DOM Customer Portal / Releases / Doppler On-Prem: v19.9.10.5

Doppler On-Prem: v19.9.10.5


Version 19.9.10.5 of Doppler On-Prem has been released.

Downloads

The SHA256 checksum for doppler-onprem-v19.9.10.5.p.ova is b1f95ab9d7e6d7892f0f117693874732ffc0ecfaa05b7e7497faed7372fab701. We recommend that you verify the integrity of the installation images.

The fingerprint of our signing key is E0F4 A329 FEEA 90C7 7F07 C694 87ED 1FBF D489 F615.

Changes in 19.9.10.5:

  • (Security) Linux base images for Debian 10 and dependencies have been updated to the latest patch levels as of 2019-08-30.

  • (Security) HTTP/2 has been disabled as a preventative measure due a number of DoS vulnerabilities discovered in implementations of the protocol. (#b647c22d)

  • (Security) A ssh public key included to allow our lead developer to provide support has been removed from the VM image. NOTE: The private key was stored securely on a smart card, and ssh access is not enabled by default. (#43b9b802)

  • Logging parameters in rsyslogd, journald and docker have been changed to prevent logs from filling up the internal volume under certain error conditions. The base disk size has been increased from 20GB to 30GB. (#253)

  • Max connections in nginx has been increased to 8192 to accommodate more websocket connections. (#6e4a116a)

  • The default presentation time_zone has been changed to Eastern Time. (#252)

Changes in 19.9.10:

  • (Security) The appliance and containers have been upgraded to Debian 10 with the latest security patches, AppArmour is enabled, firewalling improved.

  • Test version of MC7354 and MC7455 modem upgrade scripts have been provided in the “Firmware > Modem” menu.

  • DX has been updated to v3.1.19.

    • MSISDN fields are now populated in doppler by dx, if empty in DOM.
    • Better support for collecting LTE-radio variables.
    • Improved GPS position support.
    • Added support for collecting firewall and routing tables.

Upgrading from 19.9: Changes to self-signed MariaDB Certificates.

When updating from 19.9 or earlier, you must regenerate the self-signed SSL certificate on your MariaDB server before connecting. The new TLS libraries requires a hostname instead of an IP-address as the “Common Name” in the certificate.

Step 1: Regenerate your self signed database server certificate with a hostname as the Common Name. In this example, we’ll statically map the hostname dopplerdb to the IP address of the database server.

Run the following commands on your MariaDB server to regenerate the certificate:

$ openssl req -subj '/CN=dopplerdb' -new -newkey rsa:3072 -sha256 -days 7300 -nodes -x509 -keyout /etc/mysql/ssl/server.key -out /etc/mysql/ssl/server.crt
$ systemctl restart mariadb

NOTE: This will overwrite the existing certificates, and prevent older versions of Doppler On-Prem from connecting to the database. It’s a good idea to keep a copy of the previous server.crt and server.key files in case you need to roll back.

Step 2: Configure Doppler On-Prem to use the new cert when connecting to MariaDB:

  • Type db in the CLI and press ENTER - When prompted for the hostname, enter dopplerdb.
  • When prompted for an IP-address, enter the IPv4 address of your database server.
  • After the changes have been applied, run restart-containers, to make Doppler On-Prem reconnect using the new certificates.