FIRMWARE RELEASE NOTE ===================== Products affected: AXIS P3915-R-MkII Release date: 2019-01-16 Release type: Production Firmware version: 8.40.1.1 Preceding release: 6.50.3 -------------------------------------------------------------------------------- Upgrade instructions ==================== Upgrade the firmware according to the instructions given at https://www.axis.com/ca/en/support/tecnical-notes/how-to-upgrade or howtoupgrade.txt, which is included in the firmware folder. New features in 8.40.1.1 ================================================================================ 8.40.1.1:F1 The FTP Server is now disabled by default as it is not used during normal operation and may pose a security risk.The FTP Server may be enabled during advanced maintenance or troubleshooting in Settings -> System -> PlainConfig -> Network. 8.40.1.1:F2 Support for AXIS Audio Streaming Capabilities API for better handling of product supported audio streaming settings. The API allows a client to request all the product supported audio stream settings and its combinations e.g. audio codecs, sample and bit rates as well as channels. 8.40.1.1:F3 Support for Brute Force Delay Protection. The product can block a client for a period of time if too many login attempts failed. Brute Force Delay Protection can be configured under System -> PlainConfig -> System -> System PreventDoSAttack. 8.40.1.1:F4 The former user group selections for HTTPS Connection Policy (administrator, operator, viewer) have been merged to one single HTTPS Connection Policy. 8.40.1.1:F5 New web-interface with improved usability and broader support of web-clients and operating systems. For more information please see https://www.axis.com/global/en/support/technical-notes/browser-support. 8.40.1.1:F6 The new web-interface supports 12 different pre-installed languages which will be chosen automatically based on browser settings. Uploading individual language files is not needed anymore. Supported Languages: English - German - French - Spanish - Italian - Portugese - Polish - Russian - Japanese - Chinese (Mainland) - Chinese (Taiwan) - Korean 8.40.1.1:F7 Support for automatic license key installation when installing an ACAP under Settings -> Apps. 8.40.1.1:F8 The new web-interface is notifying the viewer in the Live View that the video stream lags and recommends to may refresh the browser or restart the video stream manually. However, the web-interface is automatically refreshing the video stream in case the video lag increases too much. Lagging video streams can be caused by outdated browser versions or insufficient computer performance. 8.40.1.1:F9 The following features have been added to the new web-interface: Image: - BDC (Barrell Distortion Correction) - Backfocus Configuration Settings: - SNMP Live View: - Local Video Recording to Computer - Audio Volume Controls View Areas: - Auto select best matching resolution/aspect ratio 8.40.1.1:F10 Pressing "Download the server report" in System -> Maintenance will now automatically attach a snapshot of the image to the .zip file in order to simplify support. 8.40.1.1:F11 Support for SRTP (Encrypted Video Streaming) according to RFC 3711. The cameras video stream can be received via secure end-to-end encrypted transportation method only by authorized clients. 8.40.1.1:F12 A parameter called "Enable the script editor (editcgi)" has been added to plain config -> system section to enable/disable the feature. Editcgi will be removed in future completely and function is considered deprecated. 8.40.1.1:F13 Support for Adaptive Resolution. Adaptive Resolution is enabled per default and takes only effect when viewing live stream in the web-interface. The viewing client will receive a image resolution that is adapted or close to the viewing clients real display resolution to higher the user experience. 8.40.1.1:F14 Support for Zipstream Dynamic FPS - Lower Limit Support for Zipstream Dynamic GOP - Upper Limit It is now possible to further adjust and set limits for Dynamic FPS and Dynamic GOP settings and can be configured under Stream settings -> Zipstream. 8.40.1.1:F15 Support for Flash All/Factory Default while performing a firmware update. It is now possible to select an option that will factory default the camera after a firmware update/downgrade has been performed under Settings -> System -> Maintenance. 8.40.1.1:F16 Added a link under Settings -> Apps for the user to get fast-access to information about available ACAPs on www.axis.com/products/analytics-and-other- applications. 8.40.1.1:F17 Support for Password Security Confirmation Check. To increase overall cybersecurity awareness, a user-configured password that is considered "weak" need to be confirmed actively twice by the user. 8.40.1.1:F18 Changed the default input audio gain from 30 dB to 45 dB. 8.40.1.1:F19 Changed the default setting of SRTP to disabled in order to reduce the number of ports opened by default. 8.40.1.1:F20 AXIS Video Motion Detection 4.2.4 is now pre-installed. 8.40.1.1:F21 Prepared support for signed firmware to increase overall cyber security level. It is planned that the product will only accept AXIS security-signed firmware starting in Q1/Q2 2019 and onwards. 8.40.1.1:F22 Updated Apache to version 2.4.35 to increase overall minimum cyber security level. Corrections in 8.40.1.1 ================================================================================ 8.40.1.1:C1 Corrected a bug that denied the access to the camera when AXIS Companion / Remote Access is used when web server connection policy was set to "HTTPS only". 8.40.1.1:C2 It is now possible to fast forward/rewind to any time in a selected recording using the web interface. 8.40.1.1:C3 It is now possible to encrypt SD card from Mozilla Firefox. 8.40.1.1:C4 Corrected an issue that caused the camera to stop streaming on rare occasions. 8.40.1.1:C5 Corrected an issue in the event system that prevented the camera from re-sending the SMTP notification every 10 seconds in case the receiving server reported an error. 8.40.1.1:C6 The web-interface is showing now the correct day selection of a Axis Companion configured time schedule. Previously the Sunday was unchecked every time when minimum one more day was not selected too. 8.40.1.1:C7 Corrected a issue resulting in 503 Service Unavailable when trying to play a recording from a camera with a specific time range via ONVIF. 8.40.1.1:C8 Corrected an issue with an additional sign / in the absolute upload path of an SFTP Recipient when saving the action rule causing it to not work correctly. 8.40.1.1:C9 Corrected an issue when an ONVIF client connected to the camera via digest authentication. 8.40.1.1:C10 Fixed memory leak in wsd daemon that e.g. handles ONVIF requests. 8.40.1.1:C11 Reduced the waiting time for receiving a video stream significantly when a 2nd client requests a video stream via multicast. 8.40.1.1:C12 Fixed critical vulnerability ACV-116267. 8.40.1.1:C13 The area zoom functionality has been removed from the web-interface. Area zoom was used to draw a rectangle in the live view to let the camera either mechanical or digital PTZ to its desired position. 8.40.1.1:C14 Corrected an issue that delivered E-Mails send from the camera with a wrong time stamp in the e-mail header. 8.40.1.1:C15 Corrected an issue that delivered E-Mails send from the camera with a wrong time zone in the e-mail header. 8.40.1.1:C16 Corrected an issue with FTP recipients configured with a DNS name instead of a static IP-address which caused the FTP recipient test or action rule to fail. 8.40.1.1:C17 Corrected an issue that let the recorded video to the computer using the Video Capture button be incorrectly displayed or unusable in some rare occasions. 8.40.1.1:C18 Corrected security vulnerability CVE-2016-2147 and CVE-2016-2148. 8.40.1.1:C19 Corrected critical vulnerability ACV-120444. 8.40.1.1:C20 Corrected an issue that let a configured overlay disappear when switching to Image or View Area Tab. 8.40.1.1:C21 Corrected an issue that required the user to enter login credentials when anonymous viewer is enabled. 8.40.1.1:C22 Corrected an issue that prevented trigger data to be inserted in every I-frame and when motion detection triggers. 8.40.1.1:C23 Corrected an issue that could cause noise in images in rare occasions. 8.40.1.1:C24 Corrected critical vulnerability ACV-128401. 8.40.1.1:C25 Corrected an issue that caused the image to be cut off in full screen mode in the live view when rotated 90 or 270 degrees. 8.40.1.1:C26 Corrected an issue with the AXIS event handler registration for ADP partners. 8.40.1.1:C27 Corrected an issue that caused the camera to become unreachable via link local address in the network when connecting client was in another subnet. 8.40.1.1:C28 Corrected an issue that caused the camera to become unresponsive on rare occasions when running ACAPs without specified ApplicationId. 8.40.1.1:C29 Increased user awareness when converting legacy overlays to dynamic overlays. A restart of ongoing recordings is required after overlay conversion. 8.40.1.1:C30 Corrected an issue with the Axis event handling interface when deactivating events. 8.40.1.1:C31 Added selection boxes for disabling TLSv1.0 and TLSv1.1 in Settings -> System -> PlainConfig -> HTTPS to enforce the highest possible TLS version for HTTPS-based connections. 8.40.1.1:C32 Corrected an issue in the ACAP framework that caused installed ACAPs to become unresponsive and the Apps tab not to be shown correctly. 8.40.1.1:C33 Corrected an issue that caused AXIS Perimeter Defender or SafeZoneEdge to stop working after a firmware upgrade. 8.40.1.1:C34 Corrected an issue that could cause the configuration file upload from ADM to camera to fail. 8.40.1.1:C35 Patched security vulnerability CVE-2018-5390 to increase overall minimum cyber security level. 8.40.1.1:C36 Corrected an issue that prevented the user from receiving the correct recording list in AXIS Companion in combination with view areas or multi-sensor products. 8.40.1.1:C37 Patched security vulernability CVE-2018-14526 to increase overall minimum cyber security level. 8.40.1.1:C38 Corrected an issue that prevented the user to video stream to two multicast destinations with the same port range. 8.40.1.1:C39 Corrected an issue that could cause incorrect snapshot resolutions on view areas. 8.40.1.1:C40 Updated to OpenSSL version 1.0.2p to increase overall minimum cyber security level. 8.40.1.1:C41 Patched security vulernability CVE-2018-17182 to increase overall minimum cyber security level. 8.40.1.1:C42 Patched the following security vulnerabilities to increase overall minimum cyber security level: CVE-2018-10876 - CVE-2018-10877 CVE-2018-10878 - CVE-2018-10879 CVE-2018-10880 - CVE-2018-10881 CVE-2018-10882 - CVE-2018-10883 8.40.1.1:C43 Corrected an issue that caused an HTTP-recipient based action rule to fail when the response from the server excluded the textual phrase (Example: HTTP 200). This will work now. 8.40.1.1:C44 Corrected an issue that corrupted the file integrity of a JPEG image without any further impact to the visible image quality. 8.40.1.1:C45 Corrected an issue that prevented the user from uploading a certificate that contains "Bag Attributes" before and after the actual certificate content. 8.40.1.1:C46 Corrected an issue that was showing "User Defined" or "User Defined 20000000" in the shutter list. 8.40.1.1:C47 Corrected an issue that could cause the camera to become unresponsive in rare occasions when connected to an AVHS system. 8.40.1.1:C48 Corrected security vulnerability CVE-2017-9798. 8.40.1.1:C49 Corrected an issue that made it necessary to login twice when connecting to the web-interface using Microsoft Edge. 8.40.1.1:C50 Corrected an issue that prevented the use of the whole sensor width for some aspect ratios. 8.40.1.1:C51 Corrected an issue that prevented the user from formatting SD cards and the web- interface to show incorrect information about network share status in Settings -> System -> Storage. 8.40.1.1:C52 Corrected an issue that let the I/O API respond with an incorrect port number. 8.40.1.1:C53 Corrected an issue that could cause a network share to become read-only. Known Bugs/Limitations ================================================================================ 8.40.1.1:L1 Privacys masks names that have been created in the classic web-interface may have a malformed name in the new web-interface (e.g. "Mask 0" -> "Mask%200"). 8.40.1.1:L2 Automatic License installation is temporary is missing when installing ACAPs in the new web-interface. This was possible in classic web-interface. 8.40.1.1:L3 The rotate image drop-down list is partially hidden for Internet Explorer 11. 8.40.1.1:L4 Video Streaming (MJPEG, H264) in latest Internet Explorer 11 via IPv6 does not work. Working good in Chrome, Edge, Firefox. 8.40.1.1:L5 It is recommended to refresh the browser page (F5) when a OSDI zone is deleted as the control buttons (Add, Modify, Enable/Disable, Remove) will disappear after doing so. 8.40.1.1:L6 The license expiration date of an installed ACAP is not shown when running http ://ip-address/axis-cgi/applications/list.cgi. 8.40.1.1:L7 Connecting to a camera will fail and result in "Unauthorized" message due to an bug in Microsoft Edge 40 browser. This will be corrected by Microsoft in the next version of Edge 41. 8.40.1.1:L8 An overlay text (e.g. date/time modifier) that has been configured in the classic web-interface will be still shown in the new web-interface even though a user might have disabled the overlay text there after firmware update. A user need to disable the overlay text in the Plain config. Untick the checkboxes for Image Ix Text -> ClockEnabled and DateEnabled. 8.40.1.1:L9 Zooming using the mouse wheel does not work in LiveView. 8.40.1.1:L10 The following "[Object object]" is shown when the user types a text into the overlay text box and presses then "More". The user may continue by removing that text and continues the configuration of the overlay text. Will be fixed in 7.40.1. 8.40.1.1:L11 Sound is chopping heavily when using AAC 16kHz in Firefox v55.0.3. Does not happen in Chrome, IE11 or Edge. 8.40.1.1:L12 When the camera is restored, the time zone is not saved meaning that it will be set to GMT 0. 8.40.1.1:L13 There is only one available pre-installed audio clip (Camera clicks). 8.40.1.1:L14 When upgrading the camera, the maximum resolution could be incorrect. 8.40.1.1:L15 It is recommend to refresh the browser with F5 after doing a FW upgrade from FW 6.xx to 8.xx or higher in order to show all the new settings in the web- interface. 8.40.1.1:L16 The help text for the Leveling guide is missing. 8.40.1.1:L17 When setting exposure zone assure that rotation is set to 0 degrees. After completed exposure zone configuration, set rotation to a desired value. Supported AXIS VAPIX API Image Resolutions for AXIS P3915-R-MkII ================================================================================ Resolution Exceptions ========== ========== 1920x1080 2) 1280x720 800x450 640x360 480x270 320x180 1280x960 1) 2) 1024x768 1) 2) 1024x640 1) 3) 1024x576 1) 800x600 1) 768x576 1) 720x576 1) 704x576 1) 704x480 1) 640x480 1) 640x400 1) 3) 704x288 1) 480x360 1) 704x240 1) 480x300 1) 3) 384x288 1) 352x288 1) 352x240 1) 320x240 1) 320x200 1) 3) 240x180 1) 240x135 1) 3) 192x144 1) 176x144 1) 176x120 1) 160x120 1) 160x100 1) 3) 160x90 1) analyze 1) 80x50 1) 3) 1) Not visible in web user interface 2) 1080p 3) 720p