|
|
# Release v6.0.2
|
|
|
|
|
|
This firmware release contains two software hot-fixes to release v6.0.1. One fixes build errors on Ubuntu 20.04 (see issue #246), but does not solve build issues on Ubuntu 22.04 (see issue #269). The second fix (the reason for this release) disables by default the web interface (see issue #266).
|
|
|
A number of serious security vulnerabilities were found in the web interface (including CVE-2023-22577). Please note that it is still possible to enable web interface in run-time by changing the option `CONFIG_HTTPD_DISABLE` in dot-config. **Users are strongly discouraged from using the web interface.** In exceptional cases the use of web-interface can be limited to well controlled networks.
|
|
|
This firmware release contains three software hot-fixes to release v6.0.1. One fixes build errors on Ubuntu 20.04 (see issue #246), but does not solve build issues on Ubuntu 22.04 (see issue #269).
|
|
|
|
|
|
The second fix (the reason for this release) disables by default the web interface (see issue #266).
|
|
|
A number of serious security vulnerabilities were found in the web interface (including CVE-2023-22577). Please note that it is still possible to enable it in run-time by changing the option `CONFIG_HTTPD_DISABLE` in dot-config. **Users are strongly discouraged from using the web interface.** In exceptional cases the use of web-interface can be limited to well controlled networks.
|
|
|
|
|
|
The third fix is related to the wrong offset (fractional and/or integer) from the NTP time when switch is running in Grand Master mode (#213). In addition there are two more small fixes related to the NTP handling (issues #270 and #271).
|
|
|
|
|
|
The gateware, configuration (except `CONFIG_HTTPD_DISABLE`) and documentation (except wrs-user-manual) remain unchanged from v6.0. *wrs-user-manual* was updated with with the justification why the web interface is disabled by default on a switch. Please note that in the documentation for the release v6.0 there is an statement that the web interface is disabled by default, which was not true.
|
|
|
|
... | ... | @@ -9,13 +13,13 @@ A number of serious security vulnerabilities were found in the web interface (in |
|
|
|
|
|
## Release date
|
|
|
|
|
|
- 26 January 2023
|
|
|
- 24 February 2023
|
|
|
|
|
|
-----
|
|
|
|
|
|
## Downloads
|
|
|
|
|
|
You can build the v6.0.2 release firmware from the [sources](https://ohwr.org/project/wr-switch-sw/wikis/release-v602#sources) or download the already built [firmware](uploads/6ac9893f90fae847013132ee160c7639/wr-switch-sw-v6.0.2-20230124_binaries.tar)
|
|
|
You can build the v6.0.2 release firmware from the [sources](https://ohwr.org/project/wr-switch-sw/wikis/release-v602#sources) or download the already built [firmware](uploads/145dbd8502449abda109dce85759166d/wr-switch-sw-v6.0.1-20210705_binaries.tar)
|
|
|
* [SNMP MIB file for v6.0 release](https://ohwr.org/project/wr-switch-sw/blob/wr-switch-sw-v6.0/userspace/snmpd/WR-SWITCH-MIB.txt)
|
|
|
|
|
|
-----
|
... | ... | @@ -38,5 +42,5 @@ Sources for the release can be fetched from the git repositories: |
|
|
|
|
|
-----
|
|
|
|
|
|
Adam Wujek - 26 January 2023
|
|
|
Adam Wujek - 24 February 2023
|
|
|
|