Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Unraid Patch plugin

Featured Replies

Why is this plugin being called out as an Error from the FixProblems plugin?  I don't believe it belongs in the category of Error.  Should be downgraded to Warning

  • Replies 114
  • Views 39k
  • Created
  • Last Reply

Top Posters In This Topic

Most Popular Posts

  • Why is this plugin being called out as an Error from the FixProblems plugin?  I don't believe it belongs in the category of Error.  Should be downgraded to Warning. 

  • acosmichippo
    acosmichippo

    may i suggest updating the top comment to clarify this from the beginning? I believe a lot of people like myself and others already will be coming here with this question, and they shouldn't have to r

  • The source for the plugin itself is available here:   https://github.com/unraid/unraid.patch The patches that it installs can be found on your flash drive in   /boot/config/plugins/unraid.patch/

Posted Images

Patches are installed after you're notified about them (or manually check for them)

  • When you reboot your server
  • If in the GUI you manually install them.

How does the plugin remove stored patches fixed with a new release?

  • Author
2 minutes ago, DiscoverIt said:

How does the plugin remove stored patches fixed with a new release?

 

The patches themselves can be found on your flash drive in
  /boot/config/plugins/unraid.patch/[version]

Storing them by version means that patches for older releases are automatically ignored when you change versions, but remain available if you roll back. Their size is negligible

Additionally, if when upgrading the OS and patches are available that aren't in the new OS version they are also automatically downloaded and installed when you reboot for the upgrade.

In theory there is now at any given moment a potential for 4 stable releases? Current stable options:

  • 6.12.15
  • 6.12.15+patch (not existent but could)
  • 7.0
  • 7.0+patch (not existent but could)

Is it going to be whether or not a reboot is required is what determines a patch in the plugin sense vs a patchfix release? Or will this only be used for versions no longer supported per the new licensing? It just has an odd mouth feel that 6.12.15 is a patch release but you could also have 6.12.15+patch. Maybe 6.12.15 should be renamed a bug fix release (major.minor.bugfix+patch)?

Edited by DiscoverIt

Have I understood correctly? Once I install it and click "accept" in its tools page this plugin will:

  • Automatically download patches to /boot/config/plugins/unraid.patch/[version]
  • Send a notification when it has done so

But the system behaviour will not change until I manually reboot, at which point the patches will be applied to whatever base version I'm running.

As a corollary, does that mean if a patch causes problems I can disable the Unraid Patch plugin, delete the offending patch(es) from /boot/config/plugins/unraid.patch/[version], and on rebooting I will be back to the unpatched state of whatever version I'm on?

 

 

Could someone please clarify here, are the proposed patches likely to have any issues with windows 11 connecting to to the server(s) I have already had issues in that respect with Windows 11 security and I definitely do not want to revisit the problems again by adding security patches to the servers that Windows 11 is going to be unhappy to connect to.

10 hours ago, T0rqueWr3nch said:

I am concerned about its "autoinstall"

As previously mentioned, updates to the plugin will be coming

4 hours ago, SarahAS2 said:

But the system behaviour will not change until I manually reboot, at which point the patches will be applied to whatever base version I'm running.

Or if within the GUI for the plugin (Tools - Unraid Patch) you hit "Install"

 

4 hours ago, SarahAS2 said:

I will be back to the unpatched state

Uninstalling the plugin alone (and rebooting) will set you back in the "unpatched" (not-recommended) OS

 

  • Author

The patch plugin was created to facilitate fixing certain security issues in the Unraid OS webGUI for older Unraid OS releases. We wanted to give users on older releases a quick and easy way to apply these fixes without having to update to the latest Unraid OS releases immediately.

 

The plugin stores the patches on your flash drive in
  /boot/config/plugins/unraid.patch/[version]
Visit Tools > Unraid Patch to install them without needing to reboot. On reboot they will automatically be reinstalled.

 

To remove the patches and get back to stock, uninstall the plugin and reboot.

 

The patch released yesterday solves a security problem with older versions of Unraid. Unraid 6.12.15 and 7.0.0 have the fixes built in, so strictly speaking they do not need to have the patch plugin installed at this time.

 

However this can be a powerful tool to aide in not only installing critical security updates in a timely manner, but also fixing bugs without having to wait for a full release. For this reason we recommend having the plugin installed on all versions of Unraid.

On 1/23/2025 at 10:16 AM, Sn3akyP3t3 said:

Why is this plugin being called out as an Error from the FixProblems plugin?  I don't believe it belongs in the category of Error.  Should be downgraded to Warning

Agreed...Or even just a notice.  It kind of freaked me out when I upgraded to 6.12.15 and got an "Error Notice" sent to me.  I am not 100% sure I want something auto pushed to me for an update seeing it can open up a door as mentioned. Not that you have not done all you can to secure the process...Kudos for making it as I can see how it could be important especially for a major security thing. And I like patches vs complete new versions when it calls for it.

 

But for these patches, even notices are useable suggesting an update vs doing an auto push. And yes, I get it that it will not kick in until reboot...So if that is the case, it could be a notice to install and reboot and not just auto downloaded.  Just in case I reboot for some reason, and I did not want the the patch, the patch would be applied if I had forgotten it was downloaded.  I know I can go in and remove the patch, but it would then just auto download again, I think.) 

 

Oh, as I was typing a new post came in... "To remove the patches and get back to stock, uninstall the plugin and reboot." ... But then I will get a ERROR Notice again.  :)

 

Thank you.

Edited by David Bott

  • Author

Yes this is a net new process and we needed to get it out. We're working on tweaks to give users more control. We can work on the FCP message.

 

To clarify, today if you are on a version that has a patch available (6.10.0-6.12.13) you need to visit Tools > Unraid Patch to install the patch without rebooting.

 

There are currently no patches for 6.12.14+ or 7.0.0+ but we do recommend having the plugin installed as mentioned above.

14 minutes ago, David Bott said:

ERROR Notice

It can be ignored in FCP if that's what you decide

On 1/23/2025 at 5:20 PM, Squid said:

Patches are installed after you're notified about them (or manually check for them)

  • When you reboot your server
  • If in the GUI you manually install them.

 

This is an extremely bad security practice, allow a plugin to automatically modify my server without my intervention or approval.

What is the plugin is compromise? The installation of patches should require human intervention to accept


Does this plugin do hot patching? or is always going to require a reboot?

 

Does this sound familiar??

 

Vulnerability 4: Community Applications Repository Takeover

Description

GitHub repositories used by the Community Applications app feed could be transferred to another owner, opening the possibility of hijacking the application templates.

Details

Type: Improper Access Control

Impact: Code Execution

Attack Vector: Requires an attacker to transfer a GitHub repository associated with a Community Application, which could then be used to submit malicious templates to the feed. 

Affected Versions: Application feed prior to 11/12/2024

Resolution: Policies were hardened around renaming repositories. Updates to the Community Application Feed backend deployed on 11/12/2024 resolved this issue.

Acknowledgments

George Hamilton

Mitigation

The Community Applications app feed now detects repository transfers and blocks for manual review. No action needed by users, although we recommend upgrading to the latest Community Applications plugin.

Edited by L0rdRaiden

  • Author

Please see my previous posts, we're working on tweaks to give users more control.

9 hours ago, ljm42 said:

Please see my previous posts, we're working on tweaks to give users more control.

may i suggest updating the top comment to clarify this from the beginning? I believe a lot of people like myself and others already will be coming here with this question, and they shouldn't have to read two pages of comments for this answer.

  

I'm on 6.12.10 right now, and I installed the plugin and installed the patch a few days ago. Overnight last night I got a notification of a critical update, this morning I went in and checked and it said I already had it installed.

 

Notification:

Critical Update: 26-01-2025 04:30 AM
Critical Update Available
Critical Updates Are Available For Your Unraid Server

 

Tool:

 

No new patches found! The following patches are already installed and will be reinstalled automatically when your server boots

1.0.0

Notes

This patch fixes a subset of known security issues. For more information see this blog post.

Bug Fixes

Fix Reflected XSS issues in 6.12.10

 

 

Interestingly syslog even identifies that it was already installed:

Jan 26 04:30:01 unraid root: Checking for patches for OS version 6.12.10
Jan 26 04:30:02 unraid root: Skipping 20250118234703-pr243.patch-- Already installed

 

 

Going to ignore this "error" in FCP for now.  I'm on 6.12.15 at the moment, which mitigates the known vulnerabilities from what I've read.  This "patch" process seems way too "knee jerk" for me so I'm going to sit back and monitor, which falls in line with what I do regarding new releases and such (i.e. I'm not an early/first day adopter).

 

Thanks for the efforts, nonetheless.  As this matures, I will likely embrace it.

On 1/22/2025 at 11:55 PM, ljm42 said:

 

The source for the plugin itself is available here:
  https://github.com/unraid/unraid.patch
The patches that it installs can be found on your flash drive in
  /boot/config/plugins/unraid.patch/[version]

Another side note: as this github repository is used to deploy fix(es) on a live server, it could be nice to have the signature verification enabled on your commit to avoid future issue.

I see you do it (not all the time) on other Unraid repositories so it should be feasible without too much headache on your side.

 

And I'm all for an alert before application of the patch so i can review the potential impact on my setup and decide if it's relevant or can be delayed for a patch day.

19 hours ago, warpspeed said:

I'm on 6.12.10 right now, and I installed the plugin and installed the patch a few days ago. Overnight last night I got a notification of a critical update, this morning I went in and checked and it said I already had it installed.

 

Thanks for finding.  An update to the plugin will be released later today

The just released update (2025.01.26) should fix the spurious background check returning on occasion a false positive notification

patching file sbin/mover
Hunk #1 FAILED at 72.
1 out of 1 hunk FAILED -- saving rejects to file sbin/mover.rej


Failed to install patch 20250128204439-pr271.patch Aborting


I get this error when installing the latest patches for 7.0. I'm 99% sure it's because I use the mover fine tuning plugin. It seems the like other patches worked, so I will ignore. 

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.