SG 5 Update #15

This update adds the following enhancements:

• Updated the default SSL certificate
  • The new certificate expires on February 8, 2027 at 23:59:59 GMT
• New Mariott PMS (FOSSE, FSPMS) support
• Admin GUI-based console CLI access (System > Console)
  • Note: for this feature to work from an ASP-accessed Gateway Admin GUI, ASP 2.8.0 is required
  • Refreshing the System > Console page will terminate the CLI login session. If you need to hold the CLI login session, you will need to dedicate the CLI login session to one browser tab, and open the other menu items in other browser tabs.
• Enhanced security
  • Enhanced SSH security (CVE-2025-61984, CVE-2025-61985)
  • Enhanced the safety of the Port Forwarding feature
    • Admin GUI to recommend numbers from 10000 to 20000 to be used as the listening port in new port forwarding rules to stay clear of port numbers commonly used by the system
  • RADIUS authentication test page to hide entered password in the authentication log listing
• CLI enhancement
  • Improved scp user experience
    • Removed a redundant warning message
    • Added a progress indicator to show the status of the file transfer

This update adds the following bug fixes:

• Fixed Fidelio/JDS-SM custom message hooks not running
• User setting middleware update
  • Prevent high CPU usage by adding some pause before service restart
• Admin GUI fixes
  • Account editor panel
    • Should not have Add Plan option
    • Plan select dropdown box should display plan names with special characters properly
  • Admin Access page
    • Fix missing network address listing after saving the “Limit users accessing this admin system to these Network Address / Subnet Mask pairs” option
• Prevent a rare routing issue (only for some gateways) where LAN IP’s subnet route interfere with other required routes
• Prevent a cron.daily No such file email message from being sent every night. If SMTP Server Settings is properly configured, the email message will get delivered to the recipient every night.

High Availability (HA) Requirements

This update is HA-compatible

• If the connected slave unit is running Update 13, 14, or 15, this update will proceed.
• This update will attempt to update the connected slave unit if the connected slave unit is running Update 13 or 14.
• If the connected slave is outside of 13, 14 or 15, the update will stop. The slave must be isolated, individual nodes updated to the required same version, and then re-paired.

ASP 2.0 Update #8

Enhancements/Changes

• • Update Symfony to V7
• • Update PHP to V8.3.20
• • Update Javascript Libraries
• • Add “Allow Post Check” PMS option for Skytouch REST API
• • Disable Symfony session handler in API nodes
• • Add new config sync_custom_portal_img_url_and_dates: false for custom_parameter.yml
• • Add seatNumber and scanData to EzScan scan_add table
• • Add seatNumber to EzScan Report & Analytics
• • Add seatNumber and scanData to EzScan scan_add API input
• • Add in built in portal and custom portal hide Posted Room No row when Guest auth is selected and show it when ‘Room’ is selected
• • Add the capability to configure logo position and background position & color in editable custom portal
• • Add the capability in the file manager to be able to edit the file directly (Full custom portal and Editable custom portal)
• • Add slider/adtwocolumn/adoverlaytext url and datetime values to save for multi-languages
• • Remove the volume limit toggle in global plan edit
• • Add tunnel program enhancement
• • Add new pms type ‘MEWS’ to guest departure support
• • Disable ICMP timestamp requests
• • Add new config to overwrite slider url and dates in custom portal SCL

Bug Fixes

• • Fixed error navigate to session report after a search in Global account
• • Fixed missing columns (Symfony Upgrade) in reports and analytics page
• • Fixed Apache .htaccess and .htpasswd Disclosure
• • Fixed PHP version and web server branding disclosure
• • Fixed SMTP port 25 blocked on AWS. ASP uses port 587
• • Fixed purchased transaction retrieval taking long time issue
• • Fixed the success message shown after saving a file to reflect the proper meaning
• • Fixed VLAN add validation issues, ASP ME Cannot edit VLAN
• • Fixed EzCast server health status update issue
• • Fixed report_generate cron execution time should be different on id1 and id2
• • Fixed adding VLAN 500 error
• • Fixed Incorrect Form User time issue

ASP VERSION: 2.8.0
RELEASE DATE: 20 Jan 2026

SG 5 Update #14

Important Pre-Update Information

1. Verify System Time Before Updating
Please ensure the gateway’s system time is accurate before applying this update.
Use Settings > Date & Time > Sync Now with a valid NTP server (e.g. pool.ntp.org).
Incorrect system time may cause patch sequencing issues and impact future updates.

2. For Microsoft Exchange Email Users
If you previously applied the temporary workaround of disabling Multi-Factor Authentication (for sender email address), i.e. reverting to Basic SMTP Authentication, to allow sending email via Microsoft Exchange, we strongly recommend the following:

Apply this update.
      a. Configure OAuth authentication on your Exchange server.
      b. Apply this update.
      c. Enter your OAuth credentials in the gateway’s SMTP Server settings.
      d. Remove the temporary workaround on the Exchange side

Note: Microsoft will disable Basic SMTP Authentication starting 1 March 2026, so timely migration to OAuth is required to ensure uninterrupted email functionality.

If you previously applied the temporary workaround of whitelisting source IP to send out email, though the disabling of Basic SMTP Authentication will not affect this, it is still recommended to eventually move to the more secure OAuth authentication.

3. Email Configuration Requirements for Successful Update
This update introduces a unified SMTP Server configuration. The update will abort if conflicting email settings are detected.

To proceed, please ensure:
If Email Client is configured “Local” and Email Server Forwarding is “OFF”
→ Switch Email Client to “None” or “External” or enable Email Server Forwarding.

If Email Client is configured “External” and Email Server Forwarding is “Enabled”
→ The SMTP host and port must match. Otherwise:
     – Disable Email Server Forwarding, or
     – Align both configurations to identical server and port values.
     – All configured sender email addresses (Accounts, Reports, Email Client) must be identical.

After correcting any discrepancies, re-run the update.

4. High Availability (HA) Requirements
This update is HA-compatible.
     – If the connected slave unit is running Update 13, 14, or 15, this update will proceed.
     – This update will attempt to update the connected slave unit if the connected slave unit is running Update 13 or 14.
     – If the connected slave is outside of 13, 14 or 15, the update will stop. The slave must be isolated, individual nodes updated to the required same version, and then re-paired.

This update adds the following:

Enhancements

PMS Integrations
Enhanced support for the following PMS platforms:
     – SkyTouch REST API (Folio Charge)
     – RMS Cloud (REST API – VIP plan support)
     – Cloudbeds PMS
     – WebRezPro REST API

Note: ASP 2.8.0 is required to enable certain features:
     – SkyTouch REST API – per-guest allow-posting control
     – RMS Cloud REST API – VIP-specific plans
     – Cloudbeds PMS, WebRezPro REST API – Tying account expiry to guest departure date

Administrative & Network Improvements
     – Custom MAC address support for WAN VLAN interfaces
     – Improved Payment Gateway configuration page
     – VLAN search added to Session Monitor
     – LDAP Admin Login now supports up to 255-character Search Bind DN

CLI Improvements
     – Pagination-enabled commands now support intuitive navigation keys: j, k, f, b

Security Enhancements
     – ICMP timestamp request protection (CVE-1999-0524)
     – Updated SSH components (CVE-2023-38408, CVE-2025-32728)
     – Stronger NTP security
     – Option to disable TCP timestamps
     – Improved ARP handling in HA environments
     – Restricted IPv6 access to gateway IPs from authenticated downstream devices
     – Updated SSL certificate handling:
     – ECC algorithm support
     – Multiple domain and wildcard domain support

Note: All wildcard and multiple domains specified in the certificate will take effect unless overwritten by the user-entered multiple domains.

     – Enhanced firewall stability
     – Enhanced disk security

Email System Modernization
All outgoing email—system notifications, reports, account maintenance messages, and API-based messages—now uses a centralized SMTP Server configuration.

Key changes:
     – Local Email Server forwarding is now integrated into the unified SMTP system
     – Legacy SMTP “bypass mode” on port 25 is removed
     – Using the gateway as an SMTP server (forwarding OFF) is no longer supported
     – External Email Client or Email Server forwarding configuration is migrated automatically if the settings are unambiguous
     – Full support for OAuth 2.0 SMTP Authentication, aligning with Microsoft’s 2026 authentication changes

Other Enhancements
     – New “file_download” API for custom login pages
     – Reduced log sizes for web server and HTTPS walled-garden proxy

Bug Fixes

– Correct handling of large guest counts from Micros Fidelio PMS
– Fixed inaccurate ARP display in LAN ARP page
– Removed incorrect VLAN creation links in Network Device and Port Binding panels
– Fixed missing port forwarding list after changes
– Corrected NTP server name display after saving settings
– Fixed issue where “Shut Down” triggered a restart
– Corrected persistence of time-based login restrictions
– Fixed complimentary label issue in Event Location editor
– Enabled downloading of large (GB-sized) log files
– Corrected creation timestamps for form users
– Fixed bandwidth sync errors for blocked MAC addresses
– Web proxy’s DNS lookups restricted to A-records only
– Resolved issues caused by unexpected AAAA DNS responses when fetching available updates
– Ensured proper log rotation on all machines

Post-Update Recommendation
A system reboot is recommended after installing this update to ensure that all security enhancements are fully applied.

Release Date: 20 November 2025
Package Name:14.SG5000_base-sys-bulk06-20250810-01.pkg
MD5 checksum: 9d28bfd78102d3ce8e10268d38c67945
File size: 79 MB

SG 5 Update #13

This update adds the following:  

   – PMS System Compatibility: Resolved an issue that caused non-web-based PMS systems to stop functioning correctly.

   – HA Failover Performance: Fixed a problem on some SG 5200 deployments where failover took longer than expected.

   – LDAP Authentication Fix: Addressed an issue where admin GUI login via LDAP authentication failed when the LDAP server used LDAP_OPT_REFERRALS.

   – Account Expiry Issue: Fixed a bug where user accounts created through the account printer expired immediately after creation. 

Note: This update shall also update the HA peer node without having to failover, provided the HA peer node is already patched up to Update 12.
So, you would need to ensure that both HA nodes are patched up to Update 12 and then apply Update 13 to take advantage of this feature (automatic patching of HA peer without failing over). 

Release Date: 22 Apr 2025
PackageName:13.SG5000_base-sys-hotfix-20250417-01.pkg
MD5 Checksum:65d6cecab6ed043ebedba6642a2c262b
File size: 6.6 MB

SG 5 Update #12

This update adds the following:

     – Updated 10GE Network Driver: Enhanced compatibility and performance for SG 5200 and IG 4210S models. Note: manual reboot is required for the updated driver to take effect.

     – Fixed SSL Certificate Recognition Issue: Resolved a problem where the system failed to recognize the custom SSL certificate if its domain name contained uppercase letters.

     – Resolved Admin GUI Access Blockage: Fixed the issue where a rare race condition could prevent access to the admin GUI.

Release Date: 3 Apr 2025
PackageName: 12.SG5000_base-sys-hotfix-20250402-01.pkg
MD5 Checksum: 15a7c9c4ff6a42c5d926cbb1986bab05
File size: 318 KB

SG 4 Update #52

Update Release No. 52
Release Date: 20 Mar 2025
Update File Name: 52.SG4000_base-hotfix-certificate-20250217-01.pkg
MD5 Checksum: 675e1970f4b944cb095dd334f345c34b

IG 4 Update #52

Update Release No. 52
Release Date: 20 Mar 2025
Update File Name: 52.IG4000_base-hotfix-certificate-20250217-01.pkg
MD5 Checksum: 33c6a0dbc4a4812770e6fb970c9567fe

SG 5 Update #11

This update adds the following enhancements:

• Downstream login
• Credit Card Authentication – support for more payment gateways:
• Cybersource Unified Checkout
• Note: ASP 2.0.6 is required to support this.
• Bank of Maldives Connect API
• Note: ASP 2.0.3 is required.
• PMS Authentication – new support for Mews PMS
• Bigger fonts and clearer instructions to guide user to switch to Safari for social media login (Facebook, Google) on iOS devices
• Note: this Safari-switching feature has been available at the Admin GUI > Authentication > Settings

• Update ezxcess.antlabs.com SSL certificate – new expiry in February 2026

• New dashboard.now for downstream users to view the logged-in success page or the landing page before login

• PMS-related enhancements
• New diagnostics page for Shiji Cloud PMS
• Guest information check based on room code
• Posting
• With SkyTouch /CONNECT PMS (Events Webhook), the gateway’s web API shall accept any Content-Type header beginning with application/json

• Add Sync Now feature to Date & Time settings page to allow the admin user to have system time synced up with the NTP server immediately

• System Log enhancement
• Remote syslog enhancement
• New option to use TCP connection to the remote server
• New option to use RFC 3339 date/time format, e.g. 2025-12-31T23:59:59+02:00
• New option to customize the host name that shows in the log entries

• Support incoming SFTP-mode SCP operations

• CLI enhancements
• Support for | pipe operator to direct stdout of one program to stdin of another
• Hit Tab key for auto-complete of commands, folders and file names
• Many more commands
• New non-elevated mode commands to support troubleshooting
• New supervisor mode commands, including
• mgmt to display/change management port IP settings
• wan to display/change WAN IP settings
• Note: existing CLI sessions will not work properly after applying this update. Please logout of existing CLI sessions and login again to access the new CLI commands.

• Security enhancements:
• Allow Admin GUI’s Remote Access page to optionally configure Ciphers, Key Exchange Algorithms, Message Authentication Codes (MACs)
• Note: OpenSSH configuration format is required for the input. Multiple ciphers must be comma-separated.
• Resolve various SSH vulnerabilities – CVE-2023-48795, CVE-2023-51385, CVE-2024-6387
• Prevent after-login downstream web proxy access to management network
• Prevent management port IP from appearing in the output of a downstream traceroute to an upstream IP
• Web proxy (used by HTTPS domain walled garden) upgrade to include CVE-2023-25076 vulnerability fix
• Prevent revealing of web server version via a web-accessible file

• Performance enhancements:
• Upgrade web server and tune its per-client connection and request rate limits
• Online Certificate Status Protocol (OCSP) stapling for custom SSL certificate so user checking the certificate’s validity gets a faster response

• Admin GUI enhancements:
• Display configured web-filter profile number when viewing plan via ASP page’s View Plans
• Remove checks that are not needed from Go-live System Checks

• Applying consistency across the various product models
• 15 plan-based relogin zones
• 30 event locations

• Other system component updates:
• Client manager update to stop performing legacy license check on startup
• New scan_data API to open camera to scan boarding pass or passport and scan_add to post up to ASP the data that has been scanned
• Note: ASP 2.0.6 is required to accept the data from scan_add and show in reports
• Update auth_logout API and login session manager module to support sending up the session termination cause to ASP
• auth_logout now supports a new optional termination_reason input that accepts any of the RFC 2866-defined Acct-Terminate-Cause code values
• account_add API to return a more informative error message when account already exists
• social_init API to return an error for Instagram. Instagram has deprecated its login API since December 2024 so the ANTlabs gateway can no longer support Instagram login as a downstream authentication method.
• Update NTP client to update hardware clock whenever date/time is set via NTP

*This update includes the following fixes:

• Downstream-related issues
• Multi-WAN load balancing-related issues
• Client manager issues
• ASP settings sync issues
• Admin GUI issues
• CLI fixes
• API fixes
• Fix report-related issues
• Lawful intercept fix
• Fix some gateways having wrong QoS setup
• Other system component fixes

*Note: You may check the full details of the updates in the Partner Portal under the Product Update & Patches tab, inside the SG 5 Patch Release/Technical Notes folder.

This update does not automatically reboot the gateway. The enhancements and fixes take effect upon applying the update. Admin GUI updates require relogin to the GUI to see the new changes.

Release Date: 17 March 2025
PackageName: 11.SG5000_base-sys-bulk05-20240910-01.pkg
MD5 Checksum: 7865661b1fea441adf3d7287a548bde8 (updated 19 Mar 2025)
File size: 115 MB

SG 5 Update #10

This update adds the following enhancements:

  – Kernel upgrade
      • Better performance
      • Enhanced support for vSG
            • VMXNET3 paravirtual network driver support
            • Updated drivers for passthrough compatibility with more network card hardware

  – Client manager upgrade
      • IP conflict event to include target IP address (typically the client’s gateway address) for informed troubleshooting
      • IP conflict events caused by gratuitous ARP not to trigger arpdIpConflictTrap SNMP trap
      • Handle ARP packet with both IP and VLAN location change

  – Removed bootloader serial I/O for the hardware gateway appliances
      • Prevent PMS serial traffic from pausing the boot cycle

This update fixes the issue where TM, the epoch timestamp field, in the lawful intercept log is always zero.

On successful application of this update, the gateway will reboot automatically.

Release Date: 17 March 2025
Update File Name:10.SG5000_base-sys-kernel-20240829-01.pkg
MD5 Checksum: cab736b61506fc2b0ae446e307c23660
File size: 73 MB

ASP 2.0 Update #7

Enhancements

• • Implemented a monitoring system to collect, store, and analyze data from a wide range of monitored devices, systems, and services
• • Upgraded Secure Remote Access Tool to version 8.8 for enhanced security and performance
• • Improved portals to allow configuration of slider start and end times
• • Enhanced authentication server to enable automatic database restarts
• • Implemented a new full sync command to resolve the data synchronization issue
• • Changed database storage engine for improved consistency
• • Disable strict data mode to turn off stricter data handling and integrity checks
• • Created a new scheduled task to regenerate session usage data, addressing the issue where the session usage chart was empty when a user logged out the next day
• • Changed the “Airline” column to “Flight Number” in the ASP Scan Report

Bug Fixes

• • Fixed Network Time Protocol configuration to ensure that all connected systems maintain accurate and consistent time
• • Fixed the bug where the user device information was missing
• • Fixed the issue where old authentication log files were not being cleaned up
• • Fixed the issue of the user creation debug log file growing continuously and introduced an option to disable logging
• • Fixed the issue of the database log file continuously growing
• • Fixed the issue where the global account failed to log in the second time using the same device and access point, returning an error that the user was already logged in
• • Fixed the issue that prevented the database server from starting
• • Fixed the database HA failover issue
• • Fixed the issue where gateway patch installation via ASP failed when the patch file was large

ASP VERSION: 2.0.7
RELEASE DATE: 18 Dec 2024