Skip to content
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
209 changes: 111 additions & 98 deletions docs/unraid-os/release-notes/7.3.2.md
Original file line number Diff line number Diff line change
@@ -1,144 +1,157 @@
# Version 7.3.2-rc.1 2026-07-02
# Version 7.3.2 2026-07-08

Unraid OS 7.3.2-rc.1 refreshes the Linux kernel, Docker, the Unraid API, and a broad set of base packages, with security-related updates across core networking, web, storage, and encryption components. This release also includes ZFS and QEMU updates, along with storage, Docker, and system improvements.
Unraid OS 7.3.2 is a security and bugfix release including Linux kernel 6.18.38, Docker VLAN networking fixes, storage and boot-pool fixes, virtualization UI fixes, Unraid API 4.35.1, and several base package updates.

Recommended for all users.

## Upgrading

For step-by-step instructions, see [Updating Unraid](/unraid-os/updating-unraid/). Questions about your [license](/unraid-os/troubleshooting/licensing-faq/)?
For step-by-step instructions, see [Updating Unraid](<https:///unraid-os/updating-unraid/>). Questions about your [license](<../../unraid-os/troubleshooting/licensing-faq.mdx#license-types--features>)?

## Known issues

- No new release-specific known issues are documented for this release.
* No new release-specific known issues are noted. For issues inherited from prior releases, see the [Unraid OS 7.3.1](<../7.3.1/>) release notes.

## Notes

- The release includes package updates for core services and libraries used by the OS, including Docker, OpenSSH support libraries, and certificate and networking components.
* This release includes security-related base package updates. Package-level CVE annotations are listed in Base distro updates.

## Rolling back

- Review the rollback notes for [Unraid OS 7.3.1](/unraid-os/release-notes/7.3.1/) before downgrading from this release.
- This release updates the kernel, ZFS, Docker, and the Unraid API. Verify compatibility before rolling back.
* No new rollback limitations are noted for this release. Before rolling back, review the [Unraid OS 7.3.1](<../7.3.1/>) release notes.

## BREAKING CHANGES

- No breaking changes are documented for this release.
* None.

## Changes vs. [Unraid OS 7.3.1](/unraid-os/release-notes/7.3.1/)
## Changes vs. Unraid OS 7.3.1

### Security

- Security: updated bind, dnsmasq, libarchive, libidn, net-tools, nginx, openssl, shadow, sqlite, and xorg-server for security fixes. dnsmasq, nginx, openssl, net-tools, and sqlite include listed CVE coverage.
- Fix: CVE-2026-3838.
* Security: Fixed a WebGUI `update.php` path-traversal command execution vulnerability, CVE-2026-3838.
* Security: Includes base package security fixes with CVE coverage for multiple components; package-level CVE details are listed in Base distro updates.

### Containers / Docker

- Improvement: updated Docker to 29.5.3-1_LT.
- Fix: VLAN Docker networks now restore gateway and default-route handling more reliably after the Docker 29 upgrade, so affected containers can regain outbound and inter-VLAN connectivity.
* Fix: Docker VLAN auto-networks can fall back to the configured Docker gateway so containers keep outbound connectivity.
* Improvement: Improved Docker tab load performance by keeping synchronous I/O off the Docker tab render path, based on a community contribution from [TSpader ](<https://github.com/tspader>)(thank you!)

### Storage

- Improvement: updated ZFS to 2.4.3_6.18.37_Unraid-1_LT.
- Fix: boot pool device removal works correctly again instead of failing with a GUI error in some mirrored boot pool configurations.
- Fix: replacing a missing boot pool device no longer leaves behind a stale missing mirror member in some port-swap scenarios.
- Fix: formatting or erasing a pool no longer crashes the GUI in a specific `sda` naming edge case.
- Fix: corrected Btrfs RAID1 pool size and usage reporting on the dashboard for mixed-size devices.
* Fix: Boot pool replacement no longer leaves a stale missing mirror member in the affected replacement case.
* Fix: Removing a boot pool device no longer triggers the regression that could fail the operation.
* Fix: Formatting a pool device whose name overlaps with a boot device no longer triggers a false positive invalid-target assertion.
* Fix: Dashboard cache pool size and usage reporting is corrected for Btrfs RAID1 pools.

### WebGUI / System

- Improvement: updated dynamix.unraid.net to 4.35.1.
- Improvement: refreshed base system packages including bash, ca-certificates, curl, git, pkgtools, rsync, util-linux, and other core components.
- Fix: controller views in System Devices now show the correct drives instead of sometimes including unrelated devices.
- Fix: mDNS service discovery can recover more reliably after a temporary network loss.
* New: Added monitor status output for panel indication plugins that use LED and LCD state.
* Fix: Shutdown and reboot syslog saving now creates `/boot/logs` before writing syslog files.
* Fix: System Devices controller listings no longer include unrelated devices in affected cases.
* Fix: Internal Boot with Flash Licensing better handles transient USB license device resets.

### Networking / Hardware

- Improvement: updated cifs-utils, iproute2, libnvme, and wireless-regdb.
- New: added libcbor, libfido2, and libmaxminddb.
- Improvement: Intel iGPU SR-IOV controls are now hidden unless the required plugin is installed, avoiding settings that cannot be applied.
* Fix: Avahi/mDNS update can start the daemon again after transient network loss.
* Fix: Intel GPU PCI speed reporting is corrected.
* Improvement: Intel iGPU SR-IOV controls are shown only when the supporting plugin is installed.

### Virtualization

- Improvement: updated QEMU to 10.2.3-1_SBo_LT.
- Improvement: more accurate PCI link speed reporting for Intel Arc GPUs in System Devices, which helps when checking passthrough hardware.
- Improvement: the VM Network Source selector is now wider and sorted more naturally, making long or numbered network names easier to scan.
- Fix: VM context menus now stay visible when opened near the bottom of the page instead of rendering partly off-screen.
- Fix: VM usage reporting better matches actual guest CPU activity instead of showing inflated usage during unrelated file transfers.
- Fix: removed an outdated reboot warning from VM settings when PCI options are enabled.
* Fix: VM CPU usage no longer reports high usage caused by unrelated host tasks.
* Fix: VM context menu positioning is corrected.
* Improvement: VM Network Source dropdown entries are sorted and the control is wider for easier scanning.
* Fix: Removed an obsolete VM reboot banner message when VM PCI options are enabled.

### Unraid API

- Update Unraid API to dynamix.unraid.net 4.35.1.
* Update Unraid API to [dynamix.unraid.net 4.35.1](<https://github.com/unraid/api/releases/tag/v4.35.1>).

### Linux kernel

- Linux kernel: update to 6.18.37-Unraid.
* Linux kernel: update to 6.18.38-Unraid.
CONFIG_USB_AUTOSUSPEND_DELAY=-1

## Base distro updates

### Added packages (3)

- libcbor: version 0.14.0
- libfido2: version 1.17.0-2
- libmaxminddb: version 1.13.3

### Updated packages (59)

- aaa_libraries: version 15.1-50 -> 15.1-51
- at-spi2-core: version 2.60.4 -> 2.60.5
- bash: version 5.3.009-2 -> 5.3.015-2
- bind: version 9.20.23 -> 9.20.24 (security fix noted; no CVE IDs listed)
- ca-certificates: version 20260413 -> 20260616
- cifs-utils: version 7.5 -> 7.6
- curl: version 8.20.0 -> 8.21.0
- dnsmasq: version 2.92rel2 -> 2.93 (CVE-2026-2291)
- docker: version 29.5.2-1_LT -> 29.5.3-1_LT
- dynamix.unraid.net: version 4.34.0 -> 4.35.1
- elogind: version 255.25 -> 255.27
- etc: version 15.1-16 -> 15.1-17
- exfatprogs: version 1.3.2 -> 1.4.2
- file: version 5.47-2 -> 5.48
- fontconfig: version 2.18.0-2 -> 2.18.1
- gdk-pixbuf2: version 2.44.6 -> 2.44.7
- git: version 2.54.0 -> 2.55.0
- glib2: version 2.88.1 -> 2.88.2
- graphite2: version 1.3.14-3 -> 1.3.15-2
- harfbuzz: version 14.2.0 -> 14.2.1
- iproute2: version 7.0.0 -> 7.1.0-2
- json-c: version 0.18_20240915 -> 0.19
- kbd: version 2.9.0 -> 2.10.0
- less: version 702 -> 704
- libarchive: version 3.8.7 -> 3.8.8 (security fix noted; no CVE IDs listed)
- libdrm: version 2.4.133 -> 2.4.134
- libffi: version 3.5.2 -> 3.6.0
- libidn: version 1.43 -> 1.44 (security fix noted; no CVE IDs listed)
- libnvme: version 1.16.1 -> 1.16.2
- libpsl: version 0.21.5 -> 0.22.0
- libxkbcommon: version 1.13.1 -> 1.13.2
- lsof: version 4.99.6 -> 4.99.7
- mesa: version 26.1.1 -> 26.1.3
- nano: version 9.0 -> 9.1
- net-tools: version 20181103_0eebece-3 -> 20181103_0eebece-5 (CVE-2025-46836)
- nghttp3: version 1.15.0 -> 1.17.0
- nginx: version 1.30.1-1_SBo_LT -> 1.30.3-1_SBo_LT (NVD: CVE-2026-9256, CVE-2026-48142)
- ngtcp2: version 1.22.1 -> 1.24.0
- noto-fonts-ttf: version 2026.05.01 -> 2026.06.01
- openssh: version 10.3p1 -> 10.3p1-2
- openssl: version 3.5.6-2 -> 3.5.7 (CVE-2026-34182, CVE-2026-34183, CVE-2026-42764, CVE-2026-45447; NVD: CVE-2026-7383, CVE-2026-9076, CVE-2026-34180, CVE-2026-34181, CVE-2026-42766, CVE-2026-42767, CVE-2026-42768, CVE-2026-42769, CVE-2026-42770, CVE-2026-45445, CVE-2026-45446)
- pango: version 1.57.1 -> 1.58.0
- pkgtools: version 15.1-31 -> 15.1-32
- qemu: version 10.2.2-1_SBo_LT -> 10.2.3-1_SBo_LT
- rsync: version 3.4.3 -> 3.4.4
- shadow: version 4.19.4-2 -> 4.19.4-4 (security fix noted; no CVE IDs listed)
- shared-mime-info: version 2.4-2 -> 2.5.1
- spirv-llvm-translator: version 22.1.2 -> 22.1.3
- sqlite: version 3.53.1 -> 3.53.3 (NVD: CVE-2026-11822, CVE-2026-11824)
- sysvinit-scripts: version 15.1-36 -> 15.1-38
- tree: version 2.3.1 -> 2.3.2
- util-linux: version 2.42.1 -> 2.42.2
- wireless-regdb: version 2026.03.18 -> 2026.05.30
- xclock: version 1.1.1 -> 1.2.0
- xinit: version 1.4.4 -> 1.4.4-2
- xkeyboard-config: version 2.47 -> 2.48
- xlsclients: version 1.1.5 -> 1.1.6
- xorg-server: version 21.1.22-3 -> 21.1.23 (security fix noted; no CVE IDs listed)
- zfs: version 2.4.2_6.18.33_Unraid-1_LT -> 2.4.3_6.18.37_Unraid-1_LT
* libcbor: version 0.14.0
* libfido2: version 1.17.0
* libmaxminddb: version 1.13.3

### Updated packages (73)

* aaa_libraries: version 15.1-50 -> 15.1-51
* acl: version 2.3.2 -> 2.4.0
* at-spi2-core: version 2.60.4 -> 2.60.5
* attr: version 2.5.2 -> 2.6.0
* bash: version 5.3.009-2 -> 5.3.015-2
* bash-completion: version 2.17.0 -> 2.18.0
* bind: version 9.20.23 -> 9.20.24-2 (security fix noted; no CVE IDs listed)
* ca-certificates: version 20260413 -> 20260616
* cifs-utils: version 7.5 -> 7.6
* curl: version 8.20.0 -> 8.21.0 (NVD: CVE-2026-9079, CVE-2026-9080, CVE-2026-9545, CVE-2026-9546, CVE-2026-9547)
* dnsmasq: version 2.92rel2 -> 2.93 (CVE-2026-2291)
* docker: version 29.5.2 -> 29.5.3
* [dynamix.unraid.net](<http://dynamix.unraid.net>): version 4.34.0 -> 4.35.1
* elogind: version 255.25 -> 255.27
* etc: version 15.1-16 -> 15.1-17
* exfatprogs: version 1.3.2 -> 1.4.2
* file: version 5.47-2 -> 5.48
* fontconfig: version 2.18.0-2 -> 2.18.1
* gdk-pixbuf2: version 2.44.6 -> 2.44.7
* git: version 2.54.0 -> 2.55.0
* glib2: version 2.88.1 -> 2.88.2
* graphite2: version 1.3.14-3 -> 1.3.15-2
* harfbuzz: version 14.2.0 -> 14.2.1
* iproute2: version 7.0.0 -> 7.1.0-2
* jansson: version 2.15.0 -> 2.15.1
* json-c: version 0.18_20240915 -> 0.19
* kbd: version 2.9.0 -> 2.10.0
* krb5: version 1.22.2-2 -> 1.22.2-3
* less: version 702 -> 704
* libarchive: version 3.8.7 -> 3.8.8 (security fix noted; no CVE IDs listed)
* libdrm: version 2.4.133 -> 2.4.134
* libevent: version 2.1.12-4 -> 2.1.13 (security fix noted; no CVE IDs listed)
* libffi: version 3.5.2 -> 3.6.0
* libidn: version 1.43 -> 1.44 (security fix noted; no CVE IDs listed)
* libjpeg-turbo: version 3.1.4.1 -> 3.2.0
* libnvme: version 1.16.1 -> 1.16.2
* libpsl: version 0.21.5 -> 0.22.0
* libseccomp: version 2.6.0 -> 2.6.1 (security fix noted; no CVE IDs listed)
* libtiff: version 4.7.1 -> 4.7.2
* liburing: version 2.14 -> 2.15
* libvirt-php: version 0.5.8-8.4.21 -> 0.5.8-8.4.23
* libxkbcommon: version 1.13.1 -> 1.13.2
* lmdb: version 0.9.35 -> 1.0.0
* lsof: version 4.99.6 -> 4.99.7
* mesa: version 26.1.1 -> 26.1.4
* nano: version 9.0 -> 9.1
* net-tools: version 20181103_0eebece-3 -> 20181103_0eebece-5 (CVE-2025-46836)
* nghttp3: version 1.15.0 -> 1.17.0
* nginx: version 1.30.1-1 -> 1.30.3-1 (NVD: CVE-2026-9256, CVE-2026-42055, CVE-2026-48142)
* ngtcp2: version 1.22.1 -> 1.24.0
* noto-fonts-ttf: version 2026.05.01 -> 2026.07.01
* openssh: version 10.3p1 -> 10.4p1 (security fix noted; no CVE IDs listed)
* openssl: version 3.5.6-2 -> 3.5.7 (CVE-2026-34182, CVE-2026-34183, CVE-2026-42764, CVE-2026-45447; NVD: CVE-2026-7383, CVE-2026-9076, CVE-2026-34180, CVE-2026-34181, CVE-2026-42766, CVE-2026-42767, CVE-2026-42768, CVE-2026-42769, CVE-2026-42770, CVE-2026-45445, CVE-2026-45446)
* pango: version 1.57.1 -> 1.58.0
* php: version 8.4.21-1 -> 8.4.23-1 (CVE-2026-14355)
* pkgtools: version 15.1-31 -> 15.1-32
* qemu: version 10.2.2-1 -> 10.2.3-1
* rsync: version 3.4.3 -> 3.4.4
* samba: version 4.22.8 -> 4.22.10 (CVE-2026-1933, CVE-2026-2340, CVE-2026-3012, CVE-2026-3238, CVE-2026-4408, CVE-2026-4480)
* shadow: version 4.19.4-2 -> 4.19.4-6 (security fix noted; no CVE IDs listed)
* shared-mime-info: version 2.4-2 -> 2.5.1
* spirv-llvm-translator: version 22.1.2 -> 22.1.4
* sqlite: version 3.53.1 -> 3.53.3 (NVD: CVE-2026-11822, CVE-2026-11824)
* sysvinit-scripts: version 15.1-36 -> 15.1-38
* tree: version 2.3.1 -> 2.3.2
* util-linux: version 2.42.1 -> 2.42.2
* wireless-regdb: version 2026.03.18 -> 2026.05.30
* xclock: version 1.1.1 -> 1.2.0
* xinit: version 1.4.4 -> 1.4.4-2
* xkeyboard-config: version 2.47 -> 2.48
* xlsclients: version 1.1.5 -> 1.1.6
* xorg-server: version 21.1.22-3 -> 21.1.23 (security fix noted; no CVE IDs listed)
* zfs: version 2.4.2 -> 2.4.3