2N OS version 2.48.1 for 2N Answering Units includes the following changes

Precautions to be taken during update to FW version 2.48.x

• All 2N OS devices (except those on the original platform: IP Vario, IP Force, IP Safety, IP Solo, IP/LTE Verso, IP Base, IP Uni, IP Audio Kit, IP Video Kit, Access Unit, SIP Speaker) can no longer be downgraded below version 2.47.0 after updating.
• Devices no longer accept certificates signed with 1024-bit RSA keys. These certificates are removed during the update and must be replaced with certificates using at least 2048-bit RSA or ECC keys. Services relying on weaker certificates will stop functioning, and a warning will appear next to the certificate selection parameter in the web interface.
• In EAP-TLS mode, 802.1x no longer supports RADIUS certificates containing the `id-kp-clientAuth` Extended Key Usage. If such certificates are used, they will be rejected after the update, resulting in the device being unable to authenticate and connect to the network.

New Functions and Improvements

• Devices can now generate Certificate Signing Requests (CSR) directly from the web interface under System > Certificates > CSR.
• All SIP accounts now support additional backup proxy and registrar servers.
• Changing the web interface password now requires entering the current password. As a result, restoring a configuration will no longer change the password. Auto Provisioning can change the password only if the current one is still set to default.
• Cameras assigned to a device in Indoor View can now be shown as the default instead of the device’s internal camera. Third-party cameras can be added via Hardware > Cameras, and the display behavior adjusted under Directory > Devices > device detail > Cameras.

Essential Corrections

• Improved certificate handling.
• Prevented some certificates from reverting to factory defaults after a software factory reset (without selecting Network Settings), avoiding potential network disconnection.
• SIP unregistration now works correctly with non-RFC-compliant User Agent Servers.
• Removed certain unnecessary syslog messages.
• Improved formatting of exported Directory CSV files.
• SIP authentication passwords can now be up to 255 characters in length.
• DNS request lengths can now be up to 255 characters.
• Improved stability of Indoor View.
• RADIUS certificates are now validated properly in EAP-TLS/MSCHAPv2 scenarios.
• Fixed device crashes caused by missing Origin fields in SDP offers.
• SRTP media is now correctly offered in the ACK response when using delayed SDP negotiation enforced via options.
• When SRTP is re-negotiated during a RE-INVITE, the newly established encryption key is now properly applied to outgoing media streams.
• Improved stability of the G.729 codec.
• Important bug fixes.