New beta software v1.8.0rc1 is now available here:
- ERLite-3 and ERPoe-5 (3-port and 5-port models):
- ER-8 and ERPro-8 (8-port models):
- ER-X and ER-X-SFP (new models):
Note: The router keeps two firmware versions (active and backup). On the ER-X/ER-X-SFP, which has more limited storage, in some cases upgrade may fail due to not enough space (at some stages during upgrade all three versions exist on the system at the same time). If this happens, remove the backup image (using “delete system image” command, see here for more details) before doing upgrade. Either way there will still be two versions (previous active becomes backup) after the upgrade.
This release adds more fixes for issues reported during the alpha/beta testing so far. We should be close to the 1.8 release now thanks to the many community members who have tested the alpha/beta releases, reported issues and provided detailed information, helped test and verify our fixes, and even provided patches to the code! Please give this a try and let us know if you find any issues of course. Thanks again!
[Release Notes v1.8.0rc1]
Changes since v1.8.0beta3
**Enhancements and bug fixes **
- [DHCPv6] Update wide-dhcpv6-client to latest Debian version 20080615-16 (building our own package). This is suggested by and discussed with @goofball @Brontide @Aggraxis @jasonrm here for improvements in DHCPv6 PD behavior etc. goofball first tested his own updated package and reported positive result, and he and Aggraxis also helped test/verify our experimental package, so thanks very much!
- [Web UI] Adjust layout for address group fields in firewall rule config
- [Web UI] Fix firewall configuration issue that leaves empty firewall section after deletion
- [CLI] Add “show interfaces ethernet physical” command
Fixes/changes for issues found/reported during alpha/beta testing:
- [Routing] Fix ribd crash issue when IPv6 connected route is being added/deleted in some cases. Reported by and discussed with@NVX @skidmata @BranoB @bjck @r4m3u5 here and here.
- [Routing] Fix issue with losing connected routes for VLAN interfaces in some cases. Reported by @ringnebula here.
- [Routing] Reorganize and simplify “debug” operational commands for routing daemons. Now the following “debug” commands are available for the individual daemons (auto-completion result shown):ubnt@ubnt:~$ debug Possible completions: bfd Enable Bidirectional Forwarding Detection (BFD) debugging bgp Enable Border Gateway Protocol (BGP) debugging ldp Enable Label Distribution Protocol (LDP) debugging nsm Enable Network Service Module (NSM) debugging ospf Enable Open Shortest Path First (OSPF) protocol debugging ospfv3 Enable IPv6 Open Shortest Path First (OSPFv3) protocol debugging rib Enable Routing Information Base (RIB) debugging rip Enable Routing Information Protocol (RIP) debugging ripng Enable RIPNG protocol debugging rsvp Enable Resource Reservation Protocol (RSVP) debuggingThese can be used to enable debug logging for each component. The “no” version of the command disables the corresponding debug logging, for example, “no debug ospf” cancels the “debug ospf” command. Of course if needed we can add more granular debug control in the future.
- [Routing] Fix dynamic interface handling for table interface route. Reported by and discussed with @tommie @NS-K here. They also helped test/verify the fix, so thanks very much!
- [BGP] Fix “update-source” config to handle dynamic interface/address correctly. Reported by @matthardeman here.
- [BGP] Fix “max-paths ebgp” config and add validation. Reported by @dragon2611 here.
- [Interface] Fix issue with moving IP address from one interface to another (i.e., delete and set) in the same commit in some cases
- [Interface] Make warning message more explicit when creating VLAN interface and setting MPLS interface in the same commit. Reported by and discussed with @snotr here.
- [Traffic analysis/DPI] Implement several enhancements that should improve application classification accuracy in some cases.
- [Traffic analysis/DPI] Make offloaded and non-offloaded cases work together better
- [Web UI] Fix typos in Advanced Queue page
- [Web UI] Add transition to dropdown list for node edit in Advanced Queue page
- [Web UI] Fix issue with Smart Queue page displaying extra empty policy. Reported by r4m3u5 @meyergru here.
- [Advanced queue] Fix issue preventing default match to be added
- [Advanced queue] Add validation to disallow source MAC address match under interface root and destination MAC match under global root. Such matches will not have effect so would be better to disallow it to avoid confusion.
- [SNMP] Add proper error message if listen address is set to link-local IPv6 address but no interface is configured.
- [IPsec] Fix “force-encapsulation” config setting and its help text. Reported by @train_wreck here.
- [CLI] Label “show ip route cache” command as deprecated as it is no longer supported.
**Updated software components
- Update ISC DHCP: Fix CVE-2015-8605
- Update bind9 to 1:9.8.4.dfsg.P1-6+nmu2+deb7u9: Fix CVE-2015-8704
- Update libpng to 1.2.49-1+deb7u2: Fix CVE-2015-8472 and CVE-2015-8540
- Update gnutls26 to 2.12.20-8+deb7u5: Fix CVE-2015-7575
- Update openssh to 1:6.0p1-4+deb7u3: Fix CVE-2016-0777 and CVE-2016-0778
- Update sudo to 1.8.5p2-1+nmu3+deb7u1: Fix CVE-2015-5602