Release Letter

3.1 Two-factor authenticated firmware signature

The security of the signature of the firmware file has been strengthened by using a two-factor authentication process for signing the final released firmware file.

The new signature protects from non-released versions being installed in production systems. As a result, pre-release (beta) versions, required sometimes in projects, need to have a special license installed prior to the firmware update. Requests for pre-release versions need to be handled via tech support tickets in order to allow tracking and require a concession signed by the customer.

3.2 "Originally manufactured” certificate

All cameras are prepared to receive a unique Bosch certificate during production, assigned and enrolled by Escrypt LRA. These certificates prove that every device is an original Bosch-manufactured and untampered unit.

Escrypt is a Bosch-owned company, providing the Bosch certificate authority (CA).

Enrollment of the certificates in production is asynchronous to this firmware release.

3.3 Secure Element (TPM)

All CPP14 devices incorporate a new secure crypto-microcontroller, which we call our Secure Element.

"A Secure Element is a tamper-resistant platform capable of securely hosting applications and their confidential and cryptographic data (for example cryptographic keys) in accordance with the rules and security requirements set by well-identified trusted authorities."¹ In this specific case the requirements are defined in the Trusted Platform Module library specification defined by the Trusted Computing Group (TCG). As the Secure Element supports the main functionalities specified by TCG, the ones needed for an IoT device, it is often referred to as a “TPM”.

Due to security reasons, the firmware or functionality of the secure crypto-microcontroller cannot be altered in the field.

Thus, not all new security features become available on devices with older secure crypto-microcontroller hardware or firmware revisions.

3.4 Secure Boot Protection

All CPP14 devices are shipped with secure boot enabled, protecting the device from execution of unauthorized code.

Even in the case that an attacker could circumvent all other security barriers, any malicious code would never become active due to secure boot hindering the camera to start with unauthorized code.

¹ https://globalplatform.org/wp-content/uploads/2018/05/Introduction-to-Secure-Element-15May2018.pdf, page 1

For configuration purposes

• Bosch Project Assistant 2.4.0 or higher
• Bosch Configuration Manager (CM) 7.76 or higher
• Web Browsers:
  • Google Chrome
  • Microsoft Edge (chromium based)
  • Mozilla Firefox

For operation purposes

• Bosch Video Security app 3.7.2 or higher
• Bosch Video Security Client 3.7.2 or higher
• Bosch Video Management System 12.1 (12.3 or higher recommended)
• Bosch Video Management System Viewer 12.1 or higher (12.3 or higher recommended)
  • Bosch Video Management System 11.1.1 and Bosch Video Management System Viewer 11.1.1 supports most of the functionalities of the camera when deployed together with the patch ID:434923.
  • Bosch Video Management System 12.01 and Bosch Video Management System Viewer 12.01 supports most of the functionalities of the camera when deployed together with the patch "429121, 418648, 425002 - FW8.90 improvements"

7.1 User Interface

• If UAC is set to default in Windows 7, no snapshot or recording via LIVEPAGE is possible.
• Video and audio may be asynchronous during replay via Web page.
• If a VCA configuration using a rule engine is switched to a VCA configuration without using a rule engine, e. g. MOTION+ or IVA default configuration, the saved configuration is invalid. Forensic search with this configuration may lead to undesired search results.
• In Firefox, no audio is audible on the Audio Settings page.
• Opera mini for mobile devices cannot work in Intranets because it gets all pages through an opera proxy on the Internet. If there is no Internet connection no content is provided.
• When changing GUI language, the browser cache may have to be deleted and the web browser be reloaded before the language will be selected correctly.
• Google Chrome requires a plug-in for displaying TIFF images to properly show the reference image.
• Fluent decoding of buffered .mp4 video from camera is strongly dependent on the browser, Jerky video may occur, e. g. with Mozilla Firefox 52.0, which is not a camera malfunction.
• Shutter time values in preview window might slightly deviate from rounded values selectable from dropdown menu.
• Privacy masks and other orientation-related parameters must be checked and eventually re-assigned after rotating a camera.
• On-screen display stamping
  • Font size minimum is ensured for lower resolutions if per mill value would be too small.
  • Font size is automatically limited when maximum display stamping capabilities are reached though values may indicate differently. Limitation is evenly distributed over all defined stamping sections.
• A defective SD card may show 'device ok' status while being unusable. Check recording status for high level error description.
• Microsoft Edge may request re-entering the login credentials multiple times after reactivating a sleeping tab.
• Stream limit settings change is directly executed without requiring the Set button.
• Masking color of the image circle is bound to the privacy mask color.
• Video may appear stuttering with Firefox 108.02, use different browser version or brand.
• Live preview is not updated when changing stream limits. Page reload or opening the live preview window solves the issue.
• Due to the dynamic distribution of memory resources for display stamping it may happen that fonts appear smaller than the requested size.
• The "Login Notification" setting is currently located in the "Appearance" section of the web UI and can be enabled or disabled via a checkbox. However, this setting is stored in the browser cache, so if the cache is cleared, the configured setting will be lost and must be reconfigured.

7.2 Imaging

• On the AUTODOME 7100i, night scenes may appear too dark with limited detail when HDR is turned off. For improved visibility in low-light conditions, enabling HDR is recommended where applicable.
• In limited occurrences, AUTODOME 7100i may display image distortion when switching to night mode with HDR enabled. This issue typically resolves itself after resetting the night mode. Users are encouraged to monitor this behavior while an improvement is in development.
• Certain default image settings of AUTODOME 7100i may not be optimal for all scenarios. In particular, use cases that require more or less image sharpness may benefit from manual tuning to achieve the desired visual result.

7.3 Encoding

• For H.264, only Main/High Profile using CABAC is supported. CAVLC is not supported.
• Frame rates in low light mode might vary and cause bit rate control to produce higher bit rates than set as maximum.
• With GOP structure set to IBP and IBBP the I-frame distance may not exactly correspond with the set value.
• Encoder quality regions are not implemented.
• In case of a high load, the least prioritized stream may drop to a very low frame rate, e. g. 1 or 2 fps, making it difficult for a decoder to synchronize due to a large GOP size. This may result in temporarily showing black video.
• On cameras running at 60 fps, a frame might get dropped occasionally, slightly reducing the nominal frame rate.
• The blurring mode is currently not supported on CPP16. As a result, it is not possible to enable the privacy setting that automatically covers detected objects with dynamic blurring masks. However, static privacy masks -- manually defined in fixed areas -- continue to function as expected.
• On certain conditions involving CPU overload during reconfiguration of encoding capabilities may cause the camera to reboot.

7.4 Security

• When using certificates for mutual authentication, it must be ensured that the camera uses a solid and trusted time base. In case the time differs too much from the actual time, a client might be locked out. Then, only a factory default will recover access to the camera.
• Excessive signing, e. g. due to very short video authentication signing interval, may have an impact on TLS connection setup.
• If software sealing is active and SNMP is disabled in Network -> Network Services, no SNMP trap will be sent out on seal break due to the disabled service. The seal break itself is logged.
• SCEP (Simple Certificate Enrolment Protocol) certificate requests are currently non-functional. A forthcoming release will include the necessary fix to address this issue.
• AD FS authentication does not work when HTTP referrer check is enabled.
• Network authentication will not work when EAP-TLS and MD5 is selected on camera, but server is configured for MD5 only.
• Uploading a certificate in PFX format with password protection may fail in case it used an outdated encryption algorithm, e. g. RC2-40-CBC. Re-export the certificate with an updated encryption method.
• In the context of Syslog, some clients, such as Configuration Manager (CM) and Video Security Client, may generate multiple login requests during configuration, resulting in multiple log entries. This behavior is expected and indicates active configuration, helping to identify unauthorized or unexpected access during periods of inactivity. Please note that SNMP logins cannot be registered in the syslog.
• If the device is rebooted without user intervention, the software sealing will be considered broken. This behavior is not by design but is a known bug that will be addressed in an upcoming release.

7.5 Network

• QoS values are set according to group Video/Audio/Control for UDP packets, but for TCP packets, only the QoS value for Video is inserted. Note: Values are allowed to be entered as ToS values in increments of 4. To set a valid DSCP enter a (ToS) value between 32 and 224 as increments of 8.
• Changes to IPv6 settings, e. g. prefix, are not taking effect until device is restarted.
• Gateway setting is empty after switching DHCP to ‘Off'. Make sure to manually configure a gateway when needed.
• When switching from IPv4 to IPv6, or vice versa, make sure the configured IP address is reachable in the network. Alternatively, leave the default state which allows both versions in parallel.

7.6 VCA

• Slow moving objects may not be detected. There is a minimum speed for objects to be detected as moving.
• IVA and flow need at least 12.5 frames per second video input frame rate. If IVA or Flow are configured, minimum frame rate of 12.5 must be set in ALC mode.
• There is only one configuration for IVA. When analysis type is changed, e. g. from IVA to IVA Flow, the former configuration is lost. Due to this, it is not possible to change the analysis type in a VCA profile switch.
• Due to a limitation of the script language that is used in the background, the delay timer for event triggered VCA starts immediately when the configuration is set. A trigger event during this period does not restart the timer. Once the timer has elapsed, operation is as desired.
• "Too dark" alarm is not triggered under normal conditions due to the cameras low-light capabilities.
• VCA shapes are not synchronized with video when using the open-source JavaScript library for decoding.
• In ceiling mount, when the gyro sensor is perpendicular to earth plane, the roll angle cannot be determined and appears unstable, thus must be ignored.
• As dynamic lens curves are not implemented yet, especially applicable to varifocal lenses, the focal length is optimized for the r/2 of the inner circle of field-of-view to reduce deviations for IVA to a minimum. Introduction of the lens curves will improve this in future firmware.
• This device does not support best shot image extraction through Video Content Analysis (VCA). As a result, face detection using ONVIF Best Shot is not available, which may impact compatibility with certain third-party VMS solutions that rely on this feature for analytics.
• The "Leaving Field" event from Intelligent Video Analytics (IVA) is not supported on this device. Users relying on this event for specific detection logic should consider alternative configurations.
• VCA virtual masks, used to exclude specific areas of the field of view from Video Content Analysis, are currently not supported.

7.7 MOTION+

• An alarm recording configured to be triggered by MOTION+ with masks may not be operational after reboot. Saving MOTION+ configuration without any changes recovers from that. Alternatively, masks may not be used with MOTION+.

7.8 Recording

• LUN size for local recording via "Direct iSCSI" is limited to 2 TB.
• VRM version 2.12 or higher is required.
• In some cases, formatting errors on external iSCSI drives may occur, which might need multiple tries to overcome.
• In rare cases it may happen that the owner of an iSCSI LUN is not displayed correctly. Recording is not affected; just previous owner remains displayed.
• With I-frame-only recording and audio also enabled for recording, audio will be fragmented or not audible during replay. Please disable audio recording in case of I-frame-only recording.
• Numbering of the recorded files on the replay page is not always contiguous.
• If snippets across block borders belong together, like pre-alarm and alarm recording, the snippets become logically united and only the lower file number is presented in the list.
• If a local media is exchanged, existing former recordings are only discovered after rebooting the device.
• Physically removing the local storage media while recording causes the device to reboot. Recording must be stopped before removal.
• Changing audio format while audio is being recorded may cause unknown behaviour of the device and must be avoided.
• The storage system indicator status must be ignored during formatting of an SD card.
• Forcing the camera into an overload situation may cause undesired behaviour and in worst cases even recording gaps. It should always be ensured that the CPU load is not consistently around or at its maximum. This can be achieved by adapting encoder settings or avoiding too many tasks, e. g. client sessions, in parallel.
• Selection of streams for recording is limited to stream1 and 2 only.
• Encoder profile selection per stream is only possible for all four imagers simultaneously.
• Recording profile names are defined for defaults. Changes to the profile may mismatch with the pre-defined name, thus adaption may be advised.
• Recording will continue even if local storage is deselected until already allocated storage spans are utilized, then stop.

7.9 Export

• FTP exported files which include audio in a format other than AAC must be renamed from .mp4 to .m4a to allow correct playback in QuickTime.
• With JPEG Posting active when device is booting, the first posted JPEG image may be a no-cam logo.
• FTP posting with resolution 1080p delivers JPEG with size of 1920x1072 pixels due to 16 pixels macroblock boundary of the JPEG encoder.
• If FTP export files contain only a few frames some players might not correctly replay such a file, or the replay is too quick to recognize something. The exported file is not corrupt though it might seem so.
• Files exported using continuous FTP backup for Rec. 2 where stream 2 is set to I-frames only mode contain wrong timing information and play back too fast.
• FTP export file size is always 100 MB if resolution change occurred in exported time span.
• After modifying account settings, e. g. FTP server address, to get the changes applied either switching posting off and on or restarting the device is required.
• Using "export from memory" with pre-alarm recording exceeding the available memory will cause continuous recording on the account storage. Checking the memory requirement of the pre-alarm ring is advised to avoid unexpected memory consumption.
• Condensed export to FTP may show 100% although it is not completely finished. This is caused by estimation due to unknown I-frame size and resulting fill bytes to complete an export file, which can only be written after the relevant content is exported with 100%.
• Filenames for FTP export shall not include non-ASCII UTF-8 characters to avoid incompatibilities with FTP servers.

7.10 Miscellaneous

• After reboot, the system time re-synchronisation may be delayed up to 9 seconds for SNTP respectively up to 14 seconds for time server protocol.
• AAC audio timestamps for UDP live video streams as well as for recording streams are based on 90 kHz instead of 16 kHz to ensure compatibility with Video SDK. AAC audio timestamps for TCP live video streams are based on the standard 16 kHz timestamps. Standard players should connect to live video with AAC audio using TCP.
• After changing the selectable camera mode via alarm input the switch back to a previous mode doesn't work anymore.
• Firmware upload stops recording when it fails or is terminated.
• Uploading a configuration file from a different camera platform may result in unpredictable behaviour.
• When combining CPU-intensive functions like e. g. encryption, watermarking, or dual recording, with high quality and high frame rate encoder settings, tuning of encoder profile settings might be required to avoid overload situations. Likelihood of overload increases with higher encoding bitrates and higher sensor resolutions, and persistent overload may result in unexpected reboots of a camera.
• No time change is allowed during the time when the "hour is repeated".
• Maintenance log file creation and download requires some time, though there is no progress indication, and needs to be waited for completion.
• Millisecond stamping is not supported.
• JPEGs with VCA overlay are not fully synchronized. Shapes might be slightly off.
• Audio back-channel in Chrome browser may be delayed when using an unsecure or unaccepted HTTPS certificate.
• In scenes with mixed lighting, the image appearance might be greenish. To solve this, switch the white balance mode to Sodium lamp Auto.
• If the configured bitrate for a JPEG is too low, the JPEG encoder will nevertheless create its minimally required bitrate, exceeding the expected bitrate.
• 5MP and larger JPEG streaming via RTSP is only possible with decoders supporting the ONVIF extensions.
• JPEG streaming via RTSP is based on RFC 2435. This RFC only allows for a maximum JPEG size of 2048 by 2048. With ONVIF, the original, larger JPEG headers can also be transmitted via RTP header extensions. Unfortunately, this only works with decoders using these extensions, i. e. it does not work with a standard VLC.
• JPEGs for JPEG posting and in alarm e-mails are taken from the JPEG stream, thus 'burn-in' metadata overlays are not possible.
• With using stream prioritization, non-prioritized streams will drop frame rate when camera is not able to fulfil all requested streams equally.
• JPEG generation, especially with resolutions that are not matching a pre-defined JPEG stream, puts extra load on the camera which could lead to frame drops with cameras that are close to the performance capacity. It is recommended to set an unused stream to JPEG with the required resolution, allowing snap.jpg to take a pre-processed JPEG from this stream without creating extra load.
• In versions of BVMS up to 13.0, the default encoder profile may apply a bitrate higher than the camera supports, leading to video interruptions, recording gaps, and VCA errors like "Error: discontinuity in network stream". Reducing the BVMS bitrate setting (e.g., to 10000 kbps) resolves the issue. A future BVMS update will align default settings for improved compatibility.
• When changing the sensor mode from 25/30 fps to 50 fps, there is a risk of the camera crashing and video freezing if the device is under heavy load. This is a known issue, and a reboot typically restores normal operation. Work is ongoing to address this in future releases.
  • To reduce the risk, the following workarounds are recommended:
    • Switch from 25/30 fps to 60 fps first, then to 50 fps
    • Temporarily disable VCA before changing the sensor mode, and re-enable it afterward

8 Previous Revisions

n/a