Firmware Update: Synology DSM 7.1.1 build 42951 RC

Synology has released version 7.1.1 Disk Station Manager, a version that is offered as a release candidate. Synology DSM is the management software that runs on various NAS products from the company. The Disk and Rack Stations offer more than just extra storage space. For example, additional packages can be installed to allow the device to function as a media server, web server, print server or backup server, for example. The possibilities are endless.

Before version 7.1 can be installed, at least version 7.0 must be present. Furthermore, 7.1 is only suitable for the nas models whose type number ends with 13 or higher. Version 7.1 will also be the last update for models ending in 13, 14 or 15. For the other conditions and the various downloads, see this page. Few changes have been made in version 7.1 that are important for home users. The necessary changes and improvements have been made for the heavier models and the nas that are used in business environments. The changelog for this release can be found below.

Important Notes

• Starting from this version, the bad sector count column will not be displayed along with hard drive information. Users should go to each drive’s Health Info > History to view its complete bad sector information. To determine whether bad sectors are affecting the drive, see if there’s a significant increase in the number of bad sectors over time.
• Adjusted how the system calculates M.2 NVMe SSD’S estimated lifspan to provide a more accurate estimation.

What’s New

• Added support for recipient profiles for email notifications, allowing users to add multiple email addresses under each profile and customize rules for the profiles.
• Users can now enable the quota setting for shared folders that are located on volumes with data deduplication enabled.
• Added support for RAID arrays with 16 and 20 hard drives when creating RAID groups.
• Supports checking the 2-factor authentication status of user accounts at Control Panel > User & Group > Users.

Fixed issues

• Fixed an issue where the “Enable UID/GID shifting” setting would be deactivated after modifying the time interval for updating the user/group list on an LDAP client.
• Fixed multiple security vulnerabilities regarding CIFS utils (CVE-2022-27239, CVE-2022-29869).
• Fixed a security vulnerability regarding OpenLDAP (CVE-2022-29155).
• Fixed a security vulnerability regarding cURL (CVE-2022-22576).
• Fixed a security vulnerability regarding Zlib (CVE-2018-25032).
• Fixed a security vulnerability regarding Freetype (CVE-2022-27406).
• Fixed multiple security vulnerabilities regarding 802.1X (CVE-2021-30004, CVE-2021-30266).
• Fixed multiple security vulnerabilities regarding GNU C Library(CVE-2021-43396, CVE-2022-23218, CVE-2022-23219).
• Fixed multiple security vulnerabilities regarding YAML-cpp (CVE-2018-20573, CVE-2018-20574, CVE-2019-6285).
• Fixed multiple security vulnerabilities regarding Linux Kernel (CVE-2019-11477, CVE-2019-11478, CVE-2019-11479, CVE-2020-12770, CVE-2019-18282, CVE-2019-19527, CVE-2019-19532, CVE-2019-19537, CVE-2021-0605, CVE-2021-3732, CVE-2021-3739, CVE-2021-3753, CVE-2021-4149, CVE-2021-4203, CVE-2021-20317, CVE- 2021-20321, CVE-2021-20322, CVE-2021-29154, CVE-2021-29650, CVE-2021-34556, CVE-2021-35477, CVE-2021-39633, CVE-2021-39698, CVE-2021- 45868, CVE-2022-0185, CVE-2022-0330, CVE-2022-0617, CVE-2022-0847, CVE-2022-1011, CVE-2022-1048, CVE-2022-1055, CVE-2022-1353, CVE-2022-20008, CVE-2022-27666, CVE-2022-28893, CVE-2022-29582).
• Updated OpenSSL to version 1.1.1o to fix multiple security vulnerabilities (CVE-2022-1292, CVE-2021-3712, CVE-2022-0778).
• Updated libarchive to version 3.6.1 to fix multiple security vulnerabilities (CVE-2021-36976, CVE-2022-26280).
• Updated Mbed-TLS to version 2.28 to fix multiple security vulnerabilities (CVE-2021-44732, CVE-2021-45450, CVE-2021-43666).
• Updated Python to version 3.8.12 to fix multiple security vulnerabilities (CVE-2021-3733, CVE-2021-3737, CVE-2022-0391).
• Updated Redis to version 6.2.7 to fix multiple security vulnerabilities (CVE-2022-24735, CVE-2022-24736).
• Updated ISC DHCP to version 4.4.3 to fix a security vulnerability (CVE-2021-25217).