For the record, bash is used for the WebGUI's shell. Just go to the shell and do "echo $SHELL". I cannot vouch if it has the security vulnerability or not and I can't (and probably wouldn't if I could) vouch for if 9.2.1.8 is going to happen as a result (in whole or in part because of this vulnerability).
Sorry, I'm not the man with the info. :p
The reality is that comments like what ewhac aren't generally made for appliance-like systems. FreeNAS is also open source and freely available. So anyone with *true* desire to know answers simply needs to be able to know the answer themself. Not to directly attach ewhac, but this kind of question (while very valid) can quickly turn into a discussion about "I expect other people to feed me vice feeding myself". If you want the answers they are definitely available as the code is open. What you should *really* be doing is flaming the living f*ck out of those routers and other closed-source devices that are derived from linux for answers. They are almost certainly NOT making their code available, and therefore you should *absolutely* be expecting them to provide the answer and the fix- because you don't have access to the necessary code to validate this for yourself no matter what.
Big picture, FreeNAS shouldn't be exposed to the internet anyway. This is *very* well documented. If you've done this, you kind of deserve to be in the dark. Sweat a little and be upset. Maybe you'll learn that you shouldn't be doing stupid things and expecting other people to jump to your rescue because you don't want to do what is right. ;)
Knowledge is power, and if you don't have the knowledge don't expect me to jump to your rescue because you didn't try to empower yourself. ;)
*cough*
https://bugs.freenas.org/projects/f...ions/4771be6243293f78a6b4686d2c19d8ce676ba69c
https://bugs.freenas.org/projects/f...ions/e17fe1e5f6b37b0b67f7c879b8c0ce8ebd762f01
https://bugs.freenas.org/projects/f...ions/b1306b8bb75db02c0ac310e667110bf98339036f
*cough*