DSM Update Version: 7.2-64551 (Release Candidate)

[SynoMan]

(2023-04-25)

Important Note​

1. After installing this update, you will not be able to downgrade to a previous DSM version.
2. This update will restart your Synology NAS.
3. Starting from this version, logs for drives will no longer appear in Storage Manager > HDD and will be available only in Log Center.
4. Removed the "Automatically create port forwarding rules" option from QuickConnect advanced settings to increase network security.
5. Users can now create a Btrfs volume of up to 1 PB on specific Synology NAS models. This update automatically converts existing volumes that use the Btrfs (Peta Volume) file system to Btrfs. However, to create a volume larger than 200 TB, a RAID 6 storage pool and at least 64 GB of system memory are still required.Learn more

What’s New​

1. Added support for WriteOnce shared folders. This feature is based on the Write Once, Read Many (WORM) technology and can be enabled to prevent files from being modified, deleted, or renamed for a specified period.
2. Added support for volume encryption. All volume encryption keys are stored in the Encryption Key Vault, which can be set up on a local Synology NAS or via KMIP on a remote Synology NAS.
3. Added more Synology NAS models to support M.2 NVMe SSD storage pools. Learn more
4. Added more Synology NAS models to support the M2D18 adapter card: RS822RP+, RS822+, RS1221RP+, and RS1221+.
5. Added more SSD cache group management options, including changing the RAID type and replacing a drive.
6. Added support for inline zero-block removal to increase the efficiency of data deduplication.
7. Adjusted how drive information is presented in Storage Manager. Users can now quickly check the condition of their drives by looking at the "Drive Status" field.
8. Users can now view the amount of used and free space for each storage pool and volume in Storage Manager.
9. Added a warning notification for when the available shared folder quota is low.
10. Supports deleting individual desktop notifications.
11. Supports sending DSM notifications via additional webhook providers, including LINE and Microsoft Teams.
12. Supports creating custom notification rules for system events, giving users greater control over what notifications to receive.
13. Supports exporting a list of users and of groups.
14. Added support for SAML to integrate DSM with external SSO servers.
15. Added the option to allow non-admin users to safely eject USB devices.
16. Users can now manually input the IP addresses or FQDNs of one or more domain controllers in the trusted domain. This allows Synology NAS to sync domain data directly with the specified domain controllers.
17. Users can now enable Synology's email server to send DSM notifications directly to their Synology Account.

Fixed Issues​

1. Updated Mbed-TLS to version 2.28.2 to fix multiple security vulnerabilities (CVE-2021-36647, CVE-2022-46392, CVE-2022-46393).
2. Updated Libksba to version 1.6.3 to fix a security vulnerability (CVE-2022-3515).
3. Updated SQLite to version 3.40.0 to fix a security vulnerability (CVE-2022-46908).
4. Updated Certifi to version 2022.12.07 to fix a security vulnerability (CVE-2022-23491).
5. Updated Node.js to version 14.21.1 to fix a security vulnerability (CVE-2022-43548).
6. Updated cURL to version 7.86.0 to fix multiple security vulnerabilities (CVE-2022-27774, CVE-2022-27775, CVE-2022-27776, CVE-2022-27781, CVE-2022-27782, CVE-2022-32205, CVE-2022-32206, CVE-2022-32207, CV E-2022-32221, CVE-2022-35252, CVE-2022-42915, CVE-2022-42916).
7. Updated PHP to version 8.1.9 to fix multiple security vulnerabilities (CVE-2019-11043, CVE-2021-21705, CVE-2022-31625).
8. Updated Sysstat to version 12.7.1 to fix a security vulnerability (CVE-2022-39377).
9. Updated OpenSSL to version 3.0.7 to fix multiple security vulnerabilities (CVE-2022-2068, CVE-2022-2097, CVE-2022-2274, CVE-2022-3358, CVE-2022-3602, CVE-2022-3786).
10. Updated Expat to version 2.5.0 to fix a security vulnerability (CVE-2022-43680).
11. Updated Libtirpc to version 2.87 to fix a security vulnerability (CVE-2021-46828).
12. Updated GnuPG to version 2.2.39 to fix a security vulnerability (CVE-2022-34903).
13. Updated OpenVPN to version 2.5.8 to fix a security vulnerability (CVE-2022-0547).
14. Updated libxml2 to version 2.9.14 to fix a security vulnerability (CVE-2022-23308).
15. Updated GMP to version 6.2.1 to fix a security vulnerability (CVE-2021-43618).
16. Fixed a security vulnerability regarding Netatalk (CVE-2022-45188).
17. Fixed multiple security vulnerabilities regarding Python3 (CVE-2020-10735, CVE-2021-28861, CVE-2022-45061).
18. Fixed multiple security vulnerabilities regarding iproute2 (CVE-2022-3527, CVE-2022-3529, CVE-2022-3530).
19. Fixed multiple security vulnerabilities regarding D-Bus (CVE-2022-42010, CVE-2022-42011, CVE-2022-42012).
20. Fixed a security vulnerability regarding syslog-ng (CVE-2022-38725).
21. Fixed a security vulnerability regarding inetutils (CVE-2022-39028).
22. Fixed a security vulnerability regarding DNSmasq (CVE-2022-0934).
23. Fixed a security vulnerability regarding BusyBox-udhcp (CVE-2019-5747).
24. Fixed multiple security vulnerabilities regarding Linux Kernel (CVE-2021-22600, CVE-2021-38209, CVE-2021-4037, CVE-2022-0168, CVE-2022-1016, CVE-2022-1729, CVE-2022-1786, CVE-2022-20141, CVE-2022-20368, CVE-2022-2078, CVE-2022-2639, CVE-2022-2905, CVE-2022-29581, CVE-2022-32250, CVE-2022-3524, CVE-2022-3566, CVE-2022-3567, CVE-2022-36879, CVE-2022-36946, CVE-2022-42703).
25. Fixed a security vulnerability regarding Nginx (CVE-2022-3638).
26. Updated ImageMagick to version 6.9.12-61 to fix multiple security vulnerabilities (CVE-2020-25664, CVE-2020-25665, CVE-2020-25666, CVE-2020-25667, CVE-2020-25674, CVE-2020-25675, CVE-2020-25676, CVE-2020-27560, CVE-2020-27750, CVE-2020-27751, CVE-2020-27752, CVE-2020-27753, CVE-2020-27754, CVE-2020-27755, CVE-2020-27756, CVE-2020-27757, CVE-2020-27758, CVE-2020-27759, CVE-2020-27760, CVE-2020-27761, CVE-2020-27762, CVE-2020-27763, CVE-2020-27764, CVE-2020-27765, CVE-2020-27766, CVE-2020-27767, CVE-2020-27768, CVE-2020-27769, CVE-2020-27770, CVE-2020-27771, CVE-2020-27772, CVE-2020-27773, CVE-2020-27774, CVE-2020-27775, CVE-2020-27776, CVE-2020-29599, CVE-2021-20176, CVE-2021-20224, CVE-2021-20241, CVE-2021-20245, CVE-2021-20246, CVE-2021-20309, CVE-2021-3574, CVE-2021-3596, CVE-2021-39212, CVE-2021-4219, CVE-2022-1114, CVE-2022-1115, CVE-2022-28463, CVE-2022-32545, CVE-2022-32546, CVE-2022-32547).
27. Updated FFmpeg to version 4.1.9 to fix multiple security vulnerabilities (CVE-2020-20892, CVE-2020-20902, CVE-2020-21688, CVE-2020-21697, CVE-2021-3566, CVE-2021-38114, CVE-2021-38291).

Limitation​

1. S.M.A.R.T. testing for M.2 NVMe SSDs is no longer supported.
2. Starting from DSM 7.2 Beta, Virtual Machine Manager will no longer support creating clusters with older DSM versions. Please update each host in the cluster to the same DSM version or above versions for the Virtual Machine Manager cluster to operate properly.
3. If your Synology Directory Server domain has been migrated from Windows AD, we recommend not updating to this version as this may cause start-up failure of your Synology Directory Server. We will fix this issue in the upcoming release.

------

Read more also here:

blackvoid - DSM 7.2 - 64551 release candidate (RC) is LIVE

After a short beta of DSM 7.2 that was released at the beginning of March, today, Synology announced the new DSM 7.2-64551 release candidate. Continue reading...

www.synoforum.com

 

[Robbie]

At last, a serious attempt by Synology to most of the exceedingly stale packages seemingly left to rot in DSM. The numerous security holes that pre-date DSM7 have been dragged into this decade. Can I now admit that I took virtually every Synology online feature off-line over the last year or so?

️

 

[Jan Janowski]

Whereas I'm not planning on using most of the new features.... I must say: That's a LOT of Security Fixes!!!

Looking forward to the release version +1

 

[fredbert]

Decided to update my DS218+ since it's only real jobs are ABB for Mac and HB Vault. So can risk it.

I see iTunes Server is dead in DSM 7.2, not that I actually used it.

 

[Telos]

That's a LOT of Security Fixes!!!

Some are repeated, and go back to 2020 ... Yikes!

 

[Jan Janowski]

Oh! Thought these were ‘fixed in this release’ — Or at least isn’t that where they were indicating???
I’m on sidelines for now but like reading to get comfortable with what’s new before jumping in.

Presently more concerned with SRM upcoming..

 

[fredbert]

Official Synology post over at The Other Place.

Synology Community

Hi! Come and join us at Synology Community. A place to answer all your Synology questions. Ask a question or start a discussion now.

community.synology.com

The Share File Link function is affected on DSM 7.2 RC​

[Affected version]
DSM7.2 RC
File Station 1.4.0-1552

[Symptom]
We would like to update you on the recent issue that has affected the Share File Link feature. The issue relates to a JavaScript error that caused a blue screen to appear while generating share file links, and users may also experience no response after entering the required password.

If you are experiencing the situation regarding the issues, follow the below instruction to download the patch for further updates. Applying the patch for File Station resolves the issue and ensures the proper functioning of the Share File Link feature. The patch is currently available for download at the following link.
1. Please refer to the following table to find the platform type for your device.
https://kb.synology.com/en-global/DSM/tutorial/What_kind_of_CPU_does_my_NAS_have
2. Download the patch and manually install it in Package Center > Manual Install
https://supfiles.synology.com/sharing/OmFLlLQhu

The issue will be fixed in the upcoming update for File Station on DSM 7.2 official. If the patch is not suitable for use in your environment, please stay tuned for updates and update it directly in package center on DSM 7.2 official.

If you still have any concerns, please submit a ticket via support form to let us know.

 

[Robbie]

Oh! Thought these were ‘fixed in this release’ — Or at least isn’t that where they were indicating???
I’m on sidelines for now but like reading to get comfortable with what’s new before jumping in.

Presently more concerned with SRM upcoming..

I've looked back on quite a few of them. Some are 'new' in that they became required when packages were added or revised, some are repeats of actions taken previously against a lower build, some are brand new and yes, quite a few that should have been resolved years ago - some of which could not be fixed as some of DSM's components were so old that they were not actively maintained.

There have been quite a few comments on this forum regarding the age and active maintenance status of some packages and some words on Synology modifying 3rd-party software outside of the licence conditions. You can get to the point where some packages have not just been left to wither but have had core functionality changed or removed by Synology (eg smartmon) that it becomes somewhat unfair to attribute the package to the original authors, let alone apply CVEs.

I guess the 'good' news is that Synology is making an effort now. Is it complete or comprehensive, who knows. My guess is that their move to the enterprise market has caused kick-back from auditors in that Synology is using packages, as part of DSM, that are way out of date. You don't get a nod from an auditor that you have no outstanding CVEs just because your packages are so poorly maintained by the provider that there is now no clear read-across from the current CVE database.

️

 

[Robbie]

For balance, probably worth adding all the CVEs for the burgeoning cloud market:
$:
$:
$:
$:
$:
... nope, got nothing as the providers do not wish to be part of the CVE system. They look to keep as many issues in-house as possible and co-operate with nobody.

How any company gets accredited when they store and manage data off-prem, aka cloud, aka SES, with any of the major providers is beyond me. The absence of security bulletins must make them sleep really really well...

️

 

[Akira]

Are there any benefits to running 7.2 RC (OK well Container Manager running the newer version of docker 23.0.5) from how docker behaves? Does it support container runtime resource constraints or anything new?
If it does handle things better, other than this being an RC are there any other reasons not to run this? I'd be using it on a home system, only VPN technology are Wireguard containers, one as a proxy and the other so I can remote into the NAS.

 

[Rusty]

anything new

DSM 7.2 public beta is LIVE

The new #Synology #DSM 7.2 beta is now live! Volume encryption, WORM, and a few other new features have made it in this release.

www.blackvoid.club

Not such new, and some elements are still "manual" and not automatic as they should be when using some other 3rd party Docker manager platform. A decent attempt, but nothing major to write home about.

 

[Akira]

Thanks Rusty, as I use docker compose plugin when issuing CLI commands to manipulate containter and sometimes Portainer there's nothing new other than removing security vulnerabilities and as such not really worth me moving to an RC over 7.1.

 

[Rusty]

Thanks Rusty, as I use docker compose plugin when issuing CLI commands to manipulate containter and sometimes Portainer there's nothing new other than removing security vulnerabilities and as such not really worth me moving to an RC over 7.1.

From Docker perspective not much, no. Also 7.2 final is out soon, anyways, so if you are not on RC already, just wait. I have the dates but can't disclose them publicly, but it will be "very soon", so imho, just give some more time before moving to 7.2

 

[Ames]

DSM 7.2 public beta is LIVE

The new #Synology #DSM 7.2 beta is now live! Volume encryption, WORM, and a few other new features have made it in this release.

www.blackvoid.club

Not such new, and some elements are still "manual" and not automatic as they should be when using some other 3rd party Docker manager platform. A decent attempt, but nothing major to write home about.

I don't think I'd say nothing major. Supporting compose is big. I've gone through and recreated all my containers with Synology doing the docker compose instead of portainer. That's a great change. Also when containers get updates you now get notifications and just click to update rather than the old find in registry, download, stop, reset, start thing.

 

[Rusty]

I don't think I'd say nothing major. Supporting compose is big. I've gone through and recreated all my containers with Synology doing the docker compose instead of portainer. That's a great change. Also when containers get updates you now get notifications and just click to update rather than the old find in registry, download, stop, reset, start thing.

The question in that post was, DSM 7.2 Container Manager vs Portainer and is it worth updating just for that. IMHO the answer is no, especially because the user is running Portainer.

Still, saying that, I do think CM is a decent enough update and shows that Syno is investing RND into. Hopefully they won't kill the support any time soon.