FIRMWARE RELEASE NOTE ===================== Products affected: AXIS C1004-E, C2005 Release date: 2024-11-25 Release type: Production Firmware version: 10.12.265.1 Preceding release: 10.12.257.1 -------------------------------------------------------------------------------- Upgrade instructions ==================== NOTE 1: If your device is currently running FW version 1.85.060 or a FW version prior to 1.85.060 you need to upgrade in the following steps: 1.65.032 -> 1.85.060 -> 9.80.85.1 -> 10.12.265.1 NOTE 2: If upgrading a device from 1.65.032 to 1.97, 9.80 or later, without doing a factory default, you will need to change the device settings to allow HTTPS calls. Until done follower devices will stop playing and appear offline to the leader. Features in 10.12.265.1 ======================= 10.12.265.1:F1 Updated wpa-supplicant to version 2.11 to increase overall cybersecurity level. Corrections in 10.12.265.1 ========================== 10.12.265.1:C1 Updated zlib (libz1), addressing CVE-2023-45853. 10.12.265.1:C2 Updated libxml2, addressing CVE-2023-45322 and CVE-2024-25062. 10.12.265.1:C3 Restrict access to param.cgi so that only authorized administrators can configure privacy masks. 10.12.265.1:C4 Updated busybox, addressing CVE-2022-48174. 10.12.265.1:C5 Update Dbus to version 1.12.28 addressing CVE-2023-34969. 10.12.265.1:C6 Updated util-linux, addressing CVE-2024-28085. Features in 10.12.257.1 ======================= 10.12.257.1:F1 Updated OpenSSL to version 1.1.1za to increase overall cybersecurity level. 10.12.257.1:F2 Updated libssh2 to version 1.11.0 to increase overall cybersecurity level. 10.12.257.1:F3 Updated OpenSSH to version 9.8p1 to increase overall cybersecurity level. 10.12.257.1:F4 Updated Apache to version 2.4.62 to increase overall cybersecurity level. 10.12.257.1:F5 Updated cURL to version 8.10.1 to increase overall cybersecurity level. Corrections in 10.12.257.1 ========================== 10.12.257.1:C1 Addressed a vulnerability allowing DHCPv6 lease injection through unvalidated input parameters. 10.12.257.1:C2 Addressed CVE-2024-0067. For more information, please visit the Axis vulnerability management portal. 10.12.257.1:C3 Addressed CVE-2024-6173. For more information, please visit the Axis vulnerability management portal. 10.12.257.1:C4 Addressed CVE-2024-6509. For more information, please visit the Axis vulnerability management portal. 10.12.257.1:C5 Corrected an issue where the ONVIF profile metadata was not saved correctly. 10.12.257.1:C6 Addressed CVE-2023-52160 in wpa-supplicant to increase overall minimum cybersecurity level 10.12.257.1:C7 Removed example private keys, previously intended for demonstration purposes only, to address security scanner findings. 10.12.257.1:C8 Corrected an issue with malformed XML data in the metadata stream. 10.12.257.1:C9 Addressed CVE-2024-7784. Note that downgrading the product to an older AXIS OS version other than the latest supported 11.11 LTS or 10.12 LTS track release is not possible. For more information, please visit the Axis vulnerability management portal. 10.12.257.1:C10 Corrected an issue in the Event system where a faulty event topic filter could cause log messages to flood as well as prevent RTSP metadata streams from opening correctly. 10.12.257.1:C11 Addressed CVE-2024-8160. This CVE will be externally disclosed on 26 November 2024, more detailed information will follow at that time. For more information, please visit the Axis vulnerability management portal. 10.12.257.1:C12 Changed the indicated LED from green to off during normal operation. 10.12.257.1:C13 Addressed CVE-2024-45491 in expat (libexpat1) version 2.6.2. 10.12.257.1:C14 Addressed CVE-2024-45492 in expat (libexpat1) version 2.6.2. 10.12.257.1:C15 Addressed CVE-2024-45490 in expat (libexpat1) version 2.6.2. 10.12.257.1:C16 Addressed CVE-2024-28757 in expat (libexpat1) version 2.6.2. 10.12.257.1:C17 Addressed CVE-2023-52426 in expat (libexpat1) version 2.6.2. 10.12.257.1:C18 Addressed CVE-2023-45918 in ncurses (libtinfo5). 10.12.257.1:C19 Addressed CVE-2023-50495 in ncurses (libncursesw5). 10.12.257.1:C20 Addressed CVE-2022-38725 vulnerability in syslog-ng. 10.12.257.1:C21 Addressed CVE-2023-29491 vulnerability in ncurses (libncursesw5). 10.12.257.1:C22 Improved stability and reliability of the certificate management service. Features in 10.12.240.1 ======================= 10.12.240.1:F1 Updated Apache to version 2.4.59 to increase the overall cybersecurity level. Corrections in 10.12.240.1 ========================== 10.12.240.1:C1 Corrected an issue where invalid data could crash the Remote Syslog cgi. 10.12.240.1:C2 Corrected an issue where SSH users who used ssh-copy-id to install their SSH key as authorized on the device would unintentionally still have SSH access after a factory default with keeping IP settings. 10.12.240.1:C3 Corrected memory problems for products utilizing AXIS O3C Dispatcher service. Features in 10.12.236.1 ======================= 10.12.236.1:F1 The parameter RemoteService.ProxyPassword that controls the proxy password has been masked and made unreadable for security reasons. 10.12.236.1:F2 Updated cURL to version 8.7.1 to increase overall cybersecurity level. 10.12.236.1:F3 Added DNS cache for O3C client to reduce the DNS lookup. Corrections in 10.12.236.1 ========================== 10.12.236.1:C1 Improved stability of the WSDD (Web Services Dynamic Discovery) by addressing potentially unexpected crashes. 10.12.236.1:C2 Corrected an issue where # in network sharing passwords was not supported. 10.12.236.1:C3 Corrected an issue where mounting network share with 'space' character in the name, was not working correctly. 10.12.236.1:C4 Addressed CVE-2024-0066. For more information, please visit the Axis vulnerability management portal. Features in 10.12.228.1 ======================= 10.12.228.1:F1 Updated time zone database version to 2023d. 10.12.228.1:F2 Updated curl to version 8.6.0 to increase overall cybersecurity level. 10.12.228.1:F3 Updated OpenSSL to version 1.1.1x to increase overall cybersecurity level. Corrections in 10.12.228.1 ========================== 10.12.228.1:C1 Addressed CVE-2024-0055. For more information, please visit the Axis vulnerability management portal. 10.12.228.1:C2 Updated mDNS Responder Daemon (mDNSResponder) to version 2200.60.25.0.4, enhancing overall system stability. Features in 10.12.221.1 ======================= 10.12.219.1:F1 Changes in audio latency to ensure compatibility between 10.12-LTS and 11.8 when using AXIS Audio Manager Edge. 10.12.219.1:F2 Updated curl to version 8.5.0 to increase overall cybersecurity level. 10.12.219.1:F3 Updated Apache to version 2.4.58 to increase overall cybersecurity level. 10.12.221.1:F4 Updated OpenSSH to version 9.6p1 to increase overall cybersecurity level Limitations in 10.12.221.1 ========================== 10.12.221.1:L1 AXIS Audio Manager Edge: Use AXIS OS version 10.12.221.1 or above or 11.8 or above, on all devices in the site. Other combinations of newer and older AXIS OS versions will result in sound playing out of sync. Features in 10.12.213.1 ======================= 10.12.213.1:F1 Updated curl to version 8.4.0 to increase overall cybersecurity level. Corrections in 10.12.213.1 ========================== 10.12.213.1:C1 Corrected CVE-2023-21418. For more information, please visit the Axis vulnerability management portal. 10.12.213.1:C2 General improvements for the audio system's stability. 10.12.213.1:C3 Corrected CVE-2023-4911. 10.12.213.1:C4 Corrected CVE‐2023‐21416. For more information, please visit the Axis vulnerability management portal. Features in 10.12.208.1 ======================= 10.12.208.1:F1 Updated OpenSSL to version 1.1.1w to increase overall cybersecurity level. 10.12.208.1:F2 Updated CURL to version 8.3.0 to increase overall cybersecurity level. 10.12.208.1:F3 Improved SNMP Monitoring by adding support for the ipAddressTable OID. Corrections in 10.12.208.1 ========================== 10.12.208.1:C1 Corrected an issue where the Web interface was unintentionally modifying the timezone upon loading, even if the device had been previously configured outside of the Web interface. 10.12.208.1:C2 Corrected CVE-2023-21413. For more information, please visit the Axis vulnerability management portal. 10.12.208.1:C3 Updated the mDNS Responder Daemon (mDNSResponder) to version 1790.80.10 to improve system stability. Features in 10.12.183.1 ======================= 10.12.183.1:F1 Updated Apache to version 2.4.57 to increase overall cybersecurity level. 10.12.183.1:F2 Updated OpenSSL to version 1.1.1u to increase the overall cybersecurity level. 10.12.183.1:F3 Updated curl to version 8.1.0 to increase overall cybersecurity level. 10.12.183.1:F4 Added proxy configuration support to the Owner Authentication Key (OAK) cgi using group root.RemoteService, simplifying setup on networks requiring proxy servers for Internet access and improving the authentication process. 10.12.183.1:F5 Added detailed health information from SD cards to the server report, including power cycle statistics and flash wear rates. This improvement allows for a better monitoring of the system's health that can prevent downtime or data loss. Corrections in 10.12.183.1 ========================== Corrections in 10.12.183.1:C1 Improved the syslog system stability by fixing a memory leak. Corrections in 10.12.183.1:C2 Enhanced SNMP Monitoring: We resolved a missing TCP sub-tree OID issue in NET-SNMP by adding support for the SNMP TCP MIB object .1.3.6.1.2.1.6. This improvement ensures a smooth and uninterrupted SNMP monitoring experience. Corrections in 10.12.183.1:C3 Corrected an issue with OAK (owner authentication key). It now only produces warnings in the log instead of errors if the device is not able to connect to the internet. Features in 10.12.150.1 ======================= 10.12.150.1:F1 Updated Apache to version 2.4.55 to increase overall cybersecurity level. 10.12.150.1:F2 Updated OpenSSL to version 1.1.1t to increase the overall cybersecurity level. 10.12.150.1:F3 Updated curl to version 7.87.0 to increase overall cybersecurity level. 10.12.150.1:F4 Updated time zone database version to 2022d. Corrections in 10.12.150.1 ========================== Corrections in 10.12.150.1:C1 Corrected an issue in the platform where audio was not working correctly in the Companion and AXIS Camera Station iOS apps. Correction was also needed in the iOS apps, therefore requires iOS Companion version 7.11.14 or later, and iOS AXIS Camera Station 4.6.12 or later. Corrections in 10.12.150.1:C2 Improved system stability during roll-back. Features in 10.12.138.2 ======================= 10.12.138.2:F1 Updated cURL to version 7.86.0 to increase overall cybersecurity level. 10.12.138.2:F2 Updated OpenSSL to version 1.1.1s to increase the overall cybersecurity level. Corrections in 10.12.138.2 ========================== 10.12.138.2:C1 Corrected an issue which could cause audio clips not to play to completion. 10.12.138.2:C2 Corrected an issue that caused the wrong file size to be reported for recordings larger than 50MB when using FTP. 10.12.138.2:C3 Corrected an issue where ACAP application parameters were reset after firmware upgrade. Features in 10.12.119.1 ======================= AXIS Audio Manager Edge features -------------------------------- 10.12.119.1:F1 The leadership role, configuration and stored content of your AXIS Audio Manager Edge site can now be transferred to another device in the site. 10.12.119.1:F2 Expanded the support for storing multiple schedules to also include advertisements- and announcement schedules. As before, there can only be one active schedule of each type at a time. FW features ----------------- 10.12.119.1:F3 Updated curl to version 7.85.0 to increase overall cybersecurity level. Corrections in 10.12.119.1 ========================== 10.12.119.1:C1 Corrected an issue in AXIS Audio Manager Edge so that "Microphone" can now be selected as intermediary device for a line in paging source. 10.12.119.1:C2 In AXIS Audio Manager Edge, SIP/Vapix Intercom has been renamed to SIP/Vapix Talkback. 10.12.119.1:C3 Removed the pre-configured action events called "Pre-announcement tone: Answer call after incoming call-tone" and "Pre-announcement tone: Play tone on incoming call" from the device configuration web. A detailed step-by-step instruction of how to configure the action events has been added to the device manual. 10.12.119.1:C4 Corrected an issue where events created to mute an audio site could be deleted after restart from the device configuration web. 10.12.119.1:C5 Corrected an issue to make it possible to create certificates with Common Name up to 64 characters. 10.12.119.1:C6 Corrected an issue that could cause O3C client to be disconnected due to exhausted resources. Known limitations ================= 10.12.138.2:L1 With Milestone and Genetec the G711 codec is not working correctly on products with the i.MX 6SoloX processor. Applies to: C8210, C8110, C1210-E, C1211-E, C1510, C1511. 10.12.138.2:L2 From FW version 10.12.66.1 and onwards AXIS Audio Manager Pro v3.3 is not supported. FW upgrade will fail if AXIS Audio Manager Pro 3.3 ACAP is found on the device. Users are advised to upgrade to AXIS Audio Manager Pro v4.0 or later version before upgrading the device. To continue using AXIS Audio Manager Pro 3.3 you should change firmware to 9.80 long-term support (LTS) track. 10.12.138.2:L3 There is currently no support for PEM certificates when using TLS authentication in AXIS Audio Manager Edge. 10.12.138.2:L4 If the user tries to add more than 40 devices at the same time in AXIS Audio Manager Edge the system might fail to add all devices. The user can still try again and add the remaining devices in one or more sessions.