Category: Ubiquiti

Ubiquiti UniFi SDN Controller Software Release Notes: 5.6.30

You can view the official release notes here.

Controller Changes Since 5.6.29

  • Fixed blank page displaying when one double clicked on Insights.
  • Fixed issues with downloading large backups over WebRTC.
  • Improved reliability of UniFi cloud access service.
  • Various backend bugfixes and improvements.

Controller Changes Since 5.6.26

  • Improved support of Elite Device.
  • Fixed issue where USW management VLAN would reset to defaults on controller upgrade.
  • Added model end of life (EOL) pending warning.
  • Made optimziations to drag and drop.
  • Fixed missing action buttons after enabling cloud access.
  • Updated nanoHD name.
  • Made several device management improvements including improving the UX and mitigated some errors.
  • Various backend improvements.

Controller Changes Since 5.6.22

  • Fixed WLAN VLAN range.
  • Fixed lost DPI translations.
  • Added a tooltip to OpenVPN shared key UI.
  • Now allows opening debug terminal and airTime/airView at the same time.
  • Improved UI of Cloud Access Settings page.
  • Fixed cloud access GUI pages for multiple super admins.
  • Fixed Calendar dropdown being cut off on small screens.
  • Fixed displaying Location alias on Neighboring Access Points page.
  • Fixed empty tabs in property panel after adopting device in Managed by Other state.
  • Fixed no DPI data for some time in users tab in traffic stats.
  • Fixed remembering rows per page on Insights pages.
  • Fixed selecting default Echo Server in the USG Advanced Settings.
  • Fixed WiFi icon on OS X High Sierra (Chrome & Firefox).
  • Set RF Scanning stat just after scan is started.
  • Added elite device events to notification settings.
  • Now display Default Expiration Time Field for Hotspot and Facebook WiFi.
  • Disabled HTTPS redirection for Facebook, Facebook WiFi and Google.
  • Fixed missing DPI users (name & icon).
  • Added workaround for Cloud Key firmware upgrade issue (devices on 0.8.1 to 0.8.4).
  • Various backend changes and improvements.

Controller Changes Since 5.6.20

  • Enabled Custom Antenna Gain if user is Professional Installer.
  • Show ‘Version’ column in AP/Switch filtered view by default.
  • Added links to UniFi mobile apps on login page.
  • Foxed applying custom antenna gain for US region.
  • Upgrade button no longer disappears upon naming.
  • Fixed map device RF button not working correctly.
  • Fixed client name not showing correctly in DPI Application Usage widget.
  • Fixed the guest portal and preview.
  • Made security improvements.
  • Updated WebRTC JNI to 1.0.27.
  • Various backend improvements and bugfixes.

Controller Changes Since 5.6.19

  • Official release notes are here.
  • Fixed bytes to bps conversion when value is undefined.
  • Fixed device name and icon missing in DPI Users view.
  • Fixed pending changes icon.
  • Always show the Ports tab for In-Wall APs.
  • Removed port profiles for In-Wall APs.
  • Fixed resetting speed test on site switch.
  • Fixed incorrect dark styles for Firmware Manager.
  • Updated translations.
  • Made security improvements.
  • Made various backend bugfixes and improvements.

Firmware Changes Since 3.9.15/4.4.12

  • HD/SHD/XG
    • Stability and performance improvements.
    • Fixed a memory leak when multicast enhancements were enabled.
  • AC-IW/IW-Pro/EDU/M-Pro
    • Added ability to set port negotiation.*
  • nanoHD
    • Fixed MBSS support.
    • Stability improvements.
    • Added guest control support.
    • Added 802.1X support.
    • Added support for multiple BSSIDs per radio.
    • Fixed issue when using a bracket in the ESSID or PSK.
    • Fixed autochannel selection.
    • Fixed 802.11n negotiation issue.
    • Fixed issue where ethernet would stay down after provisoning/reboot.
  • UAP
    • Improved STA signal reporting.
    • Improved wireless uplink/mesh V3.*
    • Fixed a bug with rate control when using multiple SSIDs.
    • Fixed NAS-IP-Address attribute which did not always return the management IP of the AP.
    • Various bugfixes and improvements.
  • USW
    • Various improvements.
  • USG
    • Added non-offloaded DPI support. This means DPI now functions when hardware offloading is disabled, it can now co-exist with features that disable/bypass it (smart queues, IDS/IPS).
    • GeoIP Fixes – All known problems resolved, added back end for directional control.
    • SNMP persistent directoy has been relocated to RAM disk preventing the “Unhandled kernel unaligned access” crash.
    • Removed core handling script that was causing reboots when large core files were generated.
    • Fixed IGMP proxy failing to start during boot.
    • Fixed potential issue of UPnP failing to start during boot.
    • Changed IPS loading of ipset contents to be more efficient, greatly reducing CPU usage after initial bootup and enabling of service.
    • xl2tpd package upgraded.
    • Other IDS/IPS back end improvements.
    • Fixed ubnt-cfgd zombie process issue.
    • Added SNMPv3 back end.
    • Added lock wait to all iptables operations to avoid errors in cases where multiple operations happen simultaneously.
    • Updated DPI signature.
    • Added IDS/IPS back end.
    • Fixed informs for IPv6 PD size which was causing the PD size to be cleared in the controller.
    • Added support for sending custom events to the controller.
    • Fixed DDNS update public IP checking for NATed WANs.
    • Local UI now pings ping.ubnt.com rather than default gateway for internet connectivity test.
    • Copied ‘hostname’ and ‘mailname’ over during upgrades to ensure consistency with other retained files cross-upgrade (from EdgeRouter, generally no functional impact on USG).
  • USGXG
    • Made Bluetooth backend updates.
    • Improved VLAN hardware offload.
    • Problem with DHCP hardware offload fixed.
    • LCM (display) firmware update now includes splash screen and update process improvements.
  • HW
    • New protocol implementation.
    • Added controller support for netconsole.*
    • Fixed some issues which caused L3 adopted devices to show up as disconnected in the controller.
    • Fixed SNMP sysName.

Firmware Changes Since 3.9.3/3.9.6

  •  UAPG3
    • Made minimum rate fixes.
    • Further improvements to device upgrade and boot times.
    • Fixed a crash in hostapd when Fast Roaming is enabled.
    • Added support for 802.11r and 802.11k.
    • Fixed channel utilization reports.
    • Improved bootup and TFTP recovery times.
  • UAPG2/3
    • Added RADIUS VLAN support to MAC authentication bypass.
    • Fixed a bug which prevented APs from upgrading when bandsteering was enabled.
    • Fixed bug causing 100% utilization of CPU by /bin/hostapd /etc/aaa1.cfg.
  • UAPG1/2
    • Added net-snmp.
    • Added support for 802.11k.
  • AC-IW/IW-Pro/Pro/EDU/M-Pro
    • Fixed VLAN passthrough regression.
    • Added port disable support.*
    • Improved VLAN config to prevent traffic leaks.
    • Fixed RADIUS VLAN when port VLAN is enabled.
    • Added QoS CIR/EIR support.
    • Improved performance.
    • Fixed management VLAN issue which caused decreased multicast perfomance.
  • XG
    • Fixed airView and airTime support.
  • nanoHD
    • Add stainfo support.
  • EDU
    • Fixed issue with volume not applying.
    • Improved baresip config script.
  • UAP
    • Fixed small memory leak.
    • Fixed outdoor flag.
    • Added fast-apply for guest portal.
    • Improved redirector handling for guest portal.
    • Fixed a bug with L3 wireless adoption.
    • Fixed bandsteering.
    • Fixed bug in bridge priority so that the secondary ethernet port remains enabled.
    • Made improvements to DFS.
    • Fixed an issue preventing bandsteering from being enabled.
    • Fixed an issue with the downlink monitor.
    • Added uplink priority for the bridge interfaces.
    • Added KRACK AP mode patches for 802.11r.
    • Made various bugfixes and improvements.
  • USEW
    • Added port ID in STP error message.
    • Lowered STP topology change log level.
    • Made improvements to DHCP gaurding and snooping.
    • Added DHCP snooping debug command.
  • USL2
    • Improved PSU status reporting.
  • USXG
    • Improved LAG config handling.
  • HW
    • Improved security.
    • Updated openssl package to 1.0.2m.
    • Udpated curl to 7.57.0.
    • Added IPv6 management support.*
    • Improved event notification on device upgrade.
  • SEC
    • Fixed CVE-2017-14106.

Ubiquiti UniFi Cloud Key Firmware Release Notes: 0.7.5, 0.8.2, 0.8.7, 0.8.9

Changes From 0.8.7 to 0.8.9

  • Official release notes are here.
  • Bundled UniFi Controller 5.6.29.
  • Fixed an issue where /data/autobackup was not being created properly.
  • Enabled TCP Packetization-Layer Path MTU Discovery when an ICMP black hole is detected.

Changes From 0.8.2 to 0.8.7

  • Official release notes are here.
  • Bundled UniFi Controller 5.6.26.
  • Fixed an issue with the local admin credentials being set during controller setup wizard.
  • Updated ubnt-tools to fix an update issue (only present in 0.81-0.8.4).

Changes From 0.7.5 to 0.8.2

  • Official release notes are here.
  • Bundled UnIFi Controller 5.6.22.
  • Updated Oracle JDK to 8u151.
  • Fixed the Time Zone issue.

Changes From 0.7.4 to 0.7.5

  • Official release notes are here.
  • Fixed CVE-2017-14106.
  • Fixed an issue preventing the fallback IP from functioning as expected.
  • Fixed network issue from local management UI.

What to do When the UniFi Security Gateway Refuses to Upgrade

I love Ubiquiti, even their security gateway. But there is a big even in there. While most UniFi equipment is a breeze to setup, the UniFi Security Gateway (USG, USG-PRO-4) can be a nightmare. One issue that arises is when a USG has an older version of the UniFi firmware and you need to upgrade it. Here are the steps I’ve learned to take when upgrading a UniFi Security Gateway.

  1. Download from Ubiquiti’s site the latest available firmware for the USG.
  2. Rename the file upgrade.tar.
  3. Run an ethernet cable between the LAN port on the USG and your workstation.
  4. Configure a static IP address in the same subnet as the USG – by default USG’s are configured with the IP 192.168.1.1 with a subnet of 255.255.0.0.
  5. Use WinSCP (or your favorite SCP client) to connect to the USG.
  6. Enter your username and password for the USG – by default the username and password are both ubnt.
  7. Upload the upgrade.tar into the home directory for the admin user (this, for me, has always been the default folder that opens when connecting via SSH/SCP).
  8. Exit your session in WinSCP.
  9. Use PuTTY (or your favorite SSH client) to connect to the USG.
  10. Again, enter your username and password.
  11. At the command line type: sudo syswrapper.sh upgrade upgrade.tar
  12. The system will spit out information about the install and then reboot itself.
  13. When the system comes back up (solid white or blue light) you can connect to the USG again to verify that the firmware took.
  14. Use the command info to view the current firmware from the USG command line.

At this juncture you should have a successfully updated USG.

Note: I didn’t come up with this on my own, see the Ubiquiti forum thread, “Can’t upgrade USG to newer firmware.” ilkevinli provides the meat of this solution, I’ve just added window dressing and taken away (what I sometimes find to be) the confusing conversation around the solution.

There is another discussion on this topic, “USG Cloud Controller Adoption – could it be more difficult???” but I recommend against using this thread as the accepted solution isn’t quite correct.

Ubiquiti UniFi Cloud Key Firmware Release Notes: 0.6.10, 0.7.3, 0.7.4

0.7.3 to 0.7.4

See the official release notes.

  • Bundled UniFi Controller 5.5.24.

0.6.10 to 0.7.3

See the official release notes.

  • Bundled UnFi Controller 5.5.20.
  • UCK System
    • Updated bundled Oracle JDK to 8u144.
    • Made a security improvement.

0.6.9 to 0.6.10

See the official release notes.

  • Bundled UniFi Controller 5.4.19.
  • UCK WebUI:
    • Fixed username that wouldn’t save when first character was uppercase.
    • Fixed UniFi running status wasn’t correct (in some cases).

Ubiquiti UniFi SDN Controller Software Release Notes: 5.5.19, 5.5.20, 5.5.24

5.5.19

See the official release notes.

  • Added AP tagging
  • Added support for FreeRADIUS on USG. Configured under Settings–>Services–>RADIUS.
  • Enabled LAN2 support for USG3.
  • Added L2TP over IPsec option for remote user VPN config.
  • Added admin overview (found in site overview area).
  • Added Hotspot Analytics.
  • Added WLAN – broadcast/multicast blocking.
  • Fixed Enable VPN client in VPN Network Settings.
  • Adjusted unifi.init so it detects Oracle JDK 8 installed via PPA.
  • Fixed changing rules order in firewall.
  • Raised the WLAN group load balance limit to 200.
  • Fixed a bug causing duplicate downlinks to show in the controller UI.
  • Fixed group AP editing issue.
  • Added device configuration warning bar with real time input updates.
  • Made Dashboard widgets configurable.
  • Renamed vpn client to vpn type.
  • Set next hop for static route as default.
  • Removed voip option from available network purposes.
    • Old networks configured with the VoIP type are removed upon upgrade (has been unusable since 4.x controller).
  • Removed deprecated VoIP configuration from USG.
  • Fixed initial value of data retention days.
  • Added special icons for UCK client.
  • Made performance improvements to Dashboard.
  • Added beta warning for languages other than English.
  • Added Turkish translations.
  • Added Danish, Norwegian and Turkish to the languages supported by Hotspot Portal.
  • Added buytton for toggling clients visibility on Topology view.
  • Fixed issue with unused cache not clearing as expected (causing controller to die because of a memory leak).
  • Added color to RF scan results.
  • Added missing SFP module info tooltips for UniFi switch.
  • Set max SSID length to 32 characters.
  • Made various topology view improvements.
  • Addded ability to mark rogue APs as known.
  • Added support for Catalan, Norwegian (Bokmal), and Slovak languages on HotSpot.
  • Added validation for USG/USW SNMP community string.
  • Fixed tooltip positioning.
  • Made Edit Account frame bigger to ensure enough room for labels in all languages.
  • Now allow one to edit firewall settings when no USG is adopted.
  • Animated map menu.
  • Removed RADIUS VLAN from wireless networks.
  • Extended RADIUS server validation to not allow disabling it if there is a device that uses Default profile.
  • Highlighted Topology paths.
  • Fixed Statistics Overview initializer.
  • Added ability to batch restart APs.
  • Made improvements to Topology.
  • Improved Topology detection.
  • Switch Statistics now show device connected to a port.
  • Map Marker Button icons positioning has been tweaked.
  • Improved Notify Device Requirement performance.
  • Improved SVG map zooming.
  • Fixed pending change tag color.
  • Removed BETA badge from RADIUS assigned VLAN for Wireless Network.
  • Allowed AP properties WLAN table to wrap.
  • Greyed out device entries when WLAN group is off.
  • Fixed speed test ping translation.
  • Added save & close button to Preferences.
  • Limited firewall group name to 31 characters.
  • Removed config.properties USG ICMP items.
  • Now shows AP channel utilization in Properties and Devices list page.
  • Added granularity to Statistics (5m/1h/1d).
  • Configured Data Retention for each granularity of Statistics in Settings/Maintenance.
  • Redesigned inputs for date picking.
  • Increased precision of Throughput chart on Dashboard page.
  • Added Force Provision button to Properties/Manage Device.
  • Added PMF controller to WLAN group settings.
  • Added first seen column to Known Clients list page.
  • Added free-trial authorization column to Guests list in HostSpot Manager.
  • Now show Gateway column in Payments and Social Views in HostSpot Manager.
  • Fixed USG/USG-P4 port labels.
  • Fixed displaying Hotspot Analytics page when Guest Portal is disabled.
  • Fixed client status ordering.
  • Now show terminal for UAP-AC-IW.
  • Changed Revoke RADIUS user to Delete with new icon.
  • Added – as placeholder.
  • Renamed Name server placed to DNS server.
  • Fixed content of tooltips on Dashboard page.
  • Prohibited deselecting current device in Performance view.
  • Added icon to switch port list.
  • Improved Insights –> Switch Stats.
  • Changed Revoke buton to Delete button on Admins list.
  • Fixed issue with sending large files over WebRTC (e.g. backups).
  • Prohibited 0.0.0.0 as an address-group member since it isn’t a valid entry in the firmware.
  • Improved some backend validations.
  • Added batch editing of clients.
  • Channel names are now displayed in a new and consistent way – e.g. 3 (1,+1) HT40,151 (149,+1) VHT40
  • Allowed disabling of site-to-site VPN.
  • Enabled finding device on map when in read only mode.
  • Display only historical rx/tx bytes on Known Clients page.
  • Changed guest authorization status to display expiration date when expired.
  • Angular templates are now used by default in Guest Authorization Settings.
  • Removed “new” badge from Angular templates and removed “beta” badge from template overrides and languages.
  • Fixed expiration dropdown on Guest Control settings page.
  • Fixed success messages on saving configuration.
  • Fixed various Auto Backup setting issues.
  • Fixed latency color in legend of Throughput graph.
  • Made small UI improvements.
  • Removed VoIP interface from controller.
  • Enabled by default MSS clamping on VTI.
  • Added Hotspot Manager link to site switcher.
  • Relocated Hotspot 2.0 to Services section.
  • Added option to report WebRTC connection errors to cloud.
  • Used lower scale Throughput graph to increase rendering performance on Safari/iOS.
  • Enabled tunneled reply by default.
  • Improved vouchers quota.
  • Updated translations.
  • Improved date picker.
  • Allowed displaying WLAN schedule in 24 hour format when “Using 24-hour time” preference is on.
  • Added Adapt no data / no security gateway messages on Dashboard page.
  • Fixed device menu when toggling small/normal markers on Map page.
  • Fixed icons on clients’ graph on Dashboard page.
  • Fixed speed test column chart.
  • Fixed USG badge and tooltip on DPI Settings page.
  • Fixed typo in validation hints for IP.
  • Improved locate button behavior.
  • Updated OUI table.
  • Now shows L2TP remote user VPN on dashboard and remote user VPN insights.
  • Fixed issue where the local DNS record for unifi may not provision when using USG.
  • Fixed an issue with current day stats being improperly calculated.
  • Fixed an issue with fixed IP handling.
  • Fixed auto backup data retention days.
  • Hide UGW port remap if UGW4 exists.
  • Now use RADIUS assigned VLAN only for WPA-EAP.
  • Link to Hotspot Manager only displayed in Site Switcher if Guest Portal is enabled.
  • Fixed 404 error when switching sites while editing.
  • Fixed email validation.
  • Now use monthly value as default occurrence in Auto Backup settings.
  • Fixed number of devices in filter buttons on Known Clients page.
  • Restored open panel functionality from device marker on map.
  • Enabled reset button after hotspot package removal.
  • Improved Cloud Connection error tooltip.
  • Improved header icons.
  • Improved placeholders and regular expressions.
  • Added FQDN or local validation to domain name.
  • Fixed port forward validations.
  • Fixed domain name validation.
  • Fixed issue with controller causing too many directs.
  • Added validation for RADIUS profile VLAN mode.
  • Fixed issue with community string changing to public, regardless of configured value.
  • Added pagination in Settings / Network list.
  • Disallowed SVG upload for guest portal images.
  • Fixed displaying sections on Guest Control settings page.
  • Fixed clickable area of alerts full screen button.
  • Fixed site settings save error.
  • Fixed refreshing networks in switch property panel on network add/remove.
  • Made security improvements.
  • Signed Windows installer package.
  • Removed restricted U-NII-2C channels when Canada country code is set.
  • Moved the AP channel utilization graph into the header.
  • Added memory and load average to device list columns.
  • Show only adopted APs in Recent Activities in Statistics.
  • Rename all-time top client.
  • Updated validation hint for maximum number of stations in wireless network group.
  • Now shows DB migration progress.
  • Greyed out disabled WLAN rows in Property Panel.
  • Improved chart animations.
  • Added autofocus on 2FA token field.
  • Now allows one to cancel migration of device.
  • Fixed Not Authorized/Bad Request on first launch after accepting SDN Invitation.
  • Fixed WAN load balance config so that it actually provisions to USG.
  • DB migration improvements.
  • Fixed firewall rule validation.
  • Improved LAN address identification on USG.
  • Updated firewall rule button styles.
  • Used bps instead of bytes per second.
  • Fixed problem with enabling Cloud Access.
  • Now handling ESC on cloud access modal.
  • Restricted 5 minutes data retention.
  • Switch port usage graph now prevents displaying connected both Device and Client.
  • Updated bundled snappy-java to 1.1.2.6.
  • Updated bundled JRE to 8u131 b11 for Mac controller.
  • Improved WebRTC debugging.
  • Fixed an issue when granting admin privilegs on a site.
  • Generates a SHA512 password if device firmware is capable of it.
  • Removed TLSv1 from default SSL protocols for Java 7/8.
  • Fixed services link not visible on mobiles.
  • Fixed removing items on WebRTC connection.
  • Now allows antenna gain of 0.
  • Supports UAP-AC-IW-Pro.
  • Supports USW L2 PoE.
  • Increased broadcast and multicast MAC limit to 256 per site.
  • Updated WebRTC JNI to 1.0.17.
  • Updated bundled Tomcat package to 7.0.78.
  • Fixed clearing statistics.
  • Added HSTS support (disabled by default).
    • Can be controlled only by system.properties.
  • Fixed uplink status when using bonding on AC-HD.
  • Fixed an issue with the remote IP in WebRTC logging, previously was always 127.0.01.
  • Made various backend improvements.
  • Allowed RADIUS Profile secret to accept any string.
  • Hid RADIUS Profile secret for read-only admins.
  • Improved VPN health status.
  • Fixed wired uplink stats on AC-HD when using bonding.
  • Fixed an issue when trying to register controller with UniFi cloud tie in (unifi.ubnt.com).
  • Fixed a DB migration issue which caused stats not to be visible in the UI post upgrade when upgrading from <=5.4.x.

Controller Bugfixes/Changes Ported from 5.4.x

  • Improved dynamic Dashboard.
  • Improved loading DPI statistics.
  • Improved Topology view.
  • Improved Image Map performance.
  • Updated translations.
  • Added Catalan translations.
  • Fixed saving Settings –> Controller.
  • Added user group override notice, client list user group column.
  • Fixed panel expand/collapse icon aliasing.
  • Added LAG support to AP –> Network Configuration (AC-HD only).
  • Added limited amount of LAN DHCP leases notice.
  • Added minRSSI noise floor notice.
  • Added expand/collapse icon to device list actions column.
  • Disallowed SVG image type in Maps.
  • Added progress bar for backup upload.
  • Fixed import/export function.
    • The configuration tab will not be visible after import.
  • Fixed available manual negotiation options for 10GBASE-T ports.
  • Added Migrate Site (Export Site) Wizard.
  • Fixed slow DB backup.
  • Fixed RADIUS profile migration issue.
  • Improved email templates.

Firmware Changes from 3.8.2/4.3.41

  • UAPG3
    • Enabled DFS on UAP-AC-SHD.
  • UAPG2
    • Fixed an STA connectivity issue that occurred when a second generation AP is the wireless downlink to a wired third generation AP.
    • Fixed an issue causing less than expected throughput in recent releases.
  • UAP
    • Fixed a bug in uplink-monitor.
  • USW
    • Added 802.1X MAC auth bypass support.*
  • USL2
    • Added PSU fail detection support.*
  • USG
    • Updated numerous subsystems to the latest EdgeRouter 1.9.7.
      • Includes a number of bug fixes mades to EdgeRouter in past 2-3 years, though these are largely not applicable to USG use case.
      • IPv6 fixes were most relevant to USG users.
    • Subsystems updated include UPnP, PPTP client, DHCP server, Quagga, PPPoE and PPP Handling, DHCP Client, conntrack, configuration subsystem, operational commands subsystem, IPv6 router advertisement service, keepalived, NAT configuration and handling, OpenVPN configuration subsystem.
    • Increased maximum NDP and ARP cache table sizes, added back end controls for ARP and NDP timeouts.
    • Made improvements to Guest control.
      • Added locking to improve reliability.
      • Reworked some of the back end functions to improve performance.
    • Fixed memory leak in VPN status reporting eventually leading to disconnects of USG from controller.
    • DPI Improvements
      • Back end additions for DPI blocking.
      • Stats clearing fix.
      • Signature update improvements.
    • RADIUS server permissions fixed for log files and accounting data.
  • HW
    • Fixed the issue printing SSH login when the interface IP changed.

From 5.5.19 to 5.5.20

Official release notes.

Controller Bugfixes/Changes

  • Fixed port mirroring range.
  • Fixed app with Chinese translations.
  • Added Google to social transactions.
  • No longer display number of clients for site-to-site VPN.
  • Limited MAC ACL list to 512 per WLAN group.
  • Added VAP BSSID filter to devices page.
  • Fixed the issue causing storm control settings to be provisioned even when disabled.
  • Updated bundled Tomcat to 7.0.79.
  • Now always deploys WAN_OUT firewall rules and removed the config.properties control.
  • Improved 802.1X provisioning on USW, so that switch does not get blocked.
  • Fixed site-to-site connection status on VPN health widget.
  • Improved the broadcast/multicast filter.
  • Made various security improvements.

From 5.5.20 to 5.5.24

See the official release notes.

Controller Bugfixes/Changes

  • Fixed wrong data in VLAN column in WLAN list.
  • Reverted “change auto VPN VTI subnet mask to /30” as it needs to be reworked.
  • Changed auto VPN VTI subnet mask to /30.
  • WLANs table now displays in Property Panel for In-Wall.
  • Fixed an issue preventing switch ports from coming up after being disabled.
  • Fixed a bug with IW causing the port to be disabled when the VLAN is off.
  • Fixed a backend bug with guest access.
  • Made improvements to MAC address input validation.
  • Fixed a provisioning issue which would clear USG WAN settings.
  • Improved Ethernet bonding support on UAPs (on supported devices).
  • Improved topology view when using wireless uplinks.
  • Now allows setting device credentials during setup and new site wizards.
  • Made various backend fixes and improvements, also security improvements.

Firmware Changes from 3.8.3/3.8.6/4.3.49

  • UAPG3
    • Major code base upgrade (codename Toronto).
    • airTime and airView support (SHD exclusive).*
    • Switched to net-snmp in preparation for SNMPv2 support (eventually v3 too).**
  • ACG1
    • Fixed WEP on first generation AC models.
  • EDU
    • Various fixes and improvements for the baresip client.
  • ACIW
    • Fixed management VLAN support.
  • UAP
    • Made various Mesh v3 improvements.
    • Prepared management VLAN support for other UAP devices.*
    • Added support for multiple WLAN schedule blocks per day.*
    • Improved reliability of receiving Framed-IP-Address attribute.
    • Added 802.11r support (excluding UAP-AC v1/v2 and UAP-AC-Outdoor).*
    • Disabled multicast enhancements by default.
    • Improved RF scanning.
    • Fixed a RADIUS related bug with fast-apply.
    • Added management VLAN support for wireless uplink.*
    • Added options for RF scan (active/passive, background/foreground).*
    • Added support for best channel suggestion after running RF scan.*
    • Added support for fast-apply WLAN config, for existing WLANs only.
    • Allowed 80MHz for Russian country code.
    • Removed iperf package, as it does not provide proper results when using an AP as an endpoint.
    • Various security and backend fixes and/or improvements.
  • USL2
    • Added support for switch power monitor and PSU info.*
  • USW
    • Fixed DoS issue reported via HackerOne.
    • Added per port Class of Service (CoS) queuing and max traffic class support.*
    • Delayed port LED blinking until system, ready.
    • Added backend for 802.1X MAC authentication bypass support.*
    • Added support for port egress rate limiting.*
    • Implemented route metric changing on load-balance status change.
      • This fixes WAN failover issues with L3 adopted USGs, and improves multi-WAN failover functionality in general.
      • Fixed multi-WAN regressions in 4.3.46-4.3.49 picked up from EdgeRouter 1.9.7.
      • Implemented new local web UI on USG.
        • Fixes a variety of long-standing bugs with the old UI.
        • Adds ability to configure LAN IP and DHCP server.
      • Updated ISC dhcp version.
        • Probably fixes some edge case problems with multiple DHCP WANs and recovery after ethernet link loss.
      • Added backend for custom host-uniq for PPPoE.
      • Fixes for some uses of multiple routing tables.
        • Nothing controller provisioned does anything impacted by this, but a small number use config.gateway.json VPN configurations which are impacted.

Ubiquiti UniFi SDN Controller Software Release Notes: 5.6.19

This is the first stable release of the 5.6 branch. You can view the official release notes.

Controller Changes Since 5.6.18

  • airTime and airView now open in new windows.
  • Replaced antenna gain field with dropdown for select antenna.
  • Now displays cell size in config if firmware of AP supports it.
  • Fixed disappearing devices when user was inactive.
  • Fixed disappearing batch edit devices.
  • Fixed currently selected element in airTime when filters change.
  • Improved error handling for airTime.
  • Filtered out Manage by Other devices in Performance Statistics.
  • Fixed hiding Cancel Migration section in Property Panel for switches.
  • Fixed missing uplink section in Known Clients.
  • Fixed width of some password fields.
  • Fixed DPI graphs.
  • Now when all accordions are hidden in Property Panel the Tools tab is also hidden.
  • Improved UI responsiveness.
  • Small UI fixes and improvements.
  • Updated bundled Tomcat to 7.0.82.
  • Updated translations.
  • Various backend improvements.

Firmware Changes Since 3.9.2/4.3.60

  • ACIWPro
    • Enabled DFS support.
  • UAP
    • Added more security details to scan info.
    • Applied security patch for WPA2 vulnerability called KRACK.
    • Various backend fixes and/or improvements.
  • USXG
    • Fixed fastpath tools.
  • USG
    • Updated NTP, net-snmp, IGMP proxy, conntrack-tools, webproxy packages to same as latest EdgeRouter release.
    • Corrected auto S2S VPN status reporting.
    • Fixed L2TP problem that could result in pppd exiting after a client connects.
    • Fixed WLAN DPI blocking and related log spam.
    • PPPoE usernames now properly supports usernames longer than 4000 characters and/or containing ‘/’.
    • Updated dnsmasq to 2.7.8.
  • HW
    • Improved error codes returned on firmware upgrade fail.

Ubiquiti UniFi Firmware Release Notes: 3.8.6.6650, 3.8.12.6776, 3.8.14.6780, 3.9.1.7462, 3.9.3.7537

From 3.8.3 to 3.8.6.6650

Check out the official release notes.

  • UAPG3
    • Fixed MAC ACL and blocking support.
  • AC-IW/Pro/EDU/M-Pro
    • Fixed a bug with egress QoS.
    • Improved address resolution logic (ARL) caching support.
    • Added STP state and uptime.
    • Fixed topology view.
  • UAP
    • Added backend for 802.1X MAC authentication bypass support.*
    • Added Framed-IP-Address to RADIUS accounting data.
    • Added NAS-IP-Address to RADIUS accounting data.
    • Various backend fixes.
  • USL2
    • Added support for switch power monitor and PSU info.*
  • USW
    • Fixed DoS issue reported via HackerOne.
    • Added per port Class of Service (CoS) queuing and max traffic class support.*
    • Delayed port LED blinking until system is ready.
    • Added backend for 802.1X MAC authentication bypass support.*
    • Added support for port egress rate limiting.*
  • HW
    • Fixed issue with curl config, FTP firmware upgrade now working.
    • Backend optimization to save space.

From 3.8.11 to 3.8.12.6776

See the official release notes.

  • ACG1
    • Added multi-block WLAN schedule support.*
  • UAP
    • Added management VLAN support for wireless uplink.*
    • Added options for RF scan (active/passive, background/foreground.*
    • Added support for best channel suggestion after running RF scan.*
    • Added support for fast-apply WLAN config, for existing WLANs only.
    • Allowed 80MHz for Russian country code.
    • Removed iperf package, as it does not provide proper results when using an AP as an endpoint.
  • USW
    • Added missing IPv4 multicast trap policy.
  • HW
    • Limited SSH username to 32 characters in length.

From 3.8.12 to 3.8.14.6780

See the official release notes.

  • UAP
    • Fixed a RADIUS related bug with fast-apply.
    • Made a backend improvement.

From 3.8.14 to 3.9.1.7462

See official release notes.

  • UAPG3
    • Added airView and airTime support for SHD.
    • Added initial WIPS backend support for SHD.*
    • Various HW accelerator fixes and improvements.
    • Fixed issue with RF scan where it would often show 0% utilization.
    • Fixed problem with uplink staying in a disconnected state.
    • Reduced time required to provision.
    • Uplink / meshv3 improvements.
    • General fixes and improvements in logging, wifi, and performance.
    • Added LLDP support, which improves PD negotiations on third party switches.
    • Enabled SHA512 support.
  • UAP
    • Implemented backend for SNMPv3 support.*
    • Fixed a RADIUS related bug with fast-apply.
    • Numerous backend fixes and/or improvements.
  • USL2
    • Fixed PSU status detection.
  • USW
    • Fixed a bug preventing DHCPv6 from functioning in some cases.
    • Fixed an issue with removing VLAN tags.
    • Fixed an issue causing high CPU usage with certain SFP modules.
    • Fixed 802.1X VLAN setting on LAG groups.
    • Various backend fixes and/or improvements.
  • HW
    • Merged with codename Toronto branch.
    • Added ‘do-upgrade’ alias for local firmware upgrades.

From 3.9.2 to 3.9.3.7537

Official release notes.

  • ACIWPro
    • Enabled DFS support.
  • UAP
    • Added more security details to scan info.
    • Applied security patch for WPA2 vulnerability (KRACK). [This primarily affects devices that support STA mode, 1st gen AC devices do not.]
    • Various backend fixes and/or improvements.
  • USXG
    • Fixed fastpath tools.
  • HW
    • Improved error codes return on firmware upgrade tool.

Ubiquiti UniFi Firmware Release Notes: 3.8.3.6587

Here is my second attempt at creating a useful summary of release notes from Ubiquiti’s official release notes.

Some Helpful Notes

  1. The abbreviation UAPG1, UAPG2, UAPG3 standard for UniFi Access Point Generation 1, 2, 3 respectively Generation 3 includes UAP-AC-HD while Generation 2 includes UAP-AC-M and UAP-AC-M-Pro, I am unclear on where other devices fit generation wise.. See here.

Changes from 3.7.58 to 3.8.3.6587

  • UAPG3
  • UAPG3 and UAPG2
    • Improve ntpclient reliability. (My certainty that the linked to ntpclient is the one actually in use is low, there are other options available by the same name)
    • Allow Very High Throughput (VHT) VHT80 for Ukraine.
  • UAPG2
    • Fixed issue causing less than expected throughput in recent releases.
    • Wireless Uplink v3.* (Anyone know the differences between v1, v2, v3 and if any docs are available?)
  • UAPG1
    • Enable wireless uplink v3 for models which support wireless uplink.*
  • EDU
  • AC-IW/Pro/EDU/M-Pro
    • Basic switch QoS support.*
    • Add address resolution logic (ARL) caching support. (Is this equivalent to Address Resolution Protocol (ARP))?
  • UAP (aka User Access Point)
  • USW (aka Ubiquiti Switch)
  • USL2 (unsure what this denotes?)
    • Added support for US-L2-POE switches.*
    • Added Power Supply Unit (PSU) fail detection support.*
  • HW
    • Support SHA512 password for SSH password in system.cfg (except 1st gen APs).*
    • Pass HTTPS capabilities for fwupgrade process.
    • Various improvements.
    • Fix the issue preventing SSH login when the interface IP changed.

Ubiquiti UniFi SDN Controller Software Release Notes: 5.5.19

Why?

  • Ubiquiti does versioning differently (I’m not saying wrong). While this is 5.5.19, most folks won’t be going from 5.5.18 to 5.5.19 and seeing only minor changes. Rather most of us are moving from 5.4.x (or earlier) to 5.5.19.
  • Ubiquiti is great in many ways, but their documentation (including release notes) are, imho, disappointing. I hope this will provide them with some ideas for how they could improve their release notes.
  • I have a hard time processing the seemingly random jumble of enhancements and fixes as found in Ubiquiti’s release notes, so this is partially to help myself understand the entirety of what is changing.
  • I hope that it will be helpful to others who use Ubiquiti and might be facing similar frustrations.

Help!

So, this really isn’t done. I’ll keep working on it, but I wanted to release something before it became too ancient and useless altogether. I’m hoping that folks will help flesh out some of the items I haven’t had a chance to flesh out in the comments and reduce the workload…really, sorting through all these release notes is quite the undertaking.

Warning

At some point these release notes may be good enough to rely upon instead of Ubiquiti’s official release notes. That time is not now. This was my first attempt, I learned a lot of lessons I’ll implement with my next set of release notes, but this is practical for me, and I don’t have unlimited oodles of time to sit around rewriting release notes. 🙂

Maybe there won’t ever need to be another set of release notes I provide. Maybe Ubiquiti will take the torch right out of my hands. Please, Ubiquit, do. 🙂

RADIUS

  • USG: Added support for FreeRADIUS (Settings –> Services –> Radius).
  • Removed RADIUS VLAN from wireless networks.
  • Allow RADIUS Profile secret to accept any string.
  • Hide RADIUS Profile secret for read-only admins.
  • Fixed RADIUS profile migration issue.
  • Added validation for RADIUS profile VLAN mode.
  • Removed BETA badge from RADIUS assigned VLAN for Wireless Network.
  • Extended RADIUS server validation so it does not allow disabling if there is a device that uses the Default Profile.
  • Used RADIUS assigned VLAN only for WPA-EAP.
  • Changed Revoke RADIUS user to Delete with new icon.

Hotspot/Guest Portal

  • Added Hotspot Analytics.
  • Relocated Hotspot 2.0 to Services section.
  • Fixed display HotSpot Analytics page when Guest Portal is disabled.
  • Added free-trial authorization column to Guests list in HotSpot Manager.
  • Added Gateway column in Payments and Social Views in HotSpot Manager.
  • Added HotSpot Manager link to site switched.
  • Disallowed SVG upload for guest portal images.
  • Changed guest authorization status to display expiration date when expired.
  • Now use Angular templates by default in Guest Authorization Settings.
  • Removed “new” badge from Angular templates and removed “beta” badge from template overrides and languages.
  • Fixed expiration dropdown on Guest Control settings page.
  • Display link to Hotspot Manager in Site Switcher only if Guest Portal is enabled.
  • Improved vouchers quota.

Statistics

  • Added Device Performance (CPU/Memory) on Statistics Page.
  • Added granularity to statistics (5m/1h/1d).
  • Fixed Statistics Overview initializer.
  • Switch Statistics now show when a device is connected to a port.
  • Now show only adopted APs in Recent Activities in Statistics.

Dashboard

  • Made Dashboard widgets configurable.
  • Made performance improvements to the Dashboard.
  • VPN status now displayed on dashboard.
  • Fixed content of tooltips on Dashboard page.
  • Increased precision of throughput chart on Dashboard page.
  • Adapt no data / no security gateway messages on Dashboard page.

VPN

  • Added L2TP over IPsec option for remote user VPN config.
  • Fixed Enabled VPN Client (VPN Network Settings).
  • Renamed vpn client to vpn type.
  • Enabled disabling of site-to-site VPN.
  • Show L2TP remote user VPN on dashboard and remote user VPN insights.
  • Improved VPN health status.

Firewall

  • Fixed changing rules order in firewall.
  • Enabled editing firewall settings when no USG is adopted.
  • Limited group name to 31 characters for firewalls.

WLAN

  • Raised the WLAN group load balance limit to 200.
  • Added WLAN broadcast/multicast blocking.
  • Added WLAN MAC ACL.
  • Added PMF controller to WLAN group settings.
  • Allow displaying WLAN schedule in 24 hour format when “Use 24-hour time” preference is on.

Insights

  • Improved Insights –> Switch stats.

APs

  • Added ability to batch restart APs.
  • Fixed group AP editing issue.
  • Added ability to mark rogue APs as known.
  • Added Access Point (AP) tagging.

DNS/DHCP

  • Added DHCP Default Domain Support.
  • Added FQDN or local validation to domain name.
  • Renamed Name Server placeholder to DNS Server.

Installs/Backups/Upgrades

  • Fixed various Auto Backup setting issues.
  • Adjusted unifi.init so it detects Oracle JDK 8 installed via PPA.
  • DB migration improvements.
  • Added progress bar for backup upload.
  • Added Migrate Site (Export Site) Wizard.

Clients

  • Rename all-time top client.
  • Allow batch editing of clients.
  • Added first seen column to Known Clients List page.

Migration/Cloud

  • Fixed a DB migration issue which caused stats to not be visible in the UI post upgrade when upgrading from <=5.4.x.
  • Showed DB migration progress.

Additional HW Support

Bundled Software

VoIP

  • USG: Removed deprecated VoIP configuration.
  • Removed VoIP option from available network purposes. (Old networks configured with VoIP are removed upon upgrade).
  • Removed VoIP Interface from Controller.

Minor Visuals

  • Updated color used for upload/download values.
  • Added special icons for UCK (aka UniFi Cloud Key) client.
  • Added color to RF scan results.
  • Added missing SFP module info tooltips for UniFi Switch.
  • Made various topology view improvements.
  • Display channel names in a new, consistent way.
  • Fixed tooltip position.
  • Animated map menu.
  • Highlighted Topology paths.
  • SVG Map zooming improved.
  • Fixed pending change tag color.
  • Allowed AP properties WLAN table to wrap.
  • Added button for toggling clients visibility on Topology View.
  • Added device configuration warning bar with real time input updates.
  • Made topology improvements.
  • Map Marker Button icon position has been tweaked.
  • Added save and close buttons to preferences.
  • Small UI improvements.
  • Updated firewall rule button styles.
  • Showed AP channel utilization in Properties and Devices list page.
  • Use bps instead of bytes per second.
  • Greyed out disabled WLAN rows in Property Panel.
  • Improved chart animations.
  • Added – as placeholder.
  • Prohibited deselecting current device in Performance view.
  • Added icon to switch port list.
  • Added admin overview (in site overview area).
  • Improve locate button behavior.
  • Improved date picker.
  • Improved Cloud Connection error tooltip.
  • Improved header icons.
  • Move the AP channel utilization graph into the header.
  • Handling ESC on cloud access modal.
  • Added expand/collapse icon to device list actions column.
  • Disallowed SVG image type in Maps.
  • Improved dynamic Dashboard.
  • Improved loading DPI statistics.
  • Improved Topology view.
  • Improved Image Map performance.

Misc Changes

  • Improved topology detection.
  • USG3: Enabled LAN2 support.
  • Minimum Rate Control now v2.
  • Added validation for USG/USW SNMP community string.
  • Set next hop for static route as default.
  • Set maximum SSDI length to 32 characters.
  • Improved Notify Device Requirement performance.
  • Removed config.properties USG ICMP items.
  • Ability to configure data retention for each granularity of statistics in settings/maintenance.
  • Added Force Provision button to Properties/Manage Device.
  • Show terminal for UAP-AC-IW.
  • Prohibited 0.0.0.0 as an address-group member (isn’t a valid entry in the firmware).
  • Improved some backend validations.
  • Enabled finding device on map in read only mode.
  • Display only historical rx/tx bytes on Known Clients page.
  • Enabled by default MSS clamping on VTI.
  • Added option to report WebRTC connection errors to the cloud.
  • Use lower scale Throughput graph to increase rendering performance on Safari/iOS.
  • Enabled tunneled reply by default.
  • Update OUI table.
  • Hid UGW port remap if UGW4 exists.
  • Use monthly value as default occurrence in Auto Backup settings.
  • Restore open panel functionality from device marker on map.
  • Enable reset button after hotspot package removal.
  • Improved placeholders and regular expressions.
  • Added pagination in Settings / Network List.
  • Security improvements.
  • Signed Windows installer package.
  • Removed restricted U-NII-2C channels when Canada country code is set.
  • Added memory and load average to device list columns.
  • Updated validation hint for maximum number of stations in wireless network group.
  • Allow cancel migration of device.
  • Improved LAN address identification on USG.
  • Restrict 5 minutes data retention.
  • Switch port usage graph: prevent displaying connected both Device and Client.
  • Improved WebRTC debugging.
  • Generated a SHA512 password if device firmware is capable of it.
  • Removed TLSv1 from default SSL protocols for Java 7/8.
  • Allowed antenna gain of 0.
  • Increased broadcast and multicast MAC limit to 256 per site.
  • Added HSTS support (disabled by default). Can be controlled via system.properties only.
  • Made various backend improvements.
  • Added user group override notice, client list user group column.
  • Added LAG support to AP > Network Configuration (AC-HD only)
  • Added limited amount of LAN DHCP leases notice.
  • Added minRSSI noise floor notice.
  • Improved email templates.

Bugs

  • Fixed a bug causing duplicate downlinks to show in controller UI.
  • Fixed issue with unused cache not clear as expected (causing controller to die because of memory leak).
  • Redesigned inputs for date picking.
  • Devices now grey out entries when WLAN group is off.
  • Fixed site settings save error.
  • Fixed issue with sending large files over WebRTC (e.g. backups).
  • Fixed an issue with fixed IP handling.
  • Fixed auto backup data retention days.
  • Fix Not Authorized/Bad Request on first launch after accepting SDN Invitation.
  • Fix WAN load balance config, so that it actually provisions to the USG.
  • Fixed initial value of data retention days.
  • Fixed slow database backup.
  • Fixed USG/USG-P4 port labels.
  • Fixed client status ordering.
  • Changed Revoke button to Delete button on Admins list.
  • Fixed success messages on saving configuration.
  • Fixed latency color in legend on Throughput graph.
  • Fixed wired uplink stats on AC-HD when using bonding.
  • Fixed an issue when trying to register controller with UniFi cloud tie in (unifi.ubnt.com).
  • Fix device menu when toggling small/normal markers on Map page.
  • Fix icons on clients graph on Dashboard page.
  • Fix speed test column chart.
  • Fix USG badge and tooltip on DPI settings page.
  • Fix typo in validation hints for IP.
  • Fixed 404 error when switching sites while editing.
  • Fixed email validation.
  • Fixed port forward validations.
  • Fixed domain name validation.
  • Fixed issue with controller causing too many directs (controller side fix for UNIFI-457).
  • Fixed issue with community string changing to public, regardless of configured value.
  • Fixed displaying sections on Guest Control settings page.
  • Fixed clickable area of alerts full screen button.
  • Fixed refreshing networks in switch property panel on network add/remove.
  • Fixed issue where local DNS record for UniFi may not provision when using USG.
  • Fixed an issue with current day stats being improperly calculated.
  • Fixed firewall rule validation.
  • Fixed problem with enabling Cloud Access.
  • Fixed an issue when granting admin privileges on a site.
  • Fixed services link not visible on mobiles.
  • Fixed removing items on WebRTC connection.
  • Fixed saving settings > controller.
  • Fixed clearing statistics.
  • Fixed panel expand/collapse icon aliasing.
  • Fixed uplink status when using bonding on AC-HD.
  • Fixed an issue with the remote IP in WebRTC logging, previously was always 127.0.0.1
  • Fixed import/export function. The configuration tab will not be visible after import.
  • Fixed available manual negotiation options for 10GBASE-T ports.
  • Added autofocus on 2FA token field.

Languages

  • Added beta warning for languages other than English.
  • Added Turkish translations.
  • Added Danish, Norwegian, and Turkish language support to Hotspot Portal.
  • Added support for Catalan, Norwegian (Bokmal) and Slovak languages to HotSpot.
  • Made Edit Account frame bigger to make enough room for labels in all languages.
  • Fixed speed test ping translation.
  • Updated translated.
  • Updated translations.
  • Added Catalan translations.

Ubiquiti UniFi Controller Management Software

Ubiquiti offers enterprise products at drastically reduced costs (e.g. compare the cost of their offerings to those from Meraki or Meru).

What is the Ubiquiti Controller?

Before you start installing any components you need to know about the Ubiquiti Controller. This is the management software for organizing one’s network.

The Ubiquiti controller is available for free download for Windows, Mac, or Linux; or one can use a Cloud Key. It requires the Java Runtime Environment and a web browser.

One can run the software on a management station (computer/server) at the location of the network or in the cloud.

Moving Between Controllers

  1. Log into the current controller.
  2. Go to Settings –> Site.
  3. Under Device Authentication, ensure you have set and know the current SSH username/password used to access devices.
  4. Go to Settings –> Maintenance.
  5. Download backup.
  6. Close controller window in browser.
  7. Right click on Ubiquiti Unifi Controller app and choose Quit.
  8. Login to new controller.
  9. Go to Settings –> Maintenance.
  10. Choose Restore and select recently created backup file.
  11. “Working Please Wait” appears on the screen indicating the unit is applying the update and rebooting. For me, this never seemed to go away, but I was able to launch a new instance of the controller web GUI without incident.