Available DGW Firmware Versions

Latest DGW Version

Previous DGW Version

Skip to end of metadata
Go to start of metadata

Release Notes

DGW Application 48.5.2718


Summary

Incident Number ID Synopsis
DGW-14607 Multiple network interfaces are now allowed in the same subnet
DGW-14927 Certificate files can now be exported in configuration script
DGW-14973 SIP: Support additional DHE ciphers
IN-15117 DGW-15007 User passwords are now securely hashed
DGW-15050 SBC: A specific ruleset expression may cause an unexpected unit restart
DGW-15053 Change of behavior for SNMPv3 authentication
DGW-15164 Virtual Machine cannot be created after a restoring a backup under certain conditions
IN-14657 DGW-15220 SBC: New interop parameter to disable TLS 1.3
DGW-15274 SBC: New parameter to control the TCP/TLS client port number
IN-15378 DGW-15325 Add USB support on the AMD Ryzen CPU
DGW-15338 OWASP: Disable access to internal UART
DGW-15367 Support of redundant Ethernet port switchover
DGW-15429 Clear Scripts/Selection links not working in Web pages
DGW-15442 CVE-2022-0778: Possible Denial of Service (DoS) from purposedly crafted TLS certificate
DGW-15469 The SBC registration cache may have issue handling more than 1000 users
IN-14194 DGW-15499 Accept /31 and /32 netmasks in Bni, Iprouting, Lfw, Nat, Nfw and Vm services
DGW-15675 Sentinel CS (Software SBC) officially released


New Features

DGW-15675 - Sentinel CS (Software SBC) officially released

The Sentinel CS (Software SBC) is now officially released for General Availability (GA).

DGW-15499 - Accept /31 and /32 netmasks in Bni, Iprouting, Lfw, Nat, Nfw and Vm services

Incident Number: IN-14194

IP addresses with a /31 and /32 netmasks are now allowed in the following parameters:

  • Bni.NetworkInterfaces.StaticipAddr
  • IpRouting.AdvancedIpRoutes.SourceAddress
  • IpRouting.StaticIpRoutes.Destination
  • Lfw.LocalRules.SourceAddress
  • Lfw.LocalRules.DestinationAddress
  • Nat.SNatRules.SourceAddress
  • Nat.SNatRules.DestinationAddress
  • Nat.DNatRules.SourceAddress
  • Nat.DNatRules.DestinationAddress
  • Nfw.NetworkRules.SourceAddress
  • Nfw.NetworkRules.DestinationAddress
  • Vm.InternalVirtualSwitchipAddr

DGW-15367 - Support of redundant Ethernet port switchover

The redundant Ethernet port feature can be activated via the Eth.RedundantPorts parameter.

When activated, the traffic of the ETH4 port will automatically switchover to the ETH5 port in case of a link failure on the ETH4 port.

DGW-15338 - OWASP: Disable access to internal UART

Follow OWASP IoT Verification Requirement C.1:Verify that application layer debugging interfaces such USB, UART, and other serial variants are disabled or protected by a complex password.

DGW-15325 - Add USB support on the AMD Ryzen CPU

Incident Number: IN-15378

Virtual Machines (VM) can now access USB devices on the AMD Ryzen CPU.

DGW-15274 - SBC: New parameter to control the TCP/TLS client port number

New parameter "Sbc.SignalingInterface.ForceLocalClientPort" has been added for the SBC to force client SIP connections to use the same port as the listening port.

The parameter is configurablefor each signaling interface and is effective for TLS and TCP transports.

DGW-15220 - SBC: New interop parameter to disable TLS 1.3

Incident Number: IN-14657

A new interoperability parameter Sbc.TransportInteropMaxTlsVersion has been added in the Sbc service to limit the TLS version for SIP over TLS connections.

DGW-15053 - Change of behavior for SNMPv3 authentication

Previously, the Snmp service could use any user account to authenticate a SNMPv3 request.

The Snmp service now requires its own username and password to be defined in the Snmp.SnmpUser and Snmp.SnmpV3Password parameters for SNMPv3 authentication.

This modification was required for DGW-15007.

Note: SNMPv1 and SNMPv2 are not impacted by this change of behavior.

For more information, please consult the "PCN20220216_SNMPv3_New_Behavior.pdf" document in the Media5 Documentation Portal: https://documentation.media5corp.com/display/MP/Product+Change+Notification

DGW-15007 - User passwords are now securely hashed

Incident Number: IN-15117

User passwords are no longer saved in clear text, but instead saved in a cryptographically secure way, using the PBKDF2-HMAC-SHA256 hash algorithm.

Previously, when exporting a backup or configuration script, the passwords could be read in clear-text. Now, only the hashed passwords are visible.

A user cannot retrieve a forgotten password anymore, since it is impossible to reverse a hashed password into a clear-text password. In case all passwords are forgotten, a partial reset or factory reset can be done to restore to the factory initial passwords.

DGW-14927 - Certificate files can now be exported in configuration script

A new option has been added to Configuration Script exportation: All Config & Files. This enables the exportation of certificate files along with the rest of the configuration.

The certificate file content is encoded in Base64.

DGW-14607 - Multiple network interfaces are now allowed in the same subnet

The Bni service no longer deactivates a network interface whose subnet is overlapping with another network interface, as long as they have different IP addresses.


Issues Fixed

DGW-15469 - The SBC registration cache may have issue handling more than 1000 users

The capacity of the SBC registration cache was increased to match the capability of each SBC platform.

DGW-15442 - CVE-2022-0778: Possible Denial of Service (DoS) from purposedly crafted TLS certificate

An important security flaw was found in the OpenSSL library affecting DGW version 48.4 and below. If exploited successfully, this vulnerability could cause the unit to reboot unexpectedly.

The CVE-2022-0778 has been addressed by upgrading the OpenSSL library to version 1.1.1n.

DGW-15429 - Clear Scripts/Selection links not working in Web pages

The Clear Scripts and Clear Selection links in the Configuration Scripts and Backup/Restore web pages now behave properly.

DGW-15164 - Virtual Machine cannot be created after a restoring a backup under certain conditions

Fixed an issue where new Virtual Machine could not be created after restoring a backup that already contained some Virtual Machine entries.

DGW-15050 - SBC: A specific ruleset expression may cause an unexpected unit restart

Fixed an issue that was causing an unexpected restart of the unit when the $_r(0) replacement expression was used in a ruleset.

DGW-14973 - SIP: Support additional DHE ciphers

The SipEp service now supports the following DHE ciphers when using SIP over TLS:

  • TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
  • TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
  • TLS_DHE_RSA_WITH_AES_256_GCM_SHA384


Known Issues

There are no known issues.


Copyright Notice

Copyright 2022 Media5 Corporation.

This document contains information that is proprietary to Media5 Corporation.

Media5 Corporation reserves all rights to this document as well as to the Intellectual Property of the document and the technology and know-how that it includes and represents.

This publication cannot be reproduced, neither in whole nor in part, in any form whatsoever, without written prior approval by Media5 Corporation.

Media5 Corporation reserves the right to revise this publication and make changes at any time and without the obligation to notify any person and/or entity of such revisions and/or changes.

www.media5corp.com