========================================== Lantronix Evolution Device Server Software Software Release Notes April 08, 2020 Copyright 2020 (c) Lantronix Inc. ========================================== =============== RELEASE SUMMARY =============== RELEASED FILES: eds4100_6_0_0_0_R5.romz (firmware) eds4100_cli_6_0_0_0_R5.html (CLI documentation) RELEASE DATE: 4/08/2020 ============== RELEASE STATUS ============== Alpha ( ) Beta ( ) Supplemental ( ) Production (X) Test ( ) DOWNGRADE: To move BACKWARDS to an older firmware version, use Device Installer's "Recover Firmware" feature, with the "Erase All Flash" option selected, to load via a serial port. The configuration database is not automatically converted when moving backwards. UPGRADE: If your EDS runs on a firmware prior to V4.1.0.2 please upgrade to that version before proceeding. DO NOT ATTEMPT the procedure below unless the EDS is running at least v4.1.0.2. If the EDS is running beta code between V4.1.0.2 and anything earlier than V5.2.0.0R24, use Device Installer’s serial recovery method to load 4.1.0.2 before proceeding. The upgrade from V4.1.0.2 to V5.4.0.1R1 code must be started from the Evolution web manager. The 5.0.0.0 boot loader must be installed prior to the firmware. IF THIS PROCESS IS NOT FOLLOWED the unit will be unreachable on the network and you will need to recover back to V4.1.0.2 by using the device installer serial recovery method. 1) Open or connect to the Evolution Web manager either via device installer’s web configuration, or by opening a browser and typing in the IP address on the EDS model. 2) Type in the user name and password prompt. 3) From the orange menu options on the left, select "System". 4) Using the "Upload New Firmware" select "Browse" and the file "eds4100boot_5_0_0_0.romz" on your PC, then click upload. The file will automatically load and the EDS will reboot. 5) When the EDS has finished rebooting, return to "System" in the Evolution web manager and load the "eds4100_5_4_0_1_R1.romz" as in the last step. 6) When the EDS finishes rebooting it will be fully functional and running 5.4.0.1R1 code. =============================================================================== ============ NEW FEATURES ============ o EVO-15 Add Telnet authentication and Line authentication under CLI to control login password. o LEG-87 Add TLS1.2 support for EDS4100 o BZ# 25652 - Add SHA2 HASH related cipher suite for TLS1.2 in EVOS V6.0.0.0.R1 ----------- o LEG-3: Implement support for default password changes according to California Law SB327. o GGT-542: DIResponder: include serial number in discovery response. o BZ# 25652 - Add SHA2 HASH related cipher suite for TLS1.2 in EVOS o BZ# 30746 - XLM download indicator not visible in browser o BZ# 22310 - Support 2048 bit ssl certificate. o BZ# 26629 - Provide configurable option for Gratuitous ARP in Web UI o BZ# 25651 - Generate RSA-SHA1 self-signed SSL certificate inside EVOS o Implemented support of TLS1.2 protocol. o BZ# 24788 - Display device string once telnet/ssh connection established to device. - This feature shows 'login string' after establishing SSH or Telnet session. - By default login string is set to Device name. User can configure this string through CLI or Web UI. - The "Login Sting" should not exceed 32 characters. - It can be enabled or disabled by choosing "Login String State", by default it is disabled. - In Web UI, this feature is available under cli->Configuration. - In Command prompt it is available under "en->config->cli". o Supported key length 1024 while creation of SSL certificate. o Supported key length 1024 & 2048 while uploading external SSL certificate. o BZ# 24504: Server Name Identification support in SSL Client under Evolution. v5.4.0.1.R1 ----------- o Added SHA2 Algorithm support in SSL o SSL certificate upload support added for SHA2 algorithms SHA256, SHA384 & SHA512. o Supports key length 1024 while creation of SSL certificate. o Supports key length 1024 & 2048 while uploading external SSL certificate. o Server Name Identification(SNI) support in SSL Client. - SNI feature can be tested only with SDK application, while our device acts as SSL client. o Display device string once telnet/ssh connection established to device. - This feature shows 'login string' after establishing SSH or Telnet session to the CLI. - By default login string is set to the device name. User can configure this string through CLI or Web UI. - The "Login Sting" should not exceed 32 characters. - It can be enabled or disabled by choosing "Login String State", by default it is disabled. - In Web UI, this feature is available under cli->Configuration. - In Command prompt it is available under "en->config->cli". o Support SSL Cert With * in Name o Add reboot log. o Serial trigger for email. o Two byte send character. o 'Save' option to store the Self Signed ceritificate in Web Manager. o Web manager : Show CPU Load in Process Diagnostics. =============================================================================== REMOVED FEATURES ================ v6.0.0.0.R2 ----------- o Removed 'diffie-hellman-group1-sha1" SSH key exchange algorithm v6.0.0.0.R1 ----------- o Removed RC4 related cipher suite o Removed SSLv3 Support for Nessus scan report with high/medium risks o Removed DSA key type support in SSL certificate creation and also while uploading external certificates. o Removed 512 & 768 key length support in SSL certificate creation and also while uploading external certificates. o Removed VIP feature / support =============================================================================== BUG FIXES: ========== o LEG-63 CLI not showing device id strings. o LEG-64 Blanked FTP admin password and none is displayed. o LEG-65 XML SSH Server RSA and DSA private keys show with XX value o LEG-66 SSH server keys are exported with configured and ignored strings. o EVO-11 SSH KEX Protocols vulnerable to LOGJAM attack o EVO-13 Copyright needs to be updated to 2020 o EVO-14 Set default login password under CLI->Login password o LEG-129 External upload of 4096 cert and key files failed on EDS4100 and EDSPR devices. o LEG-131 RTC current time shows with prefix via web manager. o LEG-132 EDS16PS/EDS2100/EDS4100/EDS32PR failed to connect to EDS32PR via SSL tunnel. Error 1208 o LEG-136 IXP(EDS4100,PS and PR) based products fail to read Device ID V6.0.0.0.R1 ----------- o EVO-5: Issue with TLS connection. o EVO-9: XML dump with secret and SSH/SSL keys are not aligned correctly. o LEG-52 Device does not get IP address during DHCP when 2 DHCP servers are on network. o BZ# 33785 - update copyrite to copyright to 2019 o BZ# 33522 - DHCP not working when ARP timeout came up o BZ# 33404 - Web interface failed in Microsoft Edge browser o BZ# 32854 - Improper handling of Server Certificate Request (13) in TLS1.2 o BZ# 31804 - status of the devices with the socket stuck in SYN_RECEIVED o BZ# 30522 - Taking long time to load static HTTP page compare to older flash. o BZ# 31677 - SSL Lab scan with Poodle and RoBot vulnerabilities o BZ# 26939 - Modbus/TCP-to-RTU RS485 failed to establish connection when serial connection unplug and plug o Bz# 31805 - Ping reply with Destination MAC as all 0's o BZ# 31274 - SSL - SHA256/TLS1.2 connection not working to .NET application running on Windows Server 2012 o BZ# 31040 - Exporting XML with SSL credential 4096-bit causes device to reboot o BZ# 27453 - SDK:HttpGetHeaders does not work o BZ# 30483 - Device reboots when we do ssllabs.com's server test o BZ# 30821 - handshake is not happening properly when TLS1.2 only selected o BZ# 30856 - SNMP issue Xport Pro v5.5 o Bz# 30400 - Chrome: Border overflow on HTTP configuration page o BZ# 30151 - Chrome: Border overflow on Email/SMTP webpages o BZ# 30037 - SSH and SSL/TLS vulnerabilities and weaknesses o BZ# 29783 - Able to enter AES hex key length of less than 16 bytes o Fixed issue with rolling reset when booting new firmware with partition change o BZ# 27452 - Device is unreachable after software reboot o BZ# 26574 - EDS1100 - Access logging via syslog - 161010-000004 o BZ# 25626 - 160310-000012 Communication failure in environment of Firewall automatic failover o BZ# 26628 - Segmentation when starting TLS connection on Evolution o BZ# 26575 - 161125-000002 EDS2100/ALL EVOS ASML DHCP Sever - 161125-000002 - EDS2100 Unable to Open Socket To 1000x o BZ# 28239 - Device locks-up if not accessed for longer time o BZ# 27982 - Modbus/TCP response contains zero receive window size o BZ# 27923 - XPort Pro drops all connections when maximum exceeded o BZ# 28194 - Connect mode text box needs to be expanded o BZ# 29001 - Not receiving DHCP - NAC, Bug 28994 - serial tunnel local host IP-address is not changed it xPort-AR is assigned new IP-address o BZ# 29094 - XPort Pro does not connect to AWS v5.4.0.1.R1 ----------- o BZ# 26874 - EDS4100 cannot reply ACK packet against TCP packet having checksum of 0xffff. v5.4.0.0.R8 ----------- o BZ# 24624 - 151216-000009 - MP b/g Pro - WPA2 Enterprise Not Working With Windows 2008/2012 Radius Server - Works w/2003 Server. v5.4.0.0.R7 ----------- o BZ# 24798 - Request to add "no login string" command in CLI o BZ# 24799 - XML Importing files with spaces in the name does not inform the user that no changes were made due to the file name. v5.4.0.0.R6 ----------- o BZ# 24762 - change the default SSL certificate expiry date. o BZ# 24764, 24767 - unable to upgrade firmware/upload files through https. v5.4.0.0.R5 ----------- o BZ# 24607: 160118-000000 - Björn Samvik - NetClean - XPP1002000-02R SNMP bulk request message causes "empty Response" 5.4.0.0B1. o BZ# 24642: 160216-000021 - EDS1100 - Open SSH 6.6.1p1 or 6.9p1> Not Connecting To EDS - Connection Is Reset By Peer. v5.4.0.0.R4 ----------- o BZ# 23896: 150824-000038 - Issue with MatchPort AR Modbus Tunnel locking up in 5.2.0.4R1. o BZ# 23611: 150722-000001 - XPort Pro SDK Not Responding Properly to SYN Packets w/Congestion Management Built In SDK 5.4.0.0Bx & V5.2.1.0B8. v5.4.0.0.R1 ----------- o BZ# 23912: 150311-000001 - xPort Pro Evo - Wants Support for SHA256 Certificate For HTTPS. o BZ# 23166: 150514-000044 - XPort Pro - Host Names Containing a Dash Do Not Work With ATDT Modem Commands. o Escalation 140131-000028 - MP AR - RFC2217 and setting RTS or DTR Not Working With CPR. o BZ# 22400: CLI: Request to display message to indicate xml import status. o BZ# 22398: Repeated messages show in the tlog when doing XML import. o BZ# 23167: 150513-000038 - XPort Pro - ATS0=2 Not Working - Won't Manually Accept Incoming Connection. o BZ# 22786: 150408-000003 - XPort AR SSH Not Working In 5.2.0.0R21 With Latest SSH version 6.x o BZ# 21545: 140911-000007 - MP b/g Pro - OEM Configuration feature does not work. o BZ# 22494: 150127-000026 - EVO devices receives multiple values from a GET command causing strange behaviour when using an SNMP agent. o Escalation 140919-000003 - UDP Not Working Correctly When Using Disconnect Time. o BZ# 22328: XPort AR SDK: failed to build. o BZ# 21295: Adds read timeout in transport layer. o Escalation: 130903-000008 - MPR3002000-01 - ATD Connection timeout. o Escalation: 140219-000024 - MP b/g Pro - EVOS Across The Board - DHCP IP fails after A Failed First Attempt o Escalation: 140106-000017: SSL encrypted master secret is sent padded to full size. o Exception handler TLOG messages now output. o Escalation: 140103-000030 - EDS1100 - EVOS - SSH Versions Not Working With Version 6.2.P2. o Escalation: 130924-000082 - EVOS Across The Board - DHCP scenarios no longer exhaust heap. o Escalation: 131007-000020 - EDS1100 - Modem Mode Connections Fails To Enter Command Mode. o Escalation: 131203-000035 - EVOS Across The Board - Evolution devices "eating" a character after RFC2217 break? v5.2.0.4R1 ---------- o Escalation: 130612-000004 - EDS00812N-01 - F11-Boot Loop Appears To Be An Issue With SNMP. o Escalation: Matchport AR I2C Reading Issues o Escalation: 130219-000057 - XPort Pro - Needs The System To Support Padding For AES Keys in SDK. o Escalation: 130212-000011 - MP b/g Pro - Does Not Support SSL Cert With * in Name (*.appspot.com). o Escalation: 120515-000003 - XPort AR - Packing Mode Not Working Correctly in 5.2.0.0R20 Worked In 5.1.0.0R13. o Escalation: 121203-000016 - Xport Pro - 5.2.0.0R25 SDK - Heap Corruption Using Large SNMP MIBs" with the tag xport_pro_5_2_0_4_B5. o Escalation: 120801-000004 - XPort Pro (EVOS) - When Entering 255 Chars In XML File Name The File System Web Page Is Unresponsive o Escalation: 120103-000013 - XPort Pro RTS line toggle Fails With RFC2217 & CPR. o Escalation: 111227-000007 - EDS1100 - Self-Signed SSL Cert. - Generates Same Serial Number - FireFox Fails. o BZ# 16005: Removes 0xF0 command from flashCfiQuery only for mfg=0x89, dev=0x17. o BZ# 11948: Shortens text message so we can read the actual error code. =============================================================================== Known Bugs: ----------- Known Limitations: ------------------ o SSH and SSL performance is slow due to the heavy processing needed.