Buurst® SoftNAS 5 Release Notes

Resolved Items

• SR-393 NFS exports entries lost after multiple HA failovers

• SR-398 Active Replication pair fails to sync or replicate Block Device volume

• SR-396 RockyLinux 8 : kernel (RLSA-2025:19931)

  o   kernel: x86/vmscape: Add conditional IBPB mitigation (CVE-2025-40300)

  o   kernel: mm: fix zswap writeback race condition (CVE-2023-53178)

  o   kernel: fs: fix UAF/GPF bug in nilfs_mdt_destroy (CVE-2022-50367)

   

• SR-375 Multiple Kernel RLSAs

  o   We have been flagged for the following kernel CVEs on SoftNAS Version 5.6.6:

  o   RockyLinux 8 : kernel (RLSA-2025:13589):

  o   The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:13589 advisory.

  o   kernel: padata: fix UAF in padata_reorder (CVE-2025-21727)

  o   kernel: ipv6: mcast: extend RCU protection in igmp6_send() (CVE-2025-21759)

  o   kernel: can: peak_usb: fix use after free bugs (CVE-2021-47670)

  o   kernel: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (CVE-2025-38085)

  o   kernel: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds (CVE-2025-38159)

  o   Remote package installed : kernel-4.18.0-553.64.1.el8_10

  o   Should be                : kernel-4.18.0-553.69.1.el8_10

  o    

  o   Remote package installed : kernel-core-4.18.0-553.64.1.el8_10

  o   Should be                : kernel-core-4.18.0-553.69.1.el8_10

  o    

  o   Remote package installed : kernel-devel-4.18.0-553.64.1.el8_10

  o   Should be                : kernel-devel-4.18.0-553.69.1.el8_10

  o    

  o   Remote package installed : kernel-headers-4.18.0-553.64.1.el8_10

  o   Should be                : kernel-headers-4.18.0-553.69.1.el8_10

  o    

  o   Remote package installed : kernel-modules-4.18.0-553.64.1.el8_10

  o   Should be                : kernel-modules-4.18.0-553.69.1.el8_10

  o    

  o   Remote package installed : kernel-tools-4.18.0-553.64.1.el8_10

  o   Should be                : kernel-tools-4.18.0-553.69.1.el8_10

  o    

  o   Remote package installed : kernel-tools-libs-4.18.0-553.64.1.el8_10

  o   Should be                : kernel-tools-libs-4.18.0-553.69.1.el8_10

  o   RockyLinux 8 : kernel (RLSA-2025:12752):

  o   The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:12752 advisory.

  o   kernel: HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() (CVE-2025-21928)

  o   kernel: memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (CVE-2025-22020)

  o   kernel: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (CVE-2025-37890)

  o   kernel: net/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done (CVE-2025-38052)

  o   kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079)

  o   kernel: ext4: avoid resizing to a partial cluster size (CVE-2022-50020)

  o   Remote package installed : kernel-4.18.0-553.64.1.el8_10

  o   Should be                : kernel-4.18.0-553.66.1.el8_10

  o    

  o   Remote package installed : kernel-core-4.18.0-553.64.1.el8_10

  o   Should be                : kernel-core-4.18.0-553.66.1.el8_10

  o    

  o   Remote package installed : kernel-devel-4.18.0-553.64.1.el8_10

  o   Should be                : kernel-devel-4.18.0-553.66.1.el8_10

  o    

  o   Remote package installed : kernel-headers-4.18.0-553.64.1.el8_10

  o   Should be                : kernel-headers-4.18.0-553.66.1.el8_10

  o    

  o   Remote package installed : kernel-modules-4.18.0-553.64.1.el8_10

  o   Should be                : kernel-modules-4.18.0-553.66.1.el8_10

  o    

  o   Remote package installed : kernel-tools-4.18.0-553.64.1.el8_10

  o   Should be                : kernel-tools-4.18.0-553.66.1.el8_10

  o    

  o   Remote package installed : kernel-tools-libs-4.18.0-553.64.1.el8_10

  o   Should be                : kernel-tools-libs-4.18.0-553.66.1.el8_10

  o   RockyLinux 8 : kernel (RLSA-2025:15008):

  o   The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:15008 advisory.

  o   kernel: RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction (CVE-2025-38211)

  o   kernel: scsi: lpfc: Use memcpy() for BIOS version (CVE-2025-38332)

  o   kernel: tipc: Fix use-after-free in tipc_conn_close() (CVE-2025-38464)

  o   kernel: net/sched: sch_qfq: Fix race condition on qfq_aggregate (CVE-2025-38477)

  o   Remote package installed : kernel-4.18.0-553.64.1.el8_10

  o   Should be                : kernel-4.18.0-553.72.1.el8_10

  o    

  o   Remote package installed : kernel-core-4.18.0-553.64.1.el8_10

  o   Should be                : kernel-core-4.18.0-553.72.1.el8_10

  o    

  o   Remote package installed : kernel-devel-4.18.0-553.64.1.el8_10

  o   Should be                : kernel-devel-4.18.0-553.72.1.el8_10

  o    

  o   Remote package installed : kernel-modules-4.18.0-553.64.1.el8_10

  o   Should be                : kernel-modules-4.18.0-553.72.1.el8_10

  o    

  o   Remote package installed : kernel-tools-4.18.0-553.64.1.el8_10

  o   Should be                : kernel-tools-4.18.0-553.72.1.el8_10

  o    

  o   Remote package installed : kernel-tools-libs-4.18.0-553.64.1.el8_10

  o   Should be                : kernel-tools-libs-4.18.0-553.72.1.el8_10

• SR-378 Ignore running of deltasync in cases where it does not make sense for it to run

• SR-381 Address issue purging snapshots at remote

• SR-390 (For SoftNAS 5.6 and lower)  remove entry for IP address from /etc/hosts

  • EXAMPLE:  Edit hosts and delete highlighted entries as noted below:

    • 127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4

    • ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

    • 52.86.152.91 mirror.softnas.com pypi.softnas.com

    • 54.88.117.35 http://softnas.com http://www.softnas.com

    • -----------------------------------------------------

    • Edit your /etc/hosts file and comment out (or remove) the entry for 52.86.152.91 mirror.softnas.com pypi.softnas.com  and 54.88.117.35 http://softnas.com http://www.softnas.com

    • Example:  Use your preferred text editor such as vi or nano. You will need to become root or use sudo in order to save changes to this file:

    • sudo vi /etc/hosts

    • delete or comment out with “#” at the front of the line:

    • 127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4

    • ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

    • #52.86.152.91 mirror.softnas.com

    • #54.88.117.35 http://softnas.com http://www.softnas.com

    • Save file

Enhancements

• SR-371 Added improved OCI fail-over performance time

• SR-380 Support both VIP within and outside of HA nodes subnets CIDR range

• SR-382 Provide way to restart deltasync from UI

• SR-383 Add support for Deltasync to remove clone volume

• SR-386 Enable resumption of failed replication on next replication cycle

• SR-387 Enable lock during snapreplicate cycle

• SR-388 Update replication logic to enable resumption of checkpoint for HA and DR

Resolved Issues 

 Bug Fixes 

• Azure NVMe Recognition: Resolved an issue where NVMe devices provided with Azure L-series family VMs were not detected as ephemeral storage, ensuring proper device utilization.

• AWS Kernel Vulnerability: Patched CVE-2017-17095 in accordance with Red Hat Security Advisory RHSA-2025:4658, strengthening security for AWS deployments.

• SnapVol Configuration: Fixed a bug where snapvol*-ini files lost configuration details after upgrades, ensuring consistency across version updates.

Kernel Updates:

• Rocky Linux 8 kernel patches

  • RLSA-2025:8056
    RLSA-2025:8246
    RLSA-2025:9580
    RLSA-2025:11298
    RLSA-2025:3026
    RLSA-2025:3260
    RLSA-2025:3893
    RLSA-2025:11455
    RLSA-2025:2473

Stability Improvements

• HA Storage Account Timeout: Resolved an issue where SoftNAS was unable to retrieve the High Availability (HA) Storage Account resource group due to ARM API timeouts. This improves the reliability of HA operations within Azure environments.

• Logrotate Management: Corrected the configuration for log rotation of /var/log/waagent.log, ensuring consistent log handling and uninterrupted system monitoring.

• VIP Deletion Logging: Fixed a logging inconsistency where deletion of the Virtual IP (VIP) entry left blank lines in the snapreplicate.log file.

• SNAP HA Setup with Invalid VM Names: Addressed a failure during SNAP HA configuration caused by Azure VM names containing unsupported characters, allowing smoother deployments across varied environments.

• Software Update Logging: Resolved a misleading log message that was being recorded during software update processes in snapreplicate.log.

• SnapHA Takeover Reliability: Corrected a takeover failure in SnapHA when the azureMainStorageAccount value was missing in the azure.ini file, ensuring greater HA consistency.

• HA Monitor State Management: Enhanced the HA monitor service by properly stopping it before setting the timestamp and moving the VIP, improving failover operations.

• Split-Brain Prevention in VNET Reassignment: Resolved an issue that could result in a split-brain condition when moving a VNET to a different resource group.

• Cross-Resource Group VIP Assignment: Fixed an issue where VIP assignment failed when the VNET and NIC were located in separate resource groups.

Enhancements

• Improved Azure ARM API Throttling Handling: Implemented optimized logic to better manage Azure ARM API rate limits, improving responsiveness and stability during SnapHA operations.

• Expanded AZ CLI Logging: Increased the verbosity and clarity of logging for the Azure CLI agent to improve diagnostics and supportability.

• ARM Resource Caching: Introduced intelligent caching of ARM resource details required for HA. This reduces redundant API calls and enhances performance.

• Periodic Witness Storage Refresh: Added automated refresh logic for cached HA witness storage information, keeping data accurate and up to date.

• HA Monitor Service Optimization: Modified HA monitor behavior to stop gracefully before VIP relocation, contributing to smoother HA transitions.

• VNET Movement Safeguards: Improved the process of reassigning VNETs between resource groups to mitigate risks of HA inconsistencies.

• Enhanced Network Validation: Added checks to detect and resolve incomplete VIP assignments across resource groups, ensuring network integrity.

• Zpool Clearance Automation:  Added zpool clear on suspended disks.

Resolved Issues 

 Bug Fixes 

• RLSA-2025:1068: Resolves security flaws impacting system stability and integrity. 

• RLSA-2025:1266: Resolves security flaws impacting system stability and integrity. 

Enhanced Product Capabilities for Greater Reliability, Security, and Performance 

• Upgraded ZFS to Version 2.2.7: 
  Customers benefit from improved filesystem reliability, enhanced performance, and better data integrity. The latest ZFS upgrade brings optimizations that reduce storage overhead, accelerate read/write operations, and improve snapshot efficiency—ensuring mission-critical applications run more smoothly with higher availability

• Security Hardening for Enhanced Protection:

  • Patched Webmin Privilege Escalation Vulnerability

    • CVE-2024-12828: Strengthening security, we have resolved a known vulnerability that could allow unauthorized privilege escalation. This update ensures a safer administrative environment and mitigates potential attack risks. 

  • Eliminated Embedded Access Keys & Sensitive Logging: Following security best practices, we’ve removed hardcoded access keys and sensitive log information to minimize the risk of unauthorized access and data exposure. These changes help customers meet compliance requirements while reinforcing the security posture of their deployments. 

  • Rocky Linux 8 kernel updates to address vulnerabilities: 

    • RLSA-2024:8856  

    • RLSA-2024:10943  

    • RLSA-2025:0065 

These enhancements reinforce our commitment to delivering a more secure, high-performing, and resilient storage solution, enabling customers to confidently scale their workloads with peace of mind. 

High Availability (HA) Improvements 

• Added scripts to clean up failed HA installations automatically. 

• Resolved split-brain conditions and synchronization failures during HA operations 

Azure-Specific Enhancements 

• Added a script to replace expired Azure Service Principal credentials 

  • KB Article for reference: [SoftNAS KB]: Expired Azure Service Principal Secret - Knowledge Base and Support - Buurst 

• Fixed Azure storage account creation to use the latest TLS version 1.2 

• Resolved issues where expired credentials caused configuration files to clear unexpectedly 

• Fixed disk creation failures and default password issues post-sysprep 

Bug Fixes 

• Licensing & Activation: 

  • Fixed invalid license errors after upgrading to 5.6.1 

  • LicenseManager service now stops automatically for Marketplace deployments 

• Storage & Snapshots: 

  • Fixed ZFS pool import failures and upgrade-related ZFS breakage 

  • Resolved DeltaSync and SnapReplicate errors, including snapshot purging and remote synchronization issues 

  • Deleted LUKS pools no longer appear as available devices on OCI deployments 

 Authentication & Directory Services: 

• Active Directory connections now work when SMB monitoring is disabled 

• Fixed Samba user management panel functionality 

 UI/UX Improvements

• SMTPS settings now persist after closing the Administrator tab 

• Time-zone configuration errors resolved 

  • KB Article for reference: Configuring System Time - SoftNAS Documentation - Buurst 

 AWS-Specific Fixes

• Allowed switching from access keys to IAM roles without disruption 

 Miscellaneous 

• Disabled unnecessary cockpit.socket service (port 9090). 

• Resolved package conflicts when installing openldap-servers 

 Deprecation Notice

• Removed/deprecated s3backer and SmartTiers (btier) packages. Customers will not be able to upgrade to 5.6.2 if object storage and/or SmartTiers (btier) packages are found 

  • Please contact support@buurst.com for assistance in upgrading to SoftNAS 5.6.2

Improvements

• Documentation - Updated the help documentation to provide more accurate and up-to-date information, making it easier to find solutions and troubleshoot problems. 

• ZFS Upgrade - Upgraded to the latest ZFS version 2.2.6 

• Storage Pool Upgrade - We now inform users when an upgrade to their storage pool is available and allow them to perform the upgrade at their convenience 

Bug Fixes

• License Management  

  • Resolved issue where License Manager server could crash when restarted 

  • Resolved issue with online/offline activation and premature license expiration. 

  • After upgrade to SoftNAS 5.5.3, licensing page only shows offline activation option 

  • Resolved issue where license error redirection page was not displaying all information 

  • Resolved issue where moving online to offline license resulted in an expired license 

  • Resolved issue where users are unable to revert to Built-in license after license expiration 

• Lift and Shift  

  • Resolved issue in Lift&Shift where Configure Repository button was disabled 

  • Resolved issue where L&S repository volume was included in SnapReplicate task list 

  • Resolved issue where users couldn’t verify login on Step 2 of Lift & Shift flow 

• Mismatch Pool - Resolved issue when attempting to expand a mismatch pool that includes RAID 0 

• Notifications - Eliminated repetitive “Monit reloaded” event from email notifications 

• UI - Resolved issue where SotrageCenter panel titles were missing under Safari 

• SnapHA - Resolved issues that could impact the reliability and performance of SnapHA 

Known Issue

• Old License Menu - After a software update, users may encounter an old license menu under the StorageCenter UI 

  • Following an update, we recommend clearing the browsers cache prior to accessing StorageCenter 

• Invalid License Condition - During a software update, a user may encounter the invalid license condition page 

  • If encountered, allow system to complete the update and reboot. Once rebooted, system will function as normal.  

  • We recommend you reload the StorageCenter UI or select “Click Here to resume normal operation” and wait for the log in screen 

• SnapHA “Next” Button - When deploying SoftNAS instances through Azure, and using a Firefox web browser, users are unable to click the “Next” button located on the “Add High Availability - Instructions” pop-up screen. This ultimately prevents users from setting up SNAP HA via the Storagecenter UI. 

  • Users should refer to this KB article: SoftNAS Deployment on Azure: Firefox "Next" Button Issue on HA Configuration 

All Identified CVEs

• Critical Vulnerabilities (CVEs) -We’ve addressed highly critical and/or critical vulnerabilities since the previous SoftNAS release. Rocky Linux security update for Kernel includes:

  • (CVE-2023-52451)

  • (CVE-2023-52463)

  • (CVE-2021-46939)

  • (CVE-2021-46939)

  • (CVE-2023-52622)

  • (CVE-2024-26669)

  • (CVE-2024-26669)

  • (CVE-2024-26802)

  • (CVE-2024-26843)

  • (CVE-2024-26878)

  • (CVE-2024-36886)

  • (CVE-2023-52653)

  • (CVE-2024-21823)

  • (CVE-2023-52658)

  • (CVE-2024-35807)

  • (CVE-2024-35801)

  • (CVE-2024-35947)

  • (CVE-2024-35893)

  • (CVE-2024-35876)

  • (CVE-2023-52864)

  • (CVE-2023-52845)

  • (CVE-2023-28746)

  • (CVE-2023-52847)

  • (CVE-2021-47548)

  • (CVE-2024-36921)

  • (CVE-2024-26921)

  • (CVE-2021-47579)

  • (CVE-2024-36927)

  • (CVE-2024-39276)

  • (CVE-2024-33621)

  • (CVE-2024-27010)

  • (CVE-2024-26960)

Known Issue

• Storage Pool – Auto-trim disabled during storage pool creation, providing customers with the ability to manually turn it on

All Identified CVEs

• Critical Vulnerabilities (CVEs) -We’ve addressed highly critical and/or critical vulnerabilities since the previous SoftNAS release. Rocky Linux security update for Kernel includes:

  • (CVE-2024-39689)

  • (CVE-2024-37891)

  • RLSA-2024:3138: https://errata.rockylinux.org/RLSA-2024:3138

  • RLSA-2024:3618: https://errata.rockylinux.org/RLSA-2024:3618

  • RLSA-2024:4211: https://errata.rockylinux.org/RLSA-2024:4211

Bug Fixes

• UI - Resolved issue where support log collection failed.

• Rocky Linux - Fixed issue where secure log was not rotated.

• RHEL - Resolved update issue for SoftNAS 5.4.3 running on RHEL.

• Volumes - Resolved issue where snapshot retention policy was not followed.

All Identified CVEs

• Critical Vulnerabilities (CVEs) -We’ve addressed highly critical and/or critical vulnerabilities since the previous SoftNAS release. Rocky Linux security update includes:

  • (CVE-1999-0524)

Improvements:

• PHP - Upgraded PHP from version 7.4 to 8.2, enhancing performance and compatibility.

  • Security update - Sensitive parameter redaction protects sensitive data from leaking in stack traces by redacting those values.

• ZFS - Updated ZFS to version 2.2.3, improving stability and functionality.

  • Improved bug fixes: Resolved various bugs including data corruption issues and improved Zpool trim performance on Linux.

  • Foundation for future Linux kernel compatibility establishes the groundwork forfuture compatibility with the latest Linux kernel (6.8).

  • Other improvements:

    • Added support for Ntfy notifications for ZED (ZIL Encryption Daemon).

    • Various minor improvements across the codebase.

  • Timeout - Addressed timeouts experienced during updates, ensuring smoother operations.

Bug Fixes:

• AWS - Addressed a problem where the routing table failed to update after automatic failover in HA setups.

• Azure - Aligned Azure CLI with the latest SoftNAS version for improved compatibility.

• Notifications - Confirmed standard email notification cadence, resolving default setting discrepancy.

• Safari - Fixed Safari WARNING pop-up bug in Expansion Pool flow, allowing users to select disks/RAID levels correctly.