FIRMWARE RELEASE NOTE ====================== Products affected: AXIS M3037-PVE Release date: 2022-02-07 Release type: Production Firmware version: 6.55.2.2 Preceding release: 6.55.2.1 -------------------------------------------------------------------------------- Upgrade instructions ==================== Upgrade the firmware according to the instructions given at https://www.axis.com/ca/en/support/technical-notes/how-to-upgrade or howtoupgrade.txt, which is included in the firmware folder. NOTE ==================== For latest information about Axis Cybersecurity, see https://www.axis.com/se/sv/support/product-security. Corrections in 6.55.2.2 since 6.55.2.1 ======================================= 6.55.2.2:C01 Corrected CVE-2021-31987. 6.55.2.2:C02 Updated pwdgrp.cgi to be RFC compliant to work seamlessly with Home Assistant Systems. 6.55.2.2:C03 Added support to enable/disable X-Frame-Options headers in the plainconfig. By default, X-Frame-Options is enabled and its value is set to "sameorigin". 6.55.2.2:C04 Corrected an issue in oak.cgi that could cause invalid requests. 6.55.2.2:C05 Added possibility to retrieve the device Owner Authentication Key (OAK) in the web GUI. Note that this functionality requires that the product have direct access to the internet. 6.55.2.2:C06 Updated wpa-supplicant to version 2.9 to increase the overall cybersecurity level. The following cybersecurity vulnerabilities are fixed: CVE-2019-13377 CVE-2019-16275. 6.55.2.2:C07 Corrected an issue that caused monolith to timeout and respawn during too many connect/disconnect RTSP streaming requests. 6.55.2.2:C08 Updated OpenSSL to version 1.1.1l to increase overall minimum cybersecurity level. 6.55.2.2.C09 Updated OpenSSH to version 8.6p1 to increase overall minimum cybersecurity level. 6.55.2.2.C10 Updated curl to version 7.78.0 to increase overall cybersecurity level. 6.55.2.2.C11 Updated Apache to version 2.4.48 to increase overall cybersecurity level. Corrections in 6.55.2.1 since 6.55.2 ===================================== 6.55.2.1:C01 Added support for SD card encryption. Corrections in 6.55.2 since 6.55.1.2 ===================================== 6.55.2:C01 Removed the root users default password in factory defaulted firmware. The password of the root user must be set first in order to initialize VAPIX and ONVIF interfaces to allow further configuration. This change only affects products in its factory defaulted state, products that are already deployed in production systems are not affected by this update until factory defaulted. 6.55.2:C02 Corrected an issue that caused snapshot JPEG images to contain erroneous data and resulting in problems to display them in some viewers. 6.55.2:C03 Increased the limit of concurrent HTTP requests for I/O related VAPIX commands from 4 to 10. 6.55.2:C04 Corrected an issue that prevented the insertion of triggered data in SEI messages when streaming H.264. 6.55.2:C05 Updated OpenSSL to version 1.0.2s to increase overall minimum cyber security level. 6.55.2:C06 Updated LIBSSH2 to version 1.8.2 due to that version 1.8.1 broke publickey-userauth requests. 6.55.2:C07 Updated Mozilla ca-certificates to versions available at 20190122. 6.55.2:C08 Corrected security vulnerability in Systemd CVE-2019-6454 to increase overall minimum cyber security level. 6.55.2:C09 Improved robustness of the O3C client. 6.55.2:C10 Updated Apache to version 2.4.39 to increase overall minimum cyber security level. 6.55.2:C11 Patched the following security vulnerabilities to increase overall minimum cyber security level: CVE-2019-3855, CVE-2019-3856, CVE-2019-3857, CVE-2019-3858, CVE-2019-3859, CVE-2019-3860, CVE-2019-3861, CVE-2019-3862, CVE-2019-3863. 6.55.2:C12 Corrected the following vulnerabilities in order to increase overall minimum cyber security level: CVE-2018-16865, CVE-2018-16866. 6.55.2:C13 Corrected an issue that prevented the user from uploading a certificate that contains "Bag Attributes" before and after the actual certificate content. 6.55.2:C14 Corrected an issue that caused event notifications not been triggered on storage disruption. 6.55.2:C15 Corrected an issue with HTTP response which prevented the camera from streaming on rare occasions. 6.55.2:C16 Corrected an issues that could cause an incorrect error message when testing HTTP recipient. 6.55.2:C17 Patched security vulernability in the Linux kernel CVE-2018-17182 to increase overall minimum cyber security level. 6.55.2:C18 Adjusted re-connection behavior of interrupted AVHS connections on AVHS-server side. The time between failed connection attempts will now gradually increase until a hard limit is reached. 6.55.2:C19 Patched the security vulnerability CVE-2017-16544 in BusyBox to increase overall minimum cyber security level. 6.55.2:C20 Corrected an issue in the ACAP framework that could cause ACAPs to freeze on rare occasions. 6.55.2:C21 Corrected an issue that could cause corrupted video recordings when UserData or TriggerData are enabled. 6.55.2:C22 Corrected an issue that could cause incorrect snapshot resolutions on view areas. 6.55.2:C23 Corrected an issue with the Axis event handling interface when deactivating events. 6.55.2:C25 Corrected an issue with incorrect handling of ACAPs after camera boot. 6.55.2:C26 Added Perfect Forward Secrecy ciphers (DHE-RSA) to the ciphers selection. 6.55.2:C27 Patched security vulernability CVE-2018-14526 to increase overall minimum cyber security level. 6.55.2:C29 Added selection boxes for disabling TLSv1.0 and TLSv1.1 in Settings -> System -> PlainConfig -> HTTPS to enforce the highest possible HTTPS negotiation client handshake via TLSv1.2. 6.55.2:C30 Corrected an issue causing CIFS networkshare to become read only on mount on rare occasions. 6.55.2:C31 Added a Storage Stability Helper service for better handling of Network Shares. 6.55.2:C32 Corrected an issue that caused the I/O API to respond with an incorrect port number. 6.55.2:C34 Corrected an issue that let a user modify capture mode without performing the required restart during the initial set up of the camera. 6.55.2:C35 Corrected an issue that caused black images on rare occasions when high loads of Events are sent to the camera. 6.55.2:C36 Corrected an issue that caused problems when testing multiple Email recipients. 6.55.2:C37 Corrected an issue in the trigger data that set Video loss to "Disconnected" as default initial state even when the camera is initially connected. 6.55.2:C38 Corrected an issue that could cause e-mail recipients to not be formatted correctly. 6.55.2:C39 Updated AXIS Media Control (AMC) version to 7.3.10.1. 6.55.2:C40 Corrected an issue that prevented the user to add the camera to Genetec when HTTPS was used. 6.55.2:C41 Adds PID/program name to network connection list in the Server Report. 6.55.2:C42 Updated R2 GlobalSign Root Certificate to version 20170717. Required to enable Email recipients using 'Validate server certificate'. 6.55.2:C43 Added support for certificates with expiration dates beyond year 2038. 6.55.2:C44 Improved camera upgrade stability when configuration files become corrupt in rare occasions. 6.55.2:C45 Improved user notification when creating a E-mail recipient that contains wrong domain information. 6.55.2:C46 Corrected an issue that removed an unnecessary warning which was printed in the system log when a user creates an action rule sending HTTP notification with custom parameter. 6.55.2:C47 Corrected an issue that displayed system-only users as well under System Options -> Support -> System Overview. 6.55.2:C48 Improved stability when sending VAPIX commands through actionengined. 6.55.2:C49 Corrected an issue that caused a wrong time on the camera when Turkey timezone was configured and Daylight Saving Time was enabled. 6.55.2:C50 Improved camera stability when using liblicensekey. 6.55.2:C51 Corrected a bug that resulted in 503 Service Unavailable when trying to play a recording from a camera with a specific time range via ONVIF. 6.55.2:C52 Corrected a bug that added an additional / in the absolute upload path of an SFTP Recipient when saving the action rule causing it to not work correctly. 6.55.2:C53 Corrected a bug that prevented the user from seeing the ACAP running status and re-added the Main Page link to open a ACAP in the web-interface under Setup -> Applications. 6.55.2:C54 Corrected a bug that let the camera send corrupted XML data packages within a stream which caused a VMS to not record video motion detection coming from the camera. 6.55.2:C55 The license expiration date of an installed ACAP is now shown correctly again when running http://ip-address/axis-cgi/applications/list.cgi. 6.55.2:C56 The correct IPv6 router IP-addresses are now shown correctly in the network interface of the web-interface and in ONVIF responses. 6.55.2:C57 Adjusted the system log messages for the NTP daemon to be more specific and highlight that there is a time drift instead of an "adjustment". 6.55.2:C58 Corrected an issue that delivered E-Mails send from the camera with a wrong time zone or a wrong time stamp in the e-mail header. 6.55.2:C59 Corrected an issue with FTP recipients configured with a DNS name instead of a static IP-address which caused the FTP recipient test or action rule to fail. 6.55.2:C60 Upgrade SSL negotiation in the AVHS client to SSLv23 instead of the deprecated TLSv1. 6.55.2:C61 The triple DES cipher is not selected as DEFAULT in the HTTPS settings to increase overall cyber security level. 6.55.2:C63 Corrected an issue that changed the IDs of certificates to numbers instead of keeping the original name. 6.55.2:C64 Corrected an issue that let the camera to become unresponsive in rare occasions when using privacy masks. 6.55.2:C65 Improved stability for TCP notifications. 6.55.2:C66 Improved HTTP image upload stability in unstable networks. 6.55.2:C67 Improved camera stability when metadata is used. 6.55.2:C68 Corrected Turkey/Istanbul timezone from GMT+2 to GMT+3. 6.55.2:C69 Improved loading of the web interface in unstable networks. 6.55.2:C70 Corrected a bug that prevented from saving an action rule with a mail recipient that had SSL enabled. 6.55.2:C71 Corrected a bug in the event system that prevented the camera from re-sending the SMTP notification every 10 seconds in case the receiving server reported an error. Corrections in 6.55.1.2 since 6.55.1.1 ======================================= 6.55.1.2:C01 Reduced the waiting time for receiving a video stream significantly when a 2nd client requests a video stream via multicast. 6.55.1.2:C02 Corrected an issue causing the camera to become unresponsive after configuring privacy masks. 6.55.1.2:C03 Updated pre-installed Video Motion Detection ACAP to version 4.2.3. 6.55.1.2:C04 Corrected an issue that could cause the camera to get unresponsive when two clients are streaming over multicast using the same streaming parameters. Corrections in 6.55.1.1 since 6.55.1 ==================================== 6.55.1.1:C01 Updated VoIP pre-installed ACAP to version 1.1.3. 6.55.1.1:C02 Corrected an issue that prevented the user from saving a action rule with a Email Recipient that had SSL enabled. 6.55.1.1:C03 Corrected an issue that caused AXIS Camera Station failover recording to not start instantly. 6.55.1.1:C04 Support for recordings with G711 mu-law audio encoding. Corrections in 6.55.1 since 6.50.1 ==================================== 6.55.1:C01 Corrected critical security vulnerability ACV-128401. 6.55.1:C02 Corrected a bug that let the AXIS Camera Station failover recording not start instantly in rare occasions. 6.55.1:C04 Updated the Portable UPnP SDK to 1.6.22 to increase the overall cyber security level. 6.55.1:C05 Corrected security vulnerability CVE-2016-2148. 6.55.1:C07 Improved camera stability when TriggerData is used. Known Bugs/Limitations ====================== 6.55.2:L1 SIP accounts can not include '#' character in the web interface. APPLICATION DEVELOPER Information ================================= The AXIS VAPIX Application Programming Interface version 3 is supported by this product. For more information please refer to the AXIS VAPIX HTTP API specification version 3 part of the AXIS VAPIX API available at www.axis.com. Supported AXIS VAPIX API Image Resolutions for AXIS M3037-PVE ============================================================= Resolution Exceptions ========== ========== 2592x1944 2) 2048x1536 2) 1920x1440 4) 5) 6) 1920x1080 6) 1600x1200 2) 4) 5) 6) 1920x720 3) 6) 1280x960 2) 4) 5) 6) 1600x600 3) 6) 1280x720 6) 1024x768 2) 4) 5) 6) 1280x480 3) 6) 800x600 2) 4) 5) 6) 800x450 6) 960x360 3) 6) 640x480 2) 4) 5) 6) 640x360 6) 480x360 2) 4) 5) 6) 640x240 3) 6) 480x270 6) 480x180 3) 6) 320x240 2) 4) 5) 6) 320x180 6) 240x180 2) 4) 5) 6) 320x120 3) 6) 160x120 2) 4) 5) 6) 160x90 6) 2560x1920 1) 2) 768x576 1) 2) 4) 5) 6) 704x576 1) 2) 768x288 1) 3) 6) 384x288 1) 2) 4) 5) 6) 384x144 1) 3) 6) 240x135 1) 6) 192x144 1) 2) 4) 5) 6) 192x72 1) 3) 6) 1) Not visible in web user interface 2) Available for Overview view 3) Available for Panorama view 4) Available for Double Panorama view 5) Available for Quad view 6) Available for View area