To @dswv42:
All files compiled via crosstools (Linaro). Almsot no additions (I see only few changes in Samba sources - Improved performance). Some of binary already precompiled (WD stuff). Web interface - PHP (Rest API).
Image.cfs (Compressed Root FS, Stored in part. #4) - Compressed Squashfs disk image.
initrd = Busybox + custom scripts. Nothing special.
Firmware.bin file generated by “merge” tool from “wd gpl source code” archive.
Almost all other stuff also available in “WD GPL Source code” archive. All other can be found in internet.
so with WDs statement above, worth holding off dumping all my data to a USB drive, and waiting for the patch, so I can plug my WD Cloud back into power/network ?
yes, I do have a backup on another chunky USB disk, but I didn’t want to use that with my TV as I;ve been given a slim smart disk by Seagate So I’ve got 500gb to transfer but won’t bother if I can reinstate my WD Cloud.
“Resolved critical security vulnerabilities.” is not really a helpful change log. But I guess I would only regain some confidence in WD if they would actually update every package to most current version for the device. But I doubt that will happening.
No its not very helpful since it doesn’t tell a user which critical security vulnerabilities were addressed. But this is how WD and many other companies post with respect to change logs.
Based on past history I doubt WD would update the various outdated/old services/modules in the existing firmware. Would be nice if they did though.
Your right, links now go to the December firmware. Either someone broke the links on the web side or they pulled the firmware for some reason and haven’t announced why. Not good either way.
I figured out the data issue my self, but i’m happy that i already had a backup on onedrive.
So i could simply do a factory reset, and that fixed the issue.
And ofc now i’ve turned off AUTO update…
Update, it appears they’ve put a notice in the other subforums (Mirror, EX2, EX4) about removing the broken 2.11.163 firmware.
[Edit - 3/22/17]
WD Customers,
Firmware 2.11.163 for My Cloud Mirror, EX2, and EX4 includes multiple critical security fixes. However, we discovered that these fixes may have introduced a few minor regression issues detailed below. While we confirmed these issues, we have removed 2.11.163 from auto updates and manual downloads on support.wdc.com.
The areas affected in 2.11.163 are:
Toggle ON and OFF the Product Improvement Option
Create/Import multiple users and groups
Open a technical support case from the dashboard
We are currently working to address these minor regression issues in a forthcoming update. As an option for our customers that are not impacted by the affected areas, we have made Firmware 2.11.163 available for manual download.
Not to sound like a cynic, but does anyone actually believe WD will fix all these security issues, let alone update the packages? They’ve known about these problems for months if not years, and until they were humiliated publicly, they showed absolutely no interest in fixing them. I rather suspect we’ll see a rushed update or two, then, once the furor dies down a bit, things will return to normal.
I don’t belive they will fix it, nor do i belive they really care about WD MyCloud Singe Bay…
I own a single bay, and i hate not being able to install apps…
So i used a not supported javascript in the url of the dashboard and now got acess to apps…
It’s a simple trick, and my WD doesn’t have ANY issue at all…
I have a My-Cloud 2 Gig with current firmware. I have removed all critical data with the exception of 10,000 pictures of my children and grandchildren. Does the WD exposure extend beyond my physical WD Myclound? Will it expose my local LAN? As you see from my question I am not a network geek, just a concerned senior citizen.
So I’ve got 500gb to transfer but won’t bother if I can reinstate my WD Cloud.
