FIRMWARE RELEASE NOTE ====================== Products affected: AXIS Q1942 Release date: 2022-10-10 Release type: Production Firmware version: 8.40.4.7 Preceding release: 8.40.4.6 -------------------------------------------------------------------------------- This is the LTS-2018 track. Upgrade instructions ==================== Upgrade the firmware according to the instructions given at https://www.axis.com/ca/en/support/technical-notes/how-to-upgrade or howtoupgrade.txt, which is included in the firmware folder. NOTE ==================== For latest information about Axis Cybersecurity, see https://www.axis.com/se/sv/support/product-security. Corrections in 8.40.4.7 since 8.40.4.6 ======================================= 8.40.4.7:C01 General improvements to the LTS-2018 platform. 8.40.4.7:C02 Updated OpenSSL to version 1.1.1q to increase the overall cybersecurity 8.40.4.7:C03 Corrected an issue that caused Audio via external VMS to stop working. 8.40.4.7:C04 Updated curl to version 7.85.0 to increase overall cybersecurity level. Corrections in 8.40.4.6 since 8.40.4.5 ======================================= 8.40.4.6:C01 General improvements to the LTS-2018 platform. 8.40.4.6:C02 Corrected an issue where 802.1X would not trust the intermediate certificate authority (CA). 8.40.4.6:C03 Updated cURL to version 7.83.1 to increase the overall cybersecurity level. 8.40.4.6:C04 Upgraded Apache to version 2.4.54 to increase overall cybersecurity level. 8.40.4.6:C05 Corrected an issue where the time tooltip was not displaying correct date after passing midnight. Also the date in the recordings list and the export was sometimes 1 day off. 8.40.4.6:C06 Corrected an issue that caused timeout while reading boot block parameters. 8.40.4.6:C07 Updated OpenSSL to version 1.1.1p to increase the overall cybersecurity level. Corrections in 8.40.4.5 since 8.40.4.4 ======================================= 8.40.4.5:C01 General improvements to the LTS-2018 platform. 8.40.4.5:C02 Corrected CVE-2018-25032. 8.40.4.5:C03 Improved memory management in the network services daemon. 8.40.4.5:C04 Updated OpenSSL to version 1.1.1o to increase the overall cybersecurity level. 8.40.4.5:C05 Corrected an issue that caused the Send images event to stop uploading towards a FTP server when the filename included a space (" "). 8.40.4.5:C06 Updated wpa-supplicant to version 2.10 to increase overall minimum cybersecurity level. 8.40.4.5:C07 Receiving ICMP redirects from other network hosts are now disabled to increase overall minimum cybersecurity level. 8.40.4.5:C08 Upgraded Apache to version 2.4.53 to increase overall cybersecurity level. Corrections in 8.40.4.4 since 8.40.4.3 ======================================= 8.40.4.4:C01 General improvements to the LTS-2018 platform. 8.40.4.4:C02 Corrected an issue that prevented firmware upgrade from LTS-2016. 8.40.4.4:C03 Corrected an issue that could cause 'transmit.cgi' to close connection prematurely when transmitting audio to the camera. 8.40.4.4:C04 Updated OpenSSL to version 1.1.1m to increase the overall cybersecurity level. 8.40.4.4:C05 Improved handling of empty recordings. 8.40.4.4:C06 Upgraded Curl to version 7.79.1 to increase overall cybersecurity level. 8.40.4.4:C07 Upgraded Apache to version 2.4.52 to increase overall cybersecurity level. 8.40.4.4:C08 The Remote Syslog configuration is now preserved during a firmware update within the same firmware track. Corrections in 8.40.4.3 since 8.40.4.2 ======================================= 8.40.4.3:C01 General improvements to the LTS-2018 platform. 8.40.4.3:C02 Corrected an issue that did not account for MTU packet fragmentation for IEEE 802.1x authentication. Previously the Axis device was not able to authenticate properly against an 802.1x network when the MTU was configured to 1410 or lower. 8.40.4.3:C03 Corrected CVE-2021-27219. 8.40.4.3:C04 Corrected CVE-2021-31987. 8.40.4.3:C05 Corrected CVE-2021-27218. 8.40.4.3:C06 Corrected CVE-2019-12450. 8.40.4.3:C07 Corrected an issue that in combination with some VMSes and low resolution could cause brief disconnections in the video stream. 8.40.4.3:C08 Corrected an issue that interrupted the NTP-time-sync between the Axis device and NTP- server when the NTP-server was operating instable and suffered fluctuating time-changes. 8.40.4.3:C09 Corrected an issue that could cause an RTSP stream to stop after 60+ seconds if streamed to an openRTSP client. 8.40.4.3:C10 Updated Apache to version 2.4.48 to increase overall cybersecurity level. 8.40.4.3:C11 Updated OpenSSH to version 8.6p1 to increase the overall minimum cybersecurity level. 8.40.4.3:C12 Updated OpenSSL to version 1.1.1l to increase overall cyber security level. 8.40.4.3:C13 Corrected CVE-2021-31986. 8.40.4.3:C14 Corrected nice names for the PreventDoSAttack parameters in Settings -> System -> Plain Config-> System -> PreventDoSAttack. 8.40.4.3:C15 Extended the 802.1x EAP-Identity field character limit from 32 to 128 characters. 8.40.4.3:C16 Corrected an issue that caused images to be unusually dark when using WDR mode. 8.40.4.3:C17 Improved memory management in the DHCP lease update daemon. 8.40.4.3:C18 Corrected an issue that prevented streaming in "always-multicast mode" on rare occasions. 8.40.4.3:C19 Corrected CVE-2021-31988. 8.40.4.3:C20 Corrected an issue that prevented the Axis device to respond with "HTTP 403 Forbidden" when the source-ip address was blocked when using PreventDOSAttack in Plain Config -> System. Previously "HTTP 401 Unauthorized" was returned. 8.40.4.3:C21 Improved memory management in the network services daemon. 8.40.4.3:C22 Updated curl to version 7.78.0 to increase overall cybersecurity level. Corrections in 8.40.4.2 since 8.40.4.1 ======================================= 8.40.4.2:C01 General improvements to the LTS-2018 platform. 8.40.4.2:C02 Corrected an issue that caused IEEE 802.1x network authentication to fail sometimes after unexpected reboots. 8.40.4.2:C03 Improved Link Layer Discovery Protocol (LLDP) system stability. 8.40.4.2:C04 Corrected an issue that caused the value of Quality of Service (QoS) to not be respected in always multicast mode. 8.40.4.2:C05 Updated curl to version 7.73.0 to increase overall cybersecurity level. 8.40.4.2:C06 Corrected an issue that caused PKCS#12-formatted certificate uploads to fail when certain special characters were used as a password. 8.40.4.2:C07 Corrected an issue in oak.cgi that could cause invalid requests. 8.40.4.2:C08 Updated OpenSSL to version 1.1.1k to fix CVE-2021-3449 and CVE-2021-3450. 8.40.4.2:C09 Added support for health monitoring using Axis Micron SD card. Corrections in 8.40.4.1 since 8.40.4 ===================================== 8.40.4.1:C01 General improvements to the LTS-2018 platform. 8.40.4.1:C02 Reduced time to built-up an RTSP video stream by 30% and more. 8.40.4.1:C03 Added support for HTTP Strict Transport Security (HSTS) when using HTTPS. 8.40.4.1:C04 Updated Apache to version 2.4.46 to increase overall cyber security level. 8.40.4.1:C05 Corrected an issue that caused an error message to pop-up when pressing the test button of an event using HTTP recipients. Corrections in 8.40.4 since 8.40.3.3 ===================================== 8.40.4:C01 General improvements to the LTS 2018 platform. 8.40.4:C02 Corrected an issue that caused old recordings to not be removed after their retention period was expired. 8.40.4:C03 Updated curl to version 7.69.1 to increase overall cybersecurity level. 8.40.4:C04 Corrected a streaming issue to handle timestamps correctly after a RTSP:PAUSE/RESUME event. This could cause gaps in recordings when using Axis Media Control (AMC). 8.40.4:C05 Disabled the HTTP Options method in the Apache webserver replies to increase overall cyber security level. 8.40.4:C06 Added possibility to retrieve the device Owner Authentication Key (OAK) in the web GUI. Note that this functionality requires that the product have direct access to the internet. 8.40.4:C07 Updated OpenSSL to version 1.1.1g to increase overall cybersecurity level. 8.40.4:C08 Updated Apache to version 2.4.43 to increase overall cybersecurity level. Corrections in 8.40.3.3 since 8.40.3.2 ======================================= 8.40.3.3:C01 General improvements to the 2018 LTS platform. 8.40.3.3:C02 Added ProxyDispatcherOnly option to the O3C/AVHS client that can control proxy configurations of dispatcher services. 8.40.3.3:C03 Corrected an issue that on some occasions could cause an H.264 stream to stall after a while if viewed in the browser. 8.40.3.3:C04 Corrected ONVIF response for WSPullPointSupport. Corrections in 8.40.3.2 since 8.40.3.1 ======================================= 8.40.3.2:C01 General improvements to the 2018 LTS platform. 8.40.3.2:C02 Corrected Vendor class identifier for DHCP negotiation. 8.40.3.2:C03 Updated curl to version 7.68.0 to increase the minimum cybersecurity level. 8.40.3.2:C04 Corrected an issue that prevented the device from resolving DNS hostnames when used in combination with SNMP. 8.40.3.2:C05 Added the option to disable Web-Service Discovery (WS-Discovery) protocol in Plain Config. 8.40.3.2:C06 Corrected an issue that caused the test recipient button in the Web GUI to not work properly when setting up an event mail recipient. 8.40.3.2:C07 Corrected an issue that caused multicast redirection to fail on rare occasions. 8.40.3.2:C08 Updated Linux kernel to version 4.9.197 to increase the minimum cybersecurity level. 8.40.3.2:C09 Corrected an issue that prevented the user from exporting recordings when the product was configured to Alaska timezone. 8.40.3.2:C10 Corrected an issue that caused the EAP-START package not to be sent during IEEE 802.1x port authentication upon network link state change. 8.40.3.2:C11 Updated wpa-supplicant to version 2.9 and hostapd to version 2.9 to increase overall minimum cyber security level. Corrections for the following security vulnerabilities are included: CVE-2019-13377 CVE-2019-16275. 8.40.3.2:C12 Corrected a streaming issue affecting RTSP tunneled via HTTPs. Corrections in 8.40.3.1 since 8.40.3 ===================================== 8.40.3.1:C01 General improvements to the 2018 LTS platform. 8.40.3.1:C02 Corrected an issue that on rare occasions caused the image to go grey when streaming JPEG. 8.40.3.1:C03 Corrected an issue that caused playback from a SD card of recorded MKV files with audio to fail on rare occasions. 8.40.3.1:C04 Corrected an issue with the resolution on the ONVIF command getstatus (PTZ). 8.40.3.1:C05 Corrected an issue that caused a reboot of the camera to start an ACAP even though STARTMODE=never was set in its configuration. 8.40.3.1:C06 Corrected an issue that caused audio not to be included in video clips when audio encoding G711 Mulaw was enabled. 8.40.3.1:C07 Corrected an issue that made it possible to add an action rule recipient without nice-name via API. 8.40.3.1:C08 Updated OpenSSL to version 1.1.1d to increase overall minimum cyber security level. 8.40.3.1:C09 Corrected an issue that caused param.cgi to show password in plain text when listing a specified ACAP parameter. 8.40.3.1:C10 Corrected a streaming issue that caused the RTSP server to omit the RTP-info header on rare occasions. Corrections in 8.40.3 ================================================================================ 8.40.3:C01 Fixed critical vulnerability ACV-116267. 8.40.3:C02 Corrected critical vulnerability ACV-128401. 8.40.3:C03 Patched security vulnerability CVE-2018-5390 to increase overall minimum cyber security level. 8.40.3:C04 Patched security vulernability CVE-2018-14526 to increase overall minimum cyber security level. 8.40.3:C05 Update libssh2 to version 1.9.0 to increase overall minimum cyber security level. This update includes correction for CVE-2019-13115. 8.40.3:C06 Corrected the following kernel vulnerabilities to increase overall minimum cyber security level (collectively known as "TCP SACK PANIC"): CVE-2019-11477, CVE-2019-11478, CVE-2019-11479. 8.40.3:C07 Updated openSSL to version 1.1.1c to increase overall minimum cyber security level. 8.40.3:C08 Added support for TLSv1.3. 8.40.3:C09 Updated Apache to version 2.4.41 to increase overall minimum cyber security level. 8.40.3:C10 Updated OpenSSH to version 7.9p to increase overall minimum cyber security level. 8.40.3:C11 Corrected the following security vulnerabilities to increase overall minimum cyber security level: CVE-2019-3855, CVE-2019-3856, CVE-2019-3857, CVE-2019-3858, CVE-2019-3859, CVE-2019-3860, CVE-2019-3861, CVE-2019-3862, CVE-2019-3863. 8.40.3:C12 Corrected security vulnerability CVE-2019-0217 in Apache to increase overall minimum cyber security level. 8.40.3:C13 Corrected security vulnerability CVE-2017-16544 in BusyBox to increase overall minimum cyber security level. 8.40.3:C14 Corrected the following vulnerabilities in order to increase overall minimum cybersecurity level: CVE-2018-16864, CVE-2018-16865, CVE-2018-16866. 8.40.3:C15 Corrected security vulnerability in Systemd CVE-2019-6454 to increase overall minimum cyber security level. 8.40.3:C16 Updated pre-installed Mozilla CA-certificates to versions available at 20190122. 8.40.3:C17 Corrected an issue when an ONVIF client connected to the camera via digest authentication. 8.40.3:C18 Reduced the waiting time for receiving a video stream significantly when a 2nd client requests a video stream via multicast. 8.40.3:C19 Corrected an issue that delivered E-Mails send from the camera with a wrong time stamp in the e-mail header. 8.40.3:C20 Corrected an issue with FTP recipients configured with a DNS name instead of a static IP-address which caused the FTP recipient test or action rule to fail. 8.40.3:C21 Increased user awareness when converting legacy overlays to dynamic overlays. A restart of ongoing recordings is required after overlay conversion. 8.40.3:C22 Improved the certificate management system: It is now possible to upload PKCS#12 certificates with a total size of 102400 bytes. The previous limit was 1/10 of it. 8.40.3:C23 Improved the certificate management system: added support for certificate IDs with long names. 8.40.3:C24 Improved the certificate management system: added system log information for failing certificate upload. 8.40.3:C25 Corrected an issue that caused SMB connection problems to NetApp NAS configured for SMBv2. 8.40.3:C26 Improved robustness of the O3C client. 8.40.3:C27 Added information about Certificate ID to the Installed Certificates section in the server report. 8.40.3:C28 Added GOP Length option to the Stream Profile Settings. 8.40.3:C29 Improved re-connection behavior to AVHS server. The time between failed connection attempts will now gradually increase until a hard limit is reached. Known Bugs/Limitations ====================== 8.40.3:L01 Changing the thermal palette in Basic Setup -> Video -> Video Stream during normal run time operation when having Continuous Recording and a Send Image to FTP Server action rule running will result in the action rule itself not being processed anymore. 8.40.3:L02 There might be features currently explained in the help files that may not be supported by the camera. 8.40.3:L03 Videos recorded using the video capture feature in Live View may not be playable or might get stuck in some media players. This was seen e.g. with Windows Media Player. 8.40.3:L04 An overlay text (e.g. date/time modifier) that has been configured in the classic web-interface will still be shown in the new web-interface even though a user might have disabled the overlay text there after firmware update. A user needs to disable the overlay text in the Plain config. Untick the checkboxes for Image Ix Text -> ClockEnabled and DateEnabled. 8.40.3:L05 IEEE 802.1x configuration does not work in Microsoft Edge. 8.40.3:L06 A user might experience frame drops on rare conditions when video streaming in Firefox 57 due to specific computer hardware. It is recommended to use Google Chrome instead. 8.40.3:L07 It is recommended to refresh the browser with F5 after doing a FW upgrade from FW 6.xx to 8.xx or higher in order to show all the new settings in the web- interface. Supported AXIS VAPIX API Image Resolutions for AXIS Q1942 ========================================================= Resolution Exceptions ========== ========== 800x600 720x576 640x512 640x480 480x360 384x288 320x256 320x240 240x180 176x144 160x128 160x120 768x576 1) 704x576 1) 704x480 1) 704x288 1) 704x240 1) 352x288 1) 352x240 1) 192x144 1) 176x120 1) 80x60 1) 1) Not visible in web user interface Known Bugs/Limitations ====================== 8.40.3:L01 Changing the thermal palette in Basic Setup -> Video -> Video Stream during normal run time operation when having Continuous Recording and a Send Image to FTP Server action rule running will result in the action rule itself not being processed anymore. 8.40.3:L02 There might be features currently explained in the help files that may not be supported by the camera. 8.40.3:L03 Videos recorded using the video capture feature in Live View may not be playable or might get stuck in some media players. This was seen e.g. with Windows Media Player. 8.40.3:L04 An overlay text (e.g. date/time modifier) that has been configured in the classic web-interface will still be shown in the new web-interface even though a user might have disabled the overlay text there after firmware update. A user needs to disable the overlay text in the Plain config. Untick the checkboxes for Image Ix Text -> ClockEnabled and DateEnabled. 8.40.3:L05 IEEE 802.1x configuration does not work in Microsoft Edge. 8.40.3:L06 A user might experience frame drops on rare conditions when video streaming in Firefox 57 due to specific computer hardware. It is recommended to use Google Chrome instead. 8.40.3:L07 It is recommended to refresh the browser with F5 after doing a FW upgrade from FW 6.xx to 8.xx or higher in order to show all the new settings in the web- interface. Supported AXIS VAPIX API Image Resolutions for AXIS Q1942 ========================================================= Resolution Exceptions ========== ========== 800x600 720x576 640x512 640x480 480x360 384x288 320x256 320x240 240x180 176x144 160x128 160x120 768x576 1) 704x576 1) 704x480 1) 704x288 1) 704x240 1) 352x288 1) 352x240 1) 240x135 1) 192x144 1) 176x120 1) 80x60 1) 1) Not visible in web user interface