15 juil. 2020 — GRE interfaces and Passthough mode does not work when the interface name is greater than seven characters. [DAL-2327]. • Health metrics are uploaded to Digi ...
ftp1.digi.com - /support/firmware/dal/TX64/20.5/
DIGI INTERNATIONAL 9350 Excelsior Blvd, Suite 700 Hopkins, MN 55343, USA +1 (952) 912-3444 | +1 (877) 912-3444 www.digi.com Digi TX/LR Firmware Release Notes Version 20.5.38.58 (July 2020) INTRODUCTION Digi Accelerated Linux is an advanced, high-performance operating system for cellular routers. These are the release notes for the initial Digi Accelerated Linux (DAL) firmware release which supports the Digi TX and LR family of products listed below. SUPPORTED PRODUCTS Digi TX54 Digi TX64 Digi LR54 KNOWN ISSUES GRE interfaces and Passthough mode does not work when the interface name is greater than seven characters. [DAL-2327] Health metrics are uploaded to Digi Remote Manager unless the Monitoring Device Health Enable option is de-selected and either the Central Management Enable option is deselected or the Central Management Service option is set to something other than Digi Remote Manager [DAL-3291] UPDATE CONSIDERATIONS This release does not support migration of WR54 and WR64 devices running xOS firmware. UPDATE BEST PRACTICES Digi recommends the following best practices: 1. Test the new release in a controlled environment with your application before you deploy production devices. 2. Unless otherwise noted, apply updates in the following order: a. Device firmware b. Modem firmware c. Configuration d. Application Digi recommends Digi Remote Manager for automated device updates. For more information, see the Digi Remote Manager User Guide. 96000472_D Release Notes Part Number: 93001328 F Page 1 If you prefer manually updating one device at a time, follow these steps: 1. Download the 20.5.38.58 firmware update image from the Digi support website to your PC TX54: TX54-Dual-Cellular-20.5.38.58.bin TX54-Dual-Wi-Fi-20.5.38.58.bin TX54-Single-Cellular-20.5.38.58.bin TX64: TX64-20.5.38.58.bin LR54 LR54-20.5.38.58.bin LR54W-20.5.38.58.bin 2. Log into the Web UI. 3. Navigate to the System > Firmware Update page. 4. Click Choose File and select the appropriate firmware update image. 5. Click UPDATE FIRMWARE. 6. The device will automatically reboot once the firmware update is complete. TECHNICAL SUPPORT Get the help you need via our Technical Support team and online resources. Digi offers multiple support levels and professional services to meet your needs. All Digi customers have access to product documentation, firmware, drivers, knowledgebase, and peer-to-peer support forums. Visit us at https://www.digi.com/support to find out more. CHANGE LOG VERSION 20.5.38.58 (July 2020) This is a recommended release. NEW FEATURES There are no new features in this release. ENHANCEMENTS 1. The minimum requirements for a local user password has been changed to require the following: a. A minimum of 10 characters. b. At least one uppercase letter. c. At least one lowercase letter. d. At least one number. e. At least one symbol. SECURITY FIXES 1. Failed login attempts have been added to the event log and will sent to a remote syslog server if enabled. [DAL-3492] 96000472_D Release Notes Part Number: 93001328 F Page 2 BUG FIXES 1. An issue that caused a delay in connecting with FirstNet SIMs has been resolved. [DAL-3236] 2. An issue that prevented dual APN connectivity with AT&T when using Sierra Wireless modules has been resolved. [DAL-3586] 3. An issue using QXDM with Sierra Wireless cellular modules has been resolved. [DAL-3469] VERSION 20.5.38.39 (April 2020) This is a mandatory release. NEW FEATURES 1. LDAP user authentication has been added. 2. An option has been added to the System > Firmware Update page to allow the user to update the device from the Digi firmware server. 3. Support for Wi-Fi client isolation has been added. This prevents communication between clients connected to the device's Wi-Fi AP. 4. Support for Digi RM proxy connections has been added. 5. A new Application mode has been added for serial ports to allow full control of the serial port by custom Python and Shell scripts. This also allows USB-to-Serial adapters to be access via the /dev/serial/<config-key-name>. 6. Support for the Python HID module has been added. 7. A Digi RM connection watchdog has been added. ENHANCEMENTS 1. When factory-defaulted, the device will have 2 Wi-Fi Access Points running on 2.4GHz and 5GHz with a SSID of <model>-<serial number> and with the device's default password. The SSIDs and passwords must be configured or the Access Points disabled when configuring the device. 2. The cellular support has been updated to modem PDP context 1 when an AT&T SIM is detected to support new requirements from AT&T. 3. Support for DHCP address pools larger than /24 subnets has been added. 4. Support for AES GCM encryption ciphers has been to IPsec. 5. A new locally authenticate CLI option has been added to force a user to login when using the device's CLI via Digi RM. 6. A number of enhancements to the Health Metrics has been made. · A new health metric to report the interface being used for an IPsec tunnel has been added. · A new health metric to report the LTE SNR has been added. · The health metrics have been updated to upload no more than 2 reports per minute if there is a backlog due the connection being down. · A debug configuration option to provide a delay window/jitter when uploading the health metrics to Digi RM has been added. The default is 2 minutes. · Prevent invalid health metrics data being re-uploaded if Digi RM sends a 96000472_D Release Notes Part Number: 93001328 F Page 3 response that the contents of the health metrics are invalid. 7. The Web UI has been updated so that the Apply button on the Device Configuration page is always visible when scrolling down the page. 8. IPv6 support has been added to the traceroute command. 9. The Rx and Tx byte count has been added to the show network interface <name> command. 10. The OpenVPN server device type connection options have been added to make it easier to select the connection type. 11. A 5 second delay has been added when configuring the LTE band on a Telit modem and rebooting the modem. 12. Support for AT&T LWM2M on the TX54-A146 and TX54-A246 has been added. 13. The network analyzer support has been updated to allow any network interface to be monitored. 14. The idle timeout configuration for remote access serial ports has been updated to be consistent with the user admin idle timeout configuration. 15. The show system command has been updated to display the firmware version in the alternate firmware bank. 16. A broadcast option has been added to the ping command. 17. A statusall option has been added to the show ipsec command has been added. 18. The Support Report generation has been improved to only run modem AT commands once. 19. Cellular modem firmware files are now retained in the event of the firmware update is interrupted. 20. The device SKU has been added to the RCI response to Digi RM. 21. The wbdata APN has been added to the APN list. SECURITY FIXES 1. Updated to openssh-8.2p1 [DAL-2860] CVE-2019-6111 CVSS Score: 5.8 2. Fixed user escalation exploit through cloud.drm.sms configuration option [DAL-2887] CVSS Score:6.0 Severity:Medium Matrix: AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N 3. Fixed user escalation exploit through Label configuration setting for serial ports [DAL-3011] CVSS Score: 6.0 Severity: Medium Matrix: AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N 4. Fixed password exploit through web token [DAL-3069] CVSS Score: 5.6 Severity: Medium Matrix: AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N 5. Updated StrongSwan to 5.8.3 [DAL-2866] 6. Updated iputils to s20190709 and traceroute to version 2.1.0 [DAL-2338] 7. Updated Linux kernel to version 5.6 [DAL-2873] 8. Updated ipset to version 7.6 [DAL-2853] 9. Updated OpenSSL to 1.1.1g [DAL-2977] CVE-2020-1967 - CVSS Score 7.5 HIGH 10. Prevent DOM XSS (cross-site scripting) exploit on Terminal page in the web UI [DAL-3068] CVSS Score: 4.2 Severity: Medium Matrix: AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N 11. Prevent user escalation exploit through netflash options in web UI [DAL-3129] CVSS Score: 4.1 Severity: Medium Matrix: AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N 12. Prevent use-after-free exploit in CLI configuration of OpenVPN [DAL-2963] CVSS Score: 5.7 Severity: Medium Matrix: AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N 96000472_D Release Notes Part Number: 93001328 F Page 4 13. Prevent XSS vulnerability on the Filesystem page in the web UI where a directory name with HTML embedded in it would be rendered as HTML rather than plain text [DAL-3200] CVSS Score: 4.6 Severity: Medium Matrix: AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:N 14. Prevent unauthenticated users from downloading the ovpn client configuration file from the web UI [DAL-3133] CVSS Score: 5.6 Severity: Medium Matrix: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N BUG FIXES 1. An issue with VRRP crashing on the TX54 has been resolved. [DAL-3181] 2. An IPsec tunnel will now be prevented from being setup if the local network/interface is down. [DAL-2336] 3. Stability issues with the TX64 wifi2 radio have been resolved. [DAL-2359] 4. A Wi-Fi as WAN issue that prevented stale conntrack entries from being flushed when there are network changes. [DAL-2775] 5. An IPsec issue where an IPsec tunnel configured to use a specific interface would not be brought down properly if the interface went down has been resolved. [DAL-3023] 6. An IPsec failover issue which prevent the backup IPsec tunnel found coming up when the primary IPsec tunnel went down has been resolved. [DAL-3024] 7. The analyzer support has been fixed so that it does not stop when the user's SSH connection ends. [DAL-2154] 8. An issue with applying policy based routes to incoming packets from WAN interfaces has been resolved. [DAL-2589] 9. An intermittent reporting issue where the Web UI and CLI would display a modem as registered when it was actually connected has been resolved. [DAL-2329] 10. An issue that prevented IP passthrough mode from working if multicast was also enabled has been resolved. [DAL-2709] 11. An issue with the IPv6 Surelink ping test has been resolved. [DAL-2488] 12. An issue with custom DHCP options not working has been resolved. [DAL-3071] 13. An issue with the config revert CLI command has been resolved. [DAL-3194] 14. An issue where a certificate is not received from a SCEP server due to a timing issue between requesting the certificate with a private key and when that certificate can be downloaded has been resolved. [DAL-2850] 15. The Telit module recovery has been improved if a firmware update is interrupted. [DAL-2983, DAL-2984] 16. An issue with the Python digidevice.led release function not working correctly has been resolved. [DAL-2566] 17. An issue with inconsistent LED names in the Python digidevice.led module has been resolved. [DAL-2569] 18. Issues with TX54 and TX64 WWAN LEDs not behaving correctly have been resolved. [DAL-1045, DAL-2239] 19. An issue with Sierra Wireless RM7511 modem firmware update via the Web UI or shell has been resolved. [DAL-2772, DAL-2773] 20. An issue with the modem firmware on the TX64-A141 which crashed the modem has been 96000472_D Release Notes Part Number: 93001328 F Page 5 resolved. [DAL-2982] 21. An issue with the cellular modem not initializing after the resetting the modem has been resolved. [DAL-1409] 22. An issue preventing the current firmware displayed on the Status > Modems Web UI page for Telit LM940 modems has been resolved. [DAL-2375] 23. An intermittent SIM switching issues with the Telit LM960 modem have been resolved. [DAL- 2379, DAL-2495] 24. An error with the show modem CLI command when the modem was not connected has been resolved. [DAL-2959] 25. An issue with configuration backups not working if the configuration directory contained files or directory paths longer than 100 characters has been resolved. [DAL-3137] VERSION 20.2.162.162 (April 2020) This is a recommended release. NEW FEATURES There are no new features in this release. ENHANCEMENTS There are no enhancements in this release. SECURITY FIXES There are no security fixes in this release. BUG FIXES 1. An issue with the switching firmware when switching between SIMs on the Telit LM940 module has been resolved. [DAL-2986] VERSION 20.2.162.157 (April 2020) This is a recommended release. NEW FEATURES There are no new features in this release. ENHANCEMENTS 1. The firstnet-broadband APN has been added for AT&T FirstNet SIMs. 2. The Rx and Tx byte counts have been added to the show modem name <name> command. 3. The MAC address has been added to the support report filename. SECURITY FIXES 1. Cross-site scripting (XSS) vulnerabilities on the Web UI configuration, status, terminal and file system pages has been resolved. (DAL-2818, DAL-2819, DAL-2823) 2. A script injection exploit on the Web UI Configuration Maintenance has been resolved. (DAL- 2797) 96000472_D Release Notes Part Number: 93001328 F Page 6 3. A fix to prevent unauthorized read/write access to /op/config and /opt/boot when the interactive shell is disabled. (DAL-2865) 4. An issue where the output of the Analyzer could be written out of the /etc/config/analyzer directory has been resolved. (DAL-2672) BUG FIXES 1. An issue with the Sierra Wireless EM7511 module firmware update has been resolved. (DAL- 2794) 2. An issue with the automatic cellular firmware selection on the Telit LM960 modules for T- Mobile and Sprint SIMs has been resolved. (DAL-2376) 3. An issue that was preventing multicast packets from being sent through a network bridge interface has been resolved. (DAL-2774) 4. An issue with the Digi Remote Manager health metrics reporting the /opt directory as full when it wasn't has been resolved. (DAL-2769) 5. An issue where the device would not automatically reboot after restoring configuration using the Web UI has been resolved. (DAL-2862) 6. An issue with the scheduled reboot always using UTC time rather than the configured timezone has been resolved. (DAL-2859) 7. An issue with stopping the analyzer in the CLI has been resolved. (DAL-2892) 8. An issue with the show system command on the TX64 when no Bluetooth module has been fitted has been resolved. (DAL-2871) 9. An issue in reading the status of the accelerometer has been resolved. (DAL-2266) VERSION 20.2.162.90 (March 2020) This is a recommended release. NEW FEATURES 1. The Connection Monitoring and Active Recovery support has been rebranded as Surelink. 15. The default Surelink settings for WAN interfaces has been changed so that the interface will do DNS tests against its DNS server to determine if the interface is working. 16. Read only admin access has been added. 17. A new shell access parameter has been added to allow you to prevent shell access from being enabled for a group. When disabled, script access to the shell and custom firewall rules are also restricted. If this parameter is subsequently re-enabled, the device will factory-default. 18. Support for TX64 user partition encryption has been added. 19. Support for USB GNSS devices has been added. ENHANCEMENTS 1. The default setting for 'SIM failover alternative' on Modem interfaces has been changed to 'reset'. 2. Hotspot performance has been improved by reducing the amount of log entries being produced. 3. IPsec status and Tx/Rx byte deltas have been added to the health metrics. 4. HTTPS support has been enabled from the initial boot up. 96000472_D Release Notes Part Number: 93001328 F Page 7 5. The Web UI has been updated to display devices connected to a hotspot. 6. The IPsec performance on the TX64 has been improved. SECURITY FIXES 1. The libpcap library has been updated to 1.9.1 (CVE-2017-16808, CVE-2019-15163) 2. The tcpdump application has been updated to 4.9.3 (CVE-2018-14465, CVE-2018-14467 CVE- 2018-14470 CVE-2018-14879 CVE-2018-16227 CVE-2018-16452 CVE-2019-15167) 3. The libxml2 library has been update to v2.9.10. (CVE-2018-14567, CVE-2018-9251) 4. The OpenVPN support has been updated to v2.4.4 (CVE-2017-12166) 5. The libldns library has been updated to v1.7.1 (CVE-2017-1000231, CVE-2017-1000232) BUG FIXES 1. An issue with poor TX54 Wi-Fi client receive speed in bridged configuration has been fixed. (DAL-2353) 2. An issue with the hotspot starting from bootup is has been fixed. (DAL-2446) 3. The health metrics for the TX54 platforms has been fixed. (DAL-2703) 4. The MAC address assignment has been fixed for TX54 and TX64. (DAL-2290) 5. An issue where only the last SSH key configured for a user would work has been fixed. (DAL- 2506) 6. An issue with the TX54 (Single Cellular) cellular LEDs has been fixed. (DAL-2659) 7. An issue with the SCEP client handling extra bytes has been fixed. (DAL-2212) 8. An issue with the ping and traceroute commands not routing out of specific interface has been fixed. (DAL-2605) 9. An issue with the TX54 power settings (ignition sense, input voltage, power button behavior) not taking affect has been resolved. (DAL-2734) VERSION 19.11.72.85 (January 2020) This is a recommended release. NEW FEATURES There are no new features in this release. ENHANCEMENTS 1. The performance for TX54 Wi-Fi client interfaces configured as a bridge has been improved. 2. The MTU is now being displayed with the show route verbose CLI command. 3. The Python acl.led module has been moved to the digidevice module. SECURITY FIXES There are no security fixes in this release. BUG FIXES 1. An issue with the Dual APN configuration on the TX54 and TX64 has been resolved. (DAL2311) 96000472_D Release Notes Part Number: 93001328 F Page 8 2. An issue with the Active Recovery support on cellular interfaces has been resolved. (DAL2000) 3. An issue with VLAN support on the TX54 has been resolved. (DAL-2264) 4. An IPsec routing issue when configuring a remote network of 0.0.0.0/0 has been resolved. (DAL-2253) 5. The missing Wi-Fi configuration for the TX54 Dual Wi-Fi variant has been added to support 2.4GHz band. (DAL-2451) 6. An issues enabling the location support for the TX54 platforms has been resolved. (DAL- 2226) 7. The MAC address assignment for the TX54 and TX64 Wi-Fi interfaces has been corrected. (DAL-2290) 8. An issue were N/A would be displayed for Network Activity counters on the Web UI dashboard has been resolved. (DAL-2295) VERSION 19.11.72.53 (December 2019) The TX54 and TX64 firmware supports the following key features: Cellular · 4G LTE and 3G support · Dual cellular connections · SIM prioritization Wi-Fi · Access Point support · Client support · Wi-Fi scanner support · Wi-Fi hotspot Digi Remote Manager · Remote Management · Device Health Metrics VPN · IPsec with certificate and pre-shared key authentication · HW encryption for IPsec · OpenVPN · GRE SCEP Client support Web Filtering / Cisco Umbrella Location support · On-board GNSS module · 3rd party source · Forwarding to remote hosts IPv4/IPv6 Routing · Static Routes · Policy based Routing · Routing services (BGP, OSPF, RIP, IS-IS) 96000472_D Release Notes Part Number: 93001328 F Page 9 · Multicast Port Forwarding Packet Filtering Packet Analyzer IntelliFlow Bluetooth scanner support The following features from earlier Digi xOS firmware are not yet supported in this DAL beta firmware. They will be supported before in the production release later this year: VRRP+ SNMP v1/v2c SNMP Enterprise MIB SSH Certificates DMNR DHCP Option User Classes 96000472_D Release Notes Part Number: 93001328 F Page 10Microsoft Word 2016 Microsoft Word 2016