Get a Quote   (408) 943-4100               TrueNAS Discord      VendOp_Icon_15x15px   Commercial Support

Versions Affected : All versions prior to TrueNAS 12.0-U7


Description

Several certificates were removed from the bundle after the latest release of FreeBSD 12.2 and FreeBSD 13.0.

Additionally, an oversight in the root bundle processor included some roots that were not intended to be trusted for these purposes (SERVER_AUTH). Certificates are often removed from the root bundle due to a failure to meet the standards established by Mozilla for being considered a trusted Certificate Authority. Continuing to trust roots despite their removal from the bundle should be considered risky.


Workaround

No workaround is available. Software that uses an internal trust store is not affected.


Mitigation

  • Upgrade to TrueNAS 12.0-U7 or later.

Commit


Further information