22.5.50.62 - June 2022, Feature

Release category: Mandatory

New features

  1. Serial PPP dial-in mode for handling AT-based connection requests from a device connected to a serial port and providing IPv4 networking to the device [DALP-880]

  2. New NetworkSCEP Client settings and underlying functionality to support connecting to additional SCEP servers, including Fortinet FortiAuthenticator, DigiCert, EJBCA, and Windows server [DALP-1007, DALP-1022]

  3. New show scep Admin CLI command for showing the sync status, expiration dates, and additional details of any configured SCEP clients [DAL-6069]

  4. Support for enabling add-on features from Digi Remote Manager [DALP-673]

  5. EX12/EX15/EX50: Containerized python environment is now available. To enable python support on your EX15/EX50 device running 21.11.60.63 or newer firmware, you must update to 22.5.50.62 firmware and install a Python container live image. See the linked knowledgebase article here

  6. EX15/EX15W/EX50/IX20/IX20W/IX30/TX54/TX64: New NetworkSD-WANWAN Bonding add-on feature via Digi Remote Manager for bonding multiple outbound Internet connections together for increased maximum throughput or data redundancy [DALP-108]

  7. EX50: New 5G slice support under NetworkModemsDefault slice information for configuring the slice type to set in the 5G modem [DAL-5973]

  8. IX10: Support for the Fibocom FM101-CG-20 cellular module [DALP-974]

  9. IX10: Support for the Telit ME310G1-W1 cellular module [DALP-986]

Enhancements

  1. Remove time.accns.com from default list of NTP servers unless Central managementService is set to aView at the time of updating firmware from version 22.2.9.85 or older [DAL-5543]

  2. Added new system.log.persistent_path configuration setting to specify where system logs are stored locally, which could be on the device or to an external storage (e.g. USB flash drive, SD card, etc) [DALP-946]

  3. New ServicesLocationDestination serversBehavior when fix is invalid setting to control the NMEA message content sent when there is no valid fix from any of the configured location sources [DAL-5984]

  4. Improved the message shown on the SystemConfiguration Maintenance page of the web UI if an error is encountered when restoring from a backup config file [DAL-6141]

  5. Include the hostname of the device in the client .ovpn file listed on the StatusOpenVPNServers page in the web UI [DAL-6157]

  6. Add support for the CP210X serial driver for connecting to Cisco USB console ports [DAL-6119]

  7. Filter out non-Internet type APNs from our APN fallback list [DAL-6227]

  8. Automatically power cycle the cellular modem in the event that a modem reset Surelink action fails [DAL-6268]

  9. Enable Surelink reset_modem action by default on cellular interfaces and set fail count to 3 [DAL-6275]

  10. Add cellular APN and cellular connection duration as datapoints sent to DigiRM [DAL-5902]

  11. Ensure modem is in enabled state before attempting to connect [DAL-6163]

  12. Omit non-production modem firmware from the OTA query results in the StatusModems page of the web UI [DAL-6301]

  13. An issue with the default Wi-Fi AP SSIDs being too long on the TX64 Rail platform has been resolved. [DAL-6329]

  14. EX50: Improved EX50 cellular throughput by integrating NSS acceleration drivers [DAL-5692]

  15. IX30: Power off serial port when not enabled [DAL-5991]

  16. IX30: Power off the Ethernet ports when not enabled [DAL-6063]

  17. TX: The SCEP client support has been enhanced to work with a wider range of SCEP servers. The following SCEP servers have been tested:

    • Fortinet FortiAuthenticator

    • DigiCert

    • EJBCA

    • Windows Server

    A new show scep CLI command has been added to display the status of the configured SCEP clients.

  18. TX: The Wi-FI Scanner functionality has been updated to allow the Wi-Fi Scanner results to be pushed to one or more remote servers using a TCP or HTTP connections.

  19. TX64: 5G slicing support for a single slice has been added to the TX64 5G platforms.

Bug fixes

The below bugs are all present on firmware versions 22.2.9.85 and older unless otherwise specified

  1. Fixed issue preventing Telit LE910 family of modems from registering after changing APNs without a reboot [DAL-5971, DAL-6016, DAL-5203]

  2. Fixed issue preventing connectivity with fast.t-mobile.com T-Mobile SIMs when used with a Quectel modem. Use PDP context 1 for connections on Quectel modems with T-Mobile SIMs [DAL-6401, DAL-5930]

  3. Fixed issue where modem-based Location source would sometimes not report properly due to an initialization timing error with the modem [DAL-6163]

  4. Fixed issue where an IPsec tunnel fails to re-establish the tunnel if SAs are deleted after phase 1 re-authentication [DAL-4959]

  5. Fixed issue where the connection to Digi Remote Manager would delay up to 15 minutes before refreshing to use the active main Internet connection in the event of a network failover or failback [DAL-6164]

  6. Fixed issue where OpenVPNAdvanced optionsOpenVPN parameters text box was limited to 64 characters when synced with Digi Remote Manager. The new limit is now 64,000 characters [DAL-6002]

  7. Fixed issue preventing OpenVPN server from authenticating clients with an external LDAP/TACACS+/RADIUS server [DAL-6159]

  8. Fixed broken Go to Digi Remote Manager link in the local web UI [DAL-6088]

  9. Fixed issue preventing LDAP external authentication for SSH and Telnet session [DAL-6098]

  10. Fixed typo in description of container delete CLI command [DAL-5956]

  11. Fixed output of show containers Admin CLI command to list all containers on the filesystem, not just those linked to configuration settings [DAL-5958]

  12. Fixed issue where the show location output in the Admin CLI could include an incorrect timestamp if the configured location server(s) had a non-UTC timezone set

  13. Fixed issue preventing NetworkInterfacesMAC address allowlist from implicitly denying access to devices not in the allowlist [DAL-6001]

  14. Fixed Invalid lookup path for : network.interface error when running cfg.get("network.interface") in the digidevice.config python module [DAL-6005]

  15. Fixed issue where TAIP messages would have the incorrect timestamp if the timezones between the device and server were different [DAL-6335]

  16. IX10/IX30: Fixed bug where RTS toggle config setting would be applied in RS-485 serial mode, which should only be used in RS-232 mode [DAL-5990]

Security fixes

The highest level vulnerability that has been fixed in this release is listed as a CVSS score of 9.8 Critical

  1. Update to OpenSSL 1.1.1o (CVE-2022-0778, CVE-2022-1292) [DAL-6035]

  2. Update to linux kernel 5.17 [DAL-6081]

  3. Patch for “dirty pipe” vulnerability in Linux kernel (CVE-2022-0847) [DAL-5981]

  4. Update gcc to version 11.2 and binutils to version 2.37 (CVE-2019-15847, CWE-331, CVE-2018-12886, CWE-209, CVE-2002-2439, CWE-190) [DAL-5444]

  5. Update openvpn to version 2.5.6 (CVE 2022-054) [DAL-6229]

  6. EX50: Update to OpenSSL 3.0.3 to enable FIPS 140-2 support [DALP-738]

  7. TX64: The OpenSSL package on the TX64 has been updated to 3.0.2.

  8. TX54/LR54: The OpenSSL package on the TX54 and LR54 platforms has been updated to 1.1.1o. [DAL-6303]