MailPlus Server: The end of February brought news of a problem with the default configuration in the widely used Memcached server software that allowed it to be used in DDOS amplification attacks. Synology uses this software with its MailPlus Server and has released an update. If your MailPlus Server is open to the internet then updating to MailPlus Server 2.0.1-0532 or above is critical. The security bulletin is Synology-SA-18:07 Memcached.
Active Directory Server: Typically Synology only announces security vulnerabilities after a fix is available. But there’s a Samba vulnerability (through Active Directory Server) that is not exposed with the default settings, and there’s no user interface to enable it. Since it’s not vulnerable by default, Synology is holding off on the fix until an upcoming update. If you use Active Directory Server, you should review Synology-SA-18:08 Important: Samba and contact Synology if necessary.
DiskStation Manager (DSM) Updates
Synology released DSM Version 6.1.5-15254-1 (DSM 6.1.5-15254 Update 1) as February ended. It’s release notes contained one generic entry:
1. Enhanced system stability.