Pour les posseseurs de routers Ubiquiti : (Attention sur ERx depuis 1.9.7-hf4, il a fallu faire: Update -> Backup config -> Reset Erx -> Recovery Backup )
https://community.ubnt.com/t5/EdgeMAX-U ... -p/2233263
[Release Notes v1.10.0]
Changes since v1.9.7-hotfix.4
[Ssh-recovery] - This is new service which starts during early boot stage and provides emergency SSH access via IPv6 link-local address. ssh-recovery can be used to access shell from directly connected neighbor if router is not accessible by normal means. By default ssh-recovery service is listening on port 60257 on all ethernet interfaces and it is automatically terminated 60 seconds after boot. More information is available in this article.
[Iperf] - Added iperf 2.0.3 which will be used by UNMS to measure bandwidth towards AirMAX devices
[UBNT-discover] - Add CLI command to disable "ubnt-discovery" daemon, thus ER will stop responding to discovery messages on 10001 UDP port. (set service ubnt-discover-server disable). Discussed here
[BGP] - Add support for BGP extended community that allows setting 4-byte AS numbers (set policy route-map xxx rule 42 set extcommunity rt 1234567:3200). Discussed here.
Enhancements and bug fixes:
[WebGUI] - Add link to UMobile app to the login page
[WebGUI] - Show full FW version in system version tooltip
[WebGUI] - Display warning if UF-RJ45-1G has invalid speed
[WebGUI] - Add tooltips for ports whose speeds can't be changed on ER8-XG
[WebGUI] - fix XSS vulnerability in GUI when creating new user
[WebGUI] - fixed security vulnerability when operator user was able to rewrite any file by abusing poorly validated fields in "Packet capture" WebGUI window
[WebGUI] - added UNMS status to WebGUI dashboard
[WebGUI] - Fix stored XSS in Routing window
[WebGUI] - Add "Download tech-support file" button in WebGUI
[Routing] - Add watchdog for critical routing daemons (nsm, ribd, ospfd, bgpd...) which will restore crashed daemon
[BGP] - Fix bug when BGP session was closed if "BGP_ATTR_FLAG_PARTIAL" flag was missing in AS4_PATH attribute. Discussed here
[BGP] - Fix bug when name of BGP community-list was parsed incorrectly allowing bad name to pass validation
[Security] - Fix security vulnerability when partial contents of console buffer could be leaked via web socket connection
[Interfaces] - Fix bug when auto-negotiation did not work on ER-PoE. Discussed here
[Interfaces] - Fix regression in 1.9.7 when POE was randomly not turning on after reboot on ER-X-SFP. Discussed here
[Dnsmasq] - Fix bug when dnsmasq did not start if DHCP server functionality was disabled and DNS "service dns forwarding except-interface" was set. Discussed here
[DHCP] - Add static ARP support for DHCP-leased IPs with "set service dhcp-server static-arp"
[DHCP] - Fix invalid characters in client's hostname. Discussed here
[DHCP] - Fix bug when 2nd DHCP client could not receive address from DHCP server if IPv4 offloading was enabled on Cavium-based routers (ER, ER-8-pro, ER-4, ER-6, ER-lite, ER-poe).
[DHCP] - Add global DHCP client options to configuration (set interfaces ethernet eth0 dhcp-options global-option xxx). Discussed here
[Firewall] - add a contiguous option to firewall time extension "set firewall name xxx rule yyy time contiguous..."
[System] - Increase maximum ARP/NDP cache table size
[System] - Coredumps will not be generated anymore unless explicitly enabled with "set system coredump enabled"
[System] - Fix bug when "ubnt-utils" daemon randomly crashed. Discussed here
[System] - Fix bug when ER-4 and ER-6 randomly hanged
[CLI] - Improve speed of multiple CLI commands in following areas - interfaces, static-route, ospf, ospfv3, policy, dhcp, dns, pppoe-server, qos.
[CLI] - Fix hostname validation when configuring static-mapping.
[Offload] - Fix packet reordering issue on Cavium-based routes. Now you can remove workaround that fixed this issue by forcing single-core RX processing:
Code : Tout sélectionner
configure delete system packet-rx-core-num commit save
[Offload] - Fixed bug in PPPoE offloading on Cavium-based routers when packets with incorrect IP checksum caused corrupted downloads (this fix works on all models except ER-Infinity). Discussed here
[FlowAccounting] - Added flow-accounting via ipt-netflow which performs better (+25% max throughput) comparing to original pmacct netflow implementation. This ipt-netflow can be configured in CLI with "set system flow-accounting-ipt ..."
[Flow-accounting] - fix bug when flow-accounting detection failed. Discussed here
[Kernel] - Fix bug when ER randomly rebooted on Cavium-based routers. Discussed here and here and many other threads on forum.
[L2tpv3] - Fix bug when l2tpv3 interface could not be added to bridge during boot
[Switch] - Fix bug when last interface could not be removed from switch via GUI
[Switch] - Fix bug when address could be set to interface which is assigned to switch
[SNMP] - Improve snmp performance by moving cache from flash storage to tmpfs.This also fixed random kernel crashes when SNMP updating cache in tight loop
[Boot] - Decrease boot delay on ER-X from 5 seconds to 1 second
[UNMS] - Fix bug when /tmp/sysd-save.xxxx files sometimes were not deleted if UNMS was enabled
[UNMS] - Fix Remote Code Execution via UNMS
[PPPoE] - Add description to pppoe interface. Discussed here
[DNS] - Fix bug when namesevers were randomly erased from '/etc/resolv.conf' file. Discussed here
[EULA] - Update EULA
Updated software components:
[Kernel] - upgraded Linux kernel to 3.10.107
[DHCP] - upgraded ISC DHCP to 4.1-ESV-R8
Bug with corrupted downloads via PPPoE interface is not fixed for ER-8-XG (it is fixed on all other ER models). Workaround - disable PPPoE offloading:
Code : Tout sélectionner
configure set system offload ipv4 pppoe disable set system offload ipv6 pppoe disable commit save
Code : Tout sélectionner
sudo kill -kill `pidof ubnt-util`
Process 749 (ubnt-util) has crashed (parent 656 (ubnt-daemon) signal 11, code 0, addr 0000029000000000), coredumps disabled
This crash does not affect functionality and it can be safely ignored. It will be fixed in future release.