Release Notes PN 93000660_M Digi ConnectPort LTS Firmware 82002228_M (ConnectPort LTS 8 16 32) version 1.4.5 Nov 2019 MD5: 714B1C1FF5DE164F94D7FEBE6118013B SHA256: CB9EBEE313E264E0E190ADE9D253DB754DC3224876E3060B52DDB76C554CEE23 INTRODUCTION This is a production release of firmware for the ConnectPort LTS (Linux Terminal Server) products. These devices provide serial over Ethernet connectivity for applications today and into the future. They support IPv4 and IPv6 Ethernet protocols. The ConnectPort LTS MEI product is the same size as the ConnectPort LTS (RS-232 only) and is the fastest multi-port device with a Multiple Electrical Interface (MEI) in the industry. High-end features include Telnet/SSHv2/TCP Sockets protocols, Local, RADIUS and LDAP authentication, Port logging through Local, NFS, Samba, Syslog and SD Memory cards, keyword monitoring and SMTP/SNMPv3 notification, PPP, Encrypted RealPort, Dual 10/100/1000 mbps Ethernet network interface, Python support and Digi Discovery server to allow discovery and network configuration from the Digi Discovery Tool. SUPPORTED PRODUCTS ConnectPort LTS 8 Family ConnectPort LTS 16 Family ConnectPort LTS 32 Family Nov 2019 version 1.4.5 Security Patch (Medium Level - CVSS v2 Score 6.0) Enhancements CPLTS-165 Unique Password on LTS and Force password change at initial login (SB-327) Bug/Security Fixes CPLTS-167 Medium Level security fixes - Three (3) Stored XSS Scripting and one (1) unrestricted/arbitrary file upload vulnerabilty We would like to provide thanks and credit to the finding of the vulnerabilities to two (2) researchers: -Murat Aydemir, Critical Infrastructe Penetration Test Specialist at Biznet Bilisim A.S -Fatih Kayran, Penetration Test Specialist CPLTS-162 Implement fix to SACK Panic -- CVE-2019-11477 Known Limitations - None Additional Information - None History May 2019 version 1.4.4 Enhancements CPLTS-155 Add support for 50 Baud CPLTS-158 Force HTTP to use only TLS 1.2 This feature can be enabled uisng the CLI set web allow_only_tlsv12=[on|off] Bug Fixes CPLTS-148 Allow SSH client to change default password CPLTS-150 Fix configuration parser to allow for non-standard characters CPLTS-152 Fix to properly exit a telnet session after killing a port CPLTS-153 Allow for capital letter in serial port description. Aug 2018 version 1.4.3 Enhancements - Added support to Allow access to connect as a different user (i.e. root) when logged as a normal user. (CPLTS-103) - Added a send break option. (CPLTS-107) - Added ability to disable keyboard-interactive authentication if a user has SSH publick key authentication enabled. (CPLTS-114) - Added the DHCP custom identifier option to this product. (CPLTS-124) - Updated RealPort to allow use of TLS 1.2. (CPLTS-126) - Changed network stack behavior when LTS declines/closes an additional TCP socket open request. (CPLTS-134) Bug Fixes - Fixed typos in CLI. (CPLTS-116) - Blocked the use of Special Swedish Characters In The Serial Port Description. (CPLTS-122) - Fixed a problem where Serial port process does not start properly during boot when data is sent during boot to the port. (CPLTS-125) - Fixed a problem where we couldn't mount a Samba share from an Ubuntu 18.04 Linux server. (CPLTS-143) Known Limitations - None Additional Information - None 03-2017 version 1.4.1 Bug Fixes - Fixed support for TransmitComChar function. (CPLTS-112) 08-22-2016 version 1.4.0 Enhancements - Added set route command from PortServer family to allow PPP user mapping to network. (CPLTS-1) - Added gratuitous arp option. (CPLTS-38) - Changed the "ruser" default permissions to read only for User Configuration. (CPLTS-76) - Added the ability to deactivate the Secure Tunnel Service port 4401. (CPLTS-77) - Added the "display techsupport" command for easy reading of the configuration. (CPLTS-82) - Added additional routing tables to the product to allow the ConnectPort LTS to talk locally. (CPLTS-83) - Added Custom Menus feature from PortServer TS line. (CPLTS-86) - Added Security updates to the ConnectPort LTS. (CPLTS-90) - Added the ability to set a custom login prompt. (CPLTS-93) - Added support for multiple User authentication in Modem profile. (CPLTS-94) - Added per port access permission based on user id in the show user command. (CPLTS-97) - Added visibility of ports in use based on user id in the show user command. (CPLTS-98) - Added visibility if an SSH key has been uploaded based on user id in the show user command. (CPLTS-99) - Updated graphic in Web interface to new Digi logo. (CPLTS-106) Bug Fixes - Added dial on demand string when port is set to modem. (CPLTS-41) - Fixed a bug where Web logout and web session time were not showing in syslog. (CPLTS-74) - Added ability for SSH to not fallback after trying public keys. (CPLTS-75) - Fixed a bug where restored backup config corrupts users default shell. (CPLTS-84) - Fixed a bug where the CP LTS 32 will not send serial data when connected to multiple computers using RealPort 4.7.410. (CPLTS-87) - Fixed a problem having to do with network bonding and DHCP. (CPLTS-91) - Fixed a bug where Firmware update via TFTP was failing. (CPLTS-96) - Fixed a problem where you were unable to activate encrypted RealPort with ConnectPort LTS unit without manual key generation. (CPLTS-100) - Fixed a problem where Security scan shows SSH Insecure HMAC Algorithms Enabled and insecure. (CPLTS-101) - Fixed a problem where SSH Key upload would fail under certain circumstances and require a web page reload or reboot. (CPLTS-104) - Fixed a bug where the ConnectPort LTS would get Opening error when enabling Encryption in Windows using RealPort. (CPLTS-105) - Fixed a bug where SSH to a serial socket (e.g. 2508) fails if port is set to local authentication. (CPLTS-108) - Fixed a broken online help link. (CPLTS-109) - Fixed a problem where SSH Key authentication was failing under 1.4.x with unsupported DSA keys. (CPLTS-110) 03-03-2015 version 1.3.1 Enhancements - Increase the user name character maximum.(CPLTS-53) - Added 802.3ad for network failover/redundancy. (CPLTS-54) - Added a command for the NDS like CLI that will kill all processes on a port. (CPLTS-56) - Added a command for the bash shell that will kill all processes on a port. (CPLTS-57) - Added NTP support. (CPLTS-64) Bug Fixes - Fixed a problem where Front Panel LCD Diagnostics Fails on Network Test. (CPLTS-66) - Fixed a syntax error with the 'set service' command. (CPLTS-67) - Fixed a problem where the device would Keep prompting for root password upon factory default. (CPLTS-68) - Fixed a Syntax error via web ui to change your password. (CPLTS-69) 11-07-2014 version 1.3.0.4 Enhancements - None Bug Fixes - Fixed several security vulnerabilities (CPLTS-60: CVE-2014-6271 / CVE-2014-7169 CVE-2014-7186 / CVE-2014-7187 CVE-2014-6277 / CVE-2014-6278 Bash Shell Shock) - Fixed a security vulnerability (CPLTS-63: CVE-2014-3566 Poodle issue with SSL) 04-18-2014 version 1.3.0.1 Enhancements - None Bug Fixes - Fixed Heartbleed vulnerability. 01-24-2014 version 1.3.0 Enhancements - Added ability to set connectesc, telnetesc or sshesc keys. - Add option to set socket connections for Modem Out. - Add support for menus. Bug Fixes - Fixed a problem where brmode broken -- files missing from build binary. - Fixed a problem with Random reboot of LTS32. - Fixed a problem where Web and CLI Radius authentication fails with an account server specified. - Fixed a problem where ConnectPort LTS devices out of manufacturing showing kernel panic. - Fixed a problem where DNS2 entry does not hold across reboot. 06-04-2013 version 1.2.1 Enhancements - Added ability to get Serial and Network Stats via SNMP - Add option for UDP sockets that sent data received is automatically returned to the last UDP client. - Add an option to NDS CLI for handling data performance. Bug Fixes - Fixed a problem with transition of RTS and DCD. - Fixed a problem where we could lose port log data if communication to NFS server is lost. - Fixed a problem with bad performance compared to TS. - Fixed a problem where we were losing data running the loopback rptest at various rates. - Fixed a problem with random lockup of LTS32. - Fixed a problem with serial diags total data out does not refresh - Fixed a problem with Web and CLI authentication. Radius auth fails with an account server specified. - Fixed a problem where a radius authenticated user cannot see the Admin->System Information. - Fixed a problem with CLI authentication. Radius auth fails for SSH, works for telnet. - Fixed a problem where the serial port Modem profile auth page has options for radius. - Fixed a problem where the HTTP service is disabled a scan utility still report the service as being available. - Fixed a problem where an unlisted TCP Port was active on the network interface. PORT - 111 - Fixed a problem where the ethernet link speed and duplex were not set via web ui. 05-31-2012 version 1.2.0 Enhancements - Added support for Dual Power units - Changed the logo on the LCD screen. - Added a Local profile to the serial port profiles. - Enhanced the XML in the config file. - Changed the SSH public key upload method to support both file upload and cut and paste methods. - Added an option to save network settings when doing a factory reset. - Added an option to factory reset the only the serial ports. Bug Fixes - Fixed a problem where XBee hardware test in the bios failed. - Fixed a problem where External modem test in the bios failed. - Fixed the format of the device ID. - Fixed a problem with backup print. - Fixed a problem with killing the HTTP/HTTPS process. - Fixed a problem where serial signals were displayed incorrectly in Web UI. - Fixed a problem with LPD printing. - Fixed a security problem where security message was displayed upon failed login attempt. - Fixed a problem where 2 processes were showing on a single SSH connection. - Fixed a problem where a TCP client connection was not being displayed. - Fixed a problem where no gateway was being set for eth1 when source based routing was enabled. - Fixed a problem where killing RealPort process was not being blocked. - Fixed a problem where RTS toggle in rs422 mode was not working correctly. - Added RealPort options to the application section of the Web UI. 08-27-2010 version 1.1.0 Enhancements - Added Python support - Added XBee support - Added build date to firmware tag. Bug Fixes - Fixed a problem when connecting to some serial devices through the CLI. - Fixed a problem where only part of the IP address showed at the login prompt of the console port. - Fixed a problem with message for SD card detection. - Fixed a problem with the command display tcp. - Fixed a problem where an ADDP query did not return the DHCP state. - Fixed a problem where Uploading files to the device that make the system run of disk space doesn't fail properly. - Fixed a problem where ADDP could not reboot the device. - Fixed a problem where Trying to access the USB storage device resulted in a error, causing the WebUI to stop responding. 05-11-2010 - Initial release