New Features

The release introduces the following features:

(Security Enhancement) Unauthenticated File Read - .conf:

Use the follow command to stop the web server on the AP for advanced security.

No system web-server hive-UI enable

Disabling the web server will remove functionality for the following:

PPSK self on boarding
Local Captive Portal
Maintenance Mode SSID (will normally broadcast and provide web access if AP is not connected to the cloud). SSH still accessible.
Local AP management web server. SSH only.
Client mode provisioning screens. SSH only.

(Security Enhancement) Service accounts removed by default. New CLI Commands for Service Account Creation added: To use the WebUI image upgrade, use the following new CLI commands to add the WebUI service account and the CAPWAP service account to enable distributed image upgrades from the AP:

[no] webui exec scp-user
[no] capwap exec scp-user

(Security Enhancement) Admin Shell Backdoor Disabled: This has been disabled in production images.

(Security Enhancement) Bootloader Access Disabled: Bootloader access is now disabled to prevent hacker access.

Link Aggregation Support enabled with AD Essentials: AD Essentials and Link Aggregation now work simultaneously.