SG 5 Update #14

Important Pre-Update Information

1. Verify System Time Before Updating
Please ensure the gateway’s system time is accurate before applying this update.
Use Settings > Date & Time > Sync Now with a valid NTP server (e.g. pool.ntp.org).
Incorrect system time may cause patch sequencing issues and impact future updates.

2. For Microsoft Exchange Email Users
If you previously applied the temporary workaround of disabling Multi-Factor Authentication (for sender email address), i.e. reverting to Basic SMTP Authentication, to allow sending email via Microsoft Exchange, we strongly recommend the following:

Apply this update.
      a. Configure OAuth authentication on your Exchange server.
      b. Apply this update.
      c. Enter your OAuth credentials in the gateway’s SMTP Server settings.
      d. Remove the temporary workaround on the Exchange side

Note: Microsoft will disable Basic SMTP Authentication starting 1 March 2026, so timely migration to OAuth is required to ensure uninterrupted email functionality.

If you previously applied the temporary workaround of whitelisting source IP to send out email, though the disabling of Basic SMTP Authentication will not affect this, it is still recommended to eventually move to the more secure OAuth authentication.

3. Email Configuration Requirements for Successful Update
This update introduces a unified SMTP Server configuration. The update will abort if conflicting email settings are detected.

To proceed, please ensure:
If Email Client is configured “Local” and Email Server Forwarding is “OFF”
→ Switch Email Client to “None” or “External” or enable Email Server Forwarding.

If Email Client is configured “External” and Email Server Forwarding is “Enabled”
→ The SMTP host and port must match. Otherwise:
     – Disable Email Server Forwarding, or
     – Align both configurations to identical server and port values.
     – All configured sender email addresses (Accounts, Reports, Email Client) must be identical.

After correcting any discrepancies, re-run the update.

4. High Availability (HA) Requirements
This update is HA-compatible.
     – If the connected slave unit is running Update 13, 14, or 15, this update will proceed.
     – This update will attempt to update the connected slave unit if the connected slave unit is running Update 13 or 14.
     – If the connected slave is outside of 13, 14 or 15, the update will stop. The slave must be isolated, individual nodes updated to the required same version, and then re-paired.

This update adds the following:

Enhancements

PMS Integrations
Enhanced support for the following PMS platforms:
     – SkyTouch REST API (Folio Charge)
     – RMS Cloud (REST API – VIP plan support)
     – Cloudbeds PMS
     – WebRezPro REST API

Note: ASP 2.8.0 is required to enable certain features:
     – SkyTouch REST API – per-guest allow-posting control
     – RMS Cloud REST API – VIP-specific plans
     – Cloudbeds PMS, WebRezPro REST API – Tying account expiry to guest departure date

Administrative & Network Improvements
     – Custom MAC address support for WAN VLAN interfaces
     – Improved Payment Gateway configuration page
     – VLAN search added to Session Monitor
     – LDAP Admin Login now supports up to 255-character Search Bind DN

CLI Improvements
     – Pagination-enabled commands now support intuitive navigation keys: j, k, f, b

Security Enhancements
     – ICMP timestamp request protection (CVE-1999-0524)
     – Updated SSH components (CVE-2023-38408, CVE-2025-32728)
     – Stronger NTP security
     – Option to disable TCP timestamps
     – Improved ARP handling in HA environments
     – Restricted IPv6 access to gateway IPs from authenticated downstream devices
     – Updated SSL certificate handling:
     – ECC algorithm support
     – Multiple domain and wildcard domain support

Note: All wildcard and multiple domains specified in the certificate will take effect unless overwritten by the user-entered multiple domains.

     – Enhanced firewall stability
     – Enhanced disk security

Email System Modernization
All outgoing email—system notifications, reports, account maintenance messages, and API-based messages—now uses a centralized SMTP Server configuration.

Key changes:
     – Local Email Server forwarding is now integrated into the unified SMTP system
     – Legacy SMTP “bypass mode” on port 25 is removed
     – Using the gateway as an SMTP server (forwarding OFF) is no longer supported
     – External Email Client or Email Server forwarding configuration is migrated automatically if the settings are unambiguous
     – Full support for OAuth 2.0 SMTP Authentication, aligning with Microsoft’s 2026 authentication changes

Other Enhancements
     – New “file_download” API for custom login pages
     – Reduced log sizes for web server and HTTPS walled-garden proxy

Bug Fixes

– Correct handling of large guest counts from Micros Fidelio PMS
– Fixed inaccurate ARP display in LAN ARP page
– Removed incorrect VLAN creation links in Network Device and Port Binding panels
– Fixed missing port forwarding list after changes
– Corrected NTP server name display after saving settings
– Fixed issue where “Shut Down” triggered a restart
– Corrected persistence of time-based login restrictions
– Fixed complimentary label issue in Event Location editor
– Enabled downloading of large (GB-sized) log files
– Corrected creation timestamps for form users
– Fixed bandwidth sync errors for blocked MAC addresses
– Web proxy’s DNS lookups restricted to A-records only
– Resolved issues caused by unexpected AAAA DNS responses when fetching available updates
– Ensured proper log rotation on all machines

Post-Update Recommendation
A system reboot is recommended after installing this update to ensure that all security enhancements are fully applied.

Release Date: 20 November 2025
Package Name:14.SG5000_base-sys-bulk06-20250810-01.pkg
MD5 checksum: 9d28bfd78102d3ce8e10268d38c67945
File size: 79 MB