FIRMWARE RELEASE NOTE ====================== Products affected: AXIS Q3709-PVE Network Camera Release date: 2024-03-22 Release type: Production Firmware version: 5.75.1.13 Preceding release: 5.75.1.12 -------------------------------------------------------------------------------- Upgrade instructions ==================== Upgrade the firmware according to the instructions given at https://www.axis.com/ca/en/support/technical-notes/how-to-upgrade or howtoupgrade.txt, which is included in the firmware folder. NOTE ==================== For latest information about Axis Cybersecurity, see https://www.axis.com/se/sv/support/product-security. Corrections in 5.75.1.13 since 5.75.1.12 ========================================= 5.75.1.13:C01 Updated OpenSSL to version 1.1.1w to increase overall cybersecurity level. 5.75.1.13:C02 Updated CURL to version 8.5.0 to increase overall cybersecurity level. 5.75.1.13:C03 Updated Apache to version 2.4.58 to increase overall minimum cyber security level. 5.75.1.13:C04 Update libssh2 to version 1.9.0 to increase overall minimum cyber security level. This update includes correction for CVE-2019-13115. 5.75.1.13:C05 Corrected an issue that changed the IDs of certificates to numbers instead of keeping the original name. 5.75.1.13:C06 Added Perfect Forward Secrecy ciphers (DHE-RSA) to the ciphers selection. 5.75.1.13:C07 Updated wpa-supplicant to version 2.9 to increase overall cyber-security. The following security vulnerabilites are included: CVE-2019-13377 CVE-2019-16275. 5.75.1.13:C08 Patched security vulernability CVE-2018-14526 to increase overall minimum cyber security level. 5.75.1.13:C09 TLS1.0 and TLS1.1 are now disabled by default. 5.75.1.13:C10 Added support for TLSv1.3. 5.75.1.13:C11 Updated Mozilla ca-certificates to versions available at 20190122. 5.75.1.13:C12 Updated OpenSSH to version 7.9p1 to increase the overall minimum cybersecurity level. 5.75.1.13:C13 Addressed CVE-2024-0054. For more information, please visit the Axis vulnerability management portal. 5.75.1.13:C14 Corrected an issue that caused the Send images event to stop uploading towards a FTP server when the filename included a space (" "). Corrections in 5.75.1.12 since 5.75.1.11 ========================================= 5.75.1.12:C01 Corrected CVE-2021-31987. Corrections in 5.75.1.11 since 5.75.1.10 ========================================= 5.75.1.11:C01 Removed the root users default password in factory defaulted firmware. The password of the root user must be set first in order to initialize VAPIX and ONVIF interfaces to allow further configuration. This change only affects products in its factory defaulted state, products that are already deployed in production systems are not affected by this update until factory defaulted. Corrections in 5.75.1.10 since 5.75.1.9 ======================================== 5.75.1.10:C01 The Network Time Protocol (NTP) has been switched to OpenNTPD (version 3.9p1) to improve the reliability of the NTP clock synchronization, especially when using Windows (w32tm) NTP server. Corrections in 5.75.1.9 since 5.75.1.8 ====================================== 5.75.1.9:C01 Corrected critical vulnerability ACV-128401. Known Bugs/Limitations ====================== 5.75.1.11:L1 QuickTime does not work with IE11 or Chrome. 5.75.1.11:L2 AMC and H.264 decoder does not install after Security Update for IE (KB3058515). Workaround: Add the camera site to "trusted sites" and make sure the "protected mode" checkbox is unticked. 5.75.1.11:L3 Firefox web browser does not work well with Q3709-PVE 5.75.1.11:L4 IE9 does not work with Q3709-PVE 5.75.1.11:L5 Java does not work with IE11 or Chrome Workaround: Use IE11 and AMC 5.75.1.11:L6 Q3709-PVE only supports global text overlays 5.75.1.11:L7 Accessing Q3709-PVE requires three authentications. 5.75.1.11:L8 Orientation in ACC is shifted Workaround: Manually change the order in configuration workspace. 5.75.1.11:L9 It is only possible to get motion detection level feedback from the currently accessed channel. 5.75.1.11:L10 Sometimes Guard Tour fail to be created when using IE11 Workaround: Use Chrome. 5.75.1.11:L11 Shapshot is not by default included in the AMC left click menu. Workaround: Go to live view config page and check "Show snapshot button" 5.75.1.11:L12 Some Exposure settings show no difference Workaround: Use custom exposure window 5.75.1.11:L13 It is not recommended to have a video stream running while changing capture mode. If no new video streams can be fetched after doing so, the camera must be restarted. 5.75.1.11:L14 Firmware upgrade done the web GUI sometimes fail with IE if HTTPS is used. Workaround: Use Chrome 5.75.1.11:L15 Text overlay looks bad using 2992x1680 resolution. 5.75.1.11:L16 Installing certificates give error messages even if they are successfully installed. 5.75.1.11:L17 Using 802.1x connected to a switch without Multi-Auth capability can make a boot take significantly longer and produce some error messages in the logs. The product does recover and functions as intended. APPLICATION DEVELOPER Information ================================= The AXIS VAPIX Application Programming Interface version 3 is supported by this product. For more information please refer to the AXIS VAPIX HTTP API specification version 3 part of the AXIS VAPIX API available at www.axis.com. Supported AXIS VAPIX API Image Resolutions Resolution Exceptions ========== ========== 3840x2880 2) 3840x2160 1) 1920x1080 1) 1600x1200 2) 1280x960 2) 1280x720 1) 1024x768 2) 800x600 2) 800x450 1) 768x576 3) 640x480 2) 640x360 1) 480x360 2) 320x240 2) 1) Only visible in 16:9 capture modes 2) Only visible in 4:3 capture modes 3) Not visible in web user interface