From 07a3731ca0f5870ed65e0af31547c765427554a1 Mon Sep 17 00:00:00 2001 From: Tim Moore Date: Fri, 22 Nov 2024 11:29:49 -0500 Subject: [PATCH] Update COREReleaseNotes.md - Quick resync with general announcement (#3277) --- content/GettingStarted/COREReleaseNotes.md | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/content/GettingStarted/COREReleaseNotes.md b/content/GettingStarted/COREReleaseNotes.md index 2dcbd2fd3d..6601717cdf 100644 --- a/content/GettingStarted/COREReleaseNotes.md +++ b/content/GettingStarted/COREReleaseNotes.md @@ -27,12 +27,25 @@ weight: 3 iXsystems is pleased to release TrueNAS CORE 13.0-U6.3! -This is a maintenance release to address a few security concerns: +This is a maintenance release with important security updates. +It is recommended for all users of CORE and Enterprise running 13.x or previous software versions. +TrueNAS SCALE & SCALE Enterprise systems are not impacted. * Resolve a vulnerability involving python deserialization ([CVE-2020-22083](https://github.com/advisories/GHSA-j66q-qmrc-89rx)). * Address a security vulnerability with the jails system (iocage). +In addition to the included fixes included, additional vulnerabilities are identified related to iocage (A FreeBSD jail manager), which is the infrastructure component that operates both the Jails and the Plugins system on CORE. +This update includes a mitigation that ensures any systems not running jails or plugins are safe from the iocage vulnerability impact. + +Because these vulnerabilities are architectural in nature and the iocage application has not been under active development for many years, it is unlikely to receive fixes related to these vulnerabilities. +Systems running Jails or Plugins are still be exposed to the iocage vulnerabilities. + +Users who run 3rd party applications on TrueNAS are highly encouraged to upgrade to SCALE, which is actively supported and not impacted by any known vulnerabilities at this time. +As always, users are encouraged to follow [security best-practices](https://www.truenas.com/docs/solutions/optimizations/security/) to minimize the risk to your system and important data. + +TrueNAS Enterprise 13.x users should schedule an update with [TrueNAS Support](https://www.ixsystems.com/support/truenas-arrays/). + ## 13.0-U6.2 **July 3, 2024**