UniFi 5.2.7 is released

UniFi 5.2.7 is our newest official General Availability Release for UniFi wireless AP (UAP), routing (USG), and switching (USW).

 

How to play safe?

Make sure you always do a backup before any updates, especially if you plan to upgrade your existing installation.

 

Release Notes:

  • For people who are migrating from v3, there’re many changes to APIs and it’s not backward compatible. You may need to update the shell library (unifi_sh_api) and/or your customized portal/external portal code.
  • For hotspot management console, make sure you have bookmark the URL with site ID (i.e. x66cipn3, or whatever random string is generated for that site). For example:
    https://unifi.yourdomain.com:8443/manage/hotspot/site/SITE_ID
  • For Debian/Ubuntu users, please update your APT source (see HERE).
    • unifi-beta/unifi-rapid are obsoleted. The old repo has been removed.
    • use ‘unifi5’ in your source file, instead of ‘stable’ or ‘unifi4’
  • You can no longer manage/control UniFi VoIP devices from the UniFi controller. Please use the UniFi VoIP controller for UVP products. The latest release as the time of this post is found HERE.
  • You can no longer toggle the VoIP port on the USG (UGW3). It needs to be enabled prior to upgrading/using v5, otherwise you will not be able to control it. If you rely on using the VoIP port then you may want to stay on v4.8.19. Currently it can only be configured as a secondary WAN in v5, but we will be expanding the functionality so it can be used as either a secondary WAN or LAN (LAN will be fully configurable).

Other Notes:

  • Windows users must have x64 Java installed as we only support 64 bit webRTC library. Please see HERE and download the missing version (64bit offline Windows install package).
  • If you are coming from an earlier release, and aren’t familiar with the changes in v5, please see our initial release post HERE.
  • You cannot re-use a VLAN ID for dynamic VLAN if it is set as a static value for another SSID on the same AP. So, if I have a SSID set to use VLAN 10, I cannot use VLAN ID 10 for RADIUS controlled VLAN users as those users will not get an IP.
  • Cloud Access feature in this release is not supported on Linux/ARMv6 architecture (for exmaple, Raspberry Pi 1). If you have problem starting controller on this platform, please remove the native library:
sudo rm /usr/lib/unifi/lib/native/Linux/armhf/libubnt_webrtc_jni.so
  • Smart Queue QoS is similar to the implementation as in EdgeOS (see HERE). Please note that DPI will not work when using Smart Queue QoS, as traffic will not be offloaded. It’s also worth noting that maximum throughput will be affected when using Smart Queue QoS, as traffic is not offloaded. There are some rough guidelines in the article linked above.
  • Do note that DFS channels can not be used for wireless uplink as of this release. Please use non-DFS channels if you need to use wireless uplink on dual band UAPs.
  • It appears that VHT80 uplinks work on channel 36 and 149, but may not work with other channels selected (44, 153, 159). This bug has been present for a while. VHT20/40 and HT20/40 should work properly.
  • You cannot adopt USG unless it is on a newer firmware, so it’s recommended to use the firmware bundled with this release.
  • There is a known bug with RADIUS accounting in 3.7.17 on 1st gen UAPs, where it will report 4GB use upload and 4GB use download on the STOP message, regardless of actual use. This was introduced in firmware 3.7.9, and is related to the 10.2 driver merge. We will release an update in the near future to fix this. For anyone relying on RADIUS accounting, please continue to use firmware 3.7.8 or lower until further notice.
  • If your USW shows as disconnected after firmware upgrade you can perform a set-inform (similar to L3 adoption, see HERE) or you can powercycle the USW. Either method should restore the device to a connected state.

 

New Features:

  • Add Static Routes and Firewall rules (beta) in Settings.
  • Add Auto Backup in Settings.
  • Add Remember me to login page (extend session timeout to 24h).
  • Device details: Add Channel Utilization.
  • Added minimum rate and beacon control for UAPs
  • Added memory usage and load average to AP and switch details
  • Added the ability to config gateway, switch and AP LED on/off state
    • Added LED config option to device General config form
  • Added smart banner for iPhone/iPad devices.
  • Add DPI category/app/client views in Statistics.
  • Allow overriding angular Hotspot Portal files.

 

Controller Bugfixes/Changes from 5.0.7:

  • Disable Custom Upgrade when Auto Upgrade is on.
  • Fix wrong number of devices in channel occupancy graph on Dashboard.
  • Fix select maps dropdown.
  • Store less, fetch more approach to insights, alerts, events, settings, admins.
  • UI performance improvements.
  • Add configurable list of languages in Hotspot Portal.
  • Store less, fetch more approach to networks, site health, known clients and other insights data.
  • Allow admin accounts to login to hotspot as a fallback.
  • Throughput graph: display correct value of avg throughput in download tooltip.
  • Added alias config to configuration of phone property panel.
  • Fixed for printing vouchers over WebRTC.
  • Backup settings only without historical data.
  • Added latency formatting filter.
  • Added warning to confirm modal for upgrade/update.
  • Improved WebRTC handling.
  • Quick Stats: prevent displaying arrows without values.
  • Fixed “view all” for known clients and neighboring APs.
  • Map coordinates stored as floats instead of strings.
  • Added browser warning for non-Chrome/Firefox browsers.
  • Pending changes label more verbose.
  • Added warning before closing all property panels if any docked panels have changes.
  • Fix client uplink sort to account for switch port.
  • Expose SDN log level.
  • Added SV and NL languages for hotspot portal.
  • Added handling of events pushed from backend.
  • Added TURN support for debug terminal.
  • Improved RF environment.
  • Added Polish translations.
  • Fixed editing image maps.
  • Added sorting hotspot packages.
  • Fixed sorting PoE power.
  • Added RADIUS port for network configuration.
  • Added sites overview device list.
  • Added mirroring port and WLAN group ZH tooltips.
  • Transition switch port diagram between PoE and blocking icons.
  • Split switch icons into PoE into PoE+ and 24V PoE.
  • Update Debian dependency, to allow Oracle Java (this allows you to remove OpenJDK, if desired. This can save space on CK). **** see note below
  • Add UK to countries supported by Stripe,.
  • Added shorter time filter options for neighboring AP insight.
  • Fixed INFORM_ERROR state and allow adopting in this state.
  • Fixed http hostname lookup during app load.
  • Setting default autobackup expression to monthly.
  • Added preference for disabling websocket.
  • Fixed case when there is no selected map.
  • Added bandwidth info of neighboring AP, and grey out RSSI if too old.
  • Changed property panel adopt icon to blue.
  • Improved stability of WebRTC connections.
  • Added new rfscanning state.
  • Added model with data retention update.
  • Enabled autobackup during initial setup.
  • Added pt_PT language to hotspot portal.
  • Do not allow read-only users to create vouchers.
  • Added search functionality to site overview modal and full page.
  • Added alert count to site overview pages.
  • Show more than just “Enabled” for WLAN overrides.
  • Renamed state from “Pending approval” to “Pending adoption”.
  • Adopt button in panels use reverse and round action icon style.
  • Show backend version in controller settings.
  • Added performance improvements on device page.
  • Added check device firmware update button to settings.

****As stated in the note, this is just a change with the package dependencies, this does not change the init script. To properly define the JAVA_HOME on your Debian/Ubuntu installation you should create a default file to define the path. This method is persistent across controller upgrades. Something like the following will work (update JAVA_HOME path as needed):

echo "JAVA_HOME=/usr/lib/jvm/java-8-oracle" | sudo tee /etc/default/unifi

 

Firmware Changes from 3.7.5/4.3.16:

  • [UAPG2] Fix a bug with Legacy mode that left it always on, regardless of setting.
  • [UAPG2] Fix rate limiting on non-guest VAP.
  • [UAPG2] Fix LAN lockup issue with AC-Lite/LR when connected to some 100Mbps switches.
  • [UAPG2] Guest isolation (ap_bridge) update
  • [UAPG2] Add arp to busybox, previously was missing.
  • [UAPG1] Update base driver to 10.2.
  • [UAP] Merge all connectivity improvements (see HERE, HEREHERE, and HERE).
  • [UAP] Disable ATF in default config.
  • [UAP] Change default DTIM to 3.
  • [UAP] Fix client TX stats showing as double RX stats on 2.4G radio.
  • [UAP] Allow CCK for 802.11b STA.
  • [UAP] Some changes related to RADIUS controlled VLANs.
  • [UAP] Add DFS channel support for models that are approved.
  • [UAP] Further improvements to mitigate intermittent connectivity conditions.
  • [UAP] Further improvements to Apple device compatibility.
  • [UAP] Further improvements to multicast performance/packet success rate (PSR).
  • [UAP] Further fixes to HW/SW retry algorithm.
  • [UAP] Improved SNMP support, and updated TinySNMP library (2 MIB files, found HERE, and HERE).
  • [UAP] Add netconsole library.
  • [UAP] Fix for reboots in high interference areas (reported HERE).
  • [UAP] Fix resource leak from socket call (reported HERE).
  • [USW] Add backend support for LLDP-MED.
  • [USW] Change FASTPATH local telnet access to port 23, and add warning that changes are not persistent.
  • [USW] Update base to ES 1.5.0.
  • [USW] Fix bug with remote terminal triggering 100% CPU usage.
  • [USW] Fix US-8-150W flipped PoE LED after power cycle.
  • [USG] Fix OOM issue, causing frequent reboots for some users.
  • [USG] Pass some non-offloaded packets to kernel, instead of calling dev_queue_xmit directly (helps with some crashes).
  • [USG] Improve handling of L4 packets with bad checksum.
  • [USG] Disable SSH on WAN in factory default state.
  • [USG] Add netconsole support.
  • [USG] Fixes last_seen issue, where disconnected stations show as wired to USG.
  • [USG] Adjustments to handling of DHCP events, to mitigate reboots on high traffic sites.

 

Bundled Firmware:

Note that the bundled firmware links for UAP and USW are HTTP as currently HTTP links are required for custom upgrade via the controller UI, or firmware upgrade via CLI. You can update the link to HTTPS if you desire, but it will not work for either of those firmware upgrade methods.

 

Download:

Source: ubnt.com

Facebooktwittergoogle_plusredditpinterestlinkedinmail

Weekly Grocery List – Free Printable

Every Saturday we sit down with our meal planning sheet and plan out what we are doing and what we are going to have for dinner.  We create our shopping list based off of the weekly meal plan.

Try it out and see if it works for you.  Some of the surprising benefits of doing this is:

  • We have stopped eating out as much.  Not only have we saved money, but it is so much healthier.  My children have gotten involved in the process of deciding what we eat and they help me make it sometimes.
  • We save time.  When we know that on Monday we are having chicken breasts for dinner, We might cook a few extra and use it for dinner on Wednesday.  When we had no plan, we couldn’t plan ahead.
  • We eat together as a family every night.  Well, almost every night, life does happen, but for the most part, we sit together at the table every night and eat a meal together.

Is there a resource that you use that you love?  How do you meal plan?  Tell us about it in the comments section.

Want to download our meal planner? Click here or the image below.

weekly-grocery-list

Feel free to print these off and use them for personal use. Pin them now to remind you to start fresh next week. I hope they help you plan ahead and conquer the daily battle of “what’s for dinner.”

Facebooktwittergoogle_plusredditpinterestlinkedinmail

New Cry Ransomware Strain Has Unusual Advanced Features

“A new ransomware that pretends to be from a fake organization called the Central Security Treatment Organization has been discovered by security researcher MalwareHunterTeam.  When the Central Security Treatment Organization, or Cry, Ransomware infects a computer it will encrypt a victim’s files and then append the .cry extension to encrypted files. It will then demand approximately 1.1 bitcoins, or $625 USD, in order to get the decryption key.”

Reported – Larry Abrams at Bleepingcomputer

Abrams continued: “For example, like Cerber, this ransomware will send information about the victim to the Command & Control server using UDP. Furthermore, it will also use public sites such as Imgur.com and Pastee.org to host information about each of the victims. Last, but not least, it will query the Google Maps API to determine the victim’s location using nearby wireless SSIDs.”

This strain is clearly created by experienced coders that know what they are doing. Just look at the list of advanced features this Version 1.0 came out with. Looking at the resources spent to create this strain, you can expect a massive wave of attacks to follow soon. These bad guys have the resources and then some:

  • Uses UDP to communicate with the Command & Control Server to evade detection
  • Uses social networks to upload and host information about the victims using fake PNG files
  • Queries Google Maps API to identify victim location using nearby wireless SSID’s
  • Deletes the system Shadow Volume Copies
  • Stays persistent after reboots Uses TOR payment site that requires the victim’s personal ID from ransomnote
  • Has functioning support page to communicate with the criminals
  • Includes a free (drag & drop, imagine that) decryption of one file to prove the files can be decrypted

 

Facebooktwittergoogle_plusredditpinterestlinkedinmail