Ubiquiti Networks heeft een hotfix voor versie 2.0.9 van de firmware voor de EdgeMax EdgeSwitches uitgebracht. De EdgeSwitches kenmerken zich door uitgebreide instelmogelijkheden, maar vergen wel enige netwerkkennis om het goed draaiend te krijgen. Ook zijn lang niet alle instellingen via de gui aan te passen en moet je dus via de commandline aan de gang. De lijst met veranderingen en verbeteringen voor deze release ziet er als volgt uit:
OverviewThe ER-X/ER-X-SFP/ER-10X/EP-R6 has more limited storage, and in some cases, an upgrade may fail due to not enough space. If this happens, remove the old backup image first (using
delete system image
CLI command, see here for more details) before doing an upgrade.More details can be found in the release notes below. Please give it a try if you are interested in the new features/changes to help us test them so that we can get the release out sooner! Thanks very much!
Improvementsn/a
BugfixesKnown issues
- [Security/DNS] - Fix dnspooq vulnerabilities in
dnsmasq
- [Security/Upgrade] - Remove
-k
(aka--insecure
) flag when downloading firmware update via CLI withcurl
- [SNMP] - Backport multiple
snmpd
memory leak fixes from upstream (1st, 2nd and 3rd)- [UNMS] - Fix memory leak in
udapi-bridge
process when UNMS is enabled- Upgraded following Debian packages: dnsmasq (2.79 => 2.83)
Additional information
- [DPI] - Sometimes DPI is reporting wrong rx/tx counters
- [Offloading] - L2TP IPSec traffic is not being offloaded on Mediatek-based routers (ER-X, ER-X-SFP, EP-R6)
- [Offloading] - VLAN traffic is not being offloaded on ER-12
- [dnsmasq] - latest
dnsmasq v2.83
has regression that causes DNS request to be resent during heavy load (details here). We will fix this issue in upcoming v2.0.9-hotfix.2 firmware update:- The symptoms are random log messages reporting "failure to send packet" and the DNS query associated with this is lost.
Retries of the query do not fail, so the operational effect of this is minimal.
To trigger the bug, dnsmasq:
1) has to be under fairly heavy load,
2) and be configured for a mixture or IPv4 and IPv6 upstream DNS servers
3) or, possibly, be using --bind-interfaces.- [dnsmasq] - shell command
dnsmasq --version
is reporting oldv2.79
version instead ofv2.83
. This is a pure cosmetic issue, please ignore it -dnsmasq
was indeed upgraded tov2.83
. This issue will be fixed inv2.0.9-hotfix.2
firmware- [sudo] - Known CVE-2021-3156
sudo
vulnerability is present inv2.0.9-hotfix.1
but it can not be exploited because non-privileged users do not have shell account. Nevertheless we will patchsudo
in upcomingv2.0.9-hotfix.2
firmwareEdgeRouter firmware can be installed via CLI, WebGUI or UNMS. Detailed installation instruction is available here.