2N OS version 2.48.1 for 2N IP Access Control Systems includes the following changes

Precautions to be taken during update to FW version 2.48.x

• All 2N OS devices (except those on the original platform: IP Vario, IP Force, IP Safety, IP Solo, IP/LTE Verso, IP Base, IP Uni, IP Audio Kit, IP Video Kit, Access Unit, SIP Speaker) can no longer be downgraded below version 2.47.0 after updating.
• Devices no longer accept certificates signed with 1024-bit RSA keys. These certificates are removed during the update and must be replaced with certificates using at least 2048-bit RSA or ECC keys. Services relying on weaker certificates will stop functioning, and a warning will appear next to the certificate selection parameter in the web interface.
• In EAP-TLS mode, 802.1x no longer supports RADIUS certificates containing the `id-kp-clientAuth` Extended Key Usage. If such certificates are used, they will be rejected after the update, resulting in the device being unable to authenticate and connect to the network.

New Functions and Improvements

• Devices can now generate Certificate Signing Requests (CSR) directly from the web interface under System > Certificates > CSR.
• Changing the web interface password now requires entering the current password. As a result, restoring a configuration will no longer change the password. Auto Provisioning can change the password only if the current one is still set to default.
• A firewall has been added to ARTPEC-based devices: IP Style, IP Verso 2.0, IP One, Access Unit QR, and IP Force 2.0.

Essential Corrections

• Improved certificate handling.
• Prevented some certificates from reverting to factory defaults after a software factory reset (without selecting Network Settings), avoiding potential network disconnection.
• Removed certain unnecessary syslog messages.
• Improved formatting of exported Directory CSV files.
• The `UserAuthorized` Automation block now behaves correctly even for failed authorizations.
• DNS request lengths can now be up to 255 characters.
• RADIUS certificates are now validated properly in EAP-TLS/MSCHAPv2 scenarios.
• Commas in the Subject field of the `SendEmail` Automation block no longer cause the subject line to be truncated.
• Improved SMTP reliability.
• Enhanced handling of large-scale user directory operations.
• Important bug fixes.