ERM release notes

This section lists the new features, changes in functionality, fixed issues and security improvements in the Pexip Enhanced Room Management (ERM) product and installer.

ERM product changelog

This section lists the new features and changes in the ERM product.

Version 1.0.1

Added

  • Add support to bulk provision saved dial settings from ERM to endpoints
  • Add support to bulk provision chained passive provisioning
  • Display loading errors on dashboard
  • Support for getting provisioning data from external passive provisioning server
  • Display license information on Dashboard
  • Display call history from local call statistics for passive endpoints
  • Support for syncing external sources to nested subgroup (delimited by >)
  • Merge folders with the same name from multiple sources in addressbook search
  • Add API endpoint to force addressbook sync
  • Log TMS address book sync error, force UTF-8 encoding

Fixed

  • Fix database initialization if using FQDN with over 100 characters
  • Fix translation in policy views and macro dialog
  • Don't display full html page as error message if raw error is passed to frontend
  • Strip XML namespace from chained passive provision services using tandberg CUIL namespace
  • Better connection/response error-handling when updating endpoint status
  • Better error handling of disconnecting participants in ongoing meeting list
  • Fix using prefilled default SIP proxy password when bulk-provisioning endpoint dial settings
  • Fix saving endpoints if changing it from backend admin
  • Fix freetext search for address book items in root folder
  • Fix rescheduling tasks for next night when last task in particular timezone had errors
  • Better error handling for connection errors when updating call statistics from previously offline endpoints
  • Reset user session if currently selected customer is removed
  • Remove console log for missing favicon
  • Remove console warning in organization tree view
  • Fix endpoint proxy-client empty password in multi-tenant ERM installations
  • Prefill default sip proxy settings when provisioning multiple endpoints
  • Bulk provisioning missing endpoint device aliases to Pexip Infinity
  • Remove empty columns from endpoint debug view error log
  • Use password input for new password field in provisioning view
  • Better error message on chained provisioning errors

Security

  • Upgrade libgmp, zlib1g, libssl, libexpat, gzip, liblzma5
  • Upgrade django
  • Related CVEs: CVE-2022-0778 CVE-2021-43618 CVE-2018-25032 CVE-2022-23852 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25315 CVE-2022-22818 CVE-2022-23833 CVE-2022-1271

Changed

  • Increase log verbosity for ldap logins
  • Allow multiple reverse proxy/load balancer hops when resolving client ip
  • Log firmware version when called endpoint commands fail
  • Don't set endpoint status to "in call" when display endpoint status until call is connected
  • Always display mac address and serial field in endpoint form to be able to replace it with a new one
  • Open endpoint web admin interface in new window
  • Set default passive provision heartbeat to 7 minutes (activated endpoint still use < 1 min)
  • Display password indicator in provision dialog if default sip proxy password is set
  • Only allow selecting one endpoint when filtering statistics instead of silently ignoring extra ones
  • Disable change password functionality for passive endpoints - not supported
  • Hide add new organization unit from system list, empty groups are hidden

ERM Installer changelog

This section lists the new features and changes in the ERM installer.

Version 1.0.6

Added

  • Add support for deployment as a cloud service in Microsoft Azure and Google Cloud Platform.
  • Add support to override DNS entries for specific hosts
  • Warn about missing CA/Intermediaries from certificate chain
  • Add support for trusting load balancers using whole networks
  • Support validating SSL CA trust against external server using network tools
  • Improve error message when trying to browse to invalid FQDN/using IP to access services
  • Add info about using offline mode until CA has been trusted when using HTTPS proxy
  • Add support to export manually upgraded Installer version
  • Add support to test HTTP requests in network tools
  • Add choice to either uninstall component or remove it completely
  • Display shortcuts to importing offline bundles when running in offline mode
  • Display notice about required re-deploy after configuration change
  • Display notice about required re-deploy after CA-change
  • Validate uploaded private key/certificate and display warnings for mismatches
  • Use global CA trust instead of dedicated CA bundle file for each component
  • Support to remove not installed products from list

Fixed

  • Fix upgrading Installer from CLI before setting license key
  • Remove warning from load balancer logs about missing port
  • Clearer error display of some forms visible in separate tabs
  • Allow using domain names using leading digits
  • Fix subject alt names in CSR generation, use meaningful filename
  • Limit number of characters for fqdn-based service name and remove trailing special characters
  • Don't try to output ldap metadata result
  • Apply custom CA settings directly after save
  • Fix offline bundle export of Installer
  • Fix registry name for offline upgrades
  • Use trusted custom CA in Installer as well as components
  • Fix change password success message/redirect

Security

  • Upgrade gzip
  • Upgrade zlib1g, libssl
  • Upgrade libexpat
  • Related CVEs: CVE-2022-1271, CVE-2021-43618, CVE-2018-25032, CVE-2022-23852 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25315

Changed

  • Indent each individual certificate in certificate bundle
  • Display full chain in certificate textarea
  • Separate general server settings form from network related settings
  • Use separate virtual network for Installer load balancer
  • Redirect to certificate details view after generating new certificate
  • Include CSR generation in form header
  • Replace self-signed server default certificate if component certificate uses the same FQDN
  • Increase max length of LDAP filter
  • Display select all-checkbox at top of Log view as well as at bottom
  • Prepare offline export and display log before file download
  • Improve help texts for CA certificates
  • Pre-populate server IP/hostname on first boot