Firmware release notes 4.9.3

This article is a stub. Main article: Firmware release notes 4.9.x.

Release name: "Castor" 4.9.3. Release date: November 18^th, 2025.

Applies to HMP400/W, iBX410/W, iBX440, HMP350, HMP300, DiVA, and third-party DSOS players.
Firmware version number: 4.9.3-1.0.2-88aaa7f1

Note:

For other versions, see the DSOS release notes page.

Improved the display of splash screens during firmware updates to reduce user confusion that may have occurred when updating from versions earlier than 4.9.0, where users might have seen a starting splash screen while the player was actually completing a firmware update.

Applies to iBX players.

Perfect Sync was not enabled with projects that contain document layers.
Under some circumstances, the firmware update process could fail with a "needs more space on the / filesystem" error.

Applies to all DSOS players, except for HMP350, HMP300, and DiVA.

Sometimes the splash screen changes failed to show on screen when shutting down or initiating a firmware update, and displayed "starting" instead of the intended message.

Applies to all DSOS players.

Updated base libraries and components; the main changes are as follows:

glib-2.0: fixed CVE-2025-7039, which could affect DSOS.
libarchive: fixed CVE-2025-5918, which did not affect DSOS.
mosquito: fixed CVE-2023-28366, which did not affect DSOS.
php: fixed CVE-2025-1861, CVE-2025-1219, CVE-2025-1217, CVE-2025-1734, CVE-2025-1736 and CVE-2025-1220 which affected DSOS, and fixed CVE-2025-6491 and CVE-2025-1735, none of which affected DSOS.

Applies to all DSOS players, except DIVA, HMP300, HMP350.

Updated base libraries and components; the main changes are as follows:

gstreamer1.0-plugins-base: fixed CVE-2025-47807, CVE-2025-47806 and CVE-2025-47808, none of which affected DSOS.
gstreamer1.0-plugins-good: fixed CVE-2025-47183 and CVE-2025-47219, which affected DSOS.
wpa-supplicant: fixed CVE-2022-37660, which did not affect DSOS.