This release contains Security fixes, a Data Corruption mitigation, bug fixes and other minor improvements.
To upgrade:
First create a backup of your USB flash boot device: Main/Flash/Flash Backup
If you are running any 6.4 or later release, click 'Check for Updates' on the Tools/Update OS page.
If you are running a pre-6.4 release, click 'Check for Updates' on the Plugins page.
If the above doesn't work, navigate to Plugins/Install Plugin, select/copy/paste this plugin URL and click Install:
https://unraid-dl.sfo2.cdn.digitaloceanspaces.com/stable/unRAIDServer.plg
Bugs: If you discover a bug or other issue in this release, please open a Stable Releases Bug Report.
Thank you to all Moderators, Community Developers and Community Members for reporting bugs, providing information and posting workarounds.
Please remember to make a flash backup!
Data Corruption possible with tg3 driver when Intel VT-d is enabled.
The combination of Linux 5.15 kernel, tg3 driver, and Intel VT-d enabled appears to be causing data corruption. This has been verified on several platforms which include a Broadcom NetXtreme Gigabit Ethernet NIC (note: there may be others). This release includes the following workaround:
Very early in server startup (rc.S) if Intel VT-d is detected enabled, then the script will unconditionally create the file:
/etc/modprobe.d/tg3.conf
with following content:
blacklist tg3
Hence by default if VT-d is enabled, which is to say, it has not been disabled in either bios or via kernel "intel_iommu=off", then we are going to blacklist the tg3 driver on all platforms.
What if someone has a platform where tg3 does not give them any trouble with VT-d enabled? In this case they must create an empty file on their flash device:
config/modprobe.d/tg3.conf
When the startup sequence continues it will get to the point where it executes:
install -p -m 0644 /boot/config/modprobe.d/* /etc/modprobe.d
A blank tg3.conf file stored on the flash then effectively un-blacklists it.
There will be users who will lose network connectivity because their NIC is blacklisted. If you are running on a problematic platform you should go into your bios and disable VT-d. If this is a platform without issue, then you will need to create the blank tg3.conf file on your flash config/modprobe.d directory.
It may take some time to identify and integrate a proper fix for this issue, at which point we will remove the auto-blacklisting code. I want to thank @JorgeB for his incredible help in identifying and isolating this issue.
Security-related Changes
The Firefox browser and has been updated to version 100.0.2 to address a very nasty security vulnerability. If you use Firefox we also suggest upgrading on all platforms.
We fixed an issue where webGUI login could accept a password from a user other than 'root', if that username included the string 'root'.
The Linux kernel was updated to 5.15.43 to address a "security bypass" vulnerability.
Other Changes
On Management Access page, for the "Use SSL/TLS" setting we changed the word "Auto" to "Strict" in the drop-down menu. This better describes the action of this setting.
Docker manager now uses Docker label for icons as fallback.
VM manager now gives the option of using LibVirt networks in addition to bridges without having to edit the VM's XML.
Improved handling of custom SSL certificates.
[6.10.1] Fix regression: support USB flash boot from other than partition 1
other misc. bug fixes
Version 6.10.2 2022-05-27
Base distro:
firefox AppImage: version: 100.0.r20220519220738 (CVE-2022-1802 CVE-2022-1529)
Linux kernel:
version 5.15.43-Unraid (CVE-2022-21499)
Management:
nginx: avoid appending default port number to redirect URLs
nginx: self-signed cert file: accept common name and all alternate names
startup: fix multiple network interfaces being assigned the same MAC address
startup: blacklist tg3 by default if Intel VT-d is enabled
webgui: Management Access: Use SSL/TLS setting: change the word 'Auto' to 'Strict'
webgui: Fixed: smGlue not included when selecting a controller
webgui: Fixed: allow share names with embedded ampersand
webgui: add LXC terminal support (for LXC Plugin)
webgui: Docker Web UI to use Docker label for icons as fallback
webgui: VM Manager: support libvirt networks (make libvirt networks accessible via gui)
webgui: fix issue where 'root' login works with password from another username which includes string 'root'
webgui: Update OS page spelling corrction: warninging -> warning
webgui: helptext review: minor corrections
Version 6.10.1 2022-05-21
Management:
startup: fix regression: support USB flash boot from other than partition 1