========================================== Lantronix Evolution Device Server Software Software Release Notes April 08, 2020 Copyright 2020 (c) Lantronix Inc. ========================================== =============== RELEASE SUMMARY =============== RELEASED FILES: eds_x100_6_0_0_0_R5.romz (firmware) eds_x100_cli_6_0_0_0_R5.html (CLI documentation) RELEASE DATE: 4/08/2019 ============== RELEASE STATUS ============== Alpha ( ) Beta ( ) Supplemental ( ) Production (X) Test ( ) DOWNGRADE: To move BACKWARDS to an older firmware version, use Device Installer's "Recover Firmware" feature, with the "Erase All Flash" option selected, to load via a serial port. The configuration database is not automatically converted when moving backwards. UPGRADE: If you experience any difficulty upgrading the firmware, use Device Installer's "Recover Firmware" feature, with the "Erase All Flash" option selected, to recover via a serial port. ============ NEW FEATURES ============ o EVO-15 Add Telnet authentication and Line authentication under CLI to control login password. o BZ# 25652 - Add SHA2 HASH related cipher suite for TLS1.2 in EVOS o LEG-133 EDS2100 shows only 1024 as ssl key length. V6.0.0.0.R1 ----------- o LEG-3: Implement support for default password changes according to California Law SB327. o GGT-542: DIResponder: include serial number in discovery response. o BZ# 25652 - Add SHA2 HASH related cipher suite for TLS1.2 in EVOS o BZ# 30746 - XLM download indicator not visible in browser o BZ# 22310 - Support 2048 bit ssl certificate. o BZ# 26629 - Provide configurable option for Gratuitous ARP in Web UI o BZ# 25651 - Generate RSA-SHA1 self-signed SSL certificate inside EVOS o Implemented support of TLS1.2 protocol. v5.4.0.0.R7 ----------- o Added SHA2 Algorithm support in SSL o SSL certificate upload support added for SHA2 algorithms SHA256, SHA384 & SHA512. o Supports key length 1024 while creation of SSL certificate. o Supports key length 1024 & 2048 while uploading external SSL certificate. o Server Name Identification(SNI) support in SSL Client. - SNI feature can be tested only with SDK application, while our device acts as SSL client. o Display device string once telnet/ssh connection established to device. - This feature shows 'login string' after establishing SSH or Telnet session to the CLI. - By default login string is set to the device name. User can configure this string through CLI or Web UI. - The "Login Sting" should not exceed 32 characters. - It can be enabled or disabled by choosing "Login String State", by default it is disabled. - In Web UI, this feature is available under cli->Configuration. - In Command prompt it is available under "en->config->cli". o Support SSL Cert With * in Name o Add reboot log. o wants serial trigger for email. o Multiple socket connections to same port. o Two byte send character. o 'Save' option to store the Self Signed ceritificate in Web Manager. o Web manager : Show CPU Load in Process Diagnostics. =============================================================================== REMOVED FEATURES ================ v6.0.0.0.R2 ----------- o Removed 'diffie-hellman-group1-sha1" SSH key exchange algorithm v6.0.0.0.R1 ----------- o Removed RC4 related cipher suite o Removed SSLv3 Support for Nessus scan report with high/medium risks o Removed DSA key type support in SSL certificate creation and also while uploading external certificates. o Removed 512 & 768 key length support in SSL certificate creation and also while uploading external certificates. o Removed VIP feature / support =============================================================================== BUG FIXES: ========== o LEG-63 CLI not showing device id strings. o LEG-64 Blanked FTP admin password and none is displayed. o LEG-65 XML SSH Server RSA and DSA private keys show with XX value o LEG-66 SSH server keys are exported with configured and ignored strings. o LEG-129 External upload of 4096 cert and key files failed on EDS4100 and EDSPR devices. o LEG-132 EDS16PS/EDS2100/EDS4100/EDS32PR failed to connect to EDS32PR via SSL tunnel. Error 1208 o LEG-136 IXP(EDS4100,PS and PR) based products fail to read Device ID o EVO-11 SSH KEX Protocols vulnerable to LOGJAM attack o EVO-13 Copyright needs to be updated to 2020 o EVO-14 Set default login password under CLI->Login password V6.0.0.0.R1 ----------- o EVO-5: Issue with TLS connection. o EVO-9: XML dump with secret and SSH/SSL keys are not aligned correctly. o LEG-52 Device does not get IP address during DHCP when 2 DHCP servers are on network. o BZ# 33785 - update copyrite to copyright to 2019 o BZ# 33522 - DHCP not working when ARP timeout came up o BZ# 33404 - Web interface failed in Microsoft Edge browser o BZ# 32854 - Improper handling of Server Certificate Request (13) in TLS1.2 o BZ# 31804 - status of the devices with the socket stuck in SYN_RECEIVED o BZ# 30522 - Taking long time to load static HTTP page compare to older flash. o BZ# 31677 - SSL Lab scan with Poodle and RoBot vulnerabilities o BZ# 26939 - Modbus/TCP-to-RTU RS485 failed to establish connection when serial connection unplug and plug o Bz# 31805 - Ping reply with Destination MAC as all 0's o BZ# 31274 - SSL - SHA256/TLS1.2 connection not working to .NET application running on Windows Server 2012 o BZ# 31040 - Exporting XML with SSL credential 4096-bit causes device to reboot o BZ# 27453 - SDK:HttpGetHeaders does not work o BZ# 30483 - Device reboots when we do ssllabs.com's server test o BZ# 30821 - handshake is not happening properly when TLS1.2 only selected o BZ# 30856 - SNMP issue Xport Pro v5.5 o Bz# 30400 - Chrome: Border overflow on HTTP configuration page o BZ# 30151 - Chrome: Border overflow on Email/SMTP webpages o BZ# 30037 - SSH and SSL/TLS vulnerabilities and weaknesses o BZ# 29783 - Able to enter AES hex key length of less than 16 bytes o Fixed issue with rolling reset when booting new firmware with partition change o BZ# 27452 - Device is unreachable after software reboot o BZ# 26574 - EDS1100 - Access logging via syslog - 161010-000004 o BZ# 25626 - 160310-000012 Communication failure in environment of Firewall automatic failover o BZ# 26628 - Segmentation when starting TLS connection on Evolution o BZ# 26575 - 161125-000002 EDS2100/ALL EVOS ASML DHCP Sever - 161125-000002 - EDS2100 Unable to Open Socket To 1000x o BZ# 28239 - Device locks-up if not accessed for longer time o BZ# 27982 - Modbus/TCP response contains zero receive window size o BZ# 27923 - XPort Pro drops all connections when maximum exceeded o BZ# 28194 - Connect mode text box needs to be expanded o BZ# 29001 - Not receiving DHCP - NAC, Bug 28994 - serial tunnel local host IP-address is not changed it xPort-AR is assigned new IP-address o BZ# 29094 - XPort Pro does not connect to AWS o BZ# 26874 - EDS4100 cannot reply ACK packet against TCP packet having checksum of 0xffff. v5.4.0.0.R7 ----------- o BZ# 24786 - device reboot during network scan while running traffic. o BZ# 24792 - Warning texts break in the middle of the word. o BZ# 24795 - FF does not show lantronix logo(orange color L in browser tab) o BZ# 24797 - serial protocol not tunnel warning displayed twice. o BZ# 24799 - XML Importing files with spaces in the name does not inform the user that no changes were made due to the file name. v5.4.0.0.R6 ----------- o BZ# 24760 - please update ssl help text. o BZ# 24761 - suggest to remove radio button for RSA. o BZ# 24762 - suggest to change the default SSL certificate expiry date. o BZ# 24763 - please fix invalid baud rate error message. o BZ# 24764 - unable to upgrade firmware/upload files through https. o BZ# 24765 - dns cache has an unforseen entry. o BZ# 24767 - unable to upgrade firmware/upload files through https. o BZ# 24789 - web page does not load properly in IE11. v5.4.0.0.R5 ----------- o BZ# 24607: 160118-000000 - Björn Samvik - NetClean - XPP1002000-02R SNMP bulk request message causes "empty Response" 5.4.0.0B1. o BZ# 24642: 160216-000021 - EDS1100 - Open SSH 6.6.1p1 or 6.9p1> Not Connecting To EDS - Connection Is Reset By Peer. v5.4.0.0.R4 ----------- o BZ# 24193: SHA2 (RSA): Unable to access device via HTTPS port on some hash algorithms/key lengths. o BZ# 24194: SHA2 (DSA): Unable to access device via HTTPS port on some hash algorithms/key lengths. o BZ# 23896: 150824-000038 - Issue with MatchPort AR Modbus Tunnel locking up in 5.2.0.4R1. o BZ# 23611: 150722-000001 - XPort Pro SDK Not Responding Properly to SYN Packets w/Congestion Management Built In SDK 5.4.0.0Bx & V5.2.1.0B8. v5.4.0.0.R1 ----------- o BZ# 23912: 150311-000001 - xPort Pro Evo - Wants Support for SHA256 Certificate For HTTPS. o BZ# 23166: 150514-000044 - XPort Pro - Host Names Containing a Dash Do Not Work With ATDT Modem Commands. o Escalation 140131-000028 - MP AR - RFC2217 and setting RTS or DTR Not Working With CPR. o BZ# 22400: CLI: Request to display message to indicate xml import status. o BZ# 22398: Repeated messages show in the tlog when doing XML import. o BZ# 23167: 150513-000038 - XPort Pro - ATS0=2 Not Working - Won't Manually Accept Incoming Connection. o BZ# 22786: 150408-000003 - XPort AR SSH Not Working In 5.2.0.0R21 With Latest SSH version 6.x o BZ# 21545: 140911-000007 - MP b/g Pro - OEM Configuration feature does not work. o BZ# 22494: 150127-000026 - EVO devices receives multiple values from a GET command causing strange behaviour when using an SNMP agent. o Escalation 140919-000003 - UDP Not Working Correctly When Using Disconnect Time. o BZ# 22328: XPort AR SDK: failed to build. o BZ# 21295: Adds read timeout in transport layer. o Escalation: 130903-000008 - MPR3002000-01 - ATD Connection timeout. o Escalation: 140219-000024 - MP b/g Pro - EVOS Across The Board - DHCP IP fails after A Failed First Attempt o Escalation: 140106-000017: SSL encrypted master secret is sent padded to full size. o Exception handler TLOG messages now output. o Escalation: 140103-000030 - EDS1100 - EVOS - SSH Versions Not Working With Version 6.2.P2. o Escalation: 130924-000082 - EVOS Across The Board - DHCP scenarios no longer exhaust heap. o Escalation: 131007-000020 - EDS1100 - Modem Mode Connections Fails To Enter Command Mode. o Escalation: 131203-000035 - EVOS Across The Board - Evolution devices "eating" a character after RFC2217 break? v5.2.0.4R1 ---------- o Escalation: 130612-000004 - EDS00812N-01 - F11-Boot Loop Appears To Be An Issue With SNMP. o Escalation: Matchport AR I2C Reading Issues o BZ# 18227: Set MSCR register in bootloader for low drive strength. o Escalation: 130219-000057 - XPort Pro - Needs The System To Support Padding For AES Keys in SDK. o Escalation: 130212-000011 - MP b/g Pro - Does Not Support SSL Cert With * in Name (*.appspot.com). o Escalation: 120515-000003 - XPort AR - Packing Mode Not Working Correctly in 5.2.0.0R20 Worked In 5.1.0.0R13. o Escalation: 121203-000016 - Xport Pro - 5.2.0.0R25 SDK - Heap Corruption Using Large SNMP MIBs" with the tag xport_pro_5_2_0_4_B5. o Escalation: 120801-000004 - XPort Pro (EVOS) - When Entering 255 Chars In XML File Name The File System Web Page Is Unresponsive o Escalation: 120103-000013 - XPort Pro RTS line toggle Fails With RFC2217 & CPR. o Escalation: 111227-000007 - EDS1100 - Self-Signed SSL Cert. - Generates Same Serial Number - FireFox Fails. o BZ# 16005: Removes 0xF0 command from flashCfiQuery only for mfg=0x89, dev=0x17. o BZ# 11948: Shortens text message so we can read the actual error code. o BZ# 14547: Removes "failed window adjust" debug tlog. o BZ# 15169: Web Manager - update copyright to 2012. o BZ# 15227: Web Manager page is now okay after file system is formatted. o BZ# 15228: Now able to configure hostname in ssh known host. o BZ# 15250: CLI user may now select AES protocol first, and then set the AES keys. o BZ# 15382: Now passes optional message buffer into email send. o BZ# 15383: Two changes to digest authentication: * Authentication records now hold the two prior used nonces instead of just the single previous nonce * A stale nonce value (old or next older) is accepted for the new-nonce exchange if the record has already been marked stale and the request is received within the stale nonce timeout period (3 minutes). o BZ# 15449: CLI Tunnel Accept Mode now can configure protocol TCP/AES. o BZ# 16005: Removes 0xF0 command from flashCfiQuery. o BZ# 16273: SSL server name verification is now case-insensitive. v5.2.0.2 R1 ------------ o BZ# 15929: MatchPort logo needs "R" registration mark in upper left corner of webmanager. o BZ# 15638: RTS output is showing asserted when hardware flow control is off. o BZ# 15745: unsaved changes warning is not seen when encryption is enabled or disabled. o BZ# 15684: WebM: Warning message of WLAN not written to flash is displayed twice. o BZ# 15676: PAE state is different in webm and CLI. o BZ# 15752: kill session command missing in line1. o BZ# 15545: webm shows garbage after formatting file system. o BZ# 15227: webm page shows garbage after file system is formatted. o BZ# 15228: Unable to configure hostname in ssh known host. o BZ# 16273: SSL certificate not verified. v5.2.0.1 R5 ------------ o BZ# 15590: unable to configure host name in ssh. o BZ# 15551: unable tunnel from serial to network with flow control turned on. o BZ# 15496: Data is queued and XTCP does not run via hardware flow control. o BZ# 14122: Escalation 110906-000010: XML - XCR Dump Slows Then Stops Before Complete. o BZ# 15572: unable to tunnel with RS485 2 wire. v5.2.0.1 R3 ----------- o BZ# 15217: unable to open https session (page does not load). o BZ# 15208: Escalation 110511-000039 - RTS line toggle via RFC2217. v5.2.0.1 R2 ----------- o BZ# 15168: “ERROR: Hardware flow control requires a CP that is already in use.” o BZ# 15169: Web: Please update copyright to 2012. o BZ# 15167: RFC2217: Overlapauto failed to run via baud 9600. o BZ# 15215: unable to ssh to the device. o BZ# 15250: CLI: Device should not prompt error when user sets tcp/udp aes protocol before config aes keys. v5.2.0.1 R1 ----------- o BZ# 14536: TCP AES no longer works with 128 bits. o BZ# 14889: Serial monitoring has changed, not compatible with released code. o BZ# 13382: Escalation 110610-000041: Wants AES 256 for tunnel connections. o BZ# 13224: Add reboot log. o BZ# 13134: reboot required to restore VIP. v5.2.0.0 R25 ------------ o BZ# 13126: Escalation: 110420-000040 - SSH Connection With USE Linux Server Fails. o BZ# 13800: Escalation: 110805-000008: Sending RST Instead of FIN In Modem Emulation after ATH. v5.2.0.0 R24 ------------ o BZ# 12842: Memory leak in XML. o BZ# 12441: RFC2217 test: overlapauto does not work with 2000 bytes buffer size. o BZ# 12750: SSH connection to configuration port terminated even though inactivity timeout is disabled. o BZ# 12766: Network configuration is missing under Terminal Page. o BZ# 12403: XML import of data containg comments no longer fails. o BZ# 12414: Configuration port check now works for HTTP and HTTPS. v5.2.0.0 R23 ------------ o BZ# 12414: Config port checking does not work for http/https. v5.2.0.0 R22 ------------ o BZ# 12322: Changing Tunnel Accept config can kill web connection. v5.2.0.0 R21 ------------ o BZ# 11891: File system format no longer wipes out configuration when it decides to switch banks for erasure leveling. o BZ# 12360: The SSL client now sends a blank certificate when none is configured, allowing operation with more server implementations. =============================================================================== Known Bugs: ----------- Known Limitations: ------------------ o SSH and SSL performance is slow due to the heavy processing needed.