FIRMWARE RELEASE NOTE ====================== Products affected: AXIS Q6034-E PTZ Dome Network Camera Release date: 2021-11-23 Release type: Production Firmware version: 5.51.7.6 Preceding release: 5.51.7.5 -------------------------------------------------------------------------------- Upgrade instructions ==================== Upgrade the firmware according to the instructions given at https://www.axis.com/ca/en/support/technical-notes/how-to-upgrade or howtoupgrade.txt, which is included in the firmware folder. NOTE ==================== For latest information about Axis Cybersecurity, see https://www.axis.com/se/sv/support/product-security. Corrections in 5.51.7.6 since 5.51.7.5 ======================================= 5.51.7.6:C01 Corrected an issue in ftptest.cgi and smtptest.cgi that caused "502 Bad Gateway" error response. This was introduced in the 5.51.7.5 release. Corrections in 5.51.7.5 since 5.51.7.4 ======================================= 5.51.7.5:C01 Corrected CVE-2021-31987. 5.51.7.5:C02 Updated OpenSSL to version 1.1.1l to increase overall minimum cybersecurity level. 5.51.7.5:C03 Added an option to Disable or Enable TLSv1.0 or TLSv1.1 using param.cgi. [IPAddress]/axis-cgi/admin/param.cgi?action=update&root.HTTPS.AllowTLS1=no and [IPAddress]/axis-cgi/admin/param.cgi?action=update&root.HTTPS.AllowTLS11=no 5.51.7.5:C04 Corrected CVE-2021-31988. Corrections in 5.51.7.4 since 5.51.7.3 ======================================= 5.51.7.4:C01 Updated OpenSSL to version 1.1.1k to fix CVE-2021-3449 and CVE-2021-3450. 5.51.7.4:C02 Updated pwdgrp.cgi to be RFC compliant to work seamlessly with Home Assistant Systems. Corrections in 5.51.7.3 since 5.51.7.2 ======================================= 5.51.7.3:C01 Corrected a stability issue that occurred when X-Frame-Options is enabled. Corrections in 5.51.7.2 since 5.51.7 ===================================== 5.51.7.2:C01 Corrected a newline character in pwdgrp.cgi, introduced in 5.51.6, that could cause problems when parsing the response. 5.51.7.2:C02 Corrected an issue that prevented Action Rule Events from sending images via email. 5.51.7.2:C03 Corrected an issue that caused monolith to timeout and respawn during too many connect/disconnect RTSP streaming requests. 5.51.7.2:C04 Added support to enable/disable X-Frame-Options headers in the plainconfig. By default, X-Frame-Options is enabled and its value is set to "sameorigin". Corrections in 5.51.7 since 5.51.6.2 ===================================== 5.51.7:C01 Added possibility to retrieve the device Owner Authentication Key (OAK) in the web GUI. Note that this functionality requires that the product have direct access to the internet. 5.51.7:C02 Updated the wpa-supplicant to version 2.9 to increase the overall cybersecurity level. The following cybersecurity vulnerabilities are fixed: CVE-2019-13377 CVE-2019-16275. 5.51.7:C03 Updated OpenSSL to 1.1.1d to increase the overall cybersecurity level. 5.51.7:C04 Added support for TLSv1.2. 5.51.7:C05 Updated the client-side URL transfer library (libcurl) to version 7.53.1 to increase the overall cybersecurity level. Corrections in 5.51.6.2 since 5.51.6.1 ======================================= 5.51.6.2:C01 Corrected an issue that caused admin users other than root not to be allowed to change user account passwords. 5.51.6.2:C02 Added ProxyDispatcherOnly option to the O3C/AVHS client that can control proxy configurations of dispatcher services. 5.51.6.2:C03 Corrected an issue that caused camera to drop network connection when using 5.51.6.1 firmware. 5.51.6.2:C04 Added support for NAS over 2TB. Corrections in 5.51.6.1 since 5.51.6 ===================================== 5.51.6.1:C01 Added “X-Frame-Options: sameorigin” to the HTTP Response Headers in order to increase overall minimum cybersecurity level 5.51.6.1:C02 Updated Turkey (Istanbul) timezone to GMT +3. 5.51.6.1:C03 Improved robustness of the O3C client. Corrections in 5.51.6 since 5.51.5 =================================== 5.51.6:C01 Improved robustness of the O3C client. 5.51.6:C02 Removed the root users default password in factory defaulted firmware. The password of the root user must be set first in order to initialize VAPIX and ONVIF interfaces to allow further configuration. This change only affects products in its factory defaulted state, products that are already deployed in production systems are not affected by this update until factory defaulted. Corrections in 5.51.5 since 5.41.4 ================================== 5.51.5:C01 Corrected an issue that caused event notifications not been triggered on storage disruption. 5.51.5:C02 Improved re-connection behavior to AVHS server. The time between failed connection attempts will now gradually increase until a hard limit is reached. 5.51.5:C03 A user with administrator rights can now upload PTZ drivers for those cameras supporting this feature. Note that a factory default will be required to remove the old permissions sets from the firmware. 5.51.5:C04 Corrected an issue that caused an overload of the CPU after enabling IP adress filtering. 5.51.5:C05 Corrected common vulnerabilities in the Linux kernel to increase overall minimum cyber security level. CVE-2010-2960, CVE-2010-4175. 5.51.5:C06 Patched security vulernability CVE-2018-14526 in WPA supplicant to increase overall minimum cyber security level. New Features in 5.51.5 ====================== 5.51.5:F01 SD card clean-up improvement, make better use of the available storage capacity on larger SD cards. 5.51.5:F02 Edge Storage Disruption Detection, ability to be notified when the Edge Storage detects disruptions that may need administrative attention, typically disk unavailable, read/write error, disk full or disk locked. 5.51.5:F03 Text Overlay character set extension, ability to use non-western characters in the video text overlay. Note that, Right-to-left languages such as Arabic are not supported. 5.51.5:F04 Text Overlay Font Size, ability to select three different font sizes for the video text overlay in order to increase readability, especially for high resolution video. 5.51.5:F05 Text Overlay Message Action, a camera action that provides a way to display a user defined message in the image's text overlay upon a detected event. 5.51.5:F06 Email/SSL Recipient, ability for the camera to connect to common email services. The camera includes predefined profiles for example, Gmail and Hotmail. 5.51.5:F07 HTTPS Recipient, systems using HTTP notifications from the camera can now do this in a secure way over HTTPS. 5.51.5:F08 Upload Video Clip Action, ability to upload a video clip to an FTP server or an email recipient upon an event. Note that, a media player with support for H.264 and Matroska File Format (MKV) is required to play the clip. 5.51.5:F9 Live Stream Access Detection, it is now possible to notify people that someone is actively monitoring a camera. 5.51.5:F10 System Ready Event, ability to get notified when the camera has booted and all services are initialized. 5.51.5:F11 SSH (Secure Shell), a command line interface is added to the camera that may be used for specific support and maintenance activities. Note that, SSH is not enabled by default. 5.51.5:F12 Virtual Inputs, used by clients to initiate Action Rules in the camera. Virtual Inputs extends the existing "Manual Trigger" with 32 additional. 5.51.5:F13 AXIS ACAP Applications, the behavior for AXIS Cross Line Detection 1.x and AXIS Video Motion Detection 2.x has been improved, making it less prone to false detection on small objects. 5.51.5:F14 Centralized Certificate Management, certificates for HTTPS and 802.1x are now managed in one place. The firmware also includes a number of pre-installed CA certificates such as Verisign, Thawt and GeoTrust. 5.51.5:F15 Improved Constant Bitrate Control, the Constant Bit Rate (CBR) will now adjust to target bit rate quicker. Known Bugs/Limitations ====================== 5.51.6.1:L01 To be able to use all parts of the image in a View Area use the 4:3 Aspect Ratio for the View Area. 5.51.6.1:L02 90 and 270 rotation can cause a drop in frame rate. 5.51.6.1:L03 Multiple simultaneous recordings to SD cards and network shares can degrade the performance of the system. 5.51.6.1:L04 Windows Network Shares do not handle all modifiers e.g. %c, since modifiers are UNIX standard. 5.51.6.1:L05 Frame Size Control does not affect the size of the snapshot taken with the upper right control that can be added to the Live View. 5.51.6.1:L06 If the device has ongoing continuous recordings and the device is restarted using the restart option in web interface, the current part of recordings(block) can not be accessed or downloaded through the web interface. 5.51.6.1:L07 Stream profile names are limited to alphanumerical characters. 5.51.6.1:L08 The AXIS Media Control client may stop displaying the H.264 video stream after the PC has been locked. 5.51.6.1:L09 Live view does not work with QuickTime player using default settings. Workaround: Disable Direct3D acceleration in Quicktime. 5.51.6.1:L10 When using an action rule results in short recordings, it is recommended to extend post-event time. 5.51.6.1:L11 For actions based on PTZ events, it is not possible to use the #P (PTZ preset name) and #p (PTZ preset number) modifiers in the file names for network share uploads. 5.51.6.1:L12 It's not recommended to downgrade to previous firmware when having HTTPS enabled. 5.51.6.1:L13 Modifying a PTZ view area using API and afterwards clicking save in the web interface, will cause the view area to revert to the old position. 5.51.6.1:L14 Time zone selection for Moscow Time is not correct according to the changes made to this time zone. 5.51.6.1:L15 If text overlay is more than 460 characters long, no text will be displayed. 5.51.6.1:L16 Private keys need to be in a PKCS#1 format in order to function. 5.51.6.1:L17 A maximum of 100 installed certificates is allowed 5.51.6.1:L18 For low contrast scenes, false positives or negatives may occur because there is not enough information for the Tampering alarm. 5.51.6.1:L19 If downgrading to previous firmware version, a factory default is recommended after performing the downgrade. 5.51.6.1:L20 Using control queue with Java Applet may result in wrong queue positions if switching between admin and viewer users. 5.51.6.1:L21 GOV values for stream profiles higher than 5000 are not supported. 5.51.6.1:L22 On Windows shares, upload paths for events needs to be created on the share before use. 5.51.6.1:L23 Not possible to view live or recorded video in Internet Explorer 10 Modern UI in Microsoft Windows 8. Supported AXIS VAPIX API Image Resolutions ========================================================= Resolution Exceptions ========== ========== 1280x720 800x450 480x270 320x180 1024x768 1) 1024x576 1) 800x600 1) 768x576 1) 720x576 1) 704x576 1) 704x480 1) 704x288 1) 704x240 1) 640x480 1) 640x360 1) 480x360 1) 384x288 1) 352x288 1) 352x240 1) 320x240 1) 240x180 1) 192x144 1) 176x144 1) 176x120 1) 160x120 1) 160x90 1) 1) Not visible in web user interface 90/270 degress rotation is not supported.