Reply
Ubiquiti Employee
Posts: 9,081
Registered: ‎01-28-2013
Kudos: 15488
Solutions: 600
Contributions: 20

[FIRMWARE] 3.8.17.6789 for UAP-AC, UAP-AC v2, and UAP-AC-OD has been released

Please see our release post HERE.

Emerging Member
Posts: 41
Registered: ‎12-30-2017
Kudos: 7
Solutions: 1

Re: [FIRMWARE] 3.8.17.6789 for UAP-AC, UAP-AC v2, and UAP-AC-OD has been released

Can you please provide some more details with `[UAP] Security improvement.*` ? Is there an issue with controller version5.9 as well as 5.6?
Senior Member
Posts: 16,473
Registered: ‎08-04-2017
Kudos: 3006
Solutions: 810

Re: [FIRMWARE] 3.8.17.6789 for UAP-AC, UAP-AC v2, and UAP-AC-OD has been released

Hello @aseriesoflinks,

 

It's gonna be used for the 5.6.41 controller.

 

 

Regards,

Glenn R.

Cloud Hosted Controllers | Glenn R. | UniFi Installation/Easy Update Scripts | UniFi-VoIP Installation Scripts
USG-4-PRO • USG
USW-48-500W • USW-24-POE-250W 2x • USW-16-POE-150W 3x • USW-24 • USW-8-150W • USW-8
UAP XG • UAP-SHD • UAP-HD • UAP-NanoHD • UAP-AC-PRO 2x • UAP-AC-LITE • UAP-AC-IW • UAP-AC-M
UCK-G2-PLUS • UCK-G2 • UCK
Member
Posts: 263
Registered: ‎06-08-2015
Kudos: 126
Solutions: 1

Re: [FIRMWARE] 3.8.17.6789 for UAP-AC, UAP-AC v2, and UAP-AC-OD has been released

Well I guess something has happened big enough for them to update these and at the same time require a minimum firmware version on all other devices for future controller versions going forward.

New Member
Posts: 36
Registered: ‎08-25-2015
Kudos: 8
Solutions: 2

Re: [FIRMWARE] 3.8.17.6789 for UAP-AC, UAP-AC v2, and UAP-AC-OD has been released

[ Edited ]

All it says is:


[UAP] Security improvement.

What exactly was fixed? Is there a CVE number?

Senior Member
Posts: 2,934
Registered: ‎04-26-2016
Kudos: 1119
Solutions: 303

Re: [FIRMWARE] 3.8.17.6789 for UAP-AC, UAP-AC v2, and UAP-AC-OD has been released

[ Edited ]

The fixes for other controllers/firmware are still in beta so not available to the public yet. So they probably will not give additional info until it is released as stable.

And even then they probably will not give additional info. 😉

 

 

 

Senior Member
Posts: 3,241
Registered: ‎08-06-2015
Kudos: 1385
Solutions: 186

Re: [FIRMWARE] 3.8.17.6789 for UAP-AC, UAP-AC v2, and UAP-AC-OD has been released


@RichieB wrote:

All it says is:


[UAP] Security improvement.

What exactly was fixed? Is there a CVE number?


A security improvent is not necesarily addressing a vulnerability nor "fixing" something.

 

UBNT generally doesn't publish CVE (or other trackng record) numbers.

 

This would be related to an upcoming controller update and my guess is the communication between the controller and managed devices is being changed such that both ends need an update.

 

 

New Member
Posts: 36
Registered: ‎08-25-2015
Kudos: 8
Solutions: 2

Re: [FIRMWARE] 3.8.17.6789 for UAP-AC, UAP-AC v2, and UAP-AC-OD has been released


@waterside wrote:

A security improvent is not necesarily addressing a vulnerability nor "fixing" something.

UBNT generally doesn't publish CVE (or other trackng record) numbers.

This would be related to an upcoming controller update and my guess is the communication between the controller and managed devices is being changed such that both ends need an update.


True, but looking at the speed of release (pushed in the LTS channel before a changelog was pusblished) there is a fair chance that it fixes a critical vulnerabilty. If it is just a minor "securty improvement" they could have released it alongside the new controller version.

Emerging Member
Posts: 41
Registered: ‎12-30-2017
Kudos: 7
Solutions: 1

Re: [FIRMWARE] 3.8.17.6789 for UAP-AC, UAP-AC v2, and UAP-AC-OD has been released

> True, but looking at the speed of release (pushed in the LTS channel before a changelog was pusblished) there is a fair chance that it fixes a critical vulnerabilty. If it is just a minor "securty improvement" they could have released it alongside the new controller version.

**bingo** this is why I asked. I have about 10 different firmware versions in the field and mgmt *really* does _not_ want downtime (24 hour operations and the like...). less than 1% of the ~1000 devices are on the latest 4.X firmware. most are on early to mid 3.x.

I would appreciate some additional details:
- will i be able to use a newer controller with the older AP software?
- what are the details of the security issue? Not all security issues apply to everybody in all deployments. If i'm vulnerable, fine. tell me! That way i can lean on mgmt to get these devices *patched* by justifying the ~5 min per AP downtime!
Senior Member
Posts: 3,241
Registered: ‎08-06-2015
Kudos: 1385
Solutions: 186

Re: [FIRMWARE] 3.8.17.6789 for UAP-AC, UAP-AC v2, and UAP-AC-OD has been released


@RichieB wrote:

@waterside wrote:

A security improvent is not necesarily addressing a vulnerability nor "fixing" something.

UBNT generally doesn't publish CVE (or other trackng record) numbers.

This would be related to an upcoming controller update and my guess is the communication between the controller and managed devices is being changed such that both ends need an update.


True, but looking at the speed of release (pushed in the LTS channel before a changelog was pusblished) there is a fair chance that it fixes a critical vulnerabilty. If it is just a minor "securty improvement" they could have released it alongside the new controller version.


 

No it was released since it is a pre-requisite for the upcoming controller release.  If the controller was released first then there would be those that upgrade that without reading the release notes (far too many here do that) and end up with UAPs that are no longer manageable.

 

Yes - that has happened before, and has actually already happened in the beta forum.

 

This is also not the first firmware that notes "security improvement" - many previous releases have noted similar.  I'm not sure why this is being assumed to be any different.

 

My $0.02 is to have just a little bit of patience.  This is the weekend and there shouldn't be any expectation that anything will change before Monday.

 

If there is such a concern the best method for anything security related is to reach out via support ticket directly rather than posting in a public forum, which is less likely to get a response.  As I already noted UBNT has not provided such detail publicly - this time may or may not be different.

 

 

 

Senior Member
Posts: 3,241
Registered: ‎08-06-2015
Kudos: 1385
Solutions: 186

Re: [FIRMWARE] 3.8.17.6789 for UAP-AC, UAP-AC v2, and UAP-AC-OD has been released

[ Edited ]

@aseriesoflinks wrote:

I would appreciate some additional details:
- will i be able to use a newer controller with the older AP software?
- what are the details of the security issue? Not all security issues apply to everybody in all deployments. If i'm vulnerable, fine. tell me! That way i can lean on mgmt to get these devices *patched* by justifying the ~5 min per AP downtime!

This is reaching into beta territory but the answer is no - you will not be able to use the newer controller with older firmware.  This firmware will be minimum required for the newer controller, at least as of now.  In other words the firmware will need to be updated first.

 

Again - there is not necesarily any security "issue".  It is listed as an "improvement" but that does not mean there is a vulnerability or issue.  There may be, or there may be not be.  Any improvement also may or may not be to the device (UAP) itself.  It could be related to improvement in the controller, improvement in the communication between controller and device, improvement to the device, or any combination of those.

 

[Edit]:  FWIW the release notes do include this text, which already answers the question above:

 

*In preparation for UniFi controller 5.6.41. This will be the minimum supported firmware version for UAP-AC, UAP-AC V2 and UAP-AC-Outdoor.

Member
Posts: 104
Registered: ‎06-03-2014
Kudos: 3
Solutions: 2

Re: [FIRMWARE] 3.8.17.6789 for UAP-AC, UAP-AC v2, and UAP-AC-OD has been released

[ Edited ]

  @UBNT-MikeD   

 

This release was prompted for and upgrade on controller version 5.6.40, and it crashed my UAP-AC "square units" the moment I ran it. 

 

From your release notes, the 3.8.17 firmware was only meant for controller version 5.6.41. If this is the case, why was it pushed to controller version 5.6.40 ?  Please advise. 

New Member
Posts: 20
Registered: ‎05-08-2018

Re: [FIRMWARE] 3.8.17.6789 for UAP-AC, UAP-AC v2, and UAP-AC-OD has been released

I must be missing something but I'm alerady on a version 4.x and the controller is suggesting that I downgrade.

 

Will there be a different 4.x version that is also preparation for a new controller version? Is the version I already have sufficient or should I downgrade?

New Member
Posts: 12
Registered: ‎06-20-2013
Kudos: 1

Re: [FIRMWARE] 3.8.17.6789 for UAP-AC, UAP-AC v2, and UAP-AC-OD has been released

@StLouisWirelessYou've got it backwards, this firmware is required before you upgrade the controller to 5.6.41 (Not out yet). It works fine with older versions of the controller.

Senior Member
Posts: 2,842
Registered: ‎05-19-2013
Kudos: 1254
Solutions: 26

Re: [FIRMWARE] 3.8.17.6789 for UAP-AC, UAP-AC v2, and UAP-AC-OD has been released

[ Edited ]

@braddo99 wrote:

I must be missing something but I'm alerady on a version 4.x and the controller is suggesting that I downgrade.

 

Will there be a different 4.x version that is also preparation for a new controller version? Is the version I already have sufficient or should I downgrade?


You indeed have.

 

UAP-AC and UAP-ACv2 are those Gen 1 square 802.11ac UAPs, not those Gen 2 UAP-AC-Lite/LR/PRO. There is no 4.x firmware for these UAP-AC/UAP-ACv2 square ones since it has been announced as LTS.

New Member
Posts: 20
Registered: ‎05-08-2018

Re: [FIRMWARE] 3.8.17.6789 for UAP-AC, UAP-AC v2, and UAP-AC-OD has been released

OK but, since I don't have any of those older models, why would the controller be suggesting I downgrade?

 

That suggestion is no longer appearing in my controller, not sure what changed.

Highlighted
New Member
Posts: 12
Registered: ‎06-20-2013
Kudos: 1

Re: [FIRMWARE] 3.8.17.6789 for UAP-AC, UAP-AC v2, and UAP-AC-OD has been released

If the controller has a lower version of firmware than your router, it'll recommend a downgrade, sometimes because bugs were found in firmware after it's release and it was rolled back, sometimes because the device was manually updated and the controller just hasn't caught up. But this thread is about a firmware you can't run for a router you don't have so it's kinda off topic here, if you want more info you should start a new topic.
New Member
Posts: 12
Registered: ‎06-20-2013
Kudos: 1

Re: [FIRMWARE] 3.8.17.6789 for UAP-AC, UAP-AC v2, and UAP-AC-OD has been released

Hey quick question on a slightly related subject, I still have a Picostation running 3.3.22.4024, will that still be able to connect to controller 5.6.41, or if not, any chance of an updated firmware? It's really out there in the middle of nowhere and I don't want to have to replace it, and I'd imagine there's at least a couple other people running them.

Reply