FIRMWARE CHANGE HISTORY ----------------------- Lenovo RackSwitch G8124/G8124E Version 8.3.5.0 (Released May 2016) ** Changes since the 8.3.4.0 release ** Enhancements: - Extend the ability to configure syslog server port from the switch user interfaces. (50898) Changes: none Fixes: - The switch’s browser based interface (BBI) was susceptible to security vulnerabilities XSS (stored cross-site scripting) and CSRF (cross-site request forgery). The web security policy mechanism HSTS (HTTP Strict Transport Security) has been implemented on BBI. (49409, 49427, 49471) - The switch’s browser based interface (BBI) would fail to honor the “cache-control=no-cache” directive and still cache the pages. The value of the “cache-control” directive has been changed from “no-cache” to “no-store”. (49475) - Switch could crash when enabling HTTPS protocol, while the switch were trying to connect to the VSI Manager. (50435) - A crash could occur when generating tech support dump via SNMP if vmprofile were configured on the switch. (51222) - A crash would occur when the switch is trying to authenticate users using LDAP, where the user group from the LDAP server is wrongly configured with an unsupported object class. (47394) - "show ldap-server" command displays secondary server IP for current LDAP server instead of the primary. (55372) - Switch would fail to upload the tech support dump through SNMP with the tftp option. In addition, “Bad file ID 0" messages would be displayed on the console. (51195) - Fixed security vulnerabilities as reported in CVE Advisories CVE-2015-8710 (libxml2). (49214) - Fixed OpenSSL vulnerabilities as reported in CVE Advisories CVE-2015-7575 (SLOTH). (47856) ================================================================================ Lenovo RackSwitch G8124/G8124E Version 8.3.4.0 (Released February 2016) ** Changes since the 8.3.3.0 release ** Enhancements: none Changes: none Fixes: - Switch could crash where no DCBX peer is detected on ports, when CEE was enabled. (42697) - Permanent vLAG MACs added when VLANs are configured on VLAG ports, would not be deleted after deleting the corresponding VLANs. (44103) - When the reset button is pressed, it could interrupt an I2C transaction and lock up the I2C bus leading to a hang in the desired switch reset. A fix was added to prevent this sequence of events occurring. (43168) - Applying switch configuration having OSPF commands, could fail with the message “Routed Port Interface corresponding area (index) 0 is not enabled”, when pasting from a serial session. (7170) - The hwMTM variable is added to the SNMP MIB to allow reading of the Machine Type Model of the switch. (44107) - Using Cisco ACS, version 5.3 and above, to authenticate users with TACACS protocol, could lead to the User Interface thread (SSHD,AGR,TNET,CONS) to be suspended forever, thereby denying any further authentication with the TACACS protocol. (LV307694/7383) - Fixed OpenSSL vulnerabilities as reported in CVE Advisories CVE-2015-3194,CVE-2015-3195. (46801) ================================================================================ Lenovo RackSwitch G8124/G8124E Version 8.3.3.0 (Released October 2015) ** Changes since the 8.3.2.0 release ** Enhancements: - The number of STP groups supported in the PVRST protocol has been increased to 256. (LV311048) - Added vLAG Peer Gateway functionality which allows a vLAG switch to act as the active gateway for packets that are addressed to the router MAC address of the vLAG peer. (7390) - Added support for the SLP protocol. Service Location Protocol (SLP) provides a dynamic configuration mechanism for applications in local area networks. Applications are modeled as clients that need to find servers attached to any of the available networks within an enterprise. - Extended the ability to support Dual Speed 1/10G MMF SFP+ Transceivers. (LV311542,LV311078,LV312616) Changes: - The SSH Protocol is enabled by default on the switch. (38987) - The output of “show tech-support” now includes the isCLI commands as headers before their respective output. (38125) - The command "show flash-dump-uuencode" in the isCLI menu and its equivalent "/maint/uudmp" from the IBMNOS-CLI menu have been deprecated. The reference to use this command has been removed from the help tip that is posted upon user login if a flash-dump exists on the switch. (XB282980) Fixes: - The user is incorrectly prompted for "setup configuration" upon login even though configuration had been applied and saved, and the startup configuration block was set to active. (39158) - FCOE connections would be lost when the /sbin/lldpnetmap script (utility from VMware vSphere) was run. The script was incorrectly causing the switch detect multiple peers causing DCBX to be out of sync. The connection would be restored after a shut/no shut of the affected ports. (XB300488,7400) - When configuring “qos bandwidth min” on an UFP port, the switch would incorrectly allow the sum of the minimum bandwidth to be less than 100%. (40181,40295) - If the serial number of the switch was changed, the user was prevented from successfully installing a new image, and the message “image contains invalid signature” would be displayed. (40638) - Fixed OpenSSL vulnerabilities as reported in CVE Advisories CVE-2015-1788 (BN_GF2m_mod_inv), CVE-2015-1789 (X509_cmp_time) and CVE-2015-1792 (do_free_upto). (39415) ================================================================================ Lenovo RackSwitch G8124/G8124E Version 8.3.2 (Released May 2015) Initial Release