Release Notes for the AnywhereUSB/5 G2 82002237_M1 firmware / v1.92.2002 (PN: 93000953_M1) Apr 21, 2017 INTRODUCTION This is a production release of the AnywhereUSB/5 G2 firmware (EOS). SUPPORTED PRODUCTS AnywhereUSB/5 G2 ENHANCEMENTS Rev M1 (v1.92.2002) None. Rev M (v1.90.1854) Remote Management (previously know as Device Cloud) support. A user can now remotely manage AnywhereUSB via my.devicecloud.com. See User's Guide for details. Rev L4 (v1.84.1763) None. Rev L3 (v1.83.1731) None. Rev L2 (v1.82.1642) None. Rev L1 (v1.81.1568) None. Rev L (v1.80.1544) - Tunneling support so that all traffic between a host computer and the AnywhereUSB goes over a single connection instead of multiple connections. This substantially reduces enumeration latencies. This requires AnywhereUSB driver v3.70 and up. Refer to driver release notes. Rev K1 (v1.70.1474) None. Rev K (v1.60.1420) - Configurable exception handling. From the CLI, the user can specify how the AnywhereUSB behaves if and when an exception happens. There are 3 Behaviors which can be selected: 1. Blink LEDs. This is the original behavior. When this happens, the user must press the front panel button to reset the unit or put it in crashdump upload mode. 2. Reset. This is now the new default behavior. If and when an exception happens, the unit will reboot itself and preserve the panic record so that it may be displayed from the CLI. 3. Crashdump Mode. If and when an exception happens, the unit automatically goes into crashdump mode so that a user can upload the crashdump from a TFTP client. For help, type "help set exception" from the CLI. - Firmware support for encrypted Anywhere/USB traffic. This requires a new client driver which has not yet been released. - The default Duplex Mode for the Ethernet Interface (found in Network Configuration / Advanced Network Settings) has been changed from Half-Duplex to Full-Duplex. This may not take effect if you upgrade from an earlier firmware release. Rev H (v1.51.1219) - Support for High Speed USB devices at actual High Speed link speed. Users should not expect performance like that of a directly attached USB connection since the ethernet adapter is limited to is 100 MB/s . For example, it takes 234 seconds to read a 1Gb file from a USB flash drive connected to the AnywhereUSB/14. It only takes 60 seconds for a USB flash drive connected directly to a PC USB port. However, that is a big improvement from previous firmware which takes 1175 seconds. This firmware is incompatible with Windows driver releases prior to v3.51. - Added TFTP support for uploading crash dumps. Crash dumps can no longer be uploaded via serial ports. TFTP is simpler and supported across entire product line instead of just those with serial ports. BUG-FIXES Rev M1 (v1.92.2002) - [NDS-575 / AWUSB-381] This AnywhereUSB device has a critical vulnerability: CVE-2014-9222. Fixed. - [NDS-574 / AWUSB-381] This AnywhereUSB device has a related critical vulnerability: CVE-2014-9223. Fixed. - [AWUSB-390] Rare exception occurred related to network outages. Fixed. Rev M (v1.90.1854) None. Rev L4 (v1.84.1763) - Add 10ms delay between resetting device and setting its address to get it to work with FTDI USB to Serial converters. Rev L3 - Latest version of Chrome (45) fails with an error code of ERR_SSL_FALLBACK_BEYOND_MINIMUM_VERSION when you try to open a a secure WebUI connection with an AnywhereUSB hub because of a bug in TLS v1.0. Fixed. JIRA AWUSB-274. - Disable TCP Port fields for AnywhereUSB and Encrypted AnywhereUSB services since they are not configurable. JIRA AWUSB-275. Rev L2 None. Rev L1 - Inbound USB transfers over an encrypted connection which were larger than 1024 bytes were corrupted. Fixed. - On an encrypted connection AnywhereUSB reported the IP address of the "owned by" host computer incorrectly as the local host IP address of 127.0.0.1. The AnywhereUSB Configuration Utility would display this incorrectly. It has been fixed. Rev L - Remove SSL v3.0 support in order to defend against Poodle Attack. Rev K1 - Fix possible race condition which could lead to a device lockup in a condition with many port connection changes. - Fix an exception that happened if the AnywhereUSB lost its host connection during a device enumeration. - An exception could occur with many devices because of resource exhaustion. This was a false positive and has been fixed. - Backups (backup.cfg) were corrupted. Fixed. Rev K - Fix two bugs that led to exceptions and/or BSODs when errors occur during device enumeration. - Workaround for IRP mapping to recover in case a sequence number never comes in. - Port 5 now supports Low and Full Speed devices as well as High Speed Devices Rev H - Enabled TCP ACK PUSH option to expedite URB cancellations. This sped up the removal of the Rhode Scwarz NRPZ-31 Power Sensor which queues many URBs during normal operation. - During device enumeration if Select Configuration failed, the firmware would still try to use the returned NULL pipe handle(s) leading to an ASSERT! Fixed. - Eliminate ASSERT when an attempt to free a USB device's address failed. - In certain networking environments the AnywhereUSB would see ethernet Jumbo Frames and throw an exception. This has been fixed, although it is highly recommended that customers configure their switches to block transmission of Jumbo Frames to the Anywhere/USB if possible since it may affect the AnywhereUSB's performance. Rev G - Network packets received with default RSH and RLOGIN ports caused AnywhereUSB to ASSERT. Fixed. - Don't ASSERT if a device gets removed before its USB address has been set. Very unusual conditon but firmware shouldn't ASSERT. - Fix Cancel race condition. This could happen when IRPs are cancelled upon a device removal. - Disable Smart ARP caching because it could cause the AnywhereUSB hub to be very unresponsive in certain network environments with lots of ARP requests. - Increased the size of a text field which could be overrun for certain devices and cause an exception. - Added a delay between resetting the device and reading its Device Descriptor. Some devices aren't ready right away. - Several buggy devices did not enumerate because they failed partial Device Descriptor reads, returning the entire length of a Device Descriptor and causing a USBD_STATUS_DATA_OVERRUN. We now just ignore the failure and go on to do a full Device Descriptor which succeeds. - Certain firewalls were dropping inactive connections unknownst to the Anywhere/USB hub. TCP Keep Alives have been optioned for these connections to keep that from happening. - DNS server IP addresses were saved backwards (in host order instead of network order). Fixed. - Front Panel reset button behavior has changed with regards to rebooting and factory resetting AnywhereUSB Gen 2 products. See User's Manual for details. Rev F - Added KeepAlive’s for each AnywhereUSB remote hub TCP/IP connection type: endpoint, host controller, and system. This fixes a problem with firewalls that disconnect inactive TCP/IP connections. - Change RSH and RLOGIN network services defaults to disabled. - Add work-around for non-compliant USB devices which improperly return full Device Descriptors in response to partial "Get Device Descriptor" requests. - For security purposes, the AnywhereUSB Configuration Utility can no longer change the settings of AnywhereUSB devices nor reboot them. Rebooting and settings changes can only be done via the device's WebUI. The config utility is still used to connect/disconnect with AnywhereUSB devices/groups. - Eliminated “File Management” from WebUI. It is never used and could be a potential security issue. - Fixed Ethernet speed/duplex negotiation bug. Rev E - Fix Vantive #37074. When doing a Device-to-Host Setup packet (Get operation), if the TransferBufferLength was 0, we were sending an IN for the status stage, when we should have been sending an OUT. Rev D - Fix ethernet lockup problem - Small ethernet performance improvements - Fix Vantive #36418 ("assertion: rlogin auth failed") - Fix Vantive #33549 (iDigi displayed version number incorrectly) - Fix assertion/reboot caused by host disconnection - Fix bug with Aladdin dongle enumeration Rev C - Fixed several cases where the firmware would crash or reboot under heavy load. KNOWN ISSUES There is a known cross-site scripting (XSS) issue in the firmware, classified by Digi as a extremely low risk. This will be fixed in a future firmware release.