Saltar al contenido principal

Version 7.3.2 2026-07-08

Unraid OS 7.3.2 is a security and bugfix release including Linux kernel 6.18.38, Docker VLAN networking fixes, storage and boot-pool fixes, virtualization UI fixes, Unraid API 4.35.1, and several base package updates.

Recommended for all users.

Upgrading

For step-by-step instructions, see Updating Unraid. Questions about your license?

Known issues

  • No new release-specific known issues are noted. For issues inherited from prior releases, see the Unraid OS 7.3.1 release notes.

Notes

  • This release includes security-related base package updates. Package-level CVE annotations are listed in Base distro updates.

Rolling back

  • No new rollback limitations are noted for this release. Before rolling back, review the Unraid OS 7.3.1 release notes.

BREAKING CHANGES

  • None.

Changes vs. Unraid OS 7.3.1

Security

  • Security: Fixed a WebGUI update.php path-traversal command execution vulnerability, CVE-2026-3838.
  • Security: Includes base package security fixes with CVE coverage for multiple components; package-level CVE details are listed in Base distro updates.

Containers / Docker

  • Fix: Docker VLAN auto-networks can fall back to the configured Docker gateway so containers keep outbound connectivity.
  • Improvement: Improved Docker tab load performance by keeping synchronous I/O off the Docker tab render path, based on a community contribution from TSpader (thank you!)

Storage

  • Fix: Boot pool replacement no longer leaves a stale missing mirror member in the affected replacement case.
  • Fix: Removing a boot pool device no longer triggers the regression that could fail the operation.
  • Fix: Formatting a pool device whose name overlaps with a boot device no longer triggers a false positive invalid-target assertion.
  • Fix: Dashboard cache pool size and usage reporting is corrected for Btrfs RAID1 pools.

WebGUI / System

  • New: Added monitor status output for panel indication plugins that use LED and LCD state.
  • Fix: Shutdown and reboot syslog saving now creates /boot/logs before writing syslog files.
  • Fix: System Devices controller listings no longer include unrelated devices in affected cases.
  • Fix: Internal Boot with Flash Licensing better handles transient USB license device resets.

Networking / Hardware

  • Fix: Avahi/mDNS update can start the daemon again after transient network loss.
  • Fix: Intel GPU PCI speed reporting is corrected.
  • Improvement: Intel iGPU SR-IOV controls are shown only when the supporting plugin is installed.

Virtualization

  • Fix: VM CPU usage no longer reports high usage caused by unrelated host tasks.
  • Fix: VM context menu positioning is corrected.
  • Improvement: VM Network Source dropdown entries are sorted and the control is wider for easier scanning.
  • Fix: Removed an obsolete VM reboot banner message when VM PCI options are enabled.

Unraid API

Linux kernel

  • Linux kernel: update to 6.18.38-Unraid. CONFIG_USB_AUTOSUSPEND_DELAY=-1

Base distro updates

Added packages (3)

  • libcbor: version 0.14.0
  • libfido2: version 1.17.0
  • libmaxminddb: version 1.13.3

Updated packages (73)

  • aaa_libraries: version 15.1-50 -> 15.1-51
  • acl: version 2.3.2 -> 2.4.0
  • at-spi2-core: version 2.60.4 -> 2.60.5
  • attr: version 2.5.2 -> 2.6.0
  • bash: version 5.3.009-2 -> 5.3.015-2
  • bash-completion: version 2.17.0 -> 2.18.0
  • bind: version 9.20.23 -> 9.20.24-2 (security fix noted; no CVE IDs listed)
  • ca-certificates: version 20260413 -> 20260616
  • cifs-utils: version 7.5 -> 7.6
  • curl: version 8.20.0 -> 8.21.0 (NVD: CVE-2026-9079, CVE-2026-9080, CVE-2026-9545, CVE-2026-9546, CVE-2026-9547)
  • dnsmasq: version 2.92rel2 -> 2.93 (CVE-2026-2291)
  • docker: version 29.5.2 -> 29.5.3
  • dynamix.unraid.net: version 4.34.0 -> 4.35.1
  • elogind: version 255.25 -> 255.27
  • etc: version 15.1-16 -> 15.1-17
  • exfatprogs: version 1.3.2 -> 1.4.2
  • file: version 5.47-2 -> 5.48
  • fontconfig: version 2.18.0-2 -> 2.18.1
  • gdk-pixbuf2: version 2.44.6 -> 2.44.7
  • git: version 2.54.0 -> 2.55.0
  • glib2: version 2.88.1 -> 2.88.2
  • graphite2: version 1.3.14-3 -> 1.3.15-2
  • harfbuzz: version 14.2.0 -> 14.2.1
  • iproute2: version 7.0.0 -> 7.1.0-2
  • jansson: version 2.15.0 -> 2.15.1
  • json-c: version 0.18_20240915 -> 0.19
  • kbd: version 2.9.0 -> 2.10.0
  • krb5: version 1.22.2-2 -> 1.22.2-3
  • less: version 702 -> 704
  • libarchive: version 3.8.7 -> 3.8.8 (security fix noted; no CVE IDs listed)
  • libdrm: version 2.4.133 -> 2.4.134
  • libevent: version 2.1.12-4 -> 2.1.13 (security fix noted; no CVE IDs listed)
  • libffi: version 3.5.2 -> 3.6.0
  • libidn: version 1.43 -> 1.44 (security fix noted; no CVE IDs listed)
  • libjpeg-turbo: version 3.1.4.1 -> 3.2.0
  • libnvme: version 1.16.1 -> 1.16.2
  • libpsl: version 0.21.5 -> 0.22.0
  • libseccomp: version 2.6.0 -> 2.6.1 (security fix noted; no CVE IDs listed)
  • libtiff: version 4.7.1 -> 4.7.2
  • liburing: version 2.14 -> 2.15
  • libvirt-php: version 0.5.8-8.4.21 -> 0.5.8-8.4.23
  • libxkbcommon: version 1.13.1 -> 1.13.2
  • lmdb: version 0.9.35 -> 1.0.0
  • lsof: version 4.99.6 -> 4.99.7
  • mesa: version 26.1.1 -> 26.1.4
  • nano: version 9.0 -> 9.1
  • net-tools: version 20181103_0eebece-3 -> 20181103_0eebece-5 (CVE-2025-46836)
  • nghttp3: version 1.15.0 -> 1.17.0
  • nginx: version 1.30.1-1 -> 1.30.3-1 (NVD: CVE-2026-9256, CVE-2026-42055, CVE-2026-48142)
  • ngtcp2: version 1.22.1 -> 1.24.0
  • noto-fonts-ttf: version 2026.05.01 -> 2026.07.01
  • openssh: version 10.3p1 -> 10.4p1 (security fix noted; no CVE IDs listed)
  • openssl: version 3.5.6-2 -> 3.5.7 (CVE-2026-34182, CVE-2026-34183, CVE-2026-42764, CVE-2026-45447; NVD: CVE-2026-7383, CVE-2026-9076, CVE-2026-34180, CVE-2026-34181, CVE-2026-42766, CVE-2026-42767, CVE-2026-42768, CVE-2026-42769, CVE-2026-42770, CVE-2026-45445, CVE-2026-45446)
  • pango: version 1.57.1 -> 1.58.0
  • php: version 8.4.21-1 -> 8.4.23-1 (CVE-2026-14355)
  • pkgtools: version 15.1-31 -> 15.1-32
  • qemu: version 10.2.2-1 -> 10.2.3-1
  • rsync: version 3.4.3 -> 3.4.4
  • samba: version 4.22.8 -> 4.22.10 (CVE-2026-1933, CVE-2026-2340, CVE-2026-3012, CVE-2026-3238, CVE-2026-4408, CVE-2026-4480)
  • shadow: version 4.19.4-2 -> 4.19.4-6 (security fix noted; no CVE IDs listed)
  • shared-mime-info: version 2.4-2 -> 2.5.1
  • spirv-llvm-translator: version 22.1.2 -> 22.1.4
  • sqlite: version 3.53.1 -> 3.53.3 (NVD: CVE-2026-11822, CVE-2026-11824)
  • sysvinit-scripts: version 15.1-36 -> 15.1-38
  • tree: version 2.3.1 -> 2.3.2
  • util-linux: version 2.42.1 -> 2.42.2
  • wireless-regdb: version 2026.03.18 -> 2026.05.30
  • xclock: version 1.1.1 -> 1.2.0
  • xinit: version 1.4.4 -> 1.4.4-2
  • xkeyboard-config: version 2.47 -> 2.48
  • xlsclients: version 1.1.5 -> 1.1.6
  • xorg-server: version 21.1.22-3 -> 21.1.23 (security fix noted; no CVE IDs listed)
  • zfs: version 2.4.2 -> 2.4.3