Compatibility

• QTS 4.3.4 is the final available firmware update for the following models: TS-1269U-RP, TS-869U-RP, TS-469U-RP, TS-469U-SP, TS-869 Pro, TS-869L, TS-669 Pro, TS-669L, TS-569 Pro, TS-569L, TS-469 Pro, TS-469L, TS-269 Pro, TS-269L.

Important Notes

• To ensure system stability, QNAP recommends updating and then restarting QVPN Service in App Center after you update QTS to 4.3.4.
• For the status of QTS updates and maintenance for your NAS model, visit https://www.qnap.com/en/product/eol.php
• When QTS 4.3.x is installed on NAS models running on 64-bit Intel and AMD processors, some applications may not be supported. To check if installed apps on your NAS are compatible with QTS 4.3.x, download the QTS 64-bit compatibility tool and install it on your current QTS build. (https://download.qnap.com/QPKG/CF64_0.1-1114.qpkg.zip)
• Starting from QTS 4.3.4, QNAP NAS devices no longer support creating storage pools or static volumes using NVMe PCIe/M.2 SSDs. However, this limitation does not apply to the SSDs installed in built-in M.2 slots or on QM2 expansion cards.
• Below are the kernel versions for NAS models that are supported by QTS 4.3.4: Kernel 3.4.6: TS-x69, TS-x69U, TS-x69L.

Fixed Issues

• Fixed a local security bypass vulnerability in ProFTPD (CVE-2017-7418).
• Fixed a NULL pointer dereference vulnerability in ProFTPD (CVE-2019-19269).
• Fixed an improper certificate validation vulnerability in ProFTPD (CVE-2019-19270).
• Fixed a denial of service vulnerability in ProFTPD (CVE-2019-18217).
• Fixed a NULL pointer dereference vulnerability in ProFTPD (CVE-2019-19272).
• Fixed an improper certificate validation vulnerability in ProFTPD (CVE-2019-19271).
• Fixed a use-after-free vulnerability in ProFTPD that could be exploited for arbitrary code execution (CVE-2020-9273).
• Fixed an out-of-bounds read vulnerability in ProFTPD (CVE-2020-9272).
• Fixed a UDP flood denial-of-service vulnerability in Samba Active Directory Domain Controller (AD DC).
• Fixed a resource exhaustion vulnerability in Samba Active Directory domain controller (CVE-2020-10745).