Digi Accelerated Linux Operating System
“
Product Information
Specifications:
- Manufacturer: Digi International
- Model: Digi Accelerated Linux
- Version: 24.9.79.151
- Supported Products: AnywhereUSB Plus, Connect EZ, Connect
IT
Product Usage Instructions
New Features:
Version 24.9.79.151 includes the following new features:
- Support for asynchronous Query State mechanism for detailed
status information. - Configuration Rollback feature when configuring through Digi
Remote Manager.
Enhancements:
The latest version also includes enhancements such as:
- Rename of defaultip and defaultlinklocal interfaces to
setupip. - Support for configuring TCP timeout values under Network >
Advanced menu. - Display message for users not using 2FA when logging in with
PrimaryResponder mode. - Email notification support updated to allow sending
notifications to an SMTP server with no authentication.
FAQ (Frequently Asked Questions)
Q: How can I access product-specific release notes?
A: You can find product-specific release notes by visiting the
link provided in the manual:
https://hub.digi.com/support/products/infrastructure-management/
Q: What are the recommended best practices before updating to a
new release?
A: Digi recommends testing the new release in a controlled
environment with your application before rolling out the new
version.
“`
DIGI INTERNATIONAL 9350 Excelsior Blvd, Suite 700 Hopkins, MN 55343, USA +1 952-912-3444 | +1 877-912-3444 www.digi.com
Digi Accelerated Linux Release Notes Version 24.9.79.151
INTRODUCTION
These release notes cover New Features, Enhancements, and Fixes to the Digi Accelerated Linux Operating System for AnywhereUSB Plus, Connect EZ and Connect IT product lines. For product specific release notes use the link below.
https://hub.digi.com/support/products/infrastructure-management/
SUPPORTED PRODUCTS
AnywhereUSB Plus Connect EZ Connect IT
KNOWN ISSUES
Health metrics are uploaded to Digi Remote Manager unless the Monitoring > Device Health > Enable option is de-selected and either the Central Management > Enable option is deselected or the Central Management > Service option is set to something other than Digi Remote Manager [DAL-3291]
UPDATE BEST PRACTICES
Digi recommends the following best practices: 1. Test the new release in a controlled environment with your application before rolling out this new version.
TECHNICAL SUPPORT
Get the help you need via our Technical Support team and online resources. Digi offers multiple support levels and professional services to meet your needs. All Digi customers have access to product documentation, firmware, drivers, knowledge base and peer-to-peer support forums. Visit us at https://www.digi.com/support to find out more.
96000472_C
Release Notes Part Number: 93001381_D
Page 1
CHANGE LOG
Mandatory release = A firmware release with a critical or high security fix rated by CVSS score. For devices complying with ERC/CIP and PCIDSS, their guidance states that updates are to be deployed onto device within 30 days of release
Recommended release = A firmware release with medium or lower security fixes, or no security fixes
Note that while Digi categorizes firmware releases as mandatory or recommended, the decision if and when to apply the firmware update must be made by the customer after appropriate review and validation.
VERSION 24.9.79.151 (November 2024) This is a mandatory release
NEW FEATURES 1. Support for a new asynchronous Query State mechanism has been added to allow the device
to push detailed status information to Digi Remote Manager for the following functional groups: System Cloud Ethernet Cellular Interface 2. A new Configuration Rollback feature when configuring the device using Digi Remote Manager has been added. With this rollback feature, if the device loses its connection with Digi Remote Manager due to a configuration change, it will roll back to its previous configuration and reconnect to Digi Remote Manager.
ENHANCEMENTS 1. The defaultip and defaultlinklocal interfaces have been renamed to setupip and
setuplinklocal respectively. The setupip and setuplinklocal interfaces can be used to initial connect to and do initial configuration using a common IPv4 192.168.210.1 address. 2. The cellular support has been updated to default to use CID 1 instead of 2. The device will check for a saved CID for the SIM/Modem combination before using the default CID so that existing connected device are unaffected. 3. The configuration support has been updated so that the user must re-enter their original password when changing their password. 4. Support for configuring a custom SST 5G slicing option has been added. 5. The Wireguard support has been updated on the Web UI to have a button to create peer configurations. 6. The system factory-erase CLI command has been updated to prompt the user to confirm the command. This can overridden using the force parameter.
96000472_C
Release Notes Part Number: 93001381_D
Page 2
7. Support for configuring TCP timeout values has been added. The new configuration is under the Network > Advanced menu.
8. Support for displaying a message for users not using 2FA when logging in when PrimaryResponder mode is enabled has been added.
9. The email notification support has been updated to allow the notifications to be sent to a SMTP server using no authentication.
10. The Ookla Speedtest support has been updated to include the cellular statistics when the test is run over a cellular interface.
11. The amount of messages logged by the TX40 Wi-Fi driver to prevent the system log from being saturated with Wi-Fi debug messages.
12. Support for displaying the 5G NCI (NR Cell Identity) status in DRM, Web UI and CLI has been added.
13. The CLI and Web UI Serial page has been updated to allow the user to set sequential IP port numbers for SSH, TCP, telnet, UDP services on multiple serial ports.
14. The modem logging has been updated to log the APN instead of the index and remove other unnecessary log entries.
15. The way the watchdog calculates the amount of memory that is being used has been updated. 16. The title and description for the password_pr parameter has been updated to help distinguish
it from the password parameter.
SECURITY FIXES 1. The Linux kernel has been updated to v6.10 [DAL-9877] 2. The OpenSSL package has been updated to v3.3.2 [DAL-10161] CVE-2023-2975 CVSS Score: 5.3 Medium 3. The OpenSSH package has been updated to v9.8p1 [DAL-9812] CVE-2024-6387 CVSS Score: 8.1 High 4. The ModemManager package has been updated to v1.22.0 [DAL-9749] 5. The libqmi package has been updated to v1.34.0 [DAL-9747] 6. The libmbim package has been updated to v1.30.0 [DAL-9748] 7. The pam_tacplus package has been updated to v1.7.0 [DAL-9698] CVE-2016-20014 CVSS Score: 9.8 Critical CVE-2020-27743 CVSS Score: 9.8 Critical CVE-2020-13881 CVSS Score: 7.5 High 8. The linux-pam package has been updated to v1.6.1 [DAL-9699] CVE-2022-28321 CVSS Score: 9.8 Critical CVE-2010-4708 CVSS Score: 7.2 High 9. The pam_radius package has been updated to v2.0.0 [DAL-9805] CVE-2015-9542 CVSS Score: 7.5 High 10. The unbound package has been updated to v1.20.0 [DAL-9464] CVE-2023-50387 CVSS Score: 7.5 High 11. The libcurl package has been updated to v8.9.1 [DAL-10022] CVE-2024-7264 CVSS Score: 6.5 Medium
96000472_C
Release Notes Part Number: 93001381_D
Page 3
12. The GMP package has been updated to v6.3.0 [DAL-10068] CVE-2021-43618 CVSS Score: 7.5 High
13. The expat package has been updated to v2.6.2 [DAL-9700] CVE-2023-52425 CVSS Score: 7.5 High
14. The libcap package has been updated to v2.70 [DAL-9701] CVE-2023-2603 CVSS Score: 7.8 High
15. The libconfuse package has been updated with latest patches. [DAL-9702] CVE-2022-40320 CVSS Score: 8.8 High
16. The libtirpc package has been updated to v1.3.4 [DAL-9703] CVE-2021-46828 CVSS Score: 7.5 High
17. The glib package has been updated to v2.81.0 [DAL-9704] CVE-2023-29499 CVSS Score: 7.5 High CVE-2023-32636 CVSS Score: 7.5 High CVE-2023-32643 CVSS Score: 7.8 High
18. The protobuf package has been updated to v3.21.12 [DAL-9478] CVE-2021-22570 CVSS Score: 5.5 Medium
19. The dbus package has been updated to v1.14.10 [DAL-9936] CVE-2022-42010 CVSS Score: 6.5 Medium CVE-2022-42011 CVSS Score: 6.5 Medium CVE-2022-42012 CVSS Score: 6.5 Medium
20. The lxc package has been updated to v6.0.1 [DAL-9937] CVE-2022-47952 CVSS Score: 3.3 Low
21. The Busybox v1.36.1 package has been patched to resolve a number of CVEs. [DAL-10231] CVE-2023-42363 CVSS Score: 5.5 Medium CVE-2023-42364 CVSS Score: 5.5 Medium CVE-2023-42365 CVSS Score: 5.5 Medium CVE-2023-42366 CVSS Score: 5.5 Medium
22. The Net-SNMP v5.9.3 package has been updated to resolve a number of CVEs. CVE-2022-44792 CVSS Score: 6.5 Medium CVE-2022-44793 CVSS Score: 6.5 Medium
23. SSH support is now disabled by default for devices that have Primary Responder support enabled. [DAL-9538]
24. Support for TLS compression has been removed. [DAL-9425] 25. The Web UI session token is now expired when the user logs out. [DAL-9539] 26. The device’s MAC address has been replaced with the serial number in the Web UI login page
title bar. [DAL-9768]
BUG FIXES 1. An issue where the Wi-Fi clients connected to a TX40 not being displayed on CLI show wifi ap
<name> command and on the Web UI has been resolved. [DAL-10127] 2. An issue where the same ICCID was being reported for both SIM1 and SIM2 has been resolved.
96000472_C
Release Notes Part Number: 93001381_D
Page 4
[DAL-9826] 3. An issue where the 5G band information was not being displayed on the TX40 has beenresolved. [DAL-8926] 4. An issue where the TX40 GNSS support could lose its fix after remaining connected for many
days has been resolved. [DAL-9905] 5. An issue where an invalid status could be returned to Digi Remote Manager when doing a
cellular modem firmware update has been resolved. [DAL-10382] 6. The system > schedule > reboot_time parameter has been updated to be a full parameter and
can now be configured via Digi Remote Manager. Previously it was an alias parameter which can be configured by Digi Remote Manager. [DAL-9755] 7. An issue where a device could get stuck using a particular SIM slot even though no SIM was detected has been resolved. [DAL-9828] 8. An issue where US Cellular would be displayed as the carrier when connected to Telus has been resolved. [DAL-9911] 9. An issue with Wireguard where the public key generated using the Web UI not being saved correctly when has been resolved. [DAL-9914] 10. An issue where IPsec tunnels disconnected when old SAs were being deleted has been resolved. [DAL-9923] 11. The 5G support on the TX54 platforms has been updated to default to NSA mode. [DAL-9953] 12. An issue where starting BGP would cause an error to be output on the Console port has been resolved. [DAL-10062] 13. An issue where a serial bridge would fail to connect when FIPS mode was enabled has been resolved. [DAL-10032] 14. The following issues with the Bluetooth scanner have been resolved
a. Some detected Bluetooth devices where missing from data sent to remote servers. [DAL-9902] b. The Bluetooth scanner data being sent to remote devices did not include hostname and location fields. [DAL-9904] 15. An issue where the serial port could stall when changing the setting of a serial port has been resolved. [DAL-5230] 16. An issue where a firmware update file downloaded from Digi Remote Manager could cause the device to disconnect to more than 30 minutes has been resolved. [DAL-10134] 17. An issue with the SystemInfo group in the Accelerated MIB not being indexed correctly has been resolved. [DAL-10173] 18. An issue with the RSRP and RSRQ not being reported on TX64 5G devices has been resolved. [DAL-10211] 19. The Deutsche Telekom 26202 PLMN ID and 894902 ICCID prefix have been added to ensure the correct Provider FW is displayed. [DAL-10212] 20. The help text for the Hybrid Addressing mode has been updated to indicate that the IPv4 address mode needs to be configured to either Static or DHCP. [DAL-9866] 21. An issue where the default values for boolean parameters where not being displayed in the Web UI has been resolved. [DAL-10290] 22. An issue where a blank APN was being written in mm.json file has been resolved. [DAL-10285]
96000472_C
Release Notes Part Number: 93001381_D
Page 5
23. An issue where the watchdog would incorrectly reboot the device when the memory warning threshold is exceeded has been resolved. [DAL-10286]
VERSION 24.6.17.64 (August 2024) This is a mandatory release
BUG FIXES 1. An issue that prevented IPsec tunnels that use IKEv2 from re-keying has been resolved. This was
introduced in the 24.6.17.54 release. [DAL-9959] 2. An issue with SIM failover which could prevent a cellular connection from being established has
been resolved. This was introduced in the 24.6.17.54 release. [DAL-9928]
VERSION 24.6.17.54 (July 2024) This is a mandatory release
NEW FEATURES 1. There are no new common features in this release.
ENHANCEMENTS 1. The WAN-Bonding support has been enhanced with the following updates:
a. SureLink support. b. Encryption support. c. SANE client has been updated to 1.24.1.2. d. Support for configuring multiple WAN Bonding servers. e. Enhanced status and statistics. f. The WAN Bonding status is now included in the metrics sent to Digi Remote Manager. 2. The cellular support has been enhanced with the following updates: a. The special PDP context handling for the EM9191 modem which was causing issues
with some carriers. A common method is now used to set the PDP context. b. The cellular connection back-off algorithm has been removed as the cellular modems
have built-in back off algorithms that should be used. c. The cellular APN lock parameter has been changed to APN selection to allow the user
to select between using the built-in Auto-APN list, the configured APN list or both. d. The cellular Auto-APN list has been updated. e. The MNS-OOB-APN01.com.attz APN has been removed from the Auto-APN fallback list. 3. The Wireguard support has been updated to allow the user to generate a client configuration that can be copied onto another device. This is done using the command wireguard generate <tunnel> <peer> Extra information may be needed from the client depending on config: a. How the client machine connects to the DAL device. This is needed if the client is
initiating any connections and there is no keepalive value. b. If the client generates their own private/public key, they will need to set add that to
their configuration file.
96000472_C
Release Notes Part Number: 93001381_D
Page 6
If this is used with ‘Device managed public key’, every time a generate is called on a peer, a new private/public key is generated and set for that peer, this is because we do not store any private key information of any clients on the device. 4. The SureLink support has been updated to: a. Shutdown the cellular modem before power cycling it. b. Export the INTERFACE and INDEX environment variables so that they can be used in
custom action scripts. 5. The Default IP network interface has been renamed to Setup IP in the Web UI. 6. The Default Link-local IP network interface has been renamed to Setup Link-local IP in the
Web UI. 7. The uploading of device events to Digi Remote Manager has been enabled by default. 8. The logging of SureLink events has been disabled by default as it was causing the event log to
be saturated with test pass events. SureLink messages will still appear in the system message log. 9. The show surelink command has been updated. 10. The status of the System Watchdog tests can now be obtained via Digi Remote Manager, the Web UI and using CLI command show watchdog. 11. The Speedtest support has been enhanced with the following updates:
a. To allow it to run on any zone with src_nat enabled. b. Better logging when a Speedtest fails to run. 12. The Digi Remote Manager support has been updated to only re-establish connection to Digi Remote Manager if there is a new route/interface it should utilize to get to Digi Remote Manager. 13. A new configuration parameter, system > time > resync_interval, has been added to allow the user to configure the system time resynchronization interval. 14. Support for USB printers has been enabled. It is possible to configure to device to listen for printer requests via the socat command:
socat – u tcp-listen:9100,fork,reuseaddr OPEN:/dev/usblp0
15. The SCP client command has been updated with a new legacy option to use the SCP protocol for file transfers instead of the SFTP protocol.
16. Serial connection status information has been added to the Query State response message that is sent to Digi Remote Manager.
17. Duplicate IPsec messages have been removed from the system log. 18. The debug log messages for the health metrics support have been removed. 19. The help text for the FIPS mode parameter has been updated to warn the user the device will
automatically reboot when changed and that all configuration will be erased if disabled. 20. The help text for the SureLink delayed_start parameter has been updated. 21. Support for the Digi Remote Manager RCI API compare_to command has been added
SECURITY FIXES 1. The setting for Client isolation on Wi-Fi Access Points has been changed to be enabled by
default. [DAL-9243] 2. The Modbus support has been updated to support the Internal, Edge and Setup zones by
96000472_C
Release Notes Part Number: 93001381_D
Page 7
default. [DAL-9003] 3. The Linux kernel has been updated to 6.8. [DAL-9281] 4. The StrongSwan package has been updated to 5.9.13 [DAL-9153] CVE-2023-41913 CVSS Score: 9.8 Critical 5. The OpenSSL package has been updated to 3.3.0. [DAL-9396] 6. The OpenSSH package has been updated to 9.7p1. [DAL-8924] CVE-2023-51767 CVSS Score: 7.0 High CVE-2023-48795 CVSS Score: 5.9 Medium 7. The DNSMasq package has been updated to 2.90. [DAL-9205] CVE-2023-28450 CVSS Score: 7.5 High 8. The rsync package has been updated 3.2.7 for the TX64 platforms. [DAL-9154] CVE-2022-29154 CVSS Score: 7.4 High 9. The udhcpc package has been updated to resolve a CVE issue. [DAL-9202] CVE-2011-2716 CVSS Score: 6.8 Medium 10. The c-ares package has been updated to 1.28.1. [DAL9293-] CVE-2023-28450 CVSS Score: 7.5 High 11. The jerryscript package has been updated to resolve a number CVEs. CVE-2021-41751 CVSS Score: 9.8 Critical CVE-2021-41752 CVSS Score: 9.8 Critical CVE-2021-42863 CVSS Score: 9.8 Critical CVE-2021-43453 CVSS Score: 9.8 Critical CVE-2021-26195 CVSS Score: 8.8 High CVE-2021-41682 CVSS Score: 7.8 High CVE-2021-41683 CVSS Score: 7.8 High CVE-2022-32117 CVSS Score: 7.8 High 12. The AppArmor package has been updated to 3.1.7. [DAL-8441] 13. The following iptables/netfilter packages have been updated [DAL-9412] a. nftables 1.0.9 b. libnftnl 1.2.6 c. ipset 7.21 d. conntrack-tools 1.4.8 e. iptables 1.8.10 f. libnetfilter_log 1.0.2 g. libnetfilter_cttimeout 1.0.1 h. libnetfilter_cthelper 1.0.1 i. libnetfilter_conntrack 1.0.9 j. libnfnetlink 1.0.2 14. The following packages have been updated [DAL-9387] a. libnl 3.9.0 b. iw 6.7
96000472_C
Release Notes Part Number: 93001381_D
Page 8
c. strace 6.8 d. net-tools 2.10 e. ethtool 6.7 f. MUSL 1.2.5 15. The http-only flag is now being set on Web UI headers. [DAL-9220]
BUG FIXES 1. The WAN Bonding support has been updated with the following fixes:
a. The client is now automatically restarted when client configuration changes are made. [DAL-8343]
b. The client is now automatically restarted if it has stopped or crashed. [DAL-9015]
c. The client is now not restarted if an interface goes up or down. [DAL-9097]
d. The sent and receive statistics has been corrected. [DAL-9339]
e. The link on the Web UI dashboard now takes the user to the Web-Bonding status page instead of the configuration page. [DAL-9272]
f. The CLI show route command has been updated to show the WAN Bonding interface. [DAL-9102]
g. Only the required ports rather than all ports are now opened in the firewall for incoming traffic in the Internal zone. [DAL-9130]
h. The show wan-bonding verbose command has been updated to comply with style requirements. [DAL-7190]
i. Data was not being sent through the tunnel due to an incorrect route metric. [DAL9675]
j. The show wan-bonding verbose command. [DAL-9490, DAL-9758]
k. Reduced memory usage that causes issues on some platforms. [DAL-9609]
2. The SureLink support has been updated with the following fixes:
a. An issue where re-configuring or remove static routes could cause routes being incorrectly added to the routing table has been resolved. [DAL-9553]
b. An issue where static routes were not being updated if the metric was configured as 0 has been resolved. [DAL-8384]
c. An issue where the TCP test to a hostname or FQDN can fail if the DNS request goes out of the wrong interface has been resolved. [DAL-9328]
d. An issue where disabling SureLink after an update routing table action leaves orphaned static routes has been resolved. [DAL-9282]
e. An issue where the show surelink command displaying incorrect status has been resolved. [DAL-8602, DAL-8345, DAL-8045]
f. An issue with SureLink being on enabled on LAN interfaces causing issues with tests being run on other interfaces has been resolved. [DAL-9653]
3. An issue where IP packets could be sent out of the wrong interface, including those with private IP addresses which could lead to being disconnected from the cellular network has been resolved. [DAL-9443]
4. The SCEP support has been updated to resolve an issue when a certificate has been revoked. It will now perform a new enrollment request as the old key/certificates are no longer
96000472_C
Release Notes Part Number: 93001381_D
Page 9
considered secure to perform a renewal. Old revoked certificates and keys are now removed from the device. [DAL-9655] 5. An issue with how OpenVPN generated in server certificates has been resolved. [DAL-9750] 6. An issue where Digi Remote Manager would continue to display a device as connected if it had been booted locally has been resolved. [DAL-9411] 7. An issue where changing the location service configuration could cause the cellular modem to disconnect has been resolved. [DAL-9201] 8. An issue with SureLink on IPsec tunnels using strict routing has been resolved. [DAL-9784] 9. A race condition when an IPsec tunnel is brought down and reestablished quickly could prevent the IPsec tunnel coming up has been resolved. [DAL-9753] 10. An issue when running multiple IPsec tunnels behind the same NAT where only interface could come up has been resolved. [DAL-9341] 11. An issue with IP Passthrough mode where the cellular interface would be brought down if the LAN interface goes down which meant the device was no longer accessible via Digi Remote Manager has been resolved. [DAL-9562] 12. An issue with multicast packets not being forwarded between bridge ports has been resolved. This issue was introduced in DAL 24.3. [DAL-9315] 13. An issue where an incorrect Cellular PLMID was being displayed has been resolved. [DAL-9315] 14. An issue with an incorrect 5G bandwidth being reported has been resolved. [DAL-9249] 15. An issue with the RSTP support where it may initialize correct in some configurations has been resolved. [DAL-9204] 16. An issue where a device would attempt to upload the maintenance status to Digi Remote Manager when it is disabled has been resolved. [DAL-6583] 17. An issue with the Web UI drag and drop support which could cause some parameters being incorrectly updated has been resolved. [DAL-8881] 18. An issue with the Serial RTS toggle pre-delay not being honored has been resolved. [DAL-9330] 19. An issue with the Watchdog triggering a reboot when not necessary has been resolved. [DAL9257] 20. An issue where modem firmware updates would fail due to the index of the modem changing during the update and the status result not being reported to Digi Remote Manager has been resolved. [DAL-9524] 21. An issue with the cellular modem firmware update on Sierra Wireless modems has been resolved. [DAL-9471] 22. An issue with how the cellular statistics were being reported to Digi Remote Manager has been resolved. [DAL-9651]
VERSION 24.3.28.87 (March 2024) This is a mandatory release
NEW FEATURES
1. Support for WireGuard VPNs has been added.
2. Support for a new Ookla based speed test has been added.
Note: This is a Digi Remote Manager exclusive feature.
96000472_C
Release Notes Part Number: 93001381_D
Page 10
3. Support for GRETap Ethernet tunneling has been added.
ENHANCEMENTS 1. The WAN Bonding support has been updated
a. Support for a WAN Bonding backup server has been added. b. The WAN Bonding UDP port is now configurable. c. The WAN Bonding client has been updated to 1.24.1 2. Support for configuring which 4G and 5G cellular bands can and cannot be used for a cellular connection has been added. Note: This configuration should be used with care as it could lead to poor cellular performance or even preventing the device from connecting to the cellular network. 3. The System Watchdog has been updated to allow for monitoring of interfaces and cellular modems. 4. The DHCP server support has been updated a. To offer a specific IP address for a DHCP request received on a particular port.
b. Any requests for the NTP server and WINS server options will be ignored if the options is configured to none.
5. Support for SNMP traps to be sent when an event occurs has been added. It can be enabled on a per-event type basis.
6. Support for Email notifications to be sent when an event occurs has been added. It can be enabled on a per-event type basis.
7. A button has been added to the Web UI Modem Status page to update the modem to the latest available modem firmware image.
8. The OSPF support has been updated to add the capability to link OSPG routes through a DMVPN tunnel. There are two new configuration options a. A new option has been added to Network > Routes > Routing services > OSPFv2 > Interfaces > Network type to specify the network type as a DMVPN tunnel. b. A new Redirect setting has been added to Network > Routes > Routing services > NHRP > Network to allow redirection of packets between spokes.
9. The location service has been updated a. To support an interval_multiplier of 0 when forwarding NMEA and TAIP messages. In this case, the NMEA/TAIP messages will be forwarded immediately rather than caching and waiting for the next interval multiple. b. To only display the NMEA and TAIP filters depending on the select type. c. To display the HDOP value in Web UI, show location command and in the metrics pushed up to Digi Remote Manager.
10. A configuration option has been added to the Serial interface support to disconnect any active sessions if the serial port DCD or DSR pins are disconnected. A new CLI command system serial disconnect has been added to support this. The Serial status page in the Web UI has also been updated with the option.
11. The Digi Remote Manager keepalive support has been updated to more quickly detect stale connections and so can recover the Digi Remote Manager connection more quickly.
96000472_C
Release Notes Part Number: 93001381_D
Page 11
12. The redistribution of connected and static routes by BGP, OSPFv2, OSPFv3, RIP and RIPng has been disabled by default.
13. The show surelink command has been updated to have a summary view and an interface/tunnel specific view.
14. The Web UI serial status page and the show serial command have been updated to display the same information. Previously some information was only available on one or the other.
15. The LDAP support has been updated to support a group name alias. 16. Support for connecting a USB printer to a device via a USB port has been added. This feature
can used via Python or socat to open a TCP port to process printer requests. 17. The default timeout of the Python digidevice cli.execute function has been updated to 30
seconds to prevent command timeouts on some platforms. 18. The Verizon 5G V5GA01INTERNET APN has been added to the fallback list. 19. The help text for modem antenna parameter has been updated to include a warning that it
may cause connectivity and performance issues. 20. The help text for the DHCP hostname option parameter has been updated to clarify its use.
SECURITY FIXES 1. The Linux kernel has been updated to version 6.7 [DAL-9078] 2. The Python support has been updated to version 3.10.13 [DAL-8214] 3. The Mosquitto package has been updated to version 2.0.18 [DAL-8811] CVE-2023-28366 CVSS Score: 7.5 High 4. The OpenVPN package has been updated to version 2.6.9 [DAL-8810] CVE-2023-46849 CVSS Score: 7.5 High CVE-2023-46850 CVSS Score: 9.8 Critical 5. The rsync package has been updated to version 3.2.7 [DAL-9154] CVE-2022-29154 CVSS Score: 7.4 High CVE-2022-37434 CVSS Score: 9.8 Critical CVE-2018-25032 CVSS Score: 7.5 High 6. The DNSMasq package has been patched to resolve CVE-2023-28450. [DAL-8338] CVE-2023-28450 CVSS Score: 7.5 High 7. The udhcpc package has been patched to resolved CVE-2011-2716. [DAL-9202] CVE-2011-2716 8. The default SNMP ACL settings have been updated to prevent access via External zone by default if the SNMP service is enabled. [DAL-9048] 9. The netif, ubus, uci, libubox packages have been updated to OpenWRT version 22.03 [DAL8195]
BUG FIXES
1. The following WAN Bonding issues have been resolved
a. The WAN Bonding client is not restarted if the client stops unexpectedly. [DAL-9015]
b. The WAN Bonding client was being restarted if an interface went up or down. [DAL9097]
c. The WAN Bonding interface staying disconnected if a cellular interface cannot
96000472_C
Release Notes Part Number: 93001381_D
Page 12
connect. [DAL-9190] d. The show route command not displaying the WAN Bonding interface. [DAL-9102] e. The show wan-bonding command displaying incorrect interface status. [DAL-8992,
DAL-9066] f. Unnecessary ports being opened in the firewall. [DAL-9130] g. An IPsec tunnel configured to tunnel all traffic whilst using a WAN Bonding interface
causing the IPsec tunnel to not pass any traffic. [DAL-8964] 2. An issue where data metrics being uploaded to Digi Remote Manager being lost has been
resolved. [DAL-8787] 3. An issue that caused Modbus RTUs to unexpectedly timeout has been resolved. [DAL-9064] 4. An RSTP issue with the bridge name lookup has been resolved. [DAL-9204] 5. An issue with the GNSS active antenna support on the IX40 4G has been resolved. [DAL-7699] 6. The following issues with cellular status information have been resolved
a. Cellular signal strength percentage not being reported correctly. [DAL-8504] b. Cellular signal strength percentage being reported by the
/metrics/cellular/1/sim/signal_percent metric. [DAL-8686] c. The 5G signal strength being reported for the IX40 5G devices. [DAL-8653] 7. The following issues with the SNMP Accelerated MIB have been resolved a. The cellular tables not working correct on devices with cellular interfaces not called
“modem” has been resolved. [DAL-9037] b. Syntax errors that prevented if from being correctly parsed by SNMP clients. [DAL-
8800] c. The runtValue table not being correctly indexed. [DAL-8800] 8. The following PPPoE issues have been resolved a. The client session was not being reset if the server goes away has been resolved. [DAL-
6502] b. Traffic stopping being routed after a period of time. [DAL-8807] 9. An issue with the DMVPN phase 3 support where firmware rules needed to the disabled in order to honor default routes inserted by BGP has been resolved. [DAL-8762] 10. An issue with the DMVPN support taking a long time to come up has been resolved. [DAL-9254] 11. The Location status page in the Web UI has been updated to display the correct information when the source is set to user-defined. 12. An issue with the Web UI and show cloud command displaying an internal Linux interface rather than the DAL interface has been resolved. [DAL-9118] 13. An issue with the IX40 5G antenna diversity which would cause the modem to go into a “dump” state has been resolved. [DAL-9013] 14. An issue where devices using a Viaero SIM could not connect to 5G networks has been resolved. [DAL-9039] 15. An issue with the SureLink configuration migration resulting some blank settings has been resolved. [DAL-8399] 16. An issue where configuration was been committed at boot-up after an update has been resolved. [DAL-9143]
96000472_C
Release Notes Part Number: 93001381_D
Page 13
17. The show network command has been corrected to always display the TX and RX bytes values.
18. The NHRP support has been updated to not log messages when disabled. [DAL-9254]
VERSION 23.12.1.58 (January 2024)
NEW FEATURES 1. Support for linking OSPF routes through a DMVPN tunnel has been added.
a. A new configuration option Point-to-Point DMVPN has been added to Network > Routes > Routing services > OSPFv2 > Interface > Network parameter.
b. A new configuration parameter redirect has been added to the Network> Routes > Routing services > NHRP > Network configuration.
2. Support for the Rapid Spanning Tree Protocol (RSTP) has been added.
ENHANCEMENTS 1. The EX15 and EX15W bootloader has been updated to increase the size of the kernel partition
to accommodate larger firmware images in the future. Devices will need to be updated to the 23.12.1.56 firmware before updating to newer firmware in the future. 2. A new option After has been added to the Network > Modems Preferred SIM configuration to prevent a device from switching back to the preferred SIM for the configured amount of time. 3. The WAN Bonding support has been updated
a. New options have been added to the Bonding Proxy and Client devices configuration to direct traffic from specified network through the internal WAN Bonding Proxy to provide improved TCP performance through the WAN Bonding server.
b. New options have been added to set the Metric and Weight of the WAN Bonding route which can be used to control the priority of the WAN Bonding connection over other WAN interfaces.
4. A new DHCP server option to support BOOTP clients has been added. It is disabled by default. 5. The status of Premium Subscriptions has been added the System Support Report. 6. A new object_value argument have been added to the local Web API that can be used to
configure a single value object. 7. The SureLink actions Attempts parameter has been renamed to the SureLink Test failures to
better describe its use. 8. A new vtysh option has been added to the CLI to allow access to the FRRouting integrated
shell. 9. A new modem sms command has been added to CLI for sending outbound SMS messages. 10. A new Authentication > serial > Telnet Login parameter to been added to control whether a
user must supply authentication credentials when opening a Telnet connection to direct access a serial port on the device. 11. The OSPF support has been updated to support the setting the Area ID to an IPv4 address or a number.
96000472_C
Release Notes Part Number: 93001381_D
Page 14
12. The mDNS support has been updated to allow a maximum TXT record size of 1300 bytes.
13. The migration of the SureLink configuration from 22.11.x.x or earlier releases has been improved.
14. A new System Advanced watchdog Fault detection tests Modem check and recovery configuration setting has been added to control whether the watchdog will monitor the initialization of the cellular modem inside the device and automatically take recovery actions to reboot the system if the modem doesn’t initialize properly (disabled by default).
SECURITY FIXES 1. The Linux kernel has been updated to version 6.5 [DAL-8325] 2. An issue with sensitive SCEP details appearing the SCEP log has been resolved. [DAL-8663] 3. An issue where a SCEP private key could be read via the CLI or Web UI has been resolved. [DAL-
8667] 4. The musl library has been updated to version 1.2.4 [DAL-8391] 5. The OpenSSL library has been updated to version 3.2.0 [DAL-8447]
CVE-2023-4807 CVSS Score: 7.8 High CVE-2023-3817 CVSS Score: 5.3 Medium 6. The OpenSSH package has been updated to version 9.5p1 [DAL-8448] 7. The curl package has been updated to version 8.4.0 [DAL-8469] CVE-2023-38545 CVSS Score: 9.8 Critical CVE-2023-38546 CVSS Score: 3.7 Low 8. The frrouting package has been updated to version 9.0.1 [DAL-8251] CVE-2023-41361 CVSS Score: 9.8 Critical CVE-2023-47235 CVSS Score: 7.5 High CVE-2023-38802 CVSS Score: 7.5 High 9. The sqlite package has been updated to version 3.43.2 [DAL-8339] CVE-2022-35737 CVSS Score: 7.5 High 10. The netif, ubus, uci, libubox packages have been updated to OpenWRT version 21.02 [DAL7749]
BUG FIXES
1. An issue with serial modbus connections that cause incoming Rx responses from a serial port configured in ASCII mode if the reported length of the packet didn’t match the received length of the packet to be dropped has been resolved. [DAL-8696]
2. An issue with DMVPN that cause NHRP routing through tunnels to Cisco hubs to be unstable has been resolved. [DAL-8668]
3. An issue that prevented the handling of incoming SMS message from Digi Remote Manager has been resolved. [DAL-8671]
4. An issue that could cause a delay in connecting to Digi Remove Manager when booting up has been resolved. [DAL-8801]
5. An issue with MACsec where the interface could fail to re-establish if the tunnel connection was interrupted has been resolved. [DAL-8796]
6. An intermittent issue with the SureLink restart-interface recovery action on an Ethernet
96000472_C
Release Notes Part Number: 93001381_D
Page 15
interface when re-initializing the link has been resolved. [DAL-8473] 7. An issue that prevented the Autoconnect mode on a Serial port from reconnecting until the
timeout had expired has been resolved. [DAL-8564] 8. An issue that prevented IPsec tunnels from being established through a WAN Bonding
interface have been resolved. [DAL-8243] 9. An intermittent issue where SureLink could trigger a recovery action for an IPv6 interface even
if no IPv6 tests were configured has been resolved. [DAL-8248] 10. An issue with SureLink custom tests has been resolved. [DAL-8414] 11. A rare issue on the EX15 and EX15W where the modem could get into an unrecoverable state
unless the device or modem was power cycled has been resolved. [DAL-8123] 12. An issue with LDAP authentication not working when LDAP is the only configured
authentication method has been resolved. [DAL-8559] 13. An issue where local non-admin user passwords were not migrated after enabling Primary
Responder mode has been resolved. [DAL-8740] 14. An issue where a disabled interface would show received/sent values of N/A in the Web UI
Dashboard has been resolved. [DAL-8427] 15. An issue that prevented users from manually registering some Digi router types with Digi
Remote Manager via the Web UI has been resolved. [DAL-8493] 16. An issue where the system uptime metric was reporting an incorrect value to Digi Remote
Manager has been resolved. [DAL-8494] 17. An intermittent issue with migrating IPsec SureLink setting from devices running 22.11.x.x or
earlier has been resolved. [DAL-8415] 18. An issue where SureLink was not reverting the routing metrics when failing back on an
interface has been resolved. [DAL-8887] 19. An issue where the CLI and Web UI would not show the correct networking details when WAN
Bonding was enabled has been resolved. [DAL-8866] 20. An issue with the show wan-bonding CLI command has been resolved. [DAL-8899] 21. An issue that prevents devices from connecting to Digi Remote Manager over a WAN Bonding
interface has been resolved. [DAL-8882]
96000472_C
Release Notes Part Number: 93001381_D
Page 16
Documents / Resources
 |
DIGI Digi Accelerated Linux Operating System [pdf] Instructions AnywhereUSB Plus, Connect EZ, Connect IT, Digi Accelerated Linux Operating System, Accelerated Linux Operating System, Linux Operating System, Operating System |