Scheduled maintenance: Community will be offline Monday June 17th, 1:00 AM - 6:00 AM (PT)
Reply
New Member
Posts: 36
Registered: ‎02-14-2014
Kudos: 21
Solutions: 2

Re: UniFi 5.5.20 Stable has been released

"Various security improvements"

 

Maybe add some LowMediumHighCritical ratings so we know if we need to install this ASAP or not.

 

 

New Member
Posts: 4
Registered: ‎03-17-2017
Kudos: 4

Re: UniFi 5.5.20 Stable has been released

Fair one but in general you should be updating anyway.  However you should also weigh up the risks and mitigate where you can:

 

  • Make sure you have the built in backups enabled
  • The entire system itself should be backed up in some way regularly
  • If it is a VM then snapshot it before updating
  • If you have control of firewalls etc then you can make your controller vanish for all but a few of your devices, test and then re enable
  • Use the LTS versions of the OS eg Ubuntu Xenial
  • Keep the OS + other stuff to a minimum and don't fiddle
  • Did I mention backups?

The Unifi controller is a hugely complicated set of software with a very intricate set of dependencies.  If it is important to you then make sure you run it on something that is as simple as possible.  UBNT can only test so many sets of circumstances.

 

There is a very good reason that I use a very simple Ubuntu Xenial minimal install as the base for my controller and I stick to the stable branch for Unifi.  I put Arch and Gentoo Linux on PCs (oh and Windows - yawn) and even servers when they are appropriate.

 

When you see posts here whining that the latest update has assassinated their dog, slept with their wife and stubbed out ciggie butts (1) on the carpet, you can be fairly sure that they are not treating the system with the care that is needed.  If it is important to you then treat it as such.

 

You and I are not really able to distinguish whether a security update is really low/medium/whatever - we are not qualified to know what that really means (OK I am personally CREST accredited but the point stands).  Our job is to deliver systems and it is generally agreed that updates should be applied as soon as is practically possible.  In the UK, to be accredited to the "Cyber Essentials" standard you will tick a box that says that you update every two weeks.  I would say that CE is the base minimum for *any* organisation.

 

Soz, got a bit chatty 8)

 

(1) I tried to use the word: "Foxtrot Alpha Golf" which is a en_GB slang term for cigarette - I doubt anyone reading my comment would have been offended or missunderstood what I was saying.  In defference to the nanny filter I have changed it to ciggie instead 8)

New Member
Posts: 18
Registered: ‎12-17-2015
Kudos: 9

Re: UniFi 5.5.20 Stable has been released

In a remarkably frustrating 2 hour period I have done battle with 5.5.20 and come out the loser.

 

Since upgrading from 5.4.14, my 5.5.20 install would get stuck in a restart loop. The restarts happened roughly every 2 minutes or so.

 

I tried upgrading java to version 8 as suggested in the upgrade instructions in the blog post but this had no effect. I tried various shenanigans with file permissions and whatnot, also with no effect.

 

Finally I backed up my install and erased everything, including my data, and performed a fresh install of 5.5.20 - totally from scratch.

 

The same thing happens.

 

[2017-08-10 00:13:10,717] <launcher> INFO  system - ======================================================================
[2017-08-10 00:13:10,725] <launcher> INFO  system - UniFi 5.5.20 (build atag_5.5.20_9565 - release) is started
[2017-08-10 00:13:10,725] <launcher> INFO  system - ======================================================================
[2017-08-10 00:13:10,821] <launcher> INFO  system - BASE dir:/usr/lib/unifi
[2017-08-10 00:13:11,059] <launcher> INFO  system - Current System IP: 192.168.1.5
[2017-08-10 00:13:11,062] <launcher> INFO  system - Hostname: //SNIPPED//
[2017-08-10 00:15:03,011] <launcher> INFO  system - ======================================================================
[2017-08-10 00:15:03,019] <launcher> INFO  system - UniFi 5.5.20 (build atag_5.5.20_9565 - release) is started
[2017-08-10 00:15:03,020] <launcher> INFO  system - ======================================================================
[2017-08-10 00:15:03,117] <launcher> INFO  system - BASE dir:/usr/lib/unifi
[2017-08-10 00:15:03,358] <launcher> INFO  system - Current System IP: 192.168.1.5
[2017-08-10 00:15:03,360] <launcher> INFO  system - Hostname: //SNIPPED//
[2017-08-10 00:16:57,966] <launcher> INFO  system - ======================================================================
[2017-08-10 00:16:57,973] <launcher> INFO  system - UniFi 5.5.20 (build atag_5.5.20_9565 - release) is started
[2017-08-10 00:16:57,974] <launcher> INFO  system - ======================================================================
[2017-08-10 00:16:58,072] <launcher> INFO  system - BASE dir:/usr/lib/unifi
[2017-08-10 00:16:58,312] <launcher> INFO  system - Current System IP: 192.168.1.5
[2017-08-10 00:16:58,314] <launcher> INFO  system - Hostname: //SNIPPED//

I'm somewhat at a loss and not sure what to do. As I mentioned, this is a completely fresh install. I even uninstalled (and purged) mongodb-server just in case. I've run out of ideas. Any thoughts?

New Member
Posts: 1
Registered: ‎01-03-2017

Re: UniFi 5.5.20 Stable has been released

Not too sure what's stable about this version. I updated the firmware on my Cloud Key; I planned to update the controller software after reading more about 5.5.20. The Cloud Key decided to upgrade the software on its own. 

 

Now, on 5.5.20, my Cloud Key will not stay online for more than an hour or so. I have to power cycle it to come back. I try to do a backup, only to have it fail. 

 

It almost feels like there is no testing done before releasing updates... 

New Member
Posts: 36
Registered: ‎02-14-2014
Kudos: 21
Solutions: 2

Re: UniFi 5.5.20 Stable has been released

So you're in favor of the improved labeling, then? Great!

Established Member
Posts: 1,168
Registered: ‎02-18-2017
Kudos: 448
Solutions: 37

Re: UniFi 5.5.20 Stable has been released


@EagleRed wrote:

"Various security improvements"

 

Maybe add some LowMediumHighCritical ratings so we know if we need to install this ASAP or not.

 

 


When I first saw this I thought "That's a good idea" and I was thinkimg about it a lot over the past few hours. In reality, I don't really see this as practical. How would you define the priority of a security update?

 

Having thought about it, surely I have to view all security improvements as Critical updates?

 

Any known vulnerabilites should be patched immediately otherwise you're knowingly leaving yourself open to attack. Not that anyone would actually bother attacking my network....

 

Thanks for the post as it really got me thinking!  

New Member
Posts: 18
Registered: ‎12-17-2015
Kudos: 9

Re: UniFi 5.5.20 Stable has been released

I want to punch a wall at this point. My controller is completely offline.

 

Remove everything

 

root@unipi:/home/pi# apt-get remove --purge unifi mongodb-server
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following packages were automatically installed and are no longer required:
  jsvc libboost-atomic1.55.0 libboost-filesystem1.55.0
  libboost-program-options1.55.0 libboost-system1.55.0 libboost-thread1.55.0
  libcommons-daemon-java libpcap0.8 libpcrecpp0 libsnappy1 libv8-3.14.5
  mongodb-clients
Use 'apt-get autoremove' to remove them.
The following packages will be REMOVED:
  mongodb-server* unifi*
0 upgraded, 0 newly installed, 2 to remove and 0 not upgraded.
After this operation, 224 MB disk space will be freed.
Do you want to continue? [Y/n] 
(Reading database ... 33936 files and directories currently installed.)
Removing unifi (5.4.19-9258) ...
Purging configuration files for unifi (5.4.19-9258) ...
Removing mongodb-server (1:2.4.10-5+deb8u1) ...
arg: remove
Purging configuration files for mongodb-server (1:2.4.10-5+deb8u1) ...
dpkg: warning: while removing mongodb-server, directory '/var/log/mongodb' not empty so not removed
dpkg: warning: while removing mongodb-server, directory '/var/lib/mongodb' not empty so not removed
Processing triggers for systemd (215-17+deb8u7) ...
Processing triggers for man-db (2.7.5-1~bpo8+1) ...
root@unipi:/home/pi# rm -rf /var/lib/mongodb/
root@unipi:/home/pi#

Install it back

 

root@unipi:/home/pi# apt-get install unifi
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following packages were automatically installed and are no longer required:
  fontconfig-config fonts-dejavu-core libasyncns0 libflac8 libfontconfig1 libice6 libogg0 libpulse0 libsctp1 libsm6 libsndfile1 libvorbis0a libvorbisenc2 libx11-xcb1
  lksctp-tools
Use 'apt-get autoremove' to remove them.
The following extra packages will be installed:
  mongodb-server
The following NEW packages will be installed:
  mongodb-server unifi
0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/163 MB of archives.
After this operation, 242 MB of additional disk space will be used.
Do you want to continue? [Y/n] 
Preconfiguring packages ...
Selecting previously unselected package mongodb-server.
(Reading database ... 32725 files and directories currently installed.)
Preparing to unpack .../mongodb-server_1%3a2.4.10-5+deb8u1_armhf.deb ...
Unpacking mongodb-server (1:2.4.10-5+deb8u1) ...
Selecting previously unselected package unifi.
Preparing to unpack .../unifi_5.5.20-9565_all.deb ...
Unpacking unifi (5.5.20-9565) ...
Processing triggers for systemd (215-17+deb8u7) ...
Processing triggers for man-db (2.7.5-1~bpo8+1) ...
Setting up mongodb-server (1:2.4.10-5+deb8u1) ...
Setting up unifi (5.5.20-9565) ...
Processing triggers for systemd (215-17+deb8u7) ...
root@unipi:/home/pi# 

Wonder how its going?

 

[2017-08-10 18:13:24,646] <launcher> INFO  system - *** Running for the first time, creating identity ***
[2017-08-10 18:13:24,666] <launcher> INFO  system - UUID: 9ea46695-fb6d-487b-8bd5-c96985eaee62
[2017-08-10 18:13:24,692] <launcher> INFO  system - ======================================================================
[2017-08-10 18:13:24,696] <launcher> INFO  system - UniFi 5.5.20 (build atag_5.5.20_9565 - release) is started
[2017-08-10 18:13:24,697] <launcher> INFO  system - ======================================================================
[2017-08-10 18:13:24,803] <launcher> INFO  system - BASE dir:/usr/lib/unifi
[2017-08-10 18:13:25,042] <launcher> INFO  system - Current System IP: 192.168.1.5
[2017-08-10 18:13:25,044] <launcher> INFO  system - Hostname: NOPE
[2017-08-10 18:13:25,085] <launcher> INFO  system - Valid keystore is missing. Generating one ...
[2017-08-10 18:13:25,088] <launcher> INFO  system - Generating Certificate[UniFi]... please wait...
[2017-08-10 18:16:15,914] <launcher> INFO  system - Certificate[UniFi] generated!
[2017-08-10 18:16:51,800] <localhost-startStop-1> WARN  SessionIdGeneratorBase - Creation of SecureRandom instance for session ID generation using [SHA1PRNG] took [125] milliseconds.
[2017-08-10 18:18:00,234] <launcher> INFO  system - ======================================================================
[2017-08-10 18:18:00,241] <launcher> INFO  system - UniFi 5.5.20 (build atag_5.5.20_9565 - release) is started
[2017-08-10 18:18:00,242] <launcher> INFO  system - ======================================================================
[2017-08-10 18:18:00,340] <launcher> INFO  system - BASE dir:/usr/lib/unifi
[2017-08-10 18:18:00,574] <launcher> INFO  system - Current System IP: 192.168.1.5
[2017-08-10 18:18:00,576] <launcher> INFO  system - Hostname: NOPE
[2017-08-10 18:19:41,400] <launcher> INFO  system - ======================================================================
[2017-08-10 18:19:41,408] <launcher> INFO  system - UniFi 5.5.20 (build atag_5.5.20_9565 - release) is started
[2017-08-10 18:19:41,409] <launcher> INFO  system - ======================================================================
[2017-08-10 18:19:41,507] <launcher> INFO  system - BASE dir:/usr/lib/unifi
[2017-08-10 18:19:41,742] <launcher> INFO  system - Current System IP: 192.168.1.5
[2017-08-10 18:19:41,744] <launcher> INFO  system - Hostname: NOPE
[2017-08-10 18:21:22,096] <launcher> INFO  system - ======================================================================
[2017-08-10 18:21:22,103] <launcher> INFO  system - UniFi 5.5.20 (build atag_5.5.20_9565 - release) is started
[2017-08-10 18:21:22,104] <launcher> INFO  system - ======================================================================
[2017-08-10 18:21:22,203] <launcher> INFO  system - BASE dir:/usr/lib/unifi
[2017-08-10 18:21:22,436] <launcher> INFO  system - Current System IP: 192.168.1.5
[2017-08-10 18:21:22,438] <launcher> INFO  system - Hostname: NOPE

9f0c09ac5a9093124b42a94bdd13476c

Established Member
Posts: 917
Registered: ‎03-28-2013
Kudos: 278
Solutions: 37

Re: UniFi 5.5.20 Stable has been released

With this build and the bundled firmwares, I do see UAP-AC-M devices get disconnected from the controller quite often. Other devices do not get disconnected.

 

I have also seen the UAP-AC-M devices occasionally 'forget' their radio settings and stay full auto channel and auto power. 

 

Emerging Member
Posts: 88
Registered: ‎06-17-2016
Kudos: 42

Re: UniFi 5.5.20 Stable has been released

 
New Member
Posts: 25
Registered: ‎02-16-2016
Kudos: 2

Re: UniFi 5.5.20 Stable has been released

Minor bug-  Using mixed case in the 'Specify Sender Address' text box under Controller/Mail Server

settings results in what I assume is an error (box gets a red underline), with no explination as to why.

This may occur in other text boxes, but I did not check...

New Member
Posts: 36
Registered: ‎02-14-2014
Kudos: 21
Solutions: 2

Re: UniFi 5.5.20 Stable has been released

I'm not asking them to define priority, I'm asking them to define severity -- company policy dictates priority based on severity. But, without a severity rating, then every vulnerability is considered critical. This is both unfair and unrealistic as customers have to race to get patches installed, whereas a Low vulnerability might be patched during normal maintenance windows.

 

New Member
Posts: 6
Registered: ‎03-03-2016
Kudos: 1

Re: UniFi 5.5.20 Stable has been released

[ Edited ]

@icyliquidI'm having this exact same issue on a fresh Raspian install. Followed the LoweFamily instructions, which have always worked well in the past. I get the same info in my log. Don't see the usual DB log in the /var/log/unifi folder either. 

New Member
Posts: 6
Registered: ‎05-27-2017

Re: UniFi 5.5.20 Stable has been released


- Always deploy WAN_OUT firewall rules and remove config.properties control.

....without config.properties:

How does one change settings not available in the web gui?

  (that will survive provisioning and/or a reboot)

 

 

Still on 5.5.19

root@debian9vm-unifi:~# cat /var/lib/unifi/sites/default/config.properties 
config.system_cfg.1=radio.1.txbf=3
config.system_cfg.2=radio.2.txbf=3

I'm currently using it to enable beamforming.

 

Are beamforming capabilities being removed completely in 5.5.20+?

 

How does one migrate config.properties settings to 5.5.20?

 

 

 

 


To keep Unifi at 5.5.19 while using the apt-get method:

root@debian9vm-unifi:~# apt-mark hold unifi
unifi set on hold.
root@debian9vm-unifi:~# apt-get upgrade 
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Calculating upgrade... Done
The following packages have been kept back:
   unifi (5.5.19-9547 => 5.5.20-9565)
0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded.
root@debian9vm-unifi:~# 

New Member
Posts: 2
Registered: ‎05-21-2017

Re: UniFi 5.5.20 Stable has been released

I believe I have found a bug in this release of the Unifi Controller.


My network has a few legacy 11g devices in use, and in previous releases of the controller, the 'PHY Mode' column under 'Clients' has correctly reported them as '11ng'.

However, in this release, these same devices are being reported as '11b'.

 

Since 11b devices slow down 11n networks, I would like to know whether these devices are actually operating in 11b mode, or whether this is just a bug.

I have attached a screenshot showing what I mean.

 

Thanks!

unifi.jpg
Regular Member
Posts: 598
Registered: ‎12-15-2016
Kudos: 65
Solutions: 16

Re: UniFi 5.5.20 Stable has been released

@rabbitvcactus2

 

Im no expert about whether it should report as "b" or "ng" or anything else, but based on the speeds your other items are connected at, I would say that this legacy item is NOT slowing down anything else on your network.

Emerging Member
Posts: 97
Registered: ‎05-01-2016
Kudos: 15
Solutions: 2

Re: UniFi 5.5.20 Stable has been released

I can't seem to get RADIUS working. 

 

I have a Windows 2012 R2 server with NPS installed. When I use my Cisco AP I am able to get connected, however when I setup my UAP-AC-PRO (I have the Cloud key using 0.73) the NPS gives me an error 14 basically it says the key is not the same on both ends. So I double and tripple check and again error 14. Switch back to my Cisco AP using the same shared key and it works. 

 

So much for Ubiquiti being Enterprise uh?

 

 

New Member
Posts: 1
Registered: ‎04-26-2017

Re: UniFi 5.5.20 Stable has been released

@icyliquid@j8048188Same issue.. have you guys had any luck??

New Member
Posts: 28
Registered: ‎03-02-2017
Kudos: 3

Re: UniFi 5.5.20 Stable has been released

Hello Man Happy

 

I was using the built in L2TP Client with the Radius Server as soon as it was available in the RC Branche,

worked perfect all the time, now in 5.5.20 Stable the /32 IP´s work like expected (no double NAT from my LTE Modem) but the VPN Feature broke Man Sad

 

Since 5.5.20 it shows the L2TP active (green) in the Dashboard (without connections) but I can't connect to the USG.. I tried to disable and re-enable all the Settings, Passwords, etc. but that didn't help.

 

Is this a know Bug? Or am I making something up?

 

thanks.

Emerging Member
Posts: 73
Registered: ‎10-14-2016
Kudos: 13
Solutions: 1

Re: UniFi 5.5.20 Stable has been released

agre 100% they need to define the severity and or provide CVSS scores of the vulnerabilities that they are patching.

New Member
Posts: 18
Registered: ‎12-17-2015
Kudos: 9

Re: UniFi 5.5.20 Stable has been released

I ended up moving my controller to a Linux machine and got it running. The machine is far beefier and the controller runs better there. Most things seem to be going fine, but I've run into a new problem.

 

My USG 4P seems to disconnect from the controller frequently and regularly. When it is disconnected, it still routes normal traffic just fine, but cannot reach the controller for some reason.

 

Specifically, when the USG misses its heartbeat to the controller, I have been logged into it. Its functional. I can ping the controller from the USG, but HTTP requests to the controller's INFORM url do not succeed. In fact, no TCP traffic seems to reach the controller from the USG. I can communicate with the controller from OTHER hosts just fine though.

 

So periodically, the USG forgets how to communicate with the controller over TCP. Then remembers again, then forgets again. Forever. Other UniFi devices work fine (switches, aps).

 

Anyone had this?

Reply