- Print
- PDF
Skylight performance element GX Release Notes 24.07
These release notes cover the requirements, new features, and changes for the Skylight Element: GX firmware version 24.07, please read all notes prior to installing this firmware version.
For more information, refer to Features and User Material Section: Skylight performance elements: Features and User Material
Requirements
This firmware version applies to the following Skylight element: GX, resulting from changes in the TLS version, the following software versions are compatible with Skylight orchestrator Version 1.3 and above:
- 7.1.1.1
- 7.3.0.3
- 7.4
- 7.5
- 7.6
- 7.7
- 7.8
- 7.8.1
- 7.8.2
- 7.8.2.1
- 7.8.3
- 7.9
- 7.9.1
- 7.9.2
- 7.9.3
- 7.9.4
- 7.9.5
- 7.9.5.1
- 7.9.6
- 7.9.6.1
Note: There is a patch available for earlier versions of Skylight orchestrator. Please contact Accedian support for further information.
Firmware Version 24.07.0_25861 (2024-08-09)
New Features and Enhancements
The Skylight performance element GX release 24.07 introduces the following new features and enhancements.
Change Release Number
Release naming convention has been changed to represent year and month of release and the release numbers will no longer be shown in an increasing numerical sequence, for example 8.0 to 8.1. Instead, they will represent the year and month of the release, for example: 24.07 for July 2024.
Analyze Linux Vulnerabilities
The version for openssl has been updated to the correct version (3.0.14) and dropbear has been updated to the correct version 2024.85 and the following issues have also been fixed:
• CVE-2013-2094
• CVE-2014-3153
- Security compliances (CSDL/CSERV, Corona, TPSCRM)
Addressed Issues
Drop Opposite Traffic Warning Was Not Present
When enabling the checkbox of “Drop Opposite Traffic” in OAM Loopback, there was no warning that dropping opposite traffic would drop all the traffic entering the device on the opposite port. Warning has been added via pop-up: “Configuration changes are service affecting, Are you sure you want to proceed?” to warn users of the implications.
This issue has been fixed.
False PTP Alarm not Clearing
System-Configuration-Time was showing PTP synchronization status as synchronized, however the device was raising alarm error code 7.0001.05, even though there was no network changes or changes that would trigger this alarm.
This issue has been fixed.
Unable to use Netcraker to configure the device
The device is sending inaccurate information after performing unsuccessful configuration import via Netcracker. It shows import success and reboot success, however the device did not have the imported file and was then unable to reboot.
This issue has been fixed.
Security Vulnerabilities
The following issues have been fixed:
- Weak ssh--dss host key algorithm
- Renegotiation DoS Vulnerability (CVE-2011-1473, CVE-2011-5094)
- GoAhead Server HTTP Header Injection Vulnerability (CVE-2019-16645)
Security Vulnerabilities
The following issues have been fixed:Local privilege escalation
- Insufficient input sanitization
- Read permissions for sensitive data
Security Vulnerabilities
Security vulnerabilities check. The following issues have been fixed:
Maximum SSH connection to device (5 sessions): Verify able to connect up to 5 SSH session to device successfully
Netconf connection to device: Enable Netconf on device, establish the Netconf connection to device by the below command:
ssh admin@10.231.82.31 -p 830 -s netconfTerrapin Scanner tool to scan the issue (CVE-2023-48795)
SSH to device with debug option
Update dropbear to v2024.85
Operational Considerations
Important Notes
- The Skylight element: LT firmware is delivered in a consolidated file prefixed by “ACC”, e.g. ACC_7.X_YYYY.afl. This file contains the firmware for the GT, GX , LX and LT Performance Element products. It cannot be used with any other product.
- IMPORTANT: Prior to upgrading the firmware on a unit where the History Buckets feature is enabled, certain precautions may need to be taken to prevent a loss of history data during the upgrade.
- After upgrading to 7.9.1 or 7.9.2, the SCP is no longer able to send files, reporting the following error: Code = 3: URL using bad/illegal format or missing URL. This is due to a syntax change and customer needs to edit the URL after upgrading to 7.9.2 or 7.9.3.
The URI generic syntax (in RFC 3986) consists of a hierarchical sequence of five components: URI = SCHEME ':' ['//' AUTHORITY] PATH ["?" QUERY] ["#" FRAGMENT]. In this, AUTHORITY = [USER_INFO "@"] HOST [":" PORT]. The AUTHORITY part and the PATH part are isolated by the slash ('/') character if the AUTHORITY exists.
© 2024 Cisco and/or its affiliates. All rights reserved.
For more information about trademarks, please visit: Cisco trademarks
For more information about legal terms, please visit: Cisco legal terms
For legal information about Accedian Skylight products, please visit: Accedian legal terms and tradmarks