

FIRMWARE RELEASE NOTE
======================

Products affected: AXIS Q3708-PVE

Release date:      2024-02-14

Release type:      Production

Firmware version:  6.55.10

Preceding release: 6.55.9

--------------------------------------------------------------------------------

Upgrade instructions
====================

Upgrade the firmware according to the instructions given at
https://www.axis.com/ca/en/support/technical-notes/how-to-upgrade
or howtoupgrade.txt, which is included in the firmware folder.

NOTE
====================

For latest information about Axis Cybersecurity, see
https://www.axis.com/se/sv/support/product-security.


Corrections in 6.55.10 since 6.55.9
=======================================
6.55.10:C01
Updated Apache to version 2.4.58 to increase the overall cybersecurity level.

6.55.10:C02
Netd Service now preserves the static resolver configuration even
after a soft restore, safeguarding static DNS/Search domain settings.

6.55.10:C03
Addressed CVE-2024-0054. For more information, please visit the Axis
vulnerability management portal.

6.55.10:C04
Updated curl to version 8.4.0 to increase overall cybersecurity level.

6.55.10:C05
Corrected CVE-2023-21418. For more information, please visit the Axis
vulnerability management portal.

6.55.10:C06
Updated OpenSSL to version 1.1.1w to increase overall cybersecurity level.

6.55.10:C07
Corrected CVE-2023-21415. For more information, please visit the Axis
vulnerability management portal.

6.55.10:C08
Resolved an issue where the respawn daemon incorrectly managed
restarts for ACAP services, notably in situations with multiple acaps
running simultaneously.

6.55.10:C09
Added proxy configuration support to the Owner Authentication Key
(OAK) cgi using group root.RemoteService, simplifying setup on
networks requiring proxy servers for Internet access and improving the
authentication process.

6.55.10:C10
Added support for a second client certificate.

6.55.10:C11
Corrected an issue affecting some O3C clients, that caused internal
authentication requests to fail after a few days of uptime.

6.55.10:C12
Disabled secure redirects from other network hosts
net.ipv4.conf.all.secure_redirects &
net.ipv4.conf.default.secure_redirects to increase overall minimum
cybersecurity level.

6.55.10:C13
Corrected CVE-2018-25032.

6.55.10:C14
Corrected an issue where 802.1X would not trust the intermediate
certificate authority (CA).

6.55.10:C15
Updated wpa-supplicant to version 2.10 to increase overall minimum
cybersecurity level.

6.55.10:C16
Receiving ICMP redirects from other network hosts are now disabled to
increase overall minimum cybersecurity level.

6.55.10:C17
Corrected an issue with uploading RSA certificate with PKCS#8
formatted private keys.

6.55.10:C18
Corrected an issue that caused the Send images event to stop uploading
towards a FTP server when the filename included a space (" ").

6.55.10:C19
Improved handling of empty recordings.

6.55.10:C20
Corrected CVE-2019-15916.

6.55.10:C21
Corrected CVE-2020-13848.

6.55.10:C22
Corrected CVE-2021-29462.


Corrections in 6.55.9 since 6.55.8
=======================================

6.55.9:C01
Extended the 802.1x EAP-Identity field character limit from 32 to 128
characters.

6.55.9:C02
Updated Apache to version 2.4.48 to increase overall cybersecurity level.

6.55.9:C03
Corrected CVE-2021-31987.

6.55.9:C04
Updated OpenSSL to version 1.1.1l to increase
overall minimum cybersecurity level.

6.55.9:C05
Corrected CVE-2019-12450.

6.55.9:C06
Corrected CVE-2021-31986.

6.55.9:C07
Updated curl to version 7.78.0 to
increase overall cybersecurity level.

6.55.9:C08
Corrected an issue that caused video clients such as VLC to not
display a low-FPS video stream due to missing base FPS info in VUI
timing info.

6.55.9:C09
Corrected CVE-2021-27219

6.55.9:C10
Corrected CVE-2021-27218.

6.55.9:C11
Corrected CVE-2021-31987.

6.55.9:C12
Updated OpenSSH to version 8.6p1 to
increase the overall minimum cybersecurity level.

6.55.9:C13
Corrected CVE-2021-31988.

6.55.9:C14
Capture Alignment now works via the web user interface again.


Known Bugs/Limitations
================================================================================

6.55.10:L1
WDR Forensic Capture is only possible when the Exposure control setting is set
to Automatic. Any settings done in non WDR Forensic Capture mode will be
invisible when in WDR Forensic Capture mode.

6.55.10:L2
Capture Alignment adjustments may cause a sensor to display the wrong colors.
It should be corrected by the exposure algorithm after a short period.

Supported AXIS VAPIX API Image Resolutions for AXIS Q3708-PVE
================================================================================

Resolution  Exceptions
==========  ==========

2560x1920   3)
2560x1440   2)
1920x1080   2)
1600x1200   3)
1280x960    3)
1280x720    2)
1024x768    3)
800x600     3)
800x450     2)
640x480     3)
640x360     2)
480x360     3)
480x270     2)
320x240     3)

768x576     1) 3)
704x576     1)
704x480     1)
384x288     1) 3)
352x240     1)
176x144     1)
176x120     1)
80x60       1)

1) Not visible in web user interface
2) QHD 2560x1440 (16:9)
3) 5 MP 2560x1920 (4:3)