FIRMWARE RELEASE NOTE ====================== Products affected: AXIS P3707-PE Release date: 2019-09-11 Release type: Production Firmware version: 6.50.4 Preceding release: 6.50.3.1 -------------------------------------------------------------------------------- Upgrade instructions ==================== Upgrade the firmware according to the instructions given at https://www.axis.com/ca/en/support/tecnical-notes/how-to-upgrade or howtoupgrade.txt, which is included in the firmware folder. NOTE ==================== For latest information about Axis Cybersecurity, see https://www.axis.com/se/sv/support/product-security. Corrections in 6.50.4 since 6.50.3.1 ===================================== 6.50.4:C01 General minor improvements to the 6.50 LTS platform. 6.50.4:C02 Corrected an issue that caused snapshot JPEG images to contain erroneous data and resulting in problems to display them in some viewers. 6.50.4:C03 Increased the limit of concurrent HTTP requests for I/O related VAPIX commands from 4 to 10. 6.50.4:C04 Removed the root users default password in factory defaulted firmware. The password of the root user must be set first in order to initialize VAPIX and ONVIF interfaces to allow further configuration. This change only affects products in its factory defaulted state, products that are already deployed in production systems are not affected by this update until factory defaulted. 6.50.4:C05 Corrected an issue that prevented the insertion of triggered data in SEI messages when streaming H.264. 6.50.4:C06 Updated OpenSSL to version 1.0.2s to increase overall minimum cyber security level. 6.50.4:C07 Updated libssh2 to version 1.8.2 due to that version 1.8.1 broke publickey-userauth requests. 6.50.4:C08 Updated Mozilla ca-certificates to versions available at 20190122. 6.50.4:C09 Corrected security vulnerability in Systemd CVE-2019-6454 to increase overall minimum cyber security level. Corrections in 6.50.3.1 since 6.50.3 ===================================== 6.50.3.1:C01 General minor improvements to the 6.50 LTS platform. 6.50.3.1:C02 Improved robustness of the O3C client. 6.50.3.1:C03 Updated Apache to version 2.4.39 to increase overall minimum cyber security level. 6.50.3.1:C04 Updated to OpenSSL version 1.0.2r to increase overall minimum cyber security level. 6.50.3.1:C05 Patched the following security vulnerabilities to increase overall minimum cyber security level: CVE-2019-3855, CVE-2019-3856, CVE-2019-3857, CVE-2019-3858, CVE-2019-3859, CVE-2019-3860, CVE-2019-3861, CVE-2019-3862, CVE-2019-3863. 6.50.3.1:C06 Corrected the following vulnerabilities in order to increase overall minimum cyber security level: CVE-2018-16865, CVE-2018-16866. 6.50.3.1:C07 Corrected an issue that prevented the user from uploading a certificate that contains “Bag Attributes” before and after the actual certificate content. 6.50.3.1:C08 Corrected an issue that caused event notifications not been triggered on storage disruption. 6.50.3.1:C09 Corrected an issue with HTTP response which prevented the camera from streaming on rare occasions. 6.50.3.1:C10 Corrected an issues that could cause an incorrect error message when testing HTTP recipient. 6.50.3.1:C11 Patched security vulernability CVE-2018-17182 to increase overall minimum cyber security level. 6.50.3.1:C12 Adjusted re-connection behavior of interrupted AVHS connections on AVHS-server side. The time between failed connection attempts will now gradually increase until a hard limit is reached. 6.50.3.1:C13 Patched the security vulnerability CVE-2017-16544 in BusyBox to increase overall minimum cyber security level. 6.50.3.1:C14 Corrected an issue in the ACAP framework that could cause ACAPs to freeze on rare occasions. 6.50.3.1:C15 Corrected an issue that could cause corrupted video recordings when UserData or TriggerData are enabled. Corrections in 6.50.3 since 6.50.2.3 ===================================== 6.50.3:C01 General minor improvements to the 6.50 LTS platform. 6.50.3:C02 Corrected an issue with the Axis event handling interface when deactivating events. 6.50.3:C03 Updated apache webserver to version 2.4.33 to increase overall minimum cyber security level. 6.50.3:C04 Corrected an issue with incorrect handling of ACAPs after camera boot. 6.50.3:C05 Added Perfect Forward Secrecy ciphers (DHE-RSA) to the ciphers selection. 6.50.3:C06 Patched security vulernability CVE-2018-14526 to increase overall minimum cyber security level. 6.50.3:C07 Updated OpenSSL to version 1.0.2o to increase overall minimum cyber security level. 6.50.3:C08 Added selection boxes for disabling TLSv1.0 and TLSv1.1 in Settings -> System -> PlainConfig -> HTTPS to enforce the highest possible HTTPS negotiation client handshake via TLSv1.2. 6.50.3:C09 Corrected an issue causing CIFS networkshare to become read only on mount on rare occasions. 6.50.3:C10 Added a Storage Stability Helper service for better handling of Network Shares. 6.50.3:C11 Updated Video Motion Detection to version 4.2.3. 6.50.3:C12 Corrected an issue that could have occasionally caused horizontal or vertical lines in the image. Corrections in 6.50.2.3 since 6.50.2.2 ====================================== 6.50.2.3:C01 General minor improvements to the 6.50 LTS platform. 6.50.2.3:C02 Corrected an issue that let a user modify capture mode without performing the required restart during the initial set up of the camera. 6.50.2.3:C03 Corrected an issue that caused black images on rare occasions when high loads of Events are sent to the camera. 6.50.2.3:C04 Support for zoom-tracking in Recorded Guard Tour. Previously only pan/tilt movements were recorded. 6.50.2.3:C05 Corrected an issue that caused problems when testing multiple Email recipients. 6.50.2.3:C06 Corrected an issue that caused some colors to not being properly displayed. 6.50.2.3:C07 Corrected an issue causing horizontal lines to appear in the image. 6.50.2.3:C08 Corrected an issue in the trigger data that set Video loss to "Disconnected" as default initial state even when the camera is initially connected. 6.50.2.3:C09 Corrected an issue that could cause e-mail recipients to not be formatted correctly. 6.50.2.3:C10 Corrected an issue that could cause synchronization to AVHS to fail. 6.50.2.3:C11 Corrected an issue that caused the camera to become unresponsive on rare occasions when connected to an AVHS system. 6.50.2.3:C12 Updated AXIS Video Motion Detection to version 4.2. 6.50.2.3:C13 Updated AXIS Media Control (AMC) version to 7.3.10.1. 6.50.2.3:C14 Corrected critical vulnerability ACV-128401. 6.50.2.3:C15 Corrected an issue that prevented the user to add the camera to Genetec when HTTPS was used. 6.50.2.3:C16 Adds PID/program name to network connection list in the Server Report. 6.50.2.3:C17 Corrected an issue that let the AXIS Camera Station failover recording not start instantly on rare occasions. 6.50.2.3:C18 Corrected an issue that caused the camera to stop streaming on rare occasions. Corrections in 6.50.2.2 since 6.50.2.1 ====================================== 6.50.2.2:C01 Corrected an issue that let the AXIS Camera Station failover recording not start instantly in rare occasions. 6.50.2.2:C02 The Apache webserver has been updated to version 2.4.29 to increase overall minimum cybersecurity standards. 6.50.2.2:C03 Updated AXIS Video Motion Detection to version 4.1.8. 6.50.2.2:C04 Corrected an issue that prevented the user from login via SSH to the camera after updating to 6.50.2. 6.50.2.2:C05 - Affects AXIS Q6128-E and AXIS P1428-E only - Improved the handling of prioritized overlays. 6.50.2.2:C06 - Affects AXIS Q6000-E only - Corrected an issue that let the remote vapix client to become unresponsive after a power loss. 6.50.2.2:C07 - Affects AXIS F-series products only - Corrected an issue causing the camera images to flash during the synchronization of multiple sensors under bright light or direct sunlight. 6.50.2.2:C08 - Affects AXIS P1427-LE only - Corrected an issue that let the camera showing over-exposed images in rare occasions. 6.50.2.2:C09 Updated R2 GlobalSign Root Certificate to version 20170717. Required to enable Email recipients using 'Validate server certificate'. 6.50.2.2:C10 Added support for certificates with expiration dates beyond year 2038. Corrections in 6.50.2.1 since 6.50.2 ==================================== 6.50.2.1:C01 Corrected an issue that made it impossible to play recordings from the camera in Genetec via ONVIF Profile G. 6.50.2.1:C02 Support for HTTP keep-alive connections via ONVIF. lowers the risk for security focused network infrastructure or unstable networks to block or drop PTZ control commands. 6.50.2.1:C03 - Affects PTZ products only - Corrected an issue that let the PTZ control queue ignore an an anonymous viewer account and deny PTZ control. 6.50.2.1:C04 Improved camera upgrade stability when configuration files become corrupt in rare occasions. 6.50.2.1:C05 Improved user notification when creating a E-mail recipient that contains wrong domain information. 6.50.2.1:C06 Corrected an issue that removed an unnecessary warning which was printed in the system log when a user creates an action rule sending HTTP notification with custom parameter. 6.50.2.1:C07 Product has passed IPv6 compliance. 6.50.2.1:C08 Corrected an issue that displayed system-only users as well under System Options -> Support -> System Overview. 6.50.2.1:C09 Improved stability when sending VAPIX commands through actionengined. 6.50.2.1:C10 Corrected an issue that caused a wrong time on the camera when Turkey timezone was configured and Daylight Saving Time was enabled. 6.50.2.1:C11 - Affects Q1765-LE PT Mount only - Support for 90/270 degrees rotation. 6.50.2.1:C12 - Affects P12-Mkii Only- Correcting an image issue when using sensor head FA1105. 6.50.2.1:C13 - Affects PTZ products only - Corrected an issue that caused guard tours to stop running in rare occasions. 6.50.2.1:C14 - Affects PTZ products only - Corrected an issue that could cause a crash in PTZ ACAPs in rare occasions. 6.50.2.1:C15 - Affects PTZ products only - Corrected an issue that caused ACAPs that utilize the PTZ API to stop working in rare occasions. 6.50.2.1:C16 Improved camera stability when using liblicensekey. 6.50.2.1:C17 - Affects AXIS P1364 AXIS P1365 Mk II AXIS Q1635 - Support for T99Axx via APTP uploadable PTZ drivers. Corrections in 6.50.2 since 6.50.1 ==================================== 6.50.2 release includes all corrections in 6.50.1.x releases as below. ==================================== Corrections in 6.50.1.4 since 6.50.1.3 ====================================== 6.50.1.4:C01 Corrected a bug that resulted in 503 Service Unavailable when trying to play a recording from a camera with a specific time range via ONVIF. 6.50.1.4:C02 Corrected a bug that added an additional / in the absolute upload path of an SFTP Recipient when saving the action rule causing it to not work correctly. 6.50.1.4:C03 Corrected a bug that prevented the user from seeing the ACAP running status and re-added the Main Page link to open a ACAP in the web-interface under Setup -> Applications. 6.50.1.4:C04 Corrected a bug that let the camera send corrupted XML data packages within a stream which caused a VMS to not record video motion detection coming from the camera. 6.50.1.4:C05 The license expiration date of an installed ACAP is now shown correctly again when running http://ip-address/axis-cgi/applications/list.cgi. 6.50.1.4:C06 The correct IPv6 router IP-addresses are now shown correctly in the network interface of the web-interface and in ONVIF responses. 6.50.1.4:C07 Adjusted the system log messages for the NTP daemon to be more specific and highlight that there is a time drift instead of an "adjustment". 6.50.1.4:C08 Corrected an issue that delivered E-Mails send from the camera with a wrong time zone in the e-mail header. 6.50.1.4:C09 Corrected an issue that delivered E-Mails send from the camera with a wrong time stamp in the e-mail header. 6.50.1.4:C10 Corrected an issue with FTP recipients configured with a DNS name instead of a static IP-address which caused the FTP recipient test or action rule to fail. 6.50.1.4:C11 Upgrade SSL negotiation in the AVHS client to SSLv23 instead of the deprecated TLSv1. 6.50.1.4:C12 Improved connection handling with Honeywell applications. 6.50.1.4:C13 Updated Apache web server to version 2.4.27 to improve overall minimum cyber security standards. 6.50.1.4:C14 The triple DES cipher is not selected as DEFAULT in the HTTPS settings to increase overall cyber security level. 6.50.1.4:C15 OpenSSL has been updated to version 1.0.2k to increase overall minimum cyber security level. 6.50.1.4:C16 Improved certificate handling. Certificates were previously not usable anymore when updating straight from FW 5.40 to 6.50. 6.50.1.4:C17 Corrected an issue that changed the IDs of certificates to numbers instead of keeping the original name. 6.50.1.4:C18 Updated the Portable UPnP SDK to 1.6.22 to increase the overall cyber security level. 6.50.1.4:C19 Corrected critical vulnerability ACV-120444. 6.50.1.4:C20 Corrected security vulnerability CVE-2016-2147. 6.50.1.4:C21 Corrected security vulnerability CVE-2016-2148. Corrections in 6.50.1.3 since 6.50.1.2 ====================================== 6.50.1.3:C01 Fixed a bug that prevented a ONVIF client to connect to the camera via digest authentication. 6.50.1.3:C02 Fixed critical vulnerability ACV-116267. Corrections in 6.50.1.2 since 6.50.1.1 ====================================== 6.50.1.2:C01 Improved handling of ONVIF requests when the client request was split into several packages with additional network transmission delay between the packages. Previously, the ONVIF communication failed. Corrections in 6.50.1.1 since 6.50.1 ==================================== 6.50.1.1:C01 Improved stability for TCP notifications. 6.50.1.1:C02 Improved HTTP image upload stability in unstable networks. 6.50.1.1:C03 Improved camera stability when metadata is used. 6.50.1.1:C04 Optimized privacy mask positioning. 6.50.1.1:C05 Corrected Turkey/Istanbul timezone from GMT+2 to GMT+3. 6.50.1.1:C06 Improved camera stability when TriggerData is used. 6.50.1.1:C07 Improved loading of the web interface in unstable networks. 6.50.1.1:C08 Corrected a bug that prevented from saving an action rule with a mail recipient that had SSL enabled. 6.50.1.1:C09 Fixed a bug that let HTTP notification action rules stop retrying from contacting the receiving server after a failed attempt. 6.50.1.1:C10 Corrected a bug in the event system that prevented the camera from re-sending the SMTP notification every 10 seconds in case the receiving server reported an error. Known Bugs/Limitations ====================== 6.50.4:L1 It's recommended to factory default the unit before making a downgrade if needed. 6.50.4:L2 Recording streams to SD card with a total bit rate above 12Mbit/sec may cause missing frames/sequences. 6.50.4:L3 When changing an active https-certificate, the product needs to be restarted for the new certificate to be applied. Supported AXIS VAPIX API Image Resolutions for AXIS P3707-PE ============================================================ Resolution Exceptions ========== ========== 1920x1440 2) 1920x1080 1440x1080 2) 1400x1050 3) 1280x960 1280x720 1024x768 960x720 2) 800x600 854x480 800x450 640x480 640x360 480x360 480x270 2) 320x240 320x180 240x180 160x120 160x90 1600x1200 1) 2) 1280x1024 1) 2) 1024x640 1) 2) 768x576 1) 720x576 1) 704x576 1) 800x500 1) 2) 704x480 1) 640x400 1) 2) 704x288 1) 704x240 1) 480x300 1) 2) 384x288 1) 352x288 1) 352x240 1) 320x200 1) 2) 240x135 1) 192x144 1) 176x144 1) 176x120 1) 160x100 1) 2) 80x50 1) 2) 1) Not visible in web user interface 2) Available on Quad channel 3) 1080p 1920x1080 (16:9) @ 15/12.5fps