FIRMWARE RELEASE NOTE ===================== Products affected: AXIS C3003-E Release date: 2024-06-26 Release type: Production Firmware version: 10.12.240.1 Preceding release: 10.12.236.1 -------------------------------------------------------------------------------- Upgrade instructions ==================== NOTE 1: If your device is currently running FW version 1.85.060 or a FW version prior to 1.85.060 you need to upgrade in the following steps: 1.65.032 -> 1.85.060 -> 9.80.72.1 -> 10.12.240.1 NOTE 2: If upgrading a device from 1.65.032 to 1.97, 9.80 or later, without doing a factory default, you will need to change the device settings to allow HTTPS calls. Until done follower devices will stop playing and appear offline to the leader. Features in 10.12.240.1 ======================= 10.12.240.1:F1 Updated Apache to version 2.4.59 to increase the overall cybersecurity level. Corrections in 10.12.240.1 ========================== 10.12.240.1:C1 Corrected an issue where invalid data could crash the Remote Syslog cgi. 10.12.240.1:C2 Corrected an issue where SSH users who used ssh-copy-id to install their SSH key as authorized on the device would unintentionally still have SSH access after a factory default with keeping IP settings. 10.12.240.1:C3 Corrected memory problems for products utilizing AXIS O3C Dispatcher service. Features in 10.12.236.1 ======================= 10.12.236.1:F1 The parameter RemoteService.ProxyPassword that controls the proxy password has been masked and made unreadable for security reasons. 10.12.236.1:F2 Updated cURL to version 8.7.1 to increase overall cybersecurity level. 10.12.236.1:F3 Added DNS cache for O3C client to reduce the DNS lookup. Corrections in 10.12.236.1 ========================== 10.12.236.1:C1 Improved stability of the WSDD (Web Services Dynamic Discovery) by addressing potentially unexpected crashes. 10.12.236.1:C2 Corrected an issue where # in network sharing passwords was not supported. 10.12.236.1:C3 Corrected an issue where mounting network share with 'space' character in the name, was not working correctly. 10.12.236.1:C4 Addressed CVE-2024-0066. For more information, please visit the Axis vulnerability management portal. Features in 10.12.228.1 ======================= 10.12.228.1:F1 Updated time zone database version to 2023d. 10.12.228.1:F2 Updated curl to version 8.6.0 to increase overall cybersecurity level. 10.12.228.1:F3 Updated OpenSSL to version 1.1.1x to increase overall cybersecurity level. Corrections in 10.12.228.1 ========================== 10.12.228.1:C1 Addressed CVE-2024-0055. For more information, please visit the Axis vulnerability management portal. 10.12.228.1:C2 Updated mDNS Responder Daemon (mDNSResponder) to version 2200.60.25.0.4, enhancing overall system stability. Features in 10.12.221.1 ======================= 10.12.219.1:F1 Changes in audio latency to ensure compatibility between 10.12-LTS and 11.8 when using AXIS Audio Manager Edge. 10.12.219.1:F2 Updated curl to version 8.5.0 to increase overall cybersecurity level. 10.12.219.1:F3 Updated Apache to version 2.4.58 to increase overall cybersecurity level. 10.12.221.1:F4 Updated OpenSSH to version 9.6p1 to increase overall cybersecurity level Limitations in 10.12.221.1 ========================== 10.12.221.1:L1 AXIS Audio Manager Edge: Use AXIS OS version 10.12.221.1 or above or 11.8 or above, on all devices in the site. Other combinations of newer and older AXIS OS versions will result in sound playing out of sync. Features in 10.12.213.1 ======================= 10.12.213.1:F1 Updated curl to version 8.4.0 to increase overall cybersecurity level. Corrections in 10.12.213.1 ========================== 10.12.213.1:C1 Corrected CVE-2023-21418. For more information, please visit the Axis vulnerability management portal. 10.12.213.1:C2 General improvements for the audio system's stability. 10.12.213.1:C3 Corrected CVE-2023-4911. 10.12.213.1:C4 Corrected CVE‐2023‐21416. For more information, please visit the Axis vulnerability management portal. Features in 10.12.208.1 ======================= 10.12.208.1:F1 Updated OpenSSL to version 1.1.1w to increase overall cybersecurity level. 10.12.208.1:F2 Updated CURL to version 8.3.0 to increase overall cybersecurity level. 10.12.208.1:F3 Improved SNMP Monitoring by adding support for the ipAddressTable OID. Corrections in 10.12.208.1 ========================== 10.12.208.1:C1 Corrected an issue where the Web interface was unintentionally modifying the timezone upon loading, even if the device had been previously configured outside of the Web interface. 10.12.208.1:C2 Corrected CVE-2023-21413. For more information, please visit the Axis vulnerability management portal. 10.12.208.1:C3 Updated the mDNS Responder Daemon (mDNSResponder) to version 1790.80.10 to improve system stability. Features in 10.12.183.1 ======================= 10.12.183.1:F1 Updated Apache to version 2.4.57 to increase overall cybersecurity level. 10.12.183.1:F2 Updated OpenSSL to version 1.1.1u to increase the overall cybersecurity level. 10.12.183.1:F3 Updated curl to version 8.1.0 to increase overall cybersecurity level. 10.12.183.1:F4 Added proxy configuration support to the Owner Authentication Key (OAK) cgi using group root.RemoteService, simplifying setup on networks requiring proxy servers for Internet access and improving the authentication process. 10.12.183.1:F5 Added detailed health information from SD cards to the server report, including power cycle statistics and flash wear rates. This improvement allows for a better monitoring of the system's health that can prevent downtime or data loss. Corrections in 10.12.183.1 ========================== Corrections in 10.12.183.1:C1 Improved the syslog system stability by fixing a memory leak. Corrections in 10.12.183.1:C2 Enhanced SNMP Monitoring: We resolved a missing TCP sub-tree OID issue in NET-SNMP by adding support for the SNMP TCP MIB object .1.3.6.1.2.1.6. This improvement ensures a smooth and uninterrupted SNMP monitoring experience. Corrections in 10.12.183.1:C3 Corrected an issue with OAK (owner authentication key). It now only produces warnings in the log instead of errors if the device is not able to connect to the internet. Features in 10.12.150.1 ======================= 10.12.150.1:F1 Updated Apache to version 2.4.55 to increase overall cybersecurity level. 10.12.150.1:F2 Updated OpenSSL to version 1.1.1t to increase the overall cybersecurity level. 10.12.150.1:F3 Updated curl to version 7.87.0 to increase overall cybersecurity level. 10.12.150.1:F4 Updated time zone database version to 2022d. Corrections in 10.12.150.1 ========================== Corrections in 10.12.150.1:C1 Corrected an issue in the platform where audio was not working correctly in the Companion and AXIS Camera Station iOS apps. Correction was also needed in the iOS apps, therefore requires iOS Companion version 7.11.14 or later, and iOS AXIS Camera Station 4.6.12 or later. Corrections in 10.12.150.1:C2 Improved system stability during roll-back. Features in 10.12.138.2 ======================= 10.12.138.2:F1 Updated cURL to version 7.86.0 to increase overall cybersecurity level. 10.12.138.2:F2 Updated OpenSSL to version 1.1.1s to increase the overall cybersecurity level. Corrections in 10.12.138.2 ========================== 10.12.138.2:C1 Corrected an issue which could cause audio clips not to play to completion. 10.12.138.2:C2 Corrected an issue that caused the wrong file size to be reported for recordings larger than 50MB when using FTP. 10.12.138.2:C3 Corrected an issue where ACAP application parameters were reset after firmware upgrade. Features in 10.12.119.1 ======================= AXIS Audio Manager Edge features -------------------------------- 10.12.119.1:F1 The leadership role, configuration and stored content of your AXIS Audio Manager Edge site can now be transferred to another device in the site. 10.12.119.1:F2 Expanded the support for storing multiple schedules to also include advertisements- and announcement schedules. As before, there can only be one active schedule of each type at a time. FW features ----------------- 10.12.119.1:F3 Updated curl to version 7.85.0 to increase overall cybersecurity level. Corrections in 10.12.119.1 ========================== 10.12.119.1:C1 Corrected an issue in AXIS Audio Manager Edge so that "Microphone" can now be selected as intermediary device for a line in paging source. 10.12.119.1:C2 In AXIS Audio Manager Edge, SIP/Vapix Intercom has been renamed to SIP/Vapix Talkback. 10.12.119.1:C3 Removed the pre-configured action events called "Pre-announcement tone: Answer call after incoming call-tone" and "Pre-announcement tone: Play tone on incoming call" from the device configuration web. A detailed step-by-step instruction of how to configure the action events has been added to the device manual. 10.12.119.1:C4 Corrected an issue where events created to mute an audio site could be deleted after restart from the device configuration web. 10.12.119.1:C5 Corrected an issue to make it possible to create certificates with Common Name up to 64 characters. 10.12.119.1:C6 Corrected an issue that could cause O3C client to be disconnected due to exhausted resources. Known limitations ================= 10.12.138.2:L1 With Milestone and Genetec the G711 codec is not working correctly on products with the i.MX 6SoloX processor. Applies to: C8210, C8110, C1210-E, C1211-E, C1510, C1511. 10.12.138.2:L2 From FW version 10.12.66.1 and onwards AXIS Audio Manager Pro v3.3 is not supported. FW upgrade will fail if AXIS Audio Manager Pro 3.3 ACAP is found on the device. Users are advised to upgrade to AXIS Audio Manager Pro v4.0 or later version before upgrading the device. To continue using AXIS Audio Manager Pro 3.3 you should change firmware to 9.80 long-term support (LTS) track. 10.12.138.2:L3 There is currently no support for PEM certificates when using TLS authentication in AXIS Audio Manager Edge. 10.12.138.2:L4 If the user tries to add more than 40 devices at the same time in AXIS Audio Manager Edge the system might fail to add all devices. The user can still try again and add the remaining devices in one or more sessions.