TrueNAS 25.10.3.1 is Now Available

Announcements
1

The TrueNAS team is pleased to release TrueNAS 25.10.3.1!

This release mitigates CVE-2026-31431, a Linux kernel vulnerability in the AEAD cryptographic socket interface, and includes additional fixes primarily affecting TrueNAS Enterprise systems and users.

Notable changes:

  • Mitigates CVE-2026-31431, a CVSS 7.8 local privilege escalation vulnerability in the Linux kernel AEAD cryptographic socket interface (CWE-669: Incorrect Resource Transfer Between Spheres). While the specific attack vector does not directly affect ZFS, TrueNAS integrates the upstream kernel patch as a security best practice. The fix reverts AEAD socket operations to out-of-place mode, eliminating the incorrect resource transfer between memory spheres that the vulnerability exploits.

  • Fixes Kerberos-secured NFS mounts failing after HA failover or system reboot when the NFS service is not configured to start automatically (NAS-138933). When the NFS service did not have Start Automatically enabled, gssproxy failed to initialize when the service was started manually after a reboot or failover, causing /proc/net/rpc/use-gss-proxy to return 0. Kerberos-secured NFS mounts (krb5, krb5i, and krb5p) were unavailable as a result. This affected systems joined to both FreeIPA and Active Directory.

  • Restores SNMP visibility for ZFS filesystem datasets and adds a new MIB table covering the full dataset tree. A long-standing regression caused the SNMP agent to report only zvols, silently omitting filesystem datasets from network monitoring tools such as Zabbix and Nagios. The SNMP agent now enumerates the complete dataset tree. A new datasetTable MIB entry exposes both filesystems and zvols with index, descriptor, and used, available, and referenced byte counts. The existing zvolTable is unchanged, so monitoring configurations that already poll it continue to work.

See the Release Notes and changelog for more details.

25.10.3.1 Documentation : https://www.truenas.com/docs/scale/25.10
Download : https://www.truenas.com/download-truenas-community-edition

Thank you for using TrueNAS! As always, we appreciate your feedback!

9 Likes
2

Updated from 25.10.3 without a glitch yet.

2 Likes
3

Just in time for ā€˜dirty fragā€™ā€¦

4 Likes
4

From multiple systems / locations only getting a max download rate on 1mb/s

5

Updated from 25.04.2.5. Iā€™ve noticed 2 issues:

  1. My external ssd (Samsung T5) shows null as the temperature.
  2. I can no longer set a critical/warning temperature for disks. Maybe I just didnā€™t spot a new location for the setting.
  3. There is no smart, but thatā€™s expected.
6

As far as i can remember the old release notes for 25.10, that setting is also goneā€¦

7

Can you confirm that Truenas Core 13.0-U6.8 is not affected by this vulnerability?

8

Totally. This one is a Linux exclusive. :laughing:

3 Likes
9

Updated to 25.10.3.1 from 25.04 with perfect success. Should we be expecting 25.10.3.2 soon to address Dirty Frag and Fragnesia?

10

Waiting for the LPE surge to finish may be wise, or weā€™ll have a minor release of little consequence every week.

1 Like
11

maybe already obvious butā€¦.

in your updates, if u see the beta 26 listed, just switch to the general train then u will see 25.10.3.1

THEN u click the update.

anyway, updated to it and itā€™s good. the UI is very responsive e.g. go to unlock datasets no lag :}

1 Like
13

I did an update offline via file from 25.10.2 and lost my web UI. Pings are also dropping. Hadnā€™t started storing anything luckily, but going to have to blow the whole thing away and install from scratch. No clue what went wrong.

14

Obviously a networking issueā€¦update and rollback would show whether it was software related.
Prefer that you create a write-up in General channel.. but post a link here if it is software releated.
Good luck!

15

Welcome to the TrueNAS Community.

Update on 25.10 status is worthwhile. First of all, adoption continues to grow.

25.04.2.6 is still ā€œking of the hillā€ - but there are more 25.10 systems than 25.04 systems.

image
image1709Ɨ2090 122 KB

There are CVEs that have been found. Next version is expected to be a 25.10.4ā€¦ in June. It will include a Linux kernel LTS update.

25.10.x has more security patches than 25.04 or earlier releases, so that should not block anyone from updating their systems.

1 Like
17

And Iā€™ll be stuck at the 25.10.3.whatever release until 26.04 reaches General Release.

18

If the .4 release is addressing the cveā€™s I would be guessing itā€™s also for the release tagged as general and not only early adopter

1 Like
19

Itā€™s 26.05 ATM.

20

Itā€™s neither 26.04 nor 26.05; itā€™s simply 26, and the last I recall hearing was that itā€™s slated to be released in the fall.

21

(December)

22

What year?

2 Likes