24.12.153.120 - February 2025

Release category: Mandatory

Enhancements

  1. The DRM Query State support has been updated with the following groups added: Wi-Fi, SureLink, Routing, IPsec, Location, Serial, DHCP, ARP, Containers, WAN Bonding, SCEP, NTP, Watchdog

  2. Support for Modem firmware bundles has been added. Updating the modem with a firmware bundle will mean the modem will have the latest firmware version for all carriers.

  3. The Primary Responder (PR) mode support has been updated with the following changes

    • Configuration restores are now prevented when in PR mode.

    • The external USB and Serial ports are now disabled by default when PR mode is enabled.

    • They can be re-enabled by the user as required.

  4. Support for configuring BGP Route Maps has been added.

  5. The system log support has been updated to allow the user to select between the device’s MAC address, IP address or hostname to be included in the log messages. By default, the MAC address is used.

  6. A new system custom-default-config CLI command has been added to allow the user to set and remove custom default configuration that will be used if the device is factory defaulted. There are three options

    • current - Install the current configuration as a custom-default-config.bin file.

      file - Set up a backup file as a custom-default-config.bin.

      remove - Remove the current custom-default-config.bin and SHA file.

  7. The system description, location and contact information will be displayed on the Web UI Dashboard if configured.

  8. The title and help text for the SureLink Override parameter has been updated to make it clearer as to its functionality.

  9. The Serial Port Exclusive setting has been renamed to Serial Port Sharing to help reduce confusion with the RealPort Exclusive setting.

  10. The mettel APN has been added to the built-in APN list.

Security fixes

Package updates will include all security updates for the stated release, unless stated otherwise.

  1. The Linux kernel has been updated to v6.12 [DAL-10545]

  2. The OpenSSL package has been updated to v3.4.0 [DAL-10456]

  3. The Python support has been updated to v3.13 [DAL-10024]

    CVE-2024-4030 CVSS Score: 7.1 High

    CVE-2023-40217 CVSS Score: 5.3 Medium

  4. The WPA Supplicant and Hostapd packages have been updated to v2.11 [DAL-10498]

    CVE-2023-52160 CVSS Score: 6.5 Medium

  5. The PAM RADIUS support has been updated to mitigate the BlastRADIUS exploit. [DAL-9850]

    CVE-2024-3596 CVSS Score: NVD assessment not yet provided.

  6. The Telnet support has been updated to mitigate a CVE. [DAL-10497]

    CVE-2020-10188 CVSS Score: 9.8 Critical

  7. The ShellInABox package has been updated to v2.20.1 [DAL-10586]

  8. The ncurses package has been updated to v6.5 [DAL-10166]

  9. The stunnel package has been updated to v5.73 [DAL-10203]

  10. The IPerf service has been updated to have the Internal, Edge, IPsec and Setup zones enabled by default in the ACL. [DAL-10340]

  11. The NTP service has been updated to have the Internal, Edge, IPsec and Setup zones enabled by default in the ACL. [DAL-10528]

  12. The serial log filename configuration has been changes to be a relative path to help prevent path traversal attacks. [DAL-8650]

  13. The use of unsafe-inline in the Web UI was removed. [DAL-10363]

Bug fixes

  1. An issue when attempting to connect Digi Remote Manager using a domain proxy has been resolved. [DAL-10596]

  2. An issue where the preferred SIM was not being used after the device has booted has been resolved. [DAL-10823]

  3. An issue with Dual APN support on Verizon has been resolved. [DAL-10715]

  4. An issue with the maintenance window not working correctly has been resolved. [DAL-10890]

  5. An issue with the file upload from the Digi Remote Manager has been resolved. [DAL-10898]

  6. The following issues with the Query State support have been resolved

    • The reboot count has been added to the System group. [DAL-10552]

    • The disconnect count has been added to the Ethernet group. [DAL-10551]

    • The RX and TX packet counts, 4G signal percentage and the 5G signal percentage and strength has been added to the Cellular group. [DAL-10550]

    • The Cellular firmware status having an invalid value. [DAL-10747] • The Cellular firmware carrier status causing an error. [DAL-10410]

    • The Cellular state has changed to “Connected” and “Not Connected” to be consistent with the Web UI and CLI. [DAL-10178]

    • The backup SIM not showing as “Not Present” when there are no SIM in both slots. [DAL-10152]

    • An issue where inconsistent SIM information was being returned in the Query State Cellular group has been resolved. [DAL-10849]

    • The DRM connection device was not set in the Query State response when in Passthrough mode. [DAL-10563]

    • The Ethernet ports being in a strange order. [DAL-10323]

    • The query state information is now resynced when the system time is set. [DAL-10689]

    • The system group not having valid disk information has been resolved. [DAL-10820]

    • The cellular group taking up to 90 seconds to gather the cellular information has been resolved. [DAL-10783]

  7. An issue with the setting of the system time that could cause the health metrics from being reported has been resolved. [DAL-10790]

  8. An issue with the new EDP client exposing the /opt/boot, /opt/config and /opt/log directories has been resolved. [DAL-10702]

  9. The Wi-Fi status page in the Web UI has been updated to correctly display the signal strength of connected Wi-Fi clients. [DAL-10732]

  10. An issue where the Ethernet statistics being reported in the metrics were those of the LAN bridge device rather than the individual Ethernet port has been resolved. [DAL-10555]

  11. An issue where a firmware update file was not being deleted if an update via Digi Remove Manager failed leaving a shortage of space on the device has been resolved. [DAL-10632]

  12. The following issues with the the Configuration Rollback support have been resolved

    1. The set_setting response not including the rollback_uuid. [DAL-10375, DAL-10377]

    2. The device not validating that the max_wait is greater than the min_wait. [DAL-10376]

  13. An issue where the modem emulation mode could lock up if a connection attempt failed has been resolved. [DAL-10757]

  14. An issue where spurious characters would be displayed with the show wan-bonding command has been resolved. [DAL-10359]

  15. An issue with DAL REST API not terminating the HTTP header correctly has been resolved. [DAL-10744]

  16. An issue with the SNMP support where a missing privacy password configuration could prevent the SNMPv3 user to work has been resolved. [DAL-10857]

  17. Various issues with the Web UI serial page have been resolved. [DAL-10733, DAL-10833, DAL-10834]

  18. A check has been added to the EX50 prevent the access technology from being set when using Verizon with the Quectel RM520N-GL cellular modem.

  19. An issue with the show wireguard verbose command has been resolved. [DAL-10889]

  20. An issue where the Web UI log out was not working with on some Web UI pages has been resolved. [DAL-10315]

  21. An issue with the RSTP service not stopping when disabled has been resolved. [DAL-10903]

  22. An issue with downloading logs via Digi Remote Manager has been resolved. [DAL-10947]

  23. An issue with location information not being uploaded when the device connects to Digi Remote Manager. [DAL-10930]

  24. IX30: The IX30 picture on the firmware update page in the Web UI has been updated. [DAL-10504]

  25. IX40: An issue where the PLMNID was being reported as DATA ONLY on the IX40 4G has been resolved. [DAL-10576]

  26. TX40: An issue with the TX40 Wi-Fi support when configuring two access points on the same band may not always initialize correctly has been resolved. [DAL-10549]

  27. TX40: An issue with the TX40 5G platforms not returning a TAC when in 5G NSA mode has been resolved. [DAL-10393]

  28. TX40: An issue with the system find-me command on the TX40 where not all of the LEDs would flash has been resolved. [DAL-10658]

  29. TX40: An issue where the PLMNID was being reported as DATA ONLY on the TX40 4G has been resolved. [DAL-10576]

  30. TX64: An issue with the show manufacture CLI command on the TX64 has been resolved.

  31. TX64: An issue that was have causing ‘missing ]’ to be output on the TX64 serial port has been resolved.

Deprecation

  1. The Python support has been removed from the IX20, IX20W and IX30 platforms due to firmware size issues.

    Python support is now available using a Python live image that can be downloaded from Digi Remote Manager or via the Web UI.

    See the knowledge base article Python on EX/IX/Connect IT series Digi Devices for more information about how to load the Python live image. [DAL-10511]