January 22, 20251 yr This official Unraid Patch plugin will help protect your server by keeping the OS up to date with the latest patches. This plugin is available for Unraid 6.10.0 and higher, search Community Applications for "Unraid Patch". We plan to use this plugin to distribute bug fixes and security updates to the current release, and may occasionally release security updates for older releases. After installing, visit Tools > Unraid Patch and accept the disclaimer. The plugin submits your server's current version and license key, and gets back the appropriate patches to install. The patches are stored on your flash drive in: /boot/config/plugins/unraid.patch/[version] Visit Tools > Unraid Patch to install them without needing to reboot. On reboot they will automatically be reinstalled, no action needed. To remove the patches and get back to stock, uninstall the plugin and reboot. Note: A reboot is only required if one of the files being patched was already modified by another plugin. The Patch plugin will detect the conflict and advise a reboot. Upon rebooting, the Patch plugin will install first, and patch the files before any other plugin is installed. This will typically prevent conflicts will other plugins. Jan 20, 2025 Security Patch We released a patch to fix a subset of known security issues in older releases (6.10.0-6.12.13), see this blog post for details. Installing this plugin means you get the patch immediately, without having to upgrade or even reboot. But we still recommend upgrading to the current release of Unraid for all the fixes. Unraid 6.12.15 and 7.0.0 have the security fixes built in, so strictly speaking they do not need to have the patch plugin installed at this time. However this can be a powerful tool to aide in not only installing critical security updates in a timely manner, but also fixing bugs without having to wait for a full release. For this reason we recommend having the plugin installed on all versions of Unraid. ... Bug fix patches are now available for Unraid 7.0.0, see the release notes for details. These fixes will be included in the next full release of Unraid as well.
January 22, 20251 yr I remember a lot of people wondered how people who may be on older versions with the new licence (if they choose not to pay the yearly fee) would get security patches, I take this is the answer to that?
January 22, 20251 yr Author Just now, Daniel15 said: Where can we find the source code for this plugin? The source for the plugin itself is available here: https://github.com/unraid/unraid.patch The patches that it installs can be found on your flash drive in /boot/config/plugins/unraid.patch/[version]
January 22, 20251 yr 34 minutes ago, isvein said: yearly fee Did I miss something? Edit: Nevermind, Apparently I did miss something, just checked out the Pricing page. All up-to speed now, lol. Edited January 22, 20251 yr by relink
January 22, 20251 yr Is there a formal process documented somewhere to disclose vulnerabilities for UNRAID ? Edited January 22, 20251 yr by sidhax
January 22, 20251 yr 10 minutes ago, relink said: Did I miss something? 43 minutes ago, isvein said: with the new licence If you have an old license and are happy with it there is no fee.
January 22, 20251 yr Author 1 hour ago, isvein said: I remember a lot of people wondered how people who may be on older versions with the new licence (if they choose not to pay the yearly fee) would get security patches, I take this is the answer to that? We are committed to providing security fixes going back one minor version. If your license allows access to the first stable release of a minor version you will have access to all stable releases of that minor version, i.e. free security updates if you are one minor version old. This is detailed in our docs. For example, 7.0 is our current release. We will provide security updates for the previous minor release of 6.12, but there should be no expectation of security updates for older releases. Today we are going far beyond our commitment and patching specific issues in much older releases as well. Still, we still highly recommend that everyone upgrade from these old releases to the current version of Unraid.
January 22, 20251 yr Author 31 minutes ago, sidhax said: Is there a formal process documented somewhere to disclose vulnerabilities for UNRAID ? Creating a ticket is preferred https://unraid.net/contact but you can also contact us via [email protected]
January 22, 20251 yr So what is the purpose of this vs. the check for updates? This will have patches in-between version updates?
January 22, 20251 yr Author 2 minutes ago, BC2112 said: So what is the purpose of this vs. the check for updates? This will have patches in-between version updates? Yes this applies patches between releases. It does not change your Unraid version number.
January 23, 20251 yr Included this Plugin in future Updates so that is pre installed must not installed separated.
January 23, 20251 yr 1 hour ago, wuyongjun said: 弱弱的问下,这个补丁Unraid 7.0.0要打吗? You have to go to Tools -> Unraid Patch, then click Accept to accept that the plugin is allowed to apply patches to your Server. After that you should see that for Unraid 7.0.0 are no patches found: I would recommend to do this since this will allow the plugin to patch your Server in the future if vulnerabilities are found. You can always come back to Tools -> Unraid Patch and check if any new patches are found.
January 23, 20251 yr Does this plugin force patch your system automatically? I don't see any setting that related to automatic installs or alerting or anything like that. Would be good to have some clarity on that as many people don't like automatic patching, even if they are security patches. Especially if the plugin is going to be included in future releases.
January 23, 20251 yr 13 minutes ago, TheIstar said: Does this plugin force patch your system automatically? I don't see any setting that related to automatic installs or alerting or anything like that. Would be good to have some clarity on that as many people don't like automatic patching, even if they are security patches. Especially if the plugin is going to be included in future releases. i Agree, would prefere more documentation to what it actually does, automatic updates ? does it show if an update requires reboot? etc. i like the idear to patch, but i would love to se better documentation and insight into the options and functions.
January 23, 20251 yr Great to see that fixing important security issues is now possible outside of regular OS updates! I think that this should be a built in functionality in Unraid OS and not a plugin. Chances are high that people will miss to install this important plugin and therefore are more likly exposed to potential security vulnerabilities. Edited January 23, 20251 yr by CHAU
January 23, 20251 yr 5 hours ago, TheIstar said: Does this plugin force patch your system automatically? I don't see any setting that related to automatic installs or alerting or anything like that. Would be good to have some clarity on that as many people don't like automatic patching, even if they are security patches. Especially if the plugin is going to be included in future releases. Hello team. I second your comment. I like the idea but I also like to choose what goes into my system. Alerting would be the minimum. Choosing the patch to apply with changelog attached to it would be even better.
January 23, 20251 yr Is there a way to roll back a patch if a problem exists? Can we change the plugin to notify instead of auto install? Thanks Edited January 23, 20251 yr by dopeytree
January 23, 20251 yr 37 minutes ago, dopeytree said: Is there a way to roll back a patch if a problem exists? Rolling back (in the very unlikely event of an issue) is uninstalling the plugin and rebooting. 38 minutes ago, dopeytree said: Can we change the plugin to notify instead of auto install? 7 hours ago, TheIstar said: Does this plugin force patch your system automatically? I don't see any setting that related to automatic installs or alerting or anything like that. The plugin automatically checks for any new patches once a week. If a new patch becomes available, then you are notified about it via your notification settings. The new patch itself however won't be automatically installed until you either do it or you reboot your server. Due to the need to create the plugin, and test every single release of the OS with the patches installed to confirm no issues were caused, the system is setup to "auto install". As the scope of the patch plugin evolved and it was going to be potentially utilized for ongoing patches going forward, then the auto install and some other considerations did come up. But at that point revamping everything would have incurred a significant delay in publishing the patches. This plugin will be updated over time.
January 23, 20251 yr While I like the idea of this plugin, especially not having to wait for Unraid to release a minor update in order to get security updates, I am concerned about its "autoinstall" nature. My biggest concern is the secondary risk introduced by this new feature- namely that an attacker could gain access to this new infrastructure and leverage it to push out malware to all Unraid servers. Allowing customers to review any new patches before they are installed would help mitigate that risk.
January 23, 20251 yr 17 minutes ago, Squid said: The plugin automatically checks for any new patches once a week. If a new patch becomes available, then you are notified about it via your notification settings. The new patch itself however won't be automatically installed until you either do it or you reboot your server. So I'm a little bit confused by this- this doesn't sound like an automatic install to me: 2) "Until you reboot your server" So do the new patches not automatically install at all then unless you reboot? Does this apply to only kernel patches that require a reboot or all patches pushed by Unraid period?
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.