New Release - My Cloud Firmware Versions 2.31.163 (1/8/19)


#1

WD is happy to announce the release of My Cloud Firmware 2.31.163 for manual download at [https://support.wdc.com/downloads.aspx?g=911&lang=en) for the following My Cloud products.

· My Cloud
· My Cloud Mirror Gen2
· My Cloud EX2 Ultra
· My Cloud EX2100
· My Cloud EX4100
· My Cloud DL2100
· My Cloud DL4100
· My Cloud PR2100
· My Cloud PR4100

2.31.163 Release Notes

Security Fixes

  • Added brute force attack mitigation.
  • Removed non-production testing information.

Components Updated

  • Rsync – v3.0.

Other Bug Fixes

  • Added warnings when enabling remote dashboard.

2.31.149 release notes

Security Fixes

• Resolved multiple command injection vulnerabilities including CVE-2016-10108 and CVE 2016-10107.
• Resolved multiple cross site request forgery (CSRF) vulnerabilities.
• Resolved a Linux kernel Dirty Cow vulnerability (CVE-2016-5195).
• Resolved multiple denial-of-service vulnerabilities.
• Improved security by disabling SSH shadow information.
• Resolved a buffer overflow issue that could lead to unauthenticated access.
• Resolved a click-jacking vulnerability in the web interface.
• Resolved multiple security issues in the Webfile viewer on-device app.
• Improved the security of volume mount options.
• Resolved multiple security issues in the EULA onboarding flow.
• Resolved leakage of debug messages in the web interface.
• Improved credential handling for the remote MyCloud-to-MyCloud backup feature.
• Improved credential handling for upload-logs-to-support option.

Components Updated

• Apache -v2.4.34
• PHP -v5.4.45
• OpenSSH -v7.5p1
• OpenSSL -v1.0.1u
• libupnp -v1.6.25 (CVE-2012-5958)
• jQuery -v3.3.1 (CVE-2010-5312)

Other Bug Fixes

• Resolved high CPU utilization with ufraw-batch process.
• Improved remote host port handling


#2