Ubiquiti UniFi Firmware Release Notes: 3.9.24.8264

Official Release Notes

You can find official release notes from Ubiquiti here:

HD/SHD/XG

  • 3.9.24-3.9.27.8537
    • Fixed an issue with the reported uplink interface after RF scan when bonding was enabled.
    • Fixed 802.1X VLAN reporting when RADIUS VLAN was enabled.
    • Increased NTP client update frequency.
    • Improved client STA performance for SSIDs with DVLAN enabled.
    • Removed unnecessary logging.
    • SHD/XG Only
      • Fixed a performance issue.
    • XG Only
      • Re-enabled autonegotiation on the 10 GbE PHY.
  •  3.9.21-3.9.24.8264
    • Improved device stability when using rate control.
    • Fixed channel utilization stats.
    • Fixed spectral scanning support.
    • Fixed forwarding of fragmented IPv6 packets.
    • SHD/XG Only
      • Made improvements to airTime.
  • 3.9.19-3.9.21.8191
    • Fixed the speed regression introduced in 3.9.18.
    • Made an improvement to stability.
    • XG Only
      • 10Gbps Ethernet performance Improvements.
  • 3.9.18-3.9.19.8123
    • Fixed a memory leak when multicast enhancements were enabled.
  • 3.9.15-3.9.18.8086
    • Made improvements to stability and performance.
  • 3.9.3/3.9.6-3.9.15.8011
    • XG Only
      • Fixed airView and airTime support.
    • USXG Only
      • Improved LAG config handling.

nanoHD

  • 3.9.24-3.9.27.8537
    • Added:
      • Channel utilization counters.
      • DTIM Support.
      • Initial Bandsteering support.
      • athstats tool.
      • Broadcast filtering support.
    • Enabled DFS support.
    • Fixed:
      • broadcast filter configuration.
      • hidden SSID support.
      • crash triggered by provisioning.
      • bug causing SNMP hostname to disappear after provision and reboot.
      • PMF support.
  •  3.9.21-3.9.24.8264
    • Added channel utilization support (currently 5GHz only).
    • Enabled VHT160 support.
    • Added nslookup.
    • Enabled MU-MIMO.
    • Fixed per-STA rate limiting support (user groups).
    • Stopped broadcasting default SSID.
    • Added MAC ACL support.
    • Fixed RADIUS VLAN support.
    • Fixed fast-apply support.
    • Fixed HT40 support on 2.4GHz.
    • Made improvements to stability.
  •  3.9.19-3.9.21.8191
    • Merged 3rd release firmware.
    • Added RADIUS VLAN support.
    • Added fast-apply support.
    • Added 802.11w support (PMF).
    • Added 802.11X identity support.
    • Disabled country code IE.
    • Made improvements to stability.
  • 3.9.18-3.9.19.8123
    • Fixed MBSS support.
    • Made improvements to stability.
  • 3.9.15-3.9.18.8086
    • Added guest control support.
    • Added 802.1X support.
    • Added support for multiple BSSIDs per radio.
    • Fixed issue when using a bracket in the ESSID or PSK.
    • Fixed auto channel selection issue.
    • Fixed 802.11n negotiation issue.
    • Fixed issue which could cause Ethernet to stay down after provision or reboot.
  • 3.9.3/3.9.6-3.9.15.8011
    • Added stainfo support.

UAP

  • 3.9.24-3.9.27.8537
    • Disabled over the DS fast BSS transition.
    • Fixed management VLANs on downlink UAPs.
    • Fixed a bug which sometimes caused 100% CPU usage when fast BSS transition was enabled.
    • Made various wireless uplink changes, including adding multi-radio uplink support.
    • Now track MAC filter rejections.
    • UAPG3 Only
      • Fixed remaining crash when 802.11r is enabled.
      • Reverted a patch which disabled the secondary ethernet when using wireless uplinks.
    • UAPG2/G3 Only
      • Improved channel utilization reporting accuracy.
    • UAPG2
      • Made improvements to performance.
    • UAP-Pro Only
      • Removed bandsteering as it isn’t supported.
  •  3.9.21-3.9.24.8264
    • Refactored and improved fast-apply, which also fixed two small memory leaks.
  •  3.9.19-3.9.21.8191
    • Fixed a memory leak related to the redirector.
    • UAPG2/G3 Only
      • Now tracks TX airtime latency.
    • UAPG1 Only
      • Fixed device firmware upgrade.
  • 3.9.18-3.9.19.8123
    • Fixed NAS-IP-Address attribute so that it always returns the management IP of the AP.
  • 3.9.15-3.9.18.8086
    • Improved STA signal reporting
    • Made improvements to wireless uplink/mesh V3.
    • Fixed a bug with rate control when using multiple SSIDs.
  • 3.9.3/3.9.6-3.9.15.8011
    • Fixed a small memory leak.
    • Fixed outdoor flag.
    • Added fast-apply for guest portal.
    • Improved guest portal redirector handling.
    • Fixed a bug with L3 wireless adoption.
    • Fixed bandsteering.
    • Fixed issue with bridge priority so the secondary ethernet port remains enabled.
    • Improved DFS.
    • Fixed an issue preventing bandsteering from being enabled.
    • Fixed an issue with the downlink monitor.
    • Added uplink priority for the bridge interfaces.
    • Added KRACK AP mode patches for 802.11r.
    • UAPG3 Only
      • Fixed minimum rates.
      • Further improvements to device upgrade and boot times.
      • Fixed a crash in hostapd when Fast Roaming is enabled.
      • Added support for 82.11r and 802.11k.
      • Fixed channel utilization reports.
      • Improvement bootup and TFP recovery times.
    • UAPG2/G3 Only
      • Added RADIUS VLAN support to MAC authentication bypass.
      • Fixed a bug which prevented APs from uprgading when bandsteering was neabled.
      • Fxied issue with 3.9.3.7537 which caused some APs to not accept any clients.
    • UAPG2 Only
      • Added support for 802.11k.
    • UAPG1/G2
      • Added net-snmp.

HW

  • 3.9.24-3.9.27.8537
    • Made L3 adoption and management improvements.
  •  3.9.21-3.9.24.8264
    • Added device hostname in shell.
    • Optimized image size.
  •  3.9.19-3.9.21.8191
    • Enabled TCP Packetization-Layer Path MTU Discovery when an ICMP black hole is detected.
    • Improved CPU utilization of SNMP.
  • 3.9.18-3.9.19.8123
    • Fixed some issues which would cause L3 adopted devices to show up as disconnected in the controller.
    • Fixed SNMP sysName.
  • 3.9.15-3.9.18.8086
    • New protocol implementation.
    • Added controller support for netconsole.
  • 3.9.3-3.9.15.8011
    • Improved security.
    • Updated openssl package to 1.0.2m.
    • Updated curl to 7.57.0.
    • Added IPv6 management support.
    • Improved event notification on device upgrade.

USW

  • 3.9.21-3.9.27.8537
    • Fixed crash caused by autodetect.
    • Adjusted MAB priority, no longer waiting for 802.1X timeout to process.
    • Fixed port mirroring provisioning.
    • Added switch PoE port overload and disconnect reporting.
  •  3.9.19-3.9.21.8191
    • Enhanced DHCP snooping trace log for LAGs
  • 3.9.15-3.9.18.8086
    • Made various improvements.
  • 3.9.3/3.9.6-3.9.15.8011
    • Added port ID in STP error message.
    • Lowered STP topology change log level.
    • Improved DHCP guarding and snooping.
    • Added DHCP snooping debug command.

USL2

  • 3.9.3/3.9.6-3.9.15.8011
    • Improved PSU status reporting.

AC-IW/IW-Pro/EDU/M-Pro

  • 3.9.3/3.9.6-3.9.15.8011
    • Fixed VLAN pass-through regression
    • Added port disable support.
    • AC-IW/IW-Pro Only
      • Improved VLAN config and prevented traffic leaks.
      • Fixed RADIUS VLAN when port VLAN is enabled.
      • Added QoS CIR/EIR support.
      • Made improvements to performance.
      • Fixed management VLAN issue causing decreased multicast performance.
    • EDU only

Ubiquiti UniFi SDN Controller Software Release Notes: 5.7.20

Introduction

This post serves several purposes. First and foremost it is a way for me to assimilate the information in the UniFi release notes. By rewriting it or simply copying it I find I retain more and understand more. Secondly, it is meant as a resource for others who use UniFi systems and find the release notes a bit difficult to follow. Finally, it is my attempt to delineate a better way in which Ubiquiti could create/release their notes.

I’d also welcome clarifications from anyone on various terms, associated forum posts, etc. throughout…perhaps we can learn together. 🙂

You can find the official release notes for UniFi 5.7.20 here.

New Features

  • Added GeoIP filter options to settings [beta]. (Added: 5.7.0)
  • Added virtual devices on maps to plan coverage. (Added: 5.7.0)
  • Added SSH keys to authenticate to device. (Added: 5.7.0)
  • Added Auto Channel feature on Maps. (Added: 5.7.0)
  • Added Release Notes to controller UI. (Added: 5.7.0)
  • Added ability to create and set user defined DHCP options. (Added: 5.7.0)
  • Added Wireless Uplink priority. (Added: 5.7.0)
  • Added ability to back remove vouchers. (Added: 5.7.4)
  • Added ability to customize voucher columns. (Added: 5.7.4)
  • Added ability to display historical statistics per client (including traffic, packets, signal power, etc.). (Added: 5.7.4)
  • Added SNMPv3 support. (Added: 5.7.4)
  • Added IPv6 support [beta]. (Added: 5.7.7)
  • Added restart devices permissions. (Added: 5.7.7)
  • Added support for new Elite Device service. (Added: 5.7.7)
  • Added Bulgarian translations to the Hotspot Portal. (Added: 5.7.7)
  • Added a link to property panel from Location on Neighboring Access Points page. (Added: 5.7.8)
  • Added Intrusion Prevention System (IPS) [beta]. (Added: 5.7.9)
  • Added support for selection for internal antenna. (Added: 5.7.10)

Improvements

From 5.7.19 to 5.7.20

  • Improved Neighboring Access Points page loading.
  • Updated Wireless Uplink information text.
  • User Groups setting limits have been made more flexible.
  • Improved PPPoE IPv6 provisioning.
  • Improved guest portal handling on gateway devices.

From 5.7.18 to 5.7.19

  • None

From 5.7.15 to 5.7.18

  • A security warning now displays when a superadmin uses the same password for SSH device authentication.
  • Enabled showing pending devices permission when Advanced Features for site are enabled.
  • Now hides the switch temperature if the sensor is not present.
  • Now shows RF Scan only for devices with the necessary Wi-Fi capabilities.
  • Removed non AP devices from virtual devices list.
  • Display downgrade button if lower version is detected.
  • No longer disables “Sign In” button on login page.
  • Clarified IPS alert wording.
  • Disabled hardware offload on USG when Smart Queue QoS is enabled.
  • Lowered RSSI requirements for wireless adoption.
  • Removed reboot before upgrade logic from UAP upgrades.

From 5.7.12 to 5.7.15

  • Added a validation message to the missing redirect using hostname once any social authentication method is enabled.
  • Now allow upper case letter in email.
  • Moved device warnings to new tab in property panel.
  • Added warnings count in device status badge.
  • Merged Users and Guests tabs in property panel.
  • Maps now show error when saving coordinates of device on a map fails.
  • Disallowed future date in date range picker for Statistics.
  • Now allows displaying negative temperatures for switches.
  • Improvements to hardware provisioning.

From 5.7.11 to 5.7.12

  • Now, in order for an AP to be capable of becoming a Mesh AP it must have the setting in the device config.
  • Maps now show an error when saving coordinates of a device on map fails.
  • Added missing event handling for Pending Adoption wireless discovery.
  • Improved RADIUS profile migration at time of controller upgrade.

From 5.7.10 to 5.7.11

  • Added message with instructions to CSV upload.
  • Added model EOL (end of life) pending warning.
  • Added additional charts for devices (Statistics –> Performance View).
  • Made drag and drop optimizations.
  • Expanded firewall group name limit to 64.
  • Hid the Aggregation option under Network when UAP supports it natively.
  • Improved the way Donut charts display tooltips, preventing them from being overlapped by other elements.
  • Added DHCPv6 DNS Control.
  • Added GeoIP Filtering – one can now block incoming/outgoing traffic based on GeoIP.
  • Temporarily removed WAN/WAN2 IPv6 PPPoE option.
  • Renamed “Select Group” to “Any” in Firewall’s form.
  • Added username and password validation that matches SNMPv3 standard and USG requirements.
  • Now show Hardware Offload as off when IPS is enabled, disable enabling Hardware Offload.
  • Several device management improvements to improve UX and mitigate errors.

From 5.7.9 to 5.7.10

  • There is significant duplication of what was improved/fixed in the changelog from 5.7.10 to 5.7.11 and 5.7.9 to 5.7.10. I have not repeated (or tried not to) those items which are recorded above in 5.7.10 to 5.7.11 here.
  • Now hides IPv6 address from network’s list when network type is not “static”.
  • Improved alerts from IDS/IPS.
  • Updated nanoHD name.

From 5.7.8 to 5.7.9

  • Now displays WLANs in System Config with Multicast and Broadcast blocking enabled.
  • Now displays default expiration time field for Hotspot and Facebook WiFi.
  • Disabled HTTPS redirection for Facebook, Facebook WiFi, and Google.
  • No longer remembers Client Statistics page as last opened page.
  • Improved UI for Cloud Access Settings page.
  • Added AP name to radar detected event.
  • Now allow DPI to be enabled when offload is disabled (if supported by firmware).

From 5.7.7 to 5.7.8

  • Added a tooltip to OpenVPN shared key UI.
  • Added API error messages.
    Added progress info about loading Map.
  • Now display tooltip if there is an attempt to adopt multiple gateways onto a single site.
  • Provide additional DPI application icons (including Slack).
  • Improved performance of Neighboring Access Points page.
  • Updated translations.
  • Added elite device events to notification settings.
  • Enabled dead peer detection (DPD) on auto-S2S VPN.
  • Excluded WAN subnets from policy routing (which fixes reported issues).
  • Added NAT of other WAN IPs out of WANs (which fixes several issues related to multi-WAN).

From 5.7.4 to 5.7.7

  • Added overflow menu icon in top right corner.
  • Added the ability to customize columns of the switch properties port list.
  • Added WebGL support detection on Maps.
  • Now allows opening debug terminal and airtime/airview simultaneously.
  • Now allows one to use a URL for DHCP TFTP Server in Network Configuration.
  • Added AC InWall in Statistics/Switch view.
  • Now remembers last visited Insights, Stats, and Maps pages.
  • The topology view now shows bonding enabled on AP-HD.
  • Now setting RF scanning state just after scan is started.
  • Improved default allocation logic to make it more suitable for memory constrained systems.

From 5.7.3 to 5.7.4

  • Added “Reset Columns” dropdown to client list column selector.
  • Added uplink to device list.
  • Now confirm before setting PoE mode to 24v passive or passthrough.
  • Made TX/RX labels consistent.
  • Now always show at least the primary channel in the 5G/2G radio columns on device list.
  • Improved security.

From 5.7.1 to 5.7.3

  • Added Incompatible Model warning.
  • Enabled Custom Antenna Gain if user is Professional Installer.
  • Improved SSH keys validation.
  • Added Manage profiles link to switch port forms.
  • Added different styles per log level for Controller Logs.
  • Added button to download controller logs.
    Added button to fetch previous controller logs.
  • Now show the ports tab for In-Wall APs.
  • Added channel utilization to detailed overlay on Maps.
  • Added horizontal rule in Debugging metrics for better separation of items.
  • Updated WebRTC JNI to 1.0.27.

From 5.7.0 to 5.7.1

  • Now shows pending adoption devices based event.
  • Added “Require MS-CHAP v2” control for L2TP Remote User VPN.
  • Added egress rate limiting in Switch profiles.
  • Improved error handling when device is busy on airTime.
  • Now hides incorrect band options for RF scan.
  • Now pre-caches the app in the browser [beta].
  • Improved static route validation.
  • Upgraded Tomcat to 7.0.82.
  • Made database migration improves and fixes.
  • Made database management improves for UCK.

From 5.6.18(?) to 5.7.0

  • Somewhat unclear, seems a number of these items are overlapping with later release notes.
  • Following items are under 5.7.0 changelog, controller bugfixes/changes since 5.6.18 which confusingly comes before the release notes for say 5.6.36, etc. and which does not seem to entirely overlap with the release notes from 5.6.18 to 5.6.36 as laid out individually.
  • Added ‘Disable CCK rates’ checkbox for 2G Data Rate Control.
  • Added continue shopping button to cart.
  • Added client device type detection.
  • Added duplicate WLANs functionality to WLAN group.
  • Added checkbox to enable LLDP on all interfaces in Gateway Advanced property panel.
  • Now list incompatible devices in Device Firmware Upgrade Notification.
  • Now store selected DPI categories per site.
  • Improved the date range picked.
  • Improved list of unplaced devices on Maps.
  • Improved validation for adding the same MAC address in MAC filter.
  • Improved DPI restrictions.
  • Translated DPI categories.

Bug Fixes

From 5.7.19 to 5.7.20

  • Fixed WebSocket error for site admin without Show pending devices permission.
  • Fixed incorrect debug terminal connection state after closing panel.
  • Fixed invisible debug terminal when device is RF scanning.
  • Fixed set switch port profile native network as ‘None’.
  • Reduced port stats log level to eliminate unnecessary logging.
  • Fixed validation of IPv6 IPs as group members. (see issue report)

From 5.7.18 to 5.7.19

  • Fixed downgrade button title.
  • Fixed password field validation in edit account form.
  • Now finds the correct uplink on devices with native bonding.

From 5.7.15 to 5.7.18

  • Fixed default 5G channel width.
  • Fixed Topology console error.
  • Fixed debugging metrics.
  • Fixed a load page error in IE11.
  • Fixed missing alerts tab.
  • Fixed missing filters in clients tab.
  • Fixed WebRTC establish connection retry mechanism.
  • Fixed display interface stats for USG-XG.
  • Fixed factory reset issue on UCK.
  • Fixed pre-adoption upgrade of USG devices.
  • Fixed VPN status reporting.
  • Google transactions are now marked as social in Hotspot Manager.

From 5.7.12 to 5.7.15

  • Fixed DPI clients not opening.
  • Fixed disappearing devices on site change.
  • Fixed selected tab in property panel when current active tab is missing.
  • Fixed downloading large backups over WebRTC.
  • Fixed closing property panel when changing site.
  • Fixed connection fail after changing granularity on Statistics page with WebRTC and then refreshing the page.
  • Fixed AC InWall not showing any data in Switch Statistics view.
  • Fixed filtering virtual devices on map.
  • Fixed case where incorrect port table contents caused Topology not to render.
  • Fixed a bug prevent email password recovery from functioning in some cases.

From 5.7.11 to 5.7.12

  • Fixed ETC menu on Hotspot Manager Page.
  • Fixed part of the tooltip displaying outside the graph on the Hotspot Manager.
  • Fixed incorrect client signal value in Statistics section of Property Panel.

From 5.7.10 to 5.7.11

  • Fixed displaying selected priority wireless uplink.
  • Fixed double click on Insights causing blank page to display.
  • Fixed handling error responses received via WebRTC channel.
  • Fixed missing action buttons after enabling cloud access.
  • Fixed saving RADIUS profile without accounting servers.
  • Fixed radio sorting in Configure Radios section.
  • Fixed issue with devices disappearing from map when changing from legacy to designer without saving and the inability to change map type from Google to image a second time.

From 5.7.9 to 5.7.10

  • There is significant duplication of what was improved/fixed in the changelog from 5.7.10 to 5.7.11 and 5.7.9 to 5.7.10. I have not repeated (or tried not to) those items which are recorded above in 5.7.10 to 5.7.11 here.
  • Fixed client history rate using wrong units.
  • Fixed client history signal chart going off the scal.
  • Fixed enabling https redirection when switching between authentication methods.
  • Fixed issue where USW management VLAN would reset to defaults on controller upgrade.
  • Fixed clicking on the RF button next to the device when using SVG maps wasn’t opening RF tab from device.
  • Added a workaround for Cloud Key firmware upgrade issue for devices on firmware 0.8.1 to 0.8.4.
  • Now applying the same rules for both TCP and UDP DNS which fixes a reported issue.

From 5.7.8 to 5.7.9

  • Fixed cloud access GUI pages for multiple super admins.
  • Fixed Auto Channel dialog which hides map device labels.
  • Fixed Device location opening map with wrong coordinates.
  • Fixed missing Traffic Stats data on first load.
  • Fixed invisible coverage in maps after opening property panel and then moving AP.
  • Fixed resolving devices on Neighboring Access Points page.
  • Fixed too much space for BSSID tooltip in device list.
  • Fixed inability to place devices on designer map.
  • Fixed missing USG Last Seen field.
  • Fixed DHCP relay configuration.

From 5.7.7 to 5.7.8

  • Fixed console error when no map is defined.
  • Fixed date range selector in narrow web browser window.
  • Fixed missing DPI users (name and icon).
  • Fixed missing location alias on Neighboring Access Points page.
  • Fixed upload of map image during remote access.
  • IPv6 dhcpv6_pd_size is now saved as string.

From 5.7.4 to 5.7.7

  • Fixed Calendar dropdown being cut off on small screens.
  • Fixed client name not showing correctly in DPI Applciation Usage widget.
  • Fixed collapsible cells in device table.
  • Fixed disabling Hotspot Welcome Text.
  • Fixed empty tabs in property panel after adopting device in Managed by Other state.
  • Fixed AP channels being hidden after collapsing and restoring parent node in Topology view.
  • Fixed positioning line chart’s tooltip on narrow screens.
  • Fixed remembering rows per page on Insights pages.
  • Fixed selecting default Echo server in the USG Advanced Settings.
  • Fixed USG memory usage and average load not being displayed in devices list.
  • Fixed Wi-Fi icon on OS X High Sierra in Chrome and Firefox.
  • Fixed WLAN VLAN range.
  • Fixed no DPI data for some time in users tab in traffic stats.

From 5.7.3 to 5.7.4

  • Fixed disabling Hotspot Terms of Service.
  • Fixed allowing restart of empty list of devices.
  • Fixed map device RF button not working correctly.
  • Fixed reordering firewall rules.
  • Fixed case when two clicks need to close dropdown list.
  • Fixed the guest portal and preview.

From 5.7.1 to 5.7.3

  • Fixed applying custom antenna gain for US region.
  • Fixed WLAN group queue changes pre-population.
  • Fixed device name and icon missing in DPI Users view.
  • Fixed Device Required badge blinking for short time after view is loaded.
  • Fixed resetting speed test on site switch.
  • Fixed setting VHT160 for devices which support it.
  • Fixed incorrect client count in filter dropdown.
  • Fixed disappearing upgrade button renaming.
  • Fixed selecting same map in map switcher.

From 5.7.0 to 5.7.1

  • Fixed displaying SSH keys on the bright settings page.
  • Fixed slow DPI restriction list display.
  • Fixed currently selected element in airTime when fitlers change.
  • Fixed showing channels in system config view.
  • Fixed disappearing WLANs section in property panel after config change.
  • Fixed missing uplink section in known clients.
  • Fixed UI glitches in Chrome.
  • Fxied overlapping information in Channel Utilization.
  • Fixed displaying virtual device on site change.
  • Fixed displaying clients in device list.
  • Fixed name of device in Firmware Manager list.
  • Removed non-existent USG8 from Virtual Devices.
  • Removed port profiles for In-Wall AP.
  • Fixes for security.

From 5.6.18 to 5.7.0

  • This section is quite confusing, see notes under same heading under Improvements.
  • Fixed device channel in channel utilization.
  • Fixed scrollbar on firewall group modal.
  • Fixed colors of DPI categories widgets.
  • Fixed Cancel Migration section in Property Panel for switches.

Minor Stuff

From 5.7.19 to 5.7.20

  • Removed second performance word from real-time tooltip.

From 5.7.10 to 5.7.11

  • Locked web store to US only.

From 5.7.1 to 5.7.3

  • Updated translations.

From 5.7.0 to 5.7.1

  • Updated translations.

Ubiquiti UniFi Security Gateway Release Notes: 4.3.49, 4.3.60, 4.4.12, 4.4.18

From 4.4.12 to 4.4.18

  • Official release notes are here.

From 4.4.8 to 4.4.12

  • Official release notes are here.
  • Fixed crash in “mcad” when there were DHCP leases with hardware addresses longer than an actual MAC address.
  • Included more packages with debug symbols available to help diagnose crashes from submitted core files.
  • Fixed crash in ubnt-util.
  • Fixed crash in “redirector”.
  • Removed GeoIP back end because of variety of problems, will be reintroduced once these issues are fixed.
  • Fixed DHCPv6 client problem causing renewal failures in some circumstances.
  • Made DDNS back end updates in preparation for expanding DDNS support in controller.
  • L2TP VPN permitted encryption algorithms tightened to remove weak ciphers.
  • Made additions to UnIFi reporting back end for IPv6.
  • USG-XG-8 Specific
    • Made several display-related fixes and improvements.
    • Made improvements to fan control to reduce noise reduction when fans are operating at low speeds.
    • Made additions to Bluetooth backend.

From 4.3.49 to 4.3.60

  • Official release notes are here.
  • Implemented route metric changing on load-balance status changes.
    • Fixes WAN failover issues with L3 adopted USGs and improves multi-WAN failover functionality generally.
  • Fixed multi-WAN regressions in 4.3.46 to 4.3.49 picked up from EdgeRouter 1.9.7.
  • Implemented new local web UI on USG.
    • Fixes a variety of long-standing bugs with old UI and adds ability to configure LAN IP and DHCP server.
  • Updated ISC DHCP version.
    • May fix problems in some edge cases with multiple DHCP WANs and recovery after ethernet link loss.
  • Added back end for custom host-uniq for PPPoE.
  • Implemented fixes for some uses of multiple routing tables (only impacts some config.gateway.json VPN configurations).

From 4.3.48 to 4.3.49

  • Official release notes are here.
  • Updated additional load-balance components from latest EdgeRouter which fixed part of multi-WAN regressions in 4.3.46-4.3.48.
  • Fixed source NAT over-matching from port-foreward hairpin-nat.
    • Previously all traffic sourced from the LAN subnet leaving the LAN interface would be translated, now narrowed to match only port forward hairpin traffic.
  • Send PADT on PPPoE disconnect which fixes an edge case where PPPoE fails to reconnect when an ISP is using a buggy PPPoE relay that doesn’t detect loss of PPP session.
  • Added contiguous option to back end for firewall rule schedules.
  • Removed unnecessary character restrictions on site to site IPsec pre-shared keys.
  • Fixed “dpi.dpi_pktinfo_send(): failure to send UGW wevent” log spam.

Ubiquiti UniFi SDN Controller Software Release Notes: 5.6.30

You can view the official release notes here.

Controller Changes Since 5.6.29

  • Fixed blank page displaying when one double clicked on Insights.
  • Fixed issues with downloading large backups over WebRTC.
  • Improved reliability of UniFi cloud access service.
  • Various backend bugfixes and improvements.

Controller Changes Since 5.6.26

  • Improved support of Elite Device.
  • Fixed issue where USW management VLAN would reset to defaults on controller upgrade.
  • Added model end of life (EOL) pending warning.
  • Made optimziations to drag and drop.
  • Fixed missing action buttons after enabling cloud access.
  • Updated nanoHD name.
  • Made several device management improvements including improving the UX and mitigated some errors.
  • Various backend improvements.

Controller Changes Since 5.6.22

  • Fixed WLAN VLAN range.
  • Fixed lost DPI translations.
  • Added a tooltip to OpenVPN shared key UI.
  • Now allows opening debug terminal and airTime/airView at the same time.
  • Improved UI of Cloud Access Settings page.
  • Fixed cloud access GUI pages for multiple super admins.
  • Fixed Calendar dropdown being cut off on small screens.
  • Fixed displaying Location alias on Neighboring Access Points page.
  • Fixed empty tabs in property panel after adopting device in Managed by Other state.
  • Fixed no DPI data for some time in users tab in traffic stats.
  • Fixed remembering rows per page on Insights pages.
  • Fixed selecting default Echo Server in the USG Advanced Settings.
  • Fixed WiFi icon on OS X High Sierra (Chrome & Firefox).
  • Set RF Scanning stat just after scan is started.
  • Added elite device events to notification settings.
  • Now display Default Expiration Time Field for Hotspot and Facebook WiFi.
  • Disabled HTTPS redirection for Facebook, Facebook WiFi and Google.
  • Fixed missing DPI users (name & icon).
  • Added workaround for Cloud Key firmware upgrade issue (devices on 0.8.1 to 0.8.4).
  • Various backend changes and improvements.

Controller Changes Since 5.6.20

  • Enabled Custom Antenna Gain if user is Professional Installer.
  • Show ‘Version’ column in AP/Switch filtered view by default.
  • Added links to UniFi mobile apps on login page.
  • Foxed applying custom antenna gain for US region.
  • Upgrade button no longer disappears upon naming.
  • Fixed map device RF button not working correctly.
  • Fixed client name not showing correctly in DPI Application Usage widget.
  • Fixed the guest portal and preview.
  • Made security improvements.
  • Updated WebRTC JNI to 1.0.27.
  • Various backend improvements and bugfixes.

Controller Changes Since 5.6.19

  • Official release notes are here.
  • Fixed bytes to bps conversion when value is undefined.
  • Fixed device name and icon missing in DPI Users view.
  • Fixed pending changes icon.
  • Always show the Ports tab for In-Wall APs.
  • Removed port profiles for In-Wall APs.
  • Fixed resetting speed test on site switch.
  • Fixed incorrect dark styles for Firmware Manager.
  • Updated translations.
  • Made security improvements.
  • Made various backend bugfixes and improvements.

Firmware Changes Since 3.9.15/4.4.12

  • HD/SHD/XG
    • Stability and performance improvements.
    • Fixed a memory leak when multicast enhancements were enabled.
  • AC-IW/IW-Pro/EDU/M-Pro
    • Added ability to set port negotiation.*
  • nanoHD
    • Fixed MBSS support.
    • Stability improvements.
    • Added guest control support.
    • Added 802.1X support.
    • Added support for multiple BSSIDs per radio.
    • Fixed issue when using a bracket in the ESSID or PSK.
    • Fixed autochannel selection.
    • Fixed 802.11n negotiation issue.
    • Fixed issue where ethernet would stay down after provisoning/reboot.
  • UAP
    • Improved STA signal reporting.
    • Improved wireless uplink/mesh V3.*
    • Fixed a bug with rate control when using multiple SSIDs.
    • Fixed NAS-IP-Address attribute which did not always return the management IP of the AP.
    • Various bugfixes and improvements.
  • USW
    • Various improvements.
  • USG
    • Added non-offloaded DPI support. This means DPI now functions when hardware offloading is disabled, it can now co-exist with features that disable/bypass it (smart queues, IDS/IPS).
    • GeoIP Fixes – All known problems resolved, added back end for directional control.
    • SNMP persistent directoy has been relocated to RAM disk preventing the “Unhandled kernel unaligned access” crash.
    • Removed core handling script that was causing reboots when large core files were generated.
    • Fixed IGMP proxy failing to start during boot.
    • Fixed potential issue of UPnP failing to start during boot.
    • Changed IPS loading of ipset contents to be more efficient, greatly reducing CPU usage after initial bootup and enabling of service.
    • xl2tpd package upgraded.
    • Other IDS/IPS back end improvements.
    • Fixed ubnt-cfgd zombie process issue.
    • Added SNMPv3 back end.
    • Added lock wait to all iptables operations to avoid errors in cases where multiple operations happen simultaneously.
    • Updated DPI signature.
    • Added IDS/IPS back end.
    • Fixed informs for IPv6 PD size which was causing the PD size to be cleared in the controller.
    • Added support for sending custom events to the controller.
    • Fixed DDNS update public IP checking for NATed WANs.
    • Local UI now pings ping.ubnt.com rather than default gateway for internet connectivity test.
    • Copied ‘hostname’ and ‘mailname’ over during upgrades to ensure consistency with other retained files cross-upgrade (from EdgeRouter, generally no functional impact on USG).
  • USGXG
    • Made Bluetooth backend updates.
    • Improved VLAN hardware offload.
    • Problem with DHCP hardware offload fixed.
    • LCM (display) firmware update now includes splash screen and update process improvements.
  • HW
    • New protocol implementation.
    • Added controller support for netconsole.*
    • Fixed some issues which caused L3 adopted devices to show up as disconnected in the controller.
    • Fixed SNMP sysName.

Firmware Changes Since 3.9.3/3.9.6

  •  UAPG3
    • Made minimum rate fixes.
    • Further improvements to device upgrade and boot times.
    • Fixed a crash in hostapd when Fast Roaming is enabled.
    • Added support for 802.11r and 802.11k.
    • Fixed channel utilization reports.
    • Improved bootup and TFTP recovery times.
  • UAPG2/3
    • Added RADIUS VLAN support to MAC authentication bypass.
    • Fixed a bug which prevented APs from upgrading when bandsteering was enabled.
    • Fixed bug causing 100% utilization of CPU by /bin/hostapd /etc/aaa1.cfg.
  • UAPG1/2
    • Added net-snmp.
    • Added support for 802.11k.
  • AC-IW/IW-Pro/Pro/EDU/M-Pro
    • Fixed VLAN passthrough regression.
    • Added port disable support.*
    • Improved VLAN config to prevent traffic leaks.
    • Fixed RADIUS VLAN when port VLAN is enabled.
    • Added QoS CIR/EIR support.
    • Improved performance.
    • Fixed management VLAN issue which caused decreased multicast perfomance.
  • XG
    • Fixed airView and airTime support.
  • nanoHD
    • Add stainfo support.
  • EDU
    • Fixed issue with volume not applying.
    • Improved baresip config script.
  • UAP
    • Fixed small memory leak.
    • Fixed outdoor flag.
    • Added fast-apply for guest portal.
    • Improved redirector handling for guest portal.
    • Fixed a bug with L3 wireless adoption.
    • Fixed bandsteering.
    • Fixed bug in bridge priority so that the secondary ethernet port remains enabled.
    • Made improvements to DFS.
    • Fixed an issue preventing bandsteering from being enabled.
    • Fixed an issue with the downlink monitor.
    • Added uplink priority for the bridge interfaces.
    • Added KRACK AP mode patches for 802.11r.
    • Made various bugfixes and improvements.
  • USEW
    • Added port ID in STP error message.
    • Lowered STP topology change log level.
    • Made improvements to DHCP gaurding and snooping.
    • Added DHCP snooping debug command.
  • USL2
    • Improved PSU status reporting.
  • USXG
    • Improved LAG config handling.
  • HW
    • Improved security.
    • Updated openssl package to 1.0.2m.
    • Udpated curl to 7.57.0.
    • Added IPv6 management support.*
    • Improved event notification on device upgrade.
  • SEC
    • Fixed CVE-2017-14106.

Ubiquiti UniFi Cloud Key Firmware Release Notes: 0.7.5, 0.8.2, 0.8.7, 0.8.9

Changes From 0.8.7 to 0.8.9

  • Official release notes are here.
  • Bundled UniFi Controller 5.6.29.
  • Fixed an issue where /data/autobackup was not being created properly.
  • Enabled TCP Packetization-Layer Path MTU Discovery when an ICMP black hole is detected.

Changes From 0.8.2 to 0.8.7

  • Official release notes are here.
  • Bundled UniFi Controller 5.6.26.
  • Fixed an issue with the local admin credentials being set during controller setup wizard.
  • Updated ubnt-tools to fix an update issue (only present in 0.81-0.8.4).

Changes From 0.7.5 to 0.8.2

  • Official release notes are here.
  • Bundled UnIFi Controller 5.6.22.
  • Updated Oracle JDK to 8u151.
  • Fixed the Time Zone issue.

Changes From 0.7.4 to 0.7.5

  • Official release notes are here.
  • Fixed CVE-2017-14106.
  • Fixed an issue preventing the fallback IP from functioning as expected.
  • Fixed network issue from local management UI.

What to do When the UniFi Security Gateway Refuses to Upgrade

I love Ubiquiti, even their security gateway. But there is a big even in there. While most UniFi equipment is a breeze to setup, the UniFi Security Gateway (USG, USG-PRO-4) can be a nightmare. One issue that arises is when a USG has an older version of the UniFi firmware and you need to upgrade it. Here are the steps I’ve learned to take when upgrading a UniFi Security Gateway.

  1. Download from Ubiquiti’s site the latest available firmware for the USG.
  2. Rename the file upgrade.tar.
  3. Run an ethernet cable between the LAN port on the USG and your workstation.
  4. Configure a static IP address in the same subnet as the USG – by default USG’s are configured with the IP 192.168.1.1 with a subnet of 255.255.0.0.
  5. Use WinSCP (or your favorite SCP client) to connect to the USG.
  6. Enter your username and password for the USG – by default the username and password are both ubnt.
  7. Upload the upgrade.tar into the home directory for the admin user (this, for me, has always been the default folder that opens when connecting via SSH/SCP).
  8. Exit your session in WinSCP.
  9. Use PuTTY (or your favorite SSH client) to connect to the USG.
  10. Again, enter your username and password.
  11. At the command line type: sudo syswrapper.sh upgrade upgrade.tar
  12. The system will spit out information about the install and then reboot itself.
  13. When the system comes back up (solid white or blue light) you can connect to the USG again to verify that the firmware took.
  14. Use the command info to view the current firmware from the USG command line.

At this juncture you should have a successfully updated USG.

Note: I didn’t come up with this on my own, see the Ubiquiti forum thread, “Can’t upgrade USG to newer firmware.” ilkevinli provides the meat of this solution, I’ve just added window dressing and taken away (what I sometimes find to be) the confusing conversation around the solution.

There is another discussion on this topic, “USG Cloud Controller Adoption – could it be more difficult???” but I recommend against using this thread as the accepted solution isn’t quite correct.

Ubiquiti UniFi Cloud Key Firmware Release Notes: 0.6.10, 0.7.3, 0.7.4

0.7.3 to 0.7.4

See the official release notes.

  • Bundled UniFi Controller 5.5.24.

0.6.10 to 0.7.3

See the official release notes.

  • Bundled UnFi Controller 5.5.20.
  • UCK System
    • Updated bundled Oracle JDK to 8u144.
    • Made a security improvement.

0.6.9 to 0.6.10

See the official release notes.

  • Bundled UniFi Controller 5.4.19.
  • UCK WebUI:
    • Fixed username that wouldn’t save when first character was uppercase.
    • Fixed UniFi running status wasn’t correct (in some cases).

Ubiquiti UniFi SDN Controller Software Release Notes: 5.5.19, 5.5.20, 5.5.24

5.5.19

See the official release notes.

  • Added AP tagging
  • Added support for FreeRADIUS on USG. Configured under Settings–>Services–>RADIUS.
  • Enabled LAN2 support for USG3.
  • Added L2TP over IPsec option for remote user VPN config.
  • Added admin overview (found in site overview area).
  • Added Hotspot Analytics.
  • Added WLAN – broadcast/multicast blocking.
  • Fixed Enable VPN client in VPN Network Settings.
  • Adjusted unifi.init so it detects Oracle JDK 8 installed via PPA.
  • Fixed changing rules order in firewall.
  • Raised the WLAN group load balance limit to 200.
  • Fixed a bug causing duplicate downlinks to show in the controller UI.
  • Fixed group AP editing issue.
  • Added device configuration warning bar with real time input updates.
  • Made Dashboard widgets configurable.
  • Renamed vpn client to vpn type.
  • Set next hop for static route as default.
  • Removed voip option from available network purposes.
    • Old networks configured with the VoIP type are removed upon upgrade (has been unusable since 4.x controller).
  • Removed deprecated VoIP configuration from USG.
  • Fixed initial value of data retention days.
  • Added special icons for UCK client.
  • Made performance improvements to Dashboard.
  • Added beta warning for languages other than English.
  • Added Turkish translations.
  • Added Danish, Norwegian and Turkish to the languages supported by Hotspot Portal.
  • Added buytton for toggling clients visibility on Topology view.
  • Fixed issue with unused cache not clearing as expected (causing controller to die because of a memory leak).
  • Added color to RF scan results.
  • Added missing SFP module info tooltips for UniFi switch.
  • Set max SSID length to 32 characters.
  • Made various topology view improvements.
  • Addded ability to mark rogue APs as known.
  • Added support for Catalan, Norwegian (Bokmal), and Slovak languages on HotSpot.
  • Added validation for USG/USW SNMP community string.
  • Fixed tooltip positioning.
  • Made Edit Account frame bigger to ensure enough room for labels in all languages.
  • Now allow one to edit firewall settings when no USG is adopted.
  • Animated map menu.
  • Removed RADIUS VLAN from wireless networks.
  • Extended RADIUS server validation to not allow disabling it if there is a device that uses Default profile.
  • Highlighted Topology paths.
  • Fixed Statistics Overview initializer.
  • Added ability to batch restart APs.
  • Made improvements to Topology.
  • Improved Topology detection.
  • Switch Statistics now show device connected to a port.
  • Map Marker Button icons positioning has been tweaked.
  • Improved Notify Device Requirement performance.
  • Improved SVG map zooming.
  • Fixed pending change tag color.
  • Removed BETA badge from RADIUS assigned VLAN for Wireless Network.
  • Allowed AP properties WLAN table to wrap.
  • Greyed out device entries when WLAN group is off.
  • Fixed speed test ping translation.
  • Added save & close button to Preferences.
  • Limited firewall group name to 31 characters.
  • Removed config.properties USG ICMP items.
  • Now shows AP channel utilization in Properties and Devices list page.
  • Added granularity to Statistics (5m/1h/1d).
  • Configured Data Retention for each granularity of Statistics in Settings/Maintenance.
  • Redesigned inputs for date picking.
  • Increased precision of Throughput chart on Dashboard page.
  • Added Force Provision button to Properties/Manage Device.
  • Added PMF controller to WLAN group settings.
  • Added first seen column to Known Clients list page.
  • Added free-trial authorization column to Guests list in HostSpot Manager.
  • Now show Gateway column in Payments and Social Views in HostSpot Manager.
  • Fixed USG/USG-P4 port labels.
  • Fixed displaying Hotspot Analytics page when Guest Portal is disabled.
  • Fixed client status ordering.
  • Now show terminal for UAP-AC-IW.
  • Changed Revoke RADIUS user to Delete with new icon.
  • Added – as placeholder.
  • Renamed Name server placed to DNS server.
  • Fixed content of tooltips on Dashboard page.
  • Prohibited deselecting current device in Performance view.
  • Added icon to switch port list.
  • Improved Insights –> Switch Stats.
  • Changed Revoke buton to Delete button on Admins list.
  • Fixed issue with sending large files over WebRTC (e.g. backups).
  • Prohibited 0.0.0.0 as an address-group member since it isn’t a valid entry in the firmware.
  • Improved some backend validations.
  • Added batch editing of clients.
  • Channel names are now displayed in a new and consistent way – e.g. 3 (1,+1) HT40,151 (149,+1) VHT40
  • Allowed disabling of site-to-site VPN.
  • Enabled finding device on map when in read only mode.
  • Display only historical rx/tx bytes on Known Clients page.
  • Changed guest authorization status to display expiration date when expired.
  • Angular templates are now used by default in Guest Authorization Settings.
  • Removed “new” badge from Angular templates and removed “beta” badge from template overrides and languages.
  • Fixed expiration dropdown on Guest Control settings page.
  • Fixed success messages on saving configuration.
  • Fixed various Auto Backup setting issues.
  • Fixed latency color in legend of Throughput graph.
  • Made small UI improvements.
  • Removed VoIP interface from controller.
  • Enabled by default MSS clamping on VTI.
  • Added Hotspot Manager link to site switcher.
  • Relocated Hotspot 2.0 to Services section.
  • Added option to report WebRTC connection errors to cloud.
  • Used lower scale Throughput graph to increase rendering performance on Safari/iOS.
  • Enabled tunneled reply by default.
  • Improved vouchers quota.
  • Updated translations.
  • Improved date picker.
  • Allowed displaying WLAN schedule in 24 hour format when “Using 24-hour time” preference is on.
  • Added Adapt no data / no security gateway messages on Dashboard page.
  • Fixed device menu when toggling small/normal markers on Map page.
  • Fixed icons on clients’ graph on Dashboard page.
  • Fixed speed test column chart.
  • Fixed USG badge and tooltip on DPI Settings page.
  • Fixed typo in validation hints for IP.
  • Improved locate button behavior.
  • Updated OUI table.
  • Now shows L2TP remote user VPN on dashboard and remote user VPN insights.
  • Fixed issue where the local DNS record for unifi may not provision when using USG.
  • Fixed an issue with current day stats being improperly calculated.
  • Fixed an issue with fixed IP handling.
  • Fixed auto backup data retention days.
  • Hide UGW port remap if UGW4 exists.
  • Now use RADIUS assigned VLAN only for WPA-EAP.
  • Link to Hotspot Manager only displayed in Site Switcher if Guest Portal is enabled.
  • Fixed 404 error when switching sites while editing.
  • Fixed email validation.
  • Now use monthly value as default occurrence in Auto Backup settings.
  • Fixed number of devices in filter buttons on Known Clients page.
  • Restored open panel functionality from device marker on map.
  • Enabled reset button after hotspot package removal.
  • Improved Cloud Connection error tooltip.
  • Improved header icons.
  • Improved placeholders and regular expressions.
  • Added FQDN or local validation to domain name.
  • Fixed port forward validations.
  • Fixed domain name validation.
  • Fixed issue with controller causing too many directs.
  • Added validation for RADIUS profile VLAN mode.
  • Fixed issue with community string changing to public, regardless of configured value.
  • Added pagination in Settings / Network list.
  • Disallowed SVG upload for guest portal images.
  • Fixed displaying sections on Guest Control settings page.
  • Fixed clickable area of alerts full screen button.
  • Fixed site settings save error.
  • Fixed refreshing networks in switch property panel on network add/remove.
  • Made security improvements.
  • Signed Windows installer package.
  • Removed restricted U-NII-2C channels when Canada country code is set.
  • Moved the AP channel utilization graph into the header.
  • Added memory and load average to device list columns.
  • Show only adopted APs in Recent Activities in Statistics.
  • Rename all-time top client.
  • Updated validation hint for maximum number of stations in wireless network group.
  • Now shows DB migration progress.
  • Greyed out disabled WLAN rows in Property Panel.
  • Improved chart animations.
  • Added autofocus on 2FA token field.
  • Now allows one to cancel migration of device.
  • Fixed Not Authorized/Bad Request on first launch after accepting SDN Invitation.
  • Fixed WAN load balance config so that it actually provisions to USG.
  • DB migration improvements.
  • Fixed firewall rule validation.
  • Improved LAN address identification on USG.
  • Updated firewall rule button styles.
  • Used bps instead of bytes per second.
  • Fixed problem with enabling Cloud Access.
  • Now handling ESC on cloud access modal.
  • Restricted 5 minutes data retention.
  • Switch port usage graph now prevents displaying connected both Device and Client.
  • Updated bundled snappy-java to 1.1.2.6.
  • Updated bundled JRE to 8u131 b11 for Mac controller.
  • Improved WebRTC debugging.
  • Fixed an issue when granting admin privilegs on a site.
  • Generates a SHA512 password if device firmware is capable of it.
  • Removed TLSv1 from default SSL protocols for Java 7/8.
  • Fixed services link not visible on mobiles.
  • Fixed removing items on WebRTC connection.
  • Now allows antenna gain of 0.
  • Supports UAP-AC-IW-Pro.
  • Supports USW L2 PoE.
  • Increased broadcast and multicast MAC limit to 256 per site.
  • Updated WebRTC JNI to 1.0.17.
  • Updated bundled Tomcat package to 7.0.78.
  • Fixed clearing statistics.
  • Added HSTS support (disabled by default).
    • Can be controlled only by system.properties.
  • Fixed uplink status when using bonding on AC-HD.
  • Fixed an issue with the remote IP in WebRTC logging, previously was always 127.0.01.
  • Made various backend improvements.
  • Allowed RADIUS Profile secret to accept any string.
  • Hid RADIUS Profile secret for read-only admins.
  • Improved VPN health status.
  • Fixed wired uplink stats on AC-HD when using bonding.
  • Fixed an issue when trying to register controller with UniFi cloud tie in (unifi.ubnt.com).
  • Fixed a DB migration issue which caused stats not to be visible in the UI post upgrade when upgrading from <=5.4.x.

Controller Bugfixes/Changes Ported from 5.4.x

  • Improved dynamic Dashboard.
  • Improved loading DPI statistics.
  • Improved Topology view.
  • Improved Image Map performance.
  • Updated translations.
  • Added Catalan translations.
  • Fixed saving Settings –> Controller.
  • Added user group override notice, client list user group column.
  • Fixed panel expand/collapse icon aliasing.
  • Added LAG support to AP –> Network Configuration (AC-HD only).
  • Added limited amount of LAN DHCP leases notice.
  • Added minRSSI noise floor notice.
  • Added expand/collapse icon to device list actions column.
  • Disallowed SVG image type in Maps.
  • Added progress bar for backup upload.
  • Fixed import/export function.
    • The configuration tab will not be visible after import.
  • Fixed available manual negotiation options for 10GBASE-T ports.
  • Added Migrate Site (Export Site) Wizard.
  • Fixed slow DB backup.
  • Fixed RADIUS profile migration issue.
  • Improved email templates.

Firmware Changes from 3.8.2/4.3.41

  • UAPG3
    • Enabled DFS on UAP-AC-SHD.
  • UAPG2
    • Fixed an STA connectivity issue that occurred when a second generation AP is the wireless downlink to a wired third generation AP.
    • Fixed an issue causing less than expected throughput in recent releases.
  • UAP
    • Fixed a bug in uplink-monitor.
  • USW
    • Added 802.1X MAC auth bypass support.*
  • USL2
    • Added PSU fail detection support.*
  • USG
    • Updated numerous subsystems to the latest EdgeRouter 1.9.7.
      • Includes a number of bug fixes mades to EdgeRouter in past 2-3 years, though these are largely not applicable to USG use case.
      • IPv6 fixes were most relevant to USG users.
    • Subsystems updated include UPnP, PPTP client, DHCP server, Quagga, PPPoE and PPP Handling, DHCP Client, conntrack, configuration subsystem, operational commands subsystem, IPv6 router advertisement service, keepalived, NAT configuration and handling, OpenVPN configuration subsystem.
    • Increased maximum NDP and ARP cache table sizes, added back end controls for ARP and NDP timeouts.
    • Made improvements to Guest control.
      • Added locking to improve reliability.
      • Reworked some of the back end functions to improve performance.
    • Fixed memory leak in VPN status reporting eventually leading to disconnects of USG from controller.
    • DPI Improvements
      • Back end additions for DPI blocking.
      • Stats clearing fix.
      • Signature update improvements.
    • RADIUS server permissions fixed for log files and accounting data.
  • HW
    • Fixed the issue printing SSH login when the interface IP changed.

From 5.5.19 to 5.5.20

Official release notes.

Controller Bugfixes/Changes

  • Fixed port mirroring range.
  • Fixed app with Chinese translations.
  • Added Google to social transactions.
  • No longer display number of clients for site-to-site VPN.
  • Limited MAC ACL list to 512 per WLAN group.
  • Added VAP BSSID filter to devices page.
  • Fixed the issue causing storm control settings to be provisioned even when disabled.
  • Updated bundled Tomcat to 7.0.79.
  • Now always deploys WAN_OUT firewall rules and removed the config.properties control.
  • Improved 802.1X provisioning on USW, so that switch does not get blocked.
  • Fixed site-to-site connection status on VPN health widget.
  • Improved the broadcast/multicast filter.
  • Made various security improvements.

From 5.5.20 to 5.5.24

See the official release notes.

Controller Bugfixes/Changes

  • Fixed wrong data in VLAN column in WLAN list.
  • Reverted “change auto VPN VTI subnet mask to /30” as it needs to be reworked.
  • Changed auto VPN VTI subnet mask to /30.
  • WLANs table now displays in Property Panel for In-Wall.
  • Fixed an issue preventing switch ports from coming up after being disabled.
  • Fixed a bug with IW causing the port to be disabled when the VLAN is off.
  • Fixed a backend bug with guest access.
  • Made improvements to MAC address input validation.
  • Fixed a provisioning issue which would clear USG WAN settings.
  • Improved Ethernet bonding support on UAPs (on supported devices).
  • Improved topology view when using wireless uplinks.
  • Now allows setting device credentials during setup and new site wizards.
  • Made various backend fixes and improvements, also security improvements.

Firmware Changes from 3.8.3/3.8.6/4.3.49

  • UAPG3
    • Major code base upgrade (codename Toronto).
    • airTime and airView support (SHD exclusive).*
    • Switched to net-snmp in preparation for SNMPv2 support (eventually v3 too).**
  • ACG1
    • Fixed WEP on first generation AC models.
  • EDU
    • Various fixes and improvements for the baresip client.
  • ACIW
    • Fixed management VLAN support.
  • UAP
    • Made various Mesh v3 improvements.
    • Prepared management VLAN support for other UAP devices.*
    • Added support for multiple WLAN schedule blocks per day.*
    • Improved reliability of receiving Framed-IP-Address attribute.
    • Added 802.11r support (excluding UAP-AC v1/v2 and UAP-AC-Outdoor).*
    • Disabled multicast enhancements by default.
    • Improved RF scanning.
    • Fixed a RADIUS related bug with fast-apply.
    • Added management VLAN support for wireless uplink.*
    • Added options for RF scan (active/passive, background/foreground).*
    • Added support for best channel suggestion after running RF scan.*
    • Added support for fast-apply WLAN config, for existing WLANs only.
    • Allowed 80MHz for Russian country code.
    • Removed iperf package, as it does not provide proper results when using an AP as an endpoint.
    • Various security and backend fixes and/or improvements.
  • USL2
    • Added support for switch power monitor and PSU info.*
  • USW
    • Fixed DoS issue reported via HackerOne.
    • Added per port Class of Service (CoS) queuing and max traffic class support.*
    • Delayed port LED blinking until system, ready.
    • Added backend for 802.1X MAC authentication bypass support.*
    • Added support for port egress rate limiting.*
    • Implemented route metric changing on load-balance status change.
      • This fixes WAN failover issues with L3 adopted USGs, and improves multi-WAN failover functionality in general.
      • Fixed multi-WAN regressions in 4.3.46-4.3.49 picked up from EdgeRouter 1.9.7.
      • Implemented new local web UI on USG.
        • Fixes a variety of long-standing bugs with the old UI.
        • Adds ability to configure LAN IP and DHCP server.
      • Updated ISC dhcp version.
        • Probably fixes some edge case problems with multiple DHCP WANs and recovery after ethernet link loss.
      • Added backend for custom host-uniq for PPPoE.
      • Fixes for some uses of multiple routing tables.
        • Nothing controller provisioned does anything impacted by this, but a small number use config.gateway.json VPN configurations which are impacted.

Ubiquiti UniFi SDN Controller Software Release Notes: 5.6.19

This is the first stable release of the 5.6 branch. You can view the official release notes.

Controller Changes Since 5.6.18

  • airTime and airView now open in new windows.
  • Replaced antenna gain field with dropdown for select antenna.
  • Now displays cell size in config if firmware of AP supports it.
  • Fixed disappearing devices when user was inactive.
  • Fixed disappearing batch edit devices.
  • Fixed currently selected element in airTime when filters change.
  • Improved error handling for airTime.
  • Filtered out Manage by Other devices in Performance Statistics.
  • Fixed hiding Cancel Migration section in Property Panel for switches.
  • Fixed missing uplink section in Known Clients.
  • Fixed width of some password fields.
  • Fixed DPI graphs.
  • Now when all accordions are hidden in Property Panel the Tools tab is also hidden.
  • Improved UI responsiveness.
  • Small UI fixes and improvements.
  • Updated bundled Tomcat to 7.0.82.
  • Updated translations.
  • Various backend improvements.

Firmware Changes Since 3.9.2/4.3.60

  • ACIWPro
    • Enabled DFS support.
  • UAP
    • Added more security details to scan info.
    • Applied security patch for WPA2 vulnerability called KRACK.
    • Various backend fixes and/or improvements.
  • USXG
    • Fixed fastpath tools.
  • USG
    • Updated NTP, net-snmp, IGMP proxy, conntrack-tools, webproxy packages to same as latest EdgeRouter release.
    • Corrected auto S2S VPN status reporting.
    • Fixed L2TP problem that could result in pppd exiting after a client connects.
    • Fixed WLAN DPI blocking and related log spam.
    • PPPoE usernames now properly supports usernames longer than 4000 characters and/or containing ‘/’.
    • Updated dnsmasq to 2.7.8.
  • HW
    • Improved error codes returned on firmware upgrade fail.

Ubiquiti UniFi Firmware Release Notes: 3.8.6.6650, 3.8.12.6776, 3.8.14.6780, 3.9.1.7462, 3.9.3.7537

From 3.8.3 to 3.8.6.6650

Check out the official release notes.

  • UAPG3
    • Fixed MAC ACL and blocking support.
  • AC-IW/Pro/EDU/M-Pro
    • Fixed a bug with egress QoS.
    • Improved address resolution logic (ARL) caching support.
    • Added STP state and uptime.
    • Fixed topology view.
  • UAP
    • Added backend for 802.1X MAC authentication bypass support.*
    • Added Framed-IP-Address to RADIUS accounting data.
    • Added NAS-IP-Address to RADIUS accounting data.
    • Various backend fixes.
  • USL2
    • Added support for switch power monitor and PSU info.*
  • USW
    • Fixed DoS issue reported via HackerOne.
    • Added per port Class of Service (CoS) queuing and max traffic class support.*
    • Delayed port LED blinking until system is ready.
    • Added backend for 802.1X MAC authentication bypass support.*
    • Added support for port egress rate limiting.*
  • HW
    • Fixed issue with curl config, FTP firmware upgrade now working.
    • Backend optimization to save space.

From 3.8.11 to 3.8.12.6776

See the official release notes.

  • ACG1
    • Added multi-block WLAN schedule support.*
  • UAP
    • Added management VLAN support for wireless uplink.*
    • Added options for RF scan (active/passive, background/foreground.*
    • Added support for best channel suggestion after running RF scan.*
    • Added support for fast-apply WLAN config, for existing WLANs only.
    • Allowed 80MHz for Russian country code.
    • Removed iperf package, as it does not provide proper results when using an AP as an endpoint.
  • USW
    • Added missing IPv4 multicast trap policy.
  • HW
    • Limited SSH username to 32 characters in length.

From 3.8.12 to 3.8.14.6780

See the official release notes.

  • UAP
    • Fixed a RADIUS related bug with fast-apply.
    • Made a backend improvement.

From 3.8.14 to 3.9.1.7462

See official release notes.

  • UAPG3
    • Added airView and airTime support for SHD.
    • Added initial WIPS backend support for SHD.*
    • Various HW accelerator fixes and improvements.
    • Fixed issue with RF scan where it would often show 0% utilization.
    • Fixed problem with uplink staying in a disconnected state.
    • Reduced time required to provision.
    • Uplink / meshv3 improvements.
    • General fixes and improvements in logging, wifi, and performance.
    • Added LLDP support, which improves PD negotiations on third party switches.
    • Enabled SHA512 support.
  • UAP
    • Implemented backend for SNMPv3 support.*
    • Fixed a RADIUS related bug with fast-apply.
    • Numerous backend fixes and/or improvements.
  • USL2
    • Fixed PSU status detection.
  • USW
    • Fixed a bug preventing DHCPv6 from functioning in some cases.
    • Fixed an issue with removing VLAN tags.
    • Fixed an issue causing high CPU usage with certain SFP modules.
    • Fixed 802.1X VLAN setting on LAG groups.
    • Various backend fixes and/or improvements.
  • HW
    • Merged with codename Toronto branch.
    • Added ‘do-upgrade’ alias for local firmware upgrades.

From 3.9.2 to 3.9.3.7537

Official release notes.

  • ACIWPro
    • Enabled DFS support.
  • UAP
    • Added more security details to scan info.
    • Applied security patch for WPA2 vulnerability (KRACK). [This primarily affects devices that support STA mode, 1st gen AC devices do not.]
    • Various backend fixes and/or improvements.
  • USXG
    • Fixed fastpath tools.
  • HW
    • Improved error codes return on firmware upgrade tool.