Changes since v4.4.36, the last stable release version, as follows.
- Fixes for config application and changes for QoS Tag setting on WAN. Previously config changes may have resulted in a commit error, or not been applied until reboot.
- Problem with IPsec VPNs with multi-WAN in load balance mode resolved.
- More prominent warning upon SSH login that config changes made locally will be blown away by controller on next provision.
- Remove logging of ALIEN drops because of log spam and performance issues it could induce. May return as a configurable option in the future.
- In circumstances where multiple alerts are generated in a short period of time, the utmdaemon process may not de-allocate the memory allocated to handling those alerts, leading to memory utilization increasing for each alert handled and only decreasing upon rebooting.
- GeoIP DHCP WAN bug fix - In some configurations, GeoIP Filtering could block DHCP requests from USG, leaving it unable to obtain an IP from the ISP. This DHCP traffic is now always permitted regardless of GeoIP configuration.
- Omit sensitive data in 'show tech-support' output.
- Increase maximum dnsmasq DHCP leases to 1 million. Previously used dnsmasq's default limit of 1000, which is far less than it can handle in USG's use cases.
- Fix for "soft lockup" crashes. Increases watchdog threshold so normal, expected conditions don't cause a crash. Primarily applicable to USG3 when under extreme CPU load, usually from IDS/IPS and heavy traffic loads. Not aware of any applicability to USG Pro or XG, as the former seems to be fast enough to not exceed the lower threshold, and the latter has enough cores that processes are never starved for CPU nearly long enough.
- Fix use of OSPF and 'passive-interface default'.
- Reduce delay in host-table stats in informs. Reports guests as expired faster, as well as reflecting other client statistics faster in some cases.
- IPS: added back end functionality for upcoming new controller feature.
- USG-XG-8 Specific: Fix Ethernet driver bug on copper interface with VLAN tagging. Previously at 1500 MTU, the largest passable frame was 1496 with 802.1Q tag. This is fixed so 1500 MTU plus VLAN tag is functional. Did not impact the SFP+ ports.
- Fix speed test servers with port in URL. This used to be very few, but is now the vast majority, which lead to speed test not working for many people.
- Fix three denial of service vulnerabilities in miniupnpd. Where UPnP is enabled (it is disabled by default), hosts on the LAN can crash the UPnP service. There is no potential impact beyond making UPnP stop functioning until rebooting. CVE-2019-12106, CVE-2019-12108, and CVE-2019-12109.
- USG Pro