Scheduled maintenance: Community available only in read-only mode until 6:00 AM (PT)
Reply
Ubiquiti Employee
Posts: 9,632
Registered: ‎01-28-2013
Kudos: 17001
Solutions: 609
Contributions: 20

UniFi Network Controller 5.10.23 Stable has been released

Please see our release post HERE.

 

*This release follows our usual release structure which means it will initially be available via this blog post only. It will be posted to the download site and official repos in the near future. If you aren't familiar with our release structure, please take a moment to read our post HERE. Thanks!

Regular Member
Posts: 723
Registered: ‎11-10-2012
Kudos: 87
Solutions: 16

Re: UniFi Network Controller 5.10.23 Stable has been released

5.6.42 then 5.10.23 released only only 30mins apart... is this correct?
Ubiquiti Employee
Posts: 9,632
Registered: ‎01-28-2013
Kudos: 17001
Solutions: 609
Contributions: 20

Re: UniFi Network Controller 5.10.23 Stable has been released


@Blinc wrote:
5.6.42 then 5.10.23 released only only 30mins apart... is this correct?

Yes, 5.6 is a release branch for EOL hardware (UAP-AC, UAP-ACv2 and UAP-AC-Outdoor). We wanted to get an updated release out which included some important security changes. The 5.10 release branch doesn't support those models. 

 

Cheers,

Mike

New Member
Posts: 14
Registered: ‎12-02-2017
Kudos: 9

Re: UniFi Network Controller 5.10.23 Stable has been released

[ Edited ]
@UBNT-MikeD wrote:

[...] We wanted to get an updated release out which included some important security changes[...]

Quoting the announcement: "Various bug fixes and improvements" doesn't really carry the same significance as "important security changes". I first read the announcement, and thought "yeah, do that sometime". Now I think I need to prioritise it? How much priority?

 

And this is a new question for me, others may have asked it before: do any of those security changes have a CVE number?

New Member
Posts: 5
Registered: ‎04-23-2019

Re: UniFi Network Controller 5.10.23 Stable has been released

Hi, i'm sorry if this is a dumb question, but there doesent seem tp be any updates for 5.10.21.0 on ubuntu? I did a clean install a week ago and followed the new guides. Is there a delay for this update to be avaliable on apt? Or is there a package i can manually download? How do i upgrade?

 

I'm a newbie on unifi. Just got my 4 APs, switch and USG pro just set up at home.

Member
Posts: 1,030
Registered: ‎02-03-2019
Kudos: 302
Solutions: 48

Re: UniFi Network Controller 5.10.23 Stable has been released

Did you read the blog post linked in MikeD‘s posting?

 

https://community.ubnt.com/t5/UniFi-Updates-Blog/UniFi-Network-Controller-5-10-23-Stable-has-been-re...

 

Check the Ubuntu-Spoiler, is that how you‘ve tried it?

 

New Member
Posts: 31
Registered: ‎02-13-2019
Kudos: 9
Solutions: 3

Re: UniFi Network Controller 5.10.23 Stable has been released


@georgeed wrote:
@UBNT-MikeD wrote:

[...] We wanted to get an updated release out which included some important security changes[...]

Quoting the announcement: "Various bug fixes and improvements" doesn't really carry the same significance as "important security changes". I first read the announcement, and thought "yeah, do that sometime". Now I think I need to prioritise it? How much priority?

 

And this is a new question for me, others may have asked it before: do any of those security changes have a CVE number?


Hi georgeed,

 

I believe MikeD is referencing the 5.6.42 Controller version for the security changes. Your second question is also answered directly underneath that on the release page.

 

Capture.png
New Member
Posts: 5
Registered: ‎04-23-2019

Re: UniFi Network Controller 5.10.23 Stable has been released

Yes, that is correct. That's what I've tried.

New Member
Posts: 3
Registered: ‎05-08-2017
Kudos: 2

Re: UniFi Network Controller 5.10.23 Stable has been released

There's a bug with the guest captive portal redirect http.

 

I've no issue with ver 5.9.29.

 

New Member
Posts: 3
Registered: ‎05-08-2017
Kudos: 2

Re: UniFi Network Controller 5.10.23 Stable has been released

I am able to replicate the issue by installing another controller with 5.9.29 and upgrade it to 5.10.23.

 

I've created a sample DNS A record and simply named it tony.stark.com.

 

Unifi Controller 5.9.29

4.png

 

I am able to resolve tony.stark.com to my local unifi controller ip

3.png

 

Also able to retrieve the captive portal page

5.png

 

And here comes the problem.. I upgrade it to 5.10.23.. I no longer able to ping tony.stark.com and unable to retrieve the captive portal page. The controller doesnt recognize itself as tony.stark.com

 

 

New Member
Posts: 5
Registered: ‎04-23-2019

Re: UniFi Network Controller 5.10.23 Stable has been released

Any tips here?

 

sudo apt-get update
Ign:1 http://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.4 InRelease
Hit:2 http://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.4 Release
Hit:3 http://archive.ubuntu.com/ubuntu bionic InRelease
Hit:6 http://archive.ubuntu.com/ubuntu bionic-updates InRelease
Get:7 http://archive.ubuntu.com/ubuntu bionic-backports InRelease [74.6 kB]
Hit:5 http://dl.ubnt.com/unifi/debian stable InRelease
Get:8 http://archive.ubuntu.com/ubuntu bionic-security InRelease [88.7 kB]

Fetched 163 kB in 1s (122 kB/s)
Reading package lists... Done

 

sudo apt-get upgrade
[sudo] password for nicho:
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

 

sudo apt install unifi
Reading package lists... Done
Building dependency tree
Reading state information... Done
unifi is already the newest version (5.10.21-11661-1).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

Senior Member
Posts: 25,966
Registered: ‎08-04-2017
Kudos: 4870
Solutions: 1289

Re: UniFi Network Controller 5.10.23 Stable has been released

Hello @nicholasah,


Welcome to the community!

 

It takes atleast 1 week before it gets pushed to the repo.

You could use my Easy Update Script.

 

 

Regards,
Glenn R.

Cloud Hosted Controllers | Glenn R. | UniFi Installation/Easy Update Scripts | UniFi-Video Installation Scripts | UniFi-VoIP Installation Scripts
USG-XG-8 • USG-4-PRO • USG
US-XG-16 • US-48-500W • US-24-POE-250W 2x • US-16-POE-150W 3x • US-24 • US-8-150W • US-8
UAP XG • UAP-SHD • UAP-HD • UAP-NanoHD 2x • UAP-AC-PRO 2x • UAP-AC-LITE • UAP-AC-IW • UAP-AC-M • UAP-AC-M-PRO 2x
UAS-XG • UCK-G2-PLUS • UCK-G2 • UCK
New Member
Posts: 5
Registered: ‎04-23-2019

Re: UniFi Network Controller 5.10.23 Stable has been released

That script worked like a charm! Thanks so much!

I thought you fixed "the fake poor wifi-score" in this version?
It stil reports 0% from two of my Sonoses that is litteraly 5 meters from my AP.

Senior Member
Posts: 25,966
Registered: ‎08-04-2017
Kudos: 4870
Solutions: 1289

Re: UniFi Network Controller 5.10.23 Stable has been released

Hello @nicholasah,


Make sure your UAPs are on 4.0.30 ( use the firmware binary link location )

Devices > UAP > Config > Manage Device > Custom Upgrade

 

 

Regards,

Glenn R.

Cloud Hosted Controllers | Glenn R. | UniFi Installation/Easy Update Scripts | UniFi-Video Installation Scripts | UniFi-VoIP Installation Scripts
USG-XG-8 • USG-4-PRO • USG
US-XG-16 • US-48-500W • US-24-POE-250W 2x • US-16-POE-150W 3x • US-24 • US-8-150W • US-8
UAP XG • UAP-SHD • UAP-HD • UAP-NanoHD 2x • UAP-AC-PRO 2x • UAP-AC-LITE • UAP-AC-IW • UAP-AC-M • UAP-AC-M-PRO 2x
UAS-XG • UCK-G2-PLUS • UCK-G2 • UCK
New Member
Posts: 3
Registered: ‎04-19-2015

Re: UniFi Network Controller 5.10.23 Stable has been released

Hi,

I Have an issue upgrading devices using the controller from firmware 3.7.5.4969
I was trying regular and custom firmware upgrade, but the controller is asking the device to download the upgrade file directly from UBNT website.

Here is a line from the log file:
[2019-05-06T22:55:22,892] <inform-20> INFO inform - <<< [upgrade] dev[24:a4:3c:98:dd:ee] {"_type":"upgrade","version":"4.0.10","url":"https://dl.ubnt.com/unifi/firmware/BZ2/4.0.10.9653/BZ.ar7240.v4.0.10.9653.181205.1311.bin","md5sum":..."}

Is there a way to upgrade it remotely?

Manual firmware upgrade using this link:
BZ.v3.7.5# upgrade https://dl.ubnt.com/unifi/firmware/BZ2/4.0.10.9653/BZ.ar7240.v4.0.10.9653.181205.1311.bin
Downloading firmware from 'https://dl.ubnt.com/unifi/firmware/BZ2/4.0.10.9653/BZ.ar7240.v4.0.10.9653.181205.1311.bin'.

--2019-05-06 22:07:34-- https://dl.ubnt.com/unifi/firmware/BZ2/4.0.10.9653/BZ.ar7240.v4.0.10.9653.181205.1311.bin
Resolving dl.ubnt.com... 13.32.69.32
Connecting to dl.ubnt.com|13.32.69.32|:443... connected.
ERROR: cannot verify dl.ubnt.com's certificate, issued by `/C=US/O=Amazon/OU=Server CA 1B/CN=Amazon':
Unable to locally verify the issuer's authority.
ERROR: certificate common name `dl.ui.com' doesn't match requested host name `dl.ubnt.com'.
To connect to dl.ubnt.com insecurely, use `--no-check-certificate'.
Unable to establish SSL connection.
Image short, header truncated.
Invalid firmware.

Regular Member
Posts: 362
Registered: ‎01-03-2017
Kudos: 157
Solutions: 15

Re: UniFi Network Controller 5.10.23 Stable has been released


@georgeed wrote:
@UBNT-MikeD wrote:

[...] We wanted to get an updated release out which included some important security changes[...]

Quoting the announcement: "Various bug fixes and improvements" doesn't really carry the same significance as "important security changes". I first read the announcement, and thought "yeah, do that sometime". Now I think I need to prioritise it? How much priority?

 

And this is a new question for me, others may have asked it before: do any of those security changes have a CVE number?


Yeah... Note that the change list is from 5.10.22, not the previous Stable 5.10.21.  They fixed the security issue in 5.10.22, but have yet to actually post what it was, in either those release notes or the security blog.  @UBNT-MikeD can the stable release blog post be fixed to list changes since 5.10.21?  Because considering the secrecy, I'm guessing the omission of the security fix in the release notes is kind of a doozy.

 

5.10.22's release notes (which aren't even visible from this forum, since it's beta) said that there would soon be a post in the security blog, including a CVE.

Ubiquiti Employee
Posts: 9,632
Registered: ‎01-28-2013
Kudos: 17001
Solutions: 609
Contributions: 20

Re: UniFi Network Controller 5.10.23 Stable has been released

[ Edited ]

@Maltz wrote:Yeah... Note that the change list is from 5.10.22, not the previous Stable 5.10.21.  They fixed the security issue in 5.10.22, but have yet to actually post what it was, in either those release notes or the security blog.  @UBNT-MikeD can the stable release blog post be fixed to list changes since 5.10.21?  Because considering the secrecy, I'm guessing the omission of the security fix in the release notes is kind of a doozy.

Oops, fixed. Thanks! As far as I know our current plan going forward is to make mention of a security change and then make an advisory afterwards including a CVE. Advisories/CVEs are pretty new process for us and we may change that but this is where we're starting. In general we want to allow some time for adoption before publishing an advisory.

 

Cheers,

Mike

Highlighted
Ubiquiti Employee
Posts: 9,632
Registered: ‎01-28-2013
Kudos: 17001
Solutions: 609
Contributions: 20

Re: UniFi Network Controller 5.10.23 Stable has been released

@robertik hmm, that needs to use a HTTP URL, not HTTPS. That firmware doesn't have the capability of verifying the cert. The interim update process should've passed the proper URL though so that looks like it may be a bug.

 

If you perform a custom upgrade then please use a HTTP link only. There is image verification other than just a md5sum. If you have many APs you can enable the option to select multiple devices and edit them in groups, just make sure to upgrade based on support model(s) for the firmware.

 

Cheers,

Mike

New Member
Posts: 14
Registered: ‎12-02-2017
Kudos: 9

Re: UniFi Network Controller 5.10.23 Stable has been released

Thanks, Maltz

New Member
Posts: 14
Registered: ‎12-02-2017
Kudos: 9

Re: UniFi Network Controller 5.10.23 Stable has been released


@UBNT-MikeD wrote:

[...] As far as I know our current plan going forward is to make mention of a security change and then make an advisory afterwards including a CVE. [...] In general we want to allow some time for adoption before publishing an advisory.

 

Cheers,

Mike


Speaking both personally and professionally, I think that is a very flawed approach.

If you don't draw attention to the vulnerability, then customers see no urgency to apply the patch, and you end up in the default position: the bad guys know the vulnerability exists, and the good guys aren't protected.

 

Better to follow the approach adopted by most vendors: announce the vulnerability when it is known; and then announce the fix when it is available. That way customers have sufficient information to make their own decisions on where they sit on the risk/reward scale and any mitigation they may need to perform.

 

George

Reply