Release Notes PN 93000490_K Digi CM Firmware 80007059_J1 (Digi CM 8) 80007051_J1 (Digi CM 16) 80007050_J1 (Digi CM 32) 80007070_J1 (Digi CM 48) v 1.5.0.2 June 4th, 2004 INTRODUCTION This is the production release of firmware for the Digi CM. These devices provide console management access to various servers, devices, and systems that may be accessed by a serial cable to a console port. These devices feature console management through a console menu or web interface to allow configuration of network settings, serial settings, administration settings, and user settings. High-end features include Telnet/SSHv1/SSHv2/RawTCP protocols, Local, RADIUS, TACACS+, and LDAP authentication, Port logging through Local, NFS, and Memory cards, PCMCIA slot and configuration, custom menus, keyword monitoring and SMTP/SNMP notification, 10/100 mbps Ethernet network interface, and Digi Discovery server to allow discovery and network configuration from the Digi Discovery Applet. SUPPORTED PRODUCTS Digi CM 8 Digi CM 16 Digi CM 32 Digi CM 48 Improvements - Fixed security vulnerability that could allow unauthorized access. History 93000490_J: v1.5.0 04-22-2004 ENHANCEMENTS - Added an option to "Change Password" in the Port Access Menu. - Users may use variable names for port logging. - Added support for "Netgear FA411" PCMCIA Ethernet card. - Added modem dial-in support to "Console Port". - Turning DHCP on will now set DNS to auto. - Upgraded OpenSSH to 3.7.1p2 and OpenSSL to 0.9.6m - Users now have the option to disallow "root" access from everything except when using the CM console port. - Web UI now reconnects to login page after reboot or firmware upgrade. - Added ability to configure a secondary IP Address so "Clustering slaves" may be addressed using non routable IP address. - Added the ability to change root password through Web UI. - Added "SNMP Login trap" support to the "Dialin Modem". - Added email alert notification to serial port SNMP traps. - Removed the ability to disconnect existing users via port access menu. - Implement "Global SNMP Trap" receiver settings. - Added support for SecurID's "new Pin" and “next Token Code" mode. - Added ability to show bootloader revision during system operation. - Added notification in Web UI for port events. - Added bi-directional data logging on serial ports. - Added option to show last 10 lines of unread data when connecting to a port. - Serial ports support 45 character user names for remote authentication. - Added ability to local users to remotely authenticate to clustered ports. IMPROVEMENTS - Fixed multiple outlet assignments to the same port. All assignments are visible on the "Serial Port Power Control" page. - System disconnects after 3 failed login attempts to the "dialin modem" or "console server". - Fixed authentication and port lockup issues using the "Port Access Menu". - Fixed the issue of the Digi CM returning to factory default settings when it's connected to a power controller and in "Host" mode. - Fixed issue with serial ports when a DCHP server is not found. - Allow access to serial ports even if no IP address was assigned using DCHP. - Corrected port listening abilities to include tcp port 2002. - Corrected memory anomalies during security scans. These anomalies caused the Web UI daemon errors. - Fixed security scan holes. - Fixed serial port comment fields to support " ' " characters. - Corrected confirmation syntax on "Configmenu" message. - Corrected isolated outlet power cycling issues. When multiple outlets are connected to one serial port individual outlets may be power cycled. - Fixed user name and password to support 29 character values. - Corrected issue with ports failing on multiple connections through the port access menu. - Corrected date handling issue for leap years. - Fixed IP properties so a change in the gateway will take immediate effect. - NTP and UTC offsets are now reflected in the port logs. KNOWN LIMITATIONS - The new Master authentication feature for Clustering will not work if the slave ports are configured for SSH. This issue will be addressed in the next firmware release. - Masters and Slaves must all have the same authentication configuration for RADIUS, TACACS+, or LDAP in order to remotely authenticate on clustered ports. - Web UI, Discovery Applet, and Serial Connection Applet require Netscape 4.76 or higher or Internet Explorer 5 or higher. - The Discovery Applet and Serial Connection Applet also require the Java Runtime Environment (JRE) 1.3 or higher. - Netscape 4 on Windows: the serial port connection applet will not accept so the user cannot login through the applet. - Using cancel button when removing Custom Menus or Copying custom menus causes the page to be submitted and the menus removed or copied, respectively. To cancel without causing this effect, use the browser's Back button. ADDITIONAL INFORMATION - When using the SUN Java Runtime Environment in Windows, you may need to verify the browser you are using has been enabled with the Java plugin. To verify, use the following steps: 1. Go to Control Panel in Windows (may be accessed through My Computer or Start menu) 2. If you are using "Category View", click "Switch to Classic View". 3. Click Java Plug-In icon. (if this icon does not exist, verify JRE is correctly installed) 4. Click on the "Basic" tab. 5. Verify "Enable Java Plug-In" is checked. 6. Click on the "Browser" tab. 7. Verify appropriate browser or browsers are checked. 8. Click on the "About" tab. 9. Verify Java Plug-in version is 1.3 or later. - When upgrading releases prior to 1.3.2, Digi advises you to factory default and reconfigure the CM after upgrading the firmware. If upgrading from rev. 1.3.2 or greater, importing configs will work with the exception of the “Serial port->User access control” section. 93000490_J: v1.5.0 04-22-2004 - Added an option to "Change Password" in the Port Access Menu. - Users may use variable names for port logging. - Added support for "Netgear FA411" PCMCIA Ethernet card. - Added modem dial-in support to "Console Port". - Turning DHCP on will now set DNS to auto. - Upgraded OpenSSH to 3.7.1p2 and OpenSSL to 0.9.6m - Users now have the option to disallow "root" access from everything except when using the CM console port. - Web UI now reconnects to login page after reboot or firmware upgrade. - Added ability to configure a secondary IP Address so "Clustering slaves" may be addressed using non routable IP address. - Added the ability to change root password through Web UI. - Added "SNMP Login trap" support to the "Dialin Modem". - Added email alert notification to serial port SNMP traps. - Removed the ability to disconnect existing users via port access menu. - Implement "Global SNMP Trap" receiver settings. - Added support for SecurID's "new Pin" and “next Token Code" mode. - Added ability to show bootloader revision during system operation. - Added notification in Web UI for port events. - Added bi-directional data logging on serial ports. - Added option to show last 10 lines of unread data when connecting to a port. - Serial ports support 45 character user names for remote authentication. - Added ability to local users to remotely authenticate to clustered ports. 93000490_I: Skipped 93000490_H: v1.4.0 12-20-2003 - Provide download utilities cron, fuser, and netstat - Updated Web UI to present configurable options only - Web UI now displays logged in web user - Improved error reporting during SAC connection failures - Added direct URL support to access the Java Telnet application - Enhanced LDAP support by adding OU to the search path - Added Japanese language support to SAC - Added Japanese language and UTF-8 support to the Java Telnet application - Added configurable escape sequence which will return user back to the custom menu - Added power management support - Added Daylight savings time support - Port title can be used as an alias for the port number when SSH or Telnet to port - Administrative users now have the ability to disconnect users from ports through the Web UI - Added the ability to use the host name for the CLI prompt instead of the IP - Added Corega LAN Card Support - Added the ability to use the DNS name of an NFS server instead of the IP - The "hosts.cnf" file is now user editable - Added port reset command to the CLI - CM will now continue sending DHCP requests if DHCP fails 93000490_G: v1.3.2 10-03-2003 - Updated SSH to correct problem specified in advisory. 93000490_F: v1.3.0 09-08-2003 - Added SNMP Trap on CTS On/Off per serial port - Added enable/disable button for the First SMTP server - Improved Configuration File Importing / Exporting - Automatic notification when initiating a sniff session. - Added SNMP support for login traps. - Added option in WEB UI to config menu that will disable telnet to the Digi CM. - Added a 'send break' option via the Digi CM telnet client. - Added the ability to view active user and reset "stuck" port from the WebUI. - Added second trap receiver for Keyword Alerts. - Added IP of the slave units in the "Port access menu". - WEB UI - User Admin - Just click on the user instead of selecting "edit". - Added configurable port break sequence. - Added visible IP address when using DHCP with a wireless card. - Added Orinoco wireless PC Card support. - Added confirmation request before killing a process with SAC command. - Added encrypted NFS. 93000490_E: v1.1.3 07-11-2003 - Added support for PC Modem Cards Multitech, Starlogic, Actiontec, and Zoom - Change Unit # on clustering connection page of Web UI from numeric character to alphabetic character. 93000490_D: NA 93000490_C: v1.1.0 05-12-2003 - Added Microsoft System Special Administration Console (SAC) support. - Added Shadow password support. - Added ability to switch directly between serial port configuration pages - Port Access Menu to access slave units in clustered scenerio. - Add option to launch telnet sesssion instead of Java applet for port connection. - Added support for Kerberos authentication. - Added remote Authentication to WebUI. - One Step Save and Apply. - Configurable escape sequence per port. - Checkbox to allow all users with port access to sniff. - Added ability for sniff users to switch between read only access and read/write access on a port. - Added an in-use and by-use comment field in serial port connection screen. - Customizable port log filename to NFS Server. - Reduce character limit of usernames down to 3. - Add secondary NFS Server option for System and Port logs. - Add Date/Time stamp option to Port logs. - Use LED graphics in the web UI instead of on/off text. - Added SNMP trap for alert. - Added prompt before sending break key to applet window. - Increased limit of sniff sessions per port to 15. - Upgraded SSH Client to current version (3.5p1) - Added the ability to disable Alt. IPs. 93000490_B1: v1.0.03.01 05-21-2003 - Port lockup with F-Secure or SSH 3.2.3 clients is fixed 93000490_A1: v1.0.03 03-06-2003 - Bug for WYSE dumb terminals support is fixed - Bug for setting the date in the bootloader is fixed - Bug for setting the system time in the bootloader is fixed 93000490_A: v1.0.02 02-26-2003 - Initial release