TrueNAS U8 Docs Hub: Guides, FAQs & How‑To Tutorials (70)

February 2, 2022

What’s new in TrueNAS 12.0‑U8

• OpenZFS 2.0.7
• New “Console Port” and “TLS Server URI” fields in the S3 service form.
• Direct link to the TrueNAS Upgrades article from the Update screen.

If you are still on FreeNAS, upgrade to FreeNAS 11.3‑U5 first, then move to TrueNAS 12.0‑U8 with a single click to keep rollback options.

For TrueNAS HA customers with support contracts, contact iXsystems Support so the team can verify system health and handle the upgrade as part of the “white‑glove” service.

Enterprise support

TrueNAS hardware owners and anyone needing additional assistance must have a support contract. Free community support is available through the TrueNAS Community forums.

Even if you choose not to upgrade right now, please review the updated TrueNAS documentation. We appreciate all contributions and welcome more user suggestions.

Security notice

All Samba versions before 4.13.17 contain an out‑of‑bounds heap read/write flaw (CVE‑2022‑44142) that could let an attacker execute code as root via the vfs_fruit module. The vulnerability is triggered only when a user can write extended attributes, which can happen even for unauthenticated guests if those permissions are granted.

The issue exists when the default fruit VFS settings (fruit:metadata=netatalk or fruit:resource=file) are left unchanged. Changing those options mitigates the risk.

Source: CVE‑2022‑44142

The flaw does not affect TrueNAS in its default configuration, but it does impact setups where the same path is shared via AFP and SMB simultaneously. Upgrading to 12.0‑U8 eliminates this risk.

TrueNAS 12.0‑U8 Changelog

• [NAS‑113985] Merge OpenZFS 2.0.7
• [NAS‑114028] Add TLS server URI field to S3 config
• [NAS‑114137] Add console bind port field to S3 config
• [NAS‑114297] Link to docs from Update page
• [NAS‑114103] Include igc(4) driver for I225 Intel NICs
• [NAS‑106633] Fix cron tasks running in wrong time zone after setup
• [NAS‑112371] Clarify encryption pool creation wording
• [NAS‑113240] Prevent smbd crash when user cannot chdir() to connectpath
• [NAS‑113323] Resolve system lock‑up caused by all CPUs pruning ARC
• [NAS‑113356] Fix intermittent smbd crash during session logoff
• [NAS‑113368] Repair jail after upgrade to 12.0‑U6.1 (UTF‑8 decode error)
• [NAS‑113393] Address crash during snapshot enumeration (Samba 4.13 regression)
• [NAS‑113409] iSCSI initiators now show connections after 12.0‑U5 update
• [NAS‑113513] Preserve file modified time when copying to SMB shares
• [NAS‑113621] Fix smbd assertion when multiple tcons have different credentials
• [NAS‑113631] Correct winbindd_idmap.tdb high‑water‑mark initialization
• [NAS‑113727] Resolve web UI unresponsiveness after several days
• [NAS‑113741] Fix duplicate WWPNs on 4‑port FC NICs
• [NAS‑113744] Hook‑setup HA regression on CORE addressed
• [NAS‑113751] Resolve httpd.core issue after upgrade to 12.U7
• [NAS‑113813] Update plugin artifact before pre‑update script runs
• [NAS‑113814] Fix empty graphs bug
• [NAS‑113823] Asigra jail upgrade now rolls back correctly
• [NAS‑113863] Samba Kerberos authentication works again in MIT realms
• [NAS‑113925] Provide correct file generation number
• [NAS‑114020] Fix lingering bug that prevented disconnecting outdated pools
• [NAS‑114034] Resolve PHP error when installing Nextcloud plugin
• [NAS‑114047] Remove stray core file detection
• [NAS‑114052] Correct alert services page checkbox behavior
• [NAS‑114116] Make MinIO console port configurable
• [NAS‑114125] Fix memory leak in snmp‑agent.py
• [NAS‑114164] Disable SMB1 Unix extensions by default
• [NAS‑114177] Repair disk.sync handling for multipath disks
• [NAS‑114178] Enclosure plugin now accounts for multipath setups
• [NAS‑114239] Add alert for CVE‑2021‑20316‑related misconfiguration
• [NAS‑114277] sesutil now controls LEDs on ES102 correctly
• [NAS‑114278] Merge FreeBSD SA‑22:01 EN‑22:02‑04
• [NAS‑114320] Fix error handling for dmu_write_uio_dbuf() on FreeBSD
• [NAS‑114468] Update Samba to 4.13.17 (TrueNAS 12.0) / 4.15.5 (TrueNAS 13.0 & SCALE) for CVE‑2022‑44142
• [NAS‑114491] Update Samba to 4.13.16

Key workarounds

• Samba CVE‑2021‑20316: Keep SMB1 disabled (default). If it must be enabled, add unix extensions = no under Services > SMB and restart the service. On versions prior to TrueNAS 13.0, export a given path via either SMB2 or NFS, not both.
• MinIO wildcard certificates: Reset the MinIO domain to localhost when the SAN/CN contains only a wildcard.
• Asigra plugin upgrades (≤ 14.2.0.2): Open the Shell in the web UI and run iocage upgrade <plugin‑name>.
• Persistent L2ARC: Re‑enable by adding a sysctl tunable vfs.zfs.l2arc.rebuild_enabled = 1 under System > Tunables.
• Root user as SMB account: Use a non‑root account for SMB services; this is now enforced for security.
• Netatalk CVEs: Review the Netatalk security article for details on the seven announced vulnerabilities.