TrueNAS Security Advisories
The TrueNAS team monitors TrueNAS and TrueCommand products for potential security vulnerabilities. Identified vulnerabilities are analyzed for exposure in TrueNAS products. Each identified vulnerability assesses the exposure level to TrueNAS or TrueCommand and the vulnerability is assigned a security rating. Security rating definitions and general TrueNAS policies related to these ratings are described in the vulnerability definitions.
The TrueNAS team recommends that all systems installed with TrueNAS or TrueNAS-related products are configured consistent with the security best practices guide available from the TrueNAS Documentation Hub.
For secure communications with the TrueNAS Security Team, you can use our PGP public key to encrypt sensitive security reports and vulnerability disclosures.
Download: TrueNAS SecTeam PGP Public Key
Download: Bill_O’Hanlon PGP Public Key
Key Fingerprint: Contact psirt@ixsystems.com for key verification
This key should be used when sending sensitive security information that requires encryption. For general security inquiries, you may use the standard contact methods listed above.
Click a product card at the bottom of the page to see the latest published advisories, TrueNAS team responses, archived advisories, and any special security notices that are relevant to that product.