limetech Posted January 26, 2020 Share Posted January 26, 2020 Due to a security vulnerability discovered in forms-based authentication: ALL USERS ARE STRONGLY ENCOURAGED TO UPGRADE To upgrade: If you are running any 6.4 or later release, click 'Check for Updates' on the Tools/Update OS page. If you are running a pre-6.4 release, click 'Check for Updates' on the Plugins page. If the above doesn't work, navigate to Plugins/Install Plugin, select/copy/paste this plugin URL and click Install: https://s3.amazonaws.com/dnld.lime-technology.com/stable/unRAIDServer.plg Refer also to @ljm42 excellent 6.4 Update Notes which are helpful especially if you are upgrading from a pre-6.4 release. Bugs: If you discover a bug or other issue in this release, please open a Stable Releases Bug Report. Overfiew This is a bug fix and security update release. Some users are reporting problems booting due to a crash in the in-tree Intel IGB ethernet driver. We replaced the in-tree driver with latest out-of-tree driver. We fixed a longstanding issue where LibreELEC/Kodi could not browse NFS shares. The fix was to rebuild the rpcbind program, including a new option: --enable-rmtcalls Version 6.8.1 included a new docker option "Host access to custom networks" (thanks @bonienl) but I left out a critical change in the rc.docker script, sorry about that, now fixed. Fixed an encryption issue: if you first tried 'keyfile' method to specify encryption key, and that fails, any attempt to enter a passphrase would also fail, since a keyfile still exists, emhttpd used that as encryption key. This is fixed in webGUI by detecting presence of an encryption keyfile and offering only to re-download a new keyfile or delete the current one. Once deleted, you can then enter a passphrase. Small change to properly support custom SSL wildcard certs (thanks @ljm42) Updated kernel, wireguard, other base packages Numerous webGUI fixes and refinements (thanks @bonienl, @Squid, @gfjardim) A note regarding encryption passphrases: There is a warning in the Help text for passphrase which reads: Quote It is highly advisable to only use the 95 printable characters from the first 128 characters of the ASCII table, as they will always have the same binary representation. Other characters may have different encoding depending on system configuration and your passphrase will not work with a different encoding. If you want a longer passphrase or to include binary data, upload a keyfile instead. Prior to this release (6.8.2) we did not enforce this restriction, but now we are. Unfortunately this means for those who have previously used a passphrase including other characters, you will need to use the "keyfile" method. We will add a feature in a future release that will let you change your passphrase/keyfile. Version 6.8.2 2020-01-26 Changes vs. 6.8.1 Base distro: fuse3: version 3.9.0 php: version 7.3.14 (CVE-2020-7060, CVE-2020-7059) rpcbind: version 1.2.5 (rebuilt with --enable-rmtcalls option) ttyd: version 20200120 wireguard-tools: version 1.0.20200121 Linux kernel: version 4.19.98 (CVE-2019-14615) CONFIG_ENIC: Cisco VIC Ethernet NIC Support removed: CONFIG_IGB: Intel(R) 82575/82576 PCI-Express Gigabit Ethernet support removed: CONFIG_IGBVF: Intel(R) 82576 Virtual Function Ethernet support kernel-firmware: version 20200122_1eb2408 oot: Intel igb: version 126.96.36.199 oot: wireguard: version 0.0.20200121 Management: rc.docker: include missing changes to suppoort new setting "Host access to custom networks" rc.nginx: support custom wildcard SSL certs webgui: User password: hide base64 conversion webgui: Select username field when login page is loaded webgui: login: autocapitalize="none" webgui: Passphrase printable charcaters only webgui: Encryption: enforced keyfile selection/deletion when file exists webgui: Use php json_encode to properly encode notifications webgui: Changed Delete keyfile button placement webgui: Detect missing key when keyfile is deleted webgui: Add Network:VPN as an application category webgui: further hardening in auth_request.php webgui: Style adjustment: buttons min-width webgui: login page favicon now matches the green/yellow/red icon from the other webgui pages webgui: VM Manager: add 'virtio-win-0.1.173-2' to VirtIO-ISOs list webgui: Add Network:VPN as an application category webgui: Network settings: updated help text webgui: Fix link for Password Recovery on login screen Version 6.8.1 2020-01-10 Changes vs. 6.8.0 Base distro: libuv: version 1.34.0 libvirt: version 5.10.0 mozilla-firefox: version 72.0.1 (CVE-2019-17026, CVE-2019-17015, CVE-2019-17016, CVE-2019-17017, CVE-2019-17018, CVE-2019-17019, CVE-2019-17020, CVE-2019-17021, CVE-2019-17022, CVE-2019-17023, CVE-2019-17024, CVE-2019-17025) php: version 7.3.13 (CVE-2019-11044 CVE-2019-11045 CVE-2019-11046 CVE-2019-11047 CVE-2019-11049 CVE-2019-11050) qemu: version 4.2.0 samba: version 4.11.4 ttyd: version 20200102 wireguard-tools: version 1.0.20200102 Linux kernel: version 4.19.94 kernel_firmware: version 20191218_c4586ff (with additional Intel BT firmware) CONFIG_THUNDERBOLT: Thunderbolt support CONFIG_INTEL_WMI_THUNDERBOLT: Intel WMI thunderbolt force power driver CONFIG_THUNDERBOLT_NET: Networking over Thunderbolt cable oot: Highpoint rr3740a: version v1.19.0_19_04_04 oot: Highpoint r750: version v1.2.11-18_06_26 [restored] oot: wireguard: version 0.0.20200105 Management: add cache-busting params for noVNC url assets emhttpd: fix cryptsetup passphrase input network: disable IPv6 for an interface when its settings is "IPv4 only". webgui: Management page: fixed typos in help text webgui: VM settings: fixed Apply button sometimes not working webgui: Dashboard: display CPU load full width when no HT webgui: Docker: show 'up-to-date' when status is unknown webgui: Fixed: handle race condition when updating share access rights in Edit User webgui: Docker: allow to set container port for custom bridge networks webgui: Better support for custom themes (not perfect yet) webgui: Dashboard: adjusted table positioning webgui: Add user name and user description verification webgui: Edit User: fix share access assignments webgui: Management page: remove UPnP conditional setting webgui: Escape shell arg when logging csrf mismatch webgui: Terminal button: give unsupported warning when Edge/MSIE is used webgui: Patched vulnerability in auth_request webgui: Docker: added new setting "Host access to custom networks" webgui: Patched vulnerability in template.php 6 4 Quote Link to comment
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.