QNAP extends security updates for some end-of-life devices

Daniel Sims

Posts: 512   +20
Staff
Why it matters: A few weeks after a security crisis, QNAP is extending its security updates for some older devices past the date they would generally stop. The situation seems to be an extenuating circumstance rather than a permanent policy change.

Taipei-based tech company Quality Network Appliance Provider (QNAP) announced this week that it would be changing how it handles security for its aging products for most of the remainder of 2022. While the company doesn’t state it outright, this is probably a response to ransomware attacks that targeted its products last month.

It explained that it usually keeps issuing security updates for devices for four years after their end-of-life (EOL) dates. However, with this announcement, some products more than four years past EOL will keep getting security patches until this October.

The list of affected devices includes any Arm or x86 64-bit products that received QTS OS version 4.2.6, 4.3.3, 4.3.6, or 4.4.1. They will only get security updates considered critical or high priority, an example probably being the one QNAP forced on many NAS users at the end of last month to stop ransomware.

In January, the company changed its designated “recommended” OS version, which pushed automatic software updates that, while successful in stopping the ransomware, broke other functionality for some users. The faux pas happened partially because of QNAP’s multi-layered auto-update system, which some users didn’t understand.

Permalink to story.

 

Dimitriid

Posts: 2,216   +4,268
I really would love to see more NAS friendly small cases that don't cost 3x as much as it's reasonable to pay for them, that way we could avoid trusting supremely incompetent NAS companies like qnap but we could still have nice, small and neat looking NAS cases which is usually not likely.
 

hwertz

Posts: 146   +81
I think it's nice that QNAP is extending their security updates here even if it is a 1-time exemption. It's common to cut off support, period, after 1 or 2 updates, or after whatever length of time, with the view that you should just keep buying new models if you want support.