Available DGW Firmware Versions

Latest DGW Version

Previous DGW Version

Skip to end of metadata
Go to start of metadata

Release Notes

DGW Application 48.0.2430


Summary

Incident Number ID Synopsis
IN-14782 DGW-13290 The SIP endpoint gateway does not always fail over to secondary server if the UDP connection is lost while a call is in progress.
DGW-13549 An invalid NAT configuration can cause the lost of the network contact with the device.
DGW-13570 Add two new ECDSA ciphers for TLS 1.2.
IN-14900 DGW-13652 The Sbc service is missing replacement expressions to retrieve the "From" and "To" SIP headers.
IN-14471 DGW-13668 Support the Strict-Transport-Security header for DGW Web pages as per RFC 6797.
IN-14918 DGW-13695 Option 77 cannot be removed from DHCP requests.
DGW-13701 The EpServ.AutoCall and EpServ.DelayedHotline parameters are not accessible via TR-069.
DGW-13750 Cannot limit Cwmp service HTTPS provisioning to use only TLS 1.2.
DGW-13765 Add TLS 1.3 support for the Conf, Cwmp and File services.
DGW-13785 SRTP interoperability improvements for the Mipt service.
IN-14651 DGW-13818 Add a "bye delay" parameter to the "Call Transfer Handling" ruleset action of the Sbc service.
DGW-13830 SRTP interoperability improvements for the Sbc service.
DGW-13844 Improve interoperability of the Cwmp service for download requests.
DGW-13848 The Cwmp service need a method to execute CLI commands.
IN-14945 DGW-13870 An interop parameter is needed to add/remove the <Cwmp:ID> header in Cwmp Inform requests.
DGW-13883 The SetParameterValuesFault node is missing from the SetParameterValues error response sent by the Cwmp service.
DGW-13887 The Sbc service resumes SIP calls with the wrong connection address.
IN-15005 DGW-13933 Some RTP packets may cause the application to stop responding.
DGW-13963 Protect DGW Web pages against Cross-Site Request Forgery attacks.
DGW-13969 The crypto tag in the SDP answer may not match the SDP offer.
DGW-14049 The SRTP header remains the same after a SIP hold/resume.
DGW-14063 New parameter "Remove REFER from Allow Header" is needed.
DGW-14180 The answer sent by the Sbc service to a SIP session refresh contains a new SDES crypto key instead of reusing the one previously advertised.
DGW-14183 Permanent certificates are not present after a backup is restored.
DGW-14229 CVE-2021-3449: TLS communications are vulnerable to a Denial of Service (DoS).
DGW-14268 The Sbc service does not handle the REPLACES header.


New Features

DGW-14268 - The Sbc service does not handle the REPLACES header.

The SBC ruleset action "Handle INVITE with Replaces header" was added.

DGW-14063 - New parameter "Remove REFER from Allow Header" is needed.

A new parameter "Remove REFER from Allow Header" was added to the ruleset action "Call transfer handling".

When this parameter is set, all responses and in-dialog SIP requests relayed by the SBC to the call agent peer have the REFER method filtered-out from the "Allow" header.

DGW-13963 - Protect DGW Web pages against Cross-Site Request Forgery attacks.

The following strategies have now been implemented in the DGW Web pages to protect against Cross-Site Request Forgery (CSRF/XSRF) attacks:

  • The SameSite=Lax attribute is included in the cookie.
  • CSRF tokens were added to all forms submissions (POST) and background AJAX requests (GET and POST).

The CSRF protection is always enabled.

DGW-13848 - The Cwmp service need a method to execute CLI commands.

The CWMP parameter .Services.X_0090F8_Cwmp.CwmpEx.Command was added to execute a CLI command. The CWMP parameter .Services.X_0090F8_Cwmp.CwmpEx.LastResult was also added to display the result of the last executed CLI command.

DGW-13830 - SRTP interoperability improvements for the Sbc service.

When using SDES key exchange with the Sbc service, an incorrect usage of the SRTP crytography caused the cryptographic context, which includes the rollover counter also known as ROC, to reset at inappropriate times. This does not affect the DTLS-SRTP key exchange.

A new "SRTP preferences" ruleset action was added to configure interoperability parameters.

This ruleset action allows the configuration of the following three parameters:

  1. CryptoModeOnOffer
  2. CryptoModeOnAnswer
  3. CryptoContextBehavior

When this new ruleset action is not added, the default behavior of the Call Agents continues to be:

  • Both crypto mode (CryptoModeOnOffer/CryptoModeOnAnswer) are set to keep their crypto keys.
  • By default the crypto context behavior (CryptoContextBehavior) is now set to never reset the cryptographic context.

Important change: If this new default behavior causes audio decryption issue, set the CryptoContextBehavior parameter to "AlwaysReset".

DGW-13818 - Add a "bye delay" parameter to the "Call Transfer Handling" ruleset action of the Sbc service.

Incident Number: IN-14651

A new parameter was added to delay the SIP BYE issued by the Sbc service to disconnect the original call leg when handling the SIP REFER method. This new parameter should be used when more time is needed for the peer to issue the SIP BYE itself.

This new parameter only has an effect when the "Call Transfer Handling" action uses the "internal handling" method.

DGW-13785 - SRTP interoperability improvements for the Mipt service.

The Mipt.SessionUpdateCryptoMode parameter was removed and replaced by the following three parameters:

  • Mipt.CryptoModeWhenSendingOffer (Default value: RegenerateAlways)
  • Mipt.CryptoModeWhenSendingAnswer (Default value: RegenerateAlways)
  • Mipt.CryptoContextBehavior (Default value: ResetAlways)

The default behavior of DGW with SRTP streams is not changed.

When an upgrade is performed, the configuration of the oldMipt.SessionUpdateCryptoModeparameter is taken into account and applied to the three new parameters using the following mapping:

Mipt.SessionUpdateCryptoMode Regenerate Keep
Mipt.CryptoModeWhenSendingOffer RegenerateAlways KeepAlways
Mipt.CryptoModeWhenSendingAnswer RegenerateAlways KeepAlways
Mipt.CryptoContextBehavior ResetAlways ResetAlways

Note: the CryptoModeWhenSendingOffer and CryptoModeWhenSendingAnswer parameters apply only to the SDES key management protocol. The CryptoContextBehavior parameter applies to both SDES and MIKEY.

DGW-13765 - Add TLS 1.3 support for the Conf, Cwmp and File services.

The Conf, Cwmp and File services now support TLS 1.3.

DGW-13701 - The EpServ.AutoCall and EpServ.DelayedHotline parameters are not accessible via TR-069.

The EpServ.AutoCall and EpServ.DelayedHotline parameters are now accessible via TR-069.

Added the following objects trees to the TR-069 data model:

  • Device.Services.X_0090F8_EpServ.AutoCall.
  • Device.Services.X_0090F8_EpServ.DelayedHotline.
  • InternetGatewayDevice.Services.X_0090F8_EpServ.AutoCall.
  • InternetGatewayDevice.Services.X_0090F8_EpServ.DelayedHotline.

DGW-13668 - Support the Strict-Transport-Security header for DGW Web pages as per RFC 6797.

Incident Number: IN-14471

A new Web.HstsHeaderEnable parameter was added to enable the HTTP Strict-Transport-Security (HSTS) header, as described in RFC 6797.

When enabled, this feature prevents users from accessing the DGW Web pages using HTTP, and forces the browser to always communicate using HTTPS.

DGW-13570 - Add two new ECDSA ciphers for TLS 1.2.

The support of ECDSA certificates for TLS 1.2 was improved.

Two new AES cipher suites from RFC 8422 were added:

  • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256


Issues Fixed

DGW-14229 - CVE-2021-3449: TLS communications are vulnerable to a Denial of Service (DoS).

An important security flaw was found in the OpenSSL library affecting DGW v46.1, v46.2, v47.0, and, v47.1. If exploited successfully, this vulnerability could cause the unit to reboot unexpectedly.

The OpenSSL library was fixed, addressing CVE-2021-3449.

DGW-14183 - Permanent certificates are not present after a backup is restored.

Permanent certificates are now present after a backup is restored.

DGW-14180 - The answer sent by the Sbc service to a SIP session refresh contains a new SDES crypto key instead of reusing the one previously advertised.

The problem occurred when the advertised a=crypto attributes changed its tag during the same SIP call.

a=crypto:<tag> <crypto-suite> <key-params>

The Sbc service will now reuse the same key-params instead of generating a new one.

DGW-14049 - The SRTP header remains the same after a SIP hold/resume.

When a SIP call was put on hold by the remote SIP peer,the outgoing SRTPheader remained the same.

This behavior is now fixed. Theoutgoing SRTPheader will now have its SSRC, sequence number, and timestamp randomized to different values.

DGW-13969 - The crypto tag in the SDP answer may not match the SDP offer.

When all the following conditions were met, the crypto tag of the SDP answer may have had a mismatch:

  • Secured SIP call with SDES key management;
  • Mipt.SessionUpdateCryptoMode parameter configured to Keep;
  • SIP Hold is sent by remote peer and its crypto tag has different value than the previous SIP exchange;

The behavior is now fixed. The SDP answer will now have the matching crypto tag.

DGW-13933 - Some RTP packets may cause the application to stop responding.

Incident Number: IN-15005

When using the DSP codec Bank2, some RTP packets could cause the DSP to stop responding.

Fixed the DSP configuration that caused the problem.

DGW-13887 - The Sbc service resumes SIP calls with the wrong connection address.

When handling a SIP REFER request to connect two SIP calls from two different signaling interfaces, the Sbc service would resume the SIP call with the wrong connection address. This lead to a one way audio.

The Sbc service now generates the SDP with the correct connection address.

DGW-13883 - The SetParameterValuesFault node is missing from the SetParameterValues error response sent by the Cwmp service.

In various failure scenarios, the SetParameterValuesFault node was not present in the SetParameterValues error response of the Cwmp service.

The SetParameterValuesFault node is now present in the error response.

DGW-13870 - An interop parameter is needed to add/remove the <Cwmp:ID> header in Cwmp Inform requests.

Incident Number: IN-14945

Added an interop parameterCwmp.InteropCwmpIdHeader to add or remove the <Cwmp:ID> header in the unit's Cwmp Inform requests sent to an ACS.

DGW-13844 - Improve interoperability of the Cwmp service for download requests.

Cwmp service now supports receiving download requests with a NULL value as the TargetFileName XML element.

DGW-13750 - Cannot limit Cwmp service HTTPS provisioning to use only TLS 1.2.

It is now possible tocorrectly limit Cwmp service HTTPS provisioning to only use TLS 1.2 with the parameter Cwmp.TransportHttpsTlsVersion.

DGW-13695 - Option 77 cannot be removed from DHCP requests.

Incident Number: IN-14918

Bni.DhcpClientUserClass now accepts an empty value.

When Bni.DhcpClientUserClass is empty, the DHCP request no longer contains a value for Option 77.

DGW-13652 - The Sbc service is missing replacement expressions to retrieve the "From" and "To" SIP headers.

Incident Number: IN-14900

New replacement expressions are now available to retrieve the "From", $fQ, and the "To", $tQ, SIP headers.

DGW-13549 - An invalid NAT configuration can cause the lost of the network contact with the device.

An invalid NAT configuration no longer cause the lost of the network contact with the device.

DGW-13290 - The SIP endpoint gateway does not always fail over to secondary server if the UDP connection is lost while a call is in progress.

Incident Number: IN-14782

Under a certain critical timing, when using UDP transport, if multiple SIP registration attempts were not answered by the primary server while there was an ongoing call, the SIP endpoint gateway did not fail over to the secondary server once the call ended.

The SIP endpoint gateway now correctly fail over to the secondary server.


Known Issues

There are no known issues.


Copyright Notice

Copyright 2021 Media5 Corporation.

This document contains information that is proprietary to Media5 Corporation.

Media5 Corporation reserves all rights to this document as well as to the Intellectual Property of the document and the technology and know-how that it includes and represents.

This publication cannot be reproduced, neither in whole nor in part, in any form whatsoever, without written prior approval by Media5 Corporation.

Media5 Corporation reserves the right to revise this publication and make changes at any time and without the obligation to notify any person and/or entity of such revisions and/or changes.

www.media5corp.com