New security updates available

The following versions needs to be updated immediately because of an authenticated PHP code injection vulnerability (CVE-2020-26124).

openmediavault 3.0.100

  • Add Debian security repository.
  • Disable jessie-backports repository.
  • Fix ‘Authenticated PHP Code Injection’ reported by Anastasios Stasinopoulos (@ancst) – Obrela Labs Team.

openmediavault 4.1.36

  • Fix ‘Authenticated PHP Code Injection’ reported by Anastasios Stasinopoulos (@ancst) – Obrela Labs Team.

openmediavault 5.5.12

  • Update locales.
  • Fix ‘Authenticated PHP Code Injection’ reported by Anastasios Stasinopoulos (@ancst) – Obrela Labs Team.
  • Issue #816: If you have assigned a comment to a user, you can’t delete the comment.
  • Issue #819: Dashboard on mobile not adjusting to 100% screen size.

New update available

openmediavault 5.5.11

  • Update locales.
  • Do not allow to create NFS shares using shared folders with blanks in their relative path. SaltStack can’t handle such bind mounts (https://github.com/saltstack/salt/issues/54508).
  • Issue #815: Disable quota if no quotas are configured for a device.

New update available

openmediavault 5.5.10

  • Update locales.
  • Fix bugs in date/time page. The field ‘Time servers’ was not marked as required when ‘Use NTP server’ was enabled. The field ‘Allowed clients’ was marked as required when ‘Use NTP server’ was disabled.
  • Fix bug in omv-firstaid when setting a static IPv6 address.
  • Added the environment variables ‘OMV_AVAHIDAEMON_ALLOW_INTERFACES’, ‘OMV_AVAHIDAEMON_ALLOW_POINT_TO_POINT’ and ‘OMV_AVAHIDAEMON_ENABLE_REFLECTOR’ to customize the Avahi/Zeroconf configuration for VPN.
  • File systems will not be mounted with the ‘noexec’ option anymore. Existing mount point configurations are not migrated.
  • Issue #800: Quotas are not configured after creating a file system.
  • Issue #810: Added the ‘OMV_CHRONY_SERVER_POOL_DIRECTIVE’ environment variable to configure the NTP server directive in chrony.conf. Default is ‘server’.