Support
Bug Reports
If you think you have found a bug in Netatalk, first see if the bug has already been reported in the Netatalk issue tracker at GitHub.
If no similar bug has been reported yet, please create a new ticket and provide as much context as possible, including Netatalk version, OS version, contents of configuration files, and debug or backtrace logs.
Feature requests can also be filed via the same issue tracker.
Technical Support
If you want to get help from the Netatalk developers or the community, or simply want to share a cool idea, you can start a new topic at Netatalk Discussions at GitHub. Please don't forget to be courteous and mindful of others.
Mailing Lists
As an alternative to GitHub, you can join the netatalk-admins mailing list. New release announcements are posted here as well.
Security Advisories
The Netatalk Project takes cyber security very seriously. In this section we publish security advisories when vulnerabilities have been disclosed and fixed.
If you think you have found a new exploit in Netatalk, please file a new security vulnerability report via GitHub. This enables us to collaborate on a patch in private.
| CVE ID | Subject | Publish Date | Affected Versions |
|---|---|---|---|
| CVE-2024-38441 | Heap out-of-bounds write in directory.c | 2024/06/28 | 3.2.0 3.0.0 - 3.1.18 2.0.0 - 2.4.0 |
| CVE-2024-38440 | Heap out-of-bounds write in uams_dhx_pam.c | 2024/06/28 | 3.2.0 3.0.0 - 3.1.18 1.5.0 - 2.4.0 |
| CVE-2024-38439 | Heap out-of-bounds write in uams_pam.c | 2024/06/28 | 3.2.0 3.0.0 - 3.1.18 1.5.0 - 2.4.0 |
| CVE-2023-42464 | afpd daemon vulnerable to type confusion | 2023/09/17 | 3.1.0 - 3.1.16 |
| CVE-2022-45188 | Arbitrary code execution in afp_getappl | 2023/03/26 | 3.0.0 - 3.1.14 1.5.0 - 2.2.8 |
| CVE-2022-43634 | Arbitrary code execution in dsi_writeinit | 2023/02/06 | 3.0.0 - 3.1.14 |
| CVE-2022-23125 | Arbitrary code execution in copyapplfile | 2022/03/21 | 3.0.0 - 3.1.12 1.3.3 - 2.2.6 |
| CVE-2022-23124 | Information leak in get_finderinfo | 2022/03/21 | 3.0.0 - 3.1.12 |
| CVE-2022-23123 | Information leak in getdirparams | 2022/03/21 | 3.0.0 - 3.1.12 1.5.0 - 2.2.6 |
| CVE-2022-23122 | Arbitrary code execution in setfilparams | 2022/03/21 | 3.0.0 - 3.1.12 |
| CVE-2022-23121 | Arbitrary code execution in parse_entries | 2022/03/21 | 3.0.0 - 3.1.12 1.5.0 - 2.2.6 |
| CVE-2022-22995 | afpd daemon vulnerable to symlink redirection | 2023/10/05 | 3.1.0 - 3.1.17 |
| CVE-2022-0194 | Arbitrary code execution in ad_addcomment | 2022/03/21 | 3.0.0 - 3.1.12 1.5.0 - 2.2.6 |
| CVE-2021-31439 | Arbitrary code execution in dsi_stream_receive | 2022/03/21 | 3.0.0 - 3.1.12 |
| CVE-2018-1160 | Unauthenticated remote code execution | 2018/12/13 | 3.0.0 - 3.1.11 1.5.0 - 2.2.6 |
| CVE-2008-5718 | papd daemon vulnerable to remote command execution | 2009/11/10 | 2.0.0 - 2.0.4 |
| CAN-2004-0974 | etc2ps.sh vulnerable to symlink attack | 2004/10/24 | 2.0.0 1.3.3 - 1.6.4 |
