Ubiquiti UniFi Security Gateway Firmware Release Notes: 4.4.50-4.4.51

Official Release Notes

Features

  • Added firmware support for netconsole configuration provisioned by the controller (using config under Settings–>Site).

Improvements

  • If IDS/IPS signature update fails for any reason an alert is now sent to the controller with information about the problem. Other improvements also made to signature update process.
  • Now limits permitted SSH MAC algorithms to OpenSSH’s most recent defaults, disabling some older options.
  • Switched speed test to speed.ui.com
  • Now supports latest hardware revision of USG3.
  • Changed certificate generation parameters for USG’s local web UI so it creates and maintains certificates in accordance with new requirements in macOS Catalina and iOS 13.
  • 4.4.51
    • PPPoE client security update fixes a vulnerability that allows an attacker on the same broadcast domain as your WAN to crash the pppd process, potentially allowing remote code execution.

Bugfixes

  • Fixed GeoIP signature updates.
  • Fixed crash in guest redirector service where a host header is missing in the request.
  • No longer makes unifi resolve to 127.0.0.1 when USG goes into self-run.
  • IDS/IPS signature updates triggered during bootup are delayed until internet connectivity is established.
  • Changed DDNS client configuration format to ensure credentials and hostname are used only with the associated provider.

Ubiquiti UniFi Firmware Release Notes: 4.0.69.10871 – 4.3.20.11298

Official Release Notes

Features

  • US-XG-6POE
    • [4.3.13.11253]
    • [4.0.69.10871]
      • Enabled L3 support.

Improvements

  • nanoHD/IW-HD/FlexHD/BeaconHD
  • UAP
    • [4.3.20.11298]
      • Improved isolated AP logging.
    • [4.3.13.11.253]
      • Improved tracking of DHCP state.
      • Improved guest portal stability.
      • Reduced false positives when forcing high performance devices to 5 GHz.
      • Improved fast roaming stability.
      • Re-architected static and dynamic VLAN support.
      • Improved encrypted netconsole reliability.
    • [4.0.69.10871]
      • Tweaked performance.
      • Refactored High Performance Devices.
      • Implemented ICMP RTT tracking, improved stability of tracking.
      • TCP Latency Report now shows N/A if no traffic.
      • Switched guest control to use ipset.
      • Now uses Access Point MAC Address for Fast Transition packets.
      • Added old IPW2200 cards to 2 GHz whitelist.
  • UAP-G3
    • [4.3.13.11.253]
      • Enabled VHT160 for Japan.
      • Improved throughput of VLAN-tagged SSIDs.
      • Improved crash log reporting.
  • UAP-G2/G3
    • [4.3.13.11.253]
      • Improved wireless uplink connect time and reliability.
  • UAP-G2
    • [4.3.20.11298]
      • Improved wireless uplink stability on downlink.
      • If debug logging is enabled, increase authenticator log level.
  • UAP-MTK
    • [4.3.20.11298]
      • Improved upgrade reliability.
      • Now send roam events instead of disconnect events when clients roam.
    • [4.3.13.11.253]
      • Throughput has been improved.
      • Fast roaming capability has been improved.
      • Added Refactor High Performance Device feature.
      • Disabled frequent Transmit Beamforming (TXBF) updates to increase client compatibility.
      • Improved wireless uplink background scanning.
      • Fixed connectivity issue with “high performance devices” feature in sites with many devices.
  • HW
    • [4.3.13.11.253]
      • Now detects/reports unstable processes.
      • Improved high memory usage reporting and memory reporting generally.
      • Improved status LED patterns/tempo.
      • Now allows sending anonymous analytics to developers.
    • [4.0.69.10871]
      • Allowed disabling crash and critical event reporting; now disabled by default.
      • Improved accuracy of memory use calculations.
  • USW-Pro/USW-PoE/USP-RPS
    • [4.3.13.11.253]
      • Updated LCM (Lifeycle Management?) firmware to add new status messages and fix PoE power checking.
  • USW-Flex
    • [4.3.13.11.253]
  • USW-Pro
    • [4.3.13.11.253]
      • Improvements to LCM firmware.
      • Implemented overheat and RPS power warnings.
  • USW-Gen2
    • [4.3.13.11.253]
      • Updated bootloader, now enables LEDs before booting.
  • USW
    • [4.3.20.11298]
    • [4.3.13.11.253]
      • Improved crash reporting.
      • Decreased STP load under some circumstances.
      • Improved multicast delivery.
      • Now reports port error reasons to controller.
  • ULTE
    • [4.3.13.11.253]
      • Improved on-screen graphics, updated display.
      • Added larger data overage backoff.

Bug Fixes

  • HD/SHD/XG/BaseStationXG
    • [4.0.69.10871]
      • Fixed several rare crashes.
  • HD/SHD/XG/UWB-XG
  • nanoHD/IW-HD/FlexHD/BeaconHD
  • US/L2-PoE/16-XG/XG-6PoE/USW-Pro
  • USW
    • [4.3.20.11.298]
      • Fixed DHCP flooding between isolated ports.
      • Fixed DHCP packet inter-VLAN route loop by DHCP snooping.
    • [4.0.80.10875]
      • Reverted changes from 4.0.69 that introduced DHCP issues when LACP is used.
  • US-8/16/24/48/###W/L2-PoE/16-XG/XG-6PoE/USW-Pro
    • [4.3.13.11.253]
      • Fixed regression/bugs causing DHCP issues when using LACP.
  • US-8/16/24/48/L2-PoE/16-XG/XG-6PoE
  • HW
    • [4.3.13.11.253]
      • No longer reboots if firmware update fails.
      • Fixed device disconnected after failed firmware download.
      • Fixed system log encryption memory leak.
      • Fixed slow frequency of internet ping after initial check.
    • [4.0.80.10875]
      • Limited MAC addresses from being reported when analytics are enabled.
    • [4.0.69.10871]
      • Fixed provisioning of system.analytics.status.
      • Remove HMAC-MD5 support for shell access.
  • US8-450W/USC-8
    • [4.3.13.11.253]
      • Fixed management VLAN.
  • USW-8
    • [4.3.13.11.253]
      • Fixed static IP bug after changing management VLAN.
  • USW-POE
    • [4.3.20.11.298]
      • Fixed PoE initialization issue.
      • Fixed LCM upgrading.
    • [4.3.13.11.253]
      • Fixed PoE LED issue on 16 port model after soft reboot.
      • Fixed flow control command.
  • USW-48-POE
    • [4.3.13.11.253]
      • Fixed port mapping.
  • USW-G2
    • [4.3.13.11.253]
      • Resolved issue with loopback test.
  • USW-Flex
    • [4.3.13.11.253]
      • Fixed PoE off failure when powered by 802.3af/at.
      • Fixed 802.3af reporting issue.
  • UAP-BeaconHD
    • [4.3.13.11.253]
      • Now factory resets device if wireless uplink is disabled on site.
  • UAP-AC-IW
    • [4.3.13.11.253]
      • Fixed multicast packet leaking security issue.
  • IWHD
    • [4.3.14.11.253]
      • Fixed invalid port parameters, port or cfg = NULL error when switch ports disabled.
  • UAP-PRO
    • [4.3.14.11.253]
      • Fixed wireless uplink static VLAN.
  • UAP
    • [4.3.20.11.298]
      • Fixed intermittent multicast packet loss on static VLANs.
      • Fixed memory leak in netconsole when operating as wireless downlink.
      • Fixed Gen1 PS4 connectivity issue when high performance devices enabled.
    • [4.3.14.11.253]
      • Fixed wireless uplink static VLAN.
      • Fixed reported QoS Basic Service Set (QBSS) channel utilization for 5GHz radio.
      • Fixed reported RSSI and noise floor.
      • Fixed issue with 0% Channel Utilization in QBSS Report.
      • Fixed issue when modifying High Performance Device feature.
      • Fixed multicast TX in congested 2.4GHz environment.
      • Fixed issue that caused second/third radio to intermittently not come up properly on provision.
      • Fixed DNS parsing instability.
      • Fixed stability issue when handling Dynamic Frequency Selection (DFS) events.
      • Fixed udhcpc continuous instability bug.
      • Fixed authenticator instability and crash reporting.
      • Fixed roaming notification for APs.
      • Fixed guest portal instability.
      • Fixed intermittent RADIUS COA failure.
      • Improved Fast Roaming management bridge detection.
      • Fixed memory leak when using Auto-Optimize Network or High Performance Devices.
      • Now keeps IPv6 enabled on dynamically created DVLAN interface.
      • Fixed multicast issue with DVLAN SSIDs and untagged Users.
      • Fixed configuration bug when DVLAN is disabled on SSID.
      • Fixed stability issue with ICMP tracking.
      • Fixed stability issue with WLAN schedules.
      • Fixed management VLAN bridging when using wireless uplink
      • Fixed sticky DNS latency reporting.
      • Fixed TCP latency calculation.
      • Fast Transition packets are now routed to proper bridge.
      • WEP clients are now allowed to be on VLANs.
      • Fixed a crash that could occur during Guest Control provisioning.
      • Fixed bug with Connectivity Monitor that caused it to bring down WLANs when gateway is unreachable.
      • Fixed ICMP latency stability.
      • Fixed DVLAN if management VLAN is unspecified.
      • Fixed minimum RSSI fast-apply issue.
  • UAP-G1
    • [4.3.14.11.253]
      • Improved probe response transmission.
  • UAP-G2/G3
    • [4.3.20.11.298]
      • Fixed some issues with wireless uplink connectivity.
    • [4.3.14.11.253]
      • Fixed minor Fast Roaming issue related to QBSS.
      • Added Antigua and Barbuda as countries.
      • Fixed DVLAN connectivity between clients on the same interface (introduced in 4.1.0).
      • Fixed slow memory leak when using a Dynamic VLAN SSID.
      • Fixed Activity Down stats.
  • UAP-G3
    • [4.3.20.11.298]
      • Fixed intermittent inability to connect with Gen3 UAP as downlink.
    • [4.3.14.11.253]
      • Adjusted environmental thresholds.
      • Fixed an issue with rate control handling which could trigger an assert.
  • UAP-G3/MTK
    • [4.3.14.11.253]
      • Fixed fast-roaming issues.
  • UAP-MTK
    • [4.3.20.11.298]
      • Fixed inability for WiFi to operate when proxy ARP is enabled.
      • Fixed issue when country is set to Faroe islands.
  • USP-RPS
    • [4.3.14.11.253]
      • Fixed false alert for power delivery.
      • Added initial RPS information to LCM.
  • ULTE
    • [4.3.14.11.253]
      • Added MSS clamping.
      • Fixed security issue if U-LTE had public WAN IP.
      • Fixed intermittent LTE upgrade issue.
      • Fixed support for SIM PINs.
      • Fixed DHCP client issue when guest network was enabled.

Ubiquiti UniFi Firmware Release Notes: 4.0.42.10433-4.0.66.10832

4.0.66.10832

  • USW
    • Added support to configure/show 802.1X idle timeout for MAC-based mode.
    • Adjusted log level for DHCP snooping and to prevent flooding..
    • Fixed port based MAC filter whitelist bug.
  • nanoHD/IW-HD/FlexHD
    • Improved memory usage.
    • Made system optimizations.
    • Fixed available channel list when country code set to Philippines.
    • Fixed DVLAN support when using MacAuth.
    • Fixed minRSSI support.
    • Fixed RADIUS MAC Auth support.
    • Fixed support for High Performance Devices features.
    • Made a fix to prevent PS-POLL storm from the STA connection state out-of-sync issue.
    • Fixed unknown/inconsistent VAP warnings.
    • Fixed User Group support when using multiple SSIDs and/or wireless uplinks.
  • FlexHD
    • Enabled DFS support.
  • UAP
    • Added support for resolving controller for guest portal when FQDN is unavailable on DNS used by guests.
    • Changed EAP auth timing.
    • Dynamically generates guest portal certificates using Apple rules and FIPS-140-2 requirements.
    • Improved DNS latency reporting to mitigate false positives.
    • Moved traffic mark allocation handling from device to controller.
    • Tweaked Wi-Fi Experience scoring.
    • Updated to hostapd 2.8.
    • Fixed 802.11k Neighbor Report request function.
    • Fixed a race condition which may cause DNS failures for Guest Portal.
    • Fixed Fast Roaming support after hostapd 2.8 update.
    • Fixed RADIUS DAS/DAC/CoA support.
    • Fixed several memory leaks.
    • Several fixes and improvements for Fast Roaming support.
  • UAPG2/G3
    • Fixed HT Information IE.
  • USW-Flex
    • Improved power management to allow PD(s) to power up when there is available power.
    • Fixed panic when netconsole encryption enabled.
  • USW
    • Enabled libcurl verbose logging.
  • HW
    • Added encrypted syslog/netconsole support.
    • Added crash and critical event reporting.
    • Enabled LLDP support for all possible devices.
    • Improved inittab process management.
    • Fixed netconsole setup issue when multiple ARP addresses present.
  • AC-M-Pro
    • Fixed flipped port negotiation stats.
  • HD/SHD/XG/BaseStationXG
    • Fixed netconsole encryption support.
    • Made microcode update to resolve a rare memory corruption issues.
  • UAP-XG/BaseStationXG
    • Fixed range of issues with 10Gbps Ethernet PHY.
  • US/US-PoE/L2-PoE/16-XG/XG-6PoE
    • Fixed DHCP leak on isolated ports when DHCP snooping is enabled.
    • Fixed IGMP fast leave provisioning.
  • USW-XG-6POE
    • Fixed flood of DHCP request/reply packets to all VLAN members.
  • UIS
    • Added Port Security feature support.

4.0.54.10625

  • UAPG2/G3
    • Fixed bug causing false dropped packets to be reported on dashboard.
  • UAPG1/G3
    • Fixed reported ethernet negotiation.
  • UAPG2
    • Fixed segfault during wireless adoption.
  • UAPG1
    • Fixed wireless uplink loop issue.
    • Improved client STA connection stability when using wireless uplinks.
  • AC-Pro/EDU/M-Pro/AC-IW/IW-Pro
    • Fixed ethernet PHY behaviour.
    • Fixed reported ethernet negotiation.
  • HD/SHD/XG/BaseStationXG
    • Fixed an issue where wireless uplink may fail to reconnect.
    • Fixed segfault during wireless adoption.
  • UAP-XG/UWB-XG
    • Fixed an issue with the uplink monitor which may have caused it to erroneously take down all SSIDs.
  • UWB-XG
    • Removed bandsteering as it’s unsupported on this device.
  • nanoHD/IW-HD/FlexHD
    • Adjusted block ACK log level to avoid log spam.
    • Changed so downlink AP follows channel width of the uplink AP.
    • Fixed broadcast/multicast tx stuck issue which may cause high memory usage.
    • Fixed inter-DVLAN broadcast and multicast traffic leaking.
    • Fixed issues with RF environment scan.
    • Fixed VHT information element.
    • Fixed Vietnam channel list.
    • Improved device boot time.
    • Made other stability improvements.
  • IW-HD
    • Fixed DVLAN DHCP issue when Port VLAN is enabled.
    • Fixed VLAN behavior on device reboot.
    • Now properly authenticates wired 802.1X clients on reboot/provision.
  • UAP
    • Added DNS latency tracking.
    • Added new event to identify STA disconnects.
    • Added support for Faroe Islands.
    • Now allows 40MHz on 2.4GHz when country code set to Japan.
    • Fixed a bug when SSH key added via config.properties instead of controller UI.
    • Fixed bug which may cause reboot after provision.
    • Fixed Fast Roaming support.
    • Fixed guest portal failing to redirect on untagged subnet when devices has a static IP.
    • Fixed guest portal provisioning and added reporting for configuration issues.
    • Fixed issue with Ring Chime Pro and PS4 when using Auto-Optimize Network or High-Performance Devices.
    • Fixed random error which caused device to crash when running RF Environment scan.
    • Fixed uplink monitor behavior under heavy unicast load.
    • Fixed wireless adoption backwards compatibility.
    • Made general improvements to Auto-Optimize Networks/High-Performance devices.
    • Improved CPU usage.
    • Improved wireless link stability and wireless uplink stat change logic.
    • Increased 5GHz bias for wireless uplink on dual-band models.
  • nanoHD/IW-HD
    • Fixed a bug where device may not reply to probe request frames.
  • US/US-POE/XG/USW-6POE
    • Added live link status update capability.
    • Enabled IPv6 support for management.
  • US-24-250W/500W
    • Fixed erroneous PoE init failure message on fully functional devices.
  • USW
    • Aligned syslogd prefix format with other devices.
    • Made a potential fix for a bug with DHCP snooping which can cause issues with DHCP.
  • US-16-XG
    • Fixed 2.5 Gbps speed report issue.
  • USW-6POE
    • Added 2.5 Gbps speed support for SFP+ ports.
    • Fixed PoE auto-detect behavior of 802.3bt ports.
    • Improved 802.3bt port compatibility with dual-voltage devices.
    • Improved reboot robustness.
    • Improved SFP port autodetect robustness.
  • SEC
    • Security improvements.
  • HW
    • Improved L2 unadopted upgrade robustness.

4.0.42.10433

  • UAPG2/G3
    • Fixed corrupt UBNT IEs.Now handle broadcast DHCP replies properly while using dynamic VLANs.
  • UAPG1/G2
    • System optimizations.
  • UAPG2
    • Fixed 100FDX negotiation issue after wired uplink state change.Fixed downlink AP crash when using a DFS channel for wireless uplink.Fixed wireless uplink priority selection fail.
  • UAPG1
    • Fixed ethernet negotiation.Fixed issue causing no ethernet link when link partner uses manual negotiation.Fixed remaining issues with establishing an ethernet link.
  • AC-Pro/EDU/M-Pro
    • Fixed performance regression in 4.x when uplink is 100Mbps.
  • HD/SHD/XG/BaseStationXG
    • Fixed mDNS leak when Broadcast and Multicast Filter enabled.Fixed reset button behavior.Made stability and compatibility improvements when using ‘Auto-Optimize Network’ or ‘High Performance Devices’.Updated kernel.
  • HD/SHD/XG
    • Fixed bug causing lower than expected MCS and throughput when TX power >=25dBm.
  • BaseStationXG
    • Fixed GPS support.
  • nanoHD/IW-HD/UDM-B
    • Added association tracking support.Added support for ‘High Performance Devices’ (also part of ‘Auto-Optimize Network’).Added support to display which client STAs support Fast Roaming.Enabled client STA keepalive support.Fixed 802.11w (PMF) provisioning.Fixed a crash when running RF Environment scanning.Fixed a null pointer access issue.Fixed AndesSendCmdMsg warnings.Fixed downlink AP TX rate degradation issue.Fixed false anomalies/failures.Fixed some memory leaks.Fixed speed regression caused by unaligned access.Fixed TX retry and drop count.Fixed wireless uplink packet forwarding issue.Improved multi-client performance.Stability improvements.System optimizations.Tweaked WiFi Experience scoring.
  • UDM-B
    • Disable RF Environment scanning as it’s unsupported.
  • UAP-IW
    • Fixed behavior so ports are switched instead of isolated.
    • Fixed link flapping and switch VLAN behavior.
    • Fixed port/management VLAN provisioning.
    • Fixed reported inittab respawn errors.
  • UAP
    • Added DFS backup channel feature.
    • Added initial RFC-5176 support.
    • Added U-NII-2C support for Panama country code.
    • Fixed a bug which caused mcad to be removed unexpectedly after a provision.
    • Fixed a bug with guest portal redirection.
    • Fixed and improved User Groups support.
    • Fixed Apple Watch support when using ‘Auto-Optimize Network’ feature.
    • Fixed connectivity issue for 2.4GHz only devices when using ‘Auto-Optimize Networks’ or ‘High Performance Devices’.
    • Fixed false ‘Blocked by access control’ anomalies.
    • Fixed false DHCP timeout/failure anomalies.
    • Fixed incorrect/lower than expected 2.4GHz TX power limits.
    • Fixed issues when multiple guest networks on an AP.
    • Fixed RADIUS failover behavior.
    • Fixed RF Environment scanning bug which caused APs to require a power cycle after running a scan.
    • Improved client STA compatibility when using ‘High Performance Devices’ (also part of ‘Auto-Optimize Networks’).
    • Regulatory updates for Russia.
  • U-LTE
    • Disabled RF Environment scanning as it’s unsupported.
  • USW
    • Fixed timeout issue when provisioning 200+ VLANs.
  • UIS
    • Improved PD compatibility.
  • USW-Pro/XG-6POE
    • Added initial routing support.
    • Fixed a bug that may cause the in-row SFP port to disable when setting an ethernet port to disabled.
    • Further improved PD autodetection.
    • Improved handling when no uplink detected.
    • Improved PoE reliability.
  • USW-Pro
    • Added LCM brightness/sync support.
    • Changed throughput update interval on LCM to 1 second.
    • Fixed a rare bug in LCM initialization during boot.
    • Improved reliability of LCM sync feature.
    • Tweaked LCM touch event behavior.
  • USW-Flex
    • Fixed a bug which may prevent device from booting.
    • Improved device initialization reliability.
  • US8
    • Disabled IPv6 on VLAN interfaces.
  • USW
    • Added Wired User Experience support.
    • Fixed 10/100Mbps manual negotiation.
    • Fixed false PoE overload events.
    • Fixed SNMPv3 data leaking without auth.
    • Improved Fault Status text when checking PoE info via shell.
  • SEC
    • Fixed CVE-2019-8912.
  • HW
    • Fixed alerts generated when inittab restarts a process.
    • Fixed STUN URL resolution.
    • Fixed support for Custom Upgrades via FTP.
    • Miscellaneous bug fixes and improvements.

Ubiquiti UniFi Firmware Release Notes: 3.9.27.8537-4.0.21.9965

Sorting out all the different software releases from Ubiquiti can leave one in a bit of a tizzy (or at least it did me at first). Essentially things break down like this:

  • Most UniFi Equipment (APs, switches) – gets the general firmware release
  • UniFi Cloud Controller – this is the control software, the other software is installed on the individual devices, this is the management UI you use
  • UniFi Security Gateways – get their own firmware
  • UniFi Cloud Keys – get their own firmware, which is oftentimes just an update to the cloud controller software

Official Release Notes

Since 4.0.15

  • UAPG2
    • Improved latency in high traffic installations
  • HD/SHD/XG/BaseStationXG
    • Improved stability
    • Optimized multicast traffic
  • nanoHD/IW-HD
    • Fixed DTIM provisioning issue
    • Fixed a bug in TX power provisioning
    • Fixed WiFi Experience feature
    • Fixed bandsteering disconnection issue
    • Fixed displayed RX rate issue
    • Fixed available channel list for China
    • Fixed fast-apply issue with changing channel width
    • Fixed data forwarding issue when client STA roams from wired AP to wireless uplinked AP
  • IW-HD
    • Fixed wired 802.1X Auto Mode
  • UAP
    • Tweaked Wi-Fi Experience scoring
    • Improved wireless uplink loop detection
    • Fixed bug that might cause MAC ACL and bandsteering to conflict
    • Fixed uplink detection function
    • Fixed ifindex reporting via SNMP
    • Fixed VLAN provisioning bug introduced in 4.0.18
    • Properly isolated dynamic VLANs
    • Security improvements for guest authentication
  • XG6POE
    • Improved PD auto detect
    • Fixed PoE issue which may occur on reboot
  • USW
    • Fixed multiple bugs causing WiFi clients to show as wired once disconnected from WiFi network
  • HW
    • Fixed CVE-2019-5747
    • Misc

Since 4.0.14

  • HD/SHD/XG/BaseStationXG
    • Fixed some IE corruption (related to wildcard and uplink SSIDs)
  • nanoHD/IW-HD
    • Tweaked performance
  • HW
    • Misc.

Since 4.0.10

  • HD/SHD/XG/BaseStationXG
    • Fixed handled of IEs so wildcard SSIDs don’t cause memory corruption.
    • Resolved an illegal memory access when bonding enabled
  • XG/BaseStationXG
    • Enabled multi-radio wireless uplink
  • HD/SHD
    • Enabled VHT160 support
  • nanoHD/IW-HD
    • Fixed downlink staying disconnected after channel change or reboot when uplink using DFS channels
    • Fixed ADDBA Request loop triggered by some client STAs
    • Fixed dynamic VLAN with Fast Roaming issue
  • UAPG2
    • Fixed physical reset function
  • UAP
    • Fixed channel 14 support
    • Fixed issue where all downlink APs are disassociated when one donwlink detects a network loop
  • USW
    • Added alert temperature to environment stats
  • HW
    • Fixed an adoption issue which could occur after known device is reset to factory defaults
    • Misc.

Since 3.9.54

  • UAPG3
    • Fixed BLE support.Fixed a node leak.Fixed a bug here AP may wrongly kick a client STA when “on other VAP” occurs.Fixed a bug in uplink that would cause downlink to hang after channel change.Fixed inter-VLAN communication issue.Fixed and improved wireless uplink support.Fixed bug causing RF scanning to return incorrect results.
  • UAPG3/G2
    • Enabled VHT40/80 support for Japan.Switched to LEDE framework.Implemented upgraded authenticator.Fixed Fast Roaming support.Fixed Cell Size Tuning Support
  • UAPG2
    • Fixed a bug where downlink was disconnected when uplink AP changes channels.
  • HD/SHD/XG/BaseStationXG
    • Fixed and improved Hotspot 2.0 support.
  • SHD/XG/BaseStationXG
    • Enabled Rogue AP scanning on security radio.
  • XG/BaseStationXG
    • Fixed reported 10Gbps PHY rate.
  • BaseStationXG
    • Enabled LED bar and OLED display support.
  • nanoHD/IW-HD
    • Added client ‘Framed-IP-Address’ to RADIUS accounting data.
    • Improved 802.11k scanning.
    • Improved Ethernet stability.
    • Improved Fast Roaming support.
    • Fixed a bug which caused bandsteering to fail to initialize.
    • Fixed instability caused by enabling WLAN scheduling.
    • Fixed throughout issue for clients with certain Intel wireless cards.
    • Fixed wireless adoption issue.
    • Fixed a memory leak.
    • Fixed multiple downlink support.
    • Fixed wrong passphrase issue that some client STAs encountered.
    • Fixed mDNS packets being dropped by IGMP snooping.
    • Fixed bandsteering support when WLAN scheduling enabled.
    • Fixed bug causing instability when netconsole was enabled.
    • Fixed bug which caused some SSID(s) not to broadcast.
    • Fixed a bug in bandsteering.
    • Fixed issue with wireless adoption when in factory default state.
    • Fixed wireless uplink VLAN broadcast/multicast packets format error.
    • Fixed SSDP dropped by IGMP snooping.
    • Fixed bug causing a drop in transmit performance.
    • Fixed RF scanning support.
    • Fixed support for 8 SSIDs per radio.
    • Fixed bug which may cause an AP to stop forwarding packets when configured to use wireless uplink.
    • Fixed bug when using VLANs in a wireless uplink topology.
    • Stability improvements.
  • IW-HD
    • Added wired RADISU MA auth & DVLAN support.
    • Added wired 802.1X fallback VLAN support.
    • Added support for controlling PoE passthrough.
    • Enabled cell size tuning support.
    • Fixed 802.1X automode.
    • Fixed bug in wired 802.1X support.
    • Fixed wireless uplink support while in factory default state.
  • EDU
    • Uses new package manager for EDU SIP.
  • UAP
    • Enabled fast-apply support for minRSSI.
    • Silenced unnecessary LLDP log spam.
    • Fixed false MAC filter rejection anomalies in the controller.
    • Improved wireless uplink loop detection to fix disconnect issues.
  • USW
    • Added more DHCP snooping statistics to CLI output.
    • Increased local syslog size.
    • Now forwards IGMP report packets only on ports with LLDP remote entry.
    • Fixed bug causing issues with DHCP in some environments.
  • USXG6POE
    • Improved PD compatibility.
  • HW
    • Fixed DHCP option 43 support.
    • Fixed false ‘Decrypt Error’ events and improved logging.
    • Security improvement.
    • Miscellaneous bug fixes and improvements.

Since 3.9.42

  • UAPG3
    • Fixed bandsteering when using channel 144.
    • Fixed IP endianness issue.
    • Fixed DPI blocking support.
  • UAPG3/G2
    • Added advanced guest isolation support.
    • Added simple DNS tracking for client STAs to syslog.
    • Fixed leak which caused provisioning/upgrade issues (“Timeout waiting for OL vap X to stop” in syslog).
    • Fixed 802.1X identity not working when Fast Roaming was enabled.
  • XG/BaseStationXG
    • Added multi interface uplink support.
  • BaseStationXG
    • Enabled OLED display support.
  • nanoHD/IW-HD
    • Added 802.11k and 802.11r support.
    • Added support for minimum PHY rate control.
    • Improved wireless uplink stability.
    • Updated 802.11k scan policy.
    • Enhanced bandsteering and set daemon to 802.11v BSS Transition Management (BTM) only mode.
    • Fixed client STA can’t connect after WLAN schedule executed.
    • Fixed bug which caused default SSIDs to broadcast in some cases.
    • Stability and performance improvements.
  • IW-HD
    • Added DFS support.
    • Added wired 802.1X support.
    • Fixed an issue with client STA roaming.
    • Fixed scheduling while atomic bug which caused the management daemon to crash.
  • UAP
    • Added loop detection to wireless uplink.
    • Fixed a bug in RADIUS MAC Auth provisioning.
    • Fixed throughput drop.
    • Fixed bug with rate limiting support.
    • Fixed bug which allowed fast roaming to be enabled on SSIDs that are either open or using WEP.
    • Reduced uplink-monitor log spam.
  • USW
    • Fixed false RX Fault errors showing on some UF-RJ45-1G modules.
    • Fixed SNMPv3 fast-apply fail due to special characters in password.
    • Fixed switch LAG link failed bug.
    • Fixed a memory leak.
    • Fixed false alerts when fan running at low duty.
    • Fixed SSDP forwarding issue.
    • Fixed false overheating alerts.
    • Fixed LAG port LED off issue.
  • HW
    • Improved firmware update error code reporting.
    • Fixed device inform issue with DNS resolving to wildcard IPs.
    • Miscellaneous bug fixes and improvements.

Since 3.9.27

  • USW
    • Fixed RADIUS server provisioning.
    • Added Port Security and MAC ACL support.
    • Added 802.1X guest VLAN support.
    • Restarts DHCP client after a port is up.
    • Fixed LAN client stats when using LACP/LAG.
    • Fixed issue with default VLAN not working when using MAB.
    • Fixed ability to toggle flow control.
    • Disabled SNMP by default.
    • Reduced max VLANs to 255 (default), which lowers memory use by ~10%.
  • HW
    • Added URL support for DHCP option 43.
    • Several fast-apply provisioning improvements.
    • Unified several modules across various UniFi platforms (UAP, USW, USG).
    • Various bug fixes and improvements.

Since 3.9.24

  • UAPG3
    • Fixed crash when 802.11r enabled.
    • Reverted patch which disabled secondary ethernet when using wireless uplinks.
  • UAPG3/G2
    • Improved channel utilization reporting accuracy.
  • UAPG2
    • Improved performance.
  • HD/SDH/XG
    • Fixed issue with reported uplink interface after RF scan when bonding is enabled.
    • Fixed 802.1X VLAN reporting when RADIUS VLAN enabled.
    • Increased ntp client update frequency.
    • Improved client STA performance for SSIDs with DVLAN enabled.
    • Removed unnecessary logging.
  • SHD/XG
    • Fixed performance issue.
  • XG
    • Reenabled auto-negotiation on the 10GbE PHY.
  • nanoHD
    • Reenabled auto-negotiation on the 10GbE PHY.
    • Added channel utilization counters.
    • Added DTIM support.
    • Added initial bandsteering support.
    • Added athstats tool.
    • Added broadcast filtering support.
    • Enabled DFS support.
    • Fixed broadcast filter configuration.
    • Fixed hidden SSID support.
    • Fixed a crash triggered by provisioning.
    • Fixed a bug causing SNMP hostname to disappear after provision and reboot.
    • Fixed PMF support.
    • Various stability improvements.
  • UAP-Pro
    • Removed bandsteering (isn’t supported).
  • UAP
    • Disabled the DS fast BSS transition.
    • Fixed management VLANs on downlink UAPs.
    • Fixed bug which caused 100% CPU use when fast BSS transition enabled.
    • Various wireless uplink changes, including adding multi-radio uplink support.
    • Tracks MAC filter rejections.
    • Various bug fixes and improvements.
  • USW
    • Fixed crash caused by autodetect.
    • Adjusted MAB priority, no longer waiting for 802.1X timeout to process.
    • Fixed port mirror provisioning.
    • Added switch PoE port overload and disconnect reporting.
    • Various bug fixes and improvements.
  • HW
    • L3 adoption and management improvements.

Ubiquiti UniFi Firmware Release Notes: 3.9.24.8264

Official Release Notes

You can find official release notes from Ubiquiti here:

HD/SHD/XG

  • 3.9.24-3.9.27.8537
    • Fixed an issue with the reported uplink interface after RF scan when bonding was enabled.
    • Fixed 802.1X VLAN reporting when RADIUS VLAN was enabled.
    • Increased NTP client update frequency.
    • Improved client STA performance for SSIDs with DVLAN enabled.
    • Removed unnecessary logging.
    • SHD/XG Only
      • Fixed a performance issue.
    • XG Only
      • Re-enabled autonegotiation on the 10 GbE PHY.
  •  3.9.21-3.9.24.8264
    • Improved device stability when using rate control.
    • Fixed channel utilization stats.
    • Fixed spectral scanning support.
    • Fixed forwarding of fragmented IPv6 packets.
    • SHD/XG Only
      • Made improvements to airTime.
  • 3.9.19-3.9.21.8191
    • Fixed the speed regression introduced in 3.9.18.
    • Made an improvement to stability.
    • XG Only
      • 10Gbps Ethernet performance Improvements.
  • 3.9.18-3.9.19.8123
    • Fixed a memory leak when multicast enhancements were enabled.
  • 3.9.15-3.9.18.8086
    • Made improvements to stability and performance.
  • 3.9.3/3.9.6-3.9.15.8011
    • XG Only
      • Fixed airView and airTime support.
    • USXG Only
      • Improved LAG config handling.

nanoHD

  • 3.9.24-3.9.27.8537
    • Added:
      • Channel utilization counters.
      • DTIM Support.
      • Initial Bandsteering support.
      • athstats tool.
      • Broadcast filtering support.
    • Enabled DFS support.
    • Fixed:
      • broadcast filter configuration.
      • hidden SSID support.
      • crash triggered by provisioning.
      • bug causing SNMP hostname to disappear after provision and reboot.
      • PMF support.
  •  3.9.21-3.9.24.8264
    • Added channel utilization support (currently 5GHz only).
    • Enabled VHT160 support.
    • Added nslookup.
    • Enabled MU-MIMO.
    • Fixed per-STA rate limiting support (user groups).
    • Stopped broadcasting default SSID.
    • Added MAC ACL support.
    • Fixed RADIUS VLAN support.
    • Fixed fast-apply support.
    • Fixed HT40 support on 2.4GHz.
    • Made improvements to stability.
  •  3.9.19-3.9.21.8191
    • Merged 3rd release firmware.
    • Added RADIUS VLAN support.
    • Added fast-apply support.
    • Added 802.11w support (PMF).
    • Added 802.11X identity support.
    • Disabled country code IE.
    • Made improvements to stability.
  • 3.9.18-3.9.19.8123
    • Fixed MBSS support.
    • Made improvements to stability.
  • 3.9.15-3.9.18.8086
    • Added guest control support.
    • Added 802.1X support.
    • Added support for multiple BSSIDs per radio.
    • Fixed issue when using a bracket in the ESSID or PSK.
    • Fixed auto channel selection issue.
    • Fixed 802.11n negotiation issue.
    • Fixed issue which could cause Ethernet to stay down after provision or reboot.
  • 3.9.3/3.9.6-3.9.15.8011
    • Added stainfo support.

UAP

  • 3.9.24-3.9.27.8537
    • Disabled over the DS fast BSS transition.
    • Fixed management VLANs on downlink UAPs.
    • Fixed a bug which sometimes caused 100% CPU usage when fast BSS transition was enabled.
    • Made various wireless uplink changes, including adding multi-radio uplink support.
    • Now track MAC filter rejections.
    • UAPG3 Only
      • Fixed remaining crash when 802.11r is enabled.
      • Reverted a patch which disabled the secondary ethernet when using wireless uplinks.
    • UAPG2/G3 Only
      • Improved channel utilization reporting accuracy.
    • UAPG2
      • Made improvements to performance.
    • UAP-Pro Only
      • Removed bandsteering as it isn’t supported.
  •  3.9.21-3.9.24.8264
    • Refactored and improved fast-apply, which also fixed two small memory leaks.
  •  3.9.19-3.9.21.8191
    • Fixed a memory leak related to the redirector.
    • UAPG2/G3 Only
      • Now tracks TX airtime latency.
    • UAPG1 Only
      • Fixed device firmware upgrade.
  • 3.9.18-3.9.19.8123
    • Fixed NAS-IP-Address attribute so that it always returns the management IP of the AP.
  • 3.9.15-3.9.18.8086
    • Improved STA signal reporting
    • Made improvements to wireless uplink/mesh V3.
    • Fixed a bug with rate control when using multiple SSIDs.
  • 3.9.3/3.9.6-3.9.15.8011
    • Fixed a small memory leak.
    • Fixed outdoor flag.
    • Added fast-apply for guest portal.
    • Improved guest portal redirector handling.
    • Fixed a bug with L3 wireless adoption.
    • Fixed bandsteering.
    • Fixed issue with bridge priority so the secondary ethernet port remains enabled.
    • Improved DFS.
    • Fixed an issue preventing bandsteering from being enabled.
    • Fixed an issue with the downlink monitor.
    • Added uplink priority for the bridge interfaces.
    • Added KRACK AP mode patches for 802.11r.
    • UAPG3 Only
      • Fixed minimum rates.
      • Further improvements to device upgrade and boot times.
      • Fixed a crash in hostapd when Fast Roaming is enabled.
      • Added support for 82.11r and 802.11k.
      • Fixed channel utilization reports.
      • Improvement bootup and TFP recovery times.
    • UAPG2/G3 Only
      • Added RADIUS VLAN support to MAC authentication bypass.
      • Fixed a bug which prevented APs from uprgading when bandsteering was neabled.
      • Fxied issue with 3.9.3.7537 which caused some APs to not accept any clients.
    • UAPG2 Only
      • Added support for 802.11k.
    • UAPG1/G2
      • Added net-snmp.

HW

  • 3.9.24-3.9.27.8537
    • Made L3 adoption and management improvements.
  •  3.9.21-3.9.24.8264
    • Added device hostname in shell.
    • Optimized image size.
  •  3.9.19-3.9.21.8191
    • Enabled TCP Packetization-Layer Path MTU Discovery when an ICMP black hole is detected.
    • Improved CPU utilization of SNMP.
  • 3.9.18-3.9.19.8123
    • Fixed some issues which would cause L3 adopted devices to show up as disconnected in the controller.
    • Fixed SNMP sysName.
  • 3.9.15-3.9.18.8086
    • New protocol implementation.
    • Added controller support for netconsole.
  • 3.9.3-3.9.15.8011
    • Improved security.
    • Updated openssl package to 1.0.2m.
    • Updated curl to 7.57.0.
    • Added IPv6 management support.
    • Improved event notification on device upgrade.

USW

  • 3.9.21-3.9.27.8537
    • Fixed crash caused by autodetect.
    • Adjusted MAB priority, no longer waiting for 802.1X timeout to process.
    • Fixed port mirroring provisioning.
    • Added switch PoE port overload and disconnect reporting.
  •  3.9.19-3.9.21.8191
    • Enhanced DHCP snooping trace log for LAGs
  • 3.9.15-3.9.18.8086
    • Made various improvements.
  • 3.9.3/3.9.6-3.9.15.8011
    • Added port ID in STP error message.
    • Lowered STP topology change log level.
    • Improved DHCP guarding and snooping.
    • Added DHCP snooping debug command.

USL2

  • 3.9.3/3.9.6-3.9.15.8011
    • Improved PSU status reporting.

AC-IW/IW-Pro/EDU/M-Pro

  • 3.9.3/3.9.6-3.9.15.8011
    • Fixed VLAN pass-through regression
    • Added port disable support.
    • AC-IW/IW-Pro Only
      • Improved VLAN config and prevented traffic leaks.
      • Fixed RADIUS VLAN when port VLAN is enabled.
      • Added QoS CIR/EIR support.
      • Made improvements to performance.
      • Fixed management VLAN issue causing decreased multicast performance.
    • EDU only

Ubiquiti UniFi Firmware Release Notes: 3.8.6.6650, 3.8.12.6776, 3.8.14.6780, 3.9.1.7462, 3.9.3.7537

From 3.8.3 to 3.8.6.6650

Check out the official release notes.

  • UAPG3
    • Fixed MAC ACL and blocking support.
  • AC-IW/Pro/EDU/M-Pro
    • Fixed a bug with egress QoS.
    • Improved address resolution logic (ARL) caching support.
    • Added STP state and uptime.
    • Fixed topology view.
  • UAP
    • Added backend for 802.1X MAC authentication bypass support.*
    • Added Framed-IP-Address to RADIUS accounting data.
    • Added NAS-IP-Address to RADIUS accounting data.
    • Various backend fixes.
  • USL2
    • Added support for switch power monitor and PSU info.*
  • USW
    • Fixed DoS issue reported via HackerOne.
    • Added per port Class of Service (CoS) queuing and max traffic class support.*
    • Delayed port LED blinking until system is ready.
    • Added backend for 802.1X MAC authentication bypass support.*
    • Added support for port egress rate limiting.*
  • HW
    • Fixed issue with curl config, FTP firmware upgrade now working.
    • Backend optimization to save space.

From 3.8.11 to 3.8.12.6776

See the official release notes.

  • ACG1
    • Added multi-block WLAN schedule support.*
  • UAP
    • Added management VLAN support for wireless uplink.*
    • Added options for RF scan (active/passive, background/foreground.*
    • Added support for best channel suggestion after running RF scan.*
    • Added support for fast-apply WLAN config, for existing WLANs only.
    • Allowed 80MHz for Russian country code.
    • Removed iperf package, as it does not provide proper results when using an AP as an endpoint.
  • USW
    • Added missing IPv4 multicast trap policy.
  • HW
    • Limited SSH username to 32 characters in length.

From 3.8.12 to 3.8.14.6780

See the official release notes.

  • UAP
    • Fixed a RADIUS related bug with fast-apply.
    • Made a backend improvement.

From 3.8.14 to 3.9.1.7462

See official release notes.

  • UAPG3
    • Added airView and airTime support for SHD.
    • Added initial WIPS backend support for SHD.*
    • Various HW accelerator fixes and improvements.
    • Fixed issue with RF scan where it would often show 0% utilization.
    • Fixed problem with uplink staying in a disconnected state.
    • Reduced time required to provision.
    • Uplink / meshv3 improvements.
    • General fixes and improvements in logging, wifi, and performance.
    • Added LLDP support, which improves PD negotiations on third party switches.
    • Enabled SHA512 support.
  • UAP
    • Implemented backend for SNMPv3 support.*
    • Fixed a RADIUS related bug with fast-apply.
    • Numerous backend fixes and/or improvements.
  • USL2
    • Fixed PSU status detection.
  • USW
    • Fixed a bug preventing DHCPv6 from functioning in some cases.
    • Fixed an issue with removing VLAN tags.
    • Fixed an issue causing high CPU usage with certain SFP modules.
    • Fixed 802.1X VLAN setting on LAG groups.
    • Various backend fixes and/or improvements.
  • HW
    • Merged with codename Toronto branch.
    • Added ‘do-upgrade’ alias for local firmware upgrades.

From 3.9.2 to 3.9.3.7537

Official release notes.

  • ACIWPro
    • Enabled DFS support.
  • UAP
    • Added more security details to scan info.
    • Applied security patch for WPA2 vulnerability (KRACK). [This primarily affects devices that support STA mode, 1st gen AC devices do not.]
    • Various backend fixes and/or improvements.
  • USXG
    • Fixed fastpath tools.
  • HW
    • Improved error codes return on firmware upgrade tool.

Ubiquiti UniFi Firmware Release Notes: 3.8.3.6587

Here is my second attempt at creating a useful summary of release notes from Ubiquiti’s official release notes.

Some Helpful Notes

  1. The abbreviation UAPG1, UAPG2, UAPG3 standard for UniFi Access Point Generation 1, 2, 3 respectively Generation 3 includes UAP-AC-HD while Generation 2 includes UAP-AC-M and UAP-AC-M-Pro, I am unclear on where other devices fit generation wise.. See here.

Changes from 3.7.58 to 3.8.3.6587

  • UAPG3
  • UAPG3 and UAPG2
    • Improve ntpclient reliability. (My certainty that the linked to ntpclient is the one actually in use is low, there are other options available by the same name)
    • Allow Very High Throughput (VHT) VHT80 for Ukraine.
  • UAPG2
    • Fixed issue causing less than expected throughput in recent releases.
    • Wireless Uplink v3.* (Anyone know the differences between v1, v2, v3 and if any docs are available?)
  • UAPG1
    • Enable wireless uplink v3 for models which support wireless uplink.*
  • EDU
  • AC-IW/Pro/EDU/M-Pro
    • Basic switch QoS support.*
    • Add address resolution logic (ARL) caching support. (Is this equivalent to Address Resolution Protocol (ARP))?
  • UAP (aka User Access Point)
  • USW (aka Ubiquiti Switch)
  • USL2 (unsure what this denotes?)
    • Added support for US-L2-POE switches.*
    • Added Power Supply Unit (PSU) fail detection support.*
  • HW
    • Support SHA512 password for SSH password in system.cfg (except 1st gen APs).*
    • Pass HTTPS capabilities for fwupgrade process.
    • Various improvements.
    • Fix the issue preventing SSH login when the interface IP changed.