========================================== Lantronix Evolution Device Server Software Software Release Notes April 08, 2020 Copyright 2020 (c) Lantronix Inc. ========================================== =============== RELEASE SUMMARY =============== RELEASED FILES: edspr_6_0_0_0_R5.romz (firmware) edspr_cli_6_0_0_0_R5.html (CLI documentation) RELEASE DATE: 4/08/2020 ============== RELEASE STATUS ============== Alpha ( ) Beta ( ) Supplemental ( ) Production (X) Test ( ) DOWNGRADE: To move BACKWARDS to an older firmware version, use Device Installer's "Recover Firmware" feature, with the "Erase All Flash" option selected, to load via a serial port. The configuration database is not automatically converted when moving backwards. UPGRADE: If your EDS runs on a firmware prior to V4.1.0.2 please upgrade to that version before proceeding. DO NOT ATTEMPT the procedure below unless the EDS is running at least v4.1.0.2. If the EDS is running beta code between V4.1.0.2 and anything earlier than V5.2.0.0R24, use Device Installer’s serial recovery method to load 4.1.0.2 before proceeding. The upgrade from V4.1.0.2 to V5.3.0.0R4 code must be started from the Evolution web manager. The 5.0.0.0 boot loader must be installed prior to the firmware. IF THIS PROCESS IS NOT FOLLOWED the unit will be unreachable on the network and you will need to recover back to V4.1.0.2 by using the device installer serial recovery method. 1) Open or connect to the Evolution Web manager either via device installer’s web configuration, or by opening a browser and typing in the IP address on the EDS model. 2) Type in the user name and password prompt. 3) From the orange menu options on the left, select "System". 4) Using the "Upload New Firmware" select "Browse" and the file "edsprboot_5_0_0_0.romz" on your PC, then click upload. The file will automatically load and the EDS will reboot. 5) When the EDS has finished rebooting, return to "System" in the Evolution web manager and load the "edspr_5_3_0_0_R4.romz" as in the last step. 6) When the EDS finishes rebooting it will be fully functional and running 5.3.0.0.R4 code. =============================================================================== ============ NEW FEATURES ============ o EVO-15 Add Telnet authentication and Line authentication under CLI to control login password. V6.0.0.0.R1 ----------- o LEG-3: Implement support for default password changes according to California Law SB327. o GGT-542: DIResponder: include serial number in discovery response. o BZ# 25652 - Add SHA2 HASH related cipher suite for TLS1.2 in EVOS o BZ# 30746 - XLM download indicator not visible in browser o BZ# 22310 - Support 2048 bit ssl certificate. o BZ# 26629 - Provide configurable option for Gratuitous ARP in Web UI o BZ# 25651 - Generate RSA-SHA1 self-signed SSL certificate inside EVOS o Implemented support of TLS1.2 protocol. o BZ# 24788 - Display device string once telnet/ssh connection established to device. - This feature shows 'login string' after establishing SSH or Telnet session. - By default login string is set to Device name. User can configure this string through CLI or Web UI. - The "Login Sting" should not exceed 32 characters. - It can be enabled or disabled by choosing "Login String State", by default it is disabled. - In Web UI, this feature is available under cli->Configuration. - In Command prompt it is available under "en->config->cli". o Supported key length 1024 while creation of SSL certificate. o Supported key length 1024 & 2048 while uploading external SSL certificate. o BZ# 24504: Server Name Identification support in SSL Client under Evolution. o Added SHA2 Algorithm support in SSL o SSL certificate upload support added for SHA2 algorithms SHA256, SHA384 & SHA512. v5.3.0.0 R4 ----------- o SNTP support =============================================================================== ================ REMOVED FEATURES ================ v6.0.0.0.R2 ----------- o Removed 'diffie-hellman-group1-sha1" SSH key exchange algorithm v6.0.0.0.R1 ----------- o Removed RC4 related cipher suite o Removed SSLv3 Support for Nessus scan report with high/medium risks o Removed DSA key type support in SSL certificate creation and also while uploading external certificates. o Removed 512 & 768 key length support in SSL certificate creation and also while uploading external certificates. o Removed VIP feature / support =============================================================================== BUG FIXES: ========== o LEG-63 CLI not showing device id strings. o LEG-64 Blanked FTP admin password and none is displayed. o LEG-65 XML SSH Server RSA and DSA private keys show with XX value o LEG-66 SSH server keys are exported with configured and ignored strings. o LEG-129 External upload of 4096 cert and key files failed on EDS4100 and EDSPR devices. o LEG-132 EDS16PS/EDS2100/EDS4100/EDS32PR failed to connect to EDS32PR via SSL tunnel. Error 1208 o LEG-136 IXP(EDS4100,PS and PR) based products fail to read Device ID o EVO-11 SSH KEX Protocols vulnerable to LOGJAM attack o EVO-13 Copyright needs to be updated to 2020 o EVO-14 Set default login password under CLI->Login password V6.0.0.0.R1 ----------- o EVO-5: Issue with TLS connection. o EVO-9: XML dump with secret and SSH/SSL keys are not aligned correctly. o LEG-52 Device does not get IP address during DHCP when 2 DHCP servers are on network. o BZ# 33785 - update copyrite to copyright to 2019 o BZ# 33522 - DHCP not working when ARP timeout came up o BZ# 33404 - Web interface failed in Microsoft Edge browser o BZ# 32854 - Improper handling of Server Certificate Request (13) in TLS1.2 o BZ# 31804 - status of the devices with the socket stuck in SYN_RECEIVED o BZ# 31677 - SSL Lab scan with Poodle and RoBot vulnerabilities o BZ# 26939 - Modbus/TCP-to-RTU RS485 failed to establish connection when serial connection unplug and plug o Bz# 31805 - Ping reply with Destination MAC as all 0's o BZ# 31274 - SSL - SHA256/TLS1.2 connection not working to .NET application running on Windows Server 2012 o BZ# 31040 - Exporting XML with SSL credential 4096-bit causes device to reboot o BZ# 27453 - SDK:HttpGetHeaders does not work o BZ# 30483 - Device reboots when we do ssllabs.com's server test o BZ# 30821 - handshake is not happening properly when TLS1.2 only selected o BZ# 30037 - SSH and SSL/TLS vulnerabilities and weaknesses o BZ# 29783 - Able to enter AES hex key length of less than 16 bytes o Fixed issue with rolling reset when booting new firmware with partition change o BZ# 27452 - Device is unreachable after software reboot o BZ# 26574 - EDS1100 - Access logging via syslog - 161010-000004 o BZ# 25626 - 160310-000012 Communication failure in environment of Firewall automatic failover o BZ# 26628 - Segmentation when starting TLS connection on Evolution o BZ# 26575 - 161125-000002 EDS2100/ALL EVOS ASML DHCP Sever - 161125-000002 - EDS2100 Unable to Open Socket To 1000x o BZ# 28239 - Device locks-up if not accessed for longer time o BZ# 27982 - Modbus/TCP response contains zero receive window size o BZ# 27923 - XPort Pro drops all connections when maximum exceeded o BZ# 28194 - Connect mode text box needs to be expanded o BZ# 29001 - Not receiving DHCP - NAC, Bug 28994 - serial tunnel local host IP-address is not changed it xPort-AR is assigned new IP-address o BZ# 29094 - XPort Pro does not connect to AWS o BZ# 26874 - EDS4100 cannot reply ACK packet against TCP packet having checksum of 0xffff. o BZ# 24786 - device reboot during network scan while running traffic. o BZ# 24797 - serial protocol not tunnel warning displayed twice. o BZ# 24799 - XML Importing files with spaces in the name does not inform the user that no changes were made due to the file name. o BZ# 24764 - unable to upgrade firmware/upload files through https. o BZ# 24765 - dns cache has an unforseen entry. o BZ# 24789 - web page does not load properly in IE11. o BZ# 24607: 160118-000000 - Björn Samvik - NetClean - XPP1002000-02R SNMP bulk request message causes "empty Response" 5.4.0.0B1. o BZ# 24642: 160216-000021 - EDS1100 - Open SSH 6.6.1p1 or 6.9p1> Not Connecting To EDS - Connection Is Reset By Peer. o BZ# 23896: 150824-000038 - Issue with MatchPort AR Modbus Tunnel locking up in 5.2.0.4R1. o BZ# 23611: 150722-000001 - XPort Pro SDK Not Responding Properly to SYN Packets w/Congestion Management Built In SDK 5.4.0.0Bx & V5.2.1.0B8. o BZ# 23912: 150311-000001 - xPort Pro Evo - Wants Support for SHA256 Certificate For HTTPS. o BZ# 23166: 150514-000044 - XPort Pro - Host Names Containing a Dash Do Not Work With ATDT Modem Commands. o Escalation 140131-000028 - MP AR - RFC2217 and setting RTS or DTR Not Working With CPR. o BZ# 22400: CLI: Request to display message to indicate xml import status. o BZ# 22398: Repeated messages show in the tlog when doing XML import. o BZ# 23167: 150513-000038 - XPort Pro - ATS0=2 Not Working - Won't Manually Accept Incoming Connection. o BZ# 22786: 150408-000003 - XPort AR SSH Not Working In 5.2.0.0R21 With Latest SSH version 6.x o BZ# 21545: 140911-000007 - MP b/g Pro - OEM Configuration feature does not work. o BZ# 22494: 150127-000026 - EVO devices receives multiple values from a GET command causing strange behaviour when using an SNMP agent. o Escalation 140919-000003 - UDP Not Working Correctly When Using Disconnect Time. o BZ# 21295: Adds read timeout in transport layer. o Escalation: 130903-000008 - MPR3002000-01 - ATD Connection timeout. o Escalation: 140219-000024 - MP b/g Pro - EVOS Across The Board - DHCP IP fails after A Failed First Attempt o Escalation: 140106-000017: SSL encrypted master secret is sent padded to full size. o Exception handler TLOG messages now output. o Escalation: 140103-000030 - EDS1100 - EVOS - SSH Versions Not Working With Version 6.2.P2. o Escalation: 130924-000082 - EVOS Across The Board - DHCP scenarios no longer exhaust heap. o Escalation: 131007-000020 - EDS1100 - Modem Mode Connections Fails To Enter Command Mode. o Escalation: 131203-000035 - EVOS Across The Board - Evolution devices "eating" a character after RFC2217 break? v5.3.0.0 R4 ----------- o BZ# 22397: Request to add help info in the clock page. v5.3.0.0 R3 ----------- o BZ# 22396: Webm>Clock: Current Time "Hour" should be in double digit. v5.3.0.0 R2 ----------- o BZ# 22389: CLI: Tlog did not show correct clock time when sync with ntp server. v5.3.0.0 R1 ----------- o BZ# 22289: EDS PR timezone configuration is different from PwaveEN. o BZ# 22290: current time does not include UTC offset. o BZ# 22292: Please update clock help text in webm. o BZ# 22294: Add date/time in tlog after ntp update. o BZ# 22302: Need to update copyright to 2007-2015. o BZ# 22304: Webm: Page fields misaligned in Chrome browser (on Windows 7). o BZ# 22307: Webm: Extra outlined box in Clock page (IE11 on Windows 7). o BZ# 22315: CLI>Clock: Request to clarify error message when month is not specified in text format using clock set command. o BZ# 22316: CLI>Clock: Year range in clock set command is different from Webm o BZ# 22328: XPort AR SDK: failed to build. o BZ# 21545: 140911-000007 - MP b/g Pro - OEM Configuration feature does not work. o BZ# 21295: Adds read timeout in transport layer. o Escalated Issue: 130903-000008 - MPR3002000-01 - ATD Connection timeout. o Escalated Issue: 140219-000024 - MP b/g Pro - EVOS Across The Board - DHCP IP fails after A Failed First Attempt - Same as 140107-0000210 for CoBos o Escalated Issue: 140106-000017: SSL encrypted master secret is sent padded to full size. Exception handler TLOG messages now output. o Escalated Issue: 140103-000030 - EDS1100 - EVOS - SSH Versions Not Working With Version 6.2.P2. o Escalated Issue: 130924-000082 - EVOS Across The Board - DHCP scenarios no longer exhaust heap. o Escalated Issue: 131007-000020 - EDS1100 - Modem Mode Connections Fails To Enter Command Mode. o Escalated Issue: 131203-000035 - EVOS Across The Board - Evolution devices "eating" a character after RFC2217 break? v5.2.0.4R1 ---------- o Escalated Issue: 130612-000004 - EDS00812N-01 - Boot Loop Appears To Be An Issue With SNMP. o Escalated Issue: Matchport AR I2C Reading Issues o BZ# 18227: Set MSCR register in bootloader for low drive strength. o Escalated Issue: 130219-000057 - XPort Pro - Needs The System To Support Padding For AES Keys in SDK. o Escalated Issue: 130212-000011 - MP b/g Pro - Does Not Support SSL Cert With * in Name (*.appspot.com). o Escalated Issue: 120515-000003 - XPort AR - Packing Mode Not Working Correctly in 5.2.0.0R20 Worked In 5.1.0.0R13. -> This feature specically for the Xport-AR product. o Escalated Issue: 121203-000016 - Xport Pro - 5.2.0.0R25 SDK - Heap Corruption Using Large SNMP MIBs" with the tag xport_pro_5_2_0_4_B5. o Escalated Issue: 120801-000004 - XPort Pro (EVOS) - When Entering 255 Chars In XML File Name The File System Web Page Is Unresponsive o Escalated Issue: 120103-000013 - XPort Pro RTS line toggle Fails With RFC2217 & CPR. o Escalated Issue: 111227-000007 - EDS1100 - Self-Signed SSL Cert. - Generates Same Serial Number - FireFox Fails. o BZ# 16005: Removes 0xF0 command from flashCfiQuery only for mfg=0x89, dev=0x17. =============================================================================== Known Bugs: ----------- Known Limitations: ------------------ o None.