Bosch CPP4 HD/MP Cameras Firmware Release Letter

General

This firmware release is a maintenance release based on FW 6.20.0089. It introduces a comprehensive set of security features to enhance data security. Some default parameters have been adjusted to improve out-of-the-box security for cameras. Changes since the last release (FW 6.20.0089) are highlighted in blue.

Note: Due to an internal file system introduction and architectural changes in firmware 6.1x and later, upgrades are only possible from firmware 6.1x or higher. Cameras with firmware versions below 6.1x require an initial upgrade to 6.1x.

Note: Since firmware 5.92, the Autoload Decoder is no longer supported for installation from the camera. This video decoder, used in browsers for video stream viewing, was removed from the firmware content due to size limitations, allowing for new features. A download link for the more feature-rich MPEG-ActiveX has been included, requiring internet access for immediate installation.

Applicable Products

• AUTODOME IP 4000 HD
• AUTODOME IP 5000 HD
• AUTODOME IP 5000 IR
• AUTODOME 7000 series
• DINION HD 1080p
• DINION HD 1080p HDR
• DINION HD 720p
• DINION imager 9000 HD
• DINION IP bullet 4000
• DINION IP bullet 5000
• DINION IP 4000 HD
• DINION IP 5000 HD
• DINION IP 5000 MP
• DINION IP starlight 7000 HD
• EXTEGRA IP dynamic 9000
• EXTEGRA IP starlight 9000
• FLEXIDOME corner 9000 MP
• FLEXIDOME HD 1080p
• FLEXIDOME HD 1080p HDR
• FLEXIDOME HD 720p
• Vandal-proof FLEXIDOME HD 1080p
• Vandal-proof FLEXIDOME HD 1080p HDR
• Vandal-proof FLEXIDOME HD 720p
• FLEXIDOME IP panoramic 5000
• FLEXIDOME IP indoor 5000 HD
• FLEXIDOME IP indoor 5000 MP
• FLEXIDOME IP indoor 4000 HD
• FLEXIDOME IP indoor 4000 IR
• FLEXIDOME IP outdoor 4000 HD
• FLEXIDOME IP outdoor 4000 IR
• FLEXIDOME IP micro 5000 HD
• FLEXIDOME IP micro 5000 MP
• FLEXIDOME IP outdoor 5000 HD
• FLEXIDOME IP outdoor 5000 MP
• FLEXIDOME IP micro 2000 HD
• FLEXIDOME IP micro 2000 IP
• IP bullet 4000 HD
• IP bullet 5000 HD
• IP micro 2000
• IP micro 2000 HD
• MIC IP dynamic 7000
• MIC IP starlight 7000
• TINYON IP 2000 family

Changes

• Fixed an issue with increased noise and bit rate from AUTODOME and MIC cameras.
• Improved Auto Focus accuracy on DINION IP bullet 4000 and DINION IP bullet 5000.
• Fixed an issue with fragmented EAP-TLS transfer, enabling support for Microsoft Windows NPS and RADIUS.
• Fixed an issue with ONVIF Analytics Service.
• Updated GUI translations and embedded help files.
• Fixed an issue with analogue output flickering on DINION IP starlight 7000 and FLEXIDOME IP starlight 7000 in 1.3 MP mode.
• Corrected wording on time protocol settings.

System Requirements

• Web Browsers: Microsoft Internet Explorer 9.0 or higher, Mozilla Firefox
• DirectX 9.0c
• MPEG-ActiveX 5.90 or newer
• Configuration Manager 5.34 or newer

Restrictions; Known Issues

User Interface

• If UAC is set to default in Windows 7, snapshot or recording via LIVEPAGE is not possible.
• Video and audio may be asynchronous during replay via Web page.
• If a VCA configuration using a rule engine is switched to a VCA configuration without a rule engine (e.g., MOTION+ or IVA default configuration), the saved configuration is invalid. Forensic search with this configuration may lead to undesired search results.
• In rare cases, recordings may not be found on PCs with Windows XP SP2 and IE6. Internet Explorer may remain in a 'connecting on replay page' status. An update of Internet Explorer is recommended.
• In Firefox, no audio is audible on the Audio Settings page.
• Opera mini for mobile devices cannot work in Intranets as it routes all pages through an Opera proxy on the Internet. If there is no internet connection, no content is provided.
• When changing the GUI language, the browser cache may need to be cleared and the web browser reloaded for the language to be selected correctly.
• Google Chrome requires a plug-in for displaying TIFF images to properly show the reference image.
• IE10, by default, does not allow snapshots or recording from the LIVEPAGE to local hard disk unless one of the following actions is performed:
  • Uncheck the box "Enable Protected Mode" in internet options/security.
  • Add the device's IP range to "Local intranet" zone.
  • Add the device's IP address to the trusted sites.
  • Start IE as administrator.
• If an intranet site is opened, IE10 automatically runs in compatibility mode, which can lead to misbehavior, such as the timeline not appearing on the PLAYBACK page. To resolve this, the function "Display intranet sites in Compatibility View" must be disabled.
• With HTTPS connection in MS IE and VideoSDK 5.71 installed, swapping between stream 1 and 2 may cause the watermarking icon for stream 2 to disappear. This may occur only for TCP video streams with infinite I-frame distance and B-frames enabled. A fix is available since VideoSDK 5.71 MR1.
• Upgrading the firmware to version 6.10 may require clearing the Web browser cache for the new user interface style to appear.

Encoding

• Only H.264 Main Profile using CABAC is supported; CAVLC is not supported.
• JPEG always uses HD 1080p format, even if stream 1 is set to SD (480p).
• Frame rates in low light mode might vary, causing bit rate control to produce higher bit rates than the set maximum.
• Aspect ratios 16:9 and 4:3 are not combinable; the aspect ratio from stream 1 will prevail.
• With GOP structure set to IBP and IBBP, the I-frame distance may not precisely correspond to the set value.
• For stream setting "Dual ROI", the maximum resolution of stream 2 is 288p, regardless of a higher resolution selected in the encoder profile.

Network

• QoS values are set according to group Video/Audio/Control for UDP packets. For TCP packets, only the QoS value for Video is inserted.
• IP addresses 172.20.1.0/30 (172.20.1.0 to 172.20.1.3) are reserved for internal communication and must not be used as device addresses. Products without internal communication ignore this restriction and allow the use of this range.

IVA

• IVA and flow require a minimum video input frame rate of 12.5 frames per second. If IVA or Flow are configured, a minimum frame rate of 12.5 must be set in ALC mode.
• There is only one configuration for IVA. Changing the analysis type (e.g., from IVA to IVA Flow) results in the loss of the former configuration. It is not possible to change the analysis type during a VCA profile switch.
• Due to a limitation in the background script language, the delay timer for event-triggered VCA starts immediately upon configuration. A trigger event during this period does not restart the timer. Operation resumes as desired once the timer has elapsed.
• On devices with VCA FPGA, an outgoing IPv6 connection fails when the device is the initiator (e.g., when trying to resolve a time server domain name).
• For 720p cameras, when switched to 1.3MP application mode, IVA does not function. Consequently, iAE also does not function, as it requires IVA. User Mode "Intelligent AE" may also not function optimally (it utilizes BLC).
• After firmware upgrade to version 6.10, the minimum object size setting may reset when editing the 'motion in field' task. A workaround is to check and correct the minimum object size value as needed.
• The "Too dark” alarm is not triggered under normal conditions due to the cameras' low-light capabilities.

MOTION+

• An alarm recording configured to be triggered by MOTION+ with masks may not be operational after a reboot. Saving the MOTION+ configuration without changes can resolve this. Alternatively, masks may not be used with MOTION+.

Recording

• LUN size for local recording via “Direct iSCSI" is limited to 2 TB.
• VRM version 2.12 or higher is required.
• In some cases, formatting errors on external iSCSI drives may occur and require multiple attempts to resolve.
• In rare instances, the owner of an iSCSI LUN may not be displayed correctly. Recording is unaffected; only the previous owner remains visible.
• If a device with primary and secondary recording on an SD card is added to a VRM system, the blocks used for primary recording are not reused, reducing available recording space for ANR recording. Re-formatting the SD card can resolve this.
• Throughput limit for simultaneous recording and local replay at 100% playback speed:
  • Maximum total recording bit rate of 7 Mbps for external iSCSI recording.
  • Maximum total recording bit rate of 10 Mbps for SD card recording, depending on SD card performance.
• SD card recording performance is highly dependent on the speed (class) and performance of the SD card.
• With I-frame-only recording and audio enabled, audio may be fragmented or inaudible during replay. Disable audio recording for I-frame-only recordings.
• The numbering of recorded files on the replay page may not always be contiguous.
• If snippets across block borders belong together (e.g., pre-alarm and alarm recording), they are logically united, and only the lower file number is displayed in the list.
• SDXC cards are formatted to FAT32, not exFAT, which is mandatory for SDXC standard compliance. However, they are fully recognized and accessible.
• The maximum size of 2TB is also supported with FAT32, assuming SD cards of that size become available.
• FAT32 enhances portability to non-Windows platforms.
• If local media is exchanged, existing former recordings are discovered only after rebooting the device.
• Physically removing the local storage media while recording causes the device to reboot. Recording must be stopped before removal.
• Changing the audio format while audio is being recorded may lead to unknown device behavior and should be avoided.
• 5MP and larger JPEG streaming via RTSP is only possible with decoders supporting ONVIF extensions.
• JPEG streaming via RTSP is based on RFC 2435, which limits the maximum JPEG size to 2048x2048.
• With ONVIF, larger original JPEG headers can be transmitted via RTP header extensions. This functionality is dependent on decoders supporting these extensions; it does not work with standard VLC.
• After modifying account settings (e.g., FTP server address), either toggle posting off and on or restart the device for changes to take effect.
• The storage system indicator status should be ignored during SD card formatting.
• Forcing the camera into an overload situation may cause undesired behavior and, in worst cases, recording gaps. Ensure CPU load is not consistently at its maximum by adapting encoder settings or avoiding excessive parallel tasks (e.g., client sessions).

Export

• FTP exported files with audio in a format other than AAC must be renamed from .mp4 to .m4a for correct playback in QuickTime.
• With JPEG Posting active during device boot, the first posted JPEG image may be a no-cam logo.
• FTP posting with 1080p resolution delivers JPEG files of 1920x1072 pixels due to the 16-pixel macroblock boundary of the JPEG encoder.
• If FTP export files contain only a few frames, some players may not replay them correctly, or the replay may be too fast to recognize. The file is not corrupt, though it may appear so.
• Files exported using continuous FTP backup for Rec. 2, where stream 2 is set to I-frames only mode, contain incorrect timing information and play back too fast.
• FTP export file size is always 100 MB if a resolution change occurred within the exported time span.
• Retrieving the file list from Dropbox may fail if there are too many objects (files and folders). The limit is approximately 500 objects, but this can vary depending on file name length.

Fixed cameras

• If no image is displayed after upgrading to new firmware, please re-power the camera. Applicable cameras:
  • FLEXIDOME IP INDOOR 5000
  • FLEXIDOME IP OUTDOOR 5000
  • FLEXIDOME IP bullet 5000
  • FLEXIDOME IP INDOOR 4000
  • FLEXIDOME IP OUTDOOR 4000
  • DINION IP 4000 HD
  • DINION IP BULLET 4000 HD
  • DINION IP 5000 HD
  • DINION IP BULLET 5000 HD
  • DINION IP 7000 HD
• On DINION IP bullet 4000 and DINION IP bullet 5000, if analogue video output is enabled, the frame rate of the first stream is limited to 15 fps.

Dome cameras

• Autopan starts outside the defined range if orientation is set to “Inverted”.
• Tilt up limit is treated as the lower tilt limit if orientation is set to "Inverted".
• For VG5, when Fast Address is changed, a reboot is required to activate it.
• In AUTODOMEs, a blanked sector may trigger a “too dark” alarm.
• On AUTODOMEs, privacy masking may not cover the complete configured area if placed too close to the scene edge. Move the target position to the center of the scene before creating a privacy mask.
• If LIVEPAGE is refreshed during Tour A/B recording on AUTODOMEs, the "Stop display" button may falsely show "Start recording" but the tour recording will continue.
• After a firmware upload, Privacy Masks and Installer Menu settings may reset to default. Verify that Privacy Masks and Installer Menu settings are still valid after the firmware upload.
• Some online help files describe a tracking icon that is not visible; the documentation is obsolete.
• For optimal image performance, it is advised not to turn off contrast enhancement during normal camera operation.
• To improve Recorded (Guard) tour playback accuracy, Bosch recommends using the User Interface (UI) instead of a keyboard for recording tours. If the Recorded (Guard) tour loses position accuracy during playback, re-home the camera using the "Find home" button on the Live page.
• Since firmware 5.90, the camera module in AUTODOME 7000 HD receives a different setting that persists over a firmware downgrade, as older firmware versions do not recognize this parameter for reversion.
• If a downgrade is required, a RCP CGI command must be applied before or after the downgrade: http://<ipaddress>/rcp.xml?command=0x09a5&type=P_OCTET&direction=WRITE&protocol=TCP&payload=0x80000405300381010424560000ff&num=1
• MIC 7000 orientation can be switched between normal and canted.
• When the user changes orientation from normal/canted to inverted (or vice versa), the MIC 7000 tilts upwards and over, positioning the visor and wiper on top. If an illuminator is attached, it may hit the MIC's body. To prevent this, the MIC 7000 will not allow an orientation change while the illuminator is attached. A warning message with a "Yes/No" selection appears when the user clicks the orientation radio button and the MIC has an illuminator.

Miscellaneous

• The camera date/time may reset to default (Year 2000) after a power loss exceeding the buffer period. Ensure the date/time is correct for recording, as an incorrect setting could prevent proper recording.
• After firmware upload with the daylight saving time checkbox activated, the time zone must be adjusted.
• After reboot, system time re-synchronization may be delayed up to 9 seconds for SNTP or up to 14 seconds for a time server protocol.
• A printout is added to telnet when an email fails.
• More detailed printouts are added for three error cases: 'could not connect to server', 'authentication failed', and 'recipient not accepted'.
• AAC audio timestamps for UDP live video streams and recording streams are based on 90 kHz instead of 16 kHz to ensure compatibility with Video SDK.
• AAC audio timestamps for TCP live video streams are based on standard 16 kHz timestamps. Standard players should connect to live video with AAC audio using TCP.
• After changing the selectable camera mode via alarm input, switching back to a previous mode does not work.
• Firmware upload stops recording if it fails or is terminated.
• After downgrade, configuration integrity cannot be guaranteed, and settings need to be checked or re-configured.
• When a configuration file is loaded onto an incompatible camera (e.g., a configuration file from an HD camera loaded onto a VGA camera), encoder settings may become invalid and require re-configuration.
• To check if the image is frozen, use the milliseconds timestamp for verification.
• Intelligent Defog is OFF by default under the “Low bitrate” scene mode.
• When combining CPU-intensive functions (e.g., encryption, watermarking, or dual recording) with high quality and high frame rate encoder settings, tuning of encoder profile settings may be necessary to avoid overload situations.
• No time change is allowed during the time when the "hour is repeated".

ONVIF conformance

• When using GetPresets command, preset names are not set for scene1 to scene6.

Please check the respective release letter of a camera for further device-specific restrictions.

Previous Revisions

New Features with 6.20.0089

Cameras

• Support for DINION IP bullet 4000 and DINION IP bullet 5000.
• Dome and AUX functions can be mapped to presets.
• MIC-7000 audio back-channel support for VJC-7000 audio output on LIVE page.

Security

• Support of TLS 1.2 with updated cipher suites, including AES 256 encryption.
• Device access security improvements:
  • Implementation of signed time synchronization.
  • Signature-protected password unlock procedure.
  • Telnet over HTML5 web sockets in the browser, using a secure TLS connection.
  • Throttling of wrong password entries.
  • Guidance for users to set a device password, with a strength meter provided.
• Firmware, signed with a private certificate, is authenticated before transfer to Flash to ensure a secure firmware upload.
• Certificate handling enhancements:
  • Auto-generation of self-signed certificates for SSL.
  • User-defined creation of self-signed certificates.
  • Possible upload of certificates with encrypted private keys.
  • Improved recorded video authentication without PKI required.
  • Storage and retrieval of certificates in recording for verifying signed video.
• Web GUI security improved to prevent Cross-Site-Scripting in the browser.
• Use of secure connections advertised via HSTS support.

Changes with 6.20.0089

• 56-bit encryption disabled for secure connections to increase minimum security level.
• Telnet service (system console) is now disabled by default.
• DHCP option 12 changed to send a ‘Renew' message including the camera name as hostname.

New Features with 6.11.0021

• Improved AF speed for AVF cameras.

Changes with 6.11.0021

• Minor improvements and error corrections added.
• ONVIF analytics capabilities corrected for dome cameras.
• Replay not working in BVC and BVMS clients for negative time zones has been fixed.

New Features with 6.10.0129

New Graphical User Interface

• Light and friendly Web browser interface following the Bosch Security Systems style guide for software interfaces.
• Usability improvements due to clearer structure and elements.
• Live preview during configuration where possible.
• Tours rearranged onto a single page; scheduler for preset tour and alarm rules added for moving cameras.
• Encoder quality regions configurable on moving cameras' preset positions (up to 8 regions).
• Video export format can be preselected from Bosch format (including metadata) and generic MP4 format on the LIVE page.

Imaging Enhancements

• Digital Zoom mode added to the lens settings page.
• Setting migration retains previous imaging settings after camera firmware upgrade. Note: This applies only after firmware 6.10.

Security Enhancements

• Certificate Store for management and assignment of client and server side certificates.
• Preparation for Public Key Infrastructure (PKI), enabled via special license, has been added.
• 56-Bit DES cipher suite disabled for TLS connection.

IVA Enhancements

• Object classification for types “upright person”, “bike”, “car”, “truck” replaces head detection.
• Geolocation allows setting a camera's global coordinates. The position of tracked objects in the respective coordinate system is added to metadata. Camera viewers can display tracked objects on a map.
• Usability improvements for easier calibration and drawing of elements and masks.
• MOTION+ configuration reworked: Eight MOTION+ alarm fields with up to 16 nodes can be set. Areas can be removed from processing via VCA masks, suppressing metadata generation in those areas.

Note: Refer to release notes of IVA 6.10 for details and a complete overview.

ONVIF Enhancements

• IVA events can be received via ONVIF messages.
• Overlay metadata can be received in ONVIF XML format.
• AUX commands can be sent via ONVIF messages.
• Special functions like IR Correction, Visible White Light, and Anti-Fog for MIC 7000 can be sent via ONVIF messages.
• Intelligent Tracking for AUTODOME and MIC can be enabled via ONVIF messages.
• Conformance tested using recent ONVIF test tool 14.12.

Miscellaneous

• Missing time zones added for Caracas, Newfoundland, Kathmandu, Yangon, Samoa, and Kiritimati Island.
• 3rd party protocol support can be enabled via special license, displaying a specific menu when the license is installed.
• Internal storage can be disabled and hidden via special license for certain LATAM countries. This license can only be cleared via technical service and support.
• An additional flash memory area has been implemented for storing specific files or data. This area can hold items like the enhanced Chinese character table, the FPGA image for IVA cameras running in 5:4 setup, certificates, or configuration data.
• With FW 6.10, necessary files can be installed by uploading a supplementary firmware file. For subsequent firmware versions, the sections will be recombined.
• Besides normal POE+ power signaling, available power can be signaled proprietarily with a special license installed. Signaled power can be configured manually when the license is installed.
• A customer logo (up to 128x128 pixels, 256 colors) can be uploaded as a BMP file to be displayed in the camera name block. Placement options: left, right, or logo only.

Changes with 6.10.0129

• IPv6 operational improvements, e.g., netmask extended to 64 bit.
• Reference image is deleted when the device is set to factory default.
• Improved robustness of encoding DSP.
• Fix for JPEG resolution handling on AUTODOME IP 7000.
• Fix for recording status while pre-alarm recording in RAM.