--------------------------------------------------- Server Technology --------------------------------------------------- PRO Smart/Switched AC/DC CDU/PDU/UPDU/Inline Meter --------------------------------------------------- Firmware Revision Notes --------------------------------------------------- Version 8.0n January 17, 2019 =============================================================================== Applicable Products =================== PRO firmware only applies to products with an Ethernet NIC serial number that begins with '96' or '95', for example, '9601234'. The Ethernet NIC S/N is displayed on the web 'Configuration->System->About' page and by the 'show system' CLI command. Firmware Revision History ========================= yy-mm-dd Ver. Rev. Filename Description -------- ---- ---- -------- ----------- 19-01-15 8.0n 2417 pro-v80n.bin Thirteenth production release Version 8.0n is a new-feature, important-maintenance, and security-patch release. Update to version 8.0n is strongly recommended for all products. Added support for console port login without DSR. This avoids the error message 'No DSR -- login is not available with DSR low' when connecting from a serial device that does not support DSR or does not assert DSR high. As in previous versions, sessions started with DSR high will monitor for a DSR loss (a high-to-low transition, for example, by a cable disconnect), upon which the session will automatically logout for security reasons. Sessions started with DSR low will not monitor for a DSR loss, such that a manual session logout or session timeout is required to avoid the security risk of a subsequent console connection starting in an already-authenticated session. Added support for passwords up to 95 characters in length with remote authentication (LDAP, RADIUS, TACACS+). This allows for two-factor and multi-factor authentication methods that combine multiple factors into long passwords, such as with a YubiKey device. Added a branch status table to the dynamic system overview web page. Added watchdog support to reset and recover a non-responsive system. Updated the OpenSSL component to v1.0.2p (August 2018). Refer to the OpenSSL.org change log for details. Improved web cache-busting for updated logos and icons. Fixed system stalls and hangs that could occur with v8.0m when continual HTTP/S requests were received during system boot. Fixed SSH server hangs that could occur with v8.0m when multiple near-simultaneous SSH connection attempts were received. Fixed corruption of an uploaded firmware image that could occur with v8.0m when SSH connection attempts were made during the firmware-update process. Fixed POPS accumulated energy to not jump by phantom amounts upon a warm restart of the NIC. This problem was introduced in v8.0j. To reset accumulated energy baselines, and to resolve inconsistencies between PIPS and POPS accumulated energy, energy counters can now be reset by the web Configuration->Units page or by the new ‘SET UNIT CLEAR ENERGY ’ CLI command. Fixed the web interface login to properly authenticate an entered username and/or password of exactly a 32-character length. Fixed a potential CGI/HTTP crash and automatic restart when an unauthorized user attempts access during multiple simultaneous sessions. Fixed RF Code support to clear queued messages upon tag initialization. This avoids old messages from being sent after a tag disconnect and reconnect. Fixed SNMP getnext operations to Sentry4-MIB non-table (non-indexed) leaf-node objects when '.0' is not included at the end of the object ID in the request. Previously the object returned was one past the correct lexicographically-ordered object. Fixed SNMP IP Restrictions to 'Trap Destinations Only' when the trap destinations are specified by hostnames. Previously the hostnames were not being resolved to IP addresses, resulting in all inbound SNMP traffic being blocked. Fixed DNS lookups to not occur for blank hostnames. Built with an updated TCPIP library with a fix for TCP hangups during SYN flood attacks. 18-07-31 8.0m 2346 pro-v80m.bin Twelfth production release Version 8.0m is a new-feature, maintenance, and security-upgrade release. This release had limited availability, but all changes below are included in future releases. Added JSON API Web Service (JAWS) v1.00 support. JAWS is a customer- oriented API for full configuration, monitoring, and control. JAWS operates securely over HTTPS. Refer to JAWS V1.00 documentation for details. Added support for Universal Per-Inlet Power Sensing (UPIPS) boards. Added support for HDOT, Cx, and UPDU feature icons in the web interface. Added support for three-phase Delta 'Smart Inline Meter' products. Added support for a StartUp Stick to update factory profiles in link units that have the same enclosure part number as the master unit. Added the version of uploaded firmware to the system log message. Changed web page branding to reflect that Server Technology is now a brand of Legrand. This consists of a new company logo and favorite icon. Upgraded the Secure Shell (SSH) server. The SSHv2 server now supports: HMAC: hmac-sha2-256 Kex: diffie-hellman-group-exchange-sha256, diffie-hellman-group14-sha1, diffie-hellman-group1-sha1 Host Key: ssh-rsa Ciphers: aes256-ctr, aes192-ctr, aes128-ctr Products that ship from the factory with v8.0m will have RSA 2048-bit keys. Products updated in the field to v8.0m will run with existing DSA/DSS 640-bit keys. To change to RSA 2048-bit keys, perform a restart with the option to generate new SSH keys. Updated the OpenSSL component to v1.0.2o (March 2018), which is the latest release of the Long Term Support (LTS) version. Updated Server Technology INI Configuration (STIC) support to v2.16. This update added support for JAWS and outlet socket adapters. Refer to STIC V2.16 documentation for details. Updated support for RF Code 'STIPRO' tags, including several changes and fixes. These tags are now supported by all PRO2 products, and have been fully tested with new RF Code CenterScape software. These tags are also supported by select PRO1 products. Fixed RF Code support to average metric values over the reporting period. SNMP agent fixes: - Changed st4OutletSocketAdapter to only be supported for UDOT and Cx outlet sockets types. - Fixed st4OutletSocketAdapter set operations, which were always returning a noSuchName error. - Fixed st4OutletWakeupState set operations to not allow an invalid value of 3. - Fixed changes by successful set operations to mib-2 system objects (sysContact, sysName, and sysLocation) to be persistent across restarts. Fixed temperature sensor hysteresis configuration changes to be persistent across restarts. This has been broken in all versions. Fixed outlet socket adapter configuration by the CLI. Fixed a potential CGI crosstalk issue with the HTTP server. Fixed UPS SNMP polling. This has been broken in all versions. Fixed a potential crash and automatic restart due a stack overflow in the FTP server after an FTP login using LDAPS and local authentication. Fixed minor system log message inconsistencies. Built with an updated TCPIP library with a fix that avoids malformed DNS responses from potentially provoking crashes and unexpected behavior. 18-02-12 8.0k 2215 pro-v80k.bin Eleventh production release Version 8.0k is a new-feature, important-maintenance, and security-patch release. Update to version 8.0k is strongly recommended for all products. Added support to attempt recovery from a Static IPv4 Address Conflict condition. Recovery is attempted upon a link integrity loss and recovery, and by periodic retries (starting shortly after detecting the condition, and repeating hourly). Added support for products with 100A PIPS input metering. Added a Socket Adapter column to the Groups monitoring web page. Added fan sensor status to the dynamic System Overview web page, when a fan sensor is present. Added support for legacy RF Code 'STIRCK' tags. Updated support for RF Code 'STIPRO' tags, including several changes and fixes. These tags will be fully supported in an upcoming release of RF Code CenterScape software. Changed the maximum length of the LDAP Search Bind Password from 20 to 32 characters. Changed to ISO-8601 international date format and 24-hour time format for date/time stamps of files shown on the Files web page. This fixed a 12-hour time format bug in which '00:nn AM' was shown. Changed StartUp Stick support to log usage attempts when disabled, and to log status messages as an EVENT type, not CONFIG. Updated Server Technology INI Configuration (STIC) support to v2.15. This update supports the increased length of the LDAP Search Bind Password. Refer to STIC V2.15 documentation for details. Updated the Sentry Network Access Protocol (SNAP) version to 2.0.3. This update supports the increased length of the LDAP Search Bind Password. Updated the OpenSSL component to v1.0.2n (Dec 2017), which is the latest release of the Long Term Support (LTS) version. Fixed the Login Banner configuration web page to not truncate banner text to 255 characters. This problem was introduced in v8.0h. Fixed the Group Control web page to accept form submissions by non- administrator users that have group access rights. Previously the user was forced to re-authenticate, with the action not occurring. Fixed the SNMP agent to not skip the st4InputCordPowerCapacity object on products without PIPS input metering. Fixed scaling of Amp values in trending data files (*.csv). Amp values were being reported 10x high when the maximum value was at/over 10A. Fixed power factor graphical linear gauges on monitoring web pages to not be auto-scaled. Fixed STIC handling to avoid random crashes from improper/unknown sections. Fixed STIC to use signed values for Bluetooth 'transmission power'. Values of -1 to -6 will now be displayed and accepted, instead of 4294967295 to 4294967290. Fixed CLI commands that set thresholds to not allow low warning threshold values to be set below low alarm threshold values. Fixed threshold configuration web pages to not allow all four thresholds (low alarm, low warning, high warning, high alarm) to be set to the same value. Previously this was allowed, but resulted in the thresholds reverting to factory defaults, which was not apparent until refreshing or re-visiting the page. Note: web browser cache clearing may be needed for this change to take effect. Fixed detection of installed fan sensors. Fixed the All/None links on the Sensors web configuration page to also apply to fan sensors. Fixed the CLI 'show sensors' command to properly display five-digit threshold values for fan sensors. Built with an updated SNMP library with a minor memory-overwrite fix. 17-10-04 8.0j 2078 pro-v80j.bin Tenth production release Version 8.0j is a new-feature and maintenance release. This release had limited availability (for UPDU products only), but all changes below are included in future releases. Added support for up to eight SNMP v3 users, instead of just one fixed read-only user and one read-write user. SNMPv3 users are now created, removed, and assigned an access level, an authentication mode, an authentication password, and a privacy password. Using the web interface, SNMPv3 users are configured on a new 'SNMPv3 Users' configuration page. Using the CLI, SNMPv3 users are configured and displayed by these new commands: create snmpuser remove snmpuser set snmpuser { access | authmode | authpass | privpass } list snmpuser list snmpusers Previous CLI commands for SNMPv3 users are now deprecated and hidden, but are still supported. If more than two users are needed, then only the new commands should be used. Upon update, the previous read-only SNMPv3 user becomes the first user in the new SNMPv3 user table, and the read-write user becomes the second user. Added support for three-phase Wye and single-phase 'Smart Inline Meter' products. Added support for -48V 'Switched DC PDU' products. Added initial support for 'Universal Power Distribution Unit' (UPDU) products. These products have UDOT outlets that currently support basic adapters to C13 or C19 sockets. Future firmware updates will add support for smart adapters that are communicated to over a wireless infrared (IR) link. Added support for UDOT and Cx outlet socket types. These socket types support a user-selection of a socket adapter to a C13 or C19. Updated Server Technology INI Configuration (STIC) support to v2.14. This update added support for the extended SNMP v3 users described above. Refer to STIC V2.14 documentation for details. Updated the Sentry4 SNMP MIB (Sentry4.mib). This update added support for the new products described above. Refer to the description in the MIB for details. Fixed an encryption bug that caused certain AES256-encrypted configuration strings beyond a specific length to not be properly restored after a restart. The affected strings and lengths were: - SNMPv3 Authentication Password, when 32 characters or longer - SNMPv3 Privacy Password, when 16 characters or longer - LDAP Search Bind Password, when 16 characters or longer - TACACS+ Encryption Key, when 48 characters or longer - SSL User Certificate Passphrase, when 48 characters or longer - WLAN Key, when 48 characters or longer Fixed SNMPv3 set operations to writable Sentry4-MIB string objects when using MD5 authentication and DES privacy. Previously the operations would succeed, but the changes were not applied. Fixed active Low Warning and Low Alarm conditions to be cleared when the corresponding thresholds are set to zero. 17-06-28 8.0i 1983 pro-v80i.bin Ninth production release Version 8.0i is a minor maintenance release. Update to version 8.0i is recommended for all products. Updated the OpenSSL component to v1.0.2l (May 2017), which is the latest release of the Long Term Support (LTS) version. This includes various bug fixes, but no security fixes. Removed unnecessary logging of RF Code debugging messages, which were flooding the debug log. Fixed the Sensors configuration web page to accept changes instead of displaying the error message "Number of sensors has changed -- Action ignored". This problem was introduced in v8.0h with the initial fan sensor support. Fixed RF Code support to report the product series, PRO1 or PRO2. 17-06-15 8.0h 1973 pro-v80h.bin Eighth production release Version 8.0h is a new-feature, maintenance, and security-patch release. Update to version 8.0h is recommended for all products. Added Gigabit Ethernet (GbE) support. Added initial support for RF Code 'STIPRO' tags. Added fan sensor support. Added configuration of the outlet display order, per unit. Added support for Zero-Touch Provisioning (ZTP) to re-provision on a schedule. Added support to switched products for a web and CLI message to inform users that outlets will not change state upon a restart. Added daily CSV reports to trend file email attachments. Added support for a Japanese outlet-control enable/acceptance page, for PSE compliance. Changed the default power factor low alarm threshold to 0.3 and the low warning threshold to 0.4. Fixed the web server to no longer be vulnerable to the “Misfortune Cookie” security flaw (CVE-2014-9222). Fixed the web server to no longer be vulnerable to the "Digest Buffer Overflow Vulnerability" security flaw (CVE-2014-9223). Fixed orientation sensor reads after offline-online transitions. Updated Server Technology INI Configuration (STIC) support to v2.13. Refer to STIC V2.13 documentation for details. Updated the Sentry4 SNMP MIB (Sentry4.mib). Refer to the description in the MIB for details. 17-03-24 8.0g 1866 pro-v80g.bin Seventh production release Version 8.0g is a major security-upgrade and maintenance release. Update to version 8.0g is recommended for all products. Upgraded Transport Layer Security (TLS) to version 1.2 (RFC 5246). This support is based on OpenSSL v1.0.2k (January 2017), which is the latest release of the Long Term Support (LTS) version. Supported ciphers: TLS_RSA_WITH_AES_256_GCM_SHA384 TLS_RSA_WITH_AES_256_CBC_SHA256 TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_AES_128_CBC_SHA Removed TLS1.0 support and the 3DES (TLS_RSA_WITH_3DES_EDE_CBC_SHA) cipher. Only TLS1.2 is supported. Security upgrade notes and requirements: TLS1.2 support affects HTTPS, LDAPS, and SNAP. HTTPS (secure web server): A modern web browser with TLS1.2 support is required. Current versions of IE, Firefox, Chrome, Opera, and Safari have been tested and are supported. The HTTPS server uses the first matching cipher from the client preference list. LDAPS (secure LDAP client over TLS): LDAPS support requires a modern directory service with TLS1.2 support. Active Directory support has been tested with Windows Server 2012 R2. OpenLDAP support has been tested with v2.4.42. SNAP (secure access by Sentry Power Manager (SPM) software): SPM version 6.0.9 or later is required to support TLS1.2 for SNAP operations. Changed regenerated self-signed X.509 certificates to use a 2048-bit key and SHA256 as the signature hash algorithm, to comply with current minimum security standards. It is highly recommended (and may be required by some browsers) that old weaker self-signed certificates be removed from certificate stores and new stronger certificates be regenerated and accepted into certificate stores. Changed the LDAP Bind Type choice of 'TLS/SSL' to just 'TLS' on the LDAP configuration web page. Added Zero-Touch Provisioning (ZTP) support. Refer to the 'Zero Touch Provisioning (ZTP)' technical note for details. Added support for an updated StartUp Stick to reverse the factory ordering of branch and outlet numbering on a PDU. This feature is for use by system integrators with custom model numbers. Added dynamic adjustment of the default port number on the LDAP configuration web page when the Bind Type is changed. Added form submission by the Enter key on the Features configuration web page, and the Ping and View Log tools web pages. Added Log Filter persistence when changing between System and Debug log message lists on the View Log tools web page. Added support to store and present a per-unit product manufacture date, in YYYY-MM-DD (ISO 8601 format). The product manufacture date is shown on the Units configuration web page, by the 'show units' CLI command, and by the new SNMP st4UnitProductMfrDate object. Changed the behavior of the Files configuration web page to restart immediately upon successful upload of a valid firmware image, if different from the current image. Updated Server Technology INI Configuration (STIC) support to v2.12. Version 2.12 adds control of restart behavior upon upload, and adds support for Zero-Touch Provisioning (ZTP) configuration. Refer to STIC V2.12 documentation for details. Updated the Sentry4 SNMP MIB (Sentry4.mib): - Added the st4UnitProductMfrDate object. - Adjusted the upper limit of voltage objects to 600 Volts. - Fixed the st4InputCordOutOfBalanceEvent notification definition to include the correct objects. Updated the Sentry4 SNMP MIB object-ID tree (Sentry4OIDTree.txt): - Fixed the st4PhasePowerFactorHysteresis object number. - Fixed the st4WaterSensorStatusEvent trap number. SNMP agent fixes: - Fixed the st4OcpStatusEvent trap to include OCP objects, instead of incorrect branch objects. - Fixed the variable bindings of the st4WaterSensorStatusEvent objects to not be missing the st4WaterSensorIndex value. - Fixed the variable bindings of the st4AdcSensorEvent objects to not be missing the st4AdcSensorIndex value. - Fixed some SNMP traps not getting sent when many traps are generated in a short period of time. - Fixed unnecessary delays between sending SNMP traps when many traps are sent in a short period of time. - Fixed the agent to respond (per RFC 3414) with a wrong timeliness report to an SNMPv3 request with the authentication bit set, the privacy bit clear, the engine boots set to 0, and engine time set to 0, instead of an encryption failure. Fixed configuration changes to SNMP community strings, SNMP v3 users, and the SNMP trap format to indicate that a restart is required. Fixed SNMP IP Restrictions to not be presented as a trap sub-option in the web and CLI. Fixed the DHCP FQDN option to work with Microsoft DHCP servers by changing from binary encoding to ASCII encoding of the FQDN string in the DHCP option 81 packet. Although RFC 4702 (October 2006) deprecated ASCII encoding in section 2.3.1, Microsoft DHCP servers don't support binary encoding. Fixed some cases of slow off/on-line transitions of temperature/humidity sensors on master units. Fixed over-current protection device (OCPD) and branch drivers to support units with more than six OCPDs/branches. Fixed multiple changes to the Log Filter on the View Log tools web page to not indefinitely hang the web server. Fixed the CLI 'set ipv4 subnet' command to disallow '255.255.255.254' (a P2P link), which caused a network monitor thread crash and automatic restart upon startup. Fixed an ‘Invalid network configuration!’ error that was being sent out the console port upon startup when connected to a non-auto-negotiating switch/hub, despite subsequent proper network operation. Fixed a unit asset tag value to be cleared upon a purge of a disconnected unit. Fixed the wrong product name being displayed on the login failure web page. Fixed inconsistent font sizing and formatting on login, logout, restarting, and error web pages. Fixed login, logout, restarting, and error web pages to provide return links that don't bypass the login banner page. 16-08-25 8.0f 1693 pro-v80f.bin Sixth production release Version 8.0f is a maintenance-only release. Update to version 8.0f is recommended for all products. Added support for additional PRO1 models. Added a ping of the gateway address every two minutes as an access-point keep-alive when WLAN is enabled on WLAN-capable NIC hardware. Fixed Environmental Monitor Control Unit (EMCU) support, which broke in v8.0e. Fixed incorrect calculation of the Cord Power Capacity in delta products. Fixed a possible crash and automatic restart of the root thread due to a stack overflow resulting from constantly repeating SSH sessions. Fixed the web UI to allow outlet configuration changes when the unit name is blank. Fixed a minor formatting issue in the SHOW SMTP output. 16-05-20 8.0e 1672 pro-v80e.bin Fifth production release Version 8.0e is a maintenance and security-patch release. Update to version 8.0e is strongly recommended for all products. Added PRO1 support. PRO1 products are factory conversions/upgrades of legacy products that include a subset of the hardware features that are inherent in PRO2 products, yet provide the substantial benefits of the PRO2 enhanced NIC card, new product architecture, and firmware feature set. Added identification of the system product series (PRO1 or PRO2) to the Web, CLI, and SNMP agent. Added support to remove the last local administrator account when remote authentication (LDAP, TACACS+, or RADIUS) is in use. This is achieved by a new system configuration option called 'Local Administrator Account', which can be set to either ‘Required’ (the default) or ‘Optional’. Setting 'Local Administrator Account' to 'Optional' disables the restriction to remove the last local administrator. This also forces the configuration reset button to be enabled. Setting the configuration reset button to disabled forces 'Local Administrator Account' to be 'Required'. If no local administrator accounts are present when this occurs, then the configuration reset button is forced back to enabled. Only a remotely-authenticated administrator can remove the last local administrator account. The ‘Local Administrator Account’ option is configured by the web ‘Access’ page, the 'set access localadmin’ CLI command, SNAP, or STIC. Added a 24-hour history graph of cord power to the web Overview page, when trending is enabled. Added support for units with hardware input-feed failsafe support. Added alphanumeric sorting of local users, LDAP groups, and outlet groups. Added system status and flash information to DEBUG SUPPORT. Replaced the default SNTP servers (2.pool.ntp.org and 1.pool.ntp.org) with newly-registered Server Technology NTP pool servers (2.servertech.pool.ntp.org and 1.servertech.pool.ntp.org). Changed the product name to include 'PDU' (Power Distribution Unit) instead of 'CDU' (Cabinet Distribution Unit). Changed the product name in regenerated self-signed X.509 certificates to 'ServerTech Pro PDU' from 'ServerTech Pro2 PDU', to be common for either the PRO1 or PRO2 product series. Changed FTP server GET failure responses to distinguish between 'File Not Found' and 'Permission Denied'. Changed the system boot behavior to not complete the boot until all connected units have been brought online. This prevents logins, configuration changes, and control actions until the system is ready to successfully complete all operations. Changed DHCP static fallback to not apply when WLAN is enabled. Modified the CLI delete key behavior for increased compatibility with terminal programs, and consistency with editing environments. Modified UPS configuration to include a configurable name, for better identification and consistency. UPS lists are now sorted alphanumerically by name. Updated the SNMP Sentry4 MIB. This MIB added objects to support the PRO1 product series and corrected limits of various object. See the MIB revision description for details. Updated Server Technology INI Configuration (STIC) support to v2.11. Version 2.11 added 16 new sections with 82 read-write properties, changed 29 properties to read-write, fixed two issues, and improved validation and logging. Refer to STIC V2.11 documentation for details. Updated the Sentry Network Access Protocol (SNAP) version to 2.0.2. This version added support for the new 'Local Administrator Account' required/optional feature. Fixed a security issue with SNMP v1/v2c community strings. Fixed changes to the SNMP SysName, SysContact, and SysLocation strings to not require a restart to take effect. Fixed missing SNMP objects for products with multiple input cords in one unit. Fixed a race condition on a non-volatile memory flush flag that could result in some configuration changes not being written at the end of a series of rapid mass-configuration changes. Fixed a web upload of config.bak in a near-factory-default state (no added or modified users, LDAP groups, or TACACS+ privilege levels) to not result in the default administrator account being lost until a restart. Fixed cases of Temperature/Humidity sensors being slow to transition between online and offline states, or never transitioning. Fixed a restart to factory defaults to purge cached unit profiles, so that units which are no longer present in the system are not persistent. Fixed EVENTS to be sent to SYSLOG servers. Fixed missing serial input when using the CONNECT command. Fixed the default email Subject ID to be "Sentry_xxxxxx" (where "xxxxxx" is the last three octets of the MAC address) instead of the product name (e.g. "Sentry Switched CDU"). Fixed outlet voltage to read zero when the outlet is off. Fixed a change of the Temperature Scale from Celsius to Fahrenheit to not result in an invalid minimum temperature threshold value of 216. Fixed automatic adjustment of metric thresholds when a new unit is connected to not reset to default any previously-configured thresholds that are within the valid range of the new unit. Fixed outlet state change logging to not apply to Smart units. Fixed removal of a local LDAP group with the same name as a local user account to not logout an active user of that local account. Fixed several minor CLI and Web UI formatting, consistency, and display issues. Fixed several minor log message formatting issues. Removed insecure DES cipher support from the LDAPS client. 15-12-02 8.0d 1543 pro2-v80d.bin Fourth production release Version 8.0d is a maintenance-only release. Update to version 8.0d is recommended for all products. Fixed LDAP login failures. Previously, even with proper configuration, LDAP logins would only succeed if the optional 'Group Search' was enabled and succeeded. Fixed StartUp Stick support to perform an automatic restart after successfully applying one-or-more changes that require a restart. Fixed WLAN/Wi-Fi support to avoid UI options disappearing. Fixed the SNMP agent to only accept an integer data type in set operations of st4OutletControlAction, st4OutletQueueControl, and st4TempSensorScale objects. Fixed the web interface to display system alert messages. Fixed rare cases of slow-to-respond outlet state-change actions. Fixed rare cases of outlets failing to sequence ON after initial power-up. Fixed STIC support to enforce a minimum bluetooth name length of 1, and to not reset the SPM password when 'no' is specified. Fixed UPS line load shedding to include link units. Fixed several minor formatting issues with log messages. Rebuilt the SSL, SSH, LDAP, Directory Services, and Energywise libraries, to accommodate updated dependencies. 15-08-06 8.0c 1366 pro2-v80c.bin Third production release Version 8.0c is a new-feature, maintenance, and security-patch release. Update to version 8.0c is recommended for all products. Added StartUp Stick support. The StartUp Stick is a tool for quick and easy mass-configuration of operating parameters. See https://www.servertech.com/products/accessories/startup-stick for further information. Added wireless local area network (WLAN) support for new Wi-Fi IEEE 802.11 b/g/n NIC hardware. Added support for Load Shedding due to humidity-sensor high-threshold events. Outlet actions (on or off) can now be configured to occur automatically when a humidity measurement crosses a high threshold, with optional reverse action upon recovery (with hysteresis). Related changes include: - Added SET LOADSHED SENSOR HUMID. - Added SET OUTLET HUMIDEVENT. - Updated the SHOW LOADSHED command to display the humidity load-shedding configuration. - Updated the web Load Shedding pages to configure and display the humidity load-shedding configuration. Enabled support for ongoing IPv4 address conflict detection (ACD). Previously only initial IPv4 ACD was enabled. Added drivers for new hardware sources of over-current protection device (OCPD) and branch status. Added support for CTRL-C to abort CLI operations, where applicable. Updated Server Technology INI Configuration (STIC) support to v2.10. Version 2.10 added 16 new sections, 46 read-write properties, 32 write-only properties, 1 special repeat property (banner), and user management operations (create, delete, update). Refer to STIC V2.10 documentation for details. Changed the minimum Shutdown Delay from 30 seconds to 1 second. Changed regenerated self-signed X.509 certificates to use SHA-1 as the signature hash algorithm, instead of weak MD5. Removed weak MD5 HMAC algorithm support from the SSH server. Removed a requirement for network startup to complete before internal event logging starts. Fixed Load Shedding to not require a network connection, except for UPS shedding, which requires a network connection for SNMP polling of a UPS. Fixed Load Shedding to not stall during the sequencing of multiple outlets with 'On' shedding actions. Fixed the web Load Shedding configuration page to display a missing '--All--' dropdown box for global configuration of the On-Battery Shedding option. Fixed web group monitoring and control pages to always sort groups alphanumerically. Fixed driver handling of sensed power states for outlets with no relays. This problem caused Smart units to invert reported outlet states. Fixed a failure to sequence relays ON after asynchronous microcontroller resets on relay control boards. Fixed the Email/SMTP web page to not allow spaces in the authentication username. Fixed minor UI issues. 15-05-21 8.0b 1246 pro2-v80b.bin Second production release Version 8.0b is a new-feature, maintenance, and security-patch release. Update to version 8.0b is recommended for all products. Added support for bootloader firmware updates by the same methods as application firmware updates. This addition was made to support customer/field updates to bootloader version 4.0g, which addresses a critical issue with the redundant network power feature (see nim2-blt-history.txt). After update to v8.0b application firmware, update to v4.0g bootloader firmware (nim2-blt-v40g.bin) is recommended for all products. Added persistence of link units across restarts. Link units that have been added to the system will no longer 'disappear' if the master-unit NIC is restarted while the link unit is powered down or disconnected. This allows for alerts to continue after a restart for link units that are errantly missing (for example, by an accidentally-disconnected cable) or in an error condition (for example, lost power). Link units that are intentionally removed from the system must now be 'purged' to avoid alerts. Added support for the GMT offset to be set in minutes, to accommodate partial-hour time zones. All standard international time zones from -12:59 to +14:59 are now supported. The GMT offset in minutes can be configured via web, CLI, STIC, and SPM Secure Access. Added support to upload/restore 'config.bak' through the web 'Files' page. Added support for FTP MGET operations. Support is strictly limited to 'mget *' and 'mget *.*' wild-card handling on local paths. Added Server Technology INI Configuration (STIC) v2.00 support. STIC provides the ability to read and write configuration changes through a text file, config.ini. This file may be read, modified, and written via HTTP/S and S/FTP. Refer to STIC V2.00 documentation for details. Removed support for legacy ftp.ini, sntp.ini and network.ini configuration files. The configuration settings in these files are now included in config.ini. Removed the ALL keyword as a target option for the SET PORT command. SSH server changes and fixes: - Removed insecure 96-bit digest HMAC algorithm support. - Removed blowfish cipher support. - Fixed sessions to not hang after receiving 1000 characters. - Fixed support for newer SSH clients with long HMAC algorithm lists. - Fixed the server to not send a 'window adjust' packet for every received character. - Increased the maximum packet and windows size. - Added sending an exit-status value of 0 to a session close. - Fixed a session close to send the final 'Session Ended' message before disconnecting. - Removed an extra newline after the 'Session Ended' message. - Substantially improved the SFTP server speed of a file upload. A firmware upload now takes a bit over a minute, versus about five minutes previously. - Fixed the SFTP server to refresh the session timeout on any session operation. Updated the Sentry Network Access Protocol (SNAP) version to 2.0.1. This version added support for GMT offsets and fixed the 'User Add' command to correctly set local user passwords. Updated the SNMP Sentry4 MIB. This MIB corrected the UNITS and value range of temperature sensor threshold objects. Fixed setting the display orientation and outlet sequence order via SNMP using the 'st4UnitDisplayOrientation' and 'st4UnitOutletSequenceOrder' Sentry4 MIB objects. Fixed the SNMP object 'st4TempSensorValue' in a 'st4TempSensorEvent' trap to return a value of -410 instead of -1 when a reading is invalid or not available. Improved the robustness of NVM updates and reads during link unit connections and disconnections. This fixes spurious NVM failures and the potential for a stale serial number when link units are changed quickly. Fixed spurious boot-time off/on-line errors from temperature/humidity sensors on master units. Fixed spurious over-current protector device off/on-line errors on certain models during boot or connection of a link unit. Fixed transient phase and outlet power factor warnings/alarms during load additions/removals and outlet relay state changes. Fixed cases of the TCP/IP stack 'up' event occurring prior to final acquisition of a static IPv4 address. This fixes the SNMPv3 Engine ID being wrong (ending with zeros) when the Ethernet cable is plugged in after the boot completes. Fixed a potential memory overrun in the cryptography library. Fixed the default display orientation and outlet sequence order to be determined by the factory-loaded product profile. Fixed the 'DHCP Static Address Fallback' feature to default to enabled. Note, this fix requires bootloader v4.0f or later. Fixed low-heap detection, increased low-heap thresholds, and expanded the network heap. Fixed presentation of fused units as having fuses, not breakers. Fixed configuration of the SMTP authentication username to not allow spaces. Fixed the CLI 'set ldapgroup sysmon' and 'set tacpriv sysmon' commands to properly set 'System Monitor' access rights for users remotely- authenticated by LDAP or TACACS+. Fixed the CLI to allow removal of the last LDAP group when access is 'Remote Only'. Fixed potential logouts and hangs by some internal DEBUG commands. Changed displays of the Ethernet MAC address to show dashes instead of colons. Several cosmetic fixes. 15-01-21 8.0a 1094 pro2-v80a.bin First production release This is the initial release of firmware for the PRO2 product family. This includes the PRO2 series of Smart and Switched Cabinet Distribution Unit (CDU) and Power Distribution Unit (PDU) products. A new 'PRO2 User Guide' for 'Firmware Version 8.0' accompanies this release. Please refer to this manual for complete configuration and operation instructions. =============================================================================== Copyright (C) 2019 Server Technology