FIRMWARE RELEASE NOTE ====================== Products affected: AXIS Q1942 Release date: 2022-04-26 Release type: Production Firmware version: 9.80.3.11 Preceding release: 9.80.3.10 -------------------------------------------------------------------------------- This is the LTS-2020 track. Upgrade recommendations ======================== If you need to step up your firmware several steps, it is recommended to do an intermediate upgrade to LTS-tracks before proceeding. For example if the current version is 6.55 and you want to upgrade to 9.80. Then you should do the upgrade in these steps: 6.55 => 8.40 LTS => 9.80 LTS. Upgrade the firmware according to the instructions given in howtoupgrade.txt, which is included in the firmware folder or at the firmware portal at https://www.axis.com NOTE ======================== For latest information about Axis Cybersecurity, see: https://www.axis.com/support/product-security Corrections in 9.80.3.11 since 9.80.3.10 ========================================= 9.80.3.11:C01 General improvements to the LTS-2020 platform. 9.80.3.11:C02 Receiving ICMP redirects from other network hosts are now disabled to increase overall minimum cybersecurity level. 9.80.3.11:C03 Corrected CVE-2021-33910. 9.80.3.11:C04 Updated the certificate management API's to handle camera models that do not support Real- Time Streaming Protocol over SSL (RTSPS). 9.80.3.11:C05 Updated OpenSSL to version 1.1.1n to increase the overall minimum cybersecurity level. 9.80.3.11:C06 Corrected CVE-2021-29462. 9.80.3.11:C07 Updated wpa-supplicant to version 2.10 to increase overall minimum cybersecurity level. 9.80.3.11:C08 Improved memory management in the network services daemon. 9.80.3.11:C09 Upgraded Apache to version 2.4.53 to increase overall cybersecurity level. Corrections in 9.80.3.10 since 9.80.3.8 ======================================== 9.80.3.10:C01 General improvements to the LTS-2020 platform. 9.80.3.10:C02 Upgraded Apache to version 2.4.52 to increase overall cybersecurity level. 9.80.3.10:C03 Improved handling of empty recordings. 9.80.3.10:C04 Corrected an issue that caused the Send images event to stop uploading towards a FTP server when the filename included a space (" "). 9.80.3.10:C05 Corrected CVE-2020-13848. 9.80.3.10:C06 Updated OpenSSL to version 1.1.1m to increase the overall cybersecurity level. Corrections in 9.80.3.8 since 9.80.3.7 ======================================= 9.80.3.8:C01 General improvements to the LTS-2020 platform. Corrections in 9.80.3.7 since 9.80.3.5 ======================================= 9.80.3.7:C01 General improvements to the LTS-2020 platform. 9.80.3.7:C02 Improved system stability of the Network Services. 9.80.3.7:C03 Upgraded Apache to version 2.4.51 to increase overall cybersecurity level. 9.80.3.7:C04 Corrected an issue that could cause 'transmit.cgi' to close connection prematurely when transmitting audio to the camera. 9.80.3.7:C05 Improved response time of the I/O port monitoring cgi "/axis-cgi/io/input.cgi?monitor=1". 9.80.3.7:C06 Updated OpenSSL to version 1.1.1l to increase overall cybersecurity level. 9.80.3.7:C07 Updated curl to version 7.79.1 to increase overall cybersecurity level. 9.80.3.7:C08 The Remote Syslog configuration is now preserved during a firmware update within the same firmware track. 9.80.3.7:C09 Corrected an issue that caused Overlay text flickers when used in conjunction with an event triggered by Recording ongoing condition. 9.80.3.7:C10 Corrected an issue that caused active recordings to be restarted when adding a new recording rule. Corrections in 9.80.3.5 since 9.80.3.3 ======================================= 9.80.3.5:C01 General improvements to the LTS-2020 platform. 9.80.3.5:C02 Corrected an issue that interrupted the NTP-time-sync between the Axis device and NTP- server when the NTP-server was operating instable and suffered fluctuating time-changes. 9.80.3.5:C03 Corrected CVE-2021-31987. 9.80.3.5:C04 Corrected CVE-2020-26558. 9.80.3.5:C05 Corrected CVE-2021-31986. 9.80.3.5:C06 Corrected CVE-2021-31988. 9.80.3.5:C07 Updated curl to version 7.78.0 to increase overall cybersecurity level. 9.80.3.5:C08 Updated Apache to version 2.4.48 to increase overall cyber security level. 9.80.3.5:C09 Corrected CVE-2021-27219. 9.80.3.5:C10 Corrected CVE-2021-27218. Corrections in 9.80.3.3 since 9.80.3.2 ======================================= 9.80.3.3:C01 General improvements to the LTS-2020 platform. 9.80.3.3:C02 Corrected an issue that did not account for MTU packet fragmentation for IEEE 802.1x authentication. Previously the Axis device was not able to authenticate properly against an 802.1x network when the MTU was configured to 1410 or lower. 9.80.3.3:C03 Corrected an issue that prevented the device to stream in always-multicast mode after the video stream processing has been restarted. 9.80.3.3:C04 Extended the 802.1x EAP-Identity field character limit from 32 to 128 characters. 9.80.3.3:C05 Increased the number of characters allowed in the name of an Action Event Condition, from 80 to 512. 9.80.3.3:C06 Updated OpenSSH to version 8.6p1 to increase the overall minimum cyber security level. Corrections in 9.80.3.2 since 9.80.3.1 ======================================= 9.80.3.2:C01 General improvements to the LTS-2020 platform. 9.80.3.2:C02 Corrected an issue that on rare occasions caused the image to turn green after a power loss. 9.80.3.2:C03 Corrected an issue that on some occasions could prevent export of a part of a recording. 9.80.3.2:C04 Updated OpenSSL to version 1.1.1k to fix CVE-2021-3449 and CVE-2021-3450. 9.80.3.2:C05 Corrected an issue that prevented the Axis device to respond with HTTP 403 Forbidden when the source-ip address was blocked when using PreventDOSAttack in Plain Config -> System. Previously HTTP 401 Unauthorized was returned. 9.80.3.2:C06 Added support for Micron SD Card Health Monitoring. 9.80.3.2:C07 Improved Link Layer Discovery Protocol (LLDP) system stability. 9.80.3.2:C08 Corrected nice names for the PreventDoSAttack parameters in Settings -> System -> Plain Config-> System -> PreventDoSAttack. Corrections in 9.80.3.1 since 9.80.3 ===================================== 9.80.3.1:C01 General improvements to the LTS-2020 platform. 9.80.3.1:C02 Improved Link Layer Discovery Protocol (LLDP) system stability. 9.80.3.1:C03 Updated Curl to version 7.73.0 to increase overall cybersecurity level. 9.80.3.1:C04 Updated OpenSSL to version 1.1.1i to increase overall cyber security level. 9.80.3.1:C05 Corrected an issue that caused the MQTT configuration in the device to get corrupt on rare occasions. 9.80.3.1:C06 Corrected an issue that could cause an MQTT event to be duplicated upon registering the same event multiple times. Corrections in 9.80.3 since 9.80.2.5 ===================================== 9.80.3:C01 General improvements to the LTS-2020 platform. 9.80.3:C02 Corrected an issue in oak.cgi that could cause invalid requests. 9.80.3:C03 Corrected an issue in the Web GUI that caused an error message when using a client certificate with '>' character in it's ID for HTTPS access. New features in 9.80.2.5 ================================================================================ 9.80.2.5:F1 Update OpenSSL to version 1.1.1h to increase overall cyber security level. 9.80.2.5:F2 Updated Curl to version 7.69.1 to increase overall cybersecurity level. 9.80.2.5:F3 The following HTTP headers are now configured per default to increase overall cybersecurity level: X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block. 9.80.2.5:F4 Updated Apache to version 2.4.46 to increase overall cyber security level. 9.80.2.5:F5 Added support for HTTP Strict Transport Security (HSTS) when using HTTPS. 9.80.2.5:F6 Added support for disabling the SD card slot in PlainConfig -> Storage -> Storage.S0.Enabled. After change, the camera needs to be restarted. 9.80.2.5:F7 Added support for Custom Header CGI. It is now possible to customize headers to support e.g. Access-Control-Allow-Origin (CORS) and X-Frame-Options to increase minimum cybersecurity level. Please https://www.axis.com/vapix-library for more information. 9.80.2.5:F8 Added support for Message Queuing Telemetry Transport protocol (MQTT). The AXIS products acts as a client able to publish its events to a MQTT broker. More information can be found in the VAPIX library at https://www.axis.com/vapix- library/. 9.80.2.5:F9 Added the functionality to automatically restart ongoing recordings when time in the product is updated significantly. This ensures that the time displayed in text overlays match the timeline. 9.80.2.5:F10 Updated Video Motion Detection to version 4.4.5. 9.80.2.5:F11 Updated Motion Guard to version 2.2.4. 9.80.2.5:F12 Updated Fence Guard to version 2.2.4. 9.80.2.5:F13 Updated Loitering Guard to version 2.2.4. 9.80.2.5:F14 Added support for resolve domain name trap addresses in SNMP. 9.80.2.5:F15 SEI (Supplemental enhancement information) messages is since 9.60.1 included in recorded H.264 videos. 9.80.2.5:F16 Added support for setting image frequency in action rules. 9.80.2.5:F17 Added possibility to disable the web UI to increase overall minimum cyber security level. The web UI can be disabled under System -> PlainConfig -> System -> System Web Interface Disabled. To enable the web UI after it has been disabled, the VAPIX parameter System.WebInterfaceDisabled must be set to "no". 9.80.2.5:F18 Added support for search functionality in help files. 9.80.2.5:F19 Added support for millisecond timestamps in JPEG header. 9.80.2.5:F20 Added support for systemready.cgi which will improve re-connection of the browser to the web-interface after e.g. powercyle or restart of the product. 9.80.2.5:F22 Added support for average bitrate control (ABR). 9.80.2.5:F23 Added support for automatic firmware rollback verfication. The user can chose to select this option prior to performing an firmware upgrade. When chosen, the product will perform the upgrade and then wait a pre-defined time for the user to acknowledge the upgrade in the web-interface. If not acknowledged in time, the product will rollback to its previous firmware. 9.80.2.5:F24 Added support for the possibility to configure a secondary NTP server in web- interface under Settings -> System -> Date & Time or via VAPIX Time API. 9.80.2.5:F25 Removed the root users default password in factory defaulted firmware. The password of the root user must be set first in order to initialize VAPIX and ONVIF interfaces to allow further configuration. This change only affects products in its factory defaulted state, products that are already deployed in production systems are not affected by this update until factory defaulted. For more information please see https://www.axis.com/support/faq/FAQ116429. 9.80.2.5:F26 Added support for uploading custom firmware certificates in the web-interface under Settings -> System -> Security in order to allow the Axis product to accept AXIS developer firmware during firmware upgrade. 9.80.2.5:F27 Added an API for mDNS-SD. 9.80.2.5:F28 It is now possible to upload .PFX formatted certificates with a total size of 102400 bytes. The previous limit was 1/10 of it. 9.80.2.5:F29 Added support for "Wait at least time x" before re-running an configured action rule. 9.80.2.5:F30 TLS1.0 and TLS1.1 is now disabled by default. 9.80.2.5:F31 Added support for source-specific multicast (SSM) via http://ip-address/axis- media/ssm/media.amp. 9.80.2.5:F32 Added support for TLSv1.3. 9.80.2.5:F33 The classic GUI has been deprecated and is now removed to increase overall cyber security level. 9.80.2.5:F34 Firmware is now signed by AXIS to increase overall minimum cybersecurity level. More information about Signed Firmware can be found here https://www.axis.com/support/faq/FAQ116424. 9.80.2.5:F35 Added support for dynamic power allocation via Link Layer Discovery Protocol (LLDP) in addition to PoE-class based power allocation. This allows the switch to allocate less power to the camera and potentially a greater number of PoE devices can be connected to the switch. LLDP can be enabled in Settings -> System -> PlainConfig -> Network -> LLDP POE -> LLDP Send Max PoE. 9.80.2.5:F36 Added support for signed ACAP applications. 9.80.2.5:F37 Firwmare Recovery will also rollback the previous state of applications (ACAPs) now. Known Bugs/Limitations ================================================================================ 9.80.2.5:L1 When upgrading from 6.x, unless the product is to be factory defaulted, it is important to do an intermediate upgrade to latest LTS 2018 before continuing. 9.80.2.5:L2 There might be event settings available that is not applicable to the product with the current setup. 9.80.2.5:L3 There might be features currently explained in the help files that may not be supported by the camera. 9.80.2.5:L4 It is recommended to perform firmware recovery to rollback the products firmware to a previous version. 9.80.2.5:L5 PTZ image freeze does not work on preset movements. Supported AXIS VAPIX API Image Resolutions for Q1942 ================================================================================ Resolution Exceptions ------------ ------------ 800x600 720x576 640x512 640x480 480x360 384x288 320x256 320x240 240x180 176x144 160x128 160x120 768x576 1) 704x576 1) 704x480 1) 704x288 1) 704x240 1) 352x288 1) 352x240 1) 192x144 1) 176x120 1) 80x60 1) 1) Not visible in web user interface