Category: Release Notes

    SG 5 Update #17

    Note:

    • It is recommended to reboot the gateway (via Admin GUI or CLI) after applying this update in order for some of the fixes to apply, namely the CVE-2026-31431 vulnerability fix and the network performance tuning.
    • This update comes with HA-specific features:
      • This update will apply automatically to the connected HA peer if the peer is already at 16 or 17 update level.
      • If the connected peer’s update level is lower than 16 or higher than 18, the update will abort prematurely and not apply anything on either machine.

    This update includes the following enhancements:

    • Add Microsoft Graph API support for sending email
    • Allows a static destination-based route out Management Port or one of the WAN links to specify its source IP behaviour:
      • Use Floating IP,
        • Selecting this allows packets following this static route out the specified interface to pick up the floating IP as the source IP
          • Note: if floating IP is disabled, this route will not be brought up.
      • Use Physical IP, or
      • Default (will use physical IP, even in the presence of floating IP)
    • SMPP Settings GUI enhanced to allow configuration of more fields that are sent to the configured SMPP server
      • New fields added: Source/Destination Type of Number (TON) and Numbering Plan Identification (NPI)
    • PMS enhancement:
      • Cybersource – Logs API messages inside PHP log (/log/php/php.log) for enhanced troubleshooting
    • Security enhancements:
      • Prevents various kernel vulnerabilities: CVE-2026-43284, CVE-2026-43500, CVE-2026-46300, CVE-2026-31431, CVE-2026-31635
    • Web server enhancements:
      • Improved stability
      • Resolved some vulnerabilities: CVE-2026-42945, CVE-2026-49975
    • Network performance tuning
      • Set RX/TX ring buffer size of LAN and WAN network ports to the maximum values allowed by the hardware
    • Client Manager update for improved ARP responsiveness in the rare situation where database becomes sluggish

    This update contains the following fixes:

    • Networking-related fixes:
      • Fixed network device’s permanent ARP entry not being brought up when its associated WAN interface is brought down and then up
      • Fixed some static routes not being brought up when interface is brought up, e.g. upon system power-up
      • Moved unauthenticated users to a dedicated QoS tier enjoying the full bandwidth allowed by the gateway. This resolved the issue where unauthenticated users are not getting landing page when the None QoS tier is already heavily utilized by authenticated users.
      • Fixed downstream users in a QoS class (with no per-client/account rate limit) experiencing slowness when there are many users in the same QoS class
    • Fixes for downstream authentication:
      • Fixed MAC-blocked device gaining internet access under an auto-login location
      • Shiji PMS – Resolved the issue where guest info retrieval fails, returning an “Invalid filter syntax” error
    • Admin GUI fixes:
      • Fixed load-balancer monitor page not showing weight and other data in the right order
      • Fixed not being able to disable an existing user account
      • Fixed port forwarding editor panel always showing LAN NO VLAN for an existing port forwarding rule that is not going through LAN NO VLAN
      • Fixed date search for various listing pages: accounts, device monitor, device log, credit card log, admin audit log.
      • Added admin audit trail for editing of WAN Firewall rules
      • Resolved the issue where adding a pre-existing static route that is not through LAN caused the interface selection to toggle to LAN in the response page
    • Fixed not being able to clean up session log entries when there are a huge number of them
    • Fixed not being able to retrieve software version information from HA peer when HA peer is under certain SSH load.
      • This resolved the issue where ASP wrongly determined that there was software version mismatch between the HA nodes and sent out notification emails.
    • Fixed a rare problem where lawful intercept did not start logging upon service start
    • Fixed malformed SMPP packet sent out by the gateway
    • Fixed GUI-triggered Change HA ID causing the machine to get stuck in the passive mode

    Package name: 17.SG5000_base-sys-bulk08-20260430-01.pkg

    MD5 checksum: 69ae7a7081ca5d03b3853e64b7ee44e4 (updated 6 Jul)

    File size: 130 MB

    Release date: 2 July 2026

    ASP 2.0 Update #9
    Release Date: 10 June 2026

    ASP 2.9.1

    Bug Fixes

    • Fixed an issue where the header row was missing from the downloaded monthly license usage report.
    • Fixed an issue where checking the casting report resulted in a 500 Internal Server Error.
    • Fixed an issue where the Org Super Admin could not see a newly created site.
    • Fixed a “404 Not Found” error when downloading reports from Report & Analytics > Downloads.
    • Fixed an issue where the Terms and Conditions consent popup did not support scrolling for long content.

    APIs

    • Fixed an issue where the Org Super Admin could not see a newly created site.

    ASP 2.9.0

    Enhancements and Changes

    • Added terminal access to the cast server, enabling access from the ASP GUI.
    • Added an option in the GUI to end guest sessions from the server side.
    • Added a timezone field to the organization add and edit form.
    • Added a new menu switcher in the ASP GUI to navigate between different hospitality services.
    • Added a description field in the site list, allowing users to add notes for each site.

    Bug Fixes

    • Fixed an issue where the TruAuth Report service would repeatedly restart due to an internal error.
    • Fixed an issue causing duplicate OTP emails to be sent.
    • Fixed an issue where the client logo was not displayed in OTP emails.
    • Fixed an issue where the built-in portal background image did not display after uploading a new image.
    • Fixed an issue where the location portal welcome page banner could not be disabled or removed once enabled.
    • Fixed an issue preventing custom landing page configuration when HTTPS was enabled, which caused portal save failures.
    • Fixed an issue where background images and icons uploaded for TV display were not taking effect.

    APIs

    • Introduced new APIs to manage VLANs, including creating, updating, deleting, and retrieving single or multiple VLANs.
    • Added new APIs to manage plans, allowing users to create, update, delete, and retrieve individual or all plans.
    • Added new APIs to duplicate and delete locations.
    • Added a new API to duplicate a site and check duplication status.
    • Added a new API to update room devices.
    • Enhanced the API for retrieving all portals to include additional output fields for site name and zone.
    • Added a timezone field in the Organization Add, Update, Get, and Get All APIs.

    SG 5 Update #16

    This update fixes the PMS guest login issue where the Matching First X Characters has been configured but the downstream guest fails to login with the first X characters of the guest name/number.

    Release Date: 6 March 2026
    Package Name:16.SG5000_base-sys-hotfix-20260305-01.pkg
    MD5 checksum: 9f3e677de07b1479875b9e9fdb3e70aa (updated 20 Apr 2026)
    File size: 322 KB

    SG 5 Update #15

    This update adds the following enhancements:

    • Updated the default SSL certificate
      • The new certificate expires on February 8, 2027 at 23:59:59 GMT
    • New Mariott PMS (FOSSE, FSPMS) support
    • Admin GUI-based console CLI access (System > Console)
      • Note: for this feature to work from an ASP-accessed Gateway Admin GUI, ASP 2.8.0 is required
      • Refreshing the System > Console page will terminate the CLI login session. If you need to hold the CLI login session, you will need to dedicate the CLI login session to one browser tab, and open the other menu items in other browser tabs.
    • Enhanced security
      • Enhanced SSH security (CVE-2025-61984, CVE-2025-61985)
      • Enhanced the safety of the Port Forwarding feature
        • Admin GUI to recommend numbers from 10000 to 20000 to be used as the listening port in new port forwarding rules to stay clear of port numbers commonly used by the system
      • RADIUS authentication test page to hide entered password in the authentication log listing
    • CLI enhancement
      • Improved scp user experience
        • Removed a redundant warning message
        • Added a progress indicator to show the status of the file transfer

    This update adds the following bug fixes:

    • Fixed Fidelio/JDS-SM custom message hooks not running
    • User setting middleware update
      • Prevent high CPU usage by adding some pause before service restart
    • Admin GUI fixes
      • Account editor panel
        • Should not have Add Plan option
        • Plan select dropdown box should display plan names with special characters properly
      • Admin Access page
        • Fix missing network address listing after saving the “Limit users accessing this admin system to these Network Address / Subnet Mask pairs” option
    • Prevent a rare routing issue (only for some gateways) where LAN IP’s subnet route interfere with other required routes
    • Prevent a cron.daily No such file email message from being sent every night. If SMTP Server Settings is properly configured, the email message will get delivered to the recipient every night.

     

    High Availability (HA) Requirements

    This update is HA-compatible

    • If the connected slave unit is running Update 13, 14, or 15, this update will proceed.
    • This update will attempt to update the connected slave unit if the connected slave unit is running Update 13 or 14.
    • If the connected slave is outside of 13, 14 or 15, the update will stop. The slave must be isolated, individual nodes updated to the required same version, and then re-paired.

    Release date: 22 January 2026
    Package name: 15.SG5000_base-sys-bulk07-20260125-01.pkg
    MD5 checksum: ab948346da594a29df280f1e79d2715e (updated 20 Apr 2026)
    File size: 39 MB

    ASP 2.0 Update #8

    Enhancements/Changes

    • • Update Symfony to V7
    • • Update PHP to V8.3.20
    • • Update Javascript Libraries
    • • Add “Allow Post Check” PMS option for Skytouch REST API
    • • Disable Symfony session handler in API nodes
    • • Add new config sync_custom_portal_img_url_and_dates: false for custom_parameter.yml
    • • Add seatNumber and scanData to EzScan scan_add table
    • • Add seatNumber to EzScan Report & Analytics
    • • Add seatNumber and scanData to EzScan scan_add API input
    • • Add in built in portal and custom portal hide Posted Room No row when Guest auth is selected and show it when ‘Room’ is selected
    • • Add the capability to configure logo position and background position & color in editable custom portal
    • • Add the capability in the file manager to be able to edit the file directly (Full custom portal and Editable custom portal)
    • • Add slider/adtwocolumn/adoverlaytext url and datetime values to save for multi-languages
    • • Remove the volume limit toggle in global plan edit
    • • Add tunnel program enhancement
    • • Add new pms type ‘MEWS’ to guest departure support
    • • Disable ICMP timestamp requests
    • • Add new config to overwrite slider url and dates in custom portal SCL

    Bug Fixes

    • • Fixed error navigate to session report after a search in Global account
    • • Fixed missing columns (Symfony Upgrade) in reports and analytics page
    • • Fixed Apache .htaccess and .htpasswd Disclosure
    • • Fixed PHP version and web server branding disclosure
    • • Fixed SMTP port 25 blocked on AWS. ASP uses port 587
    • • Fixed purchased transaction retrieval taking long time issue
    • • Fixed the success message shown after saving a file to reflect the proper meaning
    • • Fixed VLAN add validation issues, ASP ME Cannot edit VLAN
    • • Fixed EzCast server health status update issue
    • • Fixed report_generate cron execution time should be different on id1 and id2
    • • Fixed adding VLAN 500 error
    • • Fixed Incorrect Form User time issue

    ASP VERSION: 2.8.0
    RELEASE DATE: 20 Jan 2026

    SG 5 Update #14

    Important Pre-Update Information

    1. Verify System Time Before Updating
    Please ensure the gateway’s system time is accurate before applying this update.
    Use Settings > Date & Time > Sync Now with a valid NTP server (e.g. pool.ntp.org).
    Incorrect system time may cause patch sequencing issues and impact future updates.

    2. For Microsoft Exchange Email Users
    If you previously applied the temporary workaround of disabling Multi-Factor Authentication (for sender email address), i.e. reverting to Basic SMTP Authentication, to allow sending email via Microsoft Exchange, we strongly recommend the following:

    Apply this update.
          a. Configure OAuth authentication on your Exchange server.
          b. Apply this update.
          c. Enter your OAuth credentials in the gateway’s SMTP Server settings.
          d. Remove the temporary workaround on the Exchange side

    Note: Microsoft will disable Basic SMTP Authentication starting 1 March 2026, so timely migration to OAuth is required to ensure uninterrupted email functionality.

    If you previously applied the temporary workaround of whitelisting source IP to send out email, though the disabling of Basic SMTP Authentication will not affect this, it is still recommended to eventually move to the more secure OAuth authentication.

    3. Email Configuration Requirements for Successful Update
    This update introduces a unified SMTP Server configuration. The update will abort if conflicting email settings are detected.

    To proceed, please ensure:
    If Email Client is configured “Local” and Email Server Forwarding is “OFF”
    → Switch Email Client to “None” or “External” or enable Email Server Forwarding.

    If Email Client is configured “External” and Email Server Forwarding is “Enabled”
    → The SMTP host and port must match. Otherwise:
         – Disable Email Server Forwarding, or
         – Align both configurations to identical server and port values.
         – All configured sender email addresses (Accounts, Reports, Email Client) must be identical.

    After correcting any discrepancies, re-run the update.

    4. High Availability (HA) Requirements
    This update is HA-compatible.
         – If the connected slave unit is running Update 13, 14, or 15, this update will proceed.
         – This update will attempt to update the connected slave unit if the connected slave unit is running Update 13 or 14.
         – If the connected slave is outside of 13, 14 or 15, the update will stop. The slave must be isolated, individual nodes updated to the required same version, and then re-paired.


    This update adds the following:

    Enhancements

    PMS Integrations
    Enhanced support for the following PMS platforms:
         – SkyTouch REST API (Folio Charge)
         – RMS Cloud (REST API – VIP plan support)
         – Cloudbeds PMS
         – WebRezPro REST API

    Note: ASP 2.8.0 is required to enable certain features:
         –
    SkyTouch REST API – per-guest allow-posting control
         – RMS Cloud REST API – VIP-specific plans
         – Cloudbeds PMS, WebRezPro REST API – Tying account expiry to guest departure date

    Administrative & Network Improvements
         – Custom MAC address support for WAN VLAN interfaces
         – Improved Payment Gateway configuration page
         – VLAN search added to Session Monitor
         – LDAP Admin Login now supports up to 255-character Search Bind DN

    CLI Improvements
         – Pagination-enabled commands now support intuitive navigation keys: j, k, f, b

    Security Enhancements
         – ICMP timestamp request protection (CVE-1999-0524)
         – Updated SSH components (CVE-2023-38408, CVE-2025-32728)
         – Stronger NTP security
         – Option to disable TCP timestamps
         – Improved ARP handling in HA environments
         – Restricted IPv6 access to gateway IPs from authenticated downstream devices
         – Updated SSL certificate handling:
         – ECC algorithm support
         – Multiple domain and wildcard domain support

    Note: All wildcard and multiple domains specified in the certificate will take effect unless overwritten by the user-entered multiple domains.

         – Enhanced firewall stability
         – Enhanced disk security

    Email System Modernization
    All outgoing email—system notifications, reports, account maintenance messages, and API-based messages—now uses a centralized SMTP Server configuration.

    Key changes:
         – Local Email Server forwarding is now integrated into the unified SMTP system
         – Legacy SMTP “bypass mode” on port 25 is removed
         – Using the gateway as an SMTP server (forwarding OFF) is no longer supported
         – External Email Client or Email Server forwarding configuration is migrated automatically if the settings are unambiguous
         – Full support for OAuth 2.0 SMTP Authentication, aligning with Microsoft’s 2026 authentication changes

    Other Enhancements
         – New “file_download” API for custom login pages
         – Reduced log sizes for web server and HTTPS walled-garden proxy

    Bug Fixes

    – Correct handling of large guest counts from Micros Fidelio PMS
    – Fixed inaccurate ARP display in LAN ARP page
    – Removed incorrect VLAN creation links in Network Device and Port Binding panels
    – Fixed missing port forwarding list after changes
    – Corrected NTP server name display after saving settings
    – Fixed issue where “Shut Down” triggered a restart
    – Corrected persistence of time-based login restrictions
    – Fixed complimentary label issue in Event Location editor
    – Enabled downloading of large (GB-sized) log files
    – Corrected creation timestamps for form users
    – Fixed bandwidth sync errors for blocked MAC addresses
    – Web proxy’s DNS lookups restricted to A-records only
    – Resolved issues caused by unexpected AAAA DNS responses when fetching available updates
    – Ensured proper log rotation on all machines


    Post-Update Recommendation
    A system reboot is recommended after installing this update to ensure that all security enhancements are fully applied.

    Release Date: 20 November 2025
    Package Name:14.SG5000_base-sys-bulk06-20250810-01.pkg
    MD5 checksum: a9abe38383587454cac8ddd72b4fa062 (updated 20 Apr 2026)
    File size: 79 MB

    SG 5 Update #13

    This update adds the following:  

       – PMS System Compatibility: Resolved an issue that caused non-web-based PMS systems to stop functioning correctly.

       – HA Failover Performance: Fixed a problem on some SG 5200 deployments where failover took longer than expected.

       – LDAP Authentication Fix: Addressed an issue where admin GUI login via LDAP authentication failed when the LDAP server used LDAP_OPT_REFERRALS.

       – Account Expiry Issue: Fixed a bug where user accounts created through the account printer expired immediately after creation. 

    Note: This update shall also update the HA peer node without having to failover, provided the HA peer node is already patched up to Update 12.
    So, you would need to ensure that both HA nodes are patched up to Update 12 and then apply Update 13 to take advantage of this feature (automatic patching of HA peer without failing over). 

    Release Date: 22 Apr 2025
    PackageName:13.SG5000_base-sys-hotfix-20250417-01.pkg
    MD5 Checksum:65d6cecab6ed043ebedba6642a2c262b
    File size: 6.6 MB

    SG 5 Update #12

    This update adds the following:

         – Updated 10GE Network Driver: Enhanced compatibility and performance for SG 5200 and IG 4210S models. Note: manual reboot is required for the updated driver to take effect.

         – Fixed SSL Certificate Recognition Issue: Resolved a problem where the system failed to recognize the custom SSL certificate if its domain name contained uppercase letters.

         – Resolved Admin GUI Access Blockage: Fixed the issue where a rare race condition could prevent access to the admin GUI.

    Release Date: 3 Apr 2025
    PackageName: 12.SG5000_base-sys-hotfix-20250402-01.pkg
    MD5 Checksum: 15a7c9c4ff6a42c5d926cbb1986bab05
    File size: 318 KB

    SG 4 Update #52

    This update updates the default ezxcess.antlabs.com SSL certificate. The new certificate expiry is February 2026.

    Update Release No. 52
    Release Date: 20 Mar 2025
    Update File Name: 52.SG4000_base-hotfix-certificate-20250217-01.pkg
    MD5 Checksum: 675e1970f4b944cb095dd334f345c34b

     

    IG 4 Update #52

    This update updates the default ezxcess.antlabs.com SSL certificate. The new certificate expiry is February 2026.

    Update Release No. 52
    Release Date: 20 Mar 2025
    Update File Name: 52.IG4000_base-hotfix-certificate-20250217-01.pkg
    MD5 Checksum: 33c6a0dbc4a4812770e6fb970c9567fe