Important Notes

• For the status of QTS updates and maintenance for your NAS model, visit https://www.qnap.com/en/product/eol.php
• To learn more about NAS models that support the TL-D800C, TL-R1200C-RP, TL-D400S, TL-D800S, TL-D1600S, TL-R400S, TL-R1200S-RP, see the Compatibility List at https://www.qnap.com/en/compatibility-expansion
• We have fixed the vulnerabilities in the following apps to ensure your data security: Surveillance Station, QVPN Service, Qfiling, Qsync Central, QcalAgent, and IFTTT Agent. To continue using these apps, go to the App Center and update them to the latest version.
• For more information on the kernel versions for NAS models that QTS 4.4.3 supports, see https://www.qnap.com/en/release-note/kernel
• Removed the following applications from App Center due to PHP 7 updates in QTS 4.4.1: "phpEasyProject", "Dolphin", "CMS Made Simple", "Vtiger CRM", "iStat", "PostgreSQL 9.3.13.3", and "ownCloud".
• Due to compatibility issues, the following applications have been removed from the App Center in QTS 4.4.1: FileFlex, MantisBT, SugarCRM, Xeams, DokuWiki, and Azure Storage.
• Once you update QTS to 4.4.1 (or later) on the TS-1635AX, you will not be able to downgrade QTS to versions earlier than 4.4.1.
• Removed support for Plex Home Theater from HybridDesk Station.

Fixed Issues

• Fixed an out-of-bounds read vulnerability in ProFTPD (CVE-2020-9272).
• Fixed a use-after-free vulnerability in ProFTPD that could be exploited for arbitrary code execution (CVE-2020-9273).
• Fixed a denial of service vulnerability in ProFTPD (CVE-2019-18217).
• Fixed a NULL pointer dereference vulnerability in ProFTPD (CVE-2019-19272).
• Fixed an improper certificate validation vulnerability in ProFTPD (CVE-2019-19271).
• Fixed a local security bypass vulnerability in ProFTPD (CVE-2017-7418).
• Fixed an improper certificate validation vulnerability in ProFTPD (CVE-2019-19270).
• Fixed a NULL pointer dereference vulnerability in ProFTPD (CVE-2019-19269).
• The TR-004 RAID expansion enclosure could not enter standby mode.
• Users sometimes could not access snapshots that were backed up from remote NAS devices to Snapshot Vault.
• QTS could not detect ADATA SX6000LNP SSDs installed on the QM2 expansion card.
• File Station could not sort files correctly in alphabetical order when the system language was set to "Auto Detect".
• Storage & Snapshots sometimes could not shrink volumes.
• Subfolders moved from the Qsync folder to another folder would still stay in the Qsync folder.
• System memory usage would continue to rise when the NAS was in an Active Directory domain that had a large number of domain users.
• Users could not apply changes to proxy settings if the proxy password contained the "$" character.