UniFi Network Controller 5.10.20 Stable has been released
a week ago
- last edited
a week ago
Introducing our latest release for UniFi Network hardware. This is the latest stable release for UniFi Network 5.10, which is our current stable release branch.
We've updated the UniFi Network controller to improve security. Starting with UniFi Network version 5.10, the required minimum firmware for UAP/USW will be 4.0.9 and for USG will be 4.4.34. Devices on earlier firmware will show in the controller and work as you've configured them, this update doesn't change any of the settings. However, please note you will not be able to modify the device configuration until you update the firmware.
This update contains an upgrade to the overall security of the UniFi platform and its devices, it is highly recommend that everyone upgrades to this version. We will also be preparing 5.6.41 to accommodate 1st gen AC devices.
We want our users to have time for adoption and migration to this version, all feedback is welcome.
How to play safe?
Make sure you always do a backup before any updates, especially if you plan to upgrade your existing installation.
As always, make a backup prior to upgrading.
For people who are migrating from v3, there're many changes to APIs and it's not backward compatible. You may need to update the shell library (unifi_sh_api) and/or your customized portal/external portal code.
Windows users must have 64-bit Java installed to use the unifi.ubnt.com cloud tie in, as we only support 64-bit webRTC library. Please see HERE and download the missing version (64-bit offline Windows install package). The controller will run in a 32-bit only environment, or with 32-bit Java, but the Cloud Access service will not work.
Users running 64-bit Windows should only have 64-bit Java installed. If you have 32-bit Java installed then we recommend uninstalling it.
As of 5.7.x+ we only support Java 8. At this time Java 9+ is not supported.
You cannot re-use a VLAN ID for dynamic VLAN if it is set as a static value for another SSID on the same AP. So, if I have a SSID set to use VLAN 10, I cannot use VLAN ID 10 for RADIUS controlled VLAN users as those users will not get an IP.
Smart Queue QoS is similar to the implementation as in EdgeOS (seeHERE). It's worth noting that maximum throughput will be affected when using QoS, as traffic is not offloaded. There are some rough guidelines in the article linked above.
DFS channels can not be used for wireless uplink in the US. Please use non-DFS channels if you need to use wireless uplink on dual band UAPs.
Official UniFi MIBs can be downloaded fromHEREandHERE(those are 2 different files).
For hotspot management console, make sure you have bookmark the URL with site ID (i.e. x66cipn3, or whatever random string is generated for that site). For example: https://unifi.yourdomain.com:8443/manage/hotspot/site/SITE_ID
For Debian/Ubuntu users, please update your APT source (seeHERE).
unifi-beta/unifi-rapid are obsoleted. The old repo has been removed.
The following affects APT versions 1.5 onward (Ubuntu 17.10 and Debian Sid or newer). A recent version of theapt-secure man pagestated: "Since version 1.5 changes in the information contained in the Release file about the repository need to be confirmed before APT continues to apply updates from this repository",meaning that when performing an update from a major version to the next (for example 5.6.x to 5.7.x) theapt-get updatewill result in an error. To fix this run the command the following way: apt-get update --allow-releaseinfo-change
Cloud Access feature in this release is not supported on Linux/ARMv6 architecture (e.g. Raspberry Pi 1). If you have problem starting controller on this platform, please remove the native library:
Features like airtime fairness, bandsteering, load balancing and minimum RSSI are default disabled. If you need them you need to go to Settings>Site and check Enable advanced features.
If you previously used Google Maps for a site map, then you have to enable this feature again by adding an API key. This is done under Settings>Controller. There is a linked guide with instructions.
New Cloud Access requires outbound 8883/tcp to be open/unrestricted.
Linux systems must be running a version of MongoDB prior to 3.6.x. We recommend 3.4.x. This is most likely to be an issue on Ubuntu 18.04 LTS, as it currently offers MongoDB 3.6.x.
The proper keystore alias and name are `unifi`. If your custom SSL cert is no longer working, please verify that you are using the proper keystore and alias. A bug previously allowed `ubnt` to work, although that was never technically correct. If you find mention of these invalid steps on the community, please point them out so we can fix them.
The initial database migrationwill take longer than normal.It is expected to see mongo using most, if not all, of the available CPU cycles during this process. Please be patient, this process could easily take 15+ minutes, depending on the amount of historical stats, as well as the system specs. As always, err on the side of caution, and make a backup before upgrading.
The controller will not start if it is set to bind to a privileged port (<1024), as it now runs as a non-root user.
If your controller is running on a UniFi Cloud Key (UCK), make sure it is on firmware 0.6.4 or later, otherwise the controller will not start. This firmware is available via the normal upgrade mechanism found in the controller or it's local management page. Make sure to make a backup before upgrading the UCK firmware, as you'll need it to restore after, and it's good to have a backup on hand before any controller upgrade.
Support for PicoM2 and 1st gen AC models was dropped in 5.7.x. Please see our announcement HERE.
As of release branch 5.7.x we've made some important changes to the Wireless Uplink feature (feature details HERE).
We removed the "Enable automatic uplink failover" from wireless uplinks as it is no longer needed.
We added the ability to opt an AP in or out of wireless uplinking to another AP. This is done by checking the "Allow meshing to another access point" option found under device properties>Config>Wireless Uplink.
This option should be disabled on wired APs, but is required to be enabled on wireless APs.
If you disable this option on a downlink/wireless AP, then your AP will be disconnected from the network and require further action (including physical access).
If upgrading from 5.6>5.7 then this already be disabled on wired APs, but if upgrading from an earlier 5.7. release then this may be enabled on wired APs.
Again, this option should be enabled on downlink/wireless UAPs only. It should not be enabled on wired UAPs.
We added the ability to set uplink priorties. This allows you to define the preferred uplinks for a downlink/wireless AP.
Fixed IPs (DHCP reservations) are now required to use unique IPs. The same IP cannot be assigned to more than one device. For configurations that already contain duplicates, only the most recently active device will have its fixed IP provisioned to USG. The controller's server.log will contain a log message skip provisioning duplicate fixed IP <IP address> for user[<MAC address>] indicating which was omitted where there are conflicts.
Possible Upgrade Paths:
The following listed versions are the latest version you can upgrade directly from for recent release branchs: 5.10.19, 5.9.33, 5.8.30, 5.7.28, 5.6.40.
As long as you are on that release or an earlier release within each branch, then you can (directly) upgrade to this release. The earliest release you can directly upgrade from is 3.1.0. It's possible there may be a few exceptions to that. If your controller is version starts with 2.x or 1.x then you will need to upgrade to 3.x before you can upgrade to this release.
The release branch is determined by the first 2 numbers (so 5.10, 5.9, 5.8, etc). The last number determines the version (within that branch). A newer release is indicated by a higher number, and an earlier release is indicated by a lower number. All release branches start at .0 (e.g. 5.10.0, 5.9.0, etc.).
If you're on a newer release than what is mentioned, then you'll have to wait until this release is updated so that it supports upgrading from the release you're running now.
airTime will not work if a radio is disabled and/or there isn't any SSID present. This will be fixed in a future release. If you enable it, and it still isn't working, then you may need to force a refresh without cache.
If you start both a 2.4GHz and 5GHz scan in quick succession, then it will fail.
It is expected that airView will stop occasionally. A stop/start sequence should restore functionality.
If you start an airTime scan while airView is running, then airView will stop and you'll need to perform a stop/start sequence to get it working again. This will be fixed in the future.
Some statistics on the dashboard are still under development. Please share any and all feedback!
If the web interface doesn't seem to be displayed/drawn properly, then you likely are hitting a browser caching issue. Please force a hard refresh, and that will clear up any caching issues. Thanks!
Improve OS architecture detection to fix case where wrong MongoDB storageEngine may be set.
Fix logging format by adding date.
Fix IPv6 MSS clamping so that it uses either the configured or automatic value (unless configured MSS is <1280).*
Switch from deprecated Google+ API to the Google People API (for social guest portal authentication).**
Miscellaneous fixes for UniFi Cloud hosted controllers.
*This may not work in all cases. For example on IPv6 PPPoE you will need to set the MSS6 value to be 20 lower than the MSS value. This can be fixed by using a congfig.gateway.json file. An example fix is found at the bottom as an attached zip file. Kudos to @r4m3u5 for catching this, and providing an example fix. sha256sum 31564d5302c5d18ea33b28cdd77fac4de85ba2157c641506c614a49d3822aab1
**This requires enabling the Google People API within the Google Developer Console. Please use the setup tool foundHERE. Alternatively you can view steps 1 and 2 on their getting started guide foundHERE.
*please read the important notice at the top of this post
*This release follows our usual release structure which means it will initially be available via this blog post only. It will be posted to the download site and official repos in the near future. If you aren't familiar with our release structure, please take a moment to read our post HERE. Thanks!