EdgeMAX EdgeRouter software release v1.9.7

by Ubiquiti Employee ‎07-24-2017 02:38 AM - edited ‎07-31-2017 02:49 AM

New EdgeMAX software release version v1.9.7 for EdgeRouter products has been released and is available here:

More details can be found in the release notes below. I would like to thank everyone for their participation in the community, as always helping with testing, reporting issues, providing feedback, suggestions! We certainly could not have done it without you  Thank you very much!


[Release Notes v1.9.7]




Changes since v1.9.1.1


New features


Enhancements and bug fixes

  • [PPPoE] Add PPPoE client uptime. Discussed here
    ubnt@jesse:~$ show pppoe-client
    Active PPPoE client sessions:
    User       Time      Proto Iface   Remote IP       TX pkt/byte   RX pkt/byte
    ---------- --------- ----- -----   --------------- ------ ------ ------ ------
    ubnt       00h01m34s PPPoE pppoe0          17   2.6K      4     46
    Total sessions: 1
  • [PPPoE] Add support for “host-unique” tag. Discussed here
  • [SNMP] Fix wrong OIDs send by SNMP trap. Discussed here
  • [SNMP] Resolve OSPF and BFD OID conflict. Discussed here
  • [SNMP] fix memory leak in nsm process when getting value via SNMP. Discussed here
  • [Routing] Fix wrong number of routes shown in WebGUI. Discussed here
  • [Routing] Fix random nsm daemon crash when ppp interface disconnects (pppoeX, pppoesX, l2tpX or pptpX)
  • [CLI] Fix bug when operator was not able to delete default gateway and static routes in one commit
  • [CLI] Add warning message when rebooting with unsaved config. Discussed here
  • [CLI] Add new CLI command that compares saved configuration with working copy:


    ubnt@jesse# set interfaces ethernet eth1 description "LAN"
    ubnt@jesse# commit
    ubnt@jesse# compare saved
    [edit interfaces ethernet eth1]
    +description LAN
  • [BGP] Fix int32 rollover when setting BGP local-AS. Discussed here
  • [BGP] Fix bug when commit was not failed when setting malformed community-list
  • [BGP] Fix bug when commit was not failed if “local-as” was equal to “remote-as”
  • [BGP] Do not reset BGP session if AS-0 was received from neighbor. Discussed here
  • [BGP] Fix bug when IPv6 'update-source' address was ignored
  • [MPLS] Fix bug when MPLS/LDP was not working on ER-8-XG after reboot
  • [Firewall] Fix bug when reply packets arrived from wrong address when NAT-hairpin is enabled
  • [Firewall] Fix bug when MSS clamping did not affect locally generated traffic. Discussed here
  • [Load balancing] Fix bug when locally originated DNS queries were load balanced. Discussed here
  • [Dnsmasq] Fix bug when DHCP leases were not showing if dnsmasq was enabled
  • [Dnsmasq] Fix bug when dnsmasq crashed if “tftp-server-name” was configured. Discussed here
  • [Dnsmasq] Preserve lease file after reboot. Discussed here
  • [Dnsmasq] Fix bug when dnsmasq leases were not cleared
  • [Dnsmasq] Enable logrotate for /var/log/dnsmasq.log
  • [DHCPv6] Fix bug when prefix-delegation was not written correctly to dhcpv6.conf file. Discussed here
  • [DHCP] Fix regression that was introduced in 1.9.1 when DHCP server did not register client hostname. Discussed here
  • [DHCP] Fix bug where DHCP address was not renewed for pseudo-ethernet interfaces. Discussed here
  • [IPv6] Deprecate the “set system ipv6 blacklist” CLI command because it is causing boot error when saved
  • [IPv6] Fix bug when DNS server was not removed from “resolv.conf” when releasing PD interface
  • [IPv6] Fix bug when radvd stopped after PPoE connection drop. Discussed here
  • [IPv6] Fixed bug when radvd was restarted upon each DHCPv6 renewal. Discussed here
  • [IPv6] Fix bug when “delete interfaces ethernet ethX ipv6 address autoconf” set wrong value of “accept_ra” sysctl value
  • [IPv6] Remove misleading radvd warning about all-zeroes prefix not being allowed. Discussed here
  • [IPv6] Fix bug when IPv6 address disappeared from interface after reboot. Discussed here
  • [IPv6] Fix bug when EdgeRouter did not receive IPv6 nameservers from ISP. Discussed here
  • [L2TPv3] Fix bug when l2tpv3 interface was not updated in kernel. Discussed here
  • [IPSec] Fix bug when IPsec site-to-site VPN sometimes was not reestablished after reset of either side
  • [DNS] Fix bug when “show dns forwarding statistics” was showing errors if dnsmasq was enabled
  • [DPI] Updated DPI signatures to version 1.302
  • [UBNT-discovery] Fix possible DDOS attack via UBNT-discovery protocol
  • [UBNT-discovery] Fix DoS attack vulnerability via UBNT-discover protocol that allowed remote user to reboot router without providing credentials
  • [Conntrack] Fix bug in CLI when showing and deleting conntrack entry by source doesn't work.
  • [WebGUI] Remove PHP and rewrite web backend to Python.

    • Warning !!!  if you use some 3rd party software that depends on PHP then you will need to install PHP manually because PHP will not be included in EdgeRouter firmware anymore. 

  • [WebGUI] Fix bug in Basic Setup wizard when DHCPv6 PD prefix-length was set to /64
  • [WebGUI] Fix bug when wrong internet port was selected in "WAN+2LAN2" wizard on ER-X
  • [WebGUI] Fix CSRF vulnerability when uploading files
  • [WebGUI] Fix XSS vulnerability via login page
  • [WebGUI] Fix broken IPv6 redirects. Discussed here
  • [Upgrade] Clear APT cache and delete core files before doing upgrade. Discussed here
  • [Backup] Exclude webproxy DB from config backup. Discussed here
  • [RTSP] Add CLI command to enabled RTSP conntrack/nat module. Discussed here and hereBy default RTSP module is disabled and following config entry enables it:
    ubnt@r1# set system conntrack modules rtsp enable
    ubnt@r1# commit
    ubnt@r1# save
    Saving configuration to '/config/config.boot'...
  • [Kernel] Backport ipset hash:mac support from upstream kernel
  • [Kernel] Increase NAPI_WEIGHT to 64 to solve packet-loss issue
  • [System] Fix filesystem storage leak when doing factory reset
  • [System] Fixed random bootloader hang on ER-8-XG
  • [System] Add new CLI command that allows admin to change number of CPU cores used for packet processing. To fix packet reordering issue admin needs to set packet-rx-core-num to 1. This workaround was discussed here
    set system packet-rx-core-num 1


Updated software components

  • [IPV6] – updated radvd to 2.16
  • [L2TP] – updated xl2tpd to 1.3.9. Discussed here