On products you can buy TODAY, you find:
- Their Btrfs filesystem is a fork of a very old branch and doesn't have modern patches
- A custom, non standard, self built, ACL system for the filesystem
- Kernel 4.4
- PHP 7.4 (requirement for their Hyperbackup app)
- smbd 4.15
- PostgreSQL 11.11
- smbd 8.2p1
- Redis 6.2.8
- ...
And it's not only about security, but about features (well, some are security features too). We're missing new kernel features (network hardware offload, security, wireguard...), filesystem (btrfs features, performance and error patches...), file servers (new features and compatibility, as Parallel NFS or Multichannel CIFS/SMB), and so on...
I think they got stuck on 4.4 because of their btrfs fork, and now they're too deep on their own hole.
Also, their backend is a mess. A bunch of different apps developed on different ways that mostly don't talk to each other. They sometimes overlap with each other and have very essential features that don't work and don't plan to fix. Meanwhile, they're busy releasing AI stuff features for the "Office" app.
Edit note: For myself and some business stuff, I have a bunch of TrueNAS deployments, from a small Jonsbo box for my home, to a +16 disk rack server. This was for a client that wanted to migrate from another Synology they had on loan, and I didn't want to push a server on them, as they're a bit far away from me, and I wanted it to be serviceable by anyone. I regret it.