DOM Customer Portal / Releases / Digi On-Prem Manager v23.9

Digi On-Prem Manager v23.9


Version 23.9 of Digi On-Prem Manager was released 2023-10-06.

The updated version is available in our APT repository.

f06ce6dbbcfe2e18e0589ac3d09be21690843b18dbcccb69e6430fb14949bacf   dom-server_23.9_all.deb

Changes from v23.6 to v23.9

  • Update DAL DX client to 4.10:
    • [DOM-23-002] Fixed Insecure Initialization of TLS Context enabling machine-in-the-middle attacks in some configurations. Installations using the default built-in CA are not vulnerable.
    • Enable logging and rotation of dx messages to /var/log/dx, and optional logging to a remote syslog server via the log_syslog opt parameter (d-dx/84439e8)
    • Fixed incorrect size checks in config uploads that failed if the config file was less than 1kB in size (d-dx/eb68dcd)
    • Fixed bugs when applying new config to a device, causing crashes if previous attempts failed, and errors when returning error messages to the server (d-dx/0d6f9ca)
    • Fixed bugs in schema upload mechanism introduced in v4.7.2 causing the feature to fail (d-dx/69828f15)
    • Changed exit code returned during a dx_update operation from 0 to 1 (d-dx/gff4cc1f)
    • Fix ServerPingError checks by handling them as a part of the normal connection retry flow rather than exiting (d-dx/36c1c17)
  • Bugfixes:
    • shellinabox: Fix hostname issue when generating websocket url (b5527e779)
    • router/edit: Fix missing length check for subscription name (#1772)
    • profile: Fix issue where retried resolve tasks are stuck in a pending state (#1785, g3d60f4848)
    • inbox: Fix issue where name and group settings in the inbox could become inconsistent with the corresponding router entry (#1773)
    • inbox: Fix issue where name changes were not correctly logged (#1768)
    • inbox: Fix issue where inbox entries were not correctly moved up the tree if a group was deleted (#1769)
    • ui: Improve presentation of router hardware information (#1760)
    • cleanup: Remove remnants of obsolete Group Lock feature (#1758)
    • ui: Fix bug in “Bulk CSV” help text (#1766)
    • ui: Fix firmware submenu highlight issues (#1814)
    • ui: Fix issue with links to subsection of group profile status (#1804)
    • ui: Fix API token presentation (#1756)
    • ui: Fix presentation issues with the “Become User” feature (#1385)
    • ui: Truncate long notes on the Router Details page (#1510)
    • ui: Do not show “More” button the Router Details page if there are no more samples (#1231)
    • ui: Fix issues with presentation of buttons (#1485)
    • ui: Inform users who have been downgraded from rw to ro that their rw API token does not have write access (#1784)
    • ui: Fix status messages when deploying an ad-hoc configuration change to a device (2c3a8db1b)
  • Improvements:
    • profile: Validate and merge configuration applications and comparisons against the router provided accns.schema, and other general fixes (07cc0f757)
    • api: Add support for deleting, allowing and rejecting inbox entries (#1747)
    • api: Add group_id filter option to /router endpoint (#1778)
    • dashboard: Improve performance of multi-device operations (3375da055)
    • dashboard: Make MAC address and Router ID searchable (#1391)
    • dashboard: Show a warning and remediation steps if you are using an weak API key (ab79fb710)
    • dashboard: Set warning icons to gray when muted (#927)
    • dashboard: Fix filter issues with modem types (#1416)
    • reports/group: Improve user interface for Scheduled Reports feature (#1739)
    • reports: Avoid decimals in data usage averages (#1664)
    • dx: normalize urls not including port if set to 443 in enroll/bootstrap scripts (7bf8da66e)
  • System:
    • Improve performance when serving static assets (d53a56cbf)
    • Make CSP rules more specific (beec67cf9)
    • Update cacert.pem to 2023-08-22
    • Set friendly process names for services (62d0c18a6)
    • Reject incoming dashboard HTTP request to hosts that are not configured (88a528583)
    • Add “Reset Password” by email feature. This must be enabled by configuring email sending, and setting enabled=1 in the [reset_password] section of the configuration file (#1755)
    • Set up d-profile-checker as timer instead of running process (2ede33690)
    • Add useful commands and current dashboard urls to the system motd message (e7a4b0865)
    • Add dom-check tool so administrators can check common configuration problems and server status
    • Improvements to dom-server.service startup mechanism
    • Rely on host and ip values in the configuration file, rather than auto-detecting them on boot, for determining the correct hostname and ip for the installation bootstrap URLs and similar.
    • Made the dom-auto-ca tool check/generate new certificates when dom-server started or restarted, rather than on reboot.