Firmware-update: Ubiquiti USG 4.4.22

Ubiquiti heeft nieuwe firmware uitgebracht voor zijn wireless producten die in de USG-serie vallen. USG staat voor UniFi Security Gateway en zijn bedoeld om als router ingezet te worden. Het bevat onder andere een krachtige firewall, vlan-opties, vpn-mogelijkheden en kan ingeregeld worden met de UniFi Controller die ook bijvoorbeeld accesspoints en switches kan aansturen. Het versienummer van deze firmware is vastgezet op 4.4.22 en voorzien van de volgende lijst met aanpassingen:

[USG] Firmware v4.4.22 now available

Changes since v4.4.21 as follows.

• Fix commit error being generated upon multiple provisions of the same configuration. Source of commit errors with no specific config node specified, like the following.
  { "DELETE" : { "failure" : "0" , "success" : "1"} , "SESSION_ID" : "4e7515ee5389ee8553b81db074" , "SET" : { "error" : [ "The specified configuration node is not valid\n"] , "failure" : "1" , "success" : "0"}}
• Fix regression in local web UI introduced in 4.4.21.
• IDS/IPS - fix potential loop in signature fetching.
• Improve dnsmasq reloading behavior, increasing scalability of hostfile-update feature.
• Fix application of config changes on running system in source-validation/uRPF.
• Update tzdata (time zones) to 2018d version.
• USG-XG-8 specific - Send interface speed to LCM (display)

[USG] Firmware v4.4.21 now available

Changes since last release version 4.4.18 as follows.

• Back end for port remapping in 5.8.x and newer controller versions
• Fix premature expiring of TCP connection states for long-lived idle connections.
• RADIUS server - back end improvements to remove character restrictions on passwords. ' and " were not usable previously.
• IDS/IPS - Upgrade to Suricata 4.0.4, slight performance improvements, back end improvements and bug fixes
• Reduce CPU utilization of statistics gathering, resolves increased CPU usage some were seeing since 4.4.18
• Resolve memory leak in mcad
• Back end improvements for dnsmasq as DHCP server handling of hostnames of DHCP reservations
• Fix dnsmasq as DHCP server for networks other than /8, /16 and /24
• Disable deprecated SSH ciphers
• Fix source of increased CPU usage from mcad and ubnt-util in 4.4.18 and some previous dev versions.
• Remove "noccp" from xl2tpd configuration. It should not be necessary to disable, and some Windows L2TP clients want CCP.
• Removed offload scheduler which caused performance degradations with some configurations utilizing rate limiting user groups.
• Import FTP conntrack fix for FTP servers that use unusual formatting of their 227 message. Would result in a hung connection previously. Not aware of any real world encounters of the issue, as FTP servers that would be impacted are very rare, was discovered by commercial QA testing tools.
• Fix use of external guest portal through USG
• USG-XG-8 Specific Changes:
  • Updated LCM firmware
  • Bluetooth back end updates
  • Kernel version upgrade, resolves high and growing CPU usage from migration processes some were seeing
  • Allow disabling autonegotiation on eth0 port