Synology Security Synology-SA-22:01 DSM

Currently reading
Synology Security Synology-SA-22:01 DSM

Last edited:
I recommend waiting a month to install this update, due to Synology's egregious pattern of recalling updates and then re-releasing patched updates with the same build number.

When that happens, early adopters are unable to install the corrected patch. And we know that Synology's first patch release often introduce new deficiencies. I, for one, am stuck on a "release 2" version that was twice replaced. But I'll not repeat that, jumping to an early "release 3" build.

It's my hope that some here who have a relationship with Synology would use their influence to end this poor practice of releasing "patched" patches without advancing the build number.
 
Not even being offered on my DS218+ yet, haven't checked my DS212 yet.
1641923156222.png
 
That’s why you don’t patch production on day 1 ;)
The irony being that for security patches you should be implementing them fairly smart-ish on production devices, after testing on non-production devices, if they are exposed by the vulnerabilities.
 
The irony being that for security patches you should be implementing them fairly smart-ish on production devices, after testing on non-production devices, if they are exposed by the vulnerabilities.
Agreed, but due to recent MO by Syno when it comes to their patches, I never put new patches on day1 on PROD... just in case. Can't shake the feeling that this new "will be deployed in different regions..." policy means, let's buy some weeks by pushing the patch to the masses and see what will go wrong. Then we will patch some more and then we will do a mass rollout.
 
Well indeed. It's definitely worth reading the release notes to determine if it relates to anything you use... if you don't use a fixed/patched feature then probably it's worth not updating, at least not right away.

You know those bugs when the male often gets eaten by its mate:
  • The bug is us
  • The mate is Synology's software release and QA
  • And the rest of the bug eating world are hackers
 
if you don't use a fixed/patched feature then probably it's worth not updating
Exactly. This is my mindset as well. I only patch if there are obvious security problems that might bite me, and features that I might use/were fixed.

Nothing but to sit and wait now.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

Synology Security Synology-SA-24:02 DSM
A vulnerability allows remote authenticated users to conduct phishing attacks via a susceptible version of...
Replies
0
Views
587
Synology Security Synology-SA-24:01 DSM
I also noted that the initial remediation for all versions of DSM was to install DSM 7.2-64561. However, I...
Replies
6
Views
817
Synology Security Synology-SA-23:05 DSM
A vulnerability allows remote authenticated users to read arbitrary files via a susceptible version of...
Replies
0
Views
741
Synology Security Synology-SA-23:07 DSM
Just realized that my neighbor with 2600 with V1.2.x will have to upgrade..... Alerted him.... That's...
Replies
10
Views
1,363
Synology Security Synology-SA-22:18 DSM
Multiple vulnerabilities allow remote attackers to read or write arbitrary files or remote authenticated...
Replies
0
Views
1,069
Synology Security Synology-SA-22:17 DSM
Seems like Synology has all but abandoned DSM6 well ahead of the promised date.
Replies
1
Views
1,081
Synology Security Synology-SA-22:03 DSM
DSM 7.0.1-42218 Update 3 resolves this for DSM 7 users. Released a few days ago.
Replies
2
Views
2,531

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Back
Top