Please do not report security vulnerabilities through public GitHub issues or pull requests.
TrueNAS operates a responsible disclosure program for security issues. If you believe you have found a previously unknown vulnerability in TrueNAS or in this middleware, please report it through our security portal at security.truenas.com. Follow the instructions in the section entitled "Reporting Previously Unknown Vulnerabilities (Click to expand)" on that page.
Reporting through the portal ensures the issue is triaged by our security team, remains private until a fix is available, and is credited appropriately. Vulnerability fixes submitted as public pull requests disclose the issue before users can be protected and will be closed.
Information about previously disclosed vulnerabilities and TrueNAS security advisories is also available at security.truenas.com.