Release Date: 14/12/2016
- Fixed a potential issue when calculating delay with radio clocks (MSF, DCF, WWVB)
- Updated the leap-seconds.list to account for the upcoming leap second
- Updated Nginx to 1.10.2
- Updated PHP to 7.0.14
- Updated OpenSSH to 7.3p1
- Updated OpenSSL to 1.0.2j
- Updated the Linux kernel
NTP has been updated to 4.2.8p9 which has the following fixes:
Release Date: 14/06/2016
- Updated the SSL ciphers used by the web server to be more up-to-date
- Fixed an issue with IPv6 connectivity to the web interface
- Hostname added to eth0 + eth1 + bond
- Fixed the Dashboard showing a network speed of -1 Mbps when an interface is not configured
- Added verification of SSL certificate to ensure the certificate is valid for the server
- Updated NTP to 4.2.8p
- Updated nginx to 1.10.1
- Updated PHP to 7.0.7
- Updated OpenSSL to 1.0.2h
- Updated the Linux kernel
Release Date: 20/04/2016
- Fixed a security issue where the ping and traceroute fields could execute code on the server
- Fixed a rare issue where some users were not able to login to SSH
- Updated PHP to 5.6.20
- Updated OpenSSL to 1.0.2g
- Updated OpenSSH to 7.2p2
Release Date: 10/02/2016
- OpenSSL has been updated to 1.0.2f
- An issue was found in DCF and WWVB where, in some rare cases, the unit would not synchronise.
NTP has been updated to 4.2.8p6 which has the following fixes:
Additionally, mitigations are published for the following two issues:
Release Date: 18/01/2016
- Fixed a bug where users were not able to set the gateway for the second network card if both were in use.
- Fixed a bug where users were not able to use the backslash (\) character in NTP keys.
- Fixed an issue where the display could stop displaying messages.
- Fixed a rare issue where the web interface would show ‘Unsynchronised’ when it actually was synchronised.
- Fixed an issue with Radio-Only (MSF, DCF, WWVB), units falling out of sync and not resynchronising.
- Under Software Versions, the full firmware version is displayed.
- Updated OpenSSH to 7.1p2
- Updated OpenSSL to 1.0.2e
- Updated PHP to 5.6.16
Updated NTP to 4.2.8p5 which has the following fixes:
NTF's NTP Project has been notified of the following 1 medium-severity vulnerability that is fixed in ntp-4.2.8p5, released on Thursday, 7 January 2016:
- NtpBug2956: Small-step/Big-step CVE-2015-5300
- Bug #2829 Clean up pipe_fds in ntpd.c
- Bug #2887 Stratum -1 config results as showing value 99.
- Bug #2944 Errno is not preserved properly in ntpdate after sendto call.
- Bug #2952 Peer associations were broken by the fix for NtpBug2901 CVE-2015-7704
- Bug #2954 Version 4.2.8p4 crashes on startup on some OSes.
- Bug #2957 'Unsigned int' vs 'size_t' format clash.
- Bug #2958 NTPQ: fatal error messages need a final newline.
- Bug #2965 Local clock didn't work since 4.2.8p4.
- Bug #2967 'Ntpdate' command suffers an assertion failure
- Bug #2969 Seg fault from ntpq/mrulist when looking at server with lots of clients.
- Bug #2971 NTPQ bails on ^C: select fails: Interrupted system call
- Bug #2962 truncation of size_t/ptrdiff_t on 64bit targets.