Scheduled maintenance: Community available only in read-only mode until 6:00 AM (PT)
Reply
Highlighted
Ubiquiti Employee
Posts: 9,632
Registered: ‎01-28-2013
Kudos: 17001
Solutions: 609
Contributions: 20

[FIRMWARE] 3.8.17.6789 for UAP-AC, UAP-AC v2, and UAP-AC-OD has been released

Please see our release post HERE.

Emerging Member
Posts: 46
Registered: ‎12-30-2017
Kudos: 7
Solutions: 1

Re: [FIRMWARE] 3.8.17.6789 for UAP-AC, UAP-AC v2, and UAP-AC-OD has been released

Can you please provide some more details with `[UAP] Security improvement.*` ? Is there an issue with controller version5.9 as well as 5.6?
Senior Member
Posts: 25,966
Registered: ‎08-04-2017
Kudos: 4870
Solutions: 1289

Re: [FIRMWARE] 3.8.17.6789 for UAP-AC, UAP-AC v2, and UAP-AC-OD has been released

Hello @aseriesoflinks,

 

It's gonna be used for the 5.6.41 controller.

 

 

Regards,

Glenn R.

Cloud Hosted Controllers | Glenn R. | UniFi Installation/Easy Update Scripts | UniFi-Video Installation Scripts | UniFi-VoIP Installation Scripts
USG-XG-8 • USG-4-PRO • USG
US-XG-16 • US-48-500W • US-24-POE-250W 2x • US-16-POE-150W 3x • US-24 • US-8-150W • US-8
UAP XG • UAP-SHD • UAP-HD • UAP-NanoHD 2x • UAP-AC-PRO 2x • UAP-AC-LITE • UAP-AC-IW • UAP-AC-M • UAP-AC-M-PRO 2x
UAS-XG • UCK-G2-PLUS • UCK-G2 • UCK
Regular Member
Posts: 341
Registered: ‎06-08-2015
Kudos: 178
Solutions: 1

Re: [FIRMWARE] 3.8.17.6789 for UAP-AC, UAP-AC v2, and UAP-AC-OD has been released

Well I guess something has happened big enough for them to update these and at the same time require a minimum firmware version on all other devices for future controller versions going forward.

New Member
Posts: 37
Registered: ‎08-25-2015
Kudos: 8
Solutions: 2

Re: [FIRMWARE] 3.8.17.6789 for UAP-AC, UAP-AC v2, and UAP-AC-OD has been released

[ Edited ]

All it says is:


[UAP] Security improvement.

What exactly was fixed? Is there a CVE number?

Senior Member
Posts: 3,207
Registered: ‎04-26-2016
Kudos: 1313
Solutions: 327

Re: [FIRMWARE] 3.8.17.6789 for UAP-AC, UAP-AC v2, and UAP-AC-OD has been released

[ Edited ]

The fixes for other controllers/firmware are still in beta so not available to the public yet. So they probably will not give additional info until it is released as stable.

And even then they probably will not give additional info. 😉

 

 

 

Senior Member
Posts: 3,529
Registered: ‎08-06-2015
Kudos: 1662
Solutions: 200

Re: [FIRMWARE] 3.8.17.6789 for UAP-AC, UAP-AC v2, and UAP-AC-OD has been released


@RichieB wrote:

All it says is:


[UAP] Security improvement.

What exactly was fixed? Is there a CVE number?


A security improvent is not necesarily addressing a vulnerability nor "fixing" something.

 

UBNT generally doesn't publish CVE (or other trackng record) numbers.

 

This would be related to an upcoming controller update and my guess is the communication between the controller and managed devices is being changed such that both ends need an update.

 

 

New Member
Posts: 37
Registered: ‎08-25-2015
Kudos: 8
Solutions: 2

Re: [FIRMWARE] 3.8.17.6789 for UAP-AC, UAP-AC v2, and UAP-AC-OD has been released


@waterside wrote:

A security improvent is not necesarily addressing a vulnerability nor "fixing" something.

UBNT generally doesn't publish CVE (or other trackng record) numbers.

This would be related to an upcoming controller update and my guess is the communication between the controller and managed devices is being changed such that both ends need an update.


True, but looking at the speed of release (pushed in the LTS channel before a changelog was pusblished) there is a fair chance that it fixes a critical vulnerabilty. If it is just a minor "securty improvement" they could have released it alongside the new controller version.

Emerging Member
Posts: 46
Registered: ‎12-30-2017
Kudos: 7
Solutions: 1

Re: [FIRMWARE] 3.8.17.6789 for UAP-AC, UAP-AC v2, and UAP-AC-OD has been released

> True, but looking at the speed of release (pushed in the LTS channel before a changelog was pusblished) there is a fair chance that it fixes a critical vulnerabilty. If it is just a minor "securty improvement" they could have released it alongside the new controller version.

**bingo** this is why I asked. I have about 10 different firmware versions in the field and mgmt *really* does _not_ want downtime (24 hour operations and the like...). less than 1% of the ~1000 devices are on the latest 4.X firmware. most are on early to mid 3.x.

I would appreciate some additional details:
- will i be able to use a newer controller with the older AP software?
- what are the details of the security issue? Not all security issues apply to everybody in all deployments. If i'm vulnerable, fine. tell me! That way i can lean on mgmt to get these devices *patched* by justifying the ~5 min per AP downtime!
Senior Member
Posts: 3,529
Registered: ‎08-06-2015
Kudos: 1662
Solutions: 200

Re: [FIRMWARE] 3.8.17.6789 for UAP-AC, UAP-AC v2, and UAP-AC-OD has been released


@RichieB wrote:

@waterside wrote:

A security improvent is not necesarily addressing a vulnerability nor "fixing" something.

UBNT generally doesn't publish CVE (or other trackng record) numbers.

This would be related to an upcoming controller update and my guess is the communication between the controller and managed devices is being changed such that both ends need an update.


True, but looking at the speed of release (pushed in the LTS channel before a changelog was pusblished) there is a fair chance that it fixes a critical vulnerabilty. If it is just a minor "securty improvement" they could have released it alongside the new controller version.


 

No it was released since it is a pre-requisite for the upcoming controller release.  If the controller was released first then there would be those that upgrade that without reading the release notes (far too many here do that) and end up with UAPs that are no longer manageable.

 

Yes - that has happened before, and has actually already happened in the beta forum.

 

This is also not the first firmware that notes "security improvement" - many previous releases have noted similar.  I'm not sure why this is being assumed to be any different.

 

My $0.02 is to have just a little bit of patience.  This is the weekend and there shouldn't be any expectation that anything will change before Monday.

 

If there is such a concern the best method for anything security related is to reach out via support ticket directly rather than posting in a public forum, which is less likely to get a response.  As I already noted UBNT has not provided such detail publicly - this time may or may not be different.

 

 

 

Senior Member
Posts: 3,529
Registered: ‎08-06-2015
Kudos: 1662
Solutions: 200

Re: [FIRMWARE] 3.8.17.6789 for UAP-AC, UAP-AC v2, and UAP-AC-OD has been released

[ Edited ]

@aseriesoflinks wrote:

I would appreciate some additional details:
- will i be able to use a newer controller with the older AP software?
- what are the details of the security issue? Not all security issues apply to everybody in all deployments. If i'm vulnerable, fine. tell me! That way i can lean on mgmt to get these devices *patched* by justifying the ~5 min per AP downtime!

This is reaching into beta territory but the answer is no - you will not be able to use the newer controller with older firmware.  This firmware will be minimum required for the newer controller, at least as of now.  In other words the firmware will need to be updated first.

 

Again - there is not necesarily any security "issue".  It is listed as an "improvement" but that does not mean there is a vulnerability or issue.  There may be, or there may be not be.  Any improvement also may or may not be to the device (UAP) itself.  It could be related to improvement in the controller, improvement in the communication between controller and device, improvement to the device, or any combination of those.

 

[Edit]:  FWIW the release notes do include this text, which already answers the question above:

 

*In preparation for UniFi controller 5.6.41. This will be the minimum supported firmware version for UAP-AC, UAP-AC V2 and UAP-AC-Outdoor.

Member
Posts: 115
Registered: ‎06-03-2014
Kudos: 4
Solutions: 2

Re: [FIRMWARE] 3.8.17.6789 for UAP-AC, UAP-AC v2, and UAP-AC-OD has been released

[ Edited ]

  @UBNT-MikeD   

 

This release was prompted for and upgrade on controller version 5.6.40, and it crashed my UAP-AC "square units" the moment I ran it. 

 

From your release notes, the 3.8.17 firmware was only meant for controller version 5.6.41. If this is the case, why was it pushed to controller version 5.6.40 ?  Please advise. 

New Member
Posts: 25
Registered: ‎05-08-2018

Re: [FIRMWARE] 3.8.17.6789 for UAP-AC, UAP-AC v2, and UAP-AC-OD has been released

I must be missing something but I'm alerady on a version 4.x and the controller is suggesting that I downgrade.

 

Will there be a different 4.x version that is also preparation for a new controller version? Is the version I already have sufficient or should I downgrade?

New Member
Posts: 16
Registered: ‎06-20-2013
Kudos: 1

Re: [FIRMWARE] 3.8.17.6789 for UAP-AC, UAP-AC v2, and UAP-AC-OD has been released

@StLouisWirelessYou've got it backwards, this firmware is required before you upgrade the controller to 5.6.41 (Not out yet). It works fine with older versions of the controller.

Senior Member
Posts: 3,572
Registered: ‎05-19-2013
Kudos: 1526
Solutions: 36

Re: [FIRMWARE] 3.8.17.6789 for UAP-AC, UAP-AC v2, and UAP-AC-OD has been released

[ Edited ]

@braddo99 wrote:

I must be missing something but I'm alerady on a version 4.x and the controller is suggesting that I downgrade.

 

Will there be a different 4.x version that is also preparation for a new controller version? Is the version I already have sufficient or should I downgrade?


You indeed have.

 

UAP-AC and UAP-ACv2 are those Gen 1 square 802.11ac UAPs, not those Gen 2 UAP-AC-Lite/LR/PRO. There is no 4.x firmware for these UAP-AC/UAP-ACv2 square ones since it has been announced as LTS.

New Member
Posts: 25
Registered: ‎05-08-2018

Re: [FIRMWARE] 3.8.17.6789 for UAP-AC, UAP-AC v2, and UAP-AC-OD has been released

OK but, since I don't have any of those older models, why would the controller be suggesting I downgrade?

 

That suggestion is no longer appearing in my controller, not sure what changed.

New Member
Posts: 16
Registered: ‎06-20-2013
Kudos: 1

Re: [FIRMWARE] 3.8.17.6789 for UAP-AC, UAP-AC v2, and UAP-AC-OD has been released

If the controller has a lower version of firmware than your router, it'll recommend a downgrade, sometimes because bugs were found in firmware after it's release and it was rolled back, sometimes because the device was manually updated and the controller just hasn't caught up. But this thread is about a firmware you can't run for a router you don't have so it's kinda off topic here, if you want more info you should start a new topic.
New Member
Posts: 16
Registered: ‎06-20-2013
Kudos: 1

Re: [FIRMWARE] 3.8.17.6789 for UAP-AC, UAP-AC v2, and UAP-AC-OD has been released

Hey quick question on a slightly related subject, I still have a Picostation running 3.3.22.4024, will that still be able to connect to controller 5.6.41, or if not, any chance of an updated firmware? It's really out there in the middle of nowhere and I don't want to have to replace it, and I'd imagine there's at least a couple other people running them.

Emerging Member
Posts: 50
Registered: ‎06-07-2016
Kudos: 18
Solutions: 1

Re: [FIRMWARE] 3.8.17.6789 for UAP-AC, UAP-AC v2, and UAP-AC-OD has been released

@UBNT-MikeD 

Will you please clarify if anounced controller release 5.6.41 has been cancelled? Thank you

New Member
Posts: 1
Registered: ‎06-18-2015

Re: [FIRMWARE] 3.8.17.6789 for UAP-AC, UAP-AC v2, and UAP-AC-OD has been released

The release notes for firmware 4.0.30.10217 say:

1st gen UAPs may require extra steps when upgrading from firmware 4.0.3. You can try disabling all WLAN groups, and then running the upgrade. Devices that are seemingly "stuck" on 4.0.3 may require TFTP recovery to upgrade from that firmware.

All supported 1st gen APs need to be on a minimum of 4.0.10 prior to upgrading to this firmware. Controller 5.10.3+ will force an upgrade to 4.0.10 prior to upgrading to this release (only if your device isn't running 4.0.10 already).

 

I am unclear if UAP AP-AC v2 is considered included in that 1st gen category? In several other places plans for another LTS controller 5.6.41 are mentioned for "1st gen" devices. 

 

Because of my confusion with all the device numbers, I have gone ahead and installed 5.10.21 controller, but it isn't able to configure the UAP AP-AC v2 devices, though they work fine as configured. Should I go back to 5.6.40 controller instead? I am clearly over my head here, as an end user of a small installation, but the questions do seem to pop up on these forums.

 Jack

Reply