DOM Customer Portal / Releases / Digi On-Prem Manager v25.04

Digi On-Prem Manager v25.04


Version 25.04 of Digi On-Prem Manager was released 2025-04-23. This is a maintenance release.

The updated version is available in our APT repository.

403b960b2d2ba01cfdef9b5dfe8182e8a4a3f8b9e2e28bf48767932f35dfd76d  dom-server_25.04_all.deb

Changes from v24.12.5 to v25.04

  • Update DX DAL client to v4.38 (4941ac91)
    • DAL 24.12 compatibility: Disable VERIFY_X509_STRICT for compatibility with CA certificates generated by previous versions of DOM Server which are incompatible with Python 3.13 used in DAL 24.12 and later versions.
    • Security: Verify TLS server identity when sending beacon messages during long running operations, and when downloading firmware files. Note that firmware downloads were already content addressed, and verified against SHA256 checksums provided trough a secure channel.
    • Simulate: Fixed bug where the required telemetry date was not send during simulate=1 (dac8adef)
    • Cleanup: Fixed regexp warnings when running on newer Python versions (7ce9f847)
    • Bootstrap: Add file size checks in addition to SHA256 checksum checks to mitigate against infinite data attacks during initial bootstrap.
    • Bootstrap: Force enable true during enrolling in case the configuration slot was previously disabled.
    • Firmware: Add better client side error checking when downloading firmware files from the DOM server.
  • Security:
    • dom-auto-ca: Add authorityKeyIdentifier fields to CA and host certificate, and increase default RSA key size from 2048 to 3072 bits (96677406b)
    • dxserver: Update vulnerable bundled axios and ws dependencies (543c0312)
    • login: Make it easier for password managers to auto-fill TOTP codes. (#2142)
    • sessions: Add additional hardening with _Host- prefix to application session cookies (#2165)
    • sessions: Add optional IP address locking to session, configurable with login.session_ip_lock and make session expiry configurable with login.session_ttl (#2151)
    • template: Add additonal hardening against XSS attacks (#832)
  • Bugfixes:
    • csv/import: Fix bug where a missing display_name column in the csv file caused the name for existing devices to be cleared (#2174)
    • dashboard: Fix bug where dashboard selection was not properly cleared after navigating away from page (#296)
    • livemap: Fix CSS bug preventing livemap from displaying properly (#2170)
    • login: Reduce number of assets loaded on the login page (#2150)
    • reports: Fix styling issues on “Email Setup” page (#2137)
    • router/inbox: Remove non-working sort links (#2131)
    • router/index: Link to approving user changed from the edit to view page (#2133)
    • rtask/bulk: Fix bug where the Root group was listed twice (#2163)
    • rtask: Fix bug where scheduled time could be incorrectly formatted (baa538b6)
    • terminal: Fix bug where the terminal page would crash for devices without telemetry samples (1ba0a879)
    • ui: Fix bug where the date picker used the incorrect time format (#2143)
    • ui: Fix several minor UI bugs troughout (#2148, #2146)
    • ui: Fix bug where breadcrumbs could break outside container if contents were too long (#2135)
  • Improvements:
    • api/status: Add link to user page (#2156)
    • dashboard: Allow searching for disabled devices (#2123)
    • dashboard: Make alias, custom_ref and custom_id fields searchable without using bracket notation (#2172)
    • enroll: Make DAL the default device type on the Enroll page (#2154)
    • rtask/index: Link the user to the user view page (#2136)
    • rtask: Allow scheduling RTasks added with the “Bulk CSV” feature (#2145)
    • rtask: Run a “DX Update” before “Firmware Update” to ensure the latest client is installed before firmware is updated (efc60232)
    • ui: Fixes and improvements to dark and light-mode styles (#2192)
    • users: Allow the root user to reset its password (#2139)
    • users: Allow viewing the root user (#2138)
  • System:
    • build: Fix indeterminism in builds between aarch64 and amd64 (6a0fd4e9)
    • database: Avoid increasing innodb_buffer_pool on startup for servers with less than 2GB of memory as this could cause an OOM situation (ae241337)
    • database: Garbage collect resolved warnings after 90 days (6127b0a2a)
    • database: Reduce transaction chunk size for maintain-config-history from 300 to 30 devices, improving performance for cleanup operations in some circumstances (ec37234fd)