Release Notes PN 93000459_W1 Digi One SP and Digi One IA EOS 82000774_W1 February 19, 2016 INTRODUCTION This is a production release of firmware for the Digi One SP and Digi One IA. These devices provide high-performance serial port connectivity with added EIA-232/422/485 switch selectable support on the serial port. These devices come with RFC-2217 support, TCP Server (Reverse telnet/raw), Autoconnect (TCP Client), UDP Serial Client/Server, ARP-ping, Advanced Device Discovery Protocol, and Digi's patented RealPort protocol for COM port control. SUPPORTED PRODUCTS Digi One SP Digi One SP Secure Digi One IA IMPORTANT UPGRADE INFORMATION - Before upgrading the 82000774 firmware, it is necessary that you have a POST firmware that supports the current revision of the 82000774 firmware. Failure to have a compatible POST will result in the device becoming unusable. - To determine the current version of POST firmware using the WEB interface go to the Administration/"Update Firmware" page. The "Update Firmware" page should display the current POST version and should look something like: POST: release_82000775_F - To determine the current version of POST firmware using the command line interface, type "show versions" at the command prompt. - If the POST version is 82000775 revision A through E you must upgrade to the POST version 82000775_F or later. - If the POST version is 82001178 nothing needs to be done. BUG FIXES CVE-2014-3566: Fixed SSL/TLS by eliminating POODLE vulnerability. Fixed ERR_SSL_FALLBACK_BEYOND_MINIMUM_VERSION identified when trying to open a secure WebUI connection with latest version of Chrome (45). Some modern TLS/SSL-based clients and/or servers require a more secure mechanism to exchange security information than was supported in this product. The strength of the "Diffie-Hellman Group" has been doubled to improve compatibility with modern systems, at the potential cost of performance. See known limitations. ENHANCEMENTS KNOWN LIMITATIONS - This firmware version updates and restricts encryption to the device according to recent industry guidance and best practices. Given the resource constraints in this product architecture, and the increased computational power required to implement newer encryption methods, these latest changes may impact product performance in some applications, significantly increasing the time required for encrypted communications to complete. If application performance with this revision is not suitable, the best options are to revert to the previous (revision W) firmware or use the product without using SSL/TLS encryption. - In order to run a firmware that is 82000774_G or greater it is necessary to have POST firmware that has the partnumber 82001178 or the POST firmware that has the partnumber_revision that is 82000775_F or greater. To determine the version of POST that is being run, using the WEB UI go to the "Administration"/"Update Firmware" page, or using the command line enter the "show version" command. ADDITIONAL INFORMATION - not applicable HISTORY 2013-11-01: 82000774_W BUG FIXES Fixed a security issue that could potentially grant excess permsissions to an attacker. 2012-10-08: 8200774_V2 ENHANCEMENTS Updated the expiration date of the Digi self-signed certificate February 10, 2012: 82000774_V1 BUG FIXES Fixed an issue where certain newer SSH clients could no longer connect with the Digi SSH server Fixed an issue where the Digi device would run out of sockets March 24, 2011: 82000774_V ENHANCEMENTS Added Digi Login Success/Failure traps for http and https BUG FIXES Fixed an issue where under some conditions an ATDT command to pmodem that normally works fine stops working Fixed an issue where the DHCP client would not accept a DHCP ACK response to a DHCP request when in re-binding state Fixed an issue where a modbus poll of 1 bit from AB PLC incorrectly returns 2 bytes of data, it should return 1 byte Fixed an issue where SNMP traps with timestamps greater than 7FFFFFFF result in malformed traps Fixed an issue where FF characters were being doubled by pmodem when a connection is established via an "atdt " command from the terminal. Added the atdtraw=on|off option to "set pmodem" CLI command to allow disabling this behavior when atdtraw is set to on. Fixed an issue where using the web UI to set/change auth settings results in issues with the RealPort portion of auth settings. The changes do not add the RealPort options to the web UI but do set and clear them in a saner manner. The CLI is the only place where RealPort options are fully controllable. Fixed an issue where the ATC CHANGE IPADDRESS command was not working in PModem Fixed a PModem panic that happened when certain AT commands were issued March 4, 2009: 82000774_U2 BUG FIXES - Fixed a problem where when accessing the device with IE6 or IE7, the user can get an HTTP 400 error November 14, 2007: 82000774_U ENHANCEMENTS - TCP Keepalives are now on by default when you assign your IP manually, otherwise your DHCP server supplied setting will be used. An idle timeout of 4 min 30 sec was selected to work with NAT/firewalls which normally timeout TCP sockets after 5 minutes of idle time. - For UDP Sockets profile, the UDP Client behavior has changed. Whereas before one was forced to always manually enter a return address, now the behavior is: UDP Client: Serial data received is automatically returned to the last UDP client that sent data. You can override or lock-down the destination by entering 1 or more IP and port pairs below. All serial data is repeated as UDP unicast to all devices in this list. - Under UDP Sockets Client, the default idle time delay was reduced to 100msec, it had been 1000msec (1 sec) - (For Digi One IA only) Modbus bridge capacity has been increased: Now supports up to combined total of 32 network masters and slaves (was 12 before) Now supports up to 32 routes in 2 tables (was 8 before) - The Digi One IA Passthru device implementation has been changed from a hardware implementation to a software implementation. As a result, hardware flow control cannot be used when the device is in pass-through. Also, a device may only be attached to a single serial port when in pass-through mode. Having multiple devices attached will lead to undefined behavior. table override (disabled) the default auto-reply to last client. - Added the following options to the set secureaccess command in the CLI: ssh-keyauth=on|off - Allow authentication using a public key ssh-pwdauth=on|off - Allow password authentication What these options do is determine which methods of authentication are allowable when negotiating for an SSH connection. When ssh-keyauth is enabled, public key authentication is an allowable method, when ssh-pwdauth is selected, password authentication is valid. The default is for both to be enabled which will allow a client to select and use either method. It is possible to turn them both off, however no authentication will then be possible and SSH connections will fail. BUG FIXES - Reworked premessage logic to insure the premessage and login prompt are displayed correctly under all conditions - Fixed a problem where the new base port did not become effective immediately on a "revert config=factory" - Fixed a problem where the SNMP meiDescription field always said "half-duplex" even when set to full-duplex - Fixed a problem where the "revert consmenu" command did not revert inband_break - Removed inter-character timeout (aka idletime) option from TS 8/16 CLI because the hardware, and hence the firmware, does not support the feature - Fixed a problem where the SNMP charPortName field could not be set via SNMP June 17, 2005: 82000774_G ENHANCEMENTS - Port sharing feature added. - Modbus protocol added (activated on Digi One IA only). BUG FIXES - Fixed a problem where the device was not routing supernet type routes correctly. - Fixed a problem where our device was failing to properly negotiate RFC2217 options. - Fixed a problem with auto connect telnet and auto connect rlogin where escape characters would cause the connection to escape to the command line prompt. - Fixed a problem where it was not possible to disable escape characters for telnet, rlogin, and connect sessions. - Fixed a problem where rapidly opening and closing serial socket connections was causing a serial port to get stuck. - Fixed a problem where auto connections configured with raw IP addresses were slow to connect when a bad DNS server was configured. - Fixed a problem where auto connect was sometimes losing data if large amounts of data was being sent while the network connection was being established. - Fixed a problem where a raw auto connection was failing to establish a network connection when the data byte 0x03 was being sent during connection establishment. - Fixed a problem with the auto connect flush character option. This option was causing more than a single byte of data to be flushed. Furthermore the default setting for raw connections and connections when the serial device type was not term was incorrectly flushing data. - Fixed a problem where an error message was being returned when using the "set user" command to configure an auto connection with a DNS destination address. - Fixed various UDP serial problems. April 6, 2005: 82000774_F4 BUG FIXES - Fixed problem that occurs when running on newer devices that contain the 82001178 POST. The WEB UI would not allow reboots to occur. 2004-11-19: 82000774_F3 BUG FIXES - Insure that Digi One IA CR is properly reported via ADDP 2004-11-12: 82000774_F2 BUG FIXES - The Digi One SP device will reset the flow control to hardware when power cycled - When configured for "Always connect" it will not connect when placed in 422/485 mode. - Setting the IP address through ADDP and rebooting the device may result in the IP address not being saved to NVRAM - UDP 2773 Debug port open when not in use - Rlogin fails to make a proper auto connection from a serial port - rlogin esc character not working - The 'show versions' command cuts off the last character. - Help for CLI in Digi One SP/IA firmware states incorrect base socket values - Keepalive disconnects a connected session where no traffic has passed 2004-09-17: 82000774_F1 ENHANCEMENTS - Enahced the PMODEM ati3 response to include firmware version BUG FIXES - Resolved an issue where the same IP can be assigned to two different devices via DHCP - Allow host names that start with a number in the Web UI - Resolved an issue where TCP socket 2101 refuses connections 2003-10-30: 82000774_F - Allow HTTP Web UI port to be changed from the default of 80 2003-06-06: 82000774_E ENHANCEMENTS - Command line interface support - DHCP Keepalive - Web user interface port profiles - by default the profile will be custom. It is recommended that the correct profile for your envrionment be selected. This can be done through the wizard (version 1.2 or higher) on the CD, or through the web interface. The new profiles quicken installation process by only enabling applicable parameters for optimal operation. - Base socket configurable with any integer between 1999 to 50000 2003-1-23: 82000774_D - New web user interface - Send serial buffer after timeout 2002-12-16: 82000774_C - Digi RealPort Protocol Support - Latency Options and Enhancements - Settable Ethernet Speed and Duplex - TCP Keepalive Options and Enhancements - Ability to Kill Connections (Who) - Copy Configuration (CpConf) 2002-09-06: 82000774_B1 - Minor, internally-found bug fixes. 2002-08-07: 82000459_B - Support for SP hardware. 2002-06-01: 93000459_A - Initial release of firmware for DigiOne IA. 2002-06-18: 82000774_01 - Beta Release of firmware.