DOM Customer Portal / Releases / Digi On-Prem Manager v26.06

Digi On-Prem Manager v26.06


Version 26.06 of Digi On-Prem Manager was released 2026-06-12. This is a major security, and maintenance update.

The updated version is available in our APT repository.

ea459802886b853634002e7492426d159a90767f7ab99bffc3cdff92e0a119d3  dom-server_26.06_amd64.deb

Changes from v26.04.1 to v26.06

  • Update DX DAL client to v6.17
    • Enable config saving for devices that support it (6e2572450)
    • Rebuild with the updated Go 1.26.4 toolchain (56688f5cc)
  • Security:
    • [DOM-26-004] sso: Fix value-specific access mappings and rejected sign-ins recording external identities. (eb3afbcec, 6a0ff77d5)
    • [DOM-26-005] password-reset: Fix account enumeration by returning the same reset response for all accounts and rate-limiting requests. (25352b3ec)
    • [DOM-26-006] enrollment/dashboard: Fix resource-exhaustion paths by serving generated enrollment packages from cache and enforcing page limits on dashboard tables. (56130f4b5, e8c272b13, ea0abb607)
    • [DOM-26-007] router: Fix device revocation so disabling or removing a device ends its live management session immediately. (71ecdbeab, 8e9e95dd9)
    • [DOM-26-008] audit-log: Fix user audit log permissions so users without User Log access cannot request user audit records directly. (2e8767c5a)
    • [DOM-26-009] config: Harden processing of device-reported configuration schemas and fileset manifests. Oversized or malformed device data can no longer exhaust memory or crash configuration processing for other devices, and configuration refused this way no longer triggers recalculation. Over-length device metadata is truncated to fit its storage. (4b7af63f8, 849c04a51, 3bbc9d04c)
    • [DOM-26-010] api/sharing: Require the device inbox permission for API enrollment-inbox actions, and require device edit permission plus the sharing setting for public share-link changes. (cfa761700, 9be96bcf4, e242d757b)
    • [DOM-26-011] dashboard: Escape device-reported, enrollment, audit-log, security-log, command-output, and map-script values before displaying them. (b9c978bd5, 514f76793, cce8aef12, 434e4e52d, 2aa6b97b0, d9e5cba9a)
    • [DOM-26-012] http: Fix CSRF on state-changing requests across alert deletion, group logo deletion, password change, report sending, router enable, remote task creation, trouble-ticket sending, and TOTP enable. (89fe5f984, df84e98ac, 7d93bb65f, 397087aab, d44b3a36e, f7df8ae4e, 3a7980081)
    • api/quick view: Enforce device and group view permissions on API, dashboard, report, and Quick View data paths. (defense-in-depth) (7ebc23bfa, 9be96bcf4, ebc242d61)
    • api: Store API bearer tokens as HMAC hashes. Tokens are shown once when created and converted automatically on upgrade. (bc6926c82)
    • build: Bump the bundled Go toolchain to 1.26.4, picking up upstream security fixes. (56688f5cc)
    • config: Harden permissions on the server configuration file so its secrets are not readable by other local users. (defense-in-depth) (539227090)
    • csv upload: Cap device CSV upload size before parsing. (defense-in-depth) (ba8823f91)
    • database: Keep package-bootstrap database credentials out of process arguments and restrict startup secret files. (defense-in-depth) (6947a412b, 89b613b07)
    • dx: Rate-limit device sample updates per device. Throttled bursts are logged by device. (defense-in-depth) (9bd6a544b)
    • dx: Rate-limit repeated failed device authentication attempts. (defense-in-depth) (6e5260d18)
    • dx: Store DX device secrets as hashes. (70b677205)
    • enrollment: Require device edit permission to open the enrollment page. (defense-in-depth) (842a7feb6)
    • filesets: Bound extracted archive entries before unpacking filesets. (defense-in-depth) (5c51fd36c)
    • filesets: Reject fileset file names that contain path traversal before storing them or sending them to devices. (defense-in-depth) (6a4e0cc84)
    • http: Require CSRF-protected POST requests for theme changes and template default-device updates. (defense-in-depth) (ea72bc542)
    • login: Bound failed-login metadata stored for unknown usernames. (defense-in-depth) (d80846c7d)
    • login: End a user’s other web sessions after a password change or reset, keeping the session that made the change. (defense-in-depth) (5650ed170)
    • login: Make failed-login timing more consistent when the username is unknown. (dcb051a2c)
    • login: Require minimum 12 characters for new passwords. Warn at login when the current password is shorter than the minimum or appears on the blocklist, with a Change Password shortcut. (#2403)
    • mail: Reject line breaks in outbound email header fields. (defense-in-depth) (1bd73d909)
    • mail: Require a recipient-domain allowlist before sending outbound mail and route web-app mail through the dedicated sender. Configure egress_allowlist in [mail], for example example.com *.example.com or *. (defense-in-depth) (22d12deb8)
    • notifications: Escape warning descriptions in digest email. (4f047d4a3)
    • report: Require device edit permission to configure or send scheduled report emails. (defense-in-depth) (be47f194c)
    • rtask: Reject unknown remote-task creation methods. (defense-in-depth) (895e1bb70)
    • rtask: Require command execution permission before copying command or upgrade tasks. (1fbb90ef1)
    • sso: Add timeouts to identity-provider requests, verify OpenID Connect nonces, and return only verified identity claims from the SSO helper. (defense-in-depth) (57125c407, 77c285c5e)
    • sso: Redact OAuth2 tokens from optional SSO debug log output. (6e3564e3b, bd1e10517)
    • sso: Require a per-site auth token for SSO helper service calls. (defense-in-depth) (659f5895b)
    • system: Validate the syslog destination hostname before saving it. (defense-in-depth) (2b099c58d)
    • templates: Encode device custom values in dynamic-template helper resources before embedding them in JavaScript. (529f3279a)
    • templates: Enforce saved-template size limits on compile-preview requests. (defense-in-depth) (a123cda4c)
  • Features:
    • config history: Show revisions and page settings in the side panel. (#2396)
    • custom values: Allow most printable ASCII characters. Backslash remains disallowed, and double quotes are escaped when substituted into templates. (#2400)
    • custom values: Show inherited custom values as quick-add buttons when adding a new custom value. (#2364)
    • dashboard: Redesign filter menu with searchable lists and fixed mobile support. (#2342)
    • help: Add a Help menu to the sidebar with contextual help topics grouped by area. Help popups now include a printable page link, and Dynamic Templates help is split into smaller topic pages. Support moved from About to Help. (#2422)
    • rtask: Add a confirmation step to all Resolve buttons for config and files. Previously these created the task immediately without review. (#2355)
    • templates: Add {{ * }} wildcard tag that uses the key’s current value from the device config. Compilation fails if the value is absent and no default is provided. Defaults follow the existing fallback syntax: {{ * | "fallback" }} or {{ * | bcrypt2b custom.key }}. The wildcard must appear first in the expression. (#2405)
    • templates: Add ob1 transform (alias obf1) for masking values in rendered configs. Used like the existing hash methods, e.g. {{ ob1 secret.api_token }}. Reversible obfuscation, not encryption. (#2423)
  • Improvements:
    • about: Add a setting to hide release notes from web users. Configure hidden = 1 in a [changelog] section. (2631a6c85)
    • api: Record which API key made each request in the API access log. (2748b10c9)
    • config/view: Store each historical revision as a full copy instead of an incremental diff. Legacy rows are upgraded by the nightly maintenance task. (#2419)
    • csv download: Simplify Custom Values export options with a single toggle and choices for local and inherited values. (e22bb417a)
    • dashboard: Improve large-fleet responsiveness, table scrolling, row selection, and map hover feedback. (91cddc819, fad34c0f1, e3e7cc76c, 28f55e940, c1e14e997)
    • dom-check: Warn about locally installed libraries under /usr/local that can shadow dom-server dependencies and cause services to fail to start. (77f5fb33f)
    • dom-check: Warn below 4 GiB of system memory, error below 2 GiB, and report the MariaDB buffer pool size. (31989925f)
    • dx: Keep the device authentication cache warm and make the per-address authentication rate limits configurable, so large fleets behind shared addresses (NAT) reconnect quickly after an outage. (e3837b67b)
    • mariadb: Stop auto-resizing the MariaDB buffer pool at startup. It now uses the MariaDB default plus MariaDB’s own memory-pressure auto-resize. Operators who need a larger pool can set innodb_buffer_pool_size_max in a my.cnf drop-in. (dd3566f94)
    • report: Round data-usage chart axis labels to values such as 512 MB or 1 GB. (c5ebadba3)
    • server: Reduce the default dashboard and internal API worker counts to lower memory use on smaller servers. (31f4efbab)
    • ui: Refresh form, table, navigation, and modal styling across the web interface. (c04ec51ca, 8121bf870, 5cf6b9c16)
  • Bugfixes:
    • api: Fix devices approved through the API being denied reconnection until a cache timeout expired. (8e9e95dd9)
    • audit-log: Fix undefined and NaN shown in change-log rows. (967c90057)
    • build: Fix non-reproducible packages caused by temporary build paths leaking into the bundled-dependency SBOM. (6b003775c)
    • config/edit: Fix editor overflow on narrow windows and keep compare mode active when switching tabs. (746790610)
    • config/view: Fix age labels on per-type config history tabs. (942a3fa2a)
    • config/view: Fix viewing some historical configs failing with an error. (#2412)
    • dashboard: Fix devices at negative or zero coordinates being mislocated on the map. (#2431)
    • dashboard: Fix map crashes when maps are disabled or devices have no location. (3e1101b9e, 5701bd683)
    • dashboard: Fix technology usage breakdowns so newer network types like 5G are grouped correctly in reports. (#2426)
    • dashboard: Prevent “Up” status filter from including devices with active warnings. (#2402)
    • device telemetry: Fix the sample processor restarting and dropping device samples under heavy database load or when devices report out-of-range counters or overlong metadata. (#2438)
    • dx: Stop false DX network-ACL and license errors at startup before internal services are ready. Devices reconnecting in that window are told to retry instead of being rejected as unlicensed. (70d0551e2)
    • enrollment: Fix Advantech enrollment when package rebuilds leave an incomplete cache or stale cached packages. (5d681b3ce, 29b73bdb5)
    • enrollment: Remove a misleading option label from generated enrollment instructions. (#2407)
    • forms: Fix validation flows that could leave the Next button disabled after correcting form input. (b21ef9667)
    • public link: Fix date selector links on public device pages. (bfff49012)
    • public link: Fix link expiry selector not allowing “never expire”. (#2406)
    • report: Fix chart tooltips showing values from the wrong data point. (cbd35de1c)
    • report: Fix data-usage report axis labels showing undefined for values under 1 KB. (8fd80600c)
    • report: Fix devices that report LTE signal but a zero legacy signal value being omitted entirely from the Signal Strength report. (#2344)
    • report: Fix empty signal-strength distribution bars when viewing a single day. (#2344)
    • report: Fix External Temperature report dropping subzero centigrade readings, so cold-climate devices no longer show empty or biased graphs in winter. (#2429)
    • report: Fix multi-day signal report averages including devices without readings as zero values. (#2344)
    • report: Fix Signal Strength report timing out and showing no data on systems with many devices. (#2344)
    • report: Stop discarding single-digit external-temperature and LTE signal readings, so reports and warnings no longer miss them. (#2430)
    • router terminal: Keep the interactive device terminal connected while idle instead of dropping to “Session closed” after about a minute. (214cb3b77)
    • router/inbox: Show failure details when a device delete action fails. (dca3ee8aa)
    • router/index timeline: Fix “No available data” shown when device has reboots or PPP reconnects but no data usage. (#908)
    • router/index timeline: Fix reboot and PPP markers appearing away from the device data-usage chart. (b109d477f, 0503454c1)
    • router/index: Fix date selector navigation on device pages. (a7f2b905b)
    • router/menu: Hide Connect links when a device has no WAN address. (f03549a31)
    • rtask: Fix Resolve on config and file changes returning a 403 for users allowed to apply config changes but not run commands. (#2432)
    • rtask: Fix the Stop button staying active on the task view after a task is skipped. Skipped tasks can no longer be stopped. (#2275)
    • session: Stop showing a false “You have been logged out” banner during a server restart, such as an upgrade, while the session is still valid. (7fc0c9012)
    • sso: Fix sign-in failures when an optional mapped claim is absent. Missing optional claims now fall through to the next access rule or default access. (eb3afbcec)
    • sso: Show the identity provider’s error description on a failed sign-in instead of a blank reason. (ce3e7dc8d)
    • sso: Stop the SSO helper service from restart-looping and filling the journal when SSO is disabled. (9c59fe79e)
    • system/status: Fix the device count for devices that have never connected. (d8260c5ae)
    • system: Restore the System Settings link in cloud deployments. (968ec9c16)
    • template: Fix stale config-changes badge remaining on devices after template deletion when the recalc worker races the delete. (#2417)
    • templates: Fix false Missing '{{' compile error on assignment lines where {{ appears in the value rather than at the start of the line. (#2405)
    • warning list: Fix muted-warning rows failing to render. (7ab1e7475)
  • System:
    • Improve the downloadable CycloneDX SBOM with broader packaged dependency, browser asset, and license coverage. (56b3c0489, 86aac61bc, 2245c509e)
    • Support Ubuntu 26.04 (Resolute Raccoon). (f5ed2182e, 64846252c, cc55b0dfc, 07cb11620, 1aa6d2d27, dbc83b8cf)
  • Removed:
    • map: Remove the legacy Public Map feature and standalone rmap service. (6eb0b8005)
    • router terminal: Remove the device configuration panel from the terminal page. (f735b18a9)