EdgeOS Firmware Changelog ==== Supported products * EdgePoint R6, model: EP-R6 * EdgePoint R8, model: EP-R8 * EdgeRouter X, model: ER-X * EdgeRouter X SFP, model: ER-X-SFP * EdgeRouter Lite, model: ERLite-3 * EdgeRouter PoE, model: ERPoe-5 * EdgeRouter, model: ER-8 * EdgeRouter PRO, model: ERPro-8 * EdgeRouter 4, model: ER-4 * EdgeRouter 6P, model: ER-6P * EdgeRouter 12, model: ER-12 * EdgeRouter 12P, model: ER-12P * EdgeRouter Infinity, model: ER-8-XG ==== v2.0.9 (e50, e100, e200, e300, e1000) Changelog / November 19, 2020 ==== Improvements: Analytics - Add anonymous crash reporting and analytics reporting that are disabled by default Analytics - Add popup window to WebGUI where admin is being asked to allow or deny analytics&crash-reporting WebGUI - Add firmware upgrade button WebGUI - Add "Factory Reset" button CLI - Add new CLI command "add system image" to automatically download and install latest stable firmware CLI - Update CLI welcome message to make it consistent with other Edge*** products System - Decrease size of firmware image by removing dependency on "libxml" and excluding it Performance - Reduce RAM usage by disabling systemd journaling Performance - Improved forwarding performance on all ER models when offloading is disabled (+10% ~ +30%) Performance - Improved IPsec performance on ER-X/ER-X-SFP/ER-10X/EP-R6 when offloading is enabled (+10%) VPN - Add new L2TP VPN remote access client interface that establishes VPN connection to external L2TP remote access VPN server VPN - Enable "connmark" plugin in strongswan to allow connection from multiple L2TP-VPN clients from same NAT UNMS - Add support for "unlimited queues" and "dynamic wan interface" in UNMS QoS DPI - Upgrade DPI signature database to version 1.564 PPPoE - Increase PPPoE client IP pool size from 256 to 1024 Security - Now current config, private user files and backup firmware image will be permanently deleted when doing factory reset via CLI/WebGUI/UNMS. Previously *backup* firmware image used to survive factory-reset Fixes: WebGUI - Fix bug when WebGUI showed wrong RX/TX counters on eth0~eth7 when ipv4 offloading is enabled WebGUI - Fix regression from v2.0.0 when bandwidth measurement tool in WebGUI did not work at all WebGUI - Fix bug in WebGUI when UNMS status is stuck in "connecting" state forever WebGUI - Fix bug in WebGUI when some tools did not show any output (ping, trace, log, capture, bandwidth) WebGUI - Fix bug when WebGUI randomly crashed because lighttpd was stuck with 100% CPU load. lighttpd was upgraded to v1.4.55 WebGUI - Fix bug in WebGUI when firewall stats were empty during first 30 seconds UNMS - Fix bug when QoS could not disabled from UNMS UNMS - Strip 3rd party DEB packages from backup file when making ER backup from UNMS UNMS - Fix wrong LED color indication when UNMS is not configured UNMS - Fix bug when UNMS sometimes failed to perform initial connection with ER UNMS - Fix bug when UNMS QoS crashed when binding to missing PPPoE interfaces UNMS - Fix memory leak in udapi-bridge process when ER is connected to UNMS UNMS - Fix rare config mis-synchronization between ER and UNMS causing random errors when configuring via UNMS SFP - Fix bug when SFP port failed to process packets after reboot SFP - Fix bug when some SFP modules were mistakenly reporting tx error SFP - Fix bug when SFP interface stops working when Ethernet interface loses link on ER-12 SFP - Fix bug when stats in WebGUI stall if SFP module is misbehaving and responding with garbage instead of valid sfp data Offloading - Fix random lock-ups when hwnat offloading is enabled on ER-X/ER-X-SFP Packages - Restore builtin "etherwake" package that was removed since v2.0.0 firmware PPPoE/L2TP/PPP - Fix buffer overflow vulnerability in pppd daemon (CVE-2020-8597) OSPF - Fix bug when OSPF neighbors disappear after interface flap if OSPF network has /32 mask CLI - Fix bug when add system image CLI command did not show "yes/no" prompt if there's no backup firmware image CLI - Fix bug when shell command switch pvid dump crashes on ER-X BGP - Fix bug when blocked BGP prefix leaked to neighbors when committing large BGP config SNMP - Fix "unknown notification OID" and "Unknown token: monitor" errors in syslog when configuring SNMP SNMP - Fix bug when SNMP flooded "error on subcontainer ia_addr insert" errors in syslog SNMP - Fix SNMP flooding "cannot get stats strings information for interface" error to syslog on ER-X LoadBalancing - Fix bug when Load Balancing randomly failed if WAN interface acquired new DHCP address PPPoE - Fix RCE vulnerability in pppoe-server when using custom radius-disconnect script PPPoE - Fixed confusing "PADT: Generic-Error: xxxx" syslog message when PPPoE client disconnected. Discussed here DDNS - Fix potential DDNS config disclosure vulnerability if multiple Dynamic DNS providers are configured PPTP - Don't load nf_nat_pptp module during boot unless it it is really used IGMP - Upgraded igmp-proxy to fix multiple IPTV freeze/disconnect issues System - Add "ethtool" support for ER-X/ER-X-SFP/ER-10X models VPN - Fix bug when L2TP-VPN daemon randomly crashed when WAN interface updated DHCP lease IPv6 - Fix bug when radvd failed when loading configuration with many VLANS (10+) IPv6 - Fix bug when PD wont start if prefix6 range is outside of declared subnet. IPv6 - Add static mapping feature for IPv6 PD so that service dhcp-statefull could have statically mapped hosts OSPFv3 - Fix regression from v2.0.7 when OSPFv3 stopped adding received routes to RIB OSPFv3 - Fix bug that caused failure when redistributing OSPFv3 routes via BGP QoS - Fix bug when burst-size was causing bad performance when configured in UNMS Interfaces - Add missing firewall config for switch0.pppoe and switch0.vif.pppoe interfaces Interfaces - Fix bug when VLAN interface with MTU <1280 triggers "Commit Failed" error Interfaces - Fix bug when packets with wrong MAC leaked to WAN if offloading is enabled on ER-X Interfaces - Fix bug when wrong TX/RX counters were reported on switched port on ER-12/ER-12P Interfaces - Allow deleting non existing address from config if it disappeared from kernel Routing - Fix bug when all routing daemons (bgp, ospf, rip, ripng...) randomly & permanently die. Routing - Added Ethernet driver patch from Cavium that fixes packet reordering with 4.x kernel TechSupport - Add more LoadBalancing debug info to tech-support file SSH-Recovery - Fix bug when setting VLAN interfaces in service ssh-recovery listen-on caused config corruption after reboot LED - Fix bug when LED light was stuck in WHITE color forever DHCP - Fix bug when same hostname could not be statically-mapped in different subnets for IPv4/IPv6 DHCP servers DHCP - Fix bug in DHCP server when dhcp-boot option of first subnet was applied to all networks PoE - Fix bug when PoE on eth9 on ER-10X remained enabled after doing factory reset UPnP - Backport CVE-2019-12111 that fixes DDoS attack in miniupnpd . Known issues: DPI - Sometimes DPI is reporting wrong rx/tx counters Offloading - L2TP IPSec traffic is not being offloaded on Mediatek-based routers (ER-X, ER-X-SFP, EP-R6) Offloading - VLAN traffic is not being offloaded on ER-12