23.12.1.56 - December 2023, Feature

Release category: Mandatory

New features

  1. Support for linking OSPF routes through a DMVPN tunnel has been added.

    1. A new configuration option Point-to-Point DMVPN has been added to Network > Routes > Routing services > OSPFv2 > Interface > Network parameter.

    2. A new configuration parameter redirect has been added to the Network> Routes > Routing services > NHRP > Network configuration.

  2. Support for the Rapid Spanning Tree Protocol (RSTP) has been added.

  3. Support for device initiated RealPort connections has been added.

  4. TX54: Support for configuring the TX54 Ignition Sense as a digital input has been added.

Enhancements

  1. A new option After has been added to the Network > Modems Preferred SIM configuration to prevent a device from switching back to the preferred SIM for the configured amount of time.

  2. The WAN Bonding support has been updated

    1. New options have been added to the Bonding Proxy and Client devices configuration to direct traffic from specified network through the internal WAN Bonding Proxy to provide improved TCP performance through the WAN Bonding server.

    2. New options have been added to set the Metric and Weight of the WAN Bonding route which can be used to control the priority of the WAN Bonding connection over other WAN interfaces.

    3. EX50: The EX50 CPU settings have been updated to improve WAN Bonding performance.

  3. A new DHCP server option to support BOOTP clients has been added. It is disabled by default.

  4. Support for recognizing USB-based CAN serial adaptors from Canable and ValueCAN has been added.

  5. The status of Premium Subscriptions has been added the System Support Report.

  6. A new object_value argument have been added to the local Web API that can be used to configure a single value object.

  7. The SureLink actions Attempts parameter has been renamed to the SureLink Test failures to better describe its use.

  8. A new vtysh option has been added to the CLI to allow access to the FRRouting integrated shell.

  9. A new RealPort option has been added to control the minimum TLS version that can be used.

  10. A new modem sms command has been added to CLI for sending outbound SMS messages.

  11. A new Authentication > serial > Telnet Login parameter to been added to control whether a user must supply authentication credentials when opening a Telnet connection to direct access a serial port on the device.

  12. The OSPF support has been updated to support the setting the Area ID to an IPv4 address or a number.

  13. The mDNS support has been updated to allow a maximum TXT record size of 1300 bytes.

  14. The migration of the SureLink configuration from 22.11.x.x or earlier releases has been improved.

  15. A new SystemAdvanced watchdogFault detection testsModem check and recovery configuration setting has been added to control whether the watchdog will monitor the initialization of the cellular modem inside the device and automatically take recovery actions to reboot the system if the modem doesn’t initialize properly (disabled by default)

  16. The EX15 and EX15W bootloader has been updated to increase the size of the kernel partition to accommodate larger firmware images in the future. Devices will need to be updated to the 23.12.1.56 firmware before updating to newer firmware in the future.

  17. EX50: Configuration parameters for the EX50 Ethernet speed and duplex settings have been added.

  18. IX40: 5G slicing is now supported on the IX40.

  19. TX40: The maximum of number of Wi-Fi clients supported on the TX40 has been increased to 16.

Security fixes

  1. The Linux kernel has been updated to version 6.5 [DAL-8325]

  2. An issue with sensitive SCEP details appearing the SCEP log has been resolved. [DAL-8663]

  3. An issue where a SCEP private key could be read via the CLI or Web UI has been resolved. [DAL-8667]

  4. The musl library has been updated to version 1.2.4 [DAL-8391]

  5. The OpenSSL library has been updated to version 3.1.3 [DAL-8447]

    CVE-2023-4807 CVSS Score: 7.8 High

    CVE-2023-3817 CVSS Score: 5.3 Medium

  6. The OpenSSH package has been updated to version 9.5p1 [DAL-8448]

  7. The curl package has been updated to version 8.4.0 [DAL-8469]

    CVE-2023-38545 CVSS Score: 9.8 Critical

    CVE-2023-38546 CVSS Score: 3.7 Low

  8. The frrouting package has been updated to version 9.0.1 [DAL-8251]

    CVE-2023-41361 CVSS Score: 9.8 Critical

    CVE-2023-47235 CVSS Score: 7.5 High

    CVE-2023-38802 CVSS Score: 7.5 High

  9. The sqlite package has been updated to version 3.43.2 [DAL-8339]

    CVE-2022-35737 CVSS Score: 7.5 High

  10. The netif, ubus, uci, libubox packages have been updated to OpenWRT version 21.02 [DAL-7749]

Bug fixes

  1. An issue with DMVPN that cause NHRP routing through tunnels to Cisco hubs to be unstable has been resolved. [DAL-8668]

  2. An issue that prevented the handling of incoming SMS message from Digi Remote Manager has been resolved. [DAL-8671]

  3. An issue that could cause a delay in connecting to Digi Remote Manager when booting up has been resolved. [DAL-8801]

  4. An issue with MACsec where the interface could fail to re-establish if the tunnel connection was interrupted has been resolved. [DAL-8796]

  5. An intermittent issue with the SureLink restart-interface recovery action on an Ethernet interface when re-initializing the link has been resolved. [DAL-8473]

  6. An issue that prevented the Autoconnect mode on a Serial port from reconnecting until the timeout had expired has been resolved. [DAL-8564]

  7. An issue that prevented IPsec tunnels from being established through a WAN Bonding interface have been resolved. [DAL-8243]

  8. An intermittent issue where SureLink could trigger a recovery action for an IPv6 interface even if no IPv6 tests were configured has been resolved. [DAL-8248]

  9. An issue with SureLink custom tests has been resolved. [DAL-8414]

  10. An issue with LDAP authentication not working when LDAP is the only configured authentication method has been resolved. [DAL-8559]

  11. An issue where local non-admin user passwords were not migrated after enabling Primary Responder mode has been resolved. [DAL-8740]

  12. An issue where a disabled interface would show received/sent values of N/A in the Web UI Dashboard has been resolved. [DAL-8427]

  13. An issue that prevented users from manually registering some Digi router types with Digi Remote Manager via the Web UI has been resolved. [DAL-8493

  14. An issue where the system uptime metric was reporting an incorrect value to Digi Remote Manager has been resolved. [DAL-8494]

  15. An intermittent issue with migrating IPsec SureLink setting from devices running 22.11.x.x or earlier has been resolved. [DAL-8415]

  16. An issue where SureLink was not reverting the routing metrics when failing back on an interface has been resolved. [DAL-8887]

  17. An issue where the CLI and Web UI would not show the correct networking details when WAN Bonding was enabled has been resolved. [DAL-8866]

  18. An issue with the show wan-bonding CLI command has been resolved. [DAL-8899]

  19. An issue that prevent devices from connecting to Digi Remote Manager over a WAN Bonding interface has been resolved. [DAL-8882]

  20. An issue where Digi Remote Manager would display an incomplete firmware version for the EG25-G modem has been resolved. [DAL-7108]

  21. An issue with serial modbus connections that cause incoming Rx responses from a serial port configured in ASCII mode if the reported length of the packet didn’t match the received length of the packet to be dropped has been resolved. [DAL-8696]

  22. EX50: An issue on the EX50 where the details of connected Wi-Fi clients where not being displayed in the CLI or Web UI. [DAL-4987]

  23. EX15/EX15W: A rare issue on the EX15 and EX15W where the modem could get into an unrecoverable state unless the device or modem was power cycled has been resolved. [DAL-8123]

  24. EX50: An issue on the EX50 where DHCP reply packets could be dropped on a network bridge interface has been resolved. [DAL-8462]

  25. EX50: An issue on the EX50 preventing it from establishing client-mode Wi-Fi connections has been resolved. [DAL-7592]

  26. IX40: An issue where the IX40 WWAN LED should show an incorrect status for dual-APN configurations has been resolved. [DAL-8439]

  27. IX40/TX40: An issue with the IX40/TX40 5G unit not connecting to the Orange network in France has been resolved. [DAL-8512]

  28. TX54: An issue with TX54 Ethernet connectivity with Axoim devices has been resolved. [DAL-8499]

  29. TX54: An issue with the Primary Responder (PR) mode not automatically enabling on some TX54 SKUs has been resolved. [DAL-8740]

  30. TX64: An issue where the wrong modem type was being reported to Digi Remote Manager for the TX64 5G wwan2 interface has been resolved. [DAL-8893]

Deprecation

  1. EX12/EX15/EX15W: The network routing services (e.g. OSPF, BGP) that are provided by the frrouting package have been removed from the EX12, EX15 and EX15W devices.

  2. EX12: WAN Bonding has been removed from the EX12 firmware.