Acano Solution Acano Server Release 1.2.18 Release Notes Acano March 2015 76-1005-15-Al Contents Contents 1 Introduction 4 1.1 Before upgrading...................................................................................................... 4 1.2 After upgrading......................................................................................................... 4 2 New Features/Changes in 1.2 5 2.1 New Chrome Sharing Extension from R1.2.8 ........................................................... 5 2.2 New License File Replacing VM Activation Key........................................................ 5 2.3 Guest Access Support.............................................................................................. 5 2.4 Enhancements for WebRTC Support ....................................................................... 6 2.5 Lync Enhancements ................................................................................................. 6 2.5.1 H.264 UC ("SVC") video support 6 2.5.2 Presence enhancements 6 2.6 DNS Enhancement .................................................................................................. 6 2.7 Call Leg Profile Enhancements ................................................................................ 7 2.7.1 Call leg profile additions 7 2.7.2 Activation mode enhancements 8 2.7.3 Participants joining and leaving tones enhancements 8 2.8 Outbound Calls Page Updates ................................................................................. 8 2.8.1 Configurable control stream encryption for outbound calls 8 2.8.2 New Local From Domain field 9 2.9 External Directory Support in Searches .................................................................... 9 2.10 CDR Enhancements/Changes ................................................................................. 9 2.11 Main MMP Changes ............................................................................................... 10 2.12 Miscellaneous Enhancements ................................................................................ 11 2.12.1 OpenLDAP support 11 2.12.2 Logging/Diagnostic Enhancements 11 2.12.3 Audit Log Improvements 11 2.12.4 Configurable Outgoing Audio Packet Size 12 2.12.5 Media Encryption 12 2.12.6 Acano client presence enhancements 12 2.12.7 Resolution enhancements 12 2.12.8 Active Call List Enhancements 12 2.13 Summary of API Enhancement/Changes ............................................................... 12 3 Notes on Upgrading to R1.2 14 3.1 Upgrading to Release R1.2 .................................................................................... 14 3.2 Downgrading .......................................................................................................... 15 4 Resolved Issues Resolved in R1.2.18 Resolved in R1.2.15 Resolved in R1.2.14 Resolved in R1.2.13 Resolved in R1.2.12 Resolved in R1.2.11 Resolved in R1.2.9 Resolved in R1.2.8 Acano Solution: Acano Server R1.2.18 Release Notes 76-1005-15-Al 16 16 16 16 17 17 17 18 18 Page 2 Contents Resolved in R1.2.7 Resolved in R1.2.6 Resolved in R1.2.5 Resolved in R1.2 (previously called R1.2 RC2) 5 Known Limitations Acano Solution: Acano Server R1.2.18 Release Notes 76-1005-15-Al 18 19 19 20 21 Page 3 Introduction 1 Introduction This release note describes the new features, improvements and changes in Release 1.2 of the Acano solution software for both Acano Server and virtualized deployments. Release 1.2.15 is a maintenance release with bug fixes, as described later in this release note. Also see section 2.12, Ability to add SAN names to the MMP command PKI CSR. 1.1 Before upgrading If you are upgrading from a release before 1.2.12 and you have an Acano hardware server with serial number less than 00072 then you need to check your license.dat file, you may need to obtain a replacement license. Follow these steps: 1. SFTP the license.dat file off the Acano server and open license.dat in a text editor 2. Check line 7 of license.dat, if it reads licensed product name=M-Link version=16.0 expires=unlimited options="0” then contact support before the upgrade to obtain a replacement licence.dat file. If line 7 reads: licensed product name=M-Link version=16.9 expires=unlimited options="0” you do not need to replace license.dat, proceed with the upgrade. CAUTION VM ONLY: Before you upgrade a virtualized deployment to Release 1.2 you must ask support@acano.com for a new license file if you have not already done so. This file replaces the activation key on a virtualized deployment – the activation key is no longer required. If the license is missing, the Call Bridge is limited to 4 call legs as before. 1.2 After upgrading CAUTION Acano Server & VM: After upgrading either an Acano Server or a Virtualized deployment you must check your Outbound Calls dial plan rules; the Local Contact Name field usage has changed and there is a new Local From Domain with the functionality of the old Local Contact Name field. This provides better interworking with Lync. See below. Acano Solution: Acano Server R1.2.18 Release Notes 76-1005-15-Al Page 4 New Features/Changes in 1.2 2 New Features/Changes in 1.2 2.1 New Chrome Sharing Extension from R1.2.8 In Chrome v.37 the way content sharing is supported was changed and this broke our support for this feature. Therefore as a temporary measure we removed the Chrome content sharing button in maintenance release 1.2.7; but the Acano Chrome extension for content sharing restored this feature in 1.2.8. 2.2 New License File Replacing VM Activation Key In releases after R1.2 Beta 4 there is a new license manager for virtualized deployments. This replaces the VM activation key used in previous releases. (The license is not used on the Acano Server at present.) The license is a JSON file with a digital signature appended. Acano support will provide this acano.lic file to you. Upload the file to your VM host using SFTP: do not rename the file. Then restart your Call Bridge. You can check the licensed features and their status by issuing the MMP command license. You will also see an entry in the syslog. 2.3 Guest Access Support In R1.2 there is increased support for users to join a call using a guest user web link via a "Web Bridge" URL which displays a "guest" login page. After they enter their name, the following action is taken based on the platform and/or browser: on a Windows PC, the administrator can configure a ClickOnce installer. (An additional click is required after installation in order to launch the PC Client.) Google Chrome and Firefox (see note later on Firefox support) uses WebRTC natively Internet Explorer (IE9 or later), the Acano PC client launches (if it was installed previously) or is downloaded automatically. (Internet Explorer does not support WebRTC) on an iOS device, the Acano iOS client launches if it is installed. If the client is not installed then a page is displayed with a link to the App Store on a Mac: Chrome uses WebRTC natively with Safari, a dialog box will open. If the Acano Mac client is installed, click on the Join call in app button. If the client is not installed, click on the Install Acano for OSX button. Note: You will need to click on the downloaded .dmg file to install the Acano client. Then click on the Join call in app button. Note: Specific versions (or later) of these clients are required for this feature, and some of these are work-in-progress. See the Acano Client FAQs on the web site for the latest status. Acano Solution: Acano Server R1.2.18 Release Notes 76-1005-15-Al Page 5 New Features/Changes in 1.2 2.4 Enhancements for WebRTC Support Additions have been made to WebRTC client operation in R1.2: Firefox support for WebRTC in Release 1.2 is in Beta – users can test this functionality and give us feedback, but no customer should rely on using it in production and the support we offer is limited. DTLS (encryption) support to allow you to use WebRTC on recent versions of Firefox to log in to the Acano solution. This functionality is in Beta; no customer should rely on using it in production and the support we offer is limited Application sharing via Google Chrome – see the Acano Client FAQs document on the Acano web site for details of how to enable application sharing in Chrome Note: Due to the way Chrome handles key frames for multiple simultaneous video streams currently, sharing an application with Chrome means that the main video stream from that browser session stops, and only restarts when sharing stops. 2.5 Lync Enhancements 2.5.1 H.264 UC ("SVC") video support Previously, video support for Lync was restricted to RTVideo. From R1.2, the Acano solution can also send and receive H.264 UC. This is the default mode of operation with Lync 2013 and provides a much improved video experience. Note: With Lync 2010, RTVideo is still used; this is the highest quality codec that Lync 2010 supports. 2.5.2 Presence enhancements The Acano solution now returns presence information to Lync for domains that can be reached through a Lync > SIP rule configured in the Call Forwarding section of the Incoming Calls page. Such destinations show up as "Available" normally. (If no rules are configured, the Acano solution only provides presence for coSpaces.) A status of Available tells Lync that the outbound SIP call is possible (because the Call Bridge can route this call as a gatewayed call). Most SIP codecs do not support presence so there is no way to get a true status from them to determine if they are actually available or not. When the Acano Call Bridge knows that this destination is in a call – that is, if the Call Bridge has placed a call to that destination (as a gatewayed or conferencing call leg) presence then changes to "In a call". 2.6 DNS Enhancement From R1.2 you can now configure the DNS resolver(s) to return values which are not configured in external DNS servers or which need to be overridden, custom Resource Records (RRs) can be configured which will be returned instead of querying external DNS servers. Use the new Acano Solution: Acano Server R1.2.18 Release Notes 76-1005-15-Al Page 6 New Features/Changes in 1.2 command: dns (mmp|app) add rr <DNS RR> and see the MMP Command Reference for details. 2.7 Call Leg Profile Enhancements 2.7.1 Call leg profile additions R1.1 introduced the concept of "profiles", allowing individual coSpaces or coSpace access methods to use different call leg profiles which could enforce varying in-call behaviors. A number of additions have been made to the mechanism for R1.2: Call leg profiles can be attached to specific tenants: behavioral defaults can be applied for all call and coSpace interactions for that tenant Call leg profiles can be attached to individual "coSpaceUser" entries in the hierarchy; the call leg profile then applies to that user's participation in the coSpace A top-level call leg profile can be set, via a new API "api/v1/system/profiles" node. This provides default behavioral settings for all call legs hosted by the system for call legs, tenants, or coSpaces when more specific call leg profiles do not apply. For example, the toplevel profile's setting for whether to show participant names as pane labels will apply to all calls Note: Call leg profiles can be set globally, per tenant, per coSpace, per access method, per coSpace user, or per call leg. Call leg profiles can now set: As in R1.1 whether call legs are "deactivated" (muted bi-directionally) until the first call leg connects that does not require activation. These call legs revert to "deactivated" when the last activator call leg disconnects Whether call legs will receive any active presentation video combined with the main video stream or (if capable) in a separate stream Whether call legs are permitted to contribute presentations Video layout: the default layout on devices that do not choose the layout for themselves Whether participant name labels are included in multi-pane video layouts Initial mute status for individual video and audio streams – both contributed by, and received by, a call leg Whether media encryption is Allowed, Required or Forbidden Whether join and leave tones are played on this call leg, and at what threshold values (see below) Audio packet size (see below). The default is 20ms Requiring activation enhancements (see the next section) Acano Solution: Acano Server R1.2.18 Release Notes 76-1005-15-Al Page 7 New Features/Changes in 1.2 2.7.2 Activation mode enhancements R1.1 call leg profiles allowed individual call legs to be either "requiring activation" or "not requiring activation". All call legs in a call "requiring activation" would be "deactivated" (essentially, muted bi-directionally) until the first call leg that did not require activation connected. Then, all other call legs would become "activated" (unmuted) but would revert to "deactivated" when the last “activator call leg” disconnected. R1.2 extends and enhances this mode: Using call leg profiles, you can now set the "deactivation behaviour": deactivate (the former, R1.1, behaviour), stay activated (allowing the participants to continue to interact) or be disconnected set a time value for how soon the deactivated mode takes effect: e.g. choose to disconnect all "guest" participants a specified time after the last "activator call leg" disconnects These settings follow the normal call leg profile hierarchy, so you can set box-wide behaviour via the top-level global call leg profile, or exercise more fine-grained control at the per-tenant or per-coSpace level: in the most advanced modes, some "guest" participants might be disconnected when the last "chair" leaves while others remain [active] Information on whether a participation's call leg is activated or deactivated is pushed out to Acano clients if the call leg is an Acano (rather than standard SIP, Lync or avaya) one. There's a new specific "callDeactivated" CDR disconnect reason to indicate that a call leg has been disconnected due to its call being deactivated. 2.7.3 Participants joining and leaving tones enhancements In R1.2, you can configure the Acano Call Bridge to play out audible notifications when participants leave or join a coSpace. Call leg profiles configured via the API (for instance, the top-level default call leg profile or a call leg profile for an individual tenant or coSpace) include threshold values for when to play join and leave tones. The Acano Call Bridge will play join and leave tones to other participants when new people join and leave according to those thresholds. For instance, if the join tone threshold is set to "5", then tones will be played out for the first 5 people joining, but not for additional participants (unless the total number of participants drops below 5). The leave tone threshold is configured separately to the join tone threshold; if, for example, the leave tone threshold is set to "3", the audible notification will only be played out if someone leaves when there are 3 or fewer participants in the call. Until configured for a call leg profile via the API, the join and leave tone participant thresholds are 0: by default, R1.2 behaves like previous software releases and no tones are played when participants join or leave the call. 2.8 Outbound Calls Page Updates 2.8.1 Configurable control stream encryption for outbound calls For each Outbound Calls dial rule, you can now set whether SIP control traffic: Uses only encrypted transport (TLS) - Encrypted Acano Solution: Acano Server R1.2.18 Release Notes 76-1005-15-Al Page 8 New Features/Changes in 1.2 Uses only unencrypted transport (typically TCP) - Unencrypted Tries Encrypted mode first and falls back to Unencrypted in the event of failure – Auto (the default) This can be controlled via a new SIP Encryption field in the Web Admin Interface Configuration > Outbound Calls page or the API (see the API Reference guide). CAUTION: The default behavior R1.2 mode is Auto. This does not match pre-R1.2 behavior. Previously, all "Lync" outbound dialling rules would automatically use Encrypted mode; therefore you may need to ensure that these rules are explicitly set to Encrypted mode to prevent the Call Bridge attempting to use unencrypted TCP for these connections in the event of the TLS connection attempt failing. Prior to R1.2, whether or not to attempt TLS first would be determined by the media encryption setting; specifically, if media encryption was Disabled, then the Call Bridge would never attempt to use TLS for SIP control connections. The new behaviour separates the control and media encryption behaviour, allowing a TLS control connection to be used in the absence of media encryption, for example. 2.8.2 New Local From Domain field In previous releases the Configuration > Outbound Calls Local Contact Domain field controlled the domain of the "From" address used in outgoing calls initiated via that Outbound Call rule: The contact domain was derived from the local Acano Call Bridge IP address used for the call. From R1.2 the Outbound Calls page shows what was previously configured as the contact address in a new Local From Domain field. This more closely matches its actual function: and there's now the new ability to configure an explicit contact domain to be used: if you leave this new field blank then the contact domain is derived from the local IP address (as before). If you are using Lync, we suggest that you use this new function. If you are not using Lync we recommend that the Local Contact Domain field is left blank to avoid unexpected issues with the SIP call flow. CAUTION: Therefore previous Outbound Calls dial plan rules may not work after upgrading to R1.2 and they must all be checked and updated if required. 2.9 External Directory Support in Searches Using the API, you can add additional directory locations to be searched when Acano client users perform searches. If you are using the tenant feature, this is on a per-tenant level. Results from these locations are added to the results from the LDAP-sourced user lists displayed in the Acano clients. 2.10 CDR Enhancements/Changes The CDR receiver address can now be read or written to via the API (GET or PUT to a new /api/v1/system/cdrReceiver" node). Acano Solution: Acano Server R1.2.18 Release Notes 76-1005-15-Al Page 9 New Features/Changes in 1.2 The URI field in the CDR Receiver Settings section of the Configuration > API Settings page remains for setting the CDR receiver address from the Web Admin Interface. From R1.2 an audit log entry is made when the CDR receiver is added, modified or deleted. Within a CDR, where applicable: callLegStart records now include a "localAddress" value showing any local destination relevant to the call leg (e.g. what the caller connected to in order to reach the Acano solution) A new "callDeactivated" leg end reason code signifies that the call leg was disconnected by the Acano solution because the call of which the call leg was part was deactivated, and its deactivate action (see above) was set to "disconnect" R1.2 supports keepalive connections to allow the Acano solution to send multiple (batches of) records on one TCP or TLS connection to a CDR receiver. 2.11 Main MMP Changes The following enhancements/changes have been made in the R1.2 MMP for security. For full details of the new command set see the MMP Command Reference for R1.2 The command passwd can now only be used by admin-level users Admin-level users can now: reset another user’s password set the maximum number of characters that can be repeated in a user’s password – and there are a number of other user password rule additions limit MMP access by IP address disable MMP accounts after configurable idle period The command webbridge clickonce default is now webbridge clickonce none to match other commands and disables all clickonce redirect behavior There is a new dscp 4|6 <traffic type> <DSCP value> command to set DSCP values There are new commands for Common Access Card (CAC) integration You can now permanently store system and audit log files using the new syslog rotate <filename> and syslog audit rotate <filename> commands You can now enable a FIPS 140-2 level 1 certified software cryptographic module, Then cryptographic operations are carried out using this module and cryptographic operations are restricted to the FIPS approved cryptographic algorithms Users with the audit role can enable verbose logs for certain services using the audit http (enable|disable) command The Acano solution now validates the new upgrade.img file before initiating a backup before upgrading notifies users (on login) of the number of unsuccessful login attempts since last successful login Acano Solution: Acano Server R1.2.18 Release Notes 76-1005-15-Al Page 10 New Features/Changes in 1.2 handles certificate bundles as well as certificate files. There are changes to pki command parameters to accommodate this and a new pki verify <cert> <cert bundle/CA cert> [<CA cert>] command When deploying R1.2 as a new virtualized deployment, dhcp is enabled on interface a by default 2.12 Miscellaneous Enhancements 2.12.1 OpenLDAP support Previously you needed to make changes to openLDAP's schema to get an LDAP sync to work with openLDAP (adding an objectUUID), but this is no longer necessary in R1.2. Take great care if you choose to migrate from AD to openLDAP. The key is the objectGUID: this is the object that the Acano solution uses to sync the coSpace database and AD. So long as the objectGUID is intact when you migrate, the sync will maintain all properties on the Acano Server. Make a backup of the current system configuration prior to migration. We strongly suggest detailed testing with the LDAP mappings and filters on the new AD prior to initiating the Sync for the first time from the new AD source. 2.12.2 Logging/Diagnostic Enhancements The diagnostic logging available from the Web Admin Interface Logging > Detailed tracing page has been improved: All SIP traffic shown via this method has a fixed "SIP trace" prefix, so that it can be identified from the more general event log New DNS and API tracing complements the existing SIP tracing; the information produced by these methods starts with either "DNS trace" or "API trace" for easy identification For all tracing methods, the range of timed enablement now includes a "24 hours" option; allowing extended diagnostics to be left on overnight, for instance There are more date values along with times in the logs Displays a warning message for failed DNS lookups 2.12.3 Audit Log Improvements From R1.2, the audit log shows: participants joining and leaving events modifications to the CDR receiver settings (see below) The audit log settings can only be changed by a user with the audit role: that is, only audit-level users can use the syslog audit commands. Users with the audit role can enable verbose logs for certain services using the audit http (enable|disable) command. Acano Solution: Acano Server R1.2.18 Release Notes 76-1005-15-Al Page 11 New Features/Changes in 1.2 2.12.4 Configurable Outgoing Audio Packet Size Whereas previous Acano solution releases would always send 20ms outgoing audio packets where possible, R1.2 introduces the ability to set a preference of 10ms or 40ms instead by using the Audio Packet Size Preferred field in the Configuration > Call Settings page if your environment requires a different setting. Note: Not all audio codecs support the ability send different packet sizes, and therefore the effect of setting 10ms or 40ms settings may vary from call to call. While you must select from pre-defined values in the Configuration > Call Settings page, by using the API you can set other sizes for the outgoing audio packets according to the capabilities of the codec in use. 2.12.5 Media Encryption From R1.2, an unencrypted warning indicator shows up on endpoints' screens if those endpoints have an encrypted connection to the call, but there are call legs in the same call that are not using encryption. Using call leg profiles, it is now possible to configure encryption requirements on a system-wide, tenant-wide or coSpace level. Acano clients show an equivalent indicator. 2.12.6 Acano client presence enhancements From R1.2, if you are in call on an Acano client, your user status will change to "Busy". 2.12.7 Resolution enhancements From R1.2, the Acano solution supports 1920x1200 and 1600x1200 resolutions. 2.12.8 Active Call List Enhancements From R1.2, the Acano solution displays the SIP URI of the caller in the Active Call list. 2.13 Summary of API Enhancement/Changes This section summarizes the API enhancements and changes in R1.2. Some of these changes are for features mentioned previously in these Release notes. For full details see the API Reference for R1.2. The reply to a GET on "/api/v1/system/status" now includes the software version. New API tracing is shown in logs from the Logging > Detailed tracing page (see above) There are a number of new elements in the object hierarchy: /accessQuery (and associated method to find full details of how a given URI or call ID, for instance, one that might be associated with a coSpace, might be reached) /callLegs/<call leg ID>/callLegProfileTrace /system/profiles Acano Solution: Acano Server R1.2.18 Release Notes 76-1005-15-Al Page 12 New Features/Changes in 1.2 /system/cdrReceiver (see above) Retrieve or write the CDR receiver address (see above) There are some new fields for existing objects: /tenants/<tenant ID>/callLegProfile – for per-tenant call leg profiles /coSpace/<coSpace ID>/coSpaceUsers/<coSpaceUser ID>/callLegProfile – for per coSpace user call leg profiles /outboundDialPlanRules/<outbound dial plan rule ID>/sipControlTransport – a per outbound dialling rule setting for SIP control traffic transport. <outbound dial plan rule ID> is one of :encrypted, unencrypted or auto There are some additional filters to use in queries: /callLegProfiles - you can now specify "usageFilter=unreferenced" as a filter to return only call leg profiles not referenced anywhere (and therefore potentially safe for deletion) /coSpaces - you can now specify a "callLegProfileFilter=<GUID>" filter to return just those coSpaces using that call leg profile (at the coSpace level, or for an accessMethod or coSpaceUser) /tenants - you can now specify a "callLegProfileFilter=<GUID>" filter to return just those tenants associated with that call leg profile Enable tones for participants joining and leaving calls (see above) callLegProfile additions (see above) A top-level profile can be set, via a new API "api/v1/system/profiles" node (see above) Requiring/not requiring activation enhancements (see above) Add additional directory locations to be searched when Acano client users perform searches (see above) New failure reason databaseNotReady for LDAP sync operations New parameters when adding and modifying a coSpace member Acano Solution: Acano Server R1.2.18 Release Notes 76-1005-15-Al Page 13 Notes on Upgrading to R1.2 3 Notes on Upgrading to R1.2 This section includes information about upgrading an Acano Server Release. CAUTION: Before upgrading to R1.2 (either an Acano Server or a virtualized deployment) you must take a configuration backup using the backup snapshot <filename> command and store it safely on a separate device. See the MMP Command Reference document for full details. CAUTION VM ONLY: Before you upgrade a virtualized deployment to Release 1.2 you must ask support@acano.com for a new license file. This file replaces the activation key on a virtualized deployment – the activation key is no longer required. 3.1 Upgrading to Release R1.2 Unless specifically mentioned, the instructions in this section apply to both Acano Server and virtualized deployments. Upgrading the firmware is a two-stage process: first, upload the upgraded firmware image; then issue the upgrade command. (This restarts the Acano solution: the restart process interrupts all active calls running on the Acano solution; therefore, this stage should be done at a suitable time so as not to impact users − or users should be warned in advance. To install the new firmware on the Acano Server follow these steps: 1. Check that you have the new license file from support@acano.com. This file is required on virtualized deployments. It replaces the activation key on a virtualized deployment – the activation key is no longer required and has been deprecated. 2. Obtain the upgrade image from the secure partner section of the Acano website. You should have obtained a file called upgrade.img. If this is not the case – rename the file to upgrade.img. Note: If you are using WinSCP for the file transfer, ensure that the transfer setting is ‘binary’ not ‘text’. Using the incorrect setting results in the transferred file being slightly smaller than the original – and this prevents successful upgrade. If you are using a virtualized server, when you log in with the admin user account after upgrade, for security you will be prompted to change the password before proceeding. CAUTION: After upgrading you must check your Outbound Calls dial plan rules – see section 2.8. 3. Using a SFTP client, log into the MMP using its IP address. The login credentials will be the ones set for the MMP admin account. If you are using Windows, we recommend using the winSCP tool. Notes: You can find the IP address of the MMP’s interface with the ipv4 admin command or the equivalent ipv6 command. Acano Solution: Acano Server R1.2.18 Release Notes 76-1005-15-Al Page 14 Notes on Upgrading to R1.2 The SFTP server runs on the standard port, 22. After copying the upgrade.img file, you will not be able to see it listed as being in the file system; this is normal. 4. Copy the software to the Acano Server/ virtualized server. 5. To apply the upgrade, issue the upgrade command. a. Establish a SSH connection to the MMP and log in. b. Initiate the upgrade by executing the upgrade command. upgrade The Acano Server/ virtualized server restarts automatically: allow 10 minutes for the process to complete. 6. Verify that the Acano solution is running the upgraded image by re-establishing the SSH connection to the MMP and typing: version Remember to use the MMP user accounts to log into the Web Admin Interface. Refer to the MMP Command Reference document for more information. 7. If you are using a virtualized deployment, upload your new license file. 8. For all deployments, check the Configuration > Outbound Calls rules updating the Local Contact Domain field and completing the new Local From Domain field if necessary. 3.2 Downgrading To return to the older version, use the regular upgrade procedure to “upgrade” to the appropriate version, and then restore the configuration backup for that version. Acano Solution: Acano Server R1.2.18 Release Notes 76-1005-15-Al Page 15 Resolved Issues 4 Resolved Issues Resolved in R1.2.18 Reference Issue Summary 7707 WebRTC client does not work with Chrome version 41.0.2272.64 beta-m (64-bit) When attempting to join a call with the WebRTC client v41 the client displays the spinning circle for a while and then the call fails. R1.2.18 fixes an interop issue that was preventing WebRTC clients from working with this beta version of Chrome. 7839 XSS vulnerability could result in execution of javascript to create a popup with the text xss after clicking through authentication (successful or not) A bug was discovered in R1.2.14 which could result in the coSpace database not initialising, following an upgrade or downgrade to R1.2.14 on Acano Server hardware only. The VM version of this release is not impacted by this issue.is fixed in R1.2.18. Resolved in R1.2.15 Reference Issue Summary 7471 CVE-2015-0235 - Ghost vulnerability This issue was reported as Security alert 017 and is fixed in R1.2.15. 7485 Unable to join coSpace on Web Bridge with Firefox This issue can be seen whether joining as a guest or signing in to the WebRTC Client as a user and is fixed in R1.2.15. 7557 Lync calls fail after 30 seconds to direct federated Lync servers in 1.6.11 Fixed in R1.2.15. Resolved in R1.2.14 Reference Issue Summary 7055 CSR generated on the Acano server could be rejected as an Invalid CSR This was occurring because of a difference between the given and expected version number. This issue is fixed in R1.2.14. 7298 Call Bridge passing incorrect information about the number of recent participants when there have been 10 or more participants in the coSpace When 10 or more participants were in a call in a coSpace (not necessarily concurrently), the server includes an incorrect number of participants in the recent call message sent to the Acano clients. This issue is fixed in R1.2.14. 7420 Open URL redirection vulnerability could be exploited to gather credentials from an unsuspecting user This issue was reported as Security Incident 017 and is fixed in R1.2.14. 7421 XSS vulnerability could result in execution of javascript to create a popup with the text xss after clicking This issue was reported as Security Incident 018 and is fixed in R1.2.14. Acano Solution: Acano Server R1.2.18 Release Notes 76-1005-15-Al Page 16 Resolved Issues through authentication (successful or not) Resolved in R1.2.13 Reference Issue Summary 6204 All active calls are dropped Calls being dropped when component connection from the Call Bridge to the XMPP server dropped because invalid XML was sent from a client. This issue was raised as Security issue 013, and is fixed in R1.2.13. 6684 Issues in calls with VCS X7.2.2 and Acano 1.2.11 & 1.2.9 This could occur when the “Minimum session refresh interval (seconds)” was higher than 1800 in VCS. This issue is fixed in R1.2.13. 6686 API system status messages returning unwanted information This issue is fixed in R1.2.13. 6744 Syslog "unrecognised protocol message" at "Warning" level This has been made an info level message rather than warning; it indicated that older versions of the clients are being used with the Acano server. This issue is fixed in R1.2.13. 6755 First few seconds of the video stream could be fragmented This was related to setting MTU settings on an interface. This issue is fixed in R1.2.13. 6779 Calls being dropped This occurred because of TURN server issues when listening on multiple interfaces. This issue is fixed in R1.2.13. 6858 MMP commands didn’t autocomplete with all possible matches This issue is fixed in R1.2.13. 6923 Lync AVMCU calls disconnect at 16 minutes Lync AVMCU calls to SIP endpoints disconnected at 16 minutes. This issue is fixed in R1.2.13. Resolved in R1.2.12 Reference Issue Summary 5779 Sending higher than configured Tx maximum bandwidth to Lync client This issue is fixed in R1.2.12. 6491 Logs filling with repeated message approximately every second This was caused by starting the server with an invalid XMPP license. This issue is fixed in R1.2.12. 6510 Server crash when running R1.1.8. This was caused by a DNS lookup error and this issue is fixed in R1.2.12. 6567 Frequent resolution changes when Lync client and EX60 endpoint in a coSpace This was caused by frequent changes to the incoming resolution and from R1.2.12 we have adapted our algorithms to suit this situation. This issue is fixed in R1.2.12. Resolved in R1.2.11 Acano Solution: Acano Server R1.2.18 Release Notes 76-1005-15-Al Page 17 Resolved Issues Reference Issue Summary 6067 Custom IVR image issue Customized image could be pixilated in full-screen mode on Lync participants. This issue is fixed in R1.2.11. 6182 Certificate chain issue This certificate trust issue is fixed in R1.2.11. 6235 Content fails SIP calls through Codian ISDN GW Content could fail to stop and cause lip sync issues. This is fixed in R1.2.11. 6313 Max number of hostname IPs exceeded Previously the Acano solution could only resolve 8 names to a DNS load balancer. This has been increased and the issue is fixed in R1.2.11. 6340 H264 decoder crash This issue was caused by a rare software loop and is fixed in R1.2.11. 6368 Load balance across VCS peers Outbound calls from an Acano server were not load balanced across all available VCS cluster peers. This is fixed in R1.2.11. 6375 Server crash This issue is fixed in R1.2.11. 6376 Active calls stop working The Call Bridge service could stop on receiving 401 messages. We have improved 401 message handling and this issue is fixed in R1.2.11. 6575 Security fix CVE 2014 3513 R1.2.11 fixes a security issue with OpenSSL denial of service vulnerability that is detailed in the Security Alert Details document 6596 No video to Polycom DMA We have improved our handling of parameters in the H.264 advertisement parsing code and this issue is fixed in R1.2.11. Resolved in R1.2.9 Reference Issue Summary 6153 Occasional Lync calls failing This was caused by a NOTIFY message with zero length. This is no longer transmitted and therefore is fixed in R1.2.9. 6337 postgres not starting Some changes have been made to the postgres setup and this issue is fixed in R1.2.9. Resolved in R1.2.8 Reference Issue Summary 5760 Require a Chrome extension to be able to share desktop from Chrome. This issue is fixed in R1.2.8. 6132 Server crash caused by issue with Active Directory settings Field Mapping Expression This issue is fixed in R1.2.8. Resolved in R1.2.7 Reference Issue Summary Acano Solution: Acano Server R1.2.18 Release Notes 76-1005-15-Al Page 18 Resolved Issues 5963 Vulnerability issues with OpenSSL R1.2.7 uses the latest OpenSSL library addressing some vulnerability issues reported as Security Incident 007. 5968 Issues with Apache's mod_reqtimeout R1.2.7 uses Apache 2.4.10 addressing potential slow http attacks. This issue was reported as Security Incident 008. 5890 One-way video with Chrome v37 Although Chrome v36 was fine in the same circumstances, when using v37 the Acano WebRTC Client received video, but didn't transmit any. This issue is fixed in R1.2.7; however, see the Known limitations below. 5980 tenantFilter for callLegs returns no results In R1.2.5 an API GET on /api/v1/callLegs?tenantFilter=xyz could return zero results. This is fixed in R1.2.7. 5981 Empty/missing <name> tags in API responses for participants without a SIP display name If an endpoint didn't supply a SIP display name, then in the list of /callLegs from the API, you could see an empty name tag. This is fixed in R1.2.7. 6055 Virtualized Edge server not responding to SNMP polls snmpd wasn't starting up and this is fixed in R1.2.7. 6070 In R1.1 WebRTC guest diagnostics could show unnecessary information This is fixed R1.2.7. 6071 WebRTC Client’s Chat tab does not show the latest messages There was a missing refresh of the message board when returning to it from another view. This is fixed in R1.2.7 Resolved in R1.2.6 Reference Issue Summary 5904 XMPP (authp) authentication succeeds with empty password if LDAP server allows 'unauthenticated authentication' method of simple bind Active Directory allows unauthenticated authentication and therefore if the client supplied an empty password, but a valid, known JID, such client log-in requests succeeded. This was a security issue reported as Security alert 006 – this issue has been fixed in R1.2.6. Resolved in R1.2.5 Reference Issue Summary 5398/5681 Core server crash There could be an occasional crash when the Core server was communicating with the Web Bridge(s) due to a memory buffer issue. This is fixed in R1.2.5. 5641 Decoder rejected frames with width or height not divisible by 4 One consequence was that the Acano solution did not output any frames when Chrome sent a desktop at 1680x1050 for example (as 1050 is 2 mod 4). In R1.2.5 the Acano solution is more flexible on resolutions and this issue is fixed. 5647 Logo shown to clients when multiple deactivated ("guest") video participants are present R1.2.5 deals with deactivated video streams better and no longer sends anything to the clients when there are no "real" participant video streams available. 5650 Failed API/webadmin authentication causes This issue was previously reported as Security Alert 005. This issue is fixed in R1.2.5. Acano Solution: Acano Server R1.2.18 Release Notes 76-1005-15-Al Page 19 Resolved Issues slowdown of webadmin, API and SIP processing 5661 Loaded media message after changing microphone when using Chrome WebRTC The Chrome client would show "Loading Media - Please wait"; and to re-establish full audio and video the user would have to dial in again.There is now improved handling of trickle ICE on the Web Bridge and this issue is fixed in R1.2.5. 5678 Issues changing the layout for a callLeg via the API in R1.2 In R1.2.0 changing the layout for a callLeg via the API didn't work if you did a PUT with layout = telepresence but worked if you specified defaultLayout = telepresence. The published API spec for 1.2.0 was incorrect. In R1.2.5 the Acano solution will accept either parameter for a callLeg – but the documentation has been updated to reflect defaultLayout = telepresence and this is the recommended statement. This issue is fixed in R1.2.5. 5802 Thread safety issues with json_read in PAM Repeated failed authentication could cause a crash. This is fixed in R1.2.5 Releases R1.2.1 to R1.2.4 were not released. Resolved in R1.2 (previously called R1.2 RC2) Reference Issue Summary 2578 Escalation from audio to video not working over Lync Edge server Escalation from audio to video would not work over Lync Edge server; this is fixed in R1.2. 4214 The webbridge listen command doesn't work for certain port numbers Some port numbers did not work with the webbridge listen command; for example Firefox considers port 1 as a reserved port. The webbridge status returns “Running” but the web page doesn't seem to load when you browse to the Acano server, e.g. join.tryacano.com. This is fixed in R1.2 5444 Calls fail with uppercase content-type If the content-type header in SIP messages had SDP in uppercase then calls could fail with "ACK received with no session description late media call - ending call”. This is fixed in R1.2. 5445 Web Bridge issue could cause a crash This is fixed in R1.2. Acano Solution: Acano Server R1.2.18 Release Notes 76-1005-15-Al Page 20 Known Limitations 5 Known Limitations If you encounter any of the following issues, contact support@acano.com because we are likely to have test builds to send you with fixes for many or all of them by the time you find them. Reference Issue Summary 2449 Lync Edge clients lose audio/video after hold/resume If you dial a Lync 2010 client into a coSpace and hold/resume the call a few times, it can end up with either no audio or no video or no media at all after a call resume. If you leave it in this state, Lync 2010 client eventually prints a message saying "Call failed due to network issues". This issue will be addressed in a future release. 3445 Lync calls to coSpace with PIN do not connect reliably. This affects all Lync clients When dialing from a Lync client using a Lync server which has SupportEncryption or RequireEncryption set, then after you enter the coSpace PIN, the result can be unreliable. The call may connect perfectly, or audio and/or video may not be sent. 3965 Unable to stop pcap capture on serial/ssh Occasionally users running pcap from the serial console for a few minutes are unable to stop the capture with a Ctr+C, if this happens try crt+\ or contact Acano support. 4132 Prevent logging in to the Web Admin Interface. By going to the Web Admin Interface login page, clicking OK to login and then holding down F5, all the sessions will be “used” without even logging in. This prevents anyone else from logging in until those sessions expire. This issue will be addressed in R1.2. 4838 Call Bridge Crash A stress crash can occur in R1.2 Beta 22/04/2012 when using the WebRTC client. 5228 No DNS failover for AD sync Although the initial problem of the Call Bridge not falling back to a second AD server address after the LDAP connection to the first failed has been fixed in R1.2, there remains the issue that trying to connect to a non-existent/non-responding remote address can take a long time to time out. 6763 “syscall error” messages appearing in log The syscall error message should not have been left enabled in this maintenance release. However, they are harmless and should be ignored. 7920 OpenSSL vulnerable to a denial of service attack This issue is reported as Security Alert 022. Acano Solution: Acano Server R1.2.18 Release Notes 76-1005-15-Al Page 21 © 2015 Acano (UK) Ltd. All rights reserved. This document is provided for information purposes only and its contents are subject to change without notice. This document may not be reproduced or transmitted in any form or by any means, for any purpose other than the recipient’s personal use, without our prior written permission. Acano and coSpace are trademarks of Acano. Other names may be trademarks of their respective owners. Acano Solution: Acano Server R1.2.18 Release Notes 76-1005-15-Al Page 22
© Copyright 2024