This firmware is now available. Please visit the product's support page on www.axis.com for the download, full release notes and installation instructions.
NOTE
====================
For latest information about Axis Cybersecurity, see
https://www.axis.com/se/sv/support/product-security.
BEFORE upgrading from 5.75.1.13 please note the following IMPORTANT INFORMATION:
As this is a very large step in Firmware versions, a Factory Default or
Factory Restore of the camera is required after the update in order to ensure
full functionality.
This can be done via the web interface. Go to Settings > Sytem > Maintenance.
More information on performing a Factory Reset can be found in the User Manual.
New features in 8.45.3
================================================================================
8.45.3:F1
Axis Zipstream now supported for reduced bandwidth and storage requirements.
8.45.3:F2
Added support for ONVIF Audio Backchannel.
8.45.3:F3
New web-interface with improved usability and broader support of web-clients and
operating systems. For more information please see
https://www.axis.com/global/en/support/technical-notes/browser-support.
8.45.3:F4
CamStreamer ACAP updated to 3.4.2.
8.45.3:F5
Added support for AES-CBC 256-bit SD card encryption.
8.45.3:F6
Axis Video Motion Detection updated to 4.2.5.
8.45.3:F7
Added a new section "Snapshot of current CPU utilization" that prints
information about CPU utilization and memory consumption of processes in the
server report.
8.45.3:F8
Changed the default timeout of HTTP-Recipient based action rules from 10s to
120s to compensate for unstable networks or slow clients. After the timeout is
reached, the action rule will be re-tried.
8.45.3:F9
Added the possibility for the user to share anonymous usage data with AXIS
developers.
8.45.3:F10
Added support for automatically negotiating the preferred SMB protocol version
with SMB 2.1 or higher in order to increase the overall minimum cybersecurity
level. Please refer to the follwing FAQ for more information ->
https://www.axis.com/support/faq/FAQ116392.
In case SMB 1.0 or SMB 2.0 is required due to compatibility issues, we recommend
setting the Extra Mount Options in PlainConfig -> Storage to a specific
version"vers=x.y" (e.g vers=1.0 or vers=2.0). Please note that there are two
Storage groups that are related to a mounted network share (normally Storage S1
and Storage S2) and both of them need to have the correct version in Extra Mount
Options.
8.45.3:F11
Added support for ONVIF Audio Backchannel with support for G711 and G726 audio
codec. Cameras are able to retrieve audio while sending an audio capable video
stream with metadata in the same RTSP session.
8.45.3:F12
Updated OpenEmbedded to version Poky Rocko to increase overall cyber security
level.
8.45.3:F13
Updated the maximum number of recipients for action rules to 20 from 10.
8.45.3:F14
Changed the default setting of SRTP to disabled in order to reduce the number of
ports opened by default.
8.45.3:F15
Prepared support for signed firmware to increase overall cyber security level.
It is planned that the product will only accept AXIS security-signed firmware
starting in Q1/Q2 2019 and onwards.
8.45.3:F16
The possibility to edit scripts in camera has been disabled per default in order
to increase minimum cyber security level.
8.45.3:F17
Updated NTP server (openntpd) to version 6.2p3.
8.45.3:F18
Added support for showing hidden resolutions via API. The parameter
Properties.Image.ShowSuboptimalResolutions has been added which will, when
enabled, show all of the products supported resolutions.
8.45.3:F19
Changed the behavior of the capture mode parameter. Changing capture mode
requires a reboot now.
8.45.3:F20
Support for Firmware Recovery under Settings -> System -> Maintenance. The
product is saving a restore point every time the firmware is updated, allowing
the user to rollback to a previous firmware and its configuration.
8.45.3:F21
Support for HTTP keep-alive connections via ONVIF. PTZ products can now be
controlled via HTTP keep-alive connections. This increases PTZ control accuracy,
reduces overhead communication and therefore lowers the risk for security
focused network infrastructure or unstable networks to block or drop PTZ control
commands.
8.45.3:F22
Support for browser stream statistics in Live View.
8.45.3:F23
Support for Password Security Confirmation Check. To increase overall
cybersecurity awareness, a user-configured password that is considered "weak"
need to be confirmed actively twice by the user.
8.45.3:F24
The functionality of enabling Axis DNS Service via control button has been
disabled by default. It can be enabled again using VAPIX.
8.45.3:F25
Changed the default web server authentication from Basic & Digest to Digest
only.
8.45.3:F26
Upon a factory default, the camera will generate a self-signed certificate at
boot and enable HTTPS. This allows clients to use encrypted access from start.
If HTTPS is to be used in daily operations, it is recommended to replace the
generated self-signed certificate with a CA-signed certificate.
8.45.3:F27
PTZ products can be controlled now via HTTP 1.1 keep-alive connections which
increases PTZ control accuracy, reduces overhead communication and therefore
lowers the risk for security focused network infrastructure to block PTZ control
commands when controlling a PTZ camera.
8.45.3:F28
Support for AXIS SD card health API. The SD card health API allows a client to
track and request the health and wear-out state of an camera with AXIS
Surveillance SD Card.
8.45.3:F29
The Axis Media Control (AMC) is not longer embedded in the product and needs to
be downloaded separately on https://www.axis.com/global/en/support/downloads
/axis-media-control if needed. The Java Applet has been removed as well.
8.45.3:F30
Our ONVIF implementation have been improved by adding
GetVideoEncoderConfigurationOptions extension. This makes it possible for an
ONVIF client to get the bitrate range.
8.45.3:F31
Renamed "Browser Stream Statistics" to "Client Stream Information". The Client
Stream Information are available in the web-interface of the camera.
8.45.3:F32
The new web-interface supports 12 different pre-installed languages which will
be chosen automatically based on browser settings. Uploading individual language
files is not needed anymore.
Supported Languages:
English - German - French - Spanish - Italian - Portugese - Polish - Russian -
Japanese - Chinese (Mainland) - Chinese (Taiwan) - Korean
8.45.3:F33
Updated help files with more detailed information about SMB and Certificate
support in AXIS products.
Corrections in 8.45.3 since 5.75.1.13
=========================================
8.45.3:C1
Updated OpenSSL to version 1.1.1d to increase overall minimum cyber security level.
8.45.3:C2
Updated Apache to version 2.4.41 to increase overall minimum cyber security level.
8.45.3:C3
Update libssh2 to version 1.9.0 to increase overall minimum cyber security level. This
update includes correction for CVE-2019-13115.
8.45.3:C4
Corrected the following kernel vulnerabilities to increase overall minimum cyber security
level (collectively known as "TCP SACK PANIC"):
CVE-2019-11477,CVE-2019-11478,CVE-2019-11479.
8.45.3:C5
Improved the certificate management system: It is now possible to upload PKCS#12
certificates with a total size of 102400 bytes. The previous limit was 1/10 of it.
8.45.3:C6
Improved the certificate management system: added support for certificate IDs with long
names.
8.45.3:C7
Added support for TLSv1.3.
8.45.3:C8
Corrected security vulnerability in Systemd CVE-2019-6454 to increase overall minimum
cyber security level.
8.45.3:C9
Improved the certificate management system: added system log information for failing
certificate upload.
8.45.3:C10
Improved robustness of the O3C client.
8.45.3:C11
Updated OpenSSH to version 7.9p to increase overall minimum cyber security level.
8.45.3:C12
Added information about Certificate ID to the Installed Certificates section in the server
report.
8.45.3:C13
Corrected the following security vulnerabilities to increase overall minimum cyber
security level: CVE-2019-3855, CVE-2019-3856, CVE-2019-3857, CVE-2019-3858, CVE-2019-3859,
CVE-2019-3860, CVE-2019-3861, CVE-2019-3862, CVE-2019-3863, CVE-2018-10876, CVE-2018-10877,
CVE-2018-10878, CVE-2018-10879, CVE-2018-10880, CVE-2018-10881, CVE-2018-10882, CVE-2018-10883,
CVE-2018-17182, CVE-2018-5390, CVE-2018-14526, CVE-2016-2147, CVE-2016-2148, CVE-2017-9798,
CVE-2018-16864, CVE-2017-16544, CVE-2019-6454, CVE-2018-16865, CVE-2018-16866, CVE-2019-0217
8.45.3:C14
Updated pre-installed Mozilla CA-certificates to versions available at 20190122.
8.45.3:C15
Added GOP Length option to the Stream Profile Settings.
8.45.3:C16
Improved list.cgi to display all installed applications (no longer limited to 8).
8.45.3:C17
Improved stability in the httptest.cgi.
8.45.3:C18
Added Firmware Recovery (Firmware Rollback) information to the server report.
8.45.3:C19
Added selection boxes for disabling TLSv1.0 and TLSv1.1 in Settings -> System ->
PlainConfig -> HTTPS to enforce the highest possible TLS version for HTTPS-based
connections.
8.45.3:C20
Improved HTTP image upload stability in unstable networks.
8.45.3:C21
Improved camera stability when metadata is used.
8.45.3:C22
Improved loading of the web-interface in unstable networks.
8.45.3:C23
Improved stability in actionengine (tcp notification).
8.45.3:C24
Increased the limit of concurrent HTTP requests for I/O related VAPIX commands from 4 to
10.
8.45.3:C25
Adjusted re-connection behavior of interrupted AVHS connections on AVHS-server side. The
time between failed connection attempts will now gradually increase until a hard limit is
reached.
8.45.3:C26
Added Perfect Forward Secrecy ciphers (DHE-RSA) to the ciphers selection.
8.45.3:C27
Added selection boxes for disabling TLSv1.0 and TLSv1.1 in Settings -> System ->
PlainConfig -> HTTPS to enforce the highest possible HTTPS negotiation client handshake
via TLSv1.2.
8.45.3:C28
Added a Storage Stability Helper service for better handling of Network Shares.
8.45.3:C29
Adds PID/program name to network connection list in the Server Report.
8.45.3:C30
Updated R2 GlobalSign Root Certificate to version 20170717. Required to enable Email
recipients using 'Validate server certificate'.
8.45.3:C31
Added support for certificates with expiration dates beyond year 2038.
8.45.3:C32
Support for HTTP keep-alive connections via ONVIF. lowers the risk for security focused
network infrastructure or unstable networks to block or drop PTZ control commands.
8.45.3:C33
Corrected an issue that let the PTZ control queue ignore an
an anonymous viewer account and deny PTZ control.
8.45.3:C34
Improved user notification when creating a E-mail recipient that contains wrong domain
information.
8.45.3:C35
Improved camera stability when metadata is used.
8.45.3:C36
Improved camera stability when using liblicensekey.
8.45.3:C37
The correct IPv6 router IP-addresses are now shown correctly in the network
interface of the web-interface and in ONVIF responses.
8.45.3:C38
Adjusted the system log messages for the NTP daemon to be more specific and
highlight that there is a time drift instead of an "adjustment".
8.45.3:C39
Upgrade SSL negotiation in the AVHS client to SSLv23 instead of the deprecated TLSv1.
8.45.3:C40
The triple DES cipher is not selected as DEFAULT in the HTTPS settings to
increase overall cyber security level.
8.45.3:C41
Updated the Portable UPnP SDK to 1.6.22 to increase the overall cyber security
level.
8.45.3:C42
Improved stability for TCP notifications.
8.45.3:C43
Improved camera stability when TriggerData is used.