FIRMWARE RELEASE NOTE ===================== Products affected: AXIS C3003-E Release date: 2024-10-08 Release type: Production Firmware version: 9.80.78.1 Preceding release: 9.80.72.1 -------------------------------------------------------------------------------- Upgrade instructions ==================== NOTE: Upgrade from FW version 1.81.040 or below, directly to 9.80.78.1 is not possible. Customers are advised to upgrade in these steps: 1.65.032 or 1.81.40 -> 1.85.060 -> 9.80.2.2 -> 9.80.78.1 Upgrade the firmware according to the instructions given in howtoupgrade.txt, which is included in the firmware folder or at the firmware portal at https://www.axis.com Corrections in 9.80.78.1 since 9.80.72.1 =========================================== 9.80.78.1:C01 Updated OpenSSL to version 1.1.1y to increase overall cybersecurity level. 9.80.78.1:C02 Updated libssh2 to version 1.11.0 to increase overall cybersecurity level. 9.80.78.1:C03 Updated OpenSSH to version 9.8p1 to increase overall cybersecurity level. 9.80.78.1:C04 Updated Apache to version 2.4.62 to increase overall cybersecurity level. 9.80.78.1:C05 Updated cURL to version 8.9.0 to increase overall cybersecurity level. 9.80.78.1:C06 Addressed a vulnerability allowing DHCPv6 lease injection through unvalidated input parameters. 9.80.78.1:C07 Addressed CVE-2024-0067. For more information, please visit the Axis vulnerability management portal. 9.80.78.1:C08 Addressed CVE-2024-6509. For more information, please visit the Axis vulnerability management portal. 9.80.78.1:C09 Addressed CVE-2023-52160 in wpa-supplicant to increase overall minimum cybersecurity level 9.80.78.1:C10 Added DNS cache for O3C client to reduce the DNS lookup. Corrections in 9.80.72.1 since 9.80.66.1 =========================================== 9.80.72.1:C01 The parameter RemoteService.ProxyPassword that controls the proxy password has been masked and made unreadable for security reasons. 9.80.72.1:C02 Addressed CVE-2024-0066. For more information, please visit the Axis vulnerability management portal. 9.80.72.1:C03 Corrected an issue where SSH users who used ssh-copy-id to install their SSH key as authorized on the device would unintentionally still have SSH access after a factory default with keeping IP settings. 9.80.72.1:C04 Corrected memory problems for products utilizing AXIS O3C Dispatcher service. Corrections in 9.80.66.1 since 9.80.55.1 =========================================== 9.80.66.1:C01 Updated time zone database version to 2024a. 9.80.66.1:C02 Updated OpenSSH to version 9.6p1 to increase overall cybersecurity level. 9.80.66.1:C03 Updated OpenSSL to version 1.1.1x to increase overall cybersecurity level. 9.80.66.1:C04 Updated cURL to version 8.7.1 to increase overall cybersecurity level. Corrections in 9.80.55.1 since 9.80.49.1 =========================================== 9.80.55.1:C01 Updated Apache to version 2.4.58 to increase the overall cybersecurity level. 9.80.55.1:C02 Updated curl to version 8.5.0 to increase overall cybersecurity level. 9.80.55.1:C03 Addressed CVE-2024-0054. For more information, please visit the Axis vulnerability management portal. Corrections in 9.80.49.1 since 9.80.47.1 =========================================== 9.80.49.1:C01 Updated curl to version 8.4.0 to increase overall cybersecurity level. 9.80.49.1:C02 Corrected CVE-2023-21418. For more information, please visit the Axis vulnerability management portal. 9.80.49.1:C03 Corrected CVE‐2023‐21417. For more information, please visit the Axis vulnerability management portal. Corrections in 9.80.47.1 since 9.80.22.1 =========================================== 9.80.47.1:C01 Updated CURL to version 8.3.0 to increase overall cybersecurity level. 9.80.47.1:C02 Updated OpenSSL to version 1.1.1w to increase the overall cybersecurity level. 9.80.47.1:C03 Updated Apache to version 2.4.57 to increase the overall cybersecurity level. 9.80.47.1:C04 Added proxy configuration support to the Owner Authentication Key (OAK) cgi using group root.RemoteService, simplifying setup on networks requiring proxy servers for Internet access and improving the authentication process. 9.80.47.1:C05 Improved stability of the syslog system by addressing a potential memory leak. 9.80.47.1:C06 Improved UPnP compliance by updating the SSDP (Simple Service Discovery Protocol) SERVER header in the standard "OS/version UPnP/1.0 product/version" format and USN (Unique Service Name) field with a UUID in the standard format. This enhances consistency and compatibility. 9.80.47.1:C07 Updated time zone database version to 2023c. 9.80.47.1:C08 Updated libupnp to version 1.14.16, solving a memory leak and improving overall stability. 9.80.47.1:C09 Corrected an issue with OAK (owner authentication key). It now only produces warnings in the log instead of errors if the device is not able to connect to the internet. 9.80.47.1:C10 Improved the handling of SD card timeouts, ensuring that processes no longer hang for prolonged periods when a faulty SD card is detected. Applies to: All products with SD card support Corrections in 9.80.22.1 since 9.80.3.13.1 =========================================== 9.80.22.1:C01 New versioning on AXIS OS LTS 2020. For more information, see AXIS OS versioning. https://help.axis.com/en-us/axis-os-release-notes#:~:text=New%20versioning%20on%20AXIS%20OS%20LTS%202020.%20For%20more%20information%2C%20see%20AXIS%20OS%20versioning. 9.80.22.1:C02 General improvements to the LTS-2020 platform. 9.80.22.1:C03 Updated Apache to version 2.4.55 to increase the overall cybersecurity level. 9.80.22.1:C04 Updated CURL to version 7.88.1 to increase overall cybersecurity level. 9.80.22.1:C05 Updated OpenSSL to version 1.1.1t to increase overall cybersecurity level. 9.80.22.1:C06 Corrected an issue affecting some O3C clients, that caused internal authentication requests to fail after a few days of uptime. 9.80.22.1:C07 Improved stability of syslog system by addressing a potential memory leak. 9.80.22.1:C08 Updated time zone database version to 2022g. 9.80.22.1:C09 Receiving ICMP secure redirects from other network hosts are now disabled to increase overall minimum cyber security level. 9.80.22.1:C10 Corrected an issue that caused audio via external VMS to stop working. Limitations in 9.80.22.1, 9.80.3.13.1 and 9.80.3.8.1 ========================================= 9.80.22.1, 9.80.3.13.1 and 9.80.3.8.1 The "System Overview" and "System Settings" options in the device configuration menu may be hidden if the device is not part of an audio system. If you wish to enable these menu options, please start the AXIS Audio Player ACAP (found under the menu option "Services"). Then open the AXIS Audio Player and use the application (e.g. open the volume slider in the lower right corner and adjust the volume) Go back to the device configuration menu and refresh the browser page. The "System Overview" and the "System Settings" options should now be available. Corrections in 9.80.3.13.1 since 9.80.3.8.1 =========================================== 9.80.3.13.1:C01 General improvements to the LTS-2020 platform. 9.80.3.13.1:C02 Upgraded Apache to version 2.4.54 to increase overall cybersecurity level. 9.80.3.13.1:C03 Updated OpenSSL to version 1.1.1q to increase the overall cybersecurity level. 9.80.3.13.1:C04 Corrected CVE-2018-25032. 9.80.3.13.1:C05 Corrected CVE-2021-33910. 9.80.3.13.1:C06 Corrected CVE-2021-29462. 9.80.3.13.1:C07 Corrected CVE-2020-13848. 9.80.3.13.1:C08 Removed an obsolete link to the AXIS Hardening guide in the device configuration web. For more information about AXIS hardening, please visit Axis.com. Corrections in 9.80.3.8.1 since 9.80.3.1 ======================================== 9.80.3.8.1:C01 General improvements to the LTS-2020 platform. 9.80.3.8.1:C02 Upgraded Apache to version 2.4.51 to increase overall cybersecurity level. 9.80.3.8.1:C03 Updated OpenSSL to version 1.1.1l to increase overall cybersecurity level. 9.80.3.8.1:C04 Updated curl to version 7.79.1 to increase overall cybersecurity level. 9.80.3.8.1:C05 Improvements to NTP Sync for unstable networks that allows the NTP device client to adjust itself and allow an overwrite to happen to compensate a possible time difference. 9.80.3.8.1:C06 Fixed a problem where output gain could not be adjusted for SIP-calls. Corrections in 9.80.3.1 since 9.80.2.2 ====================================== 9.80.3.1:C01 General improvements to the LTS-2020 platform. 9.80.3.1:C02 Updated Curl to version 7.73.0 to increase overall cybersecurity level. 9.80.3.1:C03 Updated OpenSSL from version 1.1.1g to version 1.1.1i to increase overall cyber security level. 9.80.3.1:C04 Updated Apache from version 2.4.43 to version 2.4.46 to increase overall cyber security level. 9.80.3.1:C05 Added possibility to retrieve the device Owner Authentication Key (OAK) in the web GUI. Note that this functionality requires that the product have direct access to the internet. 9.80.3.1:C06 Corrected an issue that sometimes made it impossible to edit action rules after upgrade. 9.80.3.1:C07 Corrected an issue where start/stop clip cgi sometimes is not being executed correctly. 9.80.3.1:C08 Corrected an issue where SD cards new from the box or formatted with a file system that is not valid for the device (for example exFAT) the SD card could not be formatted in device configuration web. Corrections in 9.80.2.2 since 1.97.1 ==================================== 9.80.2.2:C01 Updated Apache to version 2.4.43 to increase overall cyber security level. 9.80.2.2:C02 Update OpenSSL to version 1.1.1g to increase overall cyber security level. 9.80.2.2:C03 Corrected an issue that sometimes made it impossible to edit action rules after upgrade. 9.80.2.2:C04 Updated maximum allowed announcements in Axis Audio Player from 70 to 80. 9.80.2.2:C05 Changed the priority between SIP and Media clip so that Media clip has the highest priority. 9.80.2.2:C06 Changes in sound profile for Network Horn Speakers (C3003-E and C1310-E) which results in a change in total system output gain. Approximate dB changes: Total system output gain previous releases <= -24dB -> add +8dB total system output gain in 9.80.2.2. Total system output gain previous releases <= -20dB -> add +6dB total system output gain in 9.80.2.2. Total system output gain previous releases <= -12dB -> add +3dB total system output gain in 9.80.2.2. 9.80.2.2:C07 Rollback - When upgrading the firmware in an Axis product, a restore point of the previous state of the product and its entire configuration is made before the upgrade. This restore point is available to go back to after the firmware upgrade has been performed in case of an unexpected issue. The firmware rollback feature can be found in the Axis product’s web interface under Settings > System > Maintenance.