FIRMWARE RELEASE NOTE ===================== Products affected: AXIS M5055 Release date: 2021-05-31 Release type: Production Firmware version: 6.53.5.2 Preceding release: 6.53.4 -------------------------------------------------------------------------------- Upgrade instructions ==================== Upgrade the firmware according to the instructions given at https://www.axis.com/ca/en/support/tecnical-notes/how-to-upgrade or howtoupgrade.txt, which is included in the firmware folder. NOTE ==================== For latest information about Axis Cybersecurity, see https://www.axis.com/se/sv/support/product-security. Corrections in 6.53.5.2 since 6.53.4.1 ====================================== 6.53.5.2:C01 Corrected the aspect ratio of Video Motion Detection 6.53.5.2:C02 General improvements to the 2016 LTS platform. 6.53.5.2:C03 Corrections for the security vulnerability CVE-2019-16275 in wpa_supplicant/hostapd. 6.53.5.2:C04 Corrected an issue that prevented video clips to be sent from action rules using HTTPS or Email recipients. 6.53.5.2:C05 Corrected an issue that caused the database used to store DHCP adresses to be corrupted during a power cut. 6.53.5.2:C06 Added ProxyDispatcherOnly option to the O3C/AVHS client that can control proxy configurations of dispatcher services. 6.53.5.2:C08 Updated libcurl to version 7.68 to increase overall cyber security. 6.53.5.2:C09 Corrected a streaming issue that caused the RTSP server to omit the RTP-info header on rare occasions. 6.53.5.2:C10 Updated OpenSSH to version 7.9p to increase overall cyber security. 6.53.5.2:C11 Corrected an issue that caused the test recipient button in the Web GUI to not work properly when setting up an event mail recipient. 6.53.5.2:C12 Updated OpenSSL to version 1.1.1d to increase overall cyber security. 6.53.5.2:C13 Added support for resolve domain name trap addresses in SNMP. 6.53.5.2:C14 Corrected a streaming issue affecting RTSP tunneled via HTTPs. 6.53.5.2:C15 Updated wpa-supplicant to version 2.9 to increase overall cyber-security. The following security vulnerabilites are included: CVE-2019-13377 CVE-2019-16275. 6.53.5.2:C16 Corrected an issue that prevented the user to set the time and date manually in the WebGUI. 6.53.5.2:C18 Updated OpenSSL to version 1.0.2t to increase overall minimum cyber security level. 6.53.5.2:C19 Updated Apache to version 2.4.41 to increase overall minimum cyber security level. 6.53.5.2:C20 Updated time zones in date/time settings in web-GUI. 6.53.5.2:C21 Corrected an issue that caused param.cgi to show password in plain text when listing a specified ACAP parameter. 6.53.5.2:C22 Added support for health status from Western Digital SD-cards. 6.53.5.2:C23 Corrected an issue that caused audio not to be included in video clips when audio encoding G711 Mulaw was enabled. 6.53.5.2:C24 Corrected an issue that caused a reboot of the camera to start an ACAP even though STARTMODE=never was set in its configuration. 6.53.5.2:C25 Correct an issue that could disconnect the camera from network share drive when CIFS (SMB) 2.x or higher is enable. 6.53.5.2:C26 Corrected an issue that on rare occasions caused the image to go grey when streaming JPEG. 6.53.5.2:C27 Corrected an issue that displayed an image with incorrect resolution in the VMD configuration Correction in 6.53.4.1 since 6.53.4 ========================= 6.53.4.1:C01 Corrected an issue that displayed an image with incorrect resolution in the VMD configuration Corrections in 6.53.4 since 6.53.2.1 ===================================== 6.53.4:C01 Corrected an issue that caused snapshot JPEG images to contain erroneous data and resulting in problems to display them in some viewers. 6.53.4:C02 Increased the limit of concurrent HTTP requests for I/O related VAPIX commands from 4 to 10. 6.53.4:C03 Removed the root users default password in factory defaulted firmware. The password of the root user must be set first in order to initialize VAPIX and ONVIF interfaces to allow further configuration. This change only affects products in its factory defaulted state, products that are already deployed in production systems are not affected by this update until factory defaulted. 6.53.4:C04 Corrected an issue that prevented the insertion of triggered data in SEI messages when streaming H.264. 6.53.4:C05 Updated OpenSSL to version 1.0.2s to increase overall minimum cyber security level. 6.53.4:C06 Updated libssh2 to version 1.8.2 due to that version 1.8.1 broke publickey-userauth requests. 6.53.4:C07 Updated Mozilla ca-certificates to versions available at 20190122. 6.53.4:C08 Corrected security vulnerability in Systemd CVE-2019-6454 to increase overall minimum cyber security level. 6.53.4:C09 Improved robustness of the O3C client. 6.53.4:C10 Updated Apache to version 2.4.39 to increase overall minimum cyber security level. 6.53.4:C11 Patched the following security vulnerabilities to increase overall minimum cyber security level: CVE-2019-3855, CVE-2019-3856, CVE-2019-3857, CVE-2019-3858, CVE-2019-3859, CVE-2019-3860, CVE-2019-3861, CVE-2019-3862, CVE-2019-3863. 6.53.4:C12 Corrected the following vulnerabilities in order to increase overall minimum cybersecurity level: CVE-2018-16865, CVE-2018-16866. 6.53.4:C13 Corrected an issue that prevented the user from uploading a certificate that contains “Bag Attributes” before and after the actual certificate content. 6.53.4:C14 Corrected an issue that caused event notifications not been triggered on storage disruption. 6.53.4:C15 Corrected an issue with HTTP response which prevented the camera from streaming on rare occasions. 6.53.4:C16 Corrected an issues that could cause an incorrect error message when testing HTTP recipient. 6.53.4:C17 Patched security vulernability CVE-2018-17182 to increase overall minimum cyber security level. 6.53.4:C18 Adjusted re-connection behavior of interrupted AVHS connections on AVHS-server side. The time between failed connection attempts will now gradually increase until a hard limit is reached. 6.53.4:C19 Patched the security vulnerability CVE-2017-16544 in BusyBox to increase overall minimum cyber security level. 6.53.4:C20 Corrected an issue in the ACAP framework that could cause ACAPs to freeze on rare occasions. 6.53.4:C21 Corrected an issue that could cause corrupted video recordings when UserData or TriggerData are enabled. 6.53.4:C22 Corrected an issue with the Axis event handling interface when deactivating events. 6.53.4:C23 Added Perfect Forward Secrecy ciphers (DHE-RSA) to the ciphers selection. 6.53.4:C24 Patched security vulernability CVE-2018-14526 to increase overall minimum cyber security level. 6.53.4:C25 Added selection boxes for disabling TLSv1.0 and TLSv1.1 in Settings -> System -> PlainConfig -> HTTPS to enforce the highest possible HTTPS negotiation client handshake via TLSv1.2. 6.53.4:C26 Corrected an issue causing CIFS networkshare to become read only on mount on rare occasions. 6.53.4:C27 Added a Storage Stability Helper service for better handling of Network Shares. Supported AXIS VAPIX API Image Resolutions for AXIS M5055 ========================================================= Resolution Exceptions ========== ========== 1920x1080 1280x960 1280x720 800x600 800x450 640x480 640x360 480x360 480x270 320x240 320x180 1400x1050 1) 1440x900 1) 1024x768 1) 1024x640 1) 800x500 1) 768x576 1) 720x576 1) 704x576 1) 704x480 1) 704x288 1) 704x240 1) 640x400 1) 480x300 1) 384x288 1) 352x288 1) 352x240 1) 320x200 1)