23.9.20.63 - October 2023, Feature

This is a recommended release.

Features

1. EX12: Add WAN Bonding support under Network → SD-WAN → WAN Bonding configuration settings [DAL-8101]

2. TX PR devices: A new Primary Responder mode has been added which, when enabled, will increase the security suitable for devices with used on the FirstNet network or similar. For example, it will prevent shell access, disable older cryptographic functions and features that are no longer considered as safe.

   For the PR devices (e.g. TX54-A146, TX54-A246, TX64-A141, TX64-A161-PR, TX64-R210-PR), this mode will be automatically enabled when updated to the 23.9.20.63 release and a FirstNet SIM is being used.

   Note that the 23.9.20.63 release will be the final PR specific DAL firmware release. Going forward the PR devices will use the same DAL firmware release as the equivalent non-PR device.

3. Added support for setting up a Wi-Fi hotspot captive portal, including integration with hotspotsystems.com, under the Network → Hotspots configuration settings [DAL-6825]

4. Support for DNS allow list which allows the user to control which domains are accessible through the device has been added. By default, all domains are allowed.

5. Added Status → Premium Features page to the web UI for locally viewing and managing subscription licenses available from Digi Remote Manager [DAL-6636]

6. Added a link to the Dashboard of the local web UI to register and add the device to Digi Remote Manager [DAL-6787]

7. Updated the layout of the Dashboard page of the web UI to combine the network interface and cellular modem details into a single Network Activity panel [DAL-7361]

8. Added MACsec (802.1ae) support and configuration options under VPN → MACsec [DAL- 6825]

9. Improved support for integration with HotspotSystems [DAL-7722]

   1. PSD2 SessGarden

   2. Login/Logout URL

   3. Configurable remote webserver FQDN

10. Added new System → Primary Responder mode setting to lock down the device to comply with AT&T FirstNet and Verizon Response Verify security options (disabled by default) [DAL-7849]

11. Added new Services → DNS → Domain allowlist configuration settings to control what domains are accessible through the Digi device (default is to allow all domains) [DAL-6741]

Enhancements

1. TX54 and LR54: The FIPS mode support has been added to these platforms.

2. The persistent files directory available in the Files tab in Digi Remote Manager have been renamed to persistent-files.

3. Added new Services → DNS → Fallback server setting to control what DNS server is used as the fallback in the event that no configured or DHCP-obtained DNS servers are available [DAL-7439]

4. Removed mention of DHCP set in System → Containers → Address help text [DAL-6453]

5. Add nrbroadband APN to the fallback list for AT&T SIMs [DAL-8038]

6. Add NFOD-INET-APN01.com.attz APN to fallback list for AT&T SIMs [DAL-8337]

7. Add fbb.home APN to fallback list for T-Mobile SIMs [DAL-8105]

8. Add iot.tmowholesale APN to fallback list for T-Mobile SIMs [DAL-8026]

9. Updated PLMN and ICCID prefix list for T-Mobile SIMs [DAL-8105]

10. Added a new DHCP option to Network → Interface → WWAN → Type configuration setting to support advertising the device’s hostname over a cellular network [DAL-7641]

11. Added new Network → Interface → IPv4 → Force link option to keep the IP network interface up even when the physical Ethernet link for that interface is down (disabled by default) [DAL-8066]

12. Added symlinks in / root directory for file system directories accessible remotely through Digi Remote Manager [DAL-7646]

13. Add serial number to SNMP MIB [DAL-7720]

14. Added new configuration settings under Services → SNMP to provide a dynamic set of properties and values to add as OIDs to the SNMP query response

15. Added new PDP context index setting when configuring an APN to control what PDP context the APN gets written to within the SIM [DAL-6573]

16. Added network.modem.modem.dhcp_relay debug setting to enable DHCP relay support within the cellular modem (disabled by default) [DAL-7312]

17. Updated the input voltage and system/CPU temperature metrics to limit the measurement to one decimal point of accuracy [DAL-7958]

18. Updated the Containers status page in the web UI to validate the name of the container file being uploaded [DAL-7617]

19. Added help text to the pop-up modem when performing modem firmware updates on the Status → Modems page in the web UI [DAL-8174]

20. Update Status → Serial web UI page to show Log button in modem emulator mode

21. Updated the System → Firmware page in the web UI and the pop-up notification in the CLI/webUI to include the build date of the firmware [DAL-8022]

22. Updated the setup of serial ports configured with remote TCP listeners to utilize the SSL version specified in the Services → Web administration → Minimum TLS version configuration setting (Default TLS v1.2) [DAL-7915]

23. Added new System → Containers → Working directory configuration setting to specify the path within the container to use an the initial working directory when starting the container [DAL-8007]

24. Renamed the title and updated the help text of the System → Containers → Clone DAL configuration setting, which is now titled Clone host system libraries [DAL-7989]

25. Improved the log messages while the cellular modem is connecting to better reflect the Surelink state and why Surelink tests were skipped [DAL-8085]

26. Add WAN Bonding status and details to support report information [DAL-8371]

27. Updated the help text for TACACS+ under Authentication config settings to note that the # character cannot be used in the TACACS secret key [DAL-8273]

28. Add #swpkgv AT command to support report for additional firmware details from Telit modems

Security fixes

The highest level vulnerability that has been fixed in this release is listed as a CVSS score of 9.8 Critical

1. Update all product firmwares to use OpenSSL version 3.0.8, including configuration setting to enable FIPS 140-2 compliance

2. Updated OpenSSH to version 9.3p2 [DAL-8097]

   1. CVE-2023-38408 (9.8 Critical)

Bug fixes

All bugs listed affect firmware versions 23.6.1.118 and older unless specified.

1. EX12: Load the appropriate carrier firmware image when using Telus or Bell Canada SIM inside an EX12, otherwise the cellular speeds of the connection would be severely reduced [DAL-8243/DAL-8396]

2. EX15/EX15W: Fixed issue preventing users from configuring an Ethernet speed other than auto [DAL-7052]

3. EX15W/EX50: Fixed missing LAN & WAN metrics reported to Digi Remote Manager [DAL-8106]

4. Fixed issue preventing modem firmware OTA updates from completing when initiated via Digi Remote Manager and the update was done over the device’s cellular connection [DAL-8333]

5. Fixed race condition where the NTP server failed to start if an active NTP sync was in progress [DAL-8122]

6. Fixed issue where Surelink fail_count metric was not reported to Digi Remote Manager when Surelink tests were passing [DAL-7975]

7. Fixed rare issue where the cellular carrier reported to DigiRM would be “0” instead of the carrier name [DAL-7924]

8. Fixed occasional issue where the device would not update Digi Remote Manager with the new firmware revision after a modem firmware update was initiated from Digi Remote Manager [DAL-7983]

9. Fixed issue where Surelink metrics weren’t reported properly to Digi Remote Manager for bridge interfaces on the device [DAL-7990]

10. Fixed issue where the cellular APN metric was not being reported to Digi Remote Manager (affects firmware versions 23.3.x through 23.6.1.105) [DAL-8055]

11. Removed meaningless warning in system logs stating that there was an invalid key for the anywhereusb service (affects firmware versions 23.6.1.x) [DAL-8000]

12. Fixed issue where the Digi device could connect with the configured APN list out of order if it had previously connected with one of the configured APNs [DAL-8335]

13. 1003-CM07 CORE modem: Fixed issue preventing failover to secondary SIM slot with EM7411 modems (affects firmware versions 23.6.1.x) [DAL-8191]

14. 1003-CM07 CORE modem: Fixed rare issue where the EM7411 and EM7511 cellular modems could initialize in the wrong mode and prevent cellular connectivity [DAL-7923]

15. Fixed issue preventing cellular connections with the secondary SIM slot if multiple network interfaces were configured per-SIM slot (affects firmware versions 23.3.x through 23.6.1.x) [DAL-8115]

16. Fixed issue where the wrong destination IP and MAC address was used for Surelink ping tests on GRE tunnels [DAL-8385]

17. Fixed issue where cellular utilization reports in Digi Remote Manager would be skewed due to the device reporting incorrect Rx/Tx data usage metrics to Digi Remote Manager (affects firmware versions 23.6.1.x) [DAL-8380]

18. Fixed issue where WPA2 mixedmode Wi-Fi client-mode connections would revert to WPAonly and prevent connection to WPA2 APs [DAL-8443]