June 18, 20242 yr Dear Unraid devs, thanks for your hard work and continuos support and for the amazing product unraid is. I know you are actually busy developing the next unraid version but as stated before by other community members would be nice to receive some updates regarding the base system for security reason. I am on latest unraid version which according to PHP info ships PHP version 8.2.7 which is vulnerable to the CVE-2024-4577 according to the advisory. There is an exploit on the wild already and a PoC, I haven't tested it myself. Could you please confirm unraid is vulnerable? Could you please provide a system update to fix this and probably other vulnerable packages that are presents on the system while we wait for the next big major upgrade? Thank you! @ljm42
June 18, 20242 yr 10 minutes ago, Mik3 said: Dear Unraid devs, thanks for your hard work and continuos support and for the amazing product unraid is. I know you are actually busy developing the next unraid version but as stated before by other community members would be nice to receive some updates regarding the base system for security reason. I am on latest unraid version which according to PHP info ships PHP version 8.2.7 which is vulnerable to the CVE-2024-4577 according to the advisory. There is an exploit on the wild already and a PoC, I haven't tested it myself. Could you please confirm unraid is vulnerable? Could you please provide a system update to fix this and probably other vulnerable packages that are presents on the system while we wait for the next big major upgrade? Thank you! @ljm42 Reading the CVE, this oly affects PHP running on Windows.
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.