FIRMWARE RELEASE NOTE
======================

Products affected: Q6154-E

Release date:      2019-08-26

Release type:      Production

Firmware version:  8.40.3

Preceding release: 8.40.2.2

--------------------------------------------------------------------------------

Upgrade instructions
====================

Upgrade the firmware according to the instructions given at
https://www.axis.com/ca/en/support/tecnical-notes/how-to-upgrade 
or howtoupgrade.txt, which is included in the firmware folder.

NOTE
====================

For latest information about Axis Cybersecurity, see
https://www.axis.com/se/sv/support/product-security.


Corrections in 8.40.3 since 8.40.2.2
=====================================

8.40.3:C01
General minor improvements to the 8.40 LTS platform.

8.40.3:C02
Removed the root users default password in factory defaulted firmware. The password of the
root user must be set first in order to initialize VAPIX and ONVIF interfaces to allow
further configuration. This change only affects products in its factory defaulted state,
products that are already deployed in production systems are not affected by this update
until factory defaulted.

8.40.3:C03
Update libssh2 to version 1.9.0 to increase overall minimum cyber security level. This
update includes correction for CVE-2019-13115.


Corrections in 8.40.2.2 since 8.40.2.1
=======================================

8.40.2.2:C01
General minor improvements to the 8.40 LTS platform.

8.40.2.2:C02
Corrected the following kernel vulnerabilities to increase overall minimum cyber security
level (collectively known as "TCP SACK PANIC"):
CVE-2019-11477, 
CVE-2019-11478,
CVE-2019-11479.

8.40.2.2:C03
Updated wpa-supplicant to version 2.8 and hostapd to version 2.8 to increase overall
minimum cyber security level. The following security vulnerabilites are included
(collectively known as "Dragonblood"):
CVE-2019-9494,
CVE-2019-9495,
CVE-2019-9496,
CVE-2019-9497,
CVE-2019-9498,
CVE-2019-9499.

8.40.2.2:C04
Improved focus in wide and night mode.

8.40.2.2:C05
Corrected an issue that caused problems accessing devices via O3C/Axis Guardian using
Microsoft Edge browser.

8.40.2.2:C06
Improved the certificate management system: It is now possible to upload PKCS#12
certificates with a total size of 102400 bytes. The previous limit was 1/10 of it.

8.40.2.2:C07
Corrected an issue that caused some users not to be displayed in the webGUI's user list on
rare occasions.

8.40.2.2:C08
Improved the certificate management system: added support for certificate IDs with long
names.

8.40.2.2:C09
Updated openSSL to version 1.1.1c to increase overall minimum cyber security level.

8.40.2.2:C10
Added support for TLSv1.3.

8.40.2.2:C11
Corrected security vulnerability in Systemd CVE-2019-6454 to increase overall minimum
cyber security level.

8.40.2.2:C12
Improved the certificate management system: added system log information for failing
certificate upload.

8.40.2.2:C13
Corrected an issue that caused SMB connection problems to NetApp NAS configured for SMBv2.

8.40.2.2:C14
Updated libssh2 to version 1.8.2 due to that version 1.8.1 broke publickey-userauth
requests.

8.40.2.2:C15
Corrected an issue that caused images to be unusually dark in WDR mode on rare occasions.

8.40.2.2:C16
Corrected an issue that caused view areas, set in the web GUI, not to be preserved after
changing camera resolution.


Corrections in 8.40.2.1 since 8.40.2
=====================================

8.40.2.1:C01
General minor improvements to the 8.40 LTS platform.

8.40.2.1:C02
Updated Apache to version 2.4.39 to increase overall minimum cyber security level.

8.40.2.1:C03
Improved robustness of the O3C client.

8.40.2.1:C04
Updated OpenSSL to version 1.1.1b to increase overall minimum cyber security level.

8.40.2.1:C05
Updated OpenSSH to version 7.9p to increase overall minimum cyber security level.

8.40.2.1:C06
Added information about Certificate ID to the Installed Certificates section in the server
report.


Corrections in 8.40.2 since 8.40.1.2
=====================================

8.40.2:C01
General minor improvements to the 8.40 LTS platform.

8.40.2:C02
Added information about WI-FI networks within range to the server report.

8.40.2:C03
Corrected the following security vulnerabilities to increase overall minimum cyber
security level: CVE-2019-3855, CVE-2019-3856, CVE-2019-3857, CVE-2019-3858, CVE-2019-3859,
CVE-2019-3860, CVE-2019-3861, CVE-2019-3862, CVE-2019-3863.

8.40.2:C04
Corrected security vulnerability CVE-2019-0217 in Apache to increase overall minimum cyber
security level.

8.40.2:C05
Corrected security vulnerability CVE-2017-16544 in BusyBox to increase overall minimum
cyber security level.

8.40.2:C06
Corrected an issue that caused a viewer user to not be able to obtain the list of image
resolution properties via param.cgi.

8.40.2:C07
Corrected an issue in the Web-GUI that prevented to upload a Client Certificate or CA
certificate using the Edge browser.

8.40.2:C08
Updated pre-installed Mozilla CA-certificates to versions available at 20190122.

8.40.2:C09
Added GOP Length option to the Stream Profile Settings.

8.40.2:C10
Corrected the following vulnerabilities in order to increase overall minimum cybersecurity
level: CVE-2018-16864, CVE-2018-16865, CVE-2018-16866.

8.40.2:C11
Updated OpenSSL to version 1.0.2r to increase overall minimum cyber security level.

8.40.2:C12
Corrected an issue with timestamps in the RTCP Sender Report that could cause RTSP
recordings/playbacks not to work correctly in some video players using the Live555 library
such as VLC and ffmpeg.


Corrections in 8.40.1.2 since 8.40.1.1
=======================================

8.40.1.2:C01
General minor improvements to the 8.40 LTS platform.

8.40.1.2:C02
Corrected an issue in the web GUI when creating a preset position and the language was set
to German.

8.40.1.2:C03
Corrected an issue that could cause the camera to get unresponsive when two clients are
streaming over multicast using the same streaming parameters.

8.40.1.2:C04
Upgraded Apache to version 2.4.38 to increase overall minimum cyber security level.

8.40.1.2:C05
Corrected an issue with Always Multicast over IPv6.

8.40.1.2:C06
Corrected an issue that caused factory default settings to not be applied correctly when
upgrading from a firmware version prior to 6.20.

8.40.1.2:C07
Corrected an issue in the Wireless LAN Congestion Control.

8.40.1.2:C08
Corrected an issue in the web GUI that caused IO Port values to be displayed incorrectly.

8.40.1.2:C09
Corrected an issue that caused Recorded Guard Tour not to work properly on rare occasions.

8.40.1.2:C10
Improved re-connection behavior to AVHS server. The time between failed connection
attempts will now gradually increase until a hard limit is reached.


New features in 8.40.1.1
================================================================================

8.40.1.1:F1
Renamed "Browser Stream Statistics" to "Client Stream Information". The Client
Stream Information are available in the web-interface of the camera.

8.40.1.1:F2
Updated apache webserver to version 2.4.35 to increase overall minimum cyber
security level.

8.40.1.1:F3
Added support for AES-CBC 256-bit SD card encryption.

8.40.1.1:F4
AXIS Video Motion Detection 4.2.5 is now pre-installed.

8.40.1.1:F5
AXIS Motion Guard and Fence Guard 2.1.4 are now pre-installed.

8.40.1.1:F6
Updated help files with more detailed information about SMB and Certificate
support in AXIS products.

8.40.1.1:F7
Added a new section "Snapshot of current CPU utilization" that prints
information about CPU utilization and memory consumption of processes in the
server report.

8.40.1.1:F8
Changed the default timeout of HTTP-Recipient based action rules from 10s to
120s to compensate for unstable networks or slow clients. After the timeout is
reached, the action rule will be re-tried.


Known Bugs/Limitations
================================================================================

8.40.3:L1
When using the Edge or Firefox web browser automatic license installation
doesn't work as expected.

8.40.3:L2
Some parts of the web-interface may not be fully translated.

8.40.3:L3
It is not possible to update the product using Genetec 5.7 SR2. Genetec will
provide a patch in 5.7 SR3.

8.40.3:L3
When using an iOS device and Chrome or Safari web browser it is not possible to
switch from viewer to administrator or operator.

8.40.3:L1
A user might experience frame drops in rare conditions when video streaming in
Firefox 57 due to specific computer hardware. It is recommended to use Google
Chrome instead.

8.40.3:L2
When the camera is restored, the time zone is not saved meaning that it will be
set to GMT 0.


Supported AXIS VAPIX API Image Resolutions for Q6154-E
================================================================================

Resolution  Exceptions
==========  ==========

1280x720
800x450
480x270
320x180

1024x768    1)
1024x576    1)
800x600     1)
768x576     1)
720x576     1)
704x576     1)
704x480     1)
640x480     1)
640x360     1)
704x288     1)
480x360     1)
704x240     1)
384x288     1)
352x288     1)
352x240     1)
320x240     1)
240x180     1)
192x144     1)
176x144     1)
176x120     1)
160x120     1)
160x90      1)
analyze     1)

1) Not visible in web user interface