FIRMWARE RELEASE NOTE ===================== Products affected: AXIS C2005/C1004-E Release date: 2018-05-14 Release type: Production Firmware version: 1.81.040.1 Preceding release: 1.65.032 -------------------------------------------------------------------------------- Upgrade instructions ==================== Upgrade the firmware according to the instructions given at https://www.axis.com/ca/en/support/tecnical-notes/how-to-upgrade or howtoupgrade.txt, which is included in the firmware folder. NOTE: It is strongly recommended to restart the speaker after a firmware upgrade. New features in 1.81.040.1 ================================================================================ F1 The FTP Server is now disabled by default as it is not used during normal operation and may pose a security risk. F2 The functionality of enabling Axis DNS Service via control button has been disabled by default. F3 Support for AXIS Audio Streaming Capabilities API for better handling of product supported audio streaming settings. The API allows a client to request all the product supported audio stream settings and its combinations e.g. audio codecs, sample and bit rates as well as channels. F4 If no audio active, not sending any audio data between audio peers to avoid network load. Earlier design always sent audio data, even if no audio. F5 Audio in foreground and background will have separate latency profiles, where foreground will run with lower latency and background set up for more stability. F6 The ARP/Ping method to set the products ip-address has been removed in order to increase minimum cyber security standards. F7 Changed the default web server authentication from Basic & Digest to Digest only. F8 Support for Brute Force Delay Protection. The product can block a client for a period of time if too many login attempts failed. F9 Upon a factory default, the device will generate a self-signed certificate at boot and enable HTTPS. This allows clients to use encrypted access from start. If HTTPS is to be used in daily operations, it is recommended to replace the generated self-signed certificate with a CA-signed certificate. F10 Apache web server has been updated to version 2.4.25. F11 Support for 24bit LPCM audio mode. F12 OpenSSL has been updated to version 1.0.2k to increase overall minimum cyber security level. F13 audio-relay service discoverable via mDNS/Bonjour service F14 Support for AXIS SD card health API. The SD card health API allows a client to track and request the health and wear-out state of an camera with AXIS Surveillance SD Card. F15 Improved frequency characteristics for the speakers and added EQ profiles F16 Support for Flash All/Factory Default while performing a firmware update. F17 Support for Password Security Confirmation Check. To increase overall cybersecurity awareness, a user-configured password that is considered "weak" need to be confirmed actively twice by the user. F18 Name and Leader information possible to retrieve via API call F19 Improved frequency characteristics for the speaker's microphone. F20 Support for recordings with G711 mu-law audio encoding. Corrections in 1.81.040.1 ================================================================================ C1 Fixed Security vulnerability CVE-2016-5195. C2 Corrected an issue that prevented the user from saving a action rule with a Email Recipient that had SSL enabled. C3 Running http://ip /incl/bw to get the network bandwidth now requires login credentials. Improved Cyber Security. C4 Fixed an issue resulting in that HTTP notification action rules stopped retrying from contacting the receiving server after a failed attempt. C5 Corrected Content-Type in pwdgrp.cgi response. C6 Corrected security vulnerability CVE-2016-2147 and CVE-2016-2148. C7 Corrected critical vulnerability ACV-128401.