[USG] Firmware v4.4.34 now available

by Ubiquiti Employee Monday (14,817 Views)

Changes since 4.4.29 release:

  • Significant fixes in load-balance functionality (multi-WAN).
    • Fix circumstances where route metrics were not being properly updated, primarily experienced upon fail back. 
    • Fix problem that could cause one or both WANs to be marked down and get stuck in that state. 
    • Fix crash in ubnt-util when a WAN is down for an extended period. Wasn't causing any noticeable problems since it recovers on its own. 
  • IDS/IPS fixes/improvements
    • utmdaemon high CPU usage fixed (cause of "heartbeat missed" a few reported). Note that cannot prevent "heartbeat missed" in all possible circumstances. Where under extreme load for extended periods, it's inevitable for userland to be starved of resources enough to miss informs. 
    • Added a couple missing signatures to those bundled in firmware so all are immediately available post-upgrade. Some noted spamhaus.rules was only available after signature update.
    • Suricata version string corrected to reflect specific version.
    • Patch for CVE-2018-18956 denial of service vulnerability in Suricata.
    • Reduce frequency of lookups to ips1.unifi-ai.com for cloud connectivity.
    • Adjust configuration for USG3 and USG Pro to decrease CPU and memory usage. 
  • If no interface with "description WAN" is found (config.gateway.json overwriting the controller-generated config), assume the default interface assignment for that hardware platform, so config_network_wan is included in the inform. That prevents INFORM_ERROR status on controller versions prior to 5.9.28. In 5.9.28 and newer controllers, there is also a change controller-side to not end up in this condition regardless of whether this firmware-side change is available.
  • Speed test updates to not get stuck on a non-responsive server.

 

  • USG-XG-8 specific:
    • With UF-RJ45-1G SFPs, pass through the copper link state to the SFP+ port. Previously they always showed link up in the OS when plugged in regardless of copper link status (was SFP module to SFP slot link), which is problematic if using one for a dynamic IP WAN in some cases, as linkup actions are important.

 

Downloads

 

Hashes

  • USG
    • md5:  493a1f8bb6ac23317697422f889fcb2e
    • sha256:  6f1547d26cc85b8a9a9c31e45f1d57238c3c3251f18bbd0eda61a42789bea46c
  • USG Pro
    • md5:  6b6d2bd423c28374d5aff07ac43053e6
    • sha256:  cf933acb486c0b7534b6a844f5d2ba608c78f72205884ce147d37df6470c0782
  • USG-XG-8
    • md5:  974130f3da493ba9fbaf2cd467b986bb
    • sha256:  33358a034f827d6a1ccae859a28f6c086555ca30595a29645e608039bc3c9399