May 21May 21 Unraid 7.2.7 is out with security updates across several core packages, a kernel upgrade, Docker fixes, and WebGUI corrections. Upgrading is recommended, particularly for security-sensitive environments.Changes vs. 7.2.6SecuritySecurity updates for docker, nginx, glibc, jq, avahi, glibc support libraries, curl, gnutls, and phpContainers / DockerDocker updated to 29.5.1Fix: Docker containers on VLAN networks now keep their configured gateway after updatesFix: Docker container context menus stay reachable on pages with many containersWebGUI / SystemFix: Connect version checks restored in the server pluginLinux kernelKernel upgraded to 6.12.90-UnraidFix: performance regression affecting Docker-enabled systems and some USB 3.1 devicesUpdated packages (11)aaa_glibc-solibs: 2.42 → 2.43avahi: 0.8-3_SBo_LT → 20260508 (CVE-2023-38469, CVE-2023-38470, CVE-2023-38471, CVE-2023-38472, CVE-2023-38473)curl: 8.19.0 → 8.20.0 (CVE-2026-4873, CVE-2026-5545, CVE-2026-5773, CVE-2026-6253, CVE-2026-6276, CVE-2026-6429, CVE-2026-7009, CVE-2026-7168)docker: 29.3.1 → 29.5.1glibc: 2.42 → 2.43 (CVE-2025-15281, CVE-2026-0861, CVE-2026-0915)gnutls: 3.8.12 → 3.8.13 (CVE-2026-33846)jq: 1.6 → 1.8.1 (CVE-2024-53427, CVE-2025-9403)libvirt-php: 0.5.8-8.3.29 → 0.5.8-8.3.31nginx: 1.27.2 → 1.30.1 (CVE-2025-53859, CVE-2026-1642, CVE-2026-27651, CVE-2026-27654, CVE-2026-27784, CVE-2026-28753, CVE-2026-28755, CVE-2026-32647, CVE-2026-40460, CVE-2026-40701, CVE-2026-42934, CVE-2026-42945, CVE-2026-42946)php: 8.3.29 → 8.3.31 (CVE-2025-14179, CVE-2026-6722, CVE-2026-6735, CVE-2026-7258, CVE-2026-7259, CVE-2026-7261, CVE-2026-7262, CVE-2026-7568)zfs: 2.3.4_6.12.82_Unraid → 2.3.4_6.12.90_UnraidKnown IssuesSee the 7.2.6 release notes for other known issues.Rolling BackIf rolling back to a version earlier than 7.2.6, also see the 7.2.6 release notes.UpgradingFor step-by-step instructions, see Updating Unraid.LinksRelease Notes — Full 7.2.7 release notesBlog Post — 7.2.7 announcement
May 21May 21 Why does Unraid 7.2.7 have Docker 29.5.1 and Unraid 7.3 has Docker 29.4.3?Will 7.2.X continue to be supported because of the older kernel?I don't quite understand the update policy yet, but I haven't been using Unraid for very long.
May 21May 21 are the same cve updated in 7.3?aaa_glibc-solibs: 2.42 → 2.43avahi: 0.8-3_SBo_LT → 20260508 (CVE-2023-38469, CVE-2023-38470, CVE-2023-38471, CVE-2023-38472, CVE-2023-38473)curl: 8.19.0 → 8.20.0 (CVE-2026-4873, CVE-2026-5545, CVE-2026-5773, CVE-2026-6253, CVE-2026-6276, CVE-2026-6429, CVE-2026-7009, CVE-2026-7168)docker: 29.3.1 → 29.5.1glibc: 2.42 → 2.43 (CVE-2025-15281, CVE-2026-0861, CVE-2026-0915)gnutls: 3.8.12 → 3.8.13 (CVE-2026-33846)jq: 1.6 → 1.8.1 (CVE-2024-53427, CVE-2025-9403)libvirt-php: 0.5.8-8.3.29 → 0.5.8-8.3.31nginx: 1.27.2 → 1.30.1 (CVE-2025-53859, CVE-2026-1642, CVE-2026-27651, CVE-2026-27654, CVE-2026-27784, CVE-2026-28753, CVE-2026-28755, CVE-2026-32647, CVE-2026-40460, CVE-2026-40701, CVE-2026-42934, CVE-2026-42945, CVE-2026-42946)php: 8.3.29 → 8.3.31 (CVE-2025-14179, CVE-2026-6722, CVE-2026-6735, CVE-2026-7258, CVE-2026-7259, CVE-2026-7261, CVE-2026-7262, CVE-2026-7568)zfs: 2.3.4_6.12.82_Unraid → 2.3.4_6.12.90_Unraidare you telling us to down grade then move to this?
May 22May 22 Just a question for understanding:Why do we have 7.3.0 out and now comes 7.2.7?Is this a different branch?
May 22May 22 14 minutes ago, Zonediver said:Just a question for understanding:Why do we have 7.3.0 out and now comes 7.2.7?Is this a different branch?Valid question. It's kinda confusing if we have to downgrade to get the latest security fixes. First time I'm seeing this approach.
May 22May 22 You don't downgrade, you wait for 7.3.1... I'm sure it's not far behind.7.3 includes some pretty big changes not everyone wanted to jump on. This is for those that didn't.
May 22May 22 I’m trying to understand the intended upgrade path here. 7.2.7 appears to include security package refreshes that are newer than what is listed in the 7.3.0 release notes. For example, 7.2.7 lists Docker 29.5.1, glibc 2.43, nginx 1.30.1, jq 1.8.1, and the Avahi CVE rebuild, while 7.3.0 lists Docker 29.4.3 and does not appear to list the glibc/nginx/jq/avahi security updates.Is 7.3.0 expected to receive a 7.3.1 update carrying these same 7.2.7 security package bumps? Or are the 7.3.0 binaries already patched in some other way not reflected in the package list?I’m not asking whether 7.2.7 is a branch-maintenance release... I understand that part. I’m asking whether a system already on 7.3.0 is currently behind 7.2.7 for the listed CVE-related packages.
May 22May 22 5 hours ago, Zonediver said:Just a question for understanding:Why do we have 7.3.0 out and now comes 7.2.7?Is this a different branch?The are two stable releases. A 7.3 update will becoming also. docs.unraid.net/unraid-os/download_list/
May 22May 22 7.2.7 is mostly for users who don't have a license that allows updating to 7.3. Anyone on 7.3.0 should wait for 7.3.1, which should be out very soon.
May 22May 22 Actually it is very fair that Unraid releases security updates for 7.2 instead of forcing people with expired licenses to resubscribe.
May 22May 22 Just upgraded yesterday and started having issues with my gitea actions/runner. Looks related to Docker 29.5.1. Maybe I should go on to 7.3.0 with Docker 29.4.3 included.Runner breaks when using docker 29.5.1Fix is in Docker 29.5.2 Edited May 22May 22 by spork
May 23May 23 EDIT :Looks like the syntax is now '--network' instead of --netUpgraded from 7.2.6 to 7.2.7. All is good except for one container.I use passthroughvpn container which establishes a VPN connection.I have transmission container setup to use the above as a passthrough. This is done by setting 'Network Type' to "none" and using the 'Extra parameter' option in container config as follows: "--net=container:passthroughvpn"In 7.2.7, I get an error when trying to start transmission "Execution error Bad parameter"What should the parameter/config be for transmission container to pass through the passthroughvpn container? Edited May 23May 23 by itlists
May 31May 31 On 5/23/2026 at 9:03 AM, itlists said:EDIT :Looks like the syntax is now '--network' instead of --netUpgraded from 7.2.6 to 7.2.7. All is good except for one container.I use passthroughvpn container which establishes a VPN connection.I have transmission container setup to use the above as a passthrough. This is done by setting 'Network Type' to "none" and using the 'Extra parameter' option in container config as follows: "--net=container:passthroughvpn"In 7.2.7, I get an error when trying to start transmission "Execution error Bad parameter"What should the parameter/config be for transmission container to pass through the passthroughvpn container?You can do this in the UI instead of modifying the command line arguments. Instead of selecting "None" for the network type, select "Container". It'll show a dropdown list to select the container to use.
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.