FIRMWARE RELEASE NOTE ======================== Products affected: FA54 Release date: 2021-06-04 Release type: Production Firmware version: 10.6.0 Preceding release: 10.5.2 -------------------------------------------------------------------------------- Upgrade recommendations ======================== When updating the device, it is recommended to do an intermediate upgrade using an available AXIS OS LTS-release on the way to the desired AXIS OS version. For example, if the device currently is running AXIS OS 7.40 and you want to upgrade to the latest AXIS OS Active Track (Example: 10.1, October 2020) then you should do the upgrade in these steps: 7.40 => 8.40 LTS => 9.80 LTS => 10.1. More detailed recommendations can be found in the AXIS OS portal at https://www.axis.com/support/firmware. Upgrade the firmware according to the instructions given in howtoupgrade.txt, which is included in the firmware folder or according to instructions at https://www.axis.com/support/firmware. NOTE ======================== For latest information about Axis Cybersecurity, see: https://www.axis.com/support/product-security New features in 10.6.0 ================================================================================ 10.6.0:F1 MQTT subscription support added. With this support, it will be possible to use incoming MQTT messages as action triggers in the rule engine. 10.6.0:F2 Removed support for stream specific legacy overlays. The URL options for legacy image and legacy text overlay will not be supported any more. 10.6.0:F3 Added the possibility to show Day night Information switch in overlay text by using #dn. This will show both the current value and the threshold value for the day/night change. 10.6.0:F4 Added option to select which overlay should be used in a stream profile. 10.6.0:F5 Added "Audio clip playing" as a new condition in event system. 10.6.0:F6 HTTPS Ciphers are checked and unsupported ciphers removed on standard firmware upgrade 10.6.0:F7 Added a parameter to disable Apache & OpenSSL version in HTTP(S) responses in Plain Config -> System. 10.6.0:F8 Upgraded OpenSSL to 1.1.1k to increase overall minimum cyber security level. 10.6.0:F9 Updated Video Motion Detection to version 4.5.0. 10.6.0:F10 Support of stream specific legacy overlay is removed on Artpec platform. With this change, the URL option for both legacy image and text overlay will not be supported any more on Artpec platform. Features in 10.5.2 ================================================================================ 10.5.0:F1 RTSP and HTTP stream URL:s now allow for filtering overlays based on overlay type. This is done by setting 'overlays=' in the URL (only one value). 10.5.0:F2 OpenSSL upgraded to 1.1.1j to fix CVE-2021-23841 and CVE-2021-23840. 10.4.0:F1 Added support for new action "Publish MQTT", available in the web-interface in Events -> Device events -> Rules setup. This new action allows to publish MQTT messages with custom topic and payload. 10.4.0:F2 Added actions "Play audio clip while active" and "Stop playing audio clip" to the event system. 10.4.0:F3 Successful and failed user login attempts are now logged in detail when the Access Log parameter is enabled from Plain Config -> System -> Access Log 10.4.0:F4 OpenSSL upgraded to 1.1.1i to fix CVE-2020-1971. 10.3.0:F1 MQTT is now activated by default upon power loss or reboot if MQTT was enabled prior to it. 10.3.0:F2 Trigger Data functionality has been removed. Support for Trigger Data will continue on 9.80 LTS. 10.3.0:F3 Corrected an issue that prevented setting the gain individually on the left and right channel on products with stereo audio input. 10.3.0:F4 Added possibility to set a wear level for the SD card that the event system can trigger on. This is set in the Storage page. 10.3.0:F5 SD card wear level is now displayed on the Storage page if the SD card supports this feature. 10.3.0:F6 Added support for audit logging when a user exports video from the device's edge recording (SD card, network share). 10.3.0:F7 Updated OpenSSL to version 1.1.1h to increase overall minimum cyber security level. 10.3.0:F8 Corrected an issue that caused the audio transfer over HTTPS to not work properly and with that, the audio-gain-level behavior was also reverted back to the state it was known in AXIS OS releases up to AXIS OS 10.0.2. It is therefore mandatory to upgrade to AXIS OS 10.3 when experiencing audio-related issues on Axis devices running on AXIS OS 10.1 and 10.2. Upon release of AXIS OS 10.3, AXIS OS 10.1 and 10.2 will be made unavailable for download from www.axis.com moving forward. 10.3.0:F9 Updated Video Motion Detection to version 4.4.9. 10.2.0:F1 Updated Apache to version 2.4.46 to increase overall cyber security level. 10.2.0:F2 The AXIS Internet Dynamic DNS functionality has been removed. 10.2.0:F3 Removed feature NAT Traversal from UPnP. 10.2.0:F4 Added new events for supervising the digital audio input. 10.2.0:F5 Removed the record/play.cgi API. 10.1.0:F1 The parameters Time.ServerTime and Time.ServerDate that have been deprecated for some time are now removed. 10.1.0:F2 Added support for certificate-based client authentication in MQTT. 10.1.0:F3 Added support for Remote Syslog API which enables Axis devices to send their log messages to a remote syslog server. Remote Syslog can be configured via web- interface under Settings -> System -> TCP/IP or using the VAPIX API that can be found here -> https://www.axis.com/vapix-library/. 10.1.0:F4 A factory default is now mandatory when trying to downgrade the device. 10.1.0:F5 Improved performance when building up an RTSP video stream by 30%. 10.1.0:F6 Added support for a new overlay modifier "%v" that displays seconds in 1/1000 fractions. 10.1.0:F7 Added support for HTTP Strict Transport Security (HSTS) when using HTTPS. 10.1.0:F8 The following HTTP headers are now configured per default to increase overall cybersecurity level : X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block. 10.1.0:F9 Updates UPnP to version 1.8.7 which patches CVE-2020-12695 (Callstranger). 10.1.0:F10 Added support for IEEE 802.1x-2010 which provides support for EAPoL version 3. 10.1.0:F11 Changed default IEEE 802.1x EAPoL settting from version 1 to 3. 10.1.0:F12 Added support for configuring 802.1X without CA certificate. This will make the device authenticate on any network, not just the trusted one. 10.1.0:F13 The EAP-TLS-identity field in the 802.1x configuration is now by default filled with "axis-" value. 10.1.0:F14 Updated Video Motion Detection to version 4.4.8. 10.1.0:F15 Removed the download.cgi API. The exportrecording.cgi API which was introduced in 5.60 is the substitute. 10.0.0:F1 Added support for using mp3 audio clips. 10.0.0:F2 Added VAPIX API for enabling/disabling all privacy masks. 10.0.0:F3 Administrator credentials are now required to access privacymask.cgi. 10.0.0:F4 Added possibility to retrieve the device Owner Authentication Key (OAK) in the web GUI. Note that this functionality requires that the product have direct access to the internet. 10.0.0:F5 Updated Apache to version 2.4.43 to increase overall cyber security level. 10.0.0:F6 Updated OpenSSL to version 1.1.1g to increase overall minimum cyber security level. Corrections in 10.6.0 ================================================================================ 10.6.0:C1 Improved Motion Detection to handle scenes with extreme lighting changes , improving general behavior for applications that make use of this engine and data. 10.6.0:C2 Corrected an issue that did not account for MTU packet fragmentation for IEEE 802.1x authentication. Previously the Axis device was not able to authenticate properly against an 802.1x network when the MTU was configured to 1410 or lower. 10.6.0:C3 Corrected an issue that on some occasions could prevent export of a part of a recording. 10.6.0:C4 Corrected an issue that in combination with some VMSes and low resolution could cause brief disconnections in the video stream. Corrections in 10.5.2 ================================================================================ 10.5.2:C1 Corrected an issue that on some occasions prevented an upgrade to firmware version 10.5.0. 10.5.2:C2 Corrected an issue that could cause O3C-based connections with the device to be interrupted. 10.5.0:C1 Increased the number of allowed characters for event condition name to 512. 10.5.0:C2 Corrected an issue that prevented the use of some special characters in ONVIF passwords. 10.5.0:C3 Corrected an issue that caused the video to be stretched if in corridor mode and cropped. 10.5.0:C4 Corrected an issue that prevented the Axis device to respond with HTTP 403 Forbidden when the source-ip address was blocked when using PreventDOSAttack in Plain Config -> System. Previously HTTP 401 Unauthorized was returned. 10.4.0:C1 Corrected an issue that erased the password from the MQTT broker connection settings when editing settings occasionally. This required the user to re-enter the password when this happened. 10.4.0:C2 Corrected an issue that caused the MQTT configuration in the device to get corrupt on rare occasions. 10.4.0:C3 Corrected an issue that could caused an MQTT event to be duplicated upon registering the same event multiple times. 10.4.0:C4 Updated digital input LogicalState metadata API to consistently use 0/1 on all camera models. 10.4.0:C5 Corrected an issue that caused the device to send an EPRT command when transferring an image or video via FTP instead of an EPSV command. 10.4.0:C6 Corrected an issue where a network share used as a recipient could get its properties overwritten by another network share created from the Storage page. 10.4.0:C7 Corrected an issue that required the user to re-enter the password for the user for the MQTT broker connection upon changing other MQTT settings. 10.4.0:C8 Improved system stability when streaming multiple video streams at the same time. 10.4.0:C9 Corrected nice names for the PreventDoSAttack parameters in Settings -> System -> Plain Config-> System -> PreventDoSAttack. 10.4.0:C10 Improved Link Layer Discovery Protocol (LLDP) system stability. 10.4.0:C11 Corrected response for NTP API version. 10.3.0:C1 Corrected an issue that could cause live image to blink in dark conditions on rare occasions. 10.3.0:C2 Corrected an issue that caused video clients to not display a low-FPS video stream due to missing base FPS info in VUI timing info. 10.3.0:C3 Corrected an issue that caused PKCS#12-formatted certificate uploads to fail when certain special characters were used as a password. 10.3.0:C4 Corrected text for time offset in the Date & Time web page, the offset is now shown in milliseconds instead of seconds. 10.3.0:C5 Corrected an issue with pause-frame handling that could cause network disconnections if pause-frames were enabled and used in the network. 10.3.0:C6 Corrected an issue that prevented the device to utilize the available network bandwidth in high-latency networks such as 4G cellular network. 10.3.0:C7 Improved video streaming stability in multi-stream- and ONVIF Audio Backchannel scenarios. 10.3.0:C8 Corrected an issue that caused the value of Quality of Service (QoS) to not be respected in always multicast mode. 10.3.0:C9 Corrected an issue that prevented the device to stream in always-multicast mode after the video stream processing has been restarted. 10.2.0:C1 Corrected an issue that caused an error message to pop-up when pressing the test button of an event using HTTP recipients. 10.2.0:C2 Corrected an issue that caused the 'last will & testament' message not to work. Therefore, the default behavior for connect, disconnect and 'last will & testament' messages have been modified. By default a common topic, {device serial number}/event/connection, and a common payload structure will be used for such messages. 10.2.0:C3 Corrected an issue that caused a hard factory default even though a soft factory default was requested when upgrading the firmware via VAPIX. 10.2.0:C4 Corrected an issue that sometimes could make it impossible to export the full length of recordings. 10.2.0:C5 Corrected an issue that caused the device to stop video streaming over multicast after receiving multiple RTSP PLAY requests with "npt=0.000-" payload. 10.1.2:C1 Corrected an issue that caused the privacy masks to be rendered incorrectly after upgrade. 10.1.0:C1 Corrected an issue that caused an FTP Send Image action rule to use the temporary mode option even if the option was not enabled. 10.1.0:C2 Corrected an issue that caused overlays to blink randomly while adding new streams. 10.1.0:C3 On upgrade to 10.1 the web browser cache needs to be reset or the configuration page for VMD and/or Guard Suite ACAPs will show up as a blank screen. 10.1.0:C4 Corrected an issue that caused old recordings to not be removed after their retention period was expired. 10.0.2:C1 Corrected an issue that sometimes caused event triggered recordings to fail. 10.0.0:C1 Corrected an issue that sometimes could cause problems with edge sync between camera and Genetec VMS. 10.0.0:C2 Corrected an issue that prevented cross device triggering to work properly when IPv6 was used. 10.0.0:C3 Corrected an issue that sometimes made it impossible to edit action rules after upgrade. Known Bugs/Limitations ================================================================================ Supported AXIS VAPIX API Image Resolutions for FA54 ================================================================================ Resolution Exceptions Capture mode ------------ ------------ -------------- 1920x1080 2) 3) 4) 1280x720 2) 3) 4) 1024x768 2) 3) 4) 1024x640 2) 3) 4) 800x600 2) 3) 4) 800x500 2) 3) 4) 800x450 2) 3) 4) 640x480 2) 3) 4) 640x400 2) 3) 4) 640x360 2) 3) 4) 480x360 2) 3) 4) 480x300 2) 3) 4) 480x270 2) 3) 4) 384x288 4) 320x240 4) 240x180 4) 208x156 4) 176x144 4) 160x120 4) 1400x1050 1) 2) 3) 960x540 1) 2) 3) 768x576 1) 2) 3) 720x576 1) 2) 3) 704x576 1) 2) 3) 704x480 1) 2) 3) 704x288 1) 2) 3) 704x240 1) 2) 3) 384x288 1) 2) 3) 352x288 1) 2) 3) 4) 352x240 1) 2) 3) 4) 320x240 1) 2) 3) 320x200 1) 2) 3) 320x180 1) 2) 3) 240x180 1) 2) 3) 192x144 1) 2) 3) 4) 176x144 1) 2) 3) 176x120 1) 2) 3) 4) 160x120 1) 2) 3) 160x100 1) 2) 3) 160x90 1) 2) 3) 80x60 1) 2) 4) 80x50 1) 2) 3) 1) Not visible in web user interface 2) Available on Quad channel 3) 1080p 1920x1080 (16:9) @ 30/25fps 4) Thermal 208x156 (4:3) @ 9fps