes a text box for pasting SSH authorized keys. For new configurations, the flash share default export setting is No. For all new user shares, the default export setting is No. For new configurations, SMBv1 is disabled by default. For new configurations, telnet, ssh, and ftp are disabled by default. We removed certain strings from Diagnostics such as passwords found in the 'go' file. Virtualization Both libvirt and qemu have been updated. In addition, qemu has been compiled with OpenGL support, and [rc2] ARM emulation (experimental). [rc2] To support Windows 11 which requires TPM and Secure boot, we have added TPM emulation; and, added a "Windows 11" VM template which automatically selects TPM-aware OVMF bios. Also, here are instructions for upgrading a Windows 10 VM to Windows 11. Special thanks to @ich777 who researched and determined what changes and components were necessary to provide this functionality. The built-in Firefox browser available in GUI-mode boot is built as an AppImage and located in the bzfirmware compressed file system image. This saves approximately 60MB of RAM. The Wireguard plugin has been integrated into webGUI, that is, no need for the plugin. If you had the plugin installed previously, it will be uninstalled and moved to the "Plugins/Plugin File Install Errors" page. No action is needed unless you want to press the Delete button to remove it from that page. Your WireGuard tunnels and settings will be preserved. Simplified installation of the Community Apps plugin. The webGUI automatically includes the Apps menu item, and if CA is not already installed, the page offers an Install button. No need to hunt for the plugin link. [rc3] Moving to Let's Encrypt wildcard SSL certificates. Starting with this release, we no longer issue new single-host SSL certificates (which we're calling legacy certificates). Instead, all new Unraid.net SSL certificates are wildcard certificates (still provided by Let's Encrypt). In order to provision a new wildcard certificate, or upgrade a legacy certificate, you must be signed-in to Unraid.net. You do not need to be signed-in however, to have either type of certificate automatically renewed when it is within 30 days of expiration. The URL used to access your server making use of a wildcard certificate has this form: https://[lan-ip].[hash].myunraid.net where, [lan-ip] is your severs LAN IP address with dots changed to dashes [hash] is a 40-character hex string (160 bits) unique to this server (and different from similar [hash] in legacy certificates) example: https://192-168-100-1.af01305221921f93aabae93f13800dcea41dc681e.myunraid.net We added a new DDNS server which listens at "myunraid.net". This server extracts [lan-ip] from the domain name and returns the IP address where the dashes are changed back into dots. There are several benefits to this approach for both our users and for us: Eliminates DNS propagation delays when you first provision a certificate or when a server LAN IP address (or WAN IP address) changes. Since the domain name includes the IP address, any IP address change also changes the domain name, hence will not be contained in any intermediate DNS cache. We also changed the TTL from 1 hour to 7 days further reducing overhead and alleviating issues where someone's internet goes down for brief periods. Improves privacy because your remote access WAN IP address can't be determined by simply prepending "www" to your local access URL. Moves DNS functionality off the 'unraid.net' domain and isolates it on 'myunraid.net' domain. In previous releases code that provisions (allocates and downloads) an Unraid.net SSL certificate would first test if DNS Rebinding Protection was enforced on the user's LAN; and, if so, would not provision the certificate. Since there are other uses for a LE certificate we changed the code so that provision would always proceed. Next, we changed the logic behind the Auto selection of "Use SSL/TLS" setting on the Management Access page. Now it is only possible to select Auto if both a LE certificate has been provisioned and DNS Rebinding Protection is not enforced. This is a subtle change but permits certain My Servers features such as Remote Access. Upon upgrading, you will need to modify any server bookmarks with new the URL; however, if you server is signed-in to Unraid.net then the My Servers dashboard maintains the correct Local Access URL for each of your servers. More information including use cases may be found in Documentation here. Linux Kernel Upgrade to [rc4] Linux 5.15.30 kernel which includes so-called Sequoia and Dirty Pipe vulnerability mitigations. In-tree GPU drivers are now loaded by default if corresponding hardware is detected: amdgpu ast i915 radeon These drivers are required mostly for motherboard on-board graphics used in GUI boot mode. Loading of a driver can be prohibited by creating the appropriate file named after the driver: echo "blacklist i915" > /boot/config/modprobe.d/i915.conf Alternately, the device can be isolated from Linux entirely via the System Devices page. Note that in Unraid OS 6.9 releases the in-tree GPU drivers are blacklisted by default and to enabling loading a driver you need to create an empty "conf" file. After upgrading to Unraid OS 6.10 you may delete those files, or leave them as-is. This change was made to greatly improve the Desktop GUI experience for new users. Added support for Intel GVT-g, which lets you split your Intel i915 iGPU into multiple virtual GPUs and pass them through to multiple VMs, using @ich777's Intel-GVT-g plugin. Added support for gnif/vendor-reset. This simplifies @ich777's AMD Vendor Reset plugin which permits users to get their AMD video cards to reset properly. [rc2] Added so-called "add-relaxable-rmrr-5_8_and_up.patch" modified for our kernel https://github.com/kiler129/relax-intel-rmrr/blob/master/patches/add-relaxable-rmrr-5_8_and_up.patch Thanks to @ich777 for pointing this out. [rc2] Enabled additional ACPI kernel options [rc2] Enabled TPM kernel modules (not utilized yet) - note this is for Unraid host utilizing physical TPM, not emulated TPM support for virtual machnes. [rc4] Updated out-of-tree drivers Base Packages Virtually the entire base package set has been updated. [rc2] For SMB: Samba version 4.15 SMB3 multi-channel is no longer marked "experimental" and is enabled by default. [rc2] Per request we added the mcelog package. With inclusion of this package, if you have an AMD processor you may see this error message in the system log: mcelog: ERROR: AMD Processor family 23: mcelog does not support this processor. Please use the edac_mce_amd module instead. We're not sure what to make of this. It appears mcelog is being deprecated in favor of rasdaemon. This is something we need to research further. Other improvements available in 6.10, which are maybe not so obvious to spot from the release notes and some of these improvements are internal and not really visible: Event driven model to obtain server information and update the webGUI in real-time The advantage of this model is its scalability. Multiple browsers can be opened simultaneously to the webGUI without much impact In addition stale browser sessions won't create any CSRF errors anymore People who keep their browser open 24/7 will find the webGUI stays responsive at all times [rc3] Consistent state information is maintained across all browser instances open to a particular server Docker labels Docker labels are added to allow people using Docker compose to make use of icons and GUI access Look at a Docker 'run' command output to see exactly what labels are used Docker custom networks A new setting for custom networks is available. Originally custom networks are created using the macvlan mode, and this mode is kept when upgrading to version 6.10 The new ipvlan mode is introduced to battle the crashes some people experience when using macvlan mode. If that is your case, change to ipvlan mode and test. Changing of mode does not require to reconfigure anything on Docker level, internally everything is being taken care off. Docker bridge network (docker0) docker0 now supports IPv6. This is implemented by assigning docker0 a private IPv6 subnet (fd17::/64), similar to what is done for IPv4 and use network translation to communicate with the outside world Containers connected to the bridge network now have both IPv4 and IPv6 connectivity (of course the system must have IPv6 configured in the network configuration) In addition several enhancements are made in the IPv6 implementation to better deal with the use (or no-use) of IPv6 Plugins page The plugins page now loads information in two steps. First the list of plugins is created and next the more time consuming plugin status field is retrieved in the background. The result is a faster loading plugins page, especially when you have a lot of plugins installed Dashboard graphs The dashboard has now two graphs available. The CPU graph is displayed by default, while the NETWORK graph is a new option under Interface (see the 'General Info' selection) The CPU graph may be hidden as well in case it is not desired Both graphs have a configurable time-line, which is by default 30 seconds and can be changed independently for each graph to see a longer or shorter history. Graphs are updated in real-time and are useful to observe the behavior of the server under different circumstances Scheduler Improvements [rc3] You can now split a parity check into smaller pieces and let it run over multiple days or weeks. For example a check can be performed in a time frame of 01:00am to 06:00am for several days in a row until it is completed. This way a long parity check won’t interfere with the normal day activities, like watching a movie. [rc3] Added ability to schedule pool 'balance' and 'scrub' operations and calculate whether a full balance is recommended. Other Changes We switched to a better-maintained version of the WSD server component called wsdd2 in an effort to eliminate instances where the wsd daemon would start consuming 100% of a CPU core. [rc2] Automatically restrict wsdd to listen only at the primary network interface (br0, bond0, or eth0, depending on config). Fixed issue where you couldn't create a docker image on a share name that contains a space. Fixed issue where 'mover' would not move to a pool name that contains a space. Fixed issue in User Share file system where permissions were not being honored. We increased the font size in Terminal and [rc2] fixed issue with macOS Monterey. [rc2] Fixed jumbo frames not working. [rc2] sysctl: handle net.netfilter.nf_conntrack_count max exceeded (increase setting to 131072) - hattip to Community Member @DieFalse [rc2] Mover will create '.partial' file and then rename upon completion. [rc2] Check bz file sha256sums at boot time. [rc3] Fixed bug found by @thohell where md_sync_limit was not being honored to limit stripe_head cache usage when other I/O is active. The effect of this fix is to drastically slow down parity operations if other I/O is happening (such as streaming a video). Throttling of parity sync operations can be adjusted by changing the 'Settings/Disk Settings/Tunable (md_sync_limit)' value. [rc3] Fixed btrfs pool device replace corner cases. Important note: if you 'unassign' a device from a btrfs multiple-device pool, and that device is still physically present, upon array Start we will erase the LUKS header on the device if present, and delete the partition structure, thereby effectively erasing all the data contained on the device. This is necessary in order to convince btrfs to no longer use the device and to free it for assignment to another pool. [rc3] For cookies managed by webGUI, changed sameSite cookie attribute from 'strict' to 'lax'. This change was made to solve an issue with Terminal window not opening in Safari. Credits Special thanks to all our beta testers and especially: @bonienl for his continued refinement and updating of the Dynamix webGUI. @Squid for continued refinement of Community Apps and associated feed. @dlandon for continued refinement of Unassigned Devices plugin and patience as we change things under the hood. @ich777 for assistance and passing on knowledge of Linux kernel config changes to support third party drivers and other kernel-related functionality via plugins. @SimonF for refinements to System Devices page and other webGUI improvements. We intend to merge your mover progress changes during this RC series. @thohell for an extra set of eyes looking at md/unraid driver and for work-in-progress of adding changes to support multiple Unraid arrays. Version 6.10.0-rc4 2022-03-19 (vs. 6.10.0-rc3) Base distro: docker: version 20.10.13 firefox: 98.0.r20220313140707 (AppImage) kbd: version 1.15.3 (to support non-US keyboards) Linux kernel: Linux 5.15.30-Unraid oot: md/unraid: version 2.9.22 (revert setting min sector size to 4096) oot: added Intel ixgbe: version 5.14.6 Management: emhttpd: add 'rootshare' reserved name rc.nginx: prefer IPv4 if both IPv4 and IPv6 rc.nginx: ignore case in processing Subject field for custom certificates rc.nginx: remove default server block returning 404 for https if USE_SSL==no and no CA-signed cert webgui: Docker: Add Network / Privacy Category webgui: Revert back to default capitalization of device names webgui: Fix PHP error when calculating balance level webgui: Docker: make popup window fit in browser window webgui: Change parity sync notification from error to notice level webgui: Changed header selection for better support of Android webgui: Let setting "showBannerGradient" default to "yes" webgui: Remove Nchan error detection (Rely on the automatic reconnect of Nchan to re-establish connections when communication is slow) webgui: Fix: Improved DNS Rebinding checks webgui: Revised filedrop.js webgui: Use https for internet connectivity check webgui: Fix regression error for themes auzre & gray webgui: Highlight selected row when hovering over array or shares

Welcome to 6.9 beta release development! This initial -beta1 release is exactly the same code set of 6.8.3 except that the Linux kernel has been updated to 5.5.8 (latest stable as of this date). We have only done basic testing on this release; normally we would not release 'beta' code but some users require the hardware support offered by the latest kernel along with security updates added into 6.8. Important: Beta code is not fully tested and not feature-complete. We recommend running on test servers only! Unfortunately none of our out-of-tree drivers will build with this kernel. Some were reverted back to in-tree version, some were omitted. We anticipate that by the time 6.9 enters 'rc' phase, we'll be on the 5.6 kernel and hopefully some of these out-of-tree drivers will be restored. We will be phasing in some new features, improvements, and changes to address certain bugs over the coming weeks - these will all be -beta releases. Don't be surprised if you see a jump in the beta number, some releases will be private. Version 6.9.0-beta1 2020-03-06 Linux kernel: version 5.5.8 igb: in-tree ixgbe: in-tree r8125: in-tree r750: (removed) rr3740a: (removed) tn40xx: (removed)

It's easy for us to get overwhelmed by new issues, especially coinciding with new features and new kernel releases. Our lack of immediate reply does not mean your report is being ignored. We very much appreciate all hints, testing results, etc. Remember, for very odd issues, please reboot in "Safe Mode" to ensure no strange interaction with a plugin.

Please refer to the 6.12.0-rc1 topic for a general overview. Version 6.12.0-rc7 2023-06-05 Changes vs. 6.12.0-rc6 Share "exclusive mode": Added "Settings/Global Share Settings/Permit exclusive shares" [Yes/No] default: No. Fix issue marking share exclusive when changing Primary storage to a pool but share does not exist there yet. Make exclusive share symnlinks relative. Disable exclusive share mode if the share NFS-exported. Networking: Fix issue where/etc/resolve.conf can get deleted when switching DNS Server between auto/static. Support custom interfaces (e.g. Tailscale VPN tunnel or zerotier L2 tunnel) Web Terminal: Change renderer from webgl to canvas to mitigate issue with latest Chrome update. For better readability, changed background color on directory listings where 'w+o' is set. Docker: Fix issue detecting proper shutdown of docker. rc.docker: Fix multiple fixed IPs VM Manager: Fix issues with VM page loads if users have removed vcpu pinning. ovmf-stable: version 202305 (build 3) Other: Fix issue mounting emulated encrypted unRAID array devices. Fix ntp drift file save/restore from persistent USB flash 'config' directory. Remove extraneous /root/.config/remmina file Misc. changes to accommodate webGui repo reorganizaion. webGUI: Fixed regression error in disk critical / warning coloring & monitoring Linux kernel version 6.1.32 CONFIG_FANOTIFY: Filesystem wide access notification

Starting with 6.11.0-rc5 we have added some features to help us figure out the proper mix of SMB settings which will achieve the best performance/functionality with MacOS. This mainly involves tuning the so-called "fruit" SMB parameters. Please refer to the Samba "vfs_fruit" doc: https://www.samba.org/samba/docs/current/man-html/vfs_fruit.8.html First you will notice there are Global options and Per-Share options. The global options are set in /etc/samba/smb.conf file on your server. All the options are listed near the bottom, and ones which vary from the default setting are uncommented. I don't think we will need to change these options but if you want to experiment then add your changes to /boot/config/smb-extra.conf file. Next are the set of per-share options. These are set in /etc/samba/smb-fruit.conf file on your server. Again all options are listed there and only the ones which deviate from default are uncommented. In addition, you may create the file /boot/config/smb-fruit.conf on your flash device and when Samba starts or is restarted, those options will override the options in /etc/samba/smb-fruit.conf. Thus a good staring point would be to: cp /etc/samba/smb-fruit.conf /boot/config and now you can make changes to /boot/config/smb-fruit.conf After making a change you can type this command to to restart Samba: samba restart For any of this to be applied, you first need to ensure that "Settings/SMB/Enhanced macOS interoperability" is set to Yes. This will tell Unraid OS to include the contents of the smb-fruit.conf file in each share (except for the 'flash' share, see below). Note: we actually have per-share hidden settings for enabling 'fruit', however from the documentation we read: Thus there is no UI for these settings, instead either all shares or no shares have 'fruit' extensions. As for the 'flash' share, again from the doc we read: (emphasis mine). They say 'streams_xattr' must be loaded, but later in the doc they talk about options that are incompatible with this. In addition certain file system types are inherently incompatible, notably FAT and exFAT because they don't support xattr at all... Hence we can't (or shouldn't) include the 'flash' share in 'fruit' but then if the 'flash' share is first share to be accessed on a Mac client, APPL extensions will be disabled for the duration... Yes this is confusing, maybe best bet is to not export the 'flash' share in MacOS environment. If it is exported, the 'testparm' command outputs this warning: WARNING: some services use vfs_fruit, others don't. Mounting them in conjunction on OS X clients results in undefined behaviour. Time machine - if enabled for a share these parameters are automatically added (independent of smb-fruit.conf): fruit:time machine = yes fruit:time machine max size = SIZE # if "vol size limit" specified Finally Spotlight - our build of Samba includes spotlight support but only for 'elasticsearch'. But 'elasticsearch' is not installed in Unraid OS. In other places on the forum people have expressed success by setting the spotlight backend to 'tracker' - but this requires "gnone tracker" which also is not installed in Unraid OS - so I'm not sure what's going on here. Nevertheless, you can add 'spotlight = on' to the smb-fruit.conf file to play around with this. Please limit discussion in this topic to MacOS issues only.

Please refer to the 6.12.0-rc1 topic for a general overview. Anticipating stable release in a couple of days. Version 6.12.0-rc5 2023-05-01 Bug fixes/improvements: Auto-mount all nested ZFS datasets upon array Start. Fix bug in bind-mount when share names contain spaces. Restrict avahidaemon to primary interface. Restrict 'newperms' script to operate on /mnt/ only. Fixed typos in help text. Linux kernel Fixes bug in bind-mount when share names contain spaces. version: 6.1.27 Version 6.12.0-rc4 2023-04-27 New in this release is a conceptual change in the way storage is assigned to shares. Normally such a change would not happen in an -rc series; however, in this case the under-the-hood coding was minimal. The concept outlined below is something we planned on introducing in the Unraid OS 6.13 cycle. We decided to introduce this change now because of increased interest in Unraid OS now that ZFS is supported. The old concept of main storage being the unRAID array with an optional "Cache" is confusing to many new users, especially since cache has a specific meaning in ZFS. Also outlined below, we introduced the concept of an exclusive share. This is simply a share where all the data exists in a single named pool. In this case we set up a bind-mount, bypassing the FUSE-based User Share file system. This feature is primarily aimed at maximizing I/O for large fast ZFS pools accessed via a fast network Share storage conceptual change Configuring the storage options for a share is specified using two inputs: Primary storage Secondary storage Primary storage is where new files/folders are created. If Primary storage is below the Minimum Free Space setting then new files and folders will be created in Secondary storage, if configured. Each input presents a drop-down which lists "array", "none", and each named pool as a selection according to some configuration rules: For the Primary storage drop-down: the "none" option is omitted, ie, Primary storage must be selected any named pool can be selected "Array" can be selected (meaning the unRAID array) For the Secondary storage drop-down: the "none" option is included, ie, Secondary storage is optional if Primary storage is a pool name, then the only options are "none" and "Array" if Primary storage is "Array", then only "none" appears as an option When "Array" is selected for either Primary or Secondary storage, a set of additional settings slide in: Allocation method Included disk(s) Excluded disk(s) Split level When a btrfs named pool is selected for either Primary or Secondary storage, an additional setting slides in: Enable Copy-on-write When a ZFS named pool is selected for either Primary or Secondary storage, there are no additional settings at this time but there could be some in the future. For example, since a share is created as a ZFS dataset, it could have a different compression setting than the parent pool if we need to implement this. Mover action When there is Secondary storage configured for a share the "Mover action" setting becomes enabled, letting the user select the transfer direction of the mover: Primary to Secondary (default) Secondary to Primary Exclusive shares If Primary storage for a share is a pool and Secondary storage is set to "none", then we can set up a bind-mount in /mnt/user/ directly to the pool share directory. (An additional check is made to ensure the share also does not exist on any other volumes.) There is a new status flag, 'Exclusive access' which is set to 'Yes' when a bind-mount is in place; and, 'No' otherwise. Exclusive shares are also indicated on the Shares page. The advantage of setting up a bind-mount is that I/O bypasses FUSE-based user share file system (shfs) which can significantly increase performance. There are some restrictions: Both the share Min Free Space and pool Min Free Space settings are ignored when creating new files on an exclusive share. If there are any open files, mounted loopback images, or attached VM vdisk images on an exclusive share, no settings for the share can be changed. If the share directory is manually created on another volume, files are not visible in the share until after array restart, upon which the share is no longer exclusive. Change Log vs. 6.12.0-rc3 Linux kernel version: 6.1.26 Misc avahi: enable/disable IPv4/IPv6 based on network settings webgui: DeviceInfo: show shareFloor with units webgui: DeviceInfo: added automatic floor calculation webgui: Added autosize message webgui: Shares: added info icon webgui: Updated DeviceInfo and Shares page [explain] webgui: Fix network display aberration. webgui: Auto fill-in minimum free space for new shares webgui: feat(upc): update to v3 for connect webgui: Share/Pool size calculation: show and allow percentage values webgui: VM manager: Make remote viewer and web console options selectable. webgui: VM manager: Option to download .vv file and start remote viewer is browser set to open file .vv when downloaded. webgui: VM manager: Add remote viewer console support webgui: VM manager: Remove-lock-posix='on'-flock='on'/- Base Distro openzfs: version 2.1.11 Version 6.12.0-rc3 2023-04-14 Upgrade notes If you created any zpools using 6.12.0-beta5 please Erase those pools and recreate. If you revert back from 6.12 to 6.11.5 or earlier, you have to force update all your Docker containers and start them manually after downgrading. This is necessary because of the underlying change to cgroup v2 in 6.12.0-rc1. Upon boot, if all PCI devices specified in 'config/vfio-pci.cfg' file do not properly bind, VM Autostart is prevented. You may still start individual VMs. This is to prevent Unraid host crash if hardware PCI IDs changed because of a kernel update or physical hardware change. To restore VM autostart, examine '/var/log/vfio-pci-error' and remove offending PCI IDs from 'config/vfio-pci.cfg' file and reboot. Linux Multi-Gen LRU is a relatively new feature now included but not enabled by default. You can enable by adding this line to your 'config/go' file: echo y > /sys/kernel/mm/lru_gen/enabled If you revert back from 6.12 to 6.11.5 or earlier you many need to remove that line. Obsolete/Broken Plugins There are a few plugins which are known to be incompatible with Unraid 6.12, and upon boot will not be installed. You will get a notification for each plugin that is affected, and can review the list by going to Plugins/Plugin File Install Errors. disklocation-master version 2022.06.18 (Disk Location by olehj, breaks the dashboard) plexstreams version 2022.08.31 (Plex Streams by dorgan, breaks the dashboard) corsairpsu version 2021.10.05 (Corsair PSU Statistics by Fma965, breaks the dashboard) gpustat version 2022.11.30a (GPU Statistics by b3rs3rk, breaks the dashboard) ipmi version 2021.01.08 (IPMI Tools by dmacias72, breaks the dashboard) nut version 2022.03.20 (NUT - Network UPS Tools by dmacias72, breaks the dashboard) NerdPack version 2021.08.11 (Nerd Tools by dmacias72) upnp-monitor version 2020.01.04c (UPnP Monitor by ljm42, not PHP 8 compatible) ZFS-companion version 2021.08.24 (ZFS-Companion Monitor by campusantu, breaks the dashboard) Some of the affected plugins have been taken over by different developers, we recommend that you go to the Apps page and search for replacements. Please ask plugin-specific questions in the support thread for that plugin. ZFS Pools New in this release is the ability to create a ZFS file system in a user-defined pool. In addition you may format any data device in the unRAID array with a single-device ZFS file system. We are splitting full ZFS implementation across two Unraid OS releases. Initial support in this release includes: Support raid0, mirror, raidz1, raidz2 and raidz3 root profiles. Up to 4-way mirror in a mirror vdev. Multiple vdev groups. Support removing single device: if device still present in server, 'wipefs' is used to clear the partition table. Support replacing single missing device with a new device of same or larger size. Support scheduled trimming of ZFS pools. Support pool rename. Pool names must begin with a lowercase letter and only contain lowercase letters, digits, the underscore and dash. Pool names must not end with a digit. Non-root vdev cannot be configured in this release, however, they can be imported. Note: imported hybrid pools may not be expanded in this release. Pools created on other systems may or may not import depending on how the the pool was created. A future update will permit importing pools from any system. A ZFS pool has three variables: profile - the root data organization: raid0, mirror (up to 4-way), raidz1, raidz2, raidz3 width - the number of devices per root vdev groups - the number of root vdevs in the pool At time of ZFS pool creation, the webGUI will present all topology options based on the number of devices assigned to the pool. Special treatment for root single-vdev mirrors: A single-device ZFS pool can be converted to multiple-device mirror by adding up to 3 additional devices in one operation. A 2-device mirror can be increased to 3-device by adding a single device; similarly a 3-device mirror can be increased to 4-device mirror by adding a single device. To add an additional root vdev, you must assign 'width' number of new devices to the pool at the same time. The new vdev will be created with the same 'profile' as the existing vdevs. Additional flexibility in adding/expanding vdevs will be provided in a future update. Pools created with the steini84 plugin can be imported as follows: First create a new pool with the number of slots corresponding to the number of devices in the pool to be imported. Next assign all the devices to the new pool. Upon array Start the pool should be recognized, though certain zpool topologies may not be recognized (please report). Mixed topologies are not supported. For example, a pool with both a mirror root vdev and a raidz root vdev is not recognized. Autotrim can be configured as on or off (except for single-device ZFS volumes in the unRAID array). Compression can be configured as on or off, where on selects lz4. Future update will permit specifying other algorithms/levels. When creating a new ZFS pool you may choose zfs - encrypted, which, like other encrypted volumes, applies device-level encryption via LUKS. ZFS native encryption is not supported at this time. During system boot, the file /etc/modprobe.d/zfs.conf is auto-generated to limit the ZFS ARC to 1/8 of installed memory. This can be overridden if necessary by creating a custom 'config/modprobe.d/zfs.conf' file. Future update will include ability to configure the ARC via webGUI, including auto-adjust according to memory pressure, e.g., VM start/stop. Top-level user shares in a ZFS pool are created as datasets instead of ordinary directories. btrfs pools Autotrim can be configured as on or off when used in a pool. Compression can be configured as on or off. on selects zstd. Future update to permit specifying other algorithms/levels. xfs Autotrim can be configured as on or off when used as a single-slot pool. Docker It is possible to configure the Docker data-root to be placed in a directory on a ZFS storage pool. In this case Docker will use the 'zfs' storage driver. This driver creates a separate dataset for each image layer. Because of this, here is our recommendation for setting up Docker using directory: First, create a docker user share configured as follows: Share name: docker Use cache pool: Only Select cache pool: name of your ZFS pool Next, on Docker settings page: Enable docker: Yes Docker data-root: directory Docker directory: /mnt/user/docker If you ever need to delete the docker persistent state, then bring up the Docker settings page and set Enable docker to No and click Apply. After docker has shut down click the Delete directory checkbox and then click Delete. This will result in deleting not only the various files and directories, but also all layers stored as datasets. Before enabling Docker again, be sure to first re-create the docker share as described above. Other changes: CreateDocker: changed label Docker Hub URL to Registry URL because of GHCR and other new container registries becoming more and more popular. Honor user setting of stop time-out. Accept images in OCI format. Add option to disable readmore-js on container table Fix: Docker Containers console will not use bash if selected VM Manager If you enable copy/paste for virtual consoles you need to install additional software on the client in addition to the QEMU agent if that has been installed. Here is the location for spice-vdagent for both Windows and Linux. Note copy/paste function will not work with web spice viewer you need to use virt-viewer. Add Serial option to vdisk. Spice Bug fix for users with non standard GUI ports defined. OVMF for QEMU: version stable202302 Fix for bus text. Enable copy paste option for virtual consoles Update Memory Backup processing for Virtiofs. Fix lockup when no VMs are present Add support for rtl8139 network model. fix translation omission added lock/unlock for sortable items Fix for Spice Mouse if Copy paste enabled. Dashboard The webGUI Dashboard has been redesigned and it is now possible to move elements (tiles) up and down and between columns. This allows the user to organize the tiles in any way they desire. There is a small lock icon on the menu bar which must be clicked to enable this function. Note: The lock icon also appears on the Docker and VM pages and must be clicked to rearrange the startup order. Release bz file differences Unraid OS is comprised of a set of 5 so-called bz files in the root of the USB Flash boot device: bzimage - the Linux kernel bzroot - the root file system, sans console desktop bzroot-gui - additional files needed for console desktop bzmodules - modules (drivers) associated with the Linux kernel bzfirmware - device firmware required by certain modules Starting with 6.12 release, the content of these files has been rearranged: bzimage - the Linux kernel (same as before) bzroot - the root file system excluding the /usr directory tree bzroot-gui - a single file which auto-starts the console desktop (for compatibility) bzmodules - modules (drivers) associated with the Linux kernel and device firmware required by certain modules bzfirmware - the /usr directory and all files contained therein, including console desktop The results of this change is to speed up the boot process and free up nearly 1G of RAM. It also permits us to add more "stuff" to Unraid OS in the future without requiring more RAM. Finally, when booted in non-GUI mode, the desktop can be started by logging in at the console and typig the 'slim' command. The files bzfirmware and bzmodules are squashfs images mounted using overlayfs at /usr and /lib respectively. Since these files are loopback-mounted, care must be taken if ever you want to perform a manual update. What is a manual update? This is a method of updating Unraid OS on your USB flash boot device without using the Tools/Update OS function. Typically one would either: open a Terminal window, wget the release zip file, unzip the release, and then 'cp' the bz files to root of the boot device. or export the 'flash' share on your network and drag the bz files from a PC directly to the flash. Either method, starting with 6.12 can fail because the bzfirmware file will be overwritten while it is still mounted - not good. To get around this, you must first create a temp directory on the flash device and then 'mv' (or drag) all the bz files to this temp directly. Now you can copy the new bz files in place and reboot. Linux kernel version 6.1.23 md/unraid: version 2.9.27 CONFIG_FS_DAX: File system based Direct Access (DAX) support CONFIG_VIRTIO_FS: Virtio Filesystem CONFIG_ZONE_DEVICE: Device memory (pmem, HMM, etc...) hotplug support CONFIG_USBIP_HOST: Host driver CONFIG_INTEL_MEI: Intel Management Engine Interface CONFIG_INTEL_MEI_ME: ME Enabled Intel Chipsets CONFIG_INTEL_MEI_GSC: Intel MEI GSC embedded device CONFIG_INTEL_MEI_PXP: Intel PXP services of ME Interface CONFIG_INTEL_MEI_HDCP: Intel HDCP2.2 services of ME Interface CONFIG_INTEL_PMC_CORE: Intel PMC Core driver CONFIG_DRM_I915_PXP: Enable Intel PXP support CONFIG_SCSI_FC_ATTRS: FiberChannel Transport Attributes CONFIG_FUSION_SPI: Fusion MPT ScsiHost drivers for SPI CONFIG_FUSION_FC: Fusion MPT ScsiHost drivers for FC CONFIG_FUSION_CTL: Fusion MPT misc device (ioctl) driver CONFIG_FUSION_LOGGING: Fusion MPT logging facility CONFIG_X86_AMD_PSTATE: AMD Processor P-State driver CONFIG_LRU_GEN: Multi-Gen LRU CONFIG_SERIAL_8250_NR_UARTS=32: Maximum number of 8250/16550 serial ports CONFIG_SERIAL_8250_RUNTIME_UARTS=4: Number of 8250/16550 serial ports to register at runtime Misc cgroup2 now the default loopback images no longer mounted using directio upgradepkg patched to prevent replacing existing package with older version. current PCI bus/device information saved in file '/boot/previous/hardware' upon Unraid OS upgrade. NFS: enable UPD transport emhttp: fix cache pool (null) syslog strings emhttp: fix cache pool display wrong device size for selected replacement device networking: fix nginx recognizing IP address from slow dhcp servers mover: fix: improper handling of symlinks mover: fix: Mover logging syslog entries format different from previous releases plugin: Display Run command retval in error message shfs: igonore top-level hidden directoris (names beginning with '.') terminal: OpenTerminal: change termination signal (hard stop) upgrade Unraid OS: check for earlier upgrade without reboot VM Manager: let page load even when PCI devices appear missing or are misassigned wireguard: add SSL support for WG tunnel IP addresses (myunraid.net wildcard certs only) webgui: support PHP8, increase PHP max memory from 128M to 256M webgui: ManagementAccess: Disable Provision/Renew/Upgrade buttons when no IP on eth0 webgui: ManagementAccess: Support wireguard local IP addresses in combination with myservers.unraid.net SSL cert webgui: Move "view" icon on Main and Shares page to the left webgui: Dashboard: fix regression error in "select case" webgui: Dashboard: make items moveable between columns webgui: Keep dismissed banners hidden for a month webgui: Dashboard: API for adding custom tiles webgui: Dashboard: rearrange processor information webgui: Dashboard: rearrange UPS info webgui: Dashboard: rearrange memory info webgui: Dashboard: VPN header rearrangement webgui: Dashboard: header rearrangements webgui: Add jqueryUI touch punch for mobile devices webgui: Changed ID to CLASS for elements occurring more than once webgui: Make header in white and black themes scrollable When more items are present than screen space, the user can now scroll through them (previously these items were invisible) webgui: Dashboard and Docker: introduce lock button for sortable items By default sortable items are locked, which allows mobile devices to scroll the page. Upon request items can be made sortable webgui: Users: add icon to title bar webgui: Tools: new function -> PHP Settings View PHP info Configure error reporting Open LOG to see errors in real-time webgui: System info: fix reading inactive ports webgui: Plugin: Include the actual command, being executed webgui: System info: cache enhancement webgui: System info: memory enhancement webgui: DeviceInfo: disable buttons when erase operation is running webgui: Docker: filetree corrections webgui: Fixed: Dashboard: show heat alarm per pool webgui: Notifications: revised operation Autoclose new notifications after 3 seconds Fix notifications reappearing after closure webgui: DeviceList: add FS type in offline state webgui: Add notification agent for Bark webgui: Main: hide browse icon when disk is not mounted webgui: Diagnostics: add additional btrfs and zfs info webgui: Dashboard: add ZFS memory usage webgui: Revised New Permissions Select either disks or shares (not both) webgui: Add testparm to diagnostics webgui: Support new UD reserved mount point of /mnt/addons webgui: fix issue displaying Attributes when temperature display set to Fahrenheit webgui: Dashboard changes: lock the Dashboard completely: Editing/moving only becomes possible when unlocking the page An empty column is refilled when the respective tiles are made visible again, no need to reset everything added a visual "move indicator" on the Docker and VM page, to make clearer that rows can be moved now. change cursor shape when moving is enabled use tile title as index webgui: fix: Local Firefox account pop-up postmessages not working webgui: VM Manager: fix VM marked as Autostart not starting following manual array Start webgui: SMART test cannot be run on a UD disk because there is no spin down delay selection webgui: status footer stuck on "Starting services" when applying share config setting chagnes. webgui: Fix table layout for orphan images webgui: Plugin: Do not show update button if incompatible webgui: OpenTerminal: limit clients webgui: Context menu: automatic triangle placement webgui: Dashboard: fix pool warnings webgui: Allow SMART long test for UD webgui: Read processor type from /proc/cpuinfo webgui: CSS: solve scrollbar issue in firefox webgui: plugin: Make wget percentage detection more robust webgui: Add share: fix hidden share name check webgui: Display settings: add missing defaults webgui: Array Operation: prevent double clicking of Start button wireguard: fix nginx issue when partial WireGuard config Base Distro aaa_glibc-solibs: version 2.37 adwaita-icon-theme: version 43 at-spi2-core: version 2.46.0 bash: version 5.2.015 bind: version 9.18.12 btrfs-progs: version 6.2.1 ca-certificates: version 20221205 cryptsetup: version 2.6.1 curl: version 7.88.1 dbus: version 1.14.6 diffutils: version 3.9 dnsmasq: version 2.89 docker: version 20.10.23 e2fsprogs: version 1.47.0 encodings: version 1.0.7 file: version 5.44 firefox: version 111.0 (AppImage) freetype: version 2.13.0 fuse3: version 3.12.0 gawk: version 5.2.1 git: version 2.39.2 glib2: version 2.74.6 glibc: version 2.37 glibc-zoneinfo: version 2022g gnutls: version 3.7.9 gptfdisk: version 1.0.9 gtk+3: version 3.24.37 harfbuzz: version 7.1.0 htop: version 3.2.2 iproute2: version 6.2.0 iptables: version 1.8.9 iputils: version 20221126 less: version 612 libICE: version 1.1.1 libSM: version 1.2.4 libX11: version 1.8.4 libXau: version 1.0.11 libXcomposite: version 0.4.6 libXdamage: version 1.1.6 libXdmcp: version 1.1.4 libXpm: version 3.5.15 libXrandr: version 1.5.3 libXres: version 1.2.2 libXxf86dga: version 1.1.6 libarchive: version 3.6.2 libdrm: version 2.4.115 libfontenc: version 1.1.7 libglvnd: version 1.6.0 libjpeg-turbo: version 2.1.5.1 libpcap: version 1.10.3 libpng: version 1.6.39 libpsl: version 0.21.2 liburcu: version 0.14.0 libwebp: version 1.3.0 libxkbcommon: version 1.5.0 libxkbfile: version 1.1.2 libxshmfence: version 1.3.2 lmdb: version 0.9.30 logrotate: version 3.21.0 lsof: version 4.98.0 lz4: version 1.9.4 lzlib: version 1.13 mc: version 4.8.29 mcelog: version 191 mpfr: version 4.2.0 nano: version 7.2 ncurses: version 6.4 nginx: version 1.23.3 nghttp2: version 1.52.0 openssh: version 9.2p1 openssl: version 1.1.1t openssl-solibs: version 1.1.1t openzfs: version 2.1.9 pango: version 1.50.14 pciutils: version 3.9.0 pcre2: version 10.42 php: version 8.2.4 php-libvirt: version 0.5.7 php-markdown: version 2.0.0 samba: version 4.17.7 sqlite: version 3.41.0 sudo: version 1.9.13p2 sysstat: version 12.7.2 tdb: version 1.4.8 tevent: version 0.14.1 traceroute: version 2.1.2 transset: version 1.0.3 tree: version 2.1.0 usbutils: version 015 xcb-util: version 0.4.1 xdriinfo: version 1.0.7 xf86-video-vesa: version 2.6.0 xfsprogs: version 6.1.1 xhost: version 1.0.9 xinit: version 1.4.2 xkbcomp: version 1.4.6 xkeyboard-config: version 2.38 xorg-server: version 21.1.7 xprop: version 1.2.6 xrandr: version 1.5.2 xset: version 1.2.5 xterm: version 379 xz: version 5.4.1 zstd: version 1.5.4

As always, prior to updating, create a backup of your USB flash device: "Main/Flash/Flash Device Settings" - click "Flash Backup". Hopefully spin-up/down sorted: External code (docker containers) using 'smartctl -n standby' should work ok with SATA drives. This will remain problematic for SAS until/unless smartmontools v7.2 is released with support for '-n standby' with SAS. SMART is unconditionally enabled on devices upon boot. This solves problem where some newly installed devices may not have SMART enabled. Unassigned devices will get spun-down according to 'Settings/Disk Settings/Default spin down delay'. Updated to 5.10 Linux kernel (5.10.1). Updated docker. Fixed bug joining AD domains. Version 6.9.0-rc2 2020-12-18 (vs -rc1) Base distro: bind: verison 9.16.8 docker: version 19.03.14 krb5: version 1.18.2 Linux kernel: version 5.10.1 Management: emhttpd: fix external 'smartctl -n standby' causing device spinup emhttpd: enable SMART on devices upon startup emhttpd: unassigned devices spin-down according to global default emhttpd: restore 'poll_attributes' event callout smb: fixed AD join issue webgui: do not try to display SMART info that causes spin-up for devices that are spun-down webgui: avoid php syntax error if autov() source file does not exist

Back in the saddle ... Sorry for the long delay in publishing this release. Aside from including some delicate coding, this release was delayed due to several team members, chiefly myself, having to deal with various non-work-related challenges which greatly slowed the pace of development. That said, there is quite a bit in this release, LimeTech is growing and we have many exciting features in the pipe - more on that in the weeks to come. Thanks to everyone for their help and patience during this time. Cheers, -Tom IMPORTANT: This is Beta software. We recommend running on test servers only! KNOWN ISSUE: with this release we have moved to the latest Linux 5.8 stable kernel. However, we have discovered that a regression has been introduced in the mtp3sas driver used by many LSI chipsets, e.g., LSI 9201-16e. Typically looks like this on System Devices page: Serial Attached SCSI controller: Broadcom / LSI SAS2116 PCI-Express Fusion-MPT SAS-2 [Meteor] (rev 02) The problem is that devices are no longer recognized. There are already bug reports pertaining to this issue: https://bugzilla.kernel.org/show_bug.cgi?id=209177 https://bugzilla.redhat.com/show_bug.cgi?id=1878332 We have reached out to the maintainer to see if a fix can be expedited, however we feel that we can neither revert back to 5.7 kernel nor hold the release due to this issue. We are monitoring and will publish a release with fix asap. ANOTHER known issue: we have added additional btrfs balance options: raid1c3 raid1c4 and modified the raid6 balance operation to set meta-data to raid1c3 (previously was raid1). However, we have noticed that applying one of these balance filters to a completely empty volume leaves some data extents with the previous profile. The solution is to simply run the same balance again. We consider this to be a btrfs bug and if no solution is forthcoming we'll add the second balance to the code by default. For now, it's left as-is. THE PRIMARY FOCUS of this release is to put tools in place to help users migrate data off SSD-based pools so that those devices may be re-partitioned if necessary, and then migrate the data back. What are we talking about? For several years now, storage devices managed by Unraid OS are formatted with an "Unraid Standard Partition Layout". This layout has partition 1 starting at offset 32KiB from the start of the device, and extending to the end of the device. (For devices with 512-byte sectors, partition 1 starts in sector 64; for 4096-byte sector size devices, partition 1 starts in sector 8.) This layout achieves maximum storage efficiency and ensures partition 1 starts on a 4096-byte boundary. Through user reports and extensive testing however, we have noted that many modern SSD devices, in particular Samsung EVO, do not perform most efficiently using this partition layout, and the devices seem to write far more than one would expect, and with SSD, one wants to minimize writes to SSD as much as possible. The solution to the "excessive SSD write" issue is to position partition 1 at offset 1MiB from the start of the device instead of at 32KiB. The will both increase performance and decrease writes with affected devices. Do you absolutely need to re-partition your SSD's? Probably not depending on what devices you have. Click on a device from Main, scroll down to Attributes and take a look at Data units written. If this is increasing very rapidly then you probably would benefit by re-partitioning. Note: if you have already (re)Formatted using previous 6.9-beta release, for SSD smaller than 2TiB the proper partition layout will appear like this on the Device Information page: Partition format: MBR: 1MiB-aligned For SSD larger than 2TiB: Partition format: GPT: 1MiB-aligned Here's what's in this release to help facilitate re-partitioning of SSD devices: An Erase button which appears in the Device Information page. The Erase button may be used to erase (delete) content from a volume. A volume is either the content of an unRAID array data disk, or the content of a pool. In the case of an unRAID disk, only that device is erased; in the case of a multiple-device pool ALL devices of the pool are erased. The extent of Erase varies depending on whether the array is Stopped, or Started in Maintenance mode (if started in Normal mode, all volume Erase buttons are disabled). Started/Maintenance mode: in this case the LUKS header (if any) and any file system within partition 1 is erased. The MBR (master boot record) is not erased. Stopped - in this case, unRAID array disk volumes and pool volumes are treated a little differently: unRAID array disk volumes - if Parity and/or Parity2 is valid, then operation proceeds exactly as above, that is, content of only partition 1 is erased but the MBR (master boot record) is left as-is; but, if there is no valid parity, then the MBR is also erased. Pool volumes - partition 1 of all devices within the pool are erased, and then the MBR is also erased. The purpose of erasing the MBR is to permit re-partitioning of the device if required. Upon format, Unraid OS will position partition 1 at 32KiB for HDD devices and at 1MiB for SSD devices. Note that erase does not overwrite the storage content of a device, it simply clears the LUKS header if present (which effectively makes the device unreadable), and file system and MBR signatures. A future Unraid OS release may include the option of overwriting the data. Additional "Mover" capabilities. Since SSD pools are commonly used to store vdisk images, shfs/mover is now aware of: sparse files - when a sparse file is moved from one volume to another, it's sparseness is preserved NoCOW attribute - when a file or directory in a btrfs volume has the NoCOW attribute set, the attribute is preserved when the file or directory is moved to another btrfs volume. Note that btrfs subvolumes are not preserved. A future Unraid OS release may include preservation of btrfs subvolumes. Ok how do I re-partition my SSD pools? Outlined here are two basic methods: "Mover" method - The idea is to use the Mover to copy all data from the pool to a target device in the unRAID array. Then erase all devices of the pool, and reformat. Finally use the Mover to copy all the data back. "Unassign/Re-assign" method - The idea here is, one-by-one, remove a device from a btrfs pool, balance the pool with reduced device count, then re-assign the device back to the pool, and balance pool back to include the device. This works because Unraid OS will re-partition new devices added to an existing btrfs pool. This method is not recommended for a pool with more than 2 devices since the first balance operation may be write-intensive, and writes are what we're trying to minimize. Also it can be tricky to determine if enough free space really exists after removing a device to rebalance the pool. Finally, this method will introduce a time window where your data is on non-redundant storage. No matter which method, if you have absolutely critical data in the pool we strongly recommend making an independent backup first (you are already doing this right?). Mover Method This procedure presumes a multi-device btrfs pool containing one or more cache-only or cache-prefer shares. 1. With array Started, stop any VM's and/or Docker applications which may be accessing the pool you wish to re-partition. Make sure no other external I/O is targeting this pool. 2. For each share on the pool, go to the Share Settings page and make some adjustments: change from cache-only (or cache-prefer) to cache-yes assign an array disk or disks via Include mask to receive the data. If you wish to preserve the NoCOW attribute (Copy-on-write set to No) on files and directories, these disks should be formatted with btrfs. Of course ensure there is enough free space to receive the data. 3. Now go back to Main and click the Move button. This will move the data of each share to the target array disk(s). 4. Verify no data left on the pool, Stop array, click on the pool and then click the Erase button. 5. Start the array and the pool should appear Unformatted - go ahead and Format the pool (this is what will re-write the partition layout). 6. Back to Share Settings page; for each above share: change from cache-yes to cache-prefer 7. On Main page click Move button. This will move data of each share back to the pool. 8. Finally, back to Share Settings page; for each share: change from cache-prefer back to cache-only if desired Unassign/Re-assign Method Stop array and unassign one of the devices from your existing pool; leave device unassigned. Start array. A balance will take place on your existing pool. Let the balance complete. Stop array. Re-assign the device, adding it back to your existing pool. Start array. The added device will get re-partitioned and a balance will start moving data to the new device. Let the balance complete. Repeat steps 1-4 for the other device in your existing pool. Whats happening here is this: At the completion of step 2, btrfs will 'delete' the missing device from the volume and wipe the btrfs signature from it. At the beginning of step 4, Unraid OS will re-partition the new device being added to an existing pool. I don't care about preserving data in the pool. In this case just Stop array, click on the pool and then click Erase. Start array and Format the pool - done. Useful to know: when Linux creates a file system in an SSD device, it will first perform a "blkdiscard" on the entire partition. Similarly, "blkdisard" is initiated on partition 1 on a new device added to an existing btrfs pool. What about array devices? If you have SSD devices in the unRAID array the only way to safely re-partition those devices is to either remove them from the array, or remove parity devices from the array. This is because re-partitioning will invalidate parity. Note also the volume size will be slightly smaller. Version 6.9.0-beta29 2020-09-27 (vs -beta25) Base distro: at-spi2-core: version 2.36.1 bash: version 5.0.018 bridge-utils: version 1.7 brotli: version 1.0.9 btrfs-progs: version 5.6.1 ca-certificates: version 20200630 cifs-utils: version 6.11 cryptsetup: version 2.3.4 curl: version 7.72.0 (CVE-2020-8231) dbus: version 1.12.20 dnsmasq: version 2.82 docker: version 19.03.13 ethtool: version 5.8 fribidi: version 1.0.10 fuse3: version 3.9.3 git: version 2.28.0 glib2: version 2.66.0 build 2 gnutls: version 3.6.15 gtk+3: version 3.24.23 harfbuzz: version 2.7.2 haveged: version 1.9.13 htop: version 3.0.2 iproute2: version 5.8.0 iputils: version 20200821 jasper: version 2.0.21 jemalloc: version 5.2.1 libX11: version 1.6.12 libcap-ng: version 0.8 libevdev: version 1.9.1 libevent: version 2.1.12 libgcrypt: version 1.8.6 libglvnd: version 1.3.2 libgpg-error: version 1.39 libgudev: version 234 libidn: version 1.36 libpsl: version 0.21.1 build 2 librsvg: version 2.50.0 libssh: version 0.9.5 libvirt: version 6.6.0 (CVE-2020-14339) libxkbcommon: version 1.0.1 libzip: version 1.7.3 lmdb: version 0.9.26 logrotate: version 3.17.0 lvm2: version 2.03.10 mc: version 4.8.25 mpfr: version 4.1.0 nano: version 5.2 ncurses: version 6.2_20200801 nginx: version 1.19.1 ntp: version 4.2.8p15 build 2 openssl-solibs: version 1.1.1h openssl: version 1.1.1h p11-kit: version 0.23.21 pango: version 1.46.2 php: version 7.4.10 (CVE-2020-7068) qemu: version 5.1.0 (CVE-2020-10717, CVE-2020-10761) rsync: version 3.2.3 samba: version 4.12.7 (CVE-2020-1472) sqlite: version 3.33.0 sudo: version 1.9.3 sysvinit-scripts: version 2.1 build 35 sysvinit: version 2.97 ttyd: version 1.6.1 util-linux: version 2.36 wireguard-tools: version 1.0.20200827 xev: version 1.2.4 xf86-video-vesa: version 2.5.0 xfsprogs: version 5.8.0 xorg-server: version 1.20.9 build 3 xterm: version 360 xxHash: version 0.8.0 Linux kernel: version 5.8.12 kernel-firmware: version kernel-firmware-20200921_49c4ff5 oot: Realtek r8152: version 2.13.0 oot: Tehuti tn40xx: version 0.3.6.17.3 Management: btrfs: include 'discard=async' mount option emhttpd: avoid using remount to set additional mount options emhttpd: added wipefs function (webgui 'Erase' button) shfs: move: support spares files shfs: move: preserve ioctl_iflags when moving between same file system types smb: remove setting 'aio' options in smb.conf, use samba defaults webgui: Update noVNC to v1.2.0 webgui: Docker: more intuitive handling of images webgui: VMs: more intuitive handling of image selection webgui: VMs: Fixed: rare cases vdisk defaults to Auto when it should be Manual webgui: VMs: Fixed: Adding NICs or VirtFS mounts to a VM is limited webgui: VM manager: new setting "Network Model" webgui: Added new setting "Enable user share assignment" to cache pool webgui: Dashboard: style adjustment for server icon webgui: Update jGrowl to version 1.4.7 webgui: Fix ' appearing webgui: VM Manager: add 'virtio-win-0.1.189-1' to VirtIO-ISOs list webgui: Prevent bonded nics from being bound to vfio-pci too webgui: better handling of multiple nics with vfio-pci webgui: Suppress WG on Dashboard if no tunnels defined webgui: Suppress Autofan link on Dashboard if plugin not installed webgui: Detect invalid session and logout current tab webgui: Added support for private docker registries with basic auth or no auth, and improvements for token based authentication webgui: Fix notifications continually reappearing webgui: Support links on notifications webgui: Add raid1c3 and raid1c4 btrfs pool balance options. webgui: For raid6 btrfs pool data profile use raid1c3 metadata profile. webgui: Permit file system configuration when array Started for Unmountable volumes. webgui: Fix not able to change parity check schedule if no cache pool present webgui: Disallow "?" in share names webgui: Add customizable timeout when stopping containers

The Unraid 6.12.7-rc1/rc2 releases contain bug fixes and security updates that we'd like feedback on before releasing 6.12.7. If you installed rc1, please upgrade to rc2 as it fixes problems related to installing license keys. Upgrade steps for this release As always, prior to upgrading, create a backup of your USB flash device: "Main/Flash/Flash Device Settings" - click "Flash Backup". Update all of your plugins. This is critical for the Connect, NVIDIA and Realtek plugins in particular. If the system is currently running 6.12.0 - 6.12.6, we're going to suggest that you stop the array at this point. If it gets stuck on "Retry unmounting shares", open a web terminal and type: umount /var/lib/docker The array should now stop successfully (this release takes another stab at preventing issues related to Docker not stopping properly) If you have the Connect plugin installed and updated to the latest version Open the dropdown in the top-right of the Unraid webgui and click Check for Update. More details in this blog post If you don't have the Connect plugin installed Go to Tools -> Update OS and switch to the "Next" branch. If the update doesn't show, click "Check for Updates" Wait for the update to download and install If you have any plugins that install 3rd party drivers (NVIDIA, Realtek, etc), wait for the notification that the new version of the driver has been downloaded. Reboot This thread is perfect for quick questions or comments, but if you suspect there will be back and forth for your specific issue, please start a new topic. Be sure to include your diagnostics.zip. Upgrade notes This release has two very important fixes. First, we updated Docker to incorporate fixes for their recent security advisory. Second, we fixed a corner case bug which can lead to data loss if a newly added array drive has a non-standard partition layout. If you add one of these drives, the second time you start the array the drive will show as unformatted. If this happens please contact support and we can help you with data recovery. Even if you have not encountered this issue, we recommend upgrading so that you will not be affected when adding drives in the future. This release also includes some nice fixes in networking, Docker containers, Time Machine support, and VMs as well as fix for a slowdown some systems were having on the Dashboard. We have also improved the SMART attribute handling for NVME and SSD drives. Details below. Known issues Out of date plugins Out of date plugins can cause problems, we recommend they be kept current. Call traces and crashes related to macvlan If you are getting call traces related to macvlan (or any unexplained crashes, really), as a first step we recommend navigating to Settings > Docker, switching to advanced view, and changing the Docker custom network type from macvlan to ipvlan. This is the default configuration that Unraid has shipped with since version 6.11.5 and should work for most systems. Note that some users have reported issues with port forwarding from certain routers (Fritzbox) and reduced functionality with advanced network management tools (Ubiquity) when in ipvlan mode. If this affects you, see the alternate solution available since Unraid 6.12.4. Network problems due to jumbo frames If you are having network issues of any kind, confirm that you have not enabled jumbo frames. Navigate to Settings > Network Settings > eth0 and confirm the Desired MTU is 1500. For more information see the Fix Common Problems warning for jumbo frames. Problems due to Realtek network cards Upgraded kernel fixes the deadlock issue with jumbo frames and the in-tree Realtek 8125 driver. However, we still recommend following the advice above regarding jumbo frames. If you continue to have network stability issues and Tools > System Devices shows that you have a Realtek ethernet controller, grab the part number shown and search Community Apps to see if there is a Realtek vendor-supplied driver plugin for that device. For more information, see the support page for Realtek driver plugins. Other issues? We highly recommend installing the Fix Common Problems plugin as it will warn you of common configuration problems. If you are having other crashes or stability issues, navigate to Settings > Syslog Server and enable Mirror syslog to flash. This will cause additional wear and tear on you USB flash boot device but is useful in the short term for gathering logs after a crash. After the next reboot, navigate to Tools > Diagnostics and download your anonymized diagnostics (as of 6.12.5, diagnostics automatically include logs that were mirrored to the flash drive). Finally, start a new topic and provide all the details of the issue. Once the issue is resolved, be sure to disable Mirror syslog to flash. Rolling back Be aware that rolling back to an earlier release will make your system vulnerable to the Docker security issues and potential data loss scenario mentioned in Upgrade notes. If rolling back earlier than 6.12.6, also see the 6.12.6 release notes. Changes vs. 6.12.6 Bug fixes and improvements Docker: Fix WG routes added to the correct interface (br0 or eth0 or bond0) Use "lazy unmount" unmount of docker image to prevent blocking array stop Updated to address multiple security issues (CVE-2024-21626, CVE-2024-24557) Networking improvements: Boot faster by checking for carrier before assigning DHCP addresses Remove leading zeros from IPv4 and IPv6 addresses New '/etc/rc.d/rc.inet1 status' and '/etc/rc.d/rc.inet1 status ip' commands to aid with network troubleshooting from the command line Notifications: Add ntfy.sh to notification agents SMART improvements: Fix NVME Selftest Fix display of 'Accumulated power on time, hours:minutes xxxxx:yy' SMART attribute Display KB/MB/GB/TB written in SMART Attributes for SSDs Add 'SSD endurance remaining' SMART Attribute System logging: By default, syslog is copied to USB boot flash on shutdown, see Settings > Syslog Server to disable Logs from the above and Mirror syslog to flash are now available the next boot on Tools > Syslog and in diagnostics VM Manager: Fix for downgrade: if the VM template has been updated to the latest QEMU machine type it will not be found upon downgrade. This change finds latest current version for a given machine type. ZFS: Use zpool import "-f" flag to permit import of foreign pools Other: Enable EFI boot by default for fresh installations Fix slowdown on Dashboard and Docker pages (and reduces flash device writes) Formatting: do not initialize device partition layout if already valid. Update OS: redesigned Update OS and Downgrade OS pages, refer to blog post Fix MacOS unable to write 'flash' share and restore Time Machine compatibility (fruit changes) Allow Community Apps (if installed) to automatically start containers when doing a multi-install Feedback form: change DONE button to CANCEL Package updates docker: version 24.0.9 kernel-firmware: version 20231226_abfcad8 Linux kernel version 6.1.74 CONFIG_USB_SERIAL_XR: USB MaxLinear/Exar USB to Serial driver CONFIG_CAN: CAN bus subsystem support CONFIG_CAN_NETLINK: CAN device drivers with Netlink support CONFIG_CAN_GS_USB: Geschwister Schneider UG and candleLight compatible interfaces CONFIG_SCSI

The 6.12.3-rc3 release is a bug fix release that we'd like feedback on before releasing it as 6.12.3. This thread is perfect for quick questions or comments, but if you suspect there will be back and forth for your specific issue, please start a new topic. Be sure to include your diagnostics.zip. Upgrade steps for this release As always, prior to upgrading, create a backup of your USB flash device: "Main/Flash/Flash Device Settings" - click "Flash Backup". Update all of your plugins. This is critical for the NVIDIA and Realtek plugins in particular. If the system is currently running 6.12.0 - 6.12.2, we're going to suggest that you stop the array at this point. If it gets stuck on "Retry unmounting shares", open a web terminal and type: umount /var/lib/docker The array should now stop successfully (This issue is resolved with this release) Go to Tools -> Update OS, change the Branch to "Next". If the update doesn't show, click "Check for Updates" Wait for the update to download and install If you have any plugins that install drivers (NVIDIA, Realtek, etc), wait for the notification that the new version of the driver has been downloaded. Reboot Networking This release has fixes for networking, particularly as it relates to IPv6. A side effect is that this will resolve an issue where the webgui won't load in certain instances. Note: If you have code in your go script to disable IPv6, remove that and disable it via the Settings -> Network Settings page instead. Disabling IPv6 by manually running commands will cause conflicts. Docker This release resolves an issue where Docker doesn't properly stop when the array stops, which can result in an unclean shutdown. Known Issues Please review the known issues for 6.12: https://docs.unraid.net/unraid-os/release-notes/6.12.0#known-issues If Docker containers have issues starting after a while, and you are running Plex, go to your Plex Docker container settings, switch to advanced view, and add this to the Extra Params --no-healthcheck Feedback / bugs This thread is perfect for quick questions or comments, but if you suspect there will be back and forth for your specific issue, please start a new topic. Be sure to include your diagnostics.zip. Changes vs. 6.12.2 Bug fixes and improvements rc.docker: revised docker daemon running check rc.library: code optimization for ipv6 max/min support ipv4 mapped addresses rc.nginx: explicit ipv4/ipv6 selection on lo interface shfs: correct share size calculation when zfs is one of the volumes webgui: VM settings page: fixed typo webgui: Share Edit page: make minimum free space settings always available Linux kernel Added support to monitor and also limit power on Intel Core (2nd Gen+) CPU models. version 6.1.38 CONFIG_POWERCAP: Generic powercap sysfs driver CONFIG_INTEL_RAPL: Intel RAPL Support via MSR Interface CONFIG_IDLE_INJECT: Idle injection framework Base Distro firefox: version 115.0.r20230710165010 (AppImage)

New in Unraid OS 6.7 release: New Dashboard layout, along with new Settings and Tools icons. Designed by user @Mex and implemented in collaboration with @bonienl. We think you will find this is a big step forward. Time Machine support via SMB. To enable this feature it is necessary to first turn on Enhanced OS X interoperability on the Settings/SMB page. Next, select a share to Export for Time Machine in the share SMB Security Settings section. AFP support is deprecated. Linux kernel 4.19. This is the latest Long Term Support kernel. We will go with this for a while but anticipate updating to 4.20 or even 5.0 for Unraid 6.7.0 stable. Here are some other kernel-related updates: Added TCP "BBR Congestion control" and made it the default. This should improve network throughput but probably not too many users will notice anything different. Added Bluetooth support in the Linux kernel. We did not add the user-space tools so this will be mostly useful to support Bluetooth in docker containers. AMD firmware update for Threadripper. Ignore case in validating user share names. If there are multiple top-level directories which differ only in case, then we use the first such share name encountered, checking in order: cache, disk1, disk2, ..., diskN. Additional top-level directories encountered will be ignored. For example, suppose we have: /mnt/cache/ashare /mnt/disk1/Ashare /mnt/disk2/ashare The name of the exported share will be 'ashare' and will consist of a union of /mnt/cache/ashare and /mnt/disk2/ashare. The contents of /mnt/disk1/Ashare will not show up in /mnt/user/ashare. If you then delete the contents of /mnt/user/ashare followed by deleting the 'ashare' share itself, this will result in share 'Ashare' becoming visible. Similar, if you delete the contents of /mnt/cache/ashare (or gets moved), then you will now see share 'Ashare' appear, and it will look like the contents of 'ashare' are missing! Thankfully very few (if any) users should be affected by this, but handles a corner case in both the presentation of shares in windows networking and storage of share config data on the USB flash boot device. New vfio-bind method. Since it appears that the xen-pciback/pciback kernel options no longer work, we introduced an alternate method of binding, by ID, selected PCI devices to the vfio-pci driver. This is accomplished by specifying the PCI ID(s) of devices to bind to vfio-pci in the file 'config/vfio-pci.cfg' on the USB flash boot device. This file should contain a single line that defines the devices: BIND=<device> <device> ... Where <device> is a Domain:Bus:Device.Function string, for example, BIND=02:00.0 Multiple device should be separated with spaces. The script /usr/local/sbin/vfio-pci is called very early in system start-up, right after the USB flash boot device is mounted but before any kernel modules (drivers) have been loaded. The function of the script is to bind each specified device to the vfio-pci driver, which makes them available for assignment to a virtual machine, and also prevents the Linux kernel from automatically binding them to any present host driver. In addition, and importantly, this script will bind not only the specified device(s), but all other devices in the same IOMMU group as well. For example, suppose there is an NVIDIA GPU which defines both a VGA device at 02:00.0 and an audio device at 02.00.1. Specifying a single device (either one) on the BIND line is sufficient to bind both device to vfio-pci. The implication is that either all devices of an IOMMU group are bound to vfio-pci or none of them are. Added 'telegram' notification agent support - thank you @realies Finally, we updated several base packages, including move to Samba 4.9 and docker 18.09, and fixed a number of minor bugs. Version 6.7.0-rc1 2019-01-21 Base distro: aaa_elflibs: version 15.0 (rev 3) acpid: version 2.0.31 adwaita-icon-theme: version 3.30.1 at: version 3.1.23 at-spi2-atk: version 2.30.0 at-spi2-core: version 2.30.0 atk: version 2.30.0 bin: version 11.1 (rev 3) bluez: version 4.101 bluez firmware: version 1.2 bridge-utils: version 1.6 btrfs-progs: version v4.19.1 ca-certificates: version 20181210 cairo: version 1.16.0 cifs-utils: version 6.8 coreutils: version 8.30 (rev 4) curl: version 7.63.0 cyrus-sasl: version 2.1.27 dbus: version 1.12.12 dhcpcd: version 7.0.8 diffutils: version 3.7 dmidecode: version 3.2 dnsmasq: version 2.80 docker: version 18.09.1 e2fsprogs: version 1.44.5 etc: version 15.0 (rev 9) ethtool: version 4.19 file: version 5.35 findutils: version 4.6.0 fribidi: version 1.0.5 gdbm: version 1.18.1 gdk-pixbuf2: version 2.38.0 git: version 2.20.1 glibc-zoneinfo: version 2018g glib2: version 2.58.2 gnutls: version 3.6.5 (CVE-2018-16868) gptfdisk: version 1.0.4 graphite2: version 1.3.13 grep: version 3.3 gtk+3: version 3.24.2 gzip: version 1.10 harfbuzz: version 2.3.0 haveged: version 1.9.4 hdparm: version 9.58 hostname: version 3.21 hwloc: version 1.11.11 icu4c: version 63.1 inotify-tools: version 3.20.1 intel-microcode: version 20180807a iproute2: version 4.19.0 iptables: version 1.8.2 iputils: version s20180629 irqbalance: version 1.5.0 jansson: version 2.12 kernel-firmware: version 20181218_0f22c85 keyutils: version 1.6 libSM: version 1.2.3 libX11: version 1.6.7 libarchive: version 3.3.3 libcap-ng: version 0.7.9 libdrm: version 2.4.96 libedit: version 20181209_3.1 libepoxy: version 1.5.3 libestr: version 0.1.11 libevdev: version 1.6.0 libgcrypt: version 1.8.4 libgpg-error: version 1.33 libjpeg-turbo: version 2.0.1 libnftnl: version 1.1.2 libpcap: version 1.9.0 libpng: version 1.6.36 libpsl: version 0.20.2 libpthread-stubs: version 0.4 (rev 3) librsvg: version 2.44.11 libtirpc: version 1.1.4 libvirt: version 4.10.0 libwebp: version 1.0.1 libxcb: version 1.13.1 lm_sensors: version 3.5.0 logrotate: version 3.15.0 lvm2: version 2.03.02 lzip: version 1.20 lz4: version 1.8.3 mc: version 4.8.22 mesa: version 18.3.0 miniupnpc version: 2.1 nano: version 3.2 ncurses: version 6.1_20181110 netatalk: version 3.1.12 (CVE-2018-1160) nettle: version 3.4.1 (CVE-2018-16869) nghttp2: version 1.35.1 nginx: version 1.14.2 (+ nchan 1.2.3) (CVE-2018-16843, CVE-2018-16844, CVE-2018-16845) ntp: version 4.2.8p12 (rev 5) openldap-client: version 2.4.47 pciutils: version 3.6.2 perc2: version 10.32 php: version 7.2.13 pixman: version 0.36.0 pkgtools: version 15.0 (rev 23) pv: version 1.6.6 qemu: version 3.1.0 rpcbind: version 1.2.5 rsyslog: version 8.40.0 samba: version 4.9.4 (CVE-2018-14629, CVE-2018-16841, CVE-2018-16851, CVE-2018-16852, CVE-2018-16853, CVE-2018-16857) sed: version 4.7 shadow: version 4.6 shared-mime-info: version 1.10 smartmontools: version 7.0 spice: version 0.14.1 spice-protocol: version 0.12.14 sqlite: version 3.26.0 sudo: version 1.8.26 sysvinit-scripts: version 2.1 (rev 24) sysvinit: version 2.93 tar: version 1.30 (rev 3) tree: version 1.8.0 ttyd: version 1.4.2 util-linux: version 2.33 wget: version 1.20 xauth: version 1.0.10 (rev 3) xfsprogs: version 4.19.0 wget: version 1.20.1 xkeyboard-config: version 2.25 xterm: version 341 zstd: version 1.3.8 Linux kernel: version: 4.19.16 OOT Intel 10Gbps network driver: ixgbe: version 5.5.3 OOT Tehuti 10Gbps network driver: tn40xx: version 0.3.6.17 added drivers: CONFIG_USB_SERIAL_CH341: USB Winchiphead CH341 Single Port Serial Driver added TCP BBR congestion control kernel support and set as default: CONFIG_NET_KEY: PF_KEY sockets CONFIG_TCP_CONG_BBR: BBR TCP CONFIG_NET_SCH_FQ: Fair Queue CONFIG_NET_SCH_FQ_CODEL: Fair Queue Controlled Delay AQM (FQ_CODEL) added Bluetooth kernel support: CONFIG_BT: Bluetooth subsystem support CONFIG_BT_BREDR: Bluetooth Classic (BR/EDR) features CONFIG_BT_RFCOMM: RFCOMM protocol support CONFIG_BT_RFCOMM_TTY: RFCOMM TTY support CONFIG_BT_BNEP: BNEP protocol support CONFIG_BT_BNEP_MC_FILTER: Multicast filter support CONFIG_BT_BNEP_PROTO_FILTER: Protocol filter support CONFIG_BT_HIDP: HIDP protocol support CONFIG_BT_HS: Bluetooth High Speed (HS) features CONFIG_BT_LE: Bluetooth Low Energy (LE) features CONFIG_BT_HCIBTUSB: HCI USB driver CONFIG_BT_HCIBTUSB_AUTOSUSPEND: Enable USB autosuspend for Bluetooth USB devices by default CONFIG_BT_HCIBTUSB_BCM: Broadcom protocol support CONFIG_BT_HCIBTUSB_RTL: Realtek protocol support CONFIG_BT_HCIUART: HCI UART driver CONFIG_BT_HCIUART_H4: UART (H4) protocol support CONFIG_BT_HCIUART_BCSP: BCSP protocol support CONFIG_BT_HCIUART_ATH3K: Atheros AR300x serial support CONFIG_BT_HCIUART_AG6XX: Intel AG6XX protocol support CONFIG_BT_HCIUART_MRVL: Marvell protocol support CONFIG_BT_HCIBCM203X: HCI BCM203x USB driver CONFIG_BT_HCIBPA10X: HCI BPA10x USB driver CONFIG_BT_HCIVHCI: HCI VHCI (Virtual HCI device) driver CONFIG_BT_MRVL: Marvell Bluetooth driver support CONFIG_BT_ATH3K: Atheros firmware download driver md/unraid: version 2.9.5 (kernel BUG if read phase of read/modify/write with FUA flag set fails on stripe with multiple read failures) patch: PCI: Quirk Silicon Motion SM2262 NVMe controller reset patch: support Mozart 395S chip Management: add early vfio-bind utility fix: docker log rotation fix: inconsistent share name case fix: terminal instances limited to 8 (now lifted) restore PHP E_WARNING in /etc/php/php.ini support Apple Time Machine via SMB update smartmontools drivedb and hwdata/{pci.ids,usb.ids,oui.txt,manuf.txt} webgui: New icon reference webgui: Added new font icons webgui: added new case icons webgui: Revamped dashboard page webgui: Replaced orb png icons by font-awesome webgui: Position context menu always left + below icon webgui: Do not capitalize path names in title of themes Azure and Gray webgui: Allow plugins to use font awesome for icon webgui: sort notification agents alphabetically, add telegram notifications webgui: Dashboard: use disk thresholds for utlization bars webgui: VM manager: remove and rebuild USB controllers webgui: Fixed: slots selection always disabled after "New Config" webgui: Fix Background color when installing container webgui: Fixed share/disk size calculation when names include space webgui: Add log-size and log-file options to docker run command webgui: Escape quotes on a containers template webgui: Prevent update notification if plugin is not compatible webgui: other GUI enhancements

Since the 5.x kernel based releases many users have been reporting system hangs every few days once the i915 module is loaded. With reports from a few users detailed in the thread below we have worked out that the issue is caused by the i915 module and is a persistent issue with both the 6.9.x release and 6.10 release candidates. The system does not need to be actively transcoding for the hang to occur. 6.8.3 does not have this issue and is not hardware related. Unloading the i915 module stops the hangs. Hangs are still present in 6.10.0RC2. I can provide a list of similar reports if required.

This release has a fix for macvlan call traces(!) along with other bug fixes, security patches, and one new feature. We'd like your feedback before releasing it as 6.12.4 This thread is perfect for quick questions or comments, but if you suspect there will be back and forth for your specific issue, please start a new topic. Be sure to include your diagnostics.zip. Upgrade steps for this release As always, prior to upgrading, create a backup of your USB flash device: "Main/Flash/Flash Device Settings" - click "Flash Backup". Update all of your plugins. This is critical for the NVIDIA and Realtek plugins in particular. If the system is currently running 6.12.0 - 6.12.2, we're going to suggest that you stop the array at this point. If it gets stuck on "Retry unmounting shares", open a web terminal and type: umount /var/lib/docker The array should now stop successfully (This issue was resolved with 6.12.3) Go to Tools -> Update OS, change the Branch to "Next". If the update doesn't show, click "Check for Updates" Wait for the update to download and install If you have any plugins that install drivers (NVIDIA, Realtek, etc), wait for the notification that the new version of the driver has been downloaded. Reboot Add Tools/System Drivers page This new page gives you visibility into the drivers available/in use on your system. 3rd party drivers installed by plugins (such as NVIDIA and Realtek) have an icon that links to the support page for that driver. And you can now add/modify/delete the modeprobe.d config file for any driver without having to find that file on your flash drive. Thanks to @SimonF for adding this functionality! Fix for macvlan call traces! The big news in this test release is that we believe we have resolved the macvlan issues that have been plaguing us recently! We'd appreciate your help confirming the changes. Huge thanks to @bonienl for tracking this down! The root of the problem is that macvlan used for custom Docker networks is unreliable when the parent interface is a bridge (like br0), it works best on a physical interface (like eth0). We believe this to be a longstanding kernel issue and have posted a bug report. If you are getting call traces related to macvlan, as a first step we'd recommend navigating to Settings/Docker, switch to advanced view, and change the "Docker custom network type" from macvlan to ipvlan. This is the default configuration that Unraid has shipped with since version 6.11.5 and should work for most systems. However, some users have reported issues with port forwarding from certain routers (Fritzbox) and reduced functionality with advanced network management tools (Ubiquity) when in ipvlan mode. For those users, in this rc we have a new method that reworks networking to avoid this. Simply tweak a few settings and your Docker containers, VMs, and WireGuard tunnels will automatically adjust to use them: Settings -> Network Settings -> eth0 -> Enable Bridging = No Settings -> Docker -> Host access to custom networks = Enabled Note: if you previously used the two-nic method for docker segregation, you'll also want to revert that: Settings -> Docker -> custom network on interface eth0 (i.e. make sure eth0 is configured for the custom network, not eth1) When you start the array, the host, VMs, and Docker containers will all be able to communicate, and there should be no more call traces! Troubleshooting If your Docker containers with custom IPs aren't starting, edit them and change the "Network type" to "Custom: eth0". We attempted to do this automatically, but depending on how things were customized you might need to do it manually. If your VMs are having network issues, edit them and set the Network Source to "vhost0". Also, ensure there is a MAC address assigned. If your WireGuard tunnels won't start, make a dummy change to each tunnel and save. If you are having issues port forwarding to Docker containers (particularly on a Fritzbox) delete and recreate the port forward in your router. To get a little more technical... After upgrading to this release, if bridging remains enabled on eth0 then everything works as it used to. You can attempt to work around the call traces by disabling the custom Docker network, or using ipvlan instead of macvlan, or using the two-nic Docker segmentation method with containers on eth1. Starting with this release, when you disable bridging on eth0 we create a new macvtap network for Docker containers and VMs to use. It has a parent of eth0 instead of br0, which is how we avoid the call traces. A side benefit is that macvtap networks are reported to be faster than bridged networks, so you may see speed improvements when communicating with Docker containers and VMs. FYI: With bridging disabled for the main interface (eth0), then the Docker custom network type will be set to macvlan and hidden unless there are other interfaces on your system that have bridging enabled, in which case the legacy ipvlan option is available. To use the new fix being discussed here you'll want to keep that set to macvlan. Other Bug Fixes This release resolves corner cases in networking, Libvirt, Docker, WireGuard, NTP, NGINX, NFS and RPC. And includes an improvement to the VM Manager so it retains the VNC password during an update. And has a change to the shutdown process to allow the NUT plugin to shut the system down. A small change is that packages in /boot/extra are now treated more like packages installed by plugins, and the installation is logged to syslog rather than to the console. Known Issues Please see this page for information on crashes related to the i915 driver: https://docs.unraid.net/unraid-os/release-notes/6.12.0#known-issues If Docker containers have issues starting after a while, and you are running Plex, go to your Plex Docker container settings, switch to advanced view, and add this to the Extra Params --no-healthcheck This thread is perfect for quick questions or comments, but if you suspect there will be back and forth for your specific issue, please start a new topic. Be sure to include your diagnostics.zip. Rolling Back Before rolling back to an earlier version, it is important to first change this back to yes: Settings -> Network Settings -> eth0 -> Enable Bridging = Yes And then start the array (along with the Docker and VM services) to update your Docker containers, VMs, and WireGuard tunnels back to their previous settings which should work in older releases. Once in the older version, confirm these settings are correct for your setup: Settings -> Docker -> Host access to custom networks Settings -> Docker -> Docker custom network type Changes vs. 6.12.3 Networking New vhost network for both containers and VMs. When bridging enabled: Create shim interface which is attached to bridge interface Copy parent address to shim interface with lower metric to allow host access More specific routes are no longer created When bridging disabled: Copy parent address to vhost interface with lower metric to allow host access Bug fixes and improvements create_network_ini: fixed dhcp hook improved IP address collection diagnostics: Add previous Unraid version to diagnostics version txt file. Add ntp.conf, sshd.config, and servers.conf (with anonymized URLs) anonymize IP addresses libvirt, nginx, nfs, rpc: changed running process detection nfsclient: start negotiation with v4, turn off atime modification rc.6: leave /usr and /lib mounted during shutdown rc.docker: create same IPv6 network for containers and services add more logging when stopping dockerd rc.inet1: do not use promiscuous mode for bridging add persistent option to dhcpcd rc.library: interfaces always listed in the same order, fix show ipv6 rc.libvirt: remove 'itco' watchdog from XML if present rc.local: annotate auto-generated /etc/modprobe.d/zfs.conf file rc.services: add logging exclude WireGuard "VPN tunneled access for docker" tunnels from services exclude WireGuard tunnels for ntp (code optimization) webgui: Update monitor_nchan Feedback: refactor feedback script Shares and Pools: show "Minimum free space" as absolute number instead of percentage Pools: minimum free space: only enabled when array is stopped VM Manager: Retain VNC password during update. VM Manager: Remove downloaded '.vv' files. Dashboard: hide ZFS bar when no ZFS is used Network settings: fix DNS settings sometimes disappear Translations: trim key and value in language files add System Drivers page Linux kernel version 6.1.46 (CVE-2023-20593) CONFIG_SCSI_MPI3MR: Broadcom MPI3 Storage Controller Device Driver Base Distro btrfs-progs: 6.3.3 curl: version 8.2.0 (CVE-2023-32001) kernel-firmware: version 20230724_59fbffa krb5: version 1.19.2 (CVE-2023-36054) openssh: version 9.3p2 (CVE-2023-38408) openssl: version 1.1.1v (CVE-2023-3817 CVE-2023-3446) samba: version 4.17.10 (CVE-2023-3496 CVE-2022-2127 CVE-2023-34968 CVE-2023-3496 CVE-2023-3347)

Please refer to the 6.12.0-rc1 topic for a general overview. For exclusive shares we made an implementation change. We found issues using bind-mounts with ZFS pools with internal nested child datasets. To overcome this problem, symlinks are created in /mnt/user instead. For example, for an exclusive share named "myshare" which exists only on "mypool" this symlink is generated: /mnt/user/myshare -> /mnt/mypool/myshare This implementation is actually a little cleaner and provides the same benefits of faster throughput. Version 6.12.0-rc6 2023-05-17 Changes vs. 6.12.0-rc5 Use symlinks instead of bind-mounts for exclusive shares. Fix share rename when share contains space and located on zfs pool. Share Edit: allow 1 letter names Network improvements: rc.docker - suppress ipv6 link-local address for docker0 and shim interfaces when set as ipv4 only rc.avahidaemon - let service listen on regular interfaces only which have an IP address, this includes the primary interface + set ipv4 / ipv6 support rc.samba - let smb, nmb service listen on regular interfaces only which have an IP address, this includes the primary interface + set ipv4 / ipv6 support (also for wsdd2) rc.ssh - listen on regular interfaces only which have an IP address, this includes the primary interface + set ipv4 / ipv6 support rc.inet1 - add iptables processing to bridge interfaces to make them operate similarly as macvlan interfaces create_network_ini - restart smb when network changes are done VMs: fixed notification subject TRIM: fix operation when ZFS is not active Network settings: fix bug in description field bash_completion: version 2.11 docker: version 23.0.6 Use 'zfs set atime=off' Upon root dataset mount; child datasets should inherit this setting. Continue format if blkdiscard command fails. Add Pushbits Agent for Matrix/Synapse integration https://github.com/pushbits/server Share Edit: warn when invalid zfs name is used Lock / unlock button: switch green / red color Green is normal state (page is locked) Red is attention state (page is unlocked) Linux kernel version: 6.1.29 Version 6.12.0 (Consolidated) Upgrade notes General If you created any zpools using 6.12.0-beta5 please Erase those pools and recreate. If you revert back from 6.12 to 6.11.5 or earlier, you have to force update all your Docker containers and start them manually after downgrading. This is necessary because of the underlying change to cgroup v2 in 6.12.0-rc1. Upon boot, if all PCI devices specified in 'config/vfio-pci.cfg' file do not properly bind, VM Autostart is prevented. You may still start individual VMs. This is to prevent Unraid host crash if hardware PCI IDs changed because of a kernel update or physical hardware change. To restore VM autostart, examine '/var/log/vfio-pci-errors' and remove offending PCI IDs from 'config/vfio-pci.cfg' file and reboot. Linux Multi-Gen LRU is a relatively new feature now included but not enabled by default. You can enable by adding this line to your 'config/go' file: echo y > /sys/kernel/mm/lru_gen/enabled If you revert back from 6.12 to 6.11.5 or earlier you many need to remove that line. Obsolete/Broken Plugins There are a few plugins which are known to be incompatible with Unraid 6.12, and upon boot will not be installed. You will get a notification for each plugin that is affected, and can review the list by going to Plugins/Plugin File Install Errors. disklocation-master version 2022.06.18 (Disk Location by olehj, breaks the dashboard) plexstreams version 2022.08.31 (Plex Streams by dorgan, breaks the dashboard) corsairpsu version 2021.10.05 (Corsair PSU Statistics by Fma965, breaks the dashboard) gpustat version 2022.11.30a (GPU Statistics by b3rs3rk, breaks the dashboard) ipmi version 2021.01.08 (IPMI Tools by dmacias72, breaks the dashboard) nut version 2022.03.20 (NUT - Network UPS Tools by dmacias72, breaks the dashboard) NerdPack version 2021.08.11 (Nerd Tools by dmacias72) upnp-monitor version 2020.01.04c (UPnP Monitor by ljm42, not PHP 8 compatible) ZFS-companion version 2021.08.24 (ZFS-Companion Monitor by campusantu, breaks the dashboard) Some of the affected plugins have been taken over by different developers, we recommend that you go to the Apps page and search for replacements. Please ask plugin-specific questions in the support thread for that plugin. Known issues We are aware that some 11th gen Intel Rocket Lake systems are experiencing crashes related to the i915 iGPU. If your Rocket Lake system crashes under Unraid 6.12.0, open a web terminal and run: echo "options i915 enable_dc=0" >> /boot/config/modprobe.d/i915.conf then reboot. Using this parameter will result in higher power use but it may resolve this issue for these GPUs. When Unraid 6.13 is released it will have a newer Linux kernel with better i915 support, we anticipate that at that point you can revert this tweak with: rm /boot/config/modprobe.d/i915.conf If "Docker custom network type" is set to "macvlan" you may get call traces and crashes on 6.12 even if you did not on 6.11. If so, we recommend changing to "ipvlan", or if you have two network cards you can avoid the issue completely: https://forums.unraid.net/topic/137048-guide-how-to-solve-macvlan-and-ipvlan-issues-with-containers-on-a-custom-network/ ZFS Pools For a good overview of ZFS, see https://arstechnica.com/information-technology/2020/05/zfs-101-understanding-zfs-storage-and-performance/ New in this release is the ability to create a ZFS file system in a user-defined pool. In addition you may format any data device in the unRAID array with a single-device ZFS file system. We are splitting full ZFS implementation across two Unraid OS releases. Initial support in this release includes: Support raid0, mirror, raidz1, raidz2 and raidz3 root profiles. Up to 4-way mirror in a mirror vdev. Multiple vdev groups. Support removing single device: if device still present in server, 'wipefs' is used to clear the partition table. Support replacing single missing device with a new device of same or larger size. Support scheduled trimming of ZFS pools. Support pool rename. Pool names must begin with a lowercase letter and only contain lowercase letters, digits, the underscore and dash. Pool names must not end with a digit. Non-root vdev cannot be configured in this release, however, they can be imported. Note: imported hybrid pools may not be expanded in this release. Pools created on other systems may or may not import depending on how the the pool was created. A future update will permit importing pools from any system. A ZFS pool has three variables: profile - the root data organization: raid0, mirror (up to 4-way), raidz1, raidz2, raidz3 width - the number of devices per root vdev groups - the number of root vdevs in the pool At time of ZFS pool creation, the webGUI will present all topology options based on the number of devices assigned to the pool. Special treatment for root single-vdev mirrors: A single-device ZFS pool can be converted to multiple-device mirror by adding up to 3 additional devices in one operation. A 2-device mirror can be increased to 3-device by adding a single device; similarly a 3-device mirror can be increased to 4-device mirror by adding a single device. To add an additional root vdev, you must assign 'width' number of new devices to the pool at the same time. The new vdev will be created with the same 'profile' as the existing vdevs. Additional flexibility in adding/expanding vdevs will be provided in a future update. Pools created with the steini84 plugin can be imported as follows: First create a new pool with the number of slots corresponding to the number of devices in the pool to be imported. Next assign all the devices to the new pool. Upon array Start the pool should be recognized, though certain zpool topologies may not be recognized (please report). Mixed topologies are not supported. For example, a pool with both a mirror root vdev and a raidz root vdev is not recognized. Autotrim can be configured as on or off (except for single-device ZFS volumes in the unRAID array). Compression can be configured as on or off, where on selects lz4. Future update will permit specifying other algorithms/levels. When creating a new ZFS pool you may choose zfs - encrypted, which, like other encrypted volumes, applies device-level encryption via LUKS. ZFS native encryption is not supported at this time. During system boot, the file /etc/modprobe.d/zfs.conf is auto-generated to limit the ZFS ARC to 1/8 of installed memory. This can be overridden if necessary by creating a custom 'config/modprobe.d/zfs.conf' file. Future update will include ability to configure the ARC via webGUI, including auto-adjust according to memory pressure, e.g., VM start/stop. Top-level user shares in a ZFS pool are created as datasets instead of ordinary directories. Share storage conceptual change New in this release is a conceptual change in the way storage is assigned to shares. The old concept of main storage being the unRAID array with an optional "Cache" is confusing to many new users, especially since cache has a specific meaning in ZFS. Also outlined below, we introduced the concept of an exclusive share. This is simply a share where all the data exists in a single named pool. In this case the FUSE-based User Share file system returns a symlink to the actual share directory in the pool. All operations within the share, including data transfer, therefore bypass FUSE, resulting in greater performance. This feature is primarily aimed at maximizing I/O for large fast ZFS pools accessed via a fast network This is front-end change only; existing shares will be viewed with this new structure automatically upon upgrading, and will automatically revert to the previous style if you revert to an earlier version. Configuring the storage options for a share is specified using two inputs: Primary storage Secondary storage Primary storage is where new files/folders are created. If Primary storage is below the Minimum Free Space setting then new files and folders will be created in Secondary storage, if configured. Each input presents a drop-down which lists "array", "none", and each named pool as a selection according to some configuration rules: For the Primary storage drop-down: the "none" option is omitted, ie, Primary storage must be selected any named pool can be selected "Array" can be selected (meaning the unRAID array) For the Secondary storage drop-down: the "none" option is included, ie, Secondary storage is optional if Primary storage is a pool name, then the only options are "none" and "Array". In the future other pools will be listed here as well. if Primary storage is "Array", then only "none" appears as an option When "Array" is selected for either Primary or Secondary storage, a set of additional settings slide in: Allocation method Included disk(s) Excluded disk(s) Split level When a btrfs named pool is selected for either Primary or Secondary storage, an additional setting slides in: Enable Copy-on-write When a ZFS named pool is selected for either Primary or Secondary storage, there are no additional settings at this time but there could be some in the future. For example, since a share is created as a ZFS dataset, it could have a different compression setting than the parent pool if we need to implement this. Mover action When there is Secondary storage configured for a share the "Mover action" setting becomes enabled, letting the user select the transfer direction of the mover: Primary to Secondary (default) Secondary to Primary Exclusive shares If Primary storage for a share is a pool and Secondary storage is set to "none", then a symlink is returned in /mnt/user/ pointing directly to the pool share directory. (An additional check is made to ensure the share also does not exist on any other volumes.) There is a new status flag, 'Exclusive access' which is set to 'Yes' when a symlink is in place; and, 'No' otherwise. Exclusive shares are also indicated on the Shares page. The advantage of setting up symlinks is that I/O bypasses FUSE-based user share file system (shfs) which can significantly increase performance. There are some restrictions: Both the share Min Free Space and pool Min Free Space settings are ignored when creating new files on an exclusive share. If there are any open files, mounted loopback images, or attached VM vdisk images on an exclusive share, no settings for the share can be changed. As a workaround, create a directory for the share on another volume and restart the array to disable exclusive access and make the necessary changes to the share settings. If the share directory is manually created on another volume, files are not visible in the share until after array restart, upon which the share is no longer exclusive. Clean Up button Appearing on the Shares page, a button called CLEAN UP, when enabled indicates there are config/share/.cfg files for shares that do not exist. Clicking this button will remove those files. Other Improvements btrfs pools Autotrim can be configured as on or off when used in a pool. Compression can be configured as on or off. on selects zstd. Future update to permit specifying other algorithms/levels. xfs Autotrim can be configured as on or off when used as a single-slot pool. Docker It is possible to configure the Docker data-root to be placed in a directory on a ZFS storage pool. In this case Docker will use the 'zfs' storage driver. This driver creates a separate dataset for each image layer. Because of this, here is our recommendation for setting up Docker using directory: First, create a docker user share configured as follows: Share name: docker Use cache pool: Only Select cache pool: name of your ZFS pool Next, on Docker settings page: Enable docker: Yes Docker data-root: directory Docker directory: /mnt/user/docker If you ever need to delete the docker persistent state, then bring up the Docker settings page and set Enable docker to No and click Apply. After docker has shut down click the Delete directory checkbox and then click Delete. This will result in deleting not only the various files and directories, but also all layers stored as datasets. Before enabling Docker again, be sure to first re-create the docker share as described above. Other changes: CreateDocker: changed label Docker Hub URL to Registry URL because of GHCR and other new container registries becoming more and more popular. Honor user setting of stop time-out. Accept images in OCI format. Add option to disable readmore-js on container table Fix: Docker Containers console will not use bash if selected VM Manager If you enable copy/paste for virtual consoles you need to install additional software on the client in addition to the QEMU agent if that has been installed. Here is the location for spice-vdagent for both Windows and Linux. Note copy/paste function will not work with web spice viewer you need to use virt-viewer. Other changes: Add Serial option to vdisk. Spice Bug fix for users with non standard GUI ports defined. OVMF for QEMU: version stable202302 Fix for bus text. Enable copy paste option for virtual consoles Update Memory Backup processing for Virtiofs. Fix lockup when no VMs are present Add support for rtl8139 network model. fix translation omission added lock/unlock for sortable items Fix for Spice Mouse if Copy paste enabled. let page load even when PCI devices appear missing or are misassigned Make remote viewer and web console options selectable. Option to download .vv file and start remote viewer is browser set to open file .vv when downloaded. Add remote viewer console support Remove-lock-posix='on'-flock='on'/- fix VM marked as Autostart not starting following manual array Start Fix for Max memory > 1TB Dashboard The webGUI Dashboard has been redesigned and it is now possible to move elements (tiles) up and down and between columns. This allows the user to organize the tiles in any way they desire. There is a small lock icon on the menu bar which must be clicked to enable this function. Note: The lock icon also appears on the Docker and VM pages and must be clicked to rearrange the startup order. Release bz file differences Unraid OS is comprised of a set of 5 so-called bz files in the root of the USB Flash boot device: bzimage - the Linux kernel bzroot - the root file system, sans console desktop bzroot-gui - additional files needed for console desktop bzmodules - modules (drivers) associated with the Linux kernel bzfirmware - device firmware required by certain modules Starting with 6.12 release, the content of these files has been rearranged: bzimage - the Linux kernel (same as before) bzroot - the root file system excluding the /usr directory tree bzroot-gui - a single file which auto-starts the console desktop (for compatibility) bzmodules - modules (drivers) associated with the Linux kernel and device firmware required by certain modules bzfirmware - the /usr directory and all files contained therein, including console desktop The results of this change is to speed up the boot process and free up nearly 1G of RAM. It also permits us to add more "stuff" to Unraid OS in the future without requiring more RAM. Finally, when booted in non-GUI mode, the desktop can be started by logging in at the console and typig the 'slim' command. The files bzfirmware and bzmodules are squashfs images mounted using overlayfs at /usr and /lib respectively. Since these files are loopback-mounted, care must be taken if ever you want to perform a manual update. What is a manual update? This is a method of updating Unraid OS on your USB flash boot device without using the Tools/Update OS function. Typically one would either: open a Terminal window, wget the release zip file, unzip the release, and then 'cp' the bz files to root of the boot device. or export the 'flash' share on your network and drag the bz files from a PC directly to the flash. Either method, starting with 6.12 can fail because the bzfirmware file will be overwritten while it is still mounted - not good. To get around this, you must first create a temp directory on the flash device and then 'mv' (or drag) all the bz files to this temp directly. Now you can copy the new bz files in place and reboot. Change Log Base Distro aaa_glibc-solibs: version 2.37 adwaita-icon-theme: version 43 at-spi2-core: version 2.46.0 bash: version 5.2.015 bash_completion: version 2.11 bind: version 9.18.12 btrfs-progs: version 6.2.1 ca-certificates: version 20221205 cryptsetup: version 2.6.1 curl: version 7.88.1 dbus: version 1.14.6 diffutils: version 3.9 dnsmasq: version 2.89 docker: version 23.0.6 e2fsprogs: version 1.47.0 encodings: version 1.0.7 file: version 5.44 firefox: version 111.0 (AppImage) freetype: version 2.13.0 fuse3: version 3.12.0 gawk: version 5.2.1 git: version 2.39.2 glib2: version 2.74.6 glibc: version 2.37 glibc-zoneinfo: version 2022g gnutls: version 3.7.9 gptfdisk: version 1.0.9 gtk+3: version 3.24.37 harfbuzz: version 7.1.0 htop: version 3.2.2 iproute2: version 6.2.0 iptables: version 1.8.9 iputils: version 20221126 less: version 612 libICE: version 1.1.1 libSM: version 1.2.4 libX11: version 1.8.4 libXau: version 1.0.11 libXcomposite: version 0.4.6 libXdamage: version 1.1.6 libXdmcp: version 1.1.4 libXpm: version 3.5.15 libXrandr: version 1.5.3 libXres: version 1.2.2 libXxf86dga: version 1.1.6 libarchive: version 3.6.2 libdrm: version 2.4.115 libfontenc: version 1.1.7 libglvnd: version 1.6.0 libjpeg-turbo: version 2.1.5.1 libpcap: version 1.10.3 libpng: version 1.6.39 libpsl: version 0.21.2 liburcu: version 0.14.0 libwebp: version 1.3.0 libxkbcommon: version 1.5.0 libxkbfile: version 1.1.2 libxshmfence: version 1.3.2 lmdb: version 0.9.30 logrotate: version 3.21.0 lsof: version 4.98.0 lz4: version 1.9.4 lzlib: version 1.13 mc: version 4.8.29 mcelog: version 191 mpfr: version 4.2.0 nano: version 7.2 ncurses: version 6.4 nginx: version 1.23.3 nghttp2: version 1.52.0 openssh: version 9.2p1 openssl: version 1.1.1t openssl-solibs: version 1.1.1t openzfs: version 2.1.11 pango: version 1.50.14 pciutils: version 3.9.0 pcre2: version 10.42 php: version 8.2.4 php-libvirt: version 0.5.7 php-markdown: version 2.0.0 samba: version 4.17.7 sqlite: version 3.41.0 sudo: version 1.9.13p2 sysstat: version 12.7.2 tdb: version 1.4.8 tevent: version 0.14.1 traceroute: version 2.1.2 transset: version 1.0.3 tree: version 2.1.0 usbutils: version 015 xcb-util: version 0.4.1 xdriinfo: version 1.0.7 xf86-video-vesa: version 2.6.0 xfsprogs: version 6.1.1 xhost: version 1.0.9 xinit: version 1.4.2 xkbcomp: version 1.4.6 xkeyboard-config: version 2.38 xorg-server: version 21.1.7 xprop: version 1.2.6 xrandr: version 1.5.2 xset: version 1.2.5 xterm: version 379 xz: version 5.4.1 zstd: version 1.5.4 Linux kernel version 6.1.29 md/unraid: version 2.9.27 CONFIG_FS_DAX: File system based Direct Access (DAX) support CONFIG_VIRTIO_FS: Virtio Filesystem CONFIG_ZONE_DEVICE: Device memory (pmem, HMM, etc...) hotplug support CONFIG_USBIP_HOST: Host driver CONFIG_INTEL_MEI: Intel Management Engine Interface CONFIG_INTEL_MEI_ME: ME Enabled Intel Chipsets CONFIG_INTEL_MEI_GSC: Intel MEI GSC embedded device CONFIG_INTEL_MEI_PXP: Intel PXP services of ME Interface CONFIG_INTEL_MEI_HDCP: Intel HDCP2.2 services of ME Interface CONFIG_INTEL_PMC_CORE: Intel PMC Core driver CONFIG_DRM_I915_PXP: Enable Intel PXP support CONFIG_SCSI_FC_ATTRS: FiberChannel Transport Attributes CONFIG_FUSION_SPI: Fusion MPT ScsiHost drivers for SPI CONFIG_FUSION_FC: Fusion MPT ScsiHost drivers for FC CONFIG_FUSION_CTL: Fusion MPT misc device (ioctl) driver CONFIG_FUSION_LOGGING: Fusion MPT logging facility CONFIG_X86_AMD_PSTATE: AMD Processor P-State driver CONFIG_LRU_GEN: Multi-Gen LRU CONFIG_SERIAL_8250_NR_UARTS=32: Maximum number of 8250/16550 serial ports CONFIG_SERIAL_8250_RUNTIME_UARTS=4: Number of 8250/16550 serial ports to register at runtime Misc avahi: enable/disable IPv4/IPv6 based on network settings and restrict avahidaemon to primary interface. cgroup2 now the default loopback images no longer mounted using directio newperms script restricted to operate on /mnt/ only. upgradepkg patched to prevent replacing existing package with older version. current PCI bus/device information saved in file '/boot/previous/hardware' upon Unraid OS upgrade. NFS: enable UPD transport emhttp: fix cache pool (null) syslog strings emhttp: fix cache pool display wrong device size for selected replacement device networking: fix nginx recognizing IP address from slow dhcp servers mover: fix: improper handling of symlinks mover: fix: Mover logging syslog entries format different from previous releases plugin: Display Run command retval in error message shfs: igonore top-level hidden directoris (names beginning with '.') terminal: OpenTerminal: change termination signal (hard stop) upgrade Unraid OS: check for earlier upgrade without reboot webgui: support PHP8, increase PHP max memory from 128M to 256M webgui: ManagementAccess: Disable Provision/Renew/Upgrade buttons when no IP on eth0 webgui: ManagementAccess: Support wireguard local IP addresses in combination with myservers.unraid.net SSL cert webgui: Move "view" icon on Main and Shares page to the left webgui: Dashboard: fix regression error in "select case" webgui: Dashboard: make items moveable between columns webgui: Keep dismissed banners hidden for a month webgui: Dashboard: API for adding custom tiles webgui: Dashboard: rearrange processor information webgui: Dashboard: rearrange UPS info webgui: Dashboard: rearrange memory info webgui: Dashboard: VPN header rearrangement webgui: Dashboard: header rearrangements webgui: Add jqueryUI touch punch for mobile devices webgui: Changed ID to CLASS for elements occurring more than once webgui: Make header in white and black themes scrollable When more items are present than screen space, the user can now scroll through them (previously these items were invisible) webgui: Dashboard and Docker: introduce lock button for sortable items By default sortable items are locked, which allows mobile devices to scroll the page. Upon request items can be made sortable webgui: Users: add icon to title bar webgui: Tools: new function -> PHP Settings View PHP info Configure error reporting Open LOG to see errors in real-time webgui: System info: fix reading inactive ports webgui: Plugin: Include the actual command, being executed webgui: System info: cache enhancement webgui: System info: memory enhancement webgui: DeviceInfo: disable buttons when erase operation is running webgui: Docker: filetree corrections webgui: Fixed: Dashboard: show heat alarm per pool webgui: Notifications: revised operation Autoclose new notifications after 3 seconds Fix notifications reappearing after closure webgui: DeviceList: add FS type in offline state webgui: Add notification agent for Bark webgui: Main: hide browse icon when disk is not mounted webgui: Diagnostics: add additional btrfs and zfs info webgui: Dashboard: add ZFS memory usage webgui: Revised New Permissions Select either disks or shares (not both) webgui: Add testparm to diagnostics webgui: Support new UD reserved mount point of /mnt/addons webgui: fix issue displaying Attributes when temperature display set to Fahrenheit webgui: Dashboard changes: lock the Dashboard completely: Editing/moving only becomes possible when unlocking the page An empty column is refilled when the respective tiles are made visible again, no need to reset everything added a visual "move indicator" on the Docker and VM page, to make clearer that rows can be moved now. change cursor shape when moving is enabled use tile title as index webgui: fix: Local Firefox account pop-up postmessages not working webgui: SMART test cannot be run on a UD disk because there is no spin down delay selection webgui: status footer stuck on "Starting services" when applying share config setting chagnes. webgui: Fix table layout for orphan images webgui: Plugin: Do not show update button if incompatible webgui: OpenTerminal: limit clients webgui: Context menu: automatic triangle placement webgui: Dashboard: fix pool warnings webgui: Allow SMART long test for UD webgui: Read processor type from /proc/cpuinfo webgui: CSS: solve scrollbar issue in firefox webgui: plugin: Make wget percentage detection more robust webgui: Add share: fix hidden share name check webgui: Display settings: add missing defaults webgui: Array Operation: prevent double clicking of Start button webgui: DeviceInfo: show shareFloor with units webgui: DeviceInfo: added automatic floor calculation webgui: Added autosize message webgui: Shares: added info icon webgui: Updated DeviceInfo and Shares page webgui: Fix network display aberration. webgui: Auto fill-in minimum free space for new shares webgui: feat(upc): update to v3 for connect webgui: Share/Pool size calculation: show and allow percentage values wireguard: add SSL support for WG tunnel IP addresses (myunraid.net wildcard certs only) wireguard: fix nginx issue when partial WireGuard config

You should only need to go to Tools/UpdateOS and switch to the Stable branch to see the update. Sure there are still some outstanding issues and we'll continue to monitor here. Please upgrade and switch to Stable Bug Reports board for new issues.

Changes vs. 6.9.0-beta29 include: Added workaround for mpt3sas not recognizing devices with certain LSI chipsets. We created this file: /etc/modprobe.d/mpt3sas-workaround.conf which contains this line: options mpt3sas max_queue_depth=10000 When the mpt3sas module is loaded at boot, that option will be specified. If you add "mpt3sas.max_queue_depth=10000" to syslinux kernel append line, you can remove it. Likewise, if you manually load the module via 'go' file, can also remove it. When/if the mpt3sas maintainer fixes the core issue in the driver we'll get rid of this workaround. Reverted libvirt to v6.5.0 in order to restore storage device passthrough to VM's. A handful of other bug fixes, including 'unblacklisting' the ast driver (Aspeed GPU driver). For those using that on-board graphics chips, primarily Supermicro, this should increase speed and resolution of local console webGUI. Version 6.9.0-beta30 2020-10-05 (vs -beta29) Base distro: libvirt: version 6.5.0 [revert from version 6.6.0] php: version 7.4.11 (CVE-2020-7070, CVE-2020-7069) Linux kernel: version 5.8.13 ast: removed blacklisting from /etc/modprobe.d mpt3sas: added /etc/modprobe.d/mpt3sas-workaround.conf to set "max_queue_depth=10000" Management: at: suppress session open/close syslog messages emhttpd: correct 'Erase' logic for unRAID array devices emhtppd: wipefs encrypted device removed from multi-device pool emhttpd: yet another btrfs 'free/used' calculation method webGUI: Update statuscheck webGUI: Fix dockerupdate.php warnings

New in Unraid OS 6.8 release: The unRAIDServer.plg file (update OS) still downloads the new release zip file to RAM but then extracts directly to USB flash boot device. You will probably notice a slight difference in speed of extract messages. There is still a 'sync' command at the end, which causes each device to spin up serially as Linux kernel syncs each device (why does kernel do this serially? I have no idea). I am tempted to remove this because a Reboot of course spins everything up in parallel, but I'm concerned about users out there who might just hit Reset button and USB flash write data is not fully written. Forms based authentication If you have set a root password for your server, upon boot you'll now see a nice login form. There still is only one user for Unraid so for username enter root. This form should be compatible with all major password managers out there. We always recommend using a strong password. We have auto-logout set to 1 hour. Linux kernel 5.3 default scheduler now 'mq-deadline' enabled Huge Page support, though no UI control yet binfmt_misc support added "Vega 10 Reset bug" patch more device drivers Some out-of-tree (oot) drivers are currently omitted either because the source code doesn't compile or driver doesn't work with the 5.3 kernel: Intel ixgbe [does not build] (using in-tree driver) Highpoint r750 [does not work] Highpoint rr3740a [does not build] This is always the risk with including vendor-supplied drivers. Until the vendor fixes their code we must omit their driver. md/unraid driver Introduced "multi-stream" support: Reads on devices which are not being written should run at full speed. In addition, if you have set the md_write_method tunable to "reconstruct write", then while writing, if any read streams are detected, the write method is switched to "read/modifywrite". Parity sync/check should run at full speed by default. Parity sync/check can be throttled back in presence of other active streams. The "stripe pool" resource is automatically shared evenly between all active streams. As a result got rid of some Tunables: md_sync_window md_sync_thresh and added some tunables: md_queue_limit md_sync_limit Please refer to Settings/Disk Settings help text for description of these settings. Remaining issue: some users have reported slower parity sync/check rates for very wide arrays (20+ devices) vs. 6.7 and earlier releases - we are still studying this problem. WireGuard support - available as a plugin via Community Apps. Our WireGuard implementation and UI is still a work-in-process; for this reason we have made this available as a plugin, though the latest WireGuard module is included in our Linux kernel. Full WireGuard implementation will be merged into Unraid OS itself in a future release. I want to give special thanks to @bonienl who wrote the plugin with lots of guidance from @ljm42 - thank you! I also should give a shout out to @NAS who got us rolling on this. If you don't know about WireGuard it's something to look into! Guide here: WS-Discovery support - Finally you can get rid of SMBv1 and get reliable Windows network discovery. This feature is configured on the Settings/SMB Settings page and enabled by default. Also on same settings page is Enable NetBIOS setting. This is enabled by default, however if you no longer have need for NetBIOS discovery you can turn it off. When turned off, Samba is configured to accept only SMBv2 protocol and higher. Added mDNS client support in Unraid OS. This means, for example, from an Unraid OS terminal session to ping another Unraid OS server on your network you can use (e.g., 'tower'): ping tower.local instead of ping tower Note the latter will still work if you have NetBIOS enabled. User Share File System (shfs) changes: Integrated FUSE-3 - This should increase performance of User Share File System somewhat. Fixed bug with hard link support. Previously a 'stat' on two directory entries referring to same file would return different i-node numbers, thus making it look like two independent files. This has been fixed however there is a config setting on Settings/Global Share Settings called "Tunable (support hard links)". The default is Yes, but with certain very old media and DVD players which access shares via NFS, you may need to set this to No. Note: if you have custom config/extra.cfg file, get rid of it. Other improvements/bug fixes: Format - during Format any running parity sync/check is automatically Paused and then resumed upon Format completion. Encryption - an entered passphrase is not saved to any file. Also included an API for Unassigned devices plugin to open encrypted volumes. Fixed bug where multi-device btrfs pool was leaving metadata set to dup instead of raid1. Several other small bug fixes and improvements. Numerous base package updates. Finally - please note that AFP is now deprecated and we plan to remove in Unraid 6.9 release. Version 6.8.0-rc1 2019-10-11 Base distro: aaa_elflibs: version 15.0 build 11 acpid: version 2.0.32 at-spi2-atk: version 2.34.0 at-spi2-core: version 2.34.0 atk: version 2.34.1 bash: version 5.0.011 btrfs-progs: version 5.2.2 bzip2: version 1.0.8 ca-certificates: version 20190826 cifs-utils: version 6.9 cryptsetup: version 2.2.1 curl: version 7.66.0 dbus: version 1.12.16 dbus-glib: version 0.110 dhcpcd: version 8.0.6 docker: version 19.03.3 e2fsprogs: version 1.45.4 encodings: version 1.0.5 etc: version 15.0 ethtool: version 5.3 expat: version 2.2.9 file: version 5.37 findutils: version 4.7.0 freetype: version 2.10.1 fuse3: version 3.6.2 gdbm: version 1.18.1 gdk-pixbuf2: version 2.38.2 git: version 2.23.0 glib2: version 2.62.0 glibc-solibs: version 2.30 glibc-zoneinfo: version 2019c glibc: version 2.30 glu: version 9.0.1 gnutls: version 3.6.10 gtk+3: version 3.24.10 harfbuzz: version 2.6.0 haveged: version 1.9.8 hostname: version 3.22 hwloc: version 1.11.13 icu4c: version 64.2 intel-microcode: version 20190918 iproute2: version 5.3.0 iptables: version 1.8.3 iputils: version 20190709 irqbalance: version 1.6.0 less: version 551 libICE: version 1.0.10 libX11: version 1.6.8 libXi: version 1.7.10 libXt: version 1.2.0 libarchive: version 3.4.0 libcap-ng: version 0.7.10 libcroco: version 0.6.13 libdrm: version 2.4.99 libedit: version 20190324_3.1 libevdev: version 1.7.0 libevent: version 2.1.11 libgcrypt: version 1.8.5 libgudev: version 233 libjpeg-turbo: version 2.0.3 libnftnl: version 1.1.4 libnl3: version 3.5.0 libpcap: version 1.9.1 libpciaccess: version 0.16 libpng: version 1.6.37 libpsl: version 0.21.0 librsvg: version 2.44.14 libseccomp: version 2.4.1 libssh2: version 1.9.0 libtasn1: version 4.14 libusb: version 1.0.23 libvirt-php: version 0.5.5 libvirt: version 5.7.0 (CVE-2019-10161, CVE-2019-10166, CVE-2019-10167, CVE-2019-10168) libwebp: version 1.0.3 libzip: version 1.5.2 logrotate: version 3.15.1 lsof: version 4.93.2 lsscsi: version 0.30 lvm2: version 2.03.05 lz4: version 1.9.1 mkfontscale: version 1.2.1 mozilla-firefox: version 68.0.2 (CVE-2019-11751, CVE-2019-11746, CVE-2019-11744, CVE-2019-11742, CVE-2019-11736, CVE-2019-11753, CVE-2019-11752, CVE-2019-9812, CVE-2019-11741, CVE-2019-11743, CVE-2019-11748, CVE-2019-11749, CVE-2019-5849, CVE-2019-11750, CVE-2019-11737, CVE-2019-11738, CVE-2019-11747, CVE-2019-11734, CVE-2019-11735, CVE-2019-11740, CVE-2019-11754, CVE-2019-9811, CVE-2019-11711, CVE-2019-11712, CVE-2019-11713, CVE-2019-11714, CVE-2019-11729, CVE-2019-11715, CVE-2019-11716, CVE-2019-11717, CVE-2019-1 1718, CVE-2019-11719, CVE-2019-11720, CVE-2019-11721, CVE-2019-11730, CVE-2019-11723, CVE-2019-11724, CVE-2019-11725, CVE-2019-11727, CVE-2019-11728, CVE-2019-11710, CVE-2019-11709) nano: version 4.5 ncurses: version 6.1_20190720 net-tools: version 20181103_0eebece nettle: version 3.5.1 nghttp2: version 1.39.2 nginx: version 1.16.1 (CVE-2019-9511, CVE-2019-9513, CVE-2019-9516) nodejs: version 10.16.3 nss-mdns: version 0.14.1 ntp: version 4.2.8p13 openldap-client: version 2.4.48 openssh: version 8.0p1 openssl-solibs: version 1.1.1d openssl: version 1.1.1d p11-kit: version 0.23.18.1 pcre2: version 10.33 php: version 7.2.23 (CVE-2019-11042, CVE-2019-11041) pixman: version 0.38.4 pkgtools: version 15.0 procps-ng: version 3.3.15 qemu: version 4.1.0 (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091) qrencode: version 4.0.2 rpcbind: version 1.2.5 rsyslog: version 8.1908.0 samba: version 4.10.8 (CVE-2019-10197) sdparm: version 1.10 sessreg: version 1.1.2 setxkbmap: version 1.3.2 sg3_utils: version 1.44 shadow: version 4.7 shared-mime-info: version 1.12 sqlite: version 3.29.0 sysvinit-scripts: version 2.1 sysvinit: version 2.96 talloc: version 2.3.0 tdb: version 1.4.2 tevent: version 0.10.1 ttyd: version 1.5.2 usbutils: version 012 util-linux: version 2.34 wget: version 1.20.3 wireguard: version 0.0.20190913 wsdd: version 20180618 build 2 xauth: version 1.1 xclock: version 1.0.9 xfsprogs: version 5.2.1 xkeyboard-config: version 2.27 xorg-server: version 1.20.5 xrandr: version 1.5.1 xterm: version 348 xwininfo: version 1.1.5 zstd: version 1.4.3 Linux kernel: version 5.3.6 default scheduler now mq-deadline CONFIG_BINFMT_MISC: Kernel support for MISC binaries CONFIG_DEBUG_FS: Debug Filesystem CONFIG_HUGETLBFS: HugeTLB file system support CONFIG_ICE: Intel(R) Ethernet Connection E800 Series Support CONFIG_IGC: Intel(R) Ethernet Controller I225-LM/I225-V support CONFIG_MLX5_CORE_IPOIB: Mellanox 5th generation network adapters (connectX series) IPoIB offloads support CONFIG_SCSI_SMARTPQI: Microsemi PQI Driver CONFIG_WIREGUARD: IP: WireGuard secure network tunnel patch: fix_vega_reset (user request) patch: increase BLK_MAX_REQUEST_COUNT from 16 to 32 oot: LimeTech md/unraid: version 2.9.10 (multi-stream support) oot: Highpoint rsnvme: version v1.2.16_19_05_06 oot: Tehuti tn40xx: version 0.3.6.17.2 oot: omitted: Intel ixgbe [does not build] (using in-tree driver) oot: omitted: Highpoint r750 [does not work] oot: omitted: Highpoint rr3740a [does not build] Management: fix btrfs bug where converting from single to multiple pool did not balance metadata to raid1, and converting from multiple to single did not balance metadata back to single. auto-mount hugetlbfs to support kernel huge pages emhttpd: do not write /root/keyfile if encryption passphrase provided via webGUI fstab: mount USB flash boot device with root-only access nginx.conf: configure all nginx worker threads to run as 'root'. start/stop WireGuard upon server start/shutdown support forms-based authentication shfs: support FUSE3 API changes; hard links report same st_ino; hard link support configurable support disabling NetBIOS, and set Samba 'min server procotol' and 'min client protocol' to SMB2 if disabled support WS-Discovery method support mDNS local name resolution via avahi extract OS upgrade directly to USB flash webgui: Revamp Banner Warning System webgui: Fix custom case png not surviving reboot webgui: Enhanced display of network settings webgui: Open banner system to 3rd party apps webgui: Modified notify script to allow overriding email recipients in notification settings webgui: Allow Safari to use websockets webgui: Select case correction + replace MD1510 for AVS-10/4 webgui: Font, Icon and image cleanup webgui: Added AFP deprecated notice webgui: Changed config folder of TELEGRAM webgui: Add share access to user edit webgui: Added cache and disk type to shares page webgui: Aligned management page layout webgui: Added conditional UPnP setting on Management page webgui: Support wireguard plugin in download.php webgui: Added UPnP to access script (to support WireGuard plugin) webgui: Made notify script compatible with 6.8 new security scheme webgui: Fixed misalignment of absent disk on Main page webgui: Update ArrayDevices.page help text webgui: show warning on login page when browser cookies are disabled webgui: Fixed docker container update state webgui: Added VM XML files to diagnostics webgui: Telegram notification agent: enable group chat IDs, update helper description webgui: Integrate CAs Plugin Helper webgui: Switch download routine to be PHP Curl webgui: Change PluginHelpers download to be PHP Curl webgui: dockerMan - Deprecate TemplateURL webgui: Fixed: footer always on foreground webgui: Plugin Helpers: Follow redirects on downloads webgui: dockerMan: Redownload Icon if URL changes webgui: If a page is loaded via https, prevent it from loading resources via http (ie, block mixed content) webgui: Ensure spinner always ontop webgui: Allow outside click to close popups webgui: Use complete HTML documents in popups webgui: Standardize on lang="en" webgui: Added 'F1' key to toggle help text webgui: Main page: consolidate spin up/down action and device status into one webgui: support changed tunables on Disk Settings page

Please refer to the 6.12.0-rc1 topic for a general overview. Version 6.12.0-rc4.1 2023-04-27 Fixes bug in bind-mount when share names contain spaces. Version 6.12.0-rc4 2023-04-27 New in this release is a conceptual change in the way storage is assigned to shares. Normally such a change would not happen in an -rc series; however, in this case the under-the-hood coding was minimal. The concept outlined below is something we planned on introducing in the Unraid OS 6.13 cycle. We decided to introduce this change now because of increased interest in Unraid OS now that ZFS is supported. The old concept of main storage being the unRAID array with an optional "Cache" is confusing to many new users, especially since cache has a specific meaning in ZFS. Also outlined below, we introduced the concept of an exclusive share. This is simply a share where all the data exists in a single named pool. In this case we set up a bind-mount, bypassing the FUSE-based User Share file system. This feature is primarily aimed at maximizing I/O for large fast ZFS pools accessed via a fast network Share storage conceptual change Configuring the storage options for a share is specified using two inputs: Primary storage Secondary storage Primary storage is where new files/folders are created. If Primary storage is below the Minimum Free Space setting then new files and folders will be created in Secondary storage, if configured. Each input presents a drop-down which lists "array", "none", and each named pool as a selection according to some configuration rules: For the Primary storage drop-down: the "none" option is omitted, ie, Primary storage must be selected any named pool can be selected "Array" can be selected (meaning the unRAID array) For the Secondary storage drop-down: the "none" option is included, ie, Secondary storage is optional if Primary storage is a pool name, then the only options are "none" and "Array" if Primary storage is "Array", then only "none" appears as an option When "Array" is selected for either Primary or Secondary storage, a set of additional settings slide in: Allocation method Included disk(s) Excluded disk(s) Split level When a btrfs named pool is selected for either Primary or Secondary storage, an additional setting slides in: Enable Copy-on-write When a ZFS named pool is selected for either Primary or Secondary storage, there are no additional settings at this time but there could be some in the future. For example, since a share is created as a ZFS dataset, it could have a different compression setting than the parent pool if we need to implement this. Mover action When there is Secondary storage configured for a share the "Mover action" setting becomes enabled, letting the user select the transfer direction of the mover: Primary to Secondary (default) Secondary to Primary Exclusive shares If Primary storage for a share is a pool and Secondary storage is set to "none", then we can set up a bind-mount in /mnt/user/ directly to the pool share directory. (An additional check is made to ensure the share also does not exist on any other volumes.) There is a new status flag, 'Exclusive access' which is set to 'Yes' when a bind-mount is in place; and, 'No' otherwise. Exclusive shares are also indicated on the Shares page. The advantage of setting up a bind-mount is that I/O bypasses FUSE-based user share file system (shfs) which can significantly increase performance. There are some restrictions: Both the share Min Free Space and pool Min Free Space settings are ignored when creating new files on an exclusive share. If there are any open files, mounted loopback images, or attached VM vdisk images on an exclusive share, no settings for the share can be changed. If the share directory is manually created on another volume, files are not visible in the share until after array restart, upon which the share is no longer exclusive. Change Log vs. 6.12.0-rc3 Linux kernel version: 6.1.26 Misc avahi: enable/disable IPv4/IPv6 based on network settings webgui: DeviceInfo: show shareFloor with units webgui: DeviceInfo: added automatic floor calculation webgui: Added autosize message webgui: Shares: added info icon webgui: Updated DeviceInfo and Shares page [explain] webgui: Fix network display aberration. webgui: Auto fill-in minimum free space for new shares webgui: feat(upc): update to v3 for connect webgui: Share/Pool size calculation: show and allow percentage values webgui: VM manager: Make remote viewer and web console options selectable. webgui: VM manager: Option to download .vv file and start remote viewer is browser set to open file .vv when downloaded. webgui: VM manager: Add remote viewer console support webgui: VM manager: Remove-lock-posix='on'-flock='on'/- Base Distro openzfs: version 2.1.11 Version 6.12.0-rc3 2023-04-14 Upgrade notes If you created any zpools using 6.12.0-beta5 please Erase those pools and recreate. If you revert back from 6.12 to 6.11.5 or earlier, you have to force update all your Docker containers and start them manually after downgrading. This is necessary because of the underlying change to cgroup v2 in 6.12.0-rc1. Upon boot, if all PCI devices specified in 'config/vfio-pci.cfg' file do not properly bind, VM Autostart is prevented. You may still start individual VMs. This is to prevent Unraid host crash if hardware PCI IDs changed because of a kernel update or physical hardware change. To restore VM autostart, examine '/var/log/vfio-pci-error' and remove offending PCI IDs from 'config/vfio-pci.cfg' file and reboot. Linux Multi-Gen LRU is a relatively new feature now included but not enabled by default. You can enable by adding this line to your 'config/go' file: echo y > /sys/kernel/mm/lru_gen/enabled If you revert back from 6.12 to 6.11.5 or earlier you many need to remove that line. Obsolete/Broken Plugins There are a few plugins which are known to be incompatible with Unraid 6.12, and upon boot will not be installed. You will get a notification for each plugin that is affected, and can review the list by going to Plugins/Plugin File Install Errors. disklocation-master version 2022.06.18 (Disk Location by olehj, breaks the dashboard) plexstreams version 2022.08.31 (Plex Streams by dorgan, breaks the dashboard) corsairpsu version 2021.10.05 (Corsair PSU Statistics by Fma965, breaks the dashboard) gpustat version 2022.11.30a (GPU Statistics by b3rs3rk, breaks the dashboard) ipmi version 2021.01.08 (IPMI Tools by dmacias72, breaks the dashboard) nut version 2022.03.20 (NUT - Network UPS Tools by dmacias72, breaks the dashboard) NerdPack version 2021.08.11 (Nerd Tools by dmacias72) upnp-monitor version 2020.01.04c (UPnP Monitor by ljm42, not PHP 8 compatible) ZFS-companion version 2021.08.24 (ZFS-Companion Monitor by campusantu, breaks the dashboard) Some of the affected plugins have been taken over by different developers, we recommend that you go to the Apps page and search for replacements. Please ask plugin-specific questions in the support thread for that plugin. ZFS Pools New in this release is the ability to create a ZFS file system in a user-defined pool. In addition you may format any data device in the unRAID array with a single-device ZFS file system. We are splitting full ZFS implementation across two Unraid OS releases. Initial support in this release includes: Support raid0, mirror, raidz1, raidz2 and raidz3 root profiles. Up to 4-way mirror in a mirror vdev. Multiple vdev groups. Support removing single device: if device still present in server, 'wipefs' is used to clear the partition table. Support replacing single missing device with a new device of same or larger size. Support scheduled trimming of ZFS pools. Support pool rename. Pool names must begin with a lowercase letter and only contain lowercase letters, digits, the underscore and dash. Pool names must not end with a digit. Non-root vdev cannot be configured in this release, however, they can be imported. Note: imported hybrid pools may not be expanded in this release. Pools created on other systems may or may not import depending on how the the pool was created. A future update will permit importing pools from any system. A ZFS pool has three variables: profile - the root data organization: raid0, mirror (up to 4-way), raidz1, raidz2, raidz3 width - the number of devices per root vdev groups - the number of root vdevs in the pool At time of ZFS pool creation, the webGUI will present all topology options based on the number of devices assigned to the pool. Special treatment for root single-vdev mirrors: A single-device ZFS pool can be converted to multiple-device mirror by adding up to 3 additional devices in one operation. A 2-device mirror can be increased to 3-device by adding a single device; similarly a 3-device mirror can be increased to 4-device mirror by adding a single device. To add an additional root vdev, you must assign 'width' number of new devices to the pool at the same time. The new vdev will be created with the same 'profile' as the existing vdevs. Additional flexibility in adding/expanding vdevs will be provided in a future update. Pools created with the steini84 plugin can be imported as follows: First create a new pool with the number of slots corresponding to the number of devices in the pool to be imported. Next assign all the devices to the new pool. Upon array Start the pool should be recognized, though certain zpool topologies may not be recognized (please report). Mixed topologies are not supported. For example, a pool with both a mirror root vdev and a raidz root vdev is not recognized. Autotrim can be configured as on or off (except for single-device ZFS volumes in the unRAID array). Compression can be configured as on or off, where on selects lz4. Future update will permit specifying other algorithms/levels. When creating a new ZFS pool you may choose zfs - encrypted, which, like other encrypted volumes, applies device-level encryption via LUKS. ZFS native encryption is not supported at this time. During system boot, the file /etc/modprobe.d/zfs.conf is auto-generated to limit the ZFS ARC to 1/8 of installed memory. This can be overridden if necessary by creating a custom 'config/modprobe.d/zfs.conf' file. Future update will include ability to configure the ARC via webGUI, including auto-adjust according to memory pressure, e.g., VM start/stop. Top-level user shares in a ZFS pool are created as datasets instead of ordinary directories. btrfs pools Autotrim can be configured as on or off when used in a pool. Compression can be configured as on or off. on selects zstd. Future update to permit specifying other algorithms/levels. xfs Autotrim can be configured as on or off when used as a single-slot pool. Docker It is possible to configure the Docker data-root to be placed in a directory on a ZFS storage pool. In this case Docker will use the 'zfs' storage driver. This driver creates a separate dataset for each image layer. Because of this, here is our recommendation for setting up Docker using directory: First, create a docker user share configured as follows: Share name: docker Use cache pool: Only Select cache pool: name of your ZFS pool Next, on Docker settings page: Enable docker: Yes Docker data-root: directory Docker directory: /mnt/user/docker If you ever need to delete the docker persistent state, then bring up the Docker settings page and set Enable docker to No and click Apply. After docker has shut down click the Delete directory checkbox and then click Delete. This will result in deleting not only the various files and directories, but also all layers stored as datasets. Before enabling Docker again, be sure to first re-create the docker share as described above. Other changes: CreateDocker: changed label Docker Hub URL to Registry URL because of GHCR and other new container registries becoming more and more popular. Honor user setting of stop time-out. Accept images in OCI format. Add option to disable readmore-js on container table Fix: Docker Containers console will not use bash if selected VM Manager If you enable copy/paste for virtual consoles you need to install additional software on the client in addition to the QEMU agent if that has been installed. Here is the location for spice-vdagent for both Windows and Linux. Note copy/paste function will not work with web spice viewer you need to use virt-viewer. Add Serial option to vdisk. Spice Bug fix for users with non standard GUI ports defined. OVMF for QEMU: version stable202302 Fix for bus text. Enable copy paste option for virtual consoles Update Memory Backup processing for Virtiofs. Fix lockup when no VMs are present Add support for rtl8139 network model. fix translation omission added lock/unlock for sortable items Fix for Spice Mouse if Copy paste enabled. Dashboard The webGUI Dashboard has been redesigned and it is now possible to move elements (tiles) up and down and between columns. This allows the user to organize the tiles in any way they desire. There is a small lock icon on the menu bar which must be clicked to enable this function. Note: The lock icon also appears on the Docker and VM pages and must be clicked to rearrange the startup order. Release bz file differences Unraid OS is comprised of a set of 5 so-called bz files in the root of the USB Flash boot device: bzimage - the Linux kernel bzroot - the root file system, sans console desktop bzroot-gui - additional files needed for console desktop bzmodules - modules (drivers) associated with the Linux kernel bzfirmware - device firmware required by certain modules Starting with 6.12 release, the content of these files has been rearranged: bzimage - the Linux kernel (same as before) bzroot - the root file system excluding the /usr directory tree bzroot-gui - a single file which auto-starts the console desktop (for compatibility) bzmodules - modules (drivers) associated with the Linux kernel and device firmware required by certain modules bzfirmware - the /usr directory and all files contained therein, including console desktop The results of this change is to speed up the boot process and free up nearly 1G of RAM. It also permits us to add more "stuff" to Unraid OS in the future without requiring more RAM. Finally, when booted in non-GUI mode, the desktop can be started by logging in at the console and typig the 'slim' command. The files bzfirmware and bzmodules are squashfs images mounted using overlayfs at /usr and /lib respectively. Since these files are loopback-mounted, care must be taken if ever you want to perform a manual update. What is a manual update? This is a method of updating Unraid OS on your USB flash boot device without using the Tools/Update OS function. Typically one would either: open a Terminal window, wget the release zip file, unzip the release, and then 'cp' the bz files to root of the boot device. or export the 'flash' share on your network and drag the bz files from a PC directly to the flash. Either method, starting with 6.12 can fail because the bzfirmware file will be overwritten while it is still mounted - not good. To get around this, you must first create a temp directory on the flash device and then 'mv' (or drag) all the bz files to this temp directly. Now you can copy the new bz files in place and reboot. Linux kernel version 6.1.23 md/unraid: version 2.9.27 CONFIG_FS_DAX: File system based Direct Access (DAX) support CONFIG_VIRTIO_FS: Virtio Filesystem CONFIG_ZONE_DEVICE: Device memory (pmem, HMM, etc...) hotplug support CONFIG_USBIP_HOST: Host driver CONFIG_INTEL_MEI: Intel Management Engine Interface CONFIG_INTEL_MEI_ME: ME Enabled Intel Chipsets CONFIG_INTEL_MEI_GSC: Intel MEI GSC embedded device CONFIG_INTEL_MEI_PXP: Intel PXP services of ME Interface CONFIG_INTEL_MEI_HDCP: Intel HDCP2.2 services of ME Interface CONFIG_INTEL_PMC_CORE: Intel PMC Core driver CONFIG_DRM_I915_PXP: Enable Intel PXP support CONFIG_SCSI_FC_ATTRS: FiberChannel Transport Attributes CONFIG_FUSION_SPI: Fusion MPT ScsiHost drivers for SPI CONFIG_FUSION_FC: Fusion MPT ScsiHost drivers for FC CONFIG_FUSION_CTL: Fusion MPT misc device (ioctl) driver CONFIG_FUSION_LOGGING: Fusion MPT logging facility CONFIG_X86_AMD_PSTATE: AMD Processor P-State driver CONFIG_LRU_GEN: Multi-Gen LRU CONFIG_SERIAL_8250_NR_UARTS=32: Maximum number of 8250/16550 serial ports CONFIG_SERIAL_8250_RUNTIME_UARTS=4: Number of 8250/16550 serial ports to register at runtime Misc cgroup2 now the default loopback images no longer mounted using directio upgradepkg patched to prevent replacing existing package with older version. current PCI bus/device information saved in file '/boot/previous/hardware' upon Unraid OS upgrade. NFS: enable UPD transport emhttp: fix cache pool (null) syslog strings emhttp: fix cache pool display wrong device size for selected replacement device networking: fix nginx recognizing IP address from slow dhcp servers mover: fix: improper handling of symlinks mover: fix: Mover logging syslog entries format different from previous releases plugin: Display Run command retval in error message shfs: igonore top-level hidden directoris (names beginning with '.') terminal: OpenTerminal: change termination signal (hard stop) upgrade Unraid OS: check for earlier upgrade without reboot VM Manager: let page load even when PCI devices appear missing or are misassigned wireguard: add SSL support for WG tunnel IP addresses (myunraid.net wildcard certs only) webgui: support PHP8, increase PHP max memory from 128M to 256M webgui: ManagementAccess: Disable Provision/Renew/Upgrade buttons when no IP on eth0 webgui: ManagementAccess: Support wireguard local IP addresses in combination with myservers.unraid.net SSL cert webgui: Move "view" icon on Main and Shares page to the left webgui: Dashboard: fix regression error in "select case" webgui: Dashboard: make items moveable between columns webgui: Keep dismissed banners hidden for a month webgui: Dashboard: API for adding custom tiles webgui: Dashboard: rearrange processor information webgui: Dashboard: rearrange UPS info webgui: Dashboard: rearrange memory info webgui: Dashboard: VPN header rearrangement webgui: Dashboard: header rearrangements webgui: Add jqueryUI touch punch for mobile devices webgui: Changed ID to CLASS for elements occurring more than once webgui: Make header in white and black themes scrollable When more items are present than screen space, the user can now scroll through them (previously these items were invisible) webgui: Dashboard and Docker: introduce lock button for sortable items By default sortable items are locked, which allows mobile devices to scroll the page. Upon request items can be made sortable webgui: Users: add icon to title bar webgui: Tools: new function -> PHP Settings View PHP info Configure error reporting Open LOG to see errors in real-time webgui: System info: fix reading inactive ports webgui: Plugin: Include the actual command, being executed webgui: System info: cache enhancement webgui: System info: memory enhancement webgui: DeviceInfo: disable buttons when erase operation is running webgui: Docker: filetree corrections webgui: Fixed: Dashboard: show heat alarm per pool webgui: Notifications: revised operation Autoclose new notifications after 3 seconds Fix notifications reappearing after closure webgui: DeviceList: add FS type in offline state webgui: Add notification agent for Bark webgui: Main: hide browse icon when disk is not mounted webgui: Diagnostics: add additional btrfs and zfs info webgui: Dashboard: add ZFS memory usage webgui: Revised New Permissions Select either disks or shares (not both) webgui: Add testparm to diagnostics webgui: Support new UD reserved mount point of /mnt/addons webgui: fix issue displaying Attributes when temperature display set to Fahrenheit webgui: Dashboard changes: lock the Dashboard completely: Editing/moving only becomes possible when unlocking the page An empty column is refilled when the respective tiles are made visible again, no need to reset everything added a visual "move indicator" on the Docker and VM page, to make clearer that rows can be moved now. change cursor shape when moving is enabled use tile title as index webgui: fix: Local Firefox account pop-up postmessages not working webgui: VM Manager: fix VM marked as Autostart not starting following manual array Start webgui: SMART test cannot be run on a UD disk because there is no spin down delay selection webgui: status footer stuck on "Starting services" when applying share config setting chagnes. webgui: Fix table layout for orphan images webgui: Plugin: Do not show update button if incompatible webgui: OpenTerminal: limit clients webgui: Context menu: automatic triangle placement webgui: Dashboard: fix pool warnings webgui: Allow SMART long test for UD webgui: Read processor type from /proc/cpuinfo webgui: CSS: solve scrollbar issue in firefox webgui: plugin: Make wget percentage detection more robust webgui: Add share: fix hidden share name check webgui: Display settings: add missing defaults webgui: Array Operation: prevent double clicking of Start button wireguard: fix nginx issue when partial WireGuard config Base Distro aaa_glibc-solibs: version 2.37 adwaita-icon-theme: version 43 at-spi2-core: version 2.46.0 bash: version 5.2.015 bind: version 9.18.12 btrfs-progs: version 6.2.1 ca-certificates: version 20221205 cryptsetup: version 2.6.1 curl: version 7.88.1 dbus: version 1.14.6 diffutils: version 3.9 dnsmasq: version 2.89 docker: version 20.10.23 e2fsprogs: version 1.47.0 encodings: version 1.0.7 file: version 5.44 firefox: version 111.0 (AppImage) freetype: version 2.13.0 fuse3: version 3.12.0 gawk: version 5.2.1 git: version 2.39.2 glib2: version 2.74.6 glibc: version 2.37 glibc-zoneinfo: version 2022g gnutls: version 3.7.9 gptfdisk: version 1.0.9 gtk+3: version 3.24.37 harfbuzz: version 7.1.0 htop: version 3.2.2 iproute2: version 6.2.0 iptables: version 1.8.9 iputils: version 20221126 less: version 612 libICE: version 1.1.1 libSM: version 1.2.4 libX11: version 1.8.4 libXau: version 1.0.11 libXcomposite: version 0.4.6 libXdamage: version 1.1.6 libXdmcp: version 1.1.4 libXpm: version 3.5.15 libXrandr: version 1.5.3 libXres: version 1.2.2 libXxf86dga: version 1.1.6 libarchive: version 3.6.2 libdrm: version 2.4.115 libfontenc: version 1.1.7 libglvnd: version 1.6.0 libjpeg-turbo: version 2.1.5.1 libpcap: version 1.10.3 libpng: version 1.6.39 libpsl: version 0.21.2 liburcu: version 0.14.0 libwebp: version 1.3.0 libxkbcommon: version 1.5.0 libxkbfile: version 1.1.2 libxshmfence: version 1.3.2 lmdb: version 0.9.30 logrotate: version 3.21.0 lsof: version 4.98.0 lz4: version 1.9.4 lzlib: version 1.13 mc: version 4.8.29 mcelog: version 191 mpfr: version 4.2.0 nano: version 7.2 ncurses: version 6.4 nginx: version 1.23.3 nghttp2: version 1.52.0 openssh: version 9.2p1 openssl: version 1.1.1t openssl-solibs: version 1.1.1t openzfs: version 2.1.9 pango: version 1.50.14 pciutils: version 3.9.0 pcre2: version 10.42 php: version 8.2.4 php-libvirt: version 0.5.7 php-markdown: version 2.0.0 samba: version 4.17.7 sqlite: version 3.41.0 sudo: version 1.9.13p2 sysstat: version 12.7.2 tdb: version 1.4.8 tevent: version 0.14.1 traceroute: version 2.1.2 transset: version 1.0.3 tree: version 2.1.0 usbutils: version 015 xcb-util: version 0.4.1 xdriinfo: version 1.0.7 xf86-video-vesa: version 2.6.0 xfsprogs: version 6.1.1 xhost: version 1.0.9 xinit: version 1.4.2 xkbcomp: version 1.4.6 xkeyboard-config: version 2.38 xorg-server: version 21.1.7 xprop: version 1.2.6 xrandr: version 1.5.2 xset: version 1.2.5 xterm: version 379 xz: version 5.4.1 zstd: version 1.5.4

6.9.0-beta24 vs. -beta22 Summary: fixed several bugs added some out-of-tree drivers added ability to use xfs-formatted loopbacks or not use loopback at all for docker image layers. Refer to Docker section below for more details (-beta23 was an internal release) Important: Beta code is not fully tested and not feature-complete. We recommend running on test servers only! Multiple Pools This features permits you to define up to 35 named pools, of up to 30 storage devices/pool. The current "cache pool" is now simply a pool named "cache". Pools are created and managed via the Main page. Note: When you upgrade a server which has a cache pool defined, a backup of config/disk.cfg will be saved to config/disk.cfg.bak, and then cache device assignment settings are moved out of disk.cfg and into a new file, config/pools/cache.cfg. If later you revert back to a pre-6.9 Unraid OS release you will lose your cache device assignments and you will have to manually re-assign devices to cache. As long as you reassign the correct devices, data should remain intact. When you create a user share, or edit an existing user share, you can specify which pool should be associated with that share. The assigned pool functions identically to current cache pool operation. Something to be aware of: when a directory listing is obtained for a share, the unRAID array disk volumes and all pools which contain that share are merged in this order: pool assigned to share disk1 : disk28 all the other pools in strverscmp() order. As with the current "cache pool", a single-device pool may be formatted with either xfs, btrfs, or reiserfs. A multiple-device pool may only be formatted with btrfs. A future release will include support for multiple "unRAID array" pools. We are also considering zfs support. Something else to be aware of: Let's say you have a 2-device btrfs pool. This will be what btrfs calls "raid1" and what most people would understand to be "mirrored disks". Well this is mostly true in that the same data exists on both disks but not necessarily at the block-level. Now let's say you create another pool, and what you do is unassign one of the devices from the existing 2-device btrfs pool and assign it to this pool. Now you have x2 1-device btrfs pools. Upon array Start user might understandably assume there are now x2 pools with exactly the same data. However this is not the case. Instead, when Unraid OS sees that a btrfs device has been removed from an existing multi-device pool, upon array Start it will do a 'wipefs' on that device so that upon mount it will not be included in the old pool. This of course effectively deletes all the data on the moved device. Language Translation A huge amount of work and effort has been implemented by @bonienl to provide multiple-language support in the Unraid OS Management Utility, aka, webGUI. There are several language packs now available, and several more in the works. Thanks to @Squid, language packs are installed via the Community Applications plugin - look for a new category entitled Language. Note: Community Applications must be up to date to install languages. See also here. Each language pack exists in public Unraid organization github repos. Interested users are encouraged to clone and issue Pull Requests to correct translations errors. Language translations and PR merging is managed by @SpencerJ. Linux Kernel Upgraded to 5.7. These out-of-tree drivers are currently included: QLogic QLGE 10Gb Ethernet Driver Support (from staging) RealTek r8125: version 9.003.05 (included for newer r8125) HighPoint rr272x_1x: version v1.10.6-19_12_05 (per user request) Note that as we update Linux kernel, if an out-of-tree driver no longer builds, it will be omitted. These drivers are currently omitted: Highpoint RocketRaid r750 (does not build) Highpoint RocketRaid rr3740a (does not build) Tehuti Networks tn40xx (does not build) If you require one of these drivers, please create a Bug Report and we'll spend some time looking for alternatives. Better yet, pester the manufacturer of the controller and get them to update their drivers. Base Packages All updated to latest versions. In addition, Linux PAM has been integrated. This will permit us to install 2-factor authentication packages in a future release. Docker Updated to version 19.03.11 We also made some changes to add flexibility in assigning storage for the Docker engine. First, 'rc.docker' will detect the filesystem type of /var/lib/docker. We now support either btrfs or xfs and the docker storage driver is set appropriately. Next, 'mount_image' is modifed to support loopback formatted either with btrfs or xfs depending on the suffix of the loopback file name. For example, the file name ends with ".img", as in "docker.img" then we use mkfs.btrfs. If file name ends with "-xfs.img", as in "docker-xfs.img" then we use mkfs.xfs. We also added the ability to bind-mount a directory instead of using a loopback. If file name does not end with ".img" then code assumes this is the name of directory (presumably on a share) which is bind-mounted onto /var/lib/docker. For example, if "/mnt/user/system/docker/docker" then we first create, if necessary the directory "/mnt/user/system/docker/docker". If this path is on a user share we then "dereference" the path to get the disk path which is then bind-mounted onto /var/lib/docker. For exmaple, if "/mnt/user/system/docker/docker" is on "disk1", then we would bind-mount "/mnt/disk1/system/docker/docker". Caution: the share should be cache-only or cache-no so that 'mover' will not attempt to move the directory, but the script does not check this. In this release however, you must edit the 'config/docker.cfg' file directly to specify a directory, for example: DOCKER_IMAGE_FILE="/mnt/user/system/docker/docker" Finally, it's now possible to select different icons for multiple containers of the same type. This change necessitates a re-download of the icons for all your installed docker applications. A delay when initially loading either the dashboard or the docker tab while this happens is to be expected prior to the containers showing up. Virtualization libvirt updated to version 6.4.0 qemu updated to version 5.0.0 In addition, integrated changes to System Devices page by user @Skitals with modifications by user @ljm42. You can now select PCI devices to isolate from Linux upon boot simply by checking some boxes. This makes it easier to reserve those devices for assignment to VM's. Note: If you had the VFIO-PCI Config plugin installed, you should remove it as that functionality is now built-in to Unraid OS 6.9. Refer also @ljm42's excellent guide. In a future release we will include the NVIDIA and AMD GPU drivers natively into Unraid OS. The primary use case is to facilitate accelerated transcoding in docker containers. For this we require Linux to detect and auto-install the appropriate driver. However, in order to reliably pass through an NVIDIA or AMD GPU to a VM, it's necessary to prevent Linux from auto-installing a GPU driver for those devices upon boot, which can be easily done now through System Devices page. Users passing GPU's to VM's are encouraged to set this up now. "unexpected GSO errors" If your system log is being flooded with errors such as: Jun 20 09:09:21 Tower kernel: tun: unexpected GSO type: 0x0, gso_size 31, hdr_len 66 You need to edit each VM and change the model type for the Ethernet bridge from "virtio" to "virtio-net". In most cases this can be accomplished simply by clicking Update in "Form View" on the VM Edit page. For other network configs it may be necessary to directly edit the xml. Example: <interface type='bridge'> <mac address='xx:xx:xx:xx:xx:xx'/> <source bridge='br0'/> <model type='virtio-net'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/> </interface> Other AFP support has been removed. Numerous other Unraid OS and webGUI bug fixes and improvements. Version 6.9.0-beta24 2020-07-08 Bug fixes: fix emhttpd crash expanding number of slots for an existing pool fix share protected/not protected status fix btrfs free space reporting fix pool spinning state incorrect Base distro: curl: version 7.71.0 fuse3: version 3.9.2 file: version 5.39 gnutls: version 3.6.14 harfbuzz: version 2.6.8 haveged: version 1.9.12 kernel-firmware: version 20200619_3890db3 libarchive: version 3.4.3 libjpeg-turbo: version 2.0.5 lcms2: version 2.11 libzip: version 1.7.1 nginx: version 1.19.0 (CVE-2019-9511, CVE-2019-9513, CVE-2019-9516) ntp: version 4.2.8p15 openssh: version 8.3p1 pam: version 1.4.0 rsync: version 3.2.1 samba: version 4.12.5 (CVE-2020-10730, CVE-2020-10745, CVE-2020-10760, CVE-2020-14303) shadow: version 4.8.1 sqlite: version 3.32.3 sudo: version 1.9.1 sysvinit-scripts: version 2.1 ttyd: version 20200624 util-linux: version 2.35.2 xinit: version 1.4.1 zstd: version 1.4.5 Linux kernel: version 5.7.7 out-of-tree driver: QLogic QLGE 10Gb Ethernet Driver Support (from staging) out-of-tree driver: RealTek r8125: version 9.003.05 out-of-tree driver: HighPoint rr272x_1x: version v1.10.6-19_12_05 Management: cleanup passwd, shadow docker: support both btrfs and xfs backing filesystems loopbacks: permit xfs or btrfs based on filename mount_image: suppport bind-mount mount all btrfs volumes using 'space_cache=v2' option mount loopbacks with 'noatime' option; enable 'direct-io' non-rotational device partitions aligned on 1MiB boundary by default ssh: require passwords, disable non-root tunneling web terminal: inhibit warning pop-up when closing window webgui: Add log viewer for vfio-pci webgui: Allow different image types to upload with 512K max webgui: other misc. improvements webgui: vm manager: Preserve VNC port settings

A fairly large kernel update was published yesterday as was a new WireGuard release and I thought it important to update and sanity-check. We'll let this bake over the weekend and if no new big issue shows up we'll publish to stable. Then we can move on to the 5.4 kernel in Unraid 6.9. -rc9 summary: Update kernel to 4.19.88. Update to latest WireGuard release Other package updates. Specific changes in [-rcN] are indicated in bold below. New in Unraid OS 6.8 release: The unRAIDServer.plg file (update OS) still downloads the new release zip file to RAM but then extracts directly to USB flash boot device. You will probably notice a slight difference in speed of extract messages. [-rc2] The 'sync' command at the end has been replaced with 'sync -f /boot'. Forms based authentication If you have set a root password for your server, when accessing webGUI you'll now see a nice login form. There still is only one user for Unraid so for username enter root. This form should be compatible with all major password managers out there. We always recommend using a strong password. [-rc2] There is no auto-logout implemented yet, please click Logout on menu bar or completely close your browser to logout. Linux kernel [-rc8] Remains on 4.19 [-rc6/-rc7] include latest Intel microcode for yet another hardware vulnerability mitigation. default scheduler now 'mq-deadline' [-rc2] but this can be changed via Settings/Disk Settings/Scheduler setting. enabled Huge Page support, though no UI control yet binfmt_misc support added "Vega 10 Reset bug" [-rc2] and 'navi-reset' patches removed [-rc5] [-rc2] added oot: Realtek r8125: version 9.002.02 [-rc3] additional md/unraid changes and instrumentation [-rc6] fix chelsio missing firmware [-rc8] removed Highpoint r750 driver [does not work] md/unraid driver Introduced "multi-stream" support: Reads on devices which are not being written should run at full speed. In addition, if you have set the md_write_method tunable to "reconstruct write", then while writing, if any read streams are detected, the write method is switched to "read/modifywrite". Parity sync/check should run at full speed by default. Parity sync/check is throttled back in presence of other active streams. The "stripe pool" resource is automatically shared evenly between all active streams. As a result got rid of some Tunables: md_sync_window md_sync_thresh and added some tunables: md_queue_limit md_sync_limit [-rc2] md_scheduler Please refer to Settings/Disk Settings help text for description of these settings. WireGuard support - available as a plugin via Community Apps. Our WireGuard implementation and UI is still a work-in-process; for this reason we have made this available as a plugin, though the latest WireGuard module is included in our Linux kernel. Full WireGuard implementation will be merged into Unraid OS itself in a future release. I want to give special thanks to @bonienl who wrote the plugin with lots of guidance from @ljm42 - thank you! I also should give a shout out to @NAS who got us rolling on this. If you don't know about WireGuard it's something to look into! Guide here: WS-Discovery support - Finally you can get rid of SMBv1 and get reliable Windows network discovery. This feature is configured on the Settings/SMB Settings page and enabled by default. Also on same settings page is Enable NetBIOS setting. This is enabled by default, however if you no longer have need for NetBIOS discovery you can turn it off. When turned off, Samba is configured to accept only SMBv2 protocol and higher. Added mDNS client support in Unraid OS. This means, for example, from an Unraid OS terminal session to ping another Unraid OS server on your network you can use (e.g., 'tower'): ping tower.local instead of ping tower Note the latter will still work if you have NetBIOS enabled. User Share File System (shfs) changes: Integrated FUSE-3 - This should increase performance of User Share File System. Fixed bug with hard link support. Previously a 'stat' on two directory entries referring to same file would return different i-node numbers, thus making it look like two independent files. This has been fixed however there is a config setting on Settings/Global Share Settings called "Tunable (support hard links)". [-rc2 ] Fixed the default value Yes, but with certain very old media and DVD players which access shares via NFS, you may need to set this to No. [-rc5] Fixed not accounting for devices not mounted yet. Note: if you have custom config/extra.cfg file, get rid of it. Other improvements/bug fixes: Format - during Format any running parity sync/check is automatically Paused and then resumed upon Format completion. Encryption - an entered passphrase is not saved to any file. Fixed bug where multi-device btrfs pool was leaving metadata set to dup instead of raid1. Several other small bug fixes and improvements. [-rc5] Fixed bug where quotes were not handled properly in passwords. Numerous base package updates [-rc2] including updating PHP to version 7.3.x, Samba to version 4.11.x. Known Issues and Other Errata Some users have reported slower parity sync/check rates for very wide arrays (20+ devices) vs. 6.7 and earlier releases - we are still studying this problem. [-rc6] this is fixed: If you are using Unassigned Devices plugin with encrypted volumes, you must use the file method of specifying the encryption passphrase. Note that a file containing your passphrase must consist of a single null-terminated string with no other line ending characters such as LF or CR/LF. In another step toward better security, the USB flash boot device is configured so that programs and scripts residing there cannot be directly executed (this is because the 'x' bit is set now only for directories). Commands placed in the 'go' file still execute because during startup, that file is copied to /tmp first and then executed from there. If you have created custom scripts you may need to take a similar approach. AFP is now deprecated and we plan to remove support in Unraid 6.9 release. A note on password strings Password strings can contain any character however white space (space and tab characters) is handled specially: all leading and trailing white space is discarded multiple embedded white space is collapsed to a single space character. By contrast, encryption passphrase is used exactly as-is. Version 6.8.0-rc9 2019-12-06 Base distro: btrfs-progs: version 5.4 ca-certificates: version 20191130 ebtables: version 2.0.11 gnutls: version 3.6.11.1 gtk+3: version 3.24.13 iproute2: version 5.4.0 iptables: version 1.8.4 keyutils: version 1.6 libepoxy: version 1.5.4 libnftnl: version 1.1.5 librsvg: version 2.46.4 libtasn1: version 4.15.0 lvm2: version 2.03.07 nano: version 4.6 pcre2: version 10.34 pkgtools: version 15.0 build 28 wireguard: version 0.0.20191205 xorg-server: version 1.20.6 Linux kernel: version 4.19.88

Mainly bug fix to address "slow transfer to xfs-encrypted array disks" issue. Version 6.7.0-rc4 2019-02-15 Base distro: docker: version 18.09.2 (CVE-2019-5736) qemu: version 3.1.0 (rev 2) patched pcie link speed and width support Linux kernel: version: 4.19.23 md/unraid: version 2.9.7 (setup queue properties correctly) Management: webgui: Syslog: added viewer webgui: Dashboard: table right adjustment in two columns view webgui: Dashboard: table adjustment in three columns view webgui: Diagnostics: dynamic file name creation webgui: Move "Management Access" directly under Settings webgui: OS update: style correction

Can I please ask everyone when you mark an issue as "urgent" to obey these conditions: 1) The problem is reproduceable 2) Diagnostics and other relevant information are attached in the post We (the receiving side) get alarm bells ringing and act asap, but need info as much as possible to find and resolve the issue. Thank you.

Please report only issues/bugs which are new in the prerelease. We've been holding back on this release a few days waiting for updated Intel ixgbe (10Gbit) OOT driver which builds correctly with 4.18 kernel. But no update yet so this release uses 4.17.19 kernel. Every major subsystem has been updated. In addition @bonienl has added some really cool features and update the default themes to match our new branding. Release notes: Version 6.6.0-rc1 2018-08-31 Base distro: aaa_base: version 14.2 (rev 5) aaa_elflibs: version 15.0 (rev 2) acl: version 2.2.53 acpid: version 2.0.29 adwaita-icon-theme: version 3.28.0 appres: version 1.0.5 (rev 2) at-spi2-atk: version 2.26.2 at-spi2-core: version 2.28.0 at: version 3.1.20 (rev 5) atk: version 2.28.1 attr: version 2.4.48 avahi: version 0.7 (rev2) bash: version 4.4.023 bin: version 11.1 (rev 2) bridge-utils: version 1.5 (rev 2) btrfs-progs: version v4.17 bzip2: version 1.0.6 (rev 3) ca-certificates: version 20180409 cairo: version 1.15.12 celt051: version 0.5.1.3 (rev 2) cifs-utils: version 6.7 (rev 2) coreutils: version 8.29 (rev 2) cpio: version 2.12 (rev 2) cpufrequtils: version 08 (rev 2) cryptsetup: version 1.7.5 (rev 2) curl: version 7.61.0 (CVE-2018-1000300, CVE-2018-1000301, CVE-2018-0500) cyrus-sasl: version 2.1.27_rc8 db48: version 4.8.30 (rev 4) dbus: version 1.12.8 dcron: version 4.5 dejavu-fonts-ttf: version 2.37 (rev 4) dhcpcd: version 7.0.6 diffutils: version 3.6 (rev 2) dmidecode: version 3.1 (rev 2) dnsmasq: version 2.79 (rev 2) docker: version 18.06.1-ce e2fsprogs: version 1.44.2 ebtables: version 2.0.10 (rev 2) editres: version 1.0.7 (rev 2) elvis: version 2.2_0 (rev 4) encodings: version 1.0.4 (rev 2) etc: version 15.0 (rev 6) ethtool: version 4.17 eudev: version 3.2.5 (rev2) file: version 5.33 findutils: version 4.4.2 (rev 2) flex: version 2.6.4 (rev 3) floppy: version 5.5 (rev 2) fontconfig: version 2.12.6 (rev 2) freetype: version 2.9 (rev 2) fribidi: version 1.0.4 fuse: version 2.9.7 (rev3) gawk: version 4.2.1 (rev 2) gd: version 2.2.5 (rev2) gdbm: version 1.15 gdk-pixbuf2: version 2.36.12 genpower: version 1.0.5 (rev 3) getty-ps: version 2.1.0b (rev 4) glew: version 2.1.0 (rev 2) glib2: version 2.56.1 glibc-solibs: version 2.27 (rev 4) glibc-zoneinfo: version 2018e (rev 3) glibc: version 2.27 (rev 4) glu: version 9.0.0 (rev 2) gmp: version 6.1.2 (rev 2) gnome-themes-standard: version 3.22.3 (rev 2) gnupg: version 1.4.23 (CVE-2018-12020) gnutls: version 3.6.2 (rev 2) gptfdisk: version 1.0.3 (rev 2) grep: version 3.1 (rev 2) gtk+3: version 3.22.30 gzip: version 1.9 (rev 2) harfbuzz: version 1.8.1 haveged: version 1.9.2 hdparm: version 9.56 hicolor-icon-theme: version 0.17 (rev 2) hostname: version 3.18 (rev 2) htop: version 2.2.0 icu4c: version 61.1 imlib2: version 1.5.1 inetd: version 1.79s (rev 11) infozip: version 6.0 (rev 4) inotify-tools: version 3.14 (rev 2) intel-microcode: version 20180807 iproute2: version 4.17.0 iptables: version 1.6.2 (rev 2) iputils: version s20140519 (rev 2) kernel-firmware: version 20180814_f1b95fe keyutils: version 1.5.10 (rev 2) kmod: version 25 (rev 2) lbzip2: version 2.5 less: version 530 (rev 3) libaio: version 0.3.111 libarchive: version 3.3.2 (rev 3) libcap-ng: version 0.7.8 (rev 3) libcgroup: version 0.41 (rev 5) libcroco: version 0.6.12 (rev 2) libdaemon: version 0.14 (rev2) libdmx: version 1.1.4 libdrm: version 2.4.92 libedit: version 20180525_3.1 libee: version 0.4.1 (rev 2) libepoxy: version 1.4.3 (rev 2) libestr: version 0.1.10 (rev 2) libevdev: version 1.5.9 (rev 2) libevent: version 2.1.8 (rev 3) libfastjson: version 0.99.8 (rev2) libffi: version 3.2.1 (rev 2) libfontenc: version 1.1.3 (rev 2) libgcrypt: version 1.8.3 (CVE-2018-0495) libgpg-error: version 1.31 libgudev: version 232 (rev 2) libICE: version 1.0.9 (rev 3) libidn: version 1.35 libjpeg-turbo: version 1.5.3 (rev 2) liblogging: version 1.0.6 (rev2) libmnl: version 1.0.4 (rev 3) libnetfilter_conntrack: version 1.0.7 libnfnetlink: version 1.0.1 (rev 2) libnftnl: version 1.1.0 libnl3: version 3.4.0 (rev 2) libpcap: version 1.8.1 (rev 2) libpciaccess: version 0.14 (rev 2) libpng: version 1.6.34 (rev 2) libpthread-stubs: version 0.4 (rev 2) librsvg: version 2.42.5 libseccomp: version 2.3.3 (rev2) libSM: version 1.2.2 (rev 3) libssh2: version 1.8.0 (rev 3) libtasn1: version 4.13 (rev 2) libtirpc: version 1.0.3 (rev 2) libunistring: version 0.9.10 libunwind: version 1.2.1 libusb-compat: version 0.1.5 (rev2) libusb: version 1.0.22 libvirt-php: version 0.5.4 (rev3) libvirt: version 4.6.0 libwebsockets: version 2.4.2 libX11: version 1.6.5 (rev 2) libx86: version 1.1 (rev 3) libXau: version 1.0.8 (rev 3) libXaw: version 1.0.13 (rev 2) libxcb: version 1.13 (rev 2) libXcomposite: version 0.4.4 (rev 3) libXcursor: version 1.1.15 (rev 2) libXdamage: version 1.1.4 (rev 3) libXdmcp: version 1.1.2 (rev 3) libXevie: version 1.0.3 (rev 3) libXext: version 1.3.3 (rev 3) libXfixes: version 5.0.3 (rev 2) libXfont2: version 2.0.3 (rev 2) libXfontcache: version 1.0.5 (rev 3) libXft: version 2.3.2 (rev 4) libXi: version 1.7.9 (rev 2) libXinerama: version 1.1.3 (rev 3) libxkbfile: version 1.0.9 (rev 2) libxml2: version 2.9.8 (rev 2) libXmu: version 1.1.2 (rev 3) libXpm: version 3.5.12 (rev 2) libXrandr: version 1.5.1 (rev 2) libXrender: version 0.9.10 (rev 2) libXres: version 1.2.0 (rev 2) libxshmfence: version 1.3 (rev 2) libxslt: version 1.1.32 (rev 2) libXt: version 1.1.5 (rev 2) libXtst: version 1.2.3 (rev 2) libXxf86dga: version 1.1.4 (rev 3) libXxf86misc: version 1.0.3 (rev 3) libXxf86vm: version 1.1.4 (rev 3) listres: version 1.0.4 (rev 2) lm_sensors: version 3.4.0 (rev 2) logrotate: version 3.14.0 (rev 2) lsof: version 4.91 lsscsi: version 0.29 lvm2: version 2.02.177 lz4: version 1.8.2 mc: version 4.8.21 mesa: version 18.1.2 mkfontdir: version 1.0.7 (rev 2) mkfontscale: version 1.1.3 (rev 2) mozilla-firefox: version 61.0.2 (CVE-2018-12359, CVE-2018-12360, CVE-2018-12361, CVE-2018-12358, CVE-2018-12362, CVE-2018-5156, CVE-2018-12363, CVE-2018-12364, CVE-2018-12365, CVE-2018-12371, CVE-2018-12366, CVE-2018-12367, CVE-2018-12368, CVE-2018-12369, CVE-2018-12370, CVE-2018-5186, CVE-2018-5187, CVE-2018-5188) mpfr: version 4.0.1 (rev 2) mtdev: version 1.1.5 (rev 2) nano: version 2.9.8 ncompress: version 4.2.4.4 (rev 2) ncurses: version 6.1_20180616 net-tools: version 20170208_479bb4a (rev 2) netatalk: version 3.1.11 (rev2) nettle: version 3.4 (rev 2) network-scripts: version 15.0 nghttp2: version 1.32.0 (CVE-2018-1000168) nginx: version 1.14.0 ntfs-3g: version 2017.3.23 (rev 2) ntp: version 4.2.8p12 (CVE-2016-1549, CVE-2018-12327) numactl: version 2.0.11 (rev2) openldap-client: version 2.4.46 openssh: version 7.7p1 openssl-solibs: version 1.1.0i openssl10-solibs: version 1.0.2o openssl: version 1.1.0i (CVE-2018-0732, CVE-2018-0737) p11-kit: version 0.23.12 pango: version 1.42.1 patch: version 2.7.6 (rev 3) (CVE-2018-1000156) pciutils: version 3.5.6 (rev 2) pcre: version 8.42 php: version 7.2.8 pixman: version 0.34.0 (rev 2) pkgtools: version 15.0 (rev 20) pm-utils: version 1.4.1 (rev 6) procps-ng: version 3.3.15 (CVE-2018-1124, CVE-2018-1126, CVE-2018-1125, CVE-2018-1123, CVE-2018-1122) qemu: version 3.0.0 reiserfsprogs: version 3.6.27 (rev2) rpcbind: version 0.2.4 (rev 4) rsync: version 3.1.3 (rev 2) rsyslog: version 8.36.0 samba: version 4.8.4 (CVE-2018-1139, CVE-2018-1140, CVE-2018-10858, CVE-2018-10918, CVE-2018-10919) sed: version 4.5 sessreg: version 1.1.1 (rev 2) setxkbmap: version 1.3.1 (rev 2) shadow: version 4.2.1 (rev 4) shared-mime-info: version 1.9 (rev 2) spice: version 0.14.0 (rev2) sqlite: version 3.24.0 ssmtp: version 2.64 (rev5) startup-notification: version 0.12 (rev 3) sudo: version 1.8.23 sysfsutils: version 2.1.0 (rev 2) sysvinit-scripts: version 2.1 (rev 12) sysvinit: version 2.90 talloc: version 2.1.13 tar: version 1.30 (rev 2) tcp_wrappers: version 7.6 (rev 2) tdb: version 1.3.15 (rev 2) telnet: version 0.17 (rev 4) tevent: version 0.9.36 (rev 2) traceroute: version 2.1.0 (rev 2) transset: version 1.0.2 (rev 2) tree: version 1.7.0 (rev 2) ttyd: version 1.4.0 (rev2) usbredir: version 0.7.1 (rev2) usbutils: version 010 utempter: version 1.1.6 (rev 3) util-linux: version 2.32 vala: version 0.28.1 (rev2) vbetool: version 1.2.2 (rev 2) vsftpd: version 3.0.3 (rev 5) vte3: version 0.44.3 (rev2) wget: version 1.19.5 (CVE-2018-0494) which: version 2.21 (rev 2) xauth: version 1.0.10 (rev 2) xcb-util: version 0.4.0 (rev 3) xclock: version 1.0.7 (rev 3) xdpyinfo: version 1.3.2 (rev 2) xdriinfo: version 1.0.6 (rev 2) xev: version 1.2.2 (rev 2) xf86-input-evdev: version 2.10.6 xf86-input-keyboard: version 1.9.0 (rev 3) xf86-input-mouse: version 1.9.3 xf86-input-synaptics: version 1.9.1 xf86-video-ast: version 1.1.5 (rev 5) xf86-video-mga: version 1.6.5 (rev 3) xf86-video-vesa: version 2.4.0 (rev 3) xfsprogs: version 4.16.1 xhost: version 1.0.7 (rev 2) xinit: version 1.4.0 (rev 2) xkbcomp: version 1.4.2 xkbevd: version 1.1.4 (rev 2) xkbutils: version 1.0.4 (rev 3) xkeyboard-config: version 2.22 (rev 2) xkill: version 1.0.5 (rev 2) xload: version 1.1.3 (rev 2) xlsatoms: version 1.1.2 (rev 2) xlsclients: version 1.1.4 (rev 2) xmessage: version 1.0.5 (rev 2) xmodmap: version 1.0.9 (rev 2) xorg-server: version 1.20.0 (rev 2) xprop: version 1.2.3 (rev 2) xrandr: version 1.5.0 (rev 2) xrdb: version 1.1.1 (rev 2) xrefresh: version 1.0.6 (rev 2) xset: version 1.2.4 (rev 2) xsetroot: version 1.1.2 (rev 2) xsm: version 1.0.4 (rev 2) xterm: version 333 xtrans: version 1.3.5 (rev 2) xwd: version 1.0.7 (rev 2) xwininfo: version 1.1.4 (rev 2) xwud: version 1.0.5 (rev 2) xz: version 5.2.4 zlib: version 1.2.11 (rev 2) Linux kernel: version 4.17.19 intel ixgbe: version 5.3.7 intel ixgbevf: version 4.3.5 highpoint r750: version 1.2.11 highpoint rr3740a: version 1.17.0 added per customer request: CONFIG_BLK_DEV_SKD: STEC S1120 Block Driver CONFIG_BNXT: Broadcom NetXtreme-C/E support CONFIG_CHR_DEV_ST: SCSI tape support changed from built-in to module: CONFIG_BLK_DEV_SR: SCSI CDROM support removed CONFIG_SENSORS_IT87: ITE IT87xx and compatibles it87: version 20180709 groeck Linux Driver for ITE LPC chips (https://github.com/groeck/it87) set CRYPTO_DEV_SP_PSP=N otherwise udev deadlocks on threadripper Management: Docker: add optional per-container wait before starting Enable IPv6 for NTP rc.cpufreq: For CPUs using intel_pstate, always use the performance governor. This also provides power savings on Intel processors while avoiding the ramp-up lag present when using the powersave governor (which is the default if ondemand is requested on these machines). restore docker custom networks upon docker start update smartmontools drivedb and hwdata/{pci.ids,usb.ids,oui.txt,manuf.txt} webgui: docker: Correct docker container icon name generation webgui: docker: added cpu load and memory load display webgui: docker: added shell/bash selection for console webgui: docker: Make cpu-load and mem-load only visible in advanced mode webgui: Show accumulated encryption status webgui: Prevent openbox from clipping webgui: Plugins: Show support thread if present webgui: Remove control codes, and extended ascii characters from plugin urls on install webgui: Update link for privileged help text webgui: fix regex matching for unraid.net domain name validation when using new openssl1.1 webgui: docker: Prevent arbitrary bash execution or redirection on docker create/run commands webgui: Plugins: Preserve support link when updating plugin webgui: diagnostics: Replace consecutive repeated lines in syslog webgui: Remove empty entries when storing individual disk settings webgui: docker: fix connect container console to new window webgui: Use timeout in command execution of diagnostics webgui: Fixed 'Update All Containers' button sometimes hidden in docker list webgui: Added version control in docker API calls webgui: Show docker allocations in column format webgui: fix css help button in themes azure and gray webgui: Added docker autostart wait period webgui: Added CPU selection to docker container edit section webgui: Verify internet access using NCSI method NCSI = network connection status indicator. This method tries to access a specific Microsoft site to test internet access. The same method is used in Windows. webgui: Added docker autostart wait period webgui: New CPU pinning functionality webgui: Change wording on dashboard page "memory total usable" webgui: Include meminfo in diagnostics webgui: Docker containers page: show container starting up message Starting docker service and auto-starting containers has been decoupled. This lets the docker page return as soon as the service is ready. The container overview page shows a new message, and will automatically reload to update the status until all containers are auto-started webgui: VMs: preserve XML custom settings in VM config updates webgui: dockerMan: Avoid filename collisions on FAT32 webgui: Extract disk log from multiple rotated logs webgui: theme-match marketing site

This release includes some bug fixes and update of base packages. Notable changes: correct device status handling for single-slot pools collapse multiple underscores within nvme /dev/disk/by-id symlinks to single underscore WireGuard: fixed proper handling of ipv4 + ipv6 tunnels A few security related base package updates Added BPF support in the Linux kernel Please note: It would be extremely helpful to us to report issues by creating separate Reports here rather than creating a reply in this topic. 6.10.0 Summary of Changes and New Features As always, prior to updating, create a backup of your USB flash device: "Main/Flash/Flash Device Settings" - click "Flash Backup". [rc3] Plugin Authors: We patched the upgradepkg script to prevent it from replacing an installed package with an earlier version of the same package, i.e., no downgrading. If a plugin really needs to replace a package with a downgraded version it can include the '--reinstall' option. Also be sure to check out the Dynamix File Manager plugin available now through Community Apps! UPC and My Servers Plugin The most visible new feature is located in the upper right corner of the webGUI header. We call this the User Profile Component, or UPC. The UPC allows a user to better manage their registration keys and install the optional My Servers plugin. My Servers is what we call our set of cloud-based services and features that integrate with your Unraid server(s). After installing the My Servers plugin, you will be prompted to sign-in your server with an existing Unraid.net account, or create a new Unraid.net account. Once installed here are some of the features of My Servers: Real-time Status - with the plugin installed each server tile on the My Servers Dashboard will display real-time status such as whether the server is online or offline, storage utilization and other information. Local Access link - this is a direct link the the server webGUI on your LAN. Remote Access link - if enabled, a link is displayed on the My Servers Dashboard to bring up a server webGUI remotely and over the Internet. Automatic Flash Backup - every registered server is provided with a private git repo initially populated with the contents of your USB flash boot device (except for certain files which contain private information such as passwords). Thereafter, configuration changes are automatically committed. A link is provided to download a custom zip file that can be fed as input to the USB Flash Creator tool to move your configuration to a new USB flash device. Notification of critical security-related updates. In the event a serious security vulnerability has been discovered and patched, we will send out a notification to all email addresses associated with registered servers. Posting privilege in a new set of My Servers forum boards. Signed-in servers maintain a websocket connection to a cloud-based Lime Technology proxy server for the purpose of relaying real-time status. Refer to the Privacy section for more information. Security Changes It is now mandatory to define a root password. We also created a division in the Users page to distinguish root from other user names. The root UserEdit page includes a text box for pasting SSH authorized keys. For new configurations, the flash share default export setting is No. For all new user shares, the default export setting is No. For new configurations, SMBv1 is disabled by default. For new configurations, telnet, ssh, and ftp are disabled by default. We removed certain strings from Diagnostics such as passwords found in the 'go' file. [rc6] Changing root user password will log out all webGUI browser sessions. Virtualization Both libvirt and qemu have been updated. In addition, qemu has been compiled with OpenGL support, and [rc2] ARM emulation (experimental). [rc2] To support Windows 11 which requires TPM and Secure boot, we have added TPM emulation; and, added a "Windows 11" VM template which automatically selects TPM-aware OVMF bios. Also, here are instructions for upgrading a Windows 10 VM to Windows 11. Special thanks to @ich777 who researched and determined what changes and components were necessary to provide this functionality. The built-in Firefox browser available in GUI-mode boot is built as an AppImage and located in the bzfirmware compressed file system image. This saves approximately 60MB of RAM. The Wireguard plugin has been integrated into webGUI, that is, no need for the plugin. If you had the plugin installed previously, it will be uninstalled and moved to the "Plugins/Plugin File Install Errors" page. No action is needed unless you want to press the Delete button to remove it from that page. Your WireGuard tunnels and settings will be preserved. [rc5] Resident network guru @bonienl has added the capability to bind a Wireguard virtual network interface to a docker container. One use of this feature is to configure a Wireguard-enabled VPN which may then be exclusively used by that container, while you main server makes use of the normal LAN network interface. Please refer to this post for additional details. Simplified installation of the Community Apps plugin. The webGUI automatically includes the Apps menu item, and if CA is not already installed, the page offers an Install button. No need to hunt for the plugin link. [rc3] Moving to Let's Encrypt wildcard SSL certificates. Starting with this release, we no longer issue new single-host SSL certificates (which we're calling legacy certificates). Instead, all new Unraid.net SSL certificates are wildcard certificates (still provided by Let's Encrypt). The URL used to access your server making use of a wildcard certificate has this form: https://[lan-ip].[hash].myunraid.net where, [lan-ip] is your severs LAN IP address with dots changed to dashes [hash] is a 40-character hex string (160 bits) unique to this server (and different from similar [hash] in legacy certificates) example: https://192-168-100-1.af01305221921f93aabae93f13800dcea41dc681e.myunraid.net We added a new DDNS server which listens at "myunraid.net". This server extracts [lan-ip] from the domain name and returns the IP address where the dashes are changed back into dots. There are several benefits to this approach for both our users and for us: Eliminates DNS propagation delays when you first provision a certificate or when a server LAN IP address (or WAN IP address) changes. Since the domain name includes the IP address, any IP address change also changes the domain name, hence will not be contained in any intermediate DNS cache. We also changed the TTL from 1 hour to 7 days further reducing overhead and alleviating issues where someone's internet goes down for brief periods. There is no longer a requirement for the server to actively update a DDNS server. Improves privacy because your remote access WAN IP address can't be determined by simply prepending "www" to your local access URL. Moves DNS functionality off the 'unraid.net' domain and isolates it on 'myunraid.net' domain. In previous releases code that provisions (allocates and downloads) an Unraid.net SSL certificate would first test if DNS Rebinding Protection was enforced on the user's LAN; and, if so, would not provision the certificate. Since there are other uses for a LE certificate we changed the code so that provision would always proceed. Next, we changed the logic behind the Auto selection of "Use SSL/TLS" setting on the Management Access page. Now it is only possible to select Auto if both a LE certificate has been provisioned and DNS Rebinding Protection is not enforced. This is a subtle change but permits certain My Servers features such as Remote Access. Upon upgrading, you will need to modify any server bookmarks with the new the URL. Alternately, if you have installed the My Servers plugin, a local access link is included for each server on your Dashboard. If you have not installed My Servers plugin, since there is no DDNS update daemon, we recommend setting up either a static DHCP lease, or assign a static IP address for your server. Finally, we have set up nginx such that the URL's: http://<server-name>.<local-tld>/ or https://<server-name>.<local-tld>/ will redirect to https://[lan-ip].[hash].myunraid.net More information including use cases may be found in Documentation here. Linux Kernel Upgrade to [rc4] Linux 5.15.x kernel which includes so-called Sequoia and Dirty Pipe vulnerability mitigations. In-tree GPU drivers are now loaded by default if corresponding hardware is detected: amdgpu ast i915 radeon These drivers are required mostly for motherboard on-board graphics used in GUI boot mode. Loading of a driver can be prohibited by creating the appropriate file named after the driver: echo "blacklist i915" > /boot/config/modprobe.d/i915.conf Alternately, the device can be isolated from Linux entirely via the System Devices page. Note that in Unraid OS 6.9 releases the in-tree GPU drivers are blacklisted by default and to enabling loading a driver you need to create an empty "conf" file. After upgrading to Unraid OS 6.10 you may delete those files, or leave them as-is. This change was made to greatly improve the Desktop GUI experience for new users. Added support for Intel GVT-g, which lets you split your Intel i915 iGPU into multiple virtual GPUs and pass them through to multiple VMs, using @ich777's Intel-GVT-g plugin. Added support for gnif/vendor-reset. This simplifies @ich777's AMD Vendor Reset plugin which permits users to get their AMD video cards to reset properly. [rc2] Added so-called "add-relaxable-rmrr-5_8_and_up.patch" modified for our kernel https://github.com/kiler129/relax-intel-rmrr/blob/master/patches/add-relaxable-rmrr-5_8_and_up.patch Thanks to @ich777 for pointing this out. [rc2] Enabled additional ACPI kernel options [rc2] Enabled TPM kernel modules (not utilized yet) - note this is for Unraid host utilizing physical TPM, not emulated TPM support for virtual machnes. [rc4] Updated out-of-tree drivers [rc5] Support Realtek RTL8152/RTL8153 Based USB Ethernet Adapters Base Packages Virtually the entire base package set has been updated. [rc2] For SMB: Samba version 4.15 SMB3 multi-channel is no longer marked "experimental", however is disabled by default. This may be enabled on the Settings/SMB Settings page. Some users have reported issues with SMB3 multi-channel in conjunction with certain network bond configurations. [rc2] Per request we added the mcelog package. With inclusion of this package, if you have an AMD processor you may see this error message in the system log: mcelog: ERROR: AMD Processor family 23: mcelog does not support this processor. Please use the edac_mce_amd module instead. We're not sure what to make of this. It appears mcelog is being deprecated in favor of rasdaemon. This is something we need to research further. Other improvements available in 6.10, which are maybe not so obvious to spot from the release notes and some of these improvements are internal and not really visible: Event driven model to obtain server information and update the webGUI in real-time The advantage of this model is its scalability. Multiple browsers can be opened simultaneously to the webGUI without much impact In addition stale browser sessions won't create any CSRF errors anymore People who keep their browser open 24/7 will find the webGUI stays responsive at all times [rc3] Consistent state information is maintained across all browser instances open to a particular server Docker labels Docker labels are added to allow people using Docker compose to make use of icons and GUI access Look at a Docker 'run' command output to see exactly what labels are used Docker custom networks A new setting for custom networks is available. Originally custom networks are created using the macvlan mode, and this mode is kept when upgrading to version 6.10 The new ipvlan mode is introduced to battle the crashes some people experience when using macvlan mode. If that is your case, change to ipvlan mode and test. Changing of mode does not require to reconfigure anything on Docker level, internally everything is being taken care off. Docker bridge network (docker0) docker0 now supports IPv6. This is implemented by assigning docker0 a private IPv6 subnet (fd17::/64), similar to what is done for IPv4 and use network translation to communicate with the outside world Containers connected to the bridge network now have both IPv4 and IPv6 connectivity (of course the system must have IPv6 configured in the network configuration) In addition several enhancements are made in the IPv6 implementation to better deal with the use (or no-use) of IPv6 Plugins page The plugins page now loads information in two steps. First the list of plugins is created and next the more time consuming plugin status field is retrieved in the background. The result is a faster loading plugins page, especially when you have a lot of plugins installed Dashboard graphs The dashboard has now two graphs available. The CPU graph is displayed by default, while the NETWORK graph is a new option under Interface (see the 'General Info' selection) The CPU graph may be hidden as well in case it is not desired Both graphs have a configurable time-line, which is by default 30 seconds and can be changed independently for each graph to see a longer or shorter history. Graphs are updated in real-time and are useful to observe the behavior of the server under different circumstances Scheduler Improvements [rc3] You can now split a parity check into smaller pieces and let it run over multiple days or weeks. For example a check can be performed in a time frame of 01:00am to 06:00am for several days in a row until it is completed. This way a long parity check won’t interfere with the normal day activities, like watching a movie. [rc3] Added ability to schedule pool 'balance' and 'scrub' operations and calculate whether a full balance is recommended. Other Changes We switched to a better-maintained version of the WSD server component called wsdd2 in an effort to eliminate instances where the wsd daemon would start consuming 100% of a CPU core. Fixed issue where you couldn't create a docker image on a share name that contains a space. Fixed issue where 'mover' would not move to a pool name that contains a space. Fixed issue in User Share file system where permissions were not being honored. We increased the font size in Terminal and [rc2] fixed issue with macOS Monterey. Terminal font size is configurable via Settings/Display Settings page. [rc2] Fixed jumbo frames not working. [rc2] sysctl: handle net.netfilter.nf_conntrack_count max exceeded (increase setting to 131072) - hattip to Community Member @DieFalse [rc2] Mover will create '.partial' file and then rename upon completion. [rc2] Enabled NFSv4 support. [rc2] Check bz file sha256sums at boot time. [rc3] Fixed bug found by @thohell where md_sync_limit was not being honored to limit stripe_head cache usage when other I/O is active. The effect of this fix is to drastically slow down parity operations if other I/O is happening (such as streaming a video). Throttling of parity sync operations can be adjusted by changing the 'Settings/Disk Settings/Tunable (md_sync_limit)' value. [rc3] Fixed btrfs pool device replace corner cases. Important note: if you 'unassign' a device from a btrfs multiple-device pool, and that device is still physically present, upon array Start we will erase the LUKS header on the device if present, and delete the partition structure, thereby effectively erasing all the data contained on the device. This is necessary in order to convince btrfs to no longer use the device and to free it for assignment to another pool. [rc3] For cookies managed by webGUI, changed sameSite cookie attribute from 'strict' to 'lax'. This change was made to solve an issue with Terminal window not opening in Safari. [rc5] Fixed a bug where replacing a device in a multiple-device btrfs pool would still tag the old device as missing. [rc5] Fixed an issue where hot plugging a device in a server with spun-down SAS drive(s) could cause the SAS drive(s) to appear unassigned. [rc5] Fixed an issue where the server would disappear from Windows Network after docker and/or VM startup. [rc5] Fixed md/unraid driver regression which would confuse XFS, making it think an online shrink had occurred. [rc5] Fixed: Prevent Unraid from hanging when the array is stopped, while VMs are in paused or suspended state. [rc6] Added ServerChan and Pushplus notification agents, thanks to @ludoux Numerous other small bug fixes and improvements. Credits Special thanks to all our beta testers and especially: @bonienl for his continued refinement and updating of the Dynamix webGUI. @Squid for continued refinement of Community Apps and associated feed. @dlandon for continued refinement of Unassigned Devices plugin and patience as we change things under the hood. @ich777 for assistance and passing on knowledge of Linux kernel config changes to support third party drivers and other kernel-related functionality via plugins. @SimonF for refinements to System Devices page and other webGUI improvements. @thohell for an extra set of eyes looking at md/unraid driver and for work-in-progress of adding changes to support multiple Unraid arrays. @JorgeB for rigorous testing of storage subsystem Version 6.10.0-rc8 2022-05-10 (vs. 6.10.0-rc7) Base distro: libxml2: version 2.9.14 (CVE-2022-29824) openssl: version 1.1.1o (CVE-2022-1292) openssl-solibs: version 1.1.1o Linux kernel: Linux 5.15.38-Unraid enable BPF kernel options (user request): CONFIG_BPF_SYSCALL: Enable bpf() system call CONFIG_BPF_JIT: Enable BPF Just In Time compiler CONFIG_BPF_JIT_ALWAYS_ON: Permanently enable BPF JIT and remove BPF interpreter CONFIG_NET_CLS_BPF: BPF-based classifier CONFIG_NET_CLS_ACT: Actions CONFIG_NET_ACT_BPF: BPF based action CONFIG_IKHEADERS: Enable kernel headers through /sys/kernel/kheaders.tar.xz CONFIG_NET_SCH_SFQ: Stochastic Fairness Queueing (SFQ) CONFIG_NET_ACT_POLICE: Traffic Policing CONFIG_NET_ACT_GACT: Generic actions CONFIG_GACT_PROB: Probability support CONFIG_NET_SCH_INGRESS: Ingress/classifier-action Qdisc CONFIG_CGROUP_BPF: Support for eBPF programs attached to cgroups Management: emhttpd: correct device status handling for single-slot pools emhttpd: collapse multiple underscores within nvme /dev/disk/by-id symlinks to single underscore webgui: WireGuard: fixed proper handling of ipv4 + ipv6 tunnels webgui: Font files update clear-sans --> source sans pro bitstream --> source code pro webgui: Remove deprecated font extensions: eot, svg, ttf webgui: Cleanup styles folder webgui: Update css files to use woff and woff2 formats only webgui: Fixed balance/scrub schedule not saved when device name has "-" in it webgui: Fix side bar of themes azure/gray in firefox webgui: chore(upc): ENOKEYFILE2 message translation

This release corrects an issue in -rc6 where both the Intel out-of-tree ixgbe module (10Gbit Network driver) and the in-tree ixgbe module were included in the build. At system start time, the Intel driver was preferred. It was our intent to remove this driver and revert to the in-tree version, but a flaw in our build process permitted inclusion of both. This has been corrected in this release, and there are no other changes. If you have upgraded to -rc6 and you do not use Intel 10Gbit network driver there is no need to upgrade to this release. This release includes some bug fixes and update of base packages. Notable changes: Revert out-of-tree Intel ixgbe network driver back to in-tree version. Changing root user password will log out all webGUI browser sessions. Changed the row highlighting on Main and Shares page. WireGuard improvments Improved IPv6 support Please note: It would be extremely helpful to us to report issues by creating separate Reports here rather than creating a reply in this topic. 6.10.0 Summary of Changes and New Features As always, prior to updating, create a backup of your USB flash device: "Main/Flash/Flash Device Settings" - click "Flash Backup". [rc3] Plugin Authors: We patched the upgradepkg script to prevent it from replacing an installed package with an earlier version of the same package, i.e., no downgrading. If a plugin really needs to replace a package with a downgraded version it can include the '--reinstall' option. Also be sure to check out the Dynamix File Manager plugin available now through Community Apps! UPC and My Servers Plugin The most visible new feature is located in the upper right corner of the webGUI header. We call this the User Profile Component, or UPC. The UPC allows a user to better manage their registration keys and install the optional My Servers plugin. My Servers is what we call our set of cloud-based services and features that integrate with your Unraid server(s). After installing the My Servers plugin, you will be prompted to sign-in your server with an existing Unraid.net account, or create a new Unraid.net account. Once installed here are some of the features of My Servers: Real-time Status - with the plugin installed each server tile on the My Servers Dashboard will display real-time status such as whether the server is online or offline, storage utilization and other information. Local Access link - this is a direct link the the server webGUI on your LAN. Remote Access link - if enabled, a link is displayed on the My Servers Dashboard to bring up a server webGUI remotely and over the Internet. Automatic Flash Backup - every registered server is provided with a private git repo initially populated with the contents of your USB flash boot device (except for certain files which contain private information such as passwords). Thereafter, configuration changes are automatically committed. A link is provided to download a custom zip file that can be fed as input to the USB Flash Creator tool to move your configuration to a new USB flash device. Notification of critical security-related updates. In the event a serious security vulnerability has been discovered and patched, we will send out a notification to all email addresses associated with registered servers. Posting privilege in a new set of My Servers forum boards. Signed-in servers maintain a websocket connection to a cloud-based Lime Technology proxy server for the purpose of relaying real-time status. Refer to the Privacy section for more information. Security Changes It is now mandatory to define a root password. We also created a division in the Users page to distinguish root from other user names. The root UserEdit page includes a text box for pasting SSH authorized keys. For new configurations, the flash share default export setting is No. For all new user shares, the default export setting is No. For new configurations, SMBv1 is disabled by default. For new configurations, telnet, ssh, and ftp are disabled by default. We removed certain strings from Diagnostics such as passwords found in the 'go' file. [rc6] Changing root user password will log out all webGUI browser sessions. Virtualization Both libvirt and qemu have been updated. In addition, qemu has been compiled with OpenGL support, and [rc2] ARM emulation (experimental). [rc2] To support Windows 11 which requires TPM and Secure boot, we have added TPM emulation; and, added a "Windows 11" VM template which automatically selects TPM-aware OVMF bios. Also, here are instructions for upgrading a Windows 10 VM to Windows 11. Special thanks to @ich777 who researched and determined what changes and components were necessary to provide this functionality. The built-in Firefox browser available in GUI-mode boot is built as an AppImage and located in the bzfirmware compressed file system image. This saves approximately 60MB of RAM. The Wireguard plugin has been integrated into webGUI, that is, no need for the plugin. If you had the plugin installed previously, it will be uninstalled and moved to the "Plugins/Plugin File Install Errors" page. No action is needed unless you want to press the Delete button to remove it from that page. Your WireGuard tunnels and settings will be preserved. [rc5] Resident network guru @bonienl has added the capability to bind a Wireguard virtual network interface to a docker container. One use of this feature is to configure a Wireguard-enabled VPN which may then be exclusively used by that container, while you main server makes use of the normal LAN network interface. Please refer to this post for additional details. Simplified installation of the Community Apps plugin. The webGUI automatically includes the Apps menu item, and if CA is not already installed, the page offers an Install button. No need to hunt for the plugin link. [rc3] Moving to Let's Encrypt wildcard SSL certificates. Starting with this release, we no longer issue new single-host SSL certificates (which we're calling legacy certificates). Instead, all new Unraid.net SSL certificates are wildcard certificates (still provided by Let's Encrypt). The URL used to access your server making use of a wildcard certificate has this form: https://[lan-ip].[hash].myunraid.net where, [lan-ip] is your severs LAN IP address with dots changed to dashes [hash] is a 40-character hex string (160 bits) unique to this server (and different from similar [hash] in legacy certificates) example: https://192-168-100-1.af01305221921f93aabae93f13800dcea41dc681e.myunraid.net We added a new DDNS server which listens at "myunraid.net". This server extracts [lan-ip] from the domain name and returns the IP address where the dashes are changed back into dots. There are several benefits to this approach for both our users and for us: Eliminates DNS propagation delays when you first provision a certificate or when a server LAN IP address (or WAN IP address) changes. Since the domain name includes the IP address, any IP address change also changes the domain name, hence will not be contained in any intermediate DNS cache. We also changed the TTL from 1 hour to 7 days further reducing overhead and alleviating issues where someone's internet goes down for brief periods. There is no longer a requirement for the server to actively update a DDNS server. Improves privacy because your remote access WAN IP address can't be determined by simply prepending "www" to your local access URL. Moves DNS functionality off the 'unraid.net' domain and isolates it on 'myunraid.net' domain. In previous releases code that provisions (allocates and downloads) an Unraid.net SSL certificate would first test if DNS Rebinding Protection was enforced on the user's LAN; and, if so, would not provision the certificate. Since there are other uses for a LE certificate we changed the code so that provision would always proceed. Next, we changed the logic behind the Auto selection of "Use SSL/TLS" setting on the Management Access page. Now it is only possible to select Auto if both a LE certificate has been provisioned and DNS Rebinding Protection is not enforced. This is a subtle change but permits certain My Servers features such as Remote Access. Upon upgrading, you will need to modify any server bookmarks with the new the URL. Alternately, if you have installed the My Servers plugin, a local access link is included for each server on your Dashboard. If you have not installed My Servers plugin, since there is no DDNS update daemon, we recommend setting up either a static DHCP lease, or assign a static IP address for your server. Finally, we have set up nginx such that the URL's: http://<server-name>.<local-tld>/ or https://<server-name>.<local-tld>/ will redirect to https://[lan-ip].[hash].myunraid.net More information including use cases may be found in Documentation here. Linux Kernel Upgrade to [rc4] Linux 5.15.x kernel which includes so-called Sequoia and Dirty Pipe vulnerability mitigations. In-tree GPU drivers are now loaded by default if corresponding hardware is detected: amdgpu ast i915 radeon These drivers are required mostly for motherboard on-board graphics used in GUI boot mode. Loading of a driver can be prohibited by creating the appropriate file named after the driver: echo "blacklist i915" > /boot/config/modprobe.d/i915.conf Alternately, the device can be isolated from Linux entirely via the System Devices page. Note that in Unraid OS 6.9 releases the in-tree GPU drivers are blacklisted by default and to enabling loading a driver you need to create an empty "conf" file. After upgrading to Unraid OS 6.10 you may delete those files, or leave them as-is. This change was made to greatly improve the Desktop GUI experience for new users. Added support for Intel GVT-g, which lets you split your Intel i915 iGPU into multiple virtual GPUs and pass them through to multiple VMs, using @ich777's Intel-GVT-g plugin. Added support for gnif/vendor-reset. This simplifies @ich777's AMD Vendor Reset plugin which permits users to get their AMD video cards to reset properly. [rc2] Added so-called "add-relaxable-rmrr-5_8_and_up.patch" modified for our kernel https://github.com/kiler129/relax-intel-rmrr/blob/master/patches/add-relaxable-rmrr-5_8_and_up.patch Thanks to @ich777 for pointing this out. [rc2] Enabled additional ACPI kernel options [rc2] Enabled TPM kernel modules (not utilized yet) - note this is for Unraid host utilizing physical TPM, not emulated TPM support for virtual machnes. [rc4] Updated out-of-tree drivers [rc5] Support Realtek RTL8152/RTL8153 Based USB Ethernet Adapters Base Packages Virtually the entire base package set has been updated. [rc2] For SMB: Samba version 4.15 SMB3 multi-channel is no longer marked "experimental", however is disabled by default. This may be enabled on the Settings/SMB Settings page. Some users have reported issues with SMB3 multi-channel in conjunction with certain network bond configurations. [rc2] Per request we added the mcelog package. With inclusion of this package, if you have an AMD processor you may see this error message in the system log: mcelog: ERROR: AMD Processor family 23: mcelog does not support this processor. Please use the edac_mce_amd module instead. We're not sure what to make of this. It appears mcelog is being deprecated in favor of rasdaemon. This is something we need to research further. Other improvements available in 6.10, which are maybe not so obvious to spot from the release notes and some of these improvements are internal and not really visible: Event driven model to obtain server information and update the webGUI in real-time The advantage of this model is its scalability. Multiple browsers can be opened simultaneously to the webGUI without much impact In addition stale browser sessions won't create any CSRF errors anymore People who keep their browser open 24/7 will find the webGUI stays responsive at all times [rc3] Consistent state information is maintained across all browser instances open to a particular server Docker labels Docker labels are added to allow people using Docker compose to make use of icons and GUI access Look at a Docker 'run' command output to see exactly what labels are used Docker custom networks A new setting for custom networks is available. Originally custom networks are created using the macvlan mode, and this mode is kept when upgrading to version 6.10 The new ipvlan mode is introduced to battle the crashes some people experience when using macvlan mode. If that is your case, change to ipvlan mode and test. Changing of mode does not require to reconfigure anything on Docker level, internally everything is being taken care off. Docker bridge network (docker0) docker0 now supports IPv6. This is implemented by assigning docker0 a private IPv6 subnet (fd17::/64), similar to what is done for IPv4 and use network translation to communicate with the outside world Containers connected to the bridge network now have both IPv4 and IPv6 connectivity (of course the system must have IPv6 configured in the network configuration) In addition several enhancements are made in the IPv6 implementation to better deal with the use (or no-use) of IPv6 Plugins page The plugins page now loads information in two steps. First the list of plugins is created and next the more time consuming plugin status field is retrieved in the background. The result is a faster loading plugins page, especially when you have a lot of plugins installed Dashboard graphs The dashboard has now two graphs available. The CPU graph is displayed by default, while the NETWORK graph is a new option under Interface (see the 'General Info' selection) The CPU graph may be hidden as well in case it is not desired Both graphs have a configurable time-line, which is by default 30 seconds and can be changed independently for each graph to see a longer or shorter history. Graphs are updated in real-time and are useful to observe the behavior of the server under different circumstances Scheduler Improvements [rc3] You can now split a parity check into smaller pieces and let it run over multiple days or weeks. For example a check can be performed in a time frame of 01:00am to 06:00am for several days in a row until it is completed. This way a long parity check won’t interfere with the normal day activities, like watching a movie. [rc3] Added ability to schedule pool 'balance' and 'scrub' operations and calculate whether a full balance is recommended. Other Changes We switched to a better-maintained version of the WSD server component called wsdd2 in an effort to eliminate instances where the wsd daemon would start consuming 100% of a CPU core. Fixed issue where you couldn't create a docker image on a share name that contains a space. Fixed issue where 'mover' would not move to a pool name that contains a space. Fixed issue in User Share file system where permissions were not being honored. We increased the font size in Terminal and [rc2] fixed issue with macOS Monterey. Terminal font size is configurable via Settings/Display Settings page. [rc2] Fixed jumbo frames not working. [rc2] sysctl: handle net.netfilter.nf_conntrack_count max exceeded (increase setting to 131072) - hattip to Community Member @DieFalse [rc2] Mover will create '.partial' file and then rename upon completion. [rc2] Enabled NFSv4 support. [rc2] Check bz file sha256sums at boot time. [rc3] Fixed bug found by @thohell where md_sync_limit was not being honored to limit stripe_head cache usage when other I/O is active. The effect of this fix is to drastically slow down parity operations if other I/O is happening (such as streaming a video). Throttling of parity sync operations can be adjusted by changing the 'Settings/Disk Settings/Tunable (md_sync_limit)' value. [rc3] Fixed btrfs pool device replace corner cases. Important note: if you 'unassign' a device from a btrfs multiple-device pool, and that device is still physically present, upon array Start we will erase the LUKS header on the device if present, and delete the partition structure, thereby effectively erasing all the data contained on the device. This is necessary in order to convince btrfs to no longer use the device and to free it for assignment to another pool. [rc3] For cookies managed by webGUI, changed sameSite cookie attribute from 'strict' to 'lax'. This change was made to solve an issue with Terminal window not opening in Safari. [rc5] Fixed a bug where replacing a device in a multiple-device btrfs pool would still tag the old device as missing. [rc5] Fixed an issue where hot plugging a device in a server with spun-down SAS drive(s) could cause the SAS drive(s) to appear unassigned. [rc5] Fixed an issue where the server would disappear from Windows Network after docker and/or VM startup. [rc5] Fixed md/unraid driver regression which would confuse XFS, making it think an online shrink had occurred. [rc5] Fixed: Prevent Unraid from hanging when the array is stopped, while VMs are in paused or suspended state. [rc6] Added ServerChan and Pushplus notification agents, thanks to @ludoux Numerous other small bug fixes and improvements. Credits Special thanks to all our beta testers and especially: @bonienl for his continued refinement and updating of the Dynamix webGUI. @Squid for continued refinement of Community Apps and associated feed. @dlandon for continued refinement of Unassigned Devices plugin and patience as we change things under the hood. @ich777 for assistance and passing on knowledge of Linux kernel config changes to support third party drivers and other kernel-related functionality via plugins. @SimonF for refinements to System Devices page and other webGUI improvements. @thohell for an extra set of eyes looking at md/unraid driver and for work-in-progress of adding changes to support multiple Unraid arrays. Version 6.10.0-rc7 2022-05-05 (vs. 6.10.0-rc5) Base distro: curl: version 7.83.0 (CVE-2022-22576 CVE-2022-27774 CVE-2022-27775 CVE-2022-27776) docker: version 20.10.14 (CVE-2022-24769) intel-microcode: version 20220419 kernel-firmware: version 20220425_ac21ab5 libvirt: 8.2.0 nginx: verstion 1.21.6 php: version 7.4.29 samba: version 4.15.7 (CVE-2021-44141 CVE-2021-441412 CVE-2022-0336) swtpm:version 0.7.3 (CVE-2022-23645) Linux kernel: Linux 5.15.37-Unraid GIGABYTE_WMI: Gigabyte WMI temperature driver patch: "drm/i915/gen11: Moving WAs to icl_gt_workarounds_init()" oot: ixgbe: revert back to in-tree driver [-rc7] Management: better IPv6 suport emhttpd: delete all PHP sessions when root password is changed (logs everyone out) rc.libvirt: test the existence of a VM before adding it to the NAMES list webgui: Adjusted row highlighting on main and shares page to better suit people with color impairment webgui: Shares: fix wrong size computation webgui: Wireguard: fix import function to accept all keys webgui: Parity check: allow spinup/spindown when operation is paused webgui: fix: remove reauthentication msg from email notifications webgui: Docker: Ignore icon references to default question mark webgui: Docker: translation optimization webgui: Translations: fix creation of empty sessions webgui: Add notification agent for ServerChan webgui: Add notification agent for Pushplus webgui: fix(upc): postmessage interference v1.0.1

-rc7 tldr: Updated kernel and Intel microcode which was released just after -rc6. Revert libvirt from 5.9.0 to 5.8.0 because 5.9.0 has bug where 'libvirt_list_domains()' returns an empty string when all domains are started instead of a list of domains. Fixed md/unraid crash resulting when bringing cleared array device online (bug introduced in multi-stream support). Don't let backslash be included in share names and vdisk paths. Misc. webGUI fixes. Other package updates. Specific changes in [-rcN] are indicated in bold below. New in Unraid OS 6.8 release: The unRAIDServer.plg file (update OS) still downloads the new release zip file to RAM but then extracts directly to USB flash boot device. You will probably notice a slight difference in speed of extract messages. [-rc2] The 'sync' command at the end has been replaced with 'sync -f /boot'. Forms based authentication If you have set a root password for your server, upon boot you'll now see a nice login form. There still is only one user for Unraid so for username enter root. This form should be compatible with all major password managers out there. We always recommend using a strong password. [-rc2] There is no auto-logout implemented yet, please click Logout on menu bar or completely close your browser to logout. Linux kernel 5.3 [-rc6/-rc7] include latest Intel microcode for yet another hardware vulnerability mitigation. default scheduler now 'mq-deadline' [-rc2] but this can be changed via Settings/Disk Settings/Scheduler setting. enabled Huge Page support, though no UI control yet binfmt_misc support added "Vega 10 Reset bug" [-rc2] and 'navi-reset' patches removed [-rc5] [-rc2] added oot: Realtek r8125: version 9.002.02 [-rc3] additional md/unraid changes and instrumentation [-rc6] fix chelsio missing firmware more device drivers Some out-of-tree (oot) drivers are currently omitted either because the source code doesn't compile or driver doesn't work with the 5.3 kernel: Intel ixgbe [does not build] (using in-tree driver) Highpoint r750 [does not work] Highpoint rr3740a [does not build] This is always the risk with including vendor-supplied drivers. Until the vendor fixes their code we must omit their driver. md/unraid driver Introduced "multi-stream" support: Reads on devices which are not being written should run at full speed. In addition, if you have set the md_write_method tunable to "reconstruct write", then while writing, if any read streams are detected, the write method is switched to "read/modifywrite". Parity sync/check should run at full speed by default. Parity sync/check is throttled back in presence of other active streams. The "stripe pool" resource is automatically shared evenly between all active streams. As a result got rid of some Tunables: md_sync_window md_sync_thresh and added some tunables: md_queue_limit md_sync_limit [-rc2] md_scheduler Please refer to Settings/Disk Settings help text for description of these settings. WireGuard support - available as a plugin via Community Apps. Our WireGuard implementation and UI is still a work-in-process; for this reason we have made this available as a plugin, though the latest WireGuard module is included in our Linux kernel. Full WireGuard implementation will be merged into Unraid OS itself in a future release. I want to give special thanks to @bonienl who wrote the plugin with lots of guidance from @ljm42 - thank you! I also should give a shout out to @NAS who got us rolling on this. If you don't know about WireGuard it's something to look into! Guide here: WS-Discovery support - Finally you can get rid of SMBv1 and get reliable Windows network discovery. This feature is configured on the Settings/SMB Settings page and enabled by default. Also on same settings page is Enable NetBIOS setting. This is enabled by default, however if you no longer have need for NetBIOS discovery you can turn it off. When turned off, Samba is configured to accept only SMBv2 protocol and higher. Added mDNS client support in Unraid OS. This means, for example, from an Unraid OS terminal session to ping another Unraid OS server on your network you can use (e.g., 'tower'): ping tower.local instead of ping tower Note the latter will still work if you have NetBIOS enabled. User Share File System (shfs) changes: Integrated FUSE-3 - This should increase performance of User Share File System. Fixed bug with hard link support. Previously a 'stat' on two directory entries referring to same file would return different i-node numbers, thus making it look like two independent files. This has been fixed however there is a config setting on Settings/Global Share Settings called "Tunable (support hard links)". [-rc2 ] Fixed the default value Yes, but with certain very old media and DVD players which access shares via NFS, you may need to set this to No. [-rc5] Fixed not accounting for devices not mounted yet. Note: if you have custom config/extra.cfg file, get rid of it. Other improvements/bug fixes: Format - during Format any running parity sync/check is automatically Paused and then resumed upon Format completion. Encryption - an entered passphrase is not saved to any file. Fixed bug where multi-device btrfs pool was leaving metadata set to dup instead of raid1. Several other small bug fixes and improvements. [-rc5] Fixed bug where quotes were not handled properly in passwords. Numerous base package updates [-rc2] including updating PHP to version 7.3.x, Samba to version 4.11.x. Known Issues and Other Errata Some users have reported slower parity sync/check rates for very wide arrays (20+ devices) vs. 6.7 and earlier releases - we are still studying this problem. [-rc6] this is fixed: If you are using Unassigned Devices plugin with encrypted volumes, you must use the file method of specifying the encryption passphrase. Note that a file containing your passphrase must consist of a single null-terminated string with no other line ending characters such as LF or CR/LF. In another step toward better security, the USB flash boot device is configured so that programs and scripts residing there cannot be directly executed (this is because the 'x' bit is set now only for directories). Commands placed in the 'go' file still execute because during startup, that file is copied to /tmp first and then executed from there. If you have created custom scripts you may need to take a similar approach. AFP is now deprecated and we plan to remove support in Unraid 6.9 release. The /mnt/user0 mount point is now deprecated and we plan to remove in Unraid 6.9 release. A note on password strings Password strings can contain any character however white space (space and tab characters) is handled specially: all leading and trailing white space is discarded multiple embedded white space is collapsed to a single space character. By contrast, encryption passphrase is used exactly as-is. Version 6.8.0-rc7 2019-11-22 Base distro: aaa_elflibs: version 15.0 dhcpcd: version 8.1.2 glib2: version 2.62.3 intel-microcode: version 20191115 kernel-firmware: version 20191118_e8a0f4c libidn2: version 2.3.0 libvirt: version 5.8.0 [reversion from 5.9.0] nghttp2: version 1.40.0 php: version 7.3.12 xfsprogs: version 5.3.0 xterm: version 351 Linux kernel: version 5.3.12 md/unraid: version 2.9.13 (fix crash bringing cleared device online) Management: webgui: Do not display error if docker log files manually deleted webgui: Warning alert for Format operations webgui: Docker and VM settings: validate path and name input webgui: Add shares: slashes are not allowed in share name

Found the problem. Read the first comment of this bug report. TL;DR Multiple users reported spikes in their power consumption after updating to Unraid 6.10 and this is still present in Unraid 6.11: https://forums.unraid.net/topic/105909-mein-10-zoll-server/?do=findComment&comment=1143526 https://forums.unraid.net/topic/108966-strom-sparen-mit-powertop-stromverbrauch-von-unraid-verbessern/?do=findComment&comment=1177306 https://forums.unraid.net/topic/105909-mein-10-zoll-server/?do=findComment&comment=1176094 In Unraid 6.9 the power consumption was relatively stable. Example: I will try to monitor the processes on my test server, which uses Unraid 6.11.1. Hopefully I can find out which process causes those spikes. I will update this bug report later... EDIT: This is what came in my mind: - close all web GUI windows - connect through SSH and execute this: watch -d "ps -Ao comm,pid,pcpu --sort=-pcpu | head -n 12" - watch parallely power consumption... EDIT2: Every couple of minutes I was able to capture an "rpcd_lsad" process: Compared with the default situation: In addition you can see that "emhttpd", "update_3", "file_manager", "device_list" and "parity_list" are constantly producing load. 1.) The "emhttpd" process should be the main webserver process to deliver the Unraid WebGUI. Any possible improvements needed to be checked by @limetech. 2.) The "update_3" process is an PHP script: # pgrep -af update_3 15795 /usr/bin/php -q /usr/local/emhttp/webGui/nchan/update_3 It seems constantly logging network status from multiple network devices and ports. Is it really needed to do this with PHP parser overhead? And is it necessary to run this all the time? 3.) The "file_manager" process is caused through the new Dynamix File Manager Plugin of @bonienl. I wonder why its active although I do not have the GUI open?! After uninstalling it disappears (logic), after installing it's not present (?!), but after opening a dir and closing the GUI it stays present: # pgrep -af file_manager 24508 /usr/bin/php -q /usr/local/emhttp/plugins/dynamix.file.manager/nchan/file_manager I think it should auto-exit after the GUI has been closed. 4.) The "rpcd_lsad" process is related to SMB: # find / -xdev -name rpcd_lsad /usr/libexec/samba/rpcd_lsad Not sure why it is starting and stopping every couple of minutes as I'm not using Active Directory?! 5.) The "parity_list" and "device_list" PHP scripts are really necessary while the GUI is closed?! root@Tower:~# pgrep -af parity_list 2893 /usr/bin/php -q /usr/local/emhttp/webGui/nchan/parity_list root@Tower:~# pgrep -af device_list 2889 /usr/bin/php -q /usr/local/emhttp/webGui/nchan/device_list 6.) The bash script "disk_load" is constantly writing disk stats to an ini file. Is it really needed although the GUI is closed? root@Tower:~# pgrep -af disk_load 2891 /bin/bash /usr/local/emhttp/webGui/nchan/disk_load EDIT3: I deleted the file (test server ) and checking the syslog proofs that it is executed every minute: root@Tower:~# rm /usr/libexec/samba/rpcd_lsad root@Tower:~# tail -f /var/log/syslog ... Oct 8 15:12:01 Tower winbindd[2222]: [2022/10/08 15:12:01.690211, 0] ../../source3/winbindd/winbindd_samr.c:71(open_internal_samr_conn) Oct 8 15:12:01 Tower winbindd[2222]: open_internal_samr_conn: Could not connect to samr pipe: NT_STATUS_CONNECTION_REFUSED Oct 8 15:13:01 Tower winbindd[2222]: [2022/10/08 15:13:01.766520, 0] ../../source3/winbindd/winbindd_samr.c:71(open_internal_samr_conn) Oct 8 15:13:01 Tower winbindd[2222]: open_internal_samr_conn: Could not connect to samr pipe: NT_STATUS_CONNECTION_REFUSED Oct 8 15:14:01 Tower winbindd[2222]: [2022/10/08 15:14:01.844427, 0] ../../source3/winbindd/winbindd_samr.c:71(open_internal_samr_conn) Oct 8 15:14:01 Tower winbindd[2222]: open_internal_samr_conn: Could not connect to samr pipe: NT_STATUS_CONNECTION_REFUSED Oct 8 15:14:01 Tower winbindd[2222]: [2022/10/08 15:14:01.861246, 0] ../../source3/winbindd/winbindd_samr.c:71(open_internal_samr_conn) Oct 8 15:14:01 Tower winbindd[2222]: open_internal_samr_conn: Could not connect to samr pipe: NT_STATUS_CONNECTION_REFUSED EDIT4: Before disabling SMB: After disabling SMB (only a small improvement visible): EDIT5: After killing the "parity_list" and "device_list" processes its still fluctuating, but the overall consumption is reduced: EDIT6: After killing "update_3" As you can see the power consumption has become lower, but it's still fluctuating. EDIT7: After killing all php processes (update_1, update_2, ...) and the bash script /usr/local/emhttp/nchan/disk_load, it looks much more like Unraid 6.9: In comparison Unraid 6.9 only had the constanly running diskload script: root@thoth:~# pgrep -af emhttp 7362 /usr/local/sbin/emhttpd 7590 /bin/bash /usr/local/emhttp/webGui/scripts/diskload root@thoth:~# pgrep -af php 11519 php-fpm: master process (/etc/php-fpm/php-fpm.conf) I will reboot the server and do some more tests, but I think the constantly running PHP-scripts are the reason for the higher power consumption and the spikes (of course the SMB thing has be checked separately).

The 6.11 release includes some bug fixes and update of base packages. Sorry no major new feature but instead we are paying some "technical debt" and laying the groundwork necessary to add better third-party driver and ZFS support. We anticipate a relatively short -rc series. Special thanks to @bonienl for implementation of background downloading, and @ich777 for working with us for better third-party driver integration, still a work-in-process. Please create new topics here in this board to report Bugs or other Issues. As always, prior to updating, create a backup of your USB flash device: "Main/Flash/Flash Device Settings" - click "Flash Backup". Credits Special thanks to all our beta testers and especially: @bonienl for his continued refinement and updating of the Dynamix webGUI. @Squid for continued refinement of Community Apps and associated feed. @dlandon for continued refinement of Unassigned Devices plugin and patience as we change things under the hood. @ich777 for assistance and passing on knowledge of Linux kernel config changes to support third party drivers and other kernel-related functionality via plugins. @JorgeB for rigorous testing of storage subsystem Version 6.11.0-rc1 2022-07-27 Improvements With this release there have been many base package updates including several CVE mitigations. The Linux kernel update includes mitigation for Processor MMIO stale-data vulnerabilities. The plugin system has been refactored so that 'plugin install' can proceed in the background. This alleviates issue where a user may think installation has crashed and closes the window, when actually it has not crashed. Many other webGUI immprovements. Bug fixes Fixed issue in VM manager where VM log can not open when VM name has an embedded '#' character. Fixed issue where Parity check pause/resume on schedule was broken. Change Log vs. Unraid OS 6.10 Base distro: aaa_base: version 15.1 aaa_glibc-solibs: version 2.35 aaa_libraries: version 15.1 adwaita-icon-theme: version 42.0 appres: version 1.0.6 at-spi2-core: version 2.44.1 atk: version 2.38.0 bind: version 9.18.5 btrfs-progs: version 5.18.1 ca-certificates: version 20220622 cifs-utils: version 6.15 coreutils: version 9.1 curl: version 7.84.0 dbus: version 1.14.0 dmidecode: version 3.4 docker: version 20.10.17 (CVE-2022-29526 CVE-2022-30634 CVE-2022-30629 CVE-2022-30580 CVE-2022-29804 CVE-2022-29162 CVE-2022-31030) editres: version 1.0.8 ethtool: version 5.18 file: version 5.42 findutils: version 4.9.0 freeglut: version 3.2.2 freetype: version 2.12.1 fribidi: version 1.0.12 fuse3: version 3.11.0 gdbm: version 1.23 gdk-pixbuf2: version 2.42.8 git: version 2.37.1 glib2: version 2.72.3 glibc: version 2.35 gnutls: version 3.7.6 gptfdisk: version 1.0.9 harfbuzz: version 4.4.1 hdparm: version 9.64 htop: version 3.2.1 icu4c: version 71.1 inotify-tools: version 3.22.6.0 iproute2: version 5.18.0 iptables: version 1.8.8 json-c: version 0.16_20220414 kernel-firmware: version: 20220705_f5f02da kmod: version 30 libX11: version 1.8.1 libXcursor: version 1.2.1 libaio: version 0.3.113 libcap-ng: version 0.8.3 libdrm: version 2.4.110 libepoxy: version 1.5.10 libevdev: version 1.12.1 libgcrypt: version 1.10.1 libgpg-error: version 1.45 libidn: version 1.41 libjpeg-turbo: version 2.1.3 libmnl: version 1.0.5 libnetfilter_conntrack: version 1.0.9 libnfnetlink: version 1.0.2 libnftnl: 1.2.2 libnl3: version 3.6.0 libtiff: version 4.4.0 libtiff: version 4.4.0 liburcu: version 0.13.1 libusb: version 1.0.26 libxcb: version 1.15 libxkbcommon: version 1.4.1 libzip: version 1.9.2 libX11: version 1.8.1 listres: version 1.0.5 logrotate: version 3.20.1 lsof: version 4.95.0 lzip: version 1.23 mc: version 4.8.28 mcelog: version 184 mkfontscale: version 1.2.2 nano: version 6.3 nettle: version 3.8 nfs-utils: version 2.6.1 nghttp2: version 1.48.0 ntfs-3g: version 2022.5.17 oniguruma: version 6.9.8 openssh: version 9.0p1 openssl: version 1.1.1q (CVE-2022-1292 CVE-2022-2097 CVE-2022-2274) openssl-solibs: version 1.1.1q (CVE-2022-1292) pango: version 1.50.8 pciutils: version 3.8.0 pcre2: version 10.40 php: version 7.4.30 (CVE-2022-31625 CVE-2022-31626) rsync: version 3.2.4 samba: version 4.15.8 setxkbmap: version 1.3.3 shared-mime-info: version 2.2 sqlite: version 3.39.2 sudo: version 1.9.11p3 sysfsutils: version 2.1.1 tdb: version 1.4.7 tevent: version 0.12.1 tree: version 2.0.2 util-linux: version 2.38 wget: version 1.21.3 xauth: version 1.1.2 xclock: version 1.1.1 xdpyinfo: version 1.3.3 xfsprogs: version 5.18.0 xkeyboard-config: version 2.36 xload: version 1.1.4 xmodmap: version 1.0.11 xsm: version 1.0.5 xterm: version 372 xwud: version 1.0.6 Linux kernel: version 5.18.14 (CVE-2022-21123 (CVE-2022-21123 CVE-2022-21125 CVE-2022-21166) oot: md/unraid: version 2.9.23 CONFIG_IOMMU_DEFAULT_PASSTHROUGH: Passthrough CONFIG_VIRTIO_IOMMU: Virtio IOMMU driver CONFIG_X86_AMD_PSTATE: AMD Processor P-State driver CONFIG_FIREWIRE: FireWire driver stack CONFIG_FIREWIRE_OHCI: OHCI-1394 controllers CONFIG_FIREWIRE_SBP2: Storage devices (SBP-2 protocol) CONFIG_FIREWIRE_NET: IP networking over 1394 CONFIG_INPUT_UINPUT: User level driver support CONFIG_INPUT_JOYDEV: Joystick interface CONFIG_INPUT_JOYSTICK: Joysticks/Gamepads CONFIG_JOYSTICK_XPAD: X-Box gamepad support CONFIG_JOYSTICK_XPAD_FF: X-Box gamepad rumble support CONFIG_JOYSTICK_XPAD_LEDS: LED Support for Xbox360 controller 'BigX' LED Management: rc.nginx: enable OCSP stapling on certs which include an OCSP responder URL rc.wireguard: add better troubleshooting for WireGuard autostart rc.S: support early load of plugin driver modules upc: version v1.3.0 webgui: Plugin system update Detach frontend and backend operation Use nchan as communication channel Allow window to be closed while backend continues Use SWAL as window manager Added multi remove ability on Plugins page Added update all plugins with details webgui: docker: use docker label as primary source for WebUI This makes the 'net.unraid.docker.webui' docker label the primary source when parsing the web UI address. If the docker label is missing, the template value will be used instead. webgui: Update Credits.page webgui: VM manager: Fix VM log can not open when VM name has an embedded '#' webgui: Management Access page: add details for self-signed certs webgui: Parity check: fix regression error webgui: Remove session creation in scripts webgui: Update ssh key regex Add support for ed25519/sk-ed25519 Remove support for ecdsa (insecure) Use proper regex to check for valid key types webgui: misc. style updates webgui: Management access: HTTP port setting should always be enabled

tldr: Updated kernel. Fixed sqlite db corruption issue. Removed "vega 10 reset" patch. Removed "navi reset" patch. Reverted qemu. Fixed shfs bug. Fixed handling of quotes in passwords. Misc. webGUI fixes. Other package updates. Announce /mnt/user0 is deprecated and will be removed in 6.9 release. Note: if your VM's won't start you need to click on Edit in the VM context page and then just click Update. This is because of reverting qemu. Specific changes in [-rcN] are indicated in bold below. New in Unraid OS 6.8 release: The unRAIDServer.plg file (update OS) still downloads the new release zip file to RAM but then extracts directly to USB flash boot device. You will probably notice a slight difference in speed of extract messages. [-rc2] The 'sync' command at the end has been replaced with 'sync -f /boot'. Forms based authentication If you have set a root password for your server, upon boot you'll now see a nice login form. There still is only one user for Unraid so for username enter root. This form should be compatible with all major password managers out there. We always recommend using a strong password. [-rc2] There is no auto-logout implemented yet, please click Logout on menu bar or completely close your browser to logout. Linux kernel 5.3 default scheduler now 'mq-deadline' [-rc2] but this can be changed via Settings/Disk Settings/Scheduler setting. enabled Huge Page support, though no UI control yet binfmt_misc support added "Vega 10 Reset bug" [-rc2] and 'navi-reset' patches removed [-rc5] [-rc2] added oot: Realtek r8125: version 9.002.02 [-rc3] additional md/unraid changes and instrumentation more device drivers Some out-of-tree (oot) drivers are currently omitted either because the source code doesn't compile or driver doesn't work with the 5.3 kernel: Intel ixgbe [does not build] (using in-tree driver) Highpoint r750 [does not work] Highpoint rr3740a [does not build] This is always the risk with including vendor-supplied drivers. Until the vendor fixes their code we must omit their driver. md/unraid driver Introduced "multi-stream" support: Reads on devices which are not being written should run at full speed. In addition, if you have set the md_write_method tunable to "reconstruct write", then while writing, if any read streams are detected, the write method is switched to "read/modifywrite". Parity sync/check should run at full speed by default. Parity sync/check is throttled back in presence of other active streams. The "stripe pool" resource is automatically shared evenly between all active streams. As a result got rid of some Tunables: md_sync_window md_sync_thresh and added some tunables: md_queue_limit md_sync_limit [-rc2] md_scheduler Please refer to Settings/Disk Settings help text for description of these settings. WireGuard support - available as a plugin via Community Apps. Our WireGuard implementation and UI is still a work-in-process; for this reason we have made this available as a plugin, though the latest WireGuard module is included in our Linux kernel. Full WireGuard implementation will be merged into Unraid OS itself in a future release. I want to give special thanks to @bonienl who wrote the plugin with lots of guidance from @ljm42 - thank you! I also should give a shout out to @NAS who got us rolling on this. If you don't know about WireGuard it's something to look into! Guide here: WS-Discovery support - Finally you can get rid of SMBv1 and get reliable Windows network discovery. This feature is configured on the Settings/SMB Settings page and enabled by default. Also on same settings page is Enable NetBIOS setting. This is enabled by default, however if you no longer have need for NetBIOS discovery you can turn it off. When turned off, Samba is configured to accept only SMBv2 protocol and higher. Added mDNS client support in Unraid OS. This means, for example, from an Unraid OS terminal session to ping another Unraid OS server on your network you can use (e.g., 'tower'): ping tower.local instead of ping tower Note the latter will still work if you have NetBIOS enabled. User Share File System (shfs) changes: Integrated FUSE-3 - This should increase performance of User Share File System. Fixed bug with hard link support. Previously a 'stat' on two directory entries referring to same file would return different i-node numbers, thus making it look like two independent files. This has been fixed however there is a config setting on Settings/Global Share Settings called "Tunable (support hard links)". [-rc2 ] Fixed the default value Yes, but with certain very old media and DVD players which access shares via NFS, you may need to set this to No. [-rc5] Fixed not accounting for devices not mounted yet. Note: if you have custom config/extra.cfg file, get rid of it. Other improvements/bug fixes: Format - during Format any running parity sync/check is automatically Paused and then resumed upon Format completion. Encryption - an entered passphrase is not saved to any file. Fixed bug where multi-device btrfs pool was leaving metadata set to dup instead of raid1. Several other small bug fixes and improvements. [-rc5] Fixed bug where quotes were not handled properly in passwords. Numerous base package updates [-rc2] including updating PHP to version 7.3.x, Samba to version 4.11.x. Known Issues and Other Errata Some users have reported slower parity sync/check rates for very wide arrays (20+ devices) vs. 6.7 and earlier releases - we are still studying this problem. If you are using Unassigned Devices plugin with encrypted volumes, you must use the file method of specifying the encryption passphrase. Note that a file containing your passphrase must consist of a single null-terminated string with no other line ending characters such as LF or CR/LF. In another step toward better security, the USB flash boot device is configured so that programs and scripts residing there cannot be directly executed (this is because the 'x' bit is set now only for directories). Commands placed in the 'go' file still execute because during startup, that file is copied to /tmp first and then executed from there. If you have created custom scripts you may need to take a similar approach. AFP is now deprecated and we plan to remove support in Unraid 6.9 release. The /mnt/user0 mount point is now deprecated and we plan to remove in Unraid 6.9 release. A note on password strings Password strings can contain any character however white space (space and tab characters) is handled specially: all leading and trailing white space is discarded multiple embedded white space is collapsed to a single space character. By contrast, encryption passphrase is used exactly as-is. Version 6.8.0-rc5 2019-11-01 Base distro: btrfs-progs: version 5.3.1 kernel-firmware: version 20191025_340e06e libedit: version 20191025_3.1 librsvg: version 2.46.3 mozilla-firefox: version 70.0 (CVE-2018-6156, CVE-2019-15903, CVE-2019-11757, CVE-2019-11759, CVE-2019-11760, CVE-2019-11761, CVE-2019-11762, CVE-2019-11763, CVE-2019-11765, CVE-2019-17000, CVE-2019-17001, CVE-2019-17002, CVE-2019-11764) php: version 7.3.11 (CVE-2019-11043) qemu: version 4.0.1 [revert from 4.1.0] samba: version 4.11.2 (CVE-2019-10218, CVE-2019-14833, CVE-2019-14847) xkeyboard-config: version 2.28 Linux kernel: version 5.3.8 patch: fix_vega_reset [removed] patch: navi_reset [removed] oot: md/unraid: version 2.9.12 (do not fail read-ahead) Management: emhttp: fix improper handling of embedded quote characters in a password shfs: fix bug not accounting for device(s) not mounted yet webgui: Fixed: undo cleanup of disk.png webgui: Fixed typo in help text webgui: Unraid fonts and cases update webgui: Dashboard: fixed user write + read counts webgui: Dashboard: WG tunnel handshake in days when longer than 24 hours

More bug fixes. More refinements to webGUI, especially check out latest Community Apps plugin! Other highlights: Parity sync/Data rebuild/Check pause/resume capability. Main components in place. Pause/resume not preserved across system restarts yet however. Enhanced syslog capability. Check out Settings/Nework Services/Syslog Server. Special thanks once again to @bonienl and @Mex. Version 6.7.0-rc3 2019-02-09 Base distro: jq: version 1.6 oniguruma: version 5.9.6_p1 php: version 7.2.14 Linux kernel: version: 4.19.20 md/unraid: version 2.9.6 (support sync pause/resume) patch: PCI: Quirk Silicon Motion SM2262/SM2263 NVMe controller reset: device 0x126f/0x2263 Management: emhttp: use mkfs.btrfs defaults for metadata and SSD support emhttp: properly dismiss "Restarting services" message firmware: added BCM20702A0-0a5c-21e8.hcd added BCM20702A1-0a5c-21e8.hcd vfio-pci script: bug fixes webgui: telegram notification agent bug fixes webgui: VM page: allow long VM names webgui: Dashboard: create more space for Dokcer/VM names (3 columns) webgui: Dashboard: include links to settings webgui: Dashboard: fix color consistency webgui: Syslinux config: replace checkbox with radio button webgui: Docker page: single column for CPU/Memory load webgui: Docker: usage memory usage in advanced view webgui: Dashboard: fixed wrong display of memory size webgui: Dashboard: fix incorrect memory type webgui: Plugin manager: align icon size with rest of the GUI webgui: Plugin manager: enlarge readmore height webgui: Plugin manager: add .png option to Icon tag webgui: Plugin manager: table style update webgui: Added syslog server functionality webgui: syslog icon update webgui: Main: make disk identification mono-spaced font webgui: Added parity pause/resume button webgui: Permit configuration of parity device(s) spinup group.

With this version that has nfs4 enabled in the kernel, I was able mount all my mount points with version 4 instead of version 3. To enable nfs4 I made no changes on the Unraid side (other than just upgrading to 6.10.0-rc2d). I use systemd to mount my unraid nfs shares. For each of my .mount files, I simply changed Type=nfs to Type=nfs4 I then rebooted to see everything automount as expected. I also manually mounted a share with the following command sudo mount -t nfs4 -o proto=tcp,port=2049 x.x.x.x:/mnt/user/BookLibrary /mnt/ADrive I checked the output of nfsstat -m to verify: ❯ nfsstat -m /nfs_mnt/AtlasBackups from x.x.x.x:/mnt/user/AtlasBackups Flags: rw,noatime,vers=4.2,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=10.0.1.3,local_lock=none,addr=x.x.x.x /nfs_mnt/AtlasMedia from x.x.x.x:/mnt/user/AtlasMedia Flags: rw,noatime,vers=4.2,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=10.0.1.3,local_lock=none,addr=x.x.x.x /nfs_mnt/GameUtils from x.x.x.x:/mnt/user/GameUtils Flags: rw,noatime,vers=4.2,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=10.0.1.3,local_lock=none,addr=x.x.x.x /nfs_mnt/syslog_share from x.x.x.x:/mnt/user/syslog_share Flags: rw,noatime,vers=4.2,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=10.0.1.3,local_lock=none,addr=x.x.x.x /nfs_mnt/GamesStorage from x.x.x.x:/mnt/user/GamesStorage Flags: rw,noatime,vers=4.2,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=10.0.1.3,local_lock=none,addr=x.x.x.x /nfs_mnt/unsorted from x.x.x.x:/mnt/user/unsorted Flags: rw,noatime,vers=4.2,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=10.0.1.3,local_lock=none,addr=x.x.x.x /mnt/ADrive from x.x.x.x:/mnt/user/BookLibrary Flags: rw,relatime,vers=4.2,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=10.0.1.3,local_lock=none,addr=x.x.x.x So it looks like it mounted ok. Everything on my Manjaro linux desktop that uses those mounts at least starts ok. I'll do some more rigorous testing over the weekend but right now I'm running a backup and having Steam install a game to see how things shake out. So far so good though, fingers crossed! -Greg

-rc8 summary: Revert kernel to 4.19.87 for reasons described in this post. Update Intel 10Gbit (ixgbe) to out-of-tree driver version: 5.6.5 Update to latest WireGuard release Other package updates. Misc. webGUI fixes. Specific changes in [-rcN] are indicated in bold below. New in Unraid OS 6.8 release: The unRAIDServer.plg file (update OS) still downloads the new release zip file to RAM but then extracts directly to USB flash boot device. You will probably notice a slight difference in speed of extract messages. [-rc2] The 'sync' command at the end has been replaced with 'sync -f /boot'. Forms based authentication If you have set a root password for your server, upon boot you'll now see a nice login form. There still is only one user for Unraid so for username enter root. This form should be compatible with all major password managers out there. We always recommend using a strong password. [-rc2] There is no auto-logout implemented yet, please click Logout on menu bar or completely close your browser to logout. Linux kernel [-rc8] Remains on 4.19 [-rc6/-rc7] include latest Intel microcode for yet another hardware vulnerability mitigation. default scheduler now 'mq-deadline' [-rc2] but this can be changed via Settings/Disk Settings/Scheduler setting. enabled Huge Page support, though no UI control yet binfmt_misc support added "Vega 10 Reset bug" [-rc2] and 'navi-reset' patches removed [-rc5] [-rc2] added oot: Realtek r8125: version 9.002.02 [-rc3] additional md/unraid changes and instrumentation [-rc6] fix chelsio missing firmware [-rc8] removed Highpoint r750 driver [does not work] md/unraid driver Introduced "multi-stream" support: Reads on devices which are not being written should run at full speed. In addition, if you have set the md_write_method tunable to "reconstruct write", then while writing, if any read streams are detected, the write method is switched to "read/modifywrite". Parity sync/check should run at full speed by default. Parity sync/check is throttled back in presence of other active streams. The "stripe pool" resource is automatically shared evenly between all active streams. As a result got rid of some Tunables: md_sync_window md_sync_thresh and added some tunables: md_queue_limit md_sync_limit [-rc2] md_scheduler Please refer to Settings/Disk Settings help text for description of these settings. WireGuard support - available as a plugin via Community Apps. Our WireGuard implementation and UI is still a work-in-process; for this reason we have made this available as a plugin, though the latest WireGuard module is included in our Linux kernel. Full WireGuard implementation will be merged into Unraid OS itself in a future release. I want to give special thanks to @bonienl who wrote the plugin with lots of guidance from @ljm42 - thank you! I also should give a shout out to @NAS who got us rolling on this. If you don't know about WireGuard it's something to look into! Guide here: WS-Discovery support - Finally you can get rid of SMBv1 and get reliable Windows network discovery. This feature is configured on the Settings/SMB Settings page and enabled by default. Also on same settings page is Enable NetBIOS setting. This is enabled by default, however if you no longer have need for NetBIOS discovery you can turn it off. When turned off, Samba is configured to accept only SMBv2 protocol and higher. Added mDNS client support in Unraid OS. This means, for example, from an Unraid OS terminal session to ping another Unraid OS server on your network you can use (e.g., 'tower'): ping tower.local instead of ping tower Note the latter will still work if you have NetBIOS enabled. User Share File System (shfs) changes: Integrated FUSE-3 - This should increase performance of User Share File System. Fixed bug with hard link support. Previously a 'stat' on two directory entries referring to same file would return different i-node numbers, thus making it look like two independent files. This has been fixed however there is a config setting on Settings/Global Share Settings called "Tunable (support hard links)". [-rc2 ] Fixed the default value Yes, but with certain very old media and DVD players which access shares via NFS, you may need to set this to No. [-rc5] Fixed not accounting for devices not mounted yet. Note: if you have custom config/extra.cfg file, get rid of it. Other improvements/bug fixes: Format - during Format any running parity sync/check is automatically Paused and then resumed upon Format completion. Encryption - an entered passphrase is not saved to any file. Fixed bug where multi-device btrfs pool was leaving metadata set to dup instead of raid1. Several other small bug fixes and improvements. [-rc5] Fixed bug where quotes were not handled properly in passwords. Numerous base package updates [-rc2] including updating PHP to version 7.3.x, Samba to version 4.11.x. Known Issues and Other Errata Some users have reported slower parity sync/check rates for very wide arrays (20+ devices) vs. 6.7 and earlier releases - we are still studying this problem. [-rc6] this is fixed: If you are using Unassigned Devices plugin with encrypted volumes, you must use the file method of specifying the encryption passphrase. Note that a file containing your passphrase must consist of a single null-terminated string with no other line ending characters such as LF or CR/LF. In another step toward better security, the USB flash boot device is configured so that programs and scripts residing there cannot be directly executed (this is because the 'x' bit is set now only for directories). Commands placed in the 'go' file still execute because during startup, that file is copied to /tmp first and then executed from there. If you have created custom scripts you may need to take a similar approach. AFP is now deprecated and we plan to remove support in Unraid 6.9 release. A note on password strings Password strings can contain any character however white space (space and tab characters) is handled specially: all leading and trailing white space is discarded multiple embedded white space is collapsed to a single space character. By contrast, encryption passphrase is used exactly as-is. Version 6.8.0-rc8 2019-12-04 Base distro: mozilla-firefox: version 71.0 (CVE-2019-11756, CVE-2019-17008, CVE-2019-13722, CVE-2019-11745, CVE-2019-17014, CVE-2019-17009, CVE-2019-17010, CVE-2019-17005, CVE-2019-17011, CVE-2019-17012, CVE-2019-17013) wireguard: version 0.0.20191127 Linux kernel: version 4.19.87 [revert from 5.3.12] CONFIG_SCSI_MQ_DEFAULT: SCSI: use blk-mq I/O path by default CONFIG_IP_VS: IP virtual server support CONFIG_IP_VS_NFCT: Netfilter connection tracking CONFIG_IP_VS_PROTO_TCP: TCP load balancing support CONFIG_IP_VS_PROTO_UDP: UDP load balancing support CONFIG_IP_VS_RR: round-robin scheduling CONFIG_IPVLAN: IP-VLAN support CONFIG_IPVTAP: IP-VLAN based tap driver CONFIG_NETFILTER_XT_MATCH_IPVS: "ipvs" match support CONFIG_NET_CLS_CGROUP: Control Group Classifier CONFIG_CGROUP_NET_PRIO: Network priority cgroup CONFIG_DUMMY: Dummy net driver support oot: Intel ixgbe: version 5.6.5 oot: Highpoint rr3740a: version: v1.17.0_18_06_15 Management: Upgrade noVNC to git commit 9f557f5 webgui: Diagnostics: Remove OSK info from VM xml webgui: Diagnostics: Adjust for timezone from webGUI webgui: Add support for the self-hosted Gotify notification agent.