FIRMWARE CHANGE HISTORY
-----------------------
IBM Networking Operating System RackSwitch G7028 firmware version 7.6.10.0 (Released August 2021)
** Changes since the 7.6.9.0 release **

Enhancements:
none

Changes:

- Avoid using deprecated SSH cryptographic settings - removed unsecure key exchange 
  algorithms: diffie-hellman-group-exchange-sha1 and diffie-hellman-group1-sha1 
  (230493)

- A SSH public key too small could exist on switch - added support to automatically
  install a 2048 bit RSA public key at boot, in case a 1024 bit ssh-dss host key 
  is saved on a device 
  (230493)

Fixes:

- Switches in a VLAG environment could hang or misbehave when a loop occurs at L2 so
  the device experiences extensive L2 station moves. At this point, the MFDB and VFDB 
  threads would go into resumable state and never recovers even after the loop is gone
  (235971)

================================================================================
IBM Networking Operating System RackSwitch G7028 firmware version 7.6.9.0 (Released June 2021)
** Changes since the 7.6.8.0 release **

Enhancements:
none

Changes:
none

Fixes:

- SSL host-certificate expiration would occur after 8th of March 2021 
  even if a new https certificate is generated.
  (226846)

- Switch uptime from BBI interface would be different from the one in 
  CLI for switches that have been running for more than 497 days.
  (228385)

================================================================================
IBM Networking Operating System RackSwitch G7028 firmware version 7.6.8.0 (Released March 2021)
** Changes since the 7.6.7.0 release **

Enhancements:
none

Changes:
none

Fixes:

- Fixed vulnerabilities as reported in the CVE Advisories: 
  CVE-2016-9318, CVE-2018-14404, CVE-2019-19956, CVE-2019-20388, CVE-2020-7595, CVE-2020-24977.
  (220993)

================================================================================
IBM Networking Operating System RackSwitch G7028 firmware version 7.6.7.0 (Released November 2020)
** Changes since the 7.6.6.0 release **

Enhancements:
none

Changes:
none

Fixes:

- Fixed vulnerabilities in the Linux kernel as reported in the CVE Advisories: 
  CVE-2020-13974, CVE-2020-10732, CVE-2020-14314, CVE-2020-12770.
  (207165)

================================================================================
IBM Networking Operating System RackSwitch G7028 firmware version 7.6.6.0 (Released August 2020)
** changes since 7.6.5.0 **

Enhancements:
none

Changes:
none

Fixes:

- Fixed vulnerabilities as reported in the CVE Advisories: CVE-2020-12464.
  (207165)

================================================================================
IBM Networking Operating System RackSwitch G7028 firmware version 7.6.5.0 (Released June 2020)
** changes since 7.6.4.0 **

Enhancements:
none

Changes:

- The support for TLS versions 1.1 and 1.0 has been deprecated. 
  TLS version 1.2 is now supported by default.
  (72679)

- The SSH Server CBC Mode Ciphers and SSH Weak MAC Algorithms have been 
  disabled.
  (75828)

- Added support for using the Diffie-Hellman key exchange algorithm for SSH.
  (68841)

- Added support for the DHE key exchange mode for SSL.
  (XB223799)

- Added support for deleting the HTTPS certificate in ISCLI by using the 
  "access https delete-certificate" command.
  (XB224563)

- Changed the default key exchange methods for generating a certificate from 
  SHA1/RSA1024 to SHA256/RSA2048. If an old certificate already exists on the 
  switch, it needs to be deleted and the switch must be rebooted.
  (69051)

Fixes:

- A SSH connection could fail when using an OpenSSH 6.2 client to connect to 
  the switch.
  (XB178587)

- The HTTPS connection would be lost when generating a certificate with blank 
  fields.
  (202593)

- A SSL connection would fail when different TLS versions were specified in the 
  SSL Record Layer header and in the ClientHello payload.
  (69542)

- Switch could crash when processing SSL traffic received on the management 
  interface.
  (50705)

- A crash would occur when scanned by the web security tool IBM AppScan, while 
  running a Recorded Login option.
  (90107)

- Fixed issue reported by the web security tool IBM AppScan for the 
  Spanning-Tree Protocol webpage.
  (116507)

- Fixed issue in login credential mechanism.
  (107614)

- Fixed issue related to non-configured SNMP community strings.
  (115054)

- Fixed command injection issue for the "mv" command.
  (136430)

- Fixed libxml2 security vulnerabilities as reported in the CVE Advisories 
  CVE-2015-8710, CVE-2016-3705, CVE-2016-3627, CVE-2015-8806, CVE-2016-4447, 
  CVE-2016-4449, CVE-2016-4448, CVE-2016-4658, CVE-2016-9318, CVE-2017-8872, 
  CVE-2017-9049, CVE-2017-9050, CVE-2016-5131, CVE-2017-15412, CVE-2017-16932, 
  CVE-2017-5130
  (49214, 57176, 55781, 58942, 58943, 86808, 104768, 124059)

- Fixed zlib vulnerabilities as reported in the CVE Advisories 
  CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843.
  (86800)

- Fixed Linux Kernel security vulnerabilities as reported in the CVE Advisories
  CVE-2017-6214, CVE-2015-8324, CVE-2019-11477, CVE-2019-11478, CVE-2019-11479. 
  (57178, 177635, 113078)

- Fixed TLS security vulnerabilities as reported in the CVE Advisories 
  CVE-2014-8730 (POODLE), CVE-2013-0169 (Lucky 13). 
  (80866, XB221660)

- Fixed OpenSSL security vulnerabilities as reported in the CVE Advisories
  CVE-2016-2108, CVE-2018-0732, CVE-2018-0734, CVE-2019-1559. 
  (55174, 147029, 175714, 181273)

- Fixed security vulnerabilities as reported in the CVE Advisories 
  CVE-2013-2566, CVE-2015-2808 (BarMitzvah), CVE-2016-2183 (SWEET32), 
  CVE-2016-6329.
  (LV300779, 66395)

================================================================================
IBM Networking Operating System RackSwitch G7028 firmware version 7.6.4.0 (Released February 2016)
** changes since 7.6.3.0 **

Enhancements:
none

Changes:
none

Fixes:

- Using Cisco ACS, version 5.5 and above, to authenticate users with TACACS protocol,
  could lead to the User Interface thread (SSHD,AGR,TNET,CONS) to be suspended forever,
  thereby denying any further authentication with the TACACS protocol.
  (LV307694/7383)

================================================================================
IBM Networking Operating System RackSwitch G7028 firmware version 7.6.3.0 (Released January 2015)
** changes since 7.6.2.0 **

Enhancements:
none

Changes:
none

Fixes:

- Speed and duplex settings of the management port are displayed incorrectly when
  no cable is present. 
  (LV296505)

================================================================================
IBM Networking Operating System RackSwitch G7028 firmware version 7.6.2.0 (Released August 2014)
** changes since 7.6.1.0 **

Enhancements:
None

Changes:

- Added the Machine Type Model 7120-24L to identify Lenovo as a distribution 
  channel.
  (XB277502)

- Internal debug usernames have been removed from the firmware to prevent 
  potential backdoor access.
  (XB282666)

Fixes
None