----------------------------------------- Server Technology ----------------------------------------- Sentry Switched -48 VDC ----------------------------------------- Firmware Revision Notes ----------------------------------------- Sentry Switched -48 VDC Version 7.1e June 29, 2020 =============================================================================== Applicable Products =================== Sentry Switched -48 VDC firmware only applies to products with a product code of 12 hexadecimal. The product code is the fourth octet in the Ethernet MAC address, e.g., the "12" in "00-0A-9C-12-00-00". The Ethernet MAC address is displayed on the web "Configuration - System" page and by the SHOW SYSTEM command. Firmware Revision History ========================= yy-mm-dd Ver. Filename Description -------- ---- -------- ----------- ----------- Version 7.1 ----------- 20-06-29 7.1e swdc-v71e.bin Fifth production release Version 7.1e is a critical security-patch, new-feature, and maintenance release. Update to version 7.1e is strongly recommended for all products. Fixed critical TCP/IP stack vulnerabilities. Server Technology was recently notified that researchers from JSOF (www.jsof-tech.com) found vulnerabilities within the Treck TCPIP, IPv4, IPv6, DHCP, DHCPv6 and DNS products. These third-party libraries provide the network stack in our Switched -48 VDC products. In reviewing these vulnerabilities, US-Cert and Mitre have classified the highest level as a possible "critical" severity (CVSS v3.1 score 10.0) vulnerability, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H. Some of these vulnerabilities can be triggered remotely without any authentication on the device. The vulnerability can lead to a full remote code execution on the target device. Server Technology strongly recommends that customers immediately review and deploy this latest firmware to eliminate these potential risks. At time of release of this firmware, there is no known in the wild exploit of these vulnerabilities. JSOF and Treck are coordinating a public disclosure of the vulnerabilities that is tentatively set for June 15th, 2020. After disclosure, applicable Mitre CVE and US-Cert VU numbers will be added to these release notes. Update: JSOF has collectively named the vulnerabilities 'Ripple20'. More information is available at: https://www.jsof-tech.com/ripple20/ US-Cert VU number: 257161 Mitre CVE numbers: CVE-2020-11896, CVE-2020-11897, CVE-2020-11898, CVE-2020-11899, CVE-2020-11900, CVE-2020-11901, CVE-2020-11902, CVE-2020-11903, CVE-2020-11904, CVE-2020-11905, CVE-2020-11906, CVE-2020-11907, CVE-2020-11908, CVE-2020-11909, CVE-2020-11910, CVE-2020-11911, CVE-2020-11912, CVE-2020-11913, CVE-2020-11914 Added SNMPv3 SHA authentication and AES privacy. Using the web interface, the SHA and AES options are configured by new choices in the Authentication Type and Privacy Type dropdowns on the Configuration->SNMP/Thresholds page. Using the CLI, the SHA and AES options are configured by these new command keywords: SET SNMP V3 ROAUTHTYPE { SHA } SET SNMP V3 RWAUTHTYPE { SHA } SET SNMP V3 ROPRIVTYPE { AES } SET SNMP V3 RWPRIVTYPE { AES } Added StartUp Stick support to configure SNMPv3 SHA authentication and AES privacy. Version 1.07 of the StartUp Stick spreadsheet tool is required. Updated the Sentry Network Access Protocol (SNAP) version to 2.1. This update supports configuring SNMPv3 SHA authentication and AES privacy. Increased the maximum number of repeater object IDs in an SNMP GetBulk operation from 10 to 20. Fixed the SNMP agent, when using SNMPv3 privacy (encryption), to disallow setting a duplicate value for 'name' objects that require uniqueness. Fixed the SNMP agent to increment the snmpEngineBoots value upon each initialization. Fixed SNMP Get operations for leaf node / scalar objects to only succeed when ending in '.0'. 19-01-15 7.1d swdc-v71d.bin Fourth production release Version 7.1d is a new-feature, maintenance, and security-patch release. Update to version 7.1d is recommended for all products. Added support for console port login without DSR. This avoids the error message 'No DSR -- login is not available with DSR low' when connecting from a serial device that does not support DSR or does not assert DSR high. As in previous versions, sessions started with DSR high will monitor for a DSR loss (a high-to-low transition, for example, by a cable disconnect), upon which the session will automatically logout for security reasons. Sessions started with DSR low will not monitor for a DSR loss, such that a manual session logout or session timeout is required to avoid the security risk of a subsequent console connection starting in an already-authenticated session. Updated the OpenSSL component to v1.0.2p (August 2018). Refer to the OpenSSL.org change log for details. Fixed the web interface login to properly authenticate an entered username and/or password of exactly the maximum 32-character length. Fixed a potential CGI/HTTP crash and automatic restart when an unauthorized user attempts access during multiple simultaneous sessions. Fixed SNMP getnext operations to Sentry3-MIB eventInformationGroup objects when '.0' is not included at the end of the object ID in the request. Previously the object returned was one past the correct lexicographically-ordered object. Fixed SNMP IP Restrictions to 'Trap Destinations Only' when the trap destinations are specified by hostnames. Previously the hostnames were not being resolved to IP addresses, resulting in all inbound SNMP traffic being blocked. Fixed changes by successful SNMP set operations to mib-2 system objects (sysContact, sysName, and sysLocation) to be persistent across restarts. Fixed DNS lookups to not occur for blank hostnames. Built with an updated TCPIP library with a fix that avoids malformed DNS responses from potentially provoking crashes and unexpected behavior, and a fix for TCP hangups during SYN flood attacks. 18-02-12 7.1c swdc-v71c.bin Third production release Version 7.1c is a new-feature, maintenance, and security-patch release. Update to version 7.1c is recommended for all products. Added support to attempt recovery from a Static IPv4 Address Conflict condition. Recovery is attempted upon a link integrity loss and recovery, and by periodic retries (starting shortly after detecting the condition, and repeating hourly). Added StartUp Stick support to configure: outlet reboot delay, outlet sequence interval, outlet sequence order, temperature scale, web session timeout, CLI session timeout, configuration reset button, strong passwords, and StartUp Stick disable. Version 1.04 of the StartUp Stick spreadsheet tool is required. Changed StartUp Stick support to log usage attempts when disabled, and to differentiate between EVENT and AUTH log messages. Changed the maximum length of the LDAP Search Bind Password from 20 to 32 characters. Updated the Sentry Network Access Protocol (SNAP) version to 2.0. This update supports the increased length of the LDAP Search Bind Password. Updated the OpenSSL component to v1.0.2n (Dec 2017), which is the latest release of the Long Term Support (LTS) version. Fixed the Login Banner configuration web page to not truncate banner text to 255 characters. This problem was introduced in v7.1b. Built with an updated SNMP library with a minor memory-overwrite fix. 17-08-02 7.1b swdc-v71b.bin Second production release Version 7.1b is a maintenance and security-patch release. Update to version 7.1b is recommended for all products. Added a web and CLI message to inform users that outlets will not change state upon a restart. Added support for a Japanese outlet-control enable/acceptance page, for PSE compliance. Updated the OpenSSL component to v1.0.2l (May 2017), which is the latest release of the Long Term Support (LTS) version. This includes various bug fixes, but no security fixes. Reduced the number of supported simultaneous Telnet and SSH sessions to 3 each, from 4 each, to reduce RAM usage. Reduced the number of concurrent web connections to 16, from 24, to match the number of TLS1.2 threads and to reduce RAM usage. Adjusted RAM allocations to increase the system heap by 96K and the network heap by 64K, for increased stability during multiple concurrent TLS1.2 HTTPS sessions. Removed 'POPS SNMP Support' from the list of key-activated features, as this feature has been included without a key since v6.1a. Fixed the web server to no longer be vulnerable to the “Misfortune Cookie” security flaw (CVE-2014-9222). Fixed the web server to no longer be vulnerable to the "Digest Buffer Overflow Vulnerability" security flaw (CVE-2014-9223). 17-03-07 7.1a swdc-v71a.bin First production release Version 7.1a is a major security-upgrade and minor maintenance release. Upgraded Transport Layer Security (TLS) to version 1.2 (RFC 5246). This support is based on OpenSSL v1.0.2k (January 2017), which is the latest release of the Long Term Support (LTS) version. Supported ciphers: TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_AES_128_CBC_SHA Removed TLS1.0 support and the 3DES (TLS_RSA_WITH_3DES_EDE_CBC_SHA) cipher. Only TLS1.2 is supported. Security upgrade notes and requirements: TLS1.2 support affects HTTPS, LDAPS, and SNAP. HTTPS (secure web server): A modern web browser with TLS1.2 support is required. Current versions of IE, Firefox, Chrome, Opera, and Safari have been tested and are supported. The HTTPS server uses the first matching cipher from the client preference list. LDAPS (secure LDAP client over TLS): LDAPS support requires a modern directory service with TLS1.2 support. Active Directory support has been tested with Windows Server 2012 R2. OpenLDAP support has been tested with v2.4.42. SNAP (secure access by Sentry Power Manager (SPM) software): SPM version 6.0.9 or later is required to support TLS1.2 for SNAP operations. Changed regenerated self-signed X.509 certificates to use a 2048-bit key and SHA256 as the signature hash algorithm, to comply with current minimum security standards. It is highly recommended (and may be required by some browsers) that old weaker self-signed certificates be removed from certificate stores and new stronger certificates be regenerated and accepted into certificate stores. Added dynamic adjustment of the default port number on the LDAP configuration web page when the Bind Type is changed. Added form submission by the Enter key on the Ping tools web page. Removed Cisco Energywise support. Fixed StartUp Stick support to properly handle configuring access by HTTPS but not HTTP, which previously errantly disabled all web services. Fixed a "Request Too Large" error message when making changes on the Outlet Traps and Shutdown configuration web pages on systems with a large number of outlets. Fixed the Outlet Traps configuration web page to not require reauthentication after visiting the page on systems with a large number of outlets. Fixed unnecessary delays between sending SNMP traps when many traps are sent in a short period of time. Fixed configuration changes to SNMP community strings, SNMP v3 users, and the SNMP trap format to indicate that a restart is required. Fixed configuration changes to the HTTP/S port to properly indicate when a restart is required. Fixed a CLI session end to be logged with a NOTICE severity to a SYSLOG server, instead of a WARNING severity. Fixed code to suspend the web thread during firmware updates. ----------- Version 7.0 ----------- 17-03-08 7.0w swdc-v70w.bin Thirteenth production release Version 7.0w is a minor maintenance release. Added dynamic adjustment of the default port number on the LDAP configuration web page when the Bind Type is changed. Added form submission by the Enter key on the Ping tools web page. Fixed StartUp Stick support to properly handle configuring access by HTTPS but not HTTP, which previously errantly disabled all web services. Fixed a "Request Too Large" error message when making changes on the Outlet Traps and Shutdown configuration web pages on systems with a large number of outlets. Fixed the Outlet Traps configuration web page to not require reauthentication after visiting the page on systems with a large number of outlets. Fixed unnecessary delays between sending SNMP traps when many traps are sent in a short period of time. Fixed configuration changes to SNMP community strings, SNMP v3 users, and the SNMP trap format to indicate that a restart is required. Fixed configuration changes to the HTTP/S port to properly indicate when a restart is required. Fixed a CLI session end to be logged with a NOTICE severity to a SYSLOG server, instead of a WARNING severity. Fixed code to suspend the web thread during firmware updates. 16-08-26 7.0v swdc-v70v.bin Twelfth production release Version 7.0v is a maintenance-only release. Update to version 7.0v is recommended for all products. Fixed successful authentication responses from secondary remote authentication servers (LDAP, TACACS+, RADIUS) to allow access, instead of being ignored. Fixed a possible crash and automatic restart of the root thread due to a stack overflow resulting from constantly repeating SSH sessions. Fixed system monitoring of the SSH server thread to cause an automatic restart if found to have ended unexpectedly. 16-04-27 7.0u swdc-v70u.bin Eleventh production release Version 7.0u is a maintenance and security-patch release. Update to version 7.0u is strongly recommended for all products. Added support for 600A DC products. Updated the SNMP Sentry3 MIB. This MIB adjusted the upper limit of the infeedLoadValue, infeedLoadHighThresh, and infeedCapacity objects, to support 600A DC products. Added infeed status and flash information to DEBUG SUPPORT. Replaced the default SNTP servers (2.pool.ntp.org and 1.pool.ntp.org) with newly-registered Server Technology NTP pool servers (2.servertech.pool.ntp.org and 1.servertech.pool.ntp.org). Changed FTP GET failure responses to distinguish between 'File Not Found' and 'Permission Denied'. Fixed FTP firmware uploads by FileZilla when configured to use more than one connection. Previously a restart would occur without flash-writing the update. Fixed a security issue with SNMP v1/v2c community strings. Fixed changes to the SNMP SysName, SysContact, and SysLocation strings to not require a restart to take effect. Fixed normal SNAP restarts, which broke in 7.0s. This bug prevented the unit from restarting when SPM performed a normal 'Restart', although the operation appeared to succeed in SPM. Updated the integrated board-level test code to v3.0d, with a fix for a factory process that could corrupt flash wear counters. Note: this functionality is only accessible and used during the factory production process. Rebuilt the SSL, SSH, LDAP, Directory Services, and Energywise libraries, to accommodate updated dependencies. 15-10-14 7.0t swdc-v70t.bin Tenth production release Version 7.0t is a maintenance-only release. Update to version 7.0t is recommended for all products. Added support for new intelligent power module hardware that supports increased measurement resolution and automatic zero-offset adjustment. Fixed modem initialization support, which broke in v7.0s. Fixed not being able to turn off (uncheck) the Location Blink option on the web 'Configuration - System' page, which broke in v7.0s. Fixed SHOW TRAPS to show the T/H sensor trap information, and to show the correct Status Trap and Delta values for T/H sensors of second or later environmental monitors, which were showing values for the first environmental monitor. These broke in v7.0s. Fixed the SET RADIUS PRIMARY SERVER command, which was setting the secondary server. This broke in v7.0q. Fixed the Connection Timeout for the Aux/Modem port in SHOW PORTS to show '(Disabled)' when set to zero, and removed an extra 's' after 'minute(s)' when not zero. Fixed misalignment of column text in SHOW SHUTDOWN. Removed insecure DES cipher support from the LDAPS client. 15-07-24 7.0s swdc-v70s.bin Ninth production release Version 7.0s is a new-feature, maintenance, and security-patch release. Update to version 7.0s is recommended for all products. Added StartUp Stick support. The StartUp Stick is a tool for quick and easy mass-configuration of operating parameters. See https://www.servertech.com/products/accessories/startup-stick for further information. Added support for Smart Load Shedding due to humidity-sensor high- threshold events. Outlet actions (on or off) can now be configured to occur automatically when a humidity measurement crosses a high threshold, with optional reverse action upon recovery (with hysteresis). Related changes include: - Added SET OUTLET HUMIDEVENT. - Added SET EVENT SENSOR HUMIDDELTA, HUMIDHIGH, HUMIDRECOVERY, and TEMPRECOVERY. - Changed SET EVENT SENSOR AUTORECOVERY to be a hidden alias to SET EVENT SENSOR TEMPRECOVERY. - Updated the SHOW LOADSHED and SHOW EVENT commands to display the humidity load-shedding configuration. - Updated the web Smart Load Shedding 'Outlets' and 'Events' pages to configure and display the humidity load-shedding configuration. - Changed 'Temperature event outlet action' to 'Sensor event outlet action' in log messages for outlet action changes. Added support for the GMT offset to be set in minutes, to accommodate partial-hour time zones. The hour range was also extended so that all standard international time zones from -12:59 to +14:59 are now supported. Added code to prevent downgrading to prior firmware versions on new NIC hardware with a Micrel PHY. Removed weak MD5 HMAC algorithm support from the SSH server. Changed regenerated self-signed X.509 certificates to use SHA-1 as the signature hash algorithm, instead of weak MD5. Changed the minimum Shutdown Delay from 30 seconds to 1 second. Changed SHOW SHUTDOWN to display '(not set)' for undefined hosts. Updated the SNAP version to 1.9. This version added support for the extended hour/minute GMT offset configuration (above), and included a change for SPM to optimize 'set' operations. Fixed Smart Load Shedding to sequence multiple outlets with 'On' shedding actions. Fixed Smart Load Shedding to not require a network connection, except for UPS shedding, which requires a network connection for SNMP polling of a UPS. Fixed SNMP GETNEXT operations to not skip every-other object in the infeed and outlet tables in certain conditions when an EMCU is connected. This problem was introduced in v7.0q. Fixed incorrect SNMP GETNEXT results (an invalid object ID or being lexicographically out-of-order) when the request included a table 'entry' value other than one. Fixed the web and CLI configuration of the SMTP username to not allow spaces. Fixed the CLI to allow removal of the last LDAP group when access is 'Remote Only'. Fixed several cases of indicating that a restart is required after configuration changes that didn't require a restart. Fixed incorrect log messages for some DHCP changes made by the web network-configuration page. Fixed various other minor CLI formatting, prompting, input validation, parameter handling, and log message issues. 15-05-21 7.0r swdc-v70r.bin Eighth production release Version 7.0r is a maintenance-only release. Added support for a Micrel KSZ8081 PHY on new NIC hardware. Updated the integrated board-level test code to v3.0c, adding Micrel PHY support. Note: this functionality is only accessible and used during the factory production process. 15-05-01 7.0q swdc-v70q.bin Seventh production release Version 7.0q is a maintenance and security-patch release. Update to version 7.0q is recommended for all products. Fixed the web server to no longer be vulnerable to the "POODLE" SSLv3 security flaw (CVE-2014-3566) by disabling SSLv3 services. SSH server changes and fixes: - Removed insecure 96-bit digest HMAC algorithm support. - Removed blowfish cipher support. - Fixed sessions to not hang after receiving 1000 characters. - Fixed support for newer SSH clients with long HMAC algorithm lists. - Fixed the server to not send a 'window adjust' packet for every received character. - Increased the maximum packet and windows size. - Added sending an exit-status value of 0 to a session close. - Fixed a session close to send the final 'Session Ended' message before disconnecting. - Removed an extra newline after the 'Session Ended' message. - Substantially improved the SFTP server speed of a file upload. A firmware upload now takes a bit over a minute, versus about five minutes previously. - Fixed the SFTP server to refresh the session timeout on any session operation. Fixed the SET RADIUS command to not clear the secret for the primary server when setting the secret for the secondary server, and vice-versa. Fixed cases of the TCP/IP stack 'up' event occurring prior to final acquisition of a static IPv4 address. This fixes the SNMPv3 Engine ID being wrong (ending with zeros) when the Ethernet cable is plugged in after the boot completes. Fixed the OID of 'eventStatusText' and 'eventStatusCondition' SNMP MIB objects to end with '.0' when sent in traps. FTP server changes and fixes: - Fixed 'IPv6 Prefix' bounds checking on a NETWORK.INI upload. - Fixed 'Scheduled Hour' bounds checking on an FTP.INI upload. - Added an update of DNS servers after a NETWORK.INI upload. - Added an SNTP time update after an SNTP.INI upload. Fixed web pages that support file uploads to not allow selection of multiple files for upload, which isn't supported. Fixed SNAP changes to Email Notifications to be written to non-volatile memory. Fixed SNAP logging of LDAP Bind Type changes to show the new bind type. Fixed the SET TOWER NAME log message to show the correct new value. Fixed the SET UPS ONUTILITY log message to show the correct new value. Fixed web page log messages for auto-recovery of water sensor load- shedding to show the correct new value. Fixed web page log messages for contact closure load-shedding to show the correct new value. Fixed the SET SNTP DST START and SET SNTP DST END commands to not error when setting the new value to the current value. Cosmetic changes: - Added a colon after 'SNMPv2 Agent' in the SHOW SNMP command display. - Corrected 'Daylight Savings Time' to the official 'Daylight Saving Time'. - Corrected the SMTP/Email web page to show 'Transfer' (not 'Transport') for the 'T' in SMTP. - Corrected a spelling typo in 'Temperature' (was missing the 'a') on the Sensor Traps web page. - Updated the copyright year to 2015. 14-11-04 7.0p swdc-v70p.bin Sixth production release Version 7.0p is a maintenance-only release. Update to version 7.0p is strongly recommended for all products. Fixed the potential for an infinite booting loop that would result from an unintended watchdog reset if a SYSLOG server was specified by a hostname and the DNS servers were unreachable when the TCP/IP stack start-up completed, such as can occur after power-up/restart when connected to a switch port with the Spanning Tree Protocol (STP) enabled, which delays traffic through the switch for 30-50 seconds after link integrity is established. This problem was introduced in v7.0n. Fixed the RADIUS 'NASIPv4Address' attribute value to be the IP address of the Switched -48 VDC, not the IP address of the RADIUS server. Fixed a factory restart to not cause a garbled/invalid first log entry about removing the SSL certificate and key. Fixed the web 'Configuration - HTTP/SSL' certificate/key upload page to not re-display as the 'Tools - Firmware' upload page after a failed upload. 14-09-30 7.0n swdc-v70n.bin Fifth production release Version 7.0n is a significant maintenance release providing important fixes and reliability enhancements. Added the number of 'Active Users' to the SHOW SYSTEM command. Added a nine-second master watchdog to possibly reset and recover an extremely aberrant non-responsive system. Added a periodic posting of the network and system heaps to the debug log, if different from the previous check. Improved the system heap monitoring and low-heap restart conditions. Changed the Telnet and SSH servers to each support four simultaneous sessions, instead of sharing four sessions total between Telnet and SSH. Changed the FTP server to accept a firmware update filename of *.bin, instead of just 'firmware.bin', with the single exception of the filename 'config.bin', which is reserved for the system configuration file. Changed the CLI to not automatically terminate input and execute the command upon entry of a 61st character at the command prompt. Increased the minimum non-zero current threshold by one unit of resolution. This change is to mitigate issues caused by non-zero current readings of 'off' outlets, particularly to avoid 'On/Error' conditions/alarms. Reduced/improved SSH connection times by about 5%, by optimizations and removal of an unnecessary delay. Fixed the cause of a crash and automatic restart during the server identification stage of an SSH connection by some SSH clients. Fixed an SSH session from becoming non-responsive due to CLI commands being sent and echoed too fast, before the previous command ended. This broke in v7.0m. Fixed an SSH session from becoming non-responsive due to PuTTy ‘winadj’ packets. This broke in v7.0m. Fixed the FTP server to allow multiple PUT operations during the same session (which broke in v7.0m), and to disallow unsupported filenames. Fixed the FTP server to cause a restart when the session ends after the PUT of 'config.bin' or 'network.ini'. This broke in v7.0m. Fixed a crash and automatic restart in the FTP server upon a GET of 'config.bin' with certain hardware models that have four I2C communication busses. This broke in v7.0m. Fixed possible causes of a Telnet session becoming non-responsive when kept open for an extended time. Fixed possible causes of a Telnet session crashing/restarting during a DEBUG SUPPORT command. Fixed a user-certificate passphrase to be preserved when a self-signed SSL X.509 certificate is regenerated. Fixed the connection of a CLI session to a serial port (by the CONNECT command) to not be counted as an additional active user. Fixed the Flash File System (FFS) to not require/perform an extra restart after the first-time initialization (upon upgrade from v7.0k and earlier). Fixed long login banners (greater than 2048 characters) to not be garbled at the end with serial and Telnet sessions. Fixed console port message strings to be fully sent before a restart due to a pushed firmware update or crash/auto-restart. Updated the integrated board-level test code to v3.0b. Note: this functionality is only accessible and used during the factory production process. Built with an updated TCP/IP library with minor DHCPv6 fixes. 14-07-18 7.0m swdc-v70m.bin Fourth production release Upgraded and enhanced the SSH server: - Reduced/improved connection times by about 25%. - Changed the identification string from "SSH-2.0-Mocana SSH" to "SSH-2.0-ServerTech_SSH". - Added SFTP support. Logins are restricted to administrative users and two simultaneous connections/sessions. - Removed support for the weak Arcfour (RC4) symmetric cryptography cipher. Note: these changes require client acceptance of new server signatures. Added support for firmware updates by three client-push methods: FTP, SFTP, and HTTP/S. - Using the HTTP/S web interface, updated firmware binaries are uploaded on the new "Tools - Firmware" page. Simply choose the appropriate *.bin file and press the 'Upload' button. - Using SFTP, simply perform a PUT of the appropriate *.bin file. - Using FTP, first locally rename the appropriate *.bin file to 'firmware.bin', and then perform a PUT of that file. For all methods, once a small part of the file has been received, a header is checked for validity of the image for the system. If valid, other network services are terminated, and a system restart is flagged to occur subsequent to the rest of the process, successful or not. The remainder of the file is received and CRC file-integrity checks are performed. If successful, the new firmware is written to flash. A system restart completes the process. Added support for a user-supplied SSL X.509 identity certificate and key. This feature allows a customer to replace the default self-signed SSL X.509 certificate with their own certificate. - Supports PEM or DER format. - Supports passphrase encryption. - Support one *.crt and one *.key file. - Files can be uploaded by HTTP/S (HTTPS recommended) and SFTP. - Files are write-only and hidden (for security). For a user certificate to be used by the Switched -48 VDC, a certificate (*.crt) and key (*.key) file must be uploaded to the Switched -48 VDC, the 'User Certificate' option must be enabled, and a passphrase must be configured (if required by the certificate/key), followed by a system restart. Using the HTTP/S web interface, certificate and key files are uploaded from a new 'Upload' page link on the "Configuration - HTTP/SSL" page. One-at-a-time, simply choose a *.crt or *.key file and press the 'Upload' button. Using SFTP, certificate and key files are uploaded by performing a PUT of a *.crt and *.key file. Using the HTTP/S web interface, the 'User Certificate' feature is enabled and configured by additions to the "Configuration - HTTP/SSL" page. These include an enabled/disabled selection, a 'Passphrase' string, and display of 'Stored Files' status. Using the command-line interface (CLI), the 'User Certificate' feature is enabled and configured by additional keywords to the SET SSL command: SET SSL USERCERT { ENABLED | DISABLED } SET SSL USERPASS The SHOW NETWORK command has been updated to display the current configuration of the 'User Certificate' feature options. Added support to configure a custom CLI prompt. A custom prompt is configured with a new keyword to the existing SET OPTION command: SET OPTION PROMPT The maximum length of the custom prompt string is 31 characters. Setting the custom prompt to an empty string disables use of a custom prompt. The SHOW OPTIONS command has been updated to display the custom prompt. Added support for each serial port to have its own connection timeout, instead one timeout for all ports. The SET PORT TIMEOUT command has been updated to accept a target port (instead of ALL), and SHOW PORTS has been updated to display the timeout per port. The timeout has also been split to each port in the "Configuration - Serial Ports" web page. Added the 'Engine ID' to the display of the SNMP v3 configuration, in both the web interface and CLI. Added support for the factory to configure the default of the DHCP 'Static Fallback' option to 'Disabled'. Added DHCP option 12 to inform the DHCP server of the Switched -48 VDC's host name, based upon the host name portion of the configured FQDN. Removed unused options from DHCP requests, including a HOST_NAME request, DOMAIN_NAME, NTP_SERVERS, NIS_DOMAIN_NAME, and IP_FORWARDING. Changed the starting and ending dates that will be used in a regenerated self-signed SSL X.509 certificate to be the firmware build date plus ten years. Changed the FTP server to accept two simultaneous connections. This improves support for FTP clients that use one connection for directory/file browsing, and another connection for file transfers. Improved validity checks on new firmware images. Increased the maximum allowed temperature hysteresis (recovery delta) to 30 degrees Celsius (54 degrees Fahrenheit). Updated the SNMP Sentry3 MIB. This MIB adjusted the upper limit of the tempHumidSensorTempRecDelta object, for the above change. Updated the Serial Command Protocol (SCP) and specification document to version 2.0k. This version supports new query commands for environmental monitor sensor metrics and statuses of the metrics (normal, high, low, etc.). Minor web changes and fixes: - On the Summary page, converted alarms from non-bold to bold with red background, for easier reading. - Fixed detection for broken 'div' borders across IE browser versions. - Fixed the CSS 'textarea' font for consistent display across browsers. Note: the browser cache may have to be cleared for these changes to take effect. Fixed the inability to control some outlets from the web GUI when other outlets are locked, which was occurring on certain product models. Fixed inconsistent 'restart required' notifications with certain Telnet, SSH, HTTP, and SSL configuration changes. Fixed log messages for successful SNMP set requests to include the IPv4 address when running in dual-stack mode. Fixed the network stack start-up to have extra time to complete successfully before displaying an error. This avoids a potential 'Invalid TCP/IP config!' error message when connected to a manual-negotiation hub/switch, despite the stack starting successfully a few seconds later. Built with an updated AWS/Email library with cross-site scripting fixes. 14-01-28 7.0k swdc-v70k.bin Third production release Added an 'eventStatusText' and 'eventStatusCondition' object to all SNMP traps. These provide a text equivalent of the status object in the trap, and interpretation of the status to an error (alarm) or non-error (clear) state. Updated the SNMP Sentry3 MIB. This MIB added the objects to support the above SNMP trap additions. Fixed the SNMP agent 'ifDescr' values. Since version 7.0a, 'eth0' and 'LOOPBACK' descriptions have been assigned to the wrong interface index -- they were reversed. 'lo' (loopback) is now correctly returned for ifDescr.1, and 'eth0' (ethernet) for ifDescr.2. Fixed Telnet and SSH sessions to end cleanly upon a restart, instead of being left open. This problem was introduced in v7.0f. Fixed the network stack start-up to not attempt IP acquisition by DHCP when configured with a static address (DHCP disabled) and a static address conflict is detected. Fixed 'Smart Load Shedding' support to write to NVM a disabled auto- recovery state when an event disables auto-recovery for a previously shed outlet that was marked for auto-recovery. Fixed various minor CLI formatting and prompt issues. Updated the copyright year to 2014. 13-12-10 7.0j swdc-v70j.bin Second production release Updated documentation accompanies this release. For complete configuration and operation instructions about new features below, please refer to the new manuals and technical notes, which are available on the Server Technology website (http://www.servertech.com). Added support for 'Smart Load Shedding' by Contact Closure events and Water Sensor events from an Environmental Monitor Control Unit (EMCU). Added a configurable humidity recovery delta (hysteresis). After exceeding a low or high humidity threshold (thus entering an error condition) the humidity value must return past the threshold by this amount to clear the error condition. The default is 2% relative humidity. Added configuration of the CLI, SCP, and RFTAG options to the web 'Configuration - Serial Ports' pages. Added ‘Falcon Electric’ UPS support. Added robustness improvements to the NVM/I2C communication code to address transient 'NVM Error', 'No Comm', and 'On/Error' conditions. Fixed invalid user and port names in log messages from SCP sessions. Fixed sluggish and inconsistent responsiveness to 'Smart Load Shedding' events by checking for events every second, instead of every ten seconds, except for UPS events. Fixed 'Smart Load Shedding' to not recover from multiple shed events unless all shed events have auto-recovery enabled. Fixed an incorrect title on the 'Power Monitoring - Outlets' web page. Fixed various minor UI issues. Updated the SNMP Sentry3 MIB. This MIB added a new object, tempHumidSensorHumidRecDelta, for managing the hysteresis value of humidity sensors. Updated the Serial Command Protocol (SCP) and specification document to version 2.0j. This version supports new query commands for network settings, network status, and uptime, and also includes minor changes/fixes. Updated the integrated board-level test code to v3.0a. Note: this functionality is only accessible and used during the factory production process. Built with updated TCP/IP and SNMP libraries that fix a memory leak. 13-08-23 7.0i swdc-v70i.bin First production release Version 7.0 is a major new-feature release. Updated documentation accompanies this release. For complete configuration and operation instructions about new features, please refer to the new manuals and technical notes, which are available on the Server Technology website (http://www.servertech.com). Added upgrade/conversion support. Prior to version 7.0i, Server Technology -48 VDC products were part of the legacy "Sentry Remote Power Manager" product family, which only runs end-of-life firmware up to version 5.3s from December 2009. However, since November 2012, some of the "Sentry Remote Power Manager" -48 VDC products have been built with a newer network interface card (NIC) that is compatible with the "Sentry Switched -48 VDC" product family and the version 7 firmware. These products are identifiable by a product code of "12", as covered above under "Applicable Products". To provide the numerous new firmware features since v5.3s, these products can be converted into the "Sentry Switched -48 VDC" product family by loading version 7.0i or later Switched -48VDC firmware. Conversion occurs automatically when the applicable product boots the new firmware for the first time. The firmware will automatically adjust the product family name, and will automatically regenerate a new SSL X.509 certificate, which can add up to 30 minutes to the first boot. The vast majority of product configuration will be retained, but some settings will automatically change. For example, if SNMP is not enabled, SNMP settings will change to match v7 Switched -48 VDC defaults, to be discoverable by default. Configuration settings should be reviewed after the first boot completes. Major changes since version 5.3s: Version 7.0 is built upon an updated operating system, including a new Treck IPv4/v6 dual stack and Treck SNMPv1/v2c/v3 stack. Redesigned the web interface for significant speed increases and a new look-and-feel. Added IPv6 support. Added SNMP v3 support. Added support for operating system shutdown. Added support for key-activated features. Added 'Smart Load Shedding' support. [requires feature key] Added 'Outlet Control Inhibit' support. [requires feature key] Added the ability to configure various product characteristics. Added silkscreen-to-user-interface default-name mapping. Added SMTP Authentication (SMTP AUTH). Added Daylight Savings Time (DST) automatic clock adjustment. Added Sentry Power Manager (SPM) Secure Access support via the proprietary Sentry Network Access Protocol (SNAP). Added RADIUS support. Added Cisco EnergyWise (release v1.2) support. Added an 'MRV LX Series LX-4800' emulation mode. Added support to configure outlets to a locked (no control) state. Extended the LDAP authentication support. Extended the DHCP support. Added Per-Inlet Power Sensing (PIPS) hardware support. =============================================================================== Copyright (C) 2020 Server Technology