FIRMWARE RELEASE NOTE ====================== Products affected: AXIS P3905-R Mk II Release date: 2020-11-03 Release type: Production Firmware version: 6.50.5.3 Preceding release: 6.50.5.2 -------------------------------------------------------------------------------- This is the LTS-2016 track. Upgrade instructions ==================== Upgrade the firmware according to the instructions given at https://www.axis.com/ca/en/support/technical-notes/how-to-upgrade or howtoupgrade.txt, which is included in the firmware folder. NOTE ==================== For latest information about Axis Cybersecurity, see https://www.axis.com/se/sv/support/product-security. Corrections in 6.50.5.3 since 6.50.5.2 ======================================= 6.50.5.3:C01 General improvements to the LTS-2016 platform. 6.50.5.3:C02 Updated Apache to version 2.4.46 to increase overall cyber security level. 6.50.5.3:C03 Added a sensitivity parameter to the PlainConfig for Tampering Detection that can now be adjusted by the user. 6.50.5.3:C04 Corrected an issue that caused a failure to send images with Action Rules to email recipients. 6.50.5.3:C05 Corrected an issue that caused test button in the webGUI to not work when mounting Network Attached Storage (NAS) configured with SMB v3. Corrections in 6.50.5.2 since 6.50.5.1 ======================================= 6.50.5.2:C01 General improvements to the LTS 2016 platform. 6.50.5.2:C02 Update libssh2 to version 1.9.0 to increase overall cybersecurity. This update includes correction for CVE-2019-13115. 6.50.5.2:C03 Corrected an issue that caused old recordings to not be removed after their retention period was expired. 6.50.5.2:C04 Added possibility to retrieve the device Owner Authentication Key (OAK) in the web GUI. Note that this functionality requires that the product have direct access to the internet. 6.50.5.2:C05 Disabled the HTTP Options method in the Apache webserver replies to increase overall cyber security level. 6.50.5.2:C06 Updated OpenSSL to version 1.1.1g to increase overall cybersecurity level. 6.50.5.2:C07 Updated Apache to version 2.4.43 to increase overall cybersecurity level. 6.50.5.2:C08 Corrected a streaming issue to handle timestamps correctly after a RTSP:PAUSE/RESUME event. This could cause gaps in recordings when using Axis Media Control (AMC). 6.50.5.2:C09 Updated curl to 7.69.1 to increase overall cybersecurity level. Corrections in 6.50.5.1 since 6.50.5 ===================================== 6.50.5.1:C01 General improvements to the 2016 LTS platform. 6.50.5.1:C02 Corrections for the security vulnerability CVE-2019-16275 in wpa_supplicant/hostapd. 6.50.5.1:C03 Corrected an issue that prevented video clips to be sent from action rules using HTTPS or Email recipients. 6.50.5.1:C04 Corrected an issue that caused the database used to store DHCP adresses to be corrupted during a power cut. 6.50.5.1:C05 Added ProxyDispatcherOnly option to the O3C/AVHS client that can control proxy configurations of dispatcher services. Corrections in 6.50.5 since 6.50.4.2 ===================================== 6.50.5:C01 General improvements to the 2016 LTS platform. 6.50.5:C02 Updated libcurl to version 7.68 to increase overall cyber security. 6.50.5:C03 Corrected a streaming issue that caused the RTSP server to omit the RTP-info header on rare occasions. 6.50.5:C04 Updated OpenSSH to version 7.9p to increase overall cyber security. 6.50.5:C05 Corrected an issue that caused the test recipient button in the Web GUI to not work properly when setting up an event mail recipient. 6.50.5:C06 Updated OpenSSL to version 1.1.1d to increase overall cyber security. 6.50.5:C07 Added support for resolve domain name trap addresses in SNMP. 6.50.5:C08 Corrected a streaming issue affecting RTSP tunneled via HTTPs. 6.50.5:C09 Updated wpa-supplicant to version 2.9 to increase overall cyber-security. The following security vulnerabilites are included: CVE-2019-13377 CVE-2019-16275. Corrections in 6.50.4.2 since 6.50.4.1 ======================================= 6.50.4.2:C01 Corrected an issue that prevented the user to set the time and date manually in the WebGUI. Corrections in 6.50.4.1 since 6.50.4 ===================================== 6.50.4.1:C01 General minor improvements to the 2016 LTS platform. 6.50.4.1:C02 Updated OpenSSL to version 1.0.2t to increase overall minimum cyber security level. 6.50.4.1:C03 Updated Apache to version 2.4.41 to increase overall minimum cyber security level. 6.50.4.1:C04 Updated time zones in date/time settings in web-GUI. 6.50.4.1:C05 Corrected an issue that caused param.cgi to show password in plain text when listing a specified ACAP parameter. 6.50.4.1:C06 Added support for health status from Western Digital SD-cards. 6.50.4.1:C07 Corrected an issue that caused a reboot of the camera to start an ACAP even though STARTMODE=never was set in its configuration. 6.50.4.1:C08 Correct an issue that could disconnect the camera from network share drive when CIFS (SMB) 2.x or higher is enable. 6.50.4.1:C09 Corrected an issue that on rare occasions caused the image to go grey when streaming JPEG. Corrections in 6.50.4 since 6.50.3.2 ===================================== 6.50.4:C01 General minor improvements to the 6.50 LTS platform. 6.50.4:C02 Corrected an issue that caused snapshot JPEG images to contain erroneous data and resulting in problems to display them in some viewers. 6.50.4:C03 Increased the limit of concurrent HTTP requests for I/O related VAPIX commands from 4 to 10. 6.50.4:C04 Removed the root users default password in factory defaulted firmware. The password of the root user must be set first in order to initialize VAPIX and ONVIF interfaces to allow further configuration. This change only affects products in its factory defaulted state, products that are already deployed in production systems are not affected by this update until factory defaulted. 6.50.4:C05 Corrected an issue that prevented the insertion of triggered data in SEI messages when streaming H.264. 6.50.4:C06 Updated OpenSSL to version 1.0.2s to increase overall minimum cyber security level. 6.50.4:C07 Updated libssh2 to version 1.8.2 due to that version 1.8.1 broke publickey-userauth requests. 6.50.4:C08 Updated Mozilla ca-certificates to versions available at 20190122. 6.50.4:C09 Corrected security vulnerability in Systemd CVE-2019-6454 to increase overall minimum cyber security level. Corrections in 6.50.3.2 since 6.50.3.1 ======================================= 6.50.3.2:C01 General minor improvements to the 6.50 LTS platform. 6.50.3.2:C02 Improved robustness of the O3C client. 6.50.3.2:C03 Updated Apache to version 2.4.39 to increase overall minimum cyber security level. 6.50.3.2:C04 Updated to OpenSSL version 1.0.2r to increase overall minimum cyber security level. 6.50.3.2:C05 Patched the following security vulnerabilities to increase overall minimum cyber security level: CVE-2019-3855, CVE-2019-3856, CVE-2019-3857, CVE-2019-3858, CVE-2019-3859, CVE-2019-3860, CVE-2019-3861, CVE-2019-3862, CVE-2019-3863. 6.50.3.2:C06 Corrected the following vulnerabilities in order to increase overall minimum cybersecurity level: CVE-2018-16865, CVE-2018-16866. 6.50.3.2:C07 Corrected an issue that prevented the user from uploading a certificate that contains “Bag Attributes” before and after the actual certificate content. 6.50.3.2:C08 Corrected an issue that caused event notifications not been triggered on storage disruption. 6.50.3.2:C09 Corrected an issue with HTTP response which prevented the camera from streaming on rare occasions. 6.50.3.2:C10 Corrected an issues that could cause an incorrect error message when testing HTTP recipient. 6.50.3.2:C11 Patched security vulernability CVE-2018-17182 to increase overall minimum cyber security level. 6.50.3.2:C12 Adjusted re-connection behavior of interrupted AVHS connections on AVHS-server side. The time between failed connection attempts will now gradually increase until a hard limit is reached. 6.50.3.2:C13 Patched the security vulnerability CVE-2017-16544 in BusyBox to increase overall minimum cyber security level. 6.50.3.2:C14 Corrected an issue in the ACAP framework that could cause ACAPs to freeze on rare occasions. 6.50.3.2:C15 Corrected an issue that could cause corrupted video recordings when UserData or TriggerData are enabled. 6.50.3.2:C16 Corrected an issue that could cause failure to stream in low temperature environments. Corrections in 6.50.3.1 since 6.50.3 ===================================== 6.50.3.1:C01 General minor improvements to the 6.50 LTS platform. 6.50.3.1:C02 Patched the security vulnerability CVE-2017-16544 in BusyBox to increase overall minimum cyber security level. 6.50.3.1:C03 Corrected an issue in the ACAP framework that could cause ACAPs to freeze on rare occasions. 6.50.3.1:C04 Corrected an issue that could cause corrupted video recordings when UserData or TriggerData are enabled. 6.50.3.1:C05 Corrected an issue that could cause failure to stream in low temperature environments. Corrections in 6.50.3 since 6.50.2.3 ===================================== 6.50.3:C01 General minor improvements to the 6.50 LTS platform. 6.50.3:C02 Corrected an issue that could cause incorrect snapshot resolutions on view areas. 6.50.3:C03 Corrected an issue with the Axis event handling interface when deactivating events. 6.50.3:C04 Updated apache webserver to version 2.4.33 to increase overall minimum cyber security level. 6.50.3:C05 Corrected an issue with incorrect handling of ACAPs after camera boot. 6.50.3:C06 Added Perfect Forward Secrecy ciphers (DHE-RSA) to the ciphers selection. 6.50.3:C07 Patched security vulernability CVE-2018-14526 to increase overall minimum cyber security level. 6.50.3:C08 Updated OpenSSL to version 1.0.2o to increase overall minimum cyber security level. 6.50.3:C09 Added selection boxes for disabling TLSv1.0 and TLSv1.1 in Settings -> System -> PlainConfig -> HTTPS to enforce the highest possible HTTPS negotiation client handshake via TLSv1.2. 6.50.3:C10 Corrected an issue causing CIFS networkshare to become read only on mount on rare occasions. 6.50.3:C11 Added a Storage Stability Helper service for better handling of Network Shares. 6.50.3:C12 Updated Video Motion Detection to version 4.2.3. Corrections in 6.50.2.3 since 6.50.1.2 ====================================== 6.50.2.3:C01 General minor improvements to the 6.50 LTS platform. 6.50.2.3:C02 The license expiration date of an installed ACAP is now shown correctly again when running http://ip-address/axis-cgi/applications/list.cgi. 6.50.2.3:C03 The correct IPv6 router IP-addresses are now shown correctly in the network interface of the web-interface and in ONVIF responses. 6.50.2.3:C04 Adjusted the system log messages for the NTP daemon to be more specific and highlight that there is a time drift instead of an "adjustment". 6.50.2.3:C05 Corrected an issue that resets the barrel distortion correction settings after updating the camera. 6.50.2.3:C06 Support for day and night level shift. 6.50.2.3:C07 Corrected an issue that delivered E-Mails send from the camera with a wrong time zone in the e-mail header. 6.50.2.3:C08 Corrected an issue that delivered E-Mails send from the camera with a wrong time stamp in the e-mail header. 6.50.2.3:C09 Corrected an issue with FTP recipients configured with a DNS name instead of a static IP- address which caused the FTP recipient test or action rule to fail. 6.50.2.3:C10 Upgrade SSL negotiation in the AVHS client to SSLv23 instead of the deprecated TLSv1. 6.50.2.3:C11 Improved connection handling with Honeywell applications. 6.50.2.3:C12 The triple DES cipher is not selected as DEFAULT in the HTTPS settings to increase overall cyber security level. 6.50.2.3:C13 OpenSSL has been updated to version 1.0.2k to increase overall minimum cyber security level. 6.50.2.3:C14 Improved certificate handling. Certificates were previously not usable anymore when updating straight from FW 5.40 to 6.50. 6.50.2.3:C15 Corrected an issue that changed the IDs of certificates to numbers instead of keeping the original name. 6.50.2.3:C16 Corrected zoom compensation issue and improved zoom accuracy. 6.50.2.3:C17 Updated the Portable UPnP SDK to 1.6.22 to increase the overall cyber security level. 6.50.2.3:C18 Corrected an issue that prevented EIS to work when the zoom limit was set to optical only. 6.50.2.3:C19 Corrected zoom compensation issue and improved zoom accuracy. 6.50.2.3:C20 Corrected critical vulnerability ACV-120444. 6.50.2.3:C21 Corrected security vulnerability CVE-2016-2147. 6.50.2.3:C22 Corrected security vulnerability CVE-2016-2148. 6.50.2.3:C23 Corrected an issue that caused the camera to become unresponsive on rare occasions when using privacy masks. 6.50.2.3:C24 Corrected an issue that caused the camera to turn the image upside down on rare occations. 6.50.2.3:C25 SSH has been updated to 7.5 to increase overall cybersecurity standards. 6.50.2.3:C26 Corrected an issue with AXIS-CGI link decoding. Previously a CGI update to trigger an I/O port could fail because of malformed link decoding. 6.50.2.3:C27 Reduced the waiting time for receiving a video stream significantly when a 2nd client requests a video stream via multicast. 6.50.2.3:C28 Corrected an issue with Static IP configuration changed to DHCP after downgrading. 6.50.2.3:C29 Corrected an issue that made it impossible to play recordings from the camera in Genetec via ONVIF Profile G. 6.50.2.3:C30 Support for HTTP keep-alive connections via ONVIF. lowers the risk for security focused network infrastructure or unstable networks to block or drop PTZ control commands. 6.50.2.3:C31 Improved camera upgrade stability when configuration files become corrupt on rare occasions. 6.50.2.3:C32 Improved user notification when creating a E-mail recipient that contains wrong domain information. 6.50.2.3:C33 Corrected an issue that removed an unnecessary warning which was printed in the system log when a user creates an action rule sending HTTP notification with custom parameter. 6.50.2.3:C34 Product has passed IPv6 compliance. 6.50.2.3:C35 Corrected an issue that displayed system-only users as well under System Options -> Support -> System Overview. 6.50.2.3:C36 Improved stability when sending VAPIX commands through actionengined. 6.50.2.3:C37 Corrected an issue that caused a wrong time on the camera when Turkey timezone was configured and Daylight Saving Time was enabled. 6.50.2.3:C38 Corrected an issue that caused guard tours to stop running on rare occasions. 6.50.2.3:C39 - Affects PTZ products only - Corrected an issue that could cause a crash in PTZ ACAPs on rare occasions. 6.50.2.3:C40 - Affects PTZ products only - Corrected an issue that caused ACAPs that utilize the PTZ API to stop working on rare occasions. 6.50.2.3:C41 Improved camera stability when using liblicensekey. 6.50.2.3:C42 The Apache webserver has been updated to version 2.4.29 to increase overall minimum cybersecurity standards. 6.50.2.3:C43 Corrected an issue that prevented the user from login via SSH to the camera after updating to 6.50.2. 6.50.2.3:C44 Updated R2 GlobalSign Root Certificate to version 20170717. Required to enable Email recipients using 'Validate server certificate'. 6.50.2.3:C45 Added support for certificates with expiration dates beyond year 2038. 6.50.2.3:C46 Corrected an issue that let a user modify capture mode without performing the required restart during the initial set up of the camera. 6.50.2.3:C47 Corrected an issue that caused black images on rare occasions when high loads of Events are sent to the camera. 6.50.2.3:C48 Support for zoom-tracking in Recorded Guard Tour. Previously only pan/tilt movements were recorded. 6.50.2.3:C49 Corrected an issue that caused problems when testing multiple Email recipients. 6.50.2.3:C50 Corrected an issue in the trigger data that set Video loss to "Disconnected" as default initial state even when the camera is initially connected. 6.50.2.3:C51 Corrected an issue that could cause e-mail recipients to not be formatted correctly. 6.50.2.3:C52 Added new resolution sets. 6.50.2.3:C53 Corrected an issue that could cause synchronization to AVHS to fail. 6.50.2.3:C54 Corrected an issue that caused the camera to become unresponsive on rare occasions when connected to an AVHS system. 6.50.2.3:C55 Updated AXIS Video Motion Detection to version 4.2. 6.50.2.3:C56 Updated AXIS Media Control (AMC) version to 7.3.10.1. 6.50.2.3:C57 Corrected critical vulnerability ACV-128401. 6.50.2.3:C58 Corrected an issue that prevented the user to add the camera to Genetec when HTTPS was used. 6.50.2.3:C59 Adds PID/program name to network connection list in the Server Report. 6.50.2.3:C60 Corrected an issue that let the AXIS Camera Station failover recording not start instantly on rare occasions. 6.50.2.3:C61 Corrected an issue that caused the camera to stop streaming on rare occasions. Known Bugs/Limitations ====================== 6.50.4.1:L1 It is recommended to factory default the unit before making a downgrade if needed. 6.50.4.1:L2 Recording streams to SD card with a total bit rate above 12Mbit/sec may cause missing frames/sequences. Supported AXIS VAPIX API Image Resolutions for AXIS P3905-R Mk II ================================================================= Resolution Exceptions ========== ========== 1920x1080 1280x960 1280x800 1280x720 1024x768 1024x640 800x600 800x500 800x450 640x480 640x400 640x360 480x360 480x300 480x270 320x240 320x200 320x180 240x180 176x144 160x120 160x100 160x90 1400x1050 1) 1440x900 1) 1024x576 1) 768x576 1) 720x576 1) 704x576 1) 704x480 1) 704x288 1) 704x240 1) 384x288 1) 352x288 1) 352x240 1) 240x135 1) 192x144 1) 176x120 1) 80x50 1) 1) Not visible in web user interface