Firmware release notes 3.x

For other player models, see Release notes page.

Release 3.4.8

Version: "Dome du Gouter" 3.4.8-1.0.36274. Release date: July 31, 2020.

Improvements

• Calendar widgets: Added support for merging multiple calendars on the same view for Google calendar and Outlook online.
• Spreadsheet widgets: Added support Hyperlink and Picture columns in SharePoint lists.
• Yammer widgets: Added support for filtering out the post replies.

Fixed

• Facebook widgets were no longer working due to a Facebook API change.
• Elementi playlist' shuffle option was applied only once.
• JSignage Graph plugin:
  • Axis grid were not shown in some cases because of missing min and max values.
  • Line chart not shown when all points' values are equal.

Developer

• The JavaScript libraries have been updated.
  • JSignage Social plugin is updated to version 1.3.0
  • JSignage Graph plugin is updated to version 1.0.3

Release 3.4.7

Version: "Dome du Gouter" 3.4.7-1.0.34916. Release date: August 19, 2019.

Improvements

• Added parsing of width and height attribute of media:content tags in RSS feeds.

Fixed

• Player could reboot following a request to upload a snapshot to a server using POST request.
• The JavaScript Image object could respond that the image was not found if the image was not in the cache because of incorrect mime type detection.
• jSignage Graph plugin: Line chart not shown when all points' values are equal.

Release 3.4.6

Version: "Dome du Gouter" 3.4.6-1.0.34760. Release date: June 11, 2019.

Improvements

• The database of trusted root certificates for SSL / TLS has been updated. Data sources on mainstream sites which previously failed with a "Server certificate verification failed: issuer is not trusted" error should no longer fail.
• The timezone database has been updated to version 2018g (was 2018e). Changes affect Volgograd, Fiji and Chile.
• The JavaScript libraries have been updated.
  • jSignage.js updated to version 1.5.2
  • jSignage.Social.js is updated to version 1.3.0
• Improved location search for the weather widgets and updated the list of providers.
• Add support for the <content> tag in Atom RSS feeds.
• Support SharePoint document libraries in the media widgets and spreadsheet widgets.
• Sort Facebook events by start time in the calendar widgets.
• Display videos attached to post in the Yammer widgets.
• Support Outlook online "shared room" calendars in the calendar widgets.
• Improved availability of data for finance widgets.
• Support Google Team drives in the media widgets and spreadsheet widgets.

Fixed

• A player used as NTP server (i.e. master) did not provide time to its clients during the first five minutes after boot, instead of the documented 50 seconds, degrading time synchronization in video wall setups. This was a regression introduced in firmware 3.4.3.
• Empty rows could be returned at the bottom of a Google spreadsheet.
• Columns names with a space inside the name would cause errors in data feeds widgets if used in conditional expression or formulas. Invalid characters in the context of the Javascript expression are now replaced with an underscore.
• Excel data feeds will now return date object for date cells, so date formatting can be applied.
• Version of Facebook REST API updated to 3.2.
• The RSS parser now returns all medias for a news item. It also tries to guess which one offers the best resolution and image quality.
• Interactive buttons will now reliably trigger on the entire area of the button, not just the part that has text.
• Spreadsheet widgets - the column names are now trimmed.
• The advanced log configuration could accept log files outside the log directory.
• USB multi-touch displays using parallel reporting mode did not work.
• OneDrive uses mimetype video/avi instead of video/x-msvideo for avi files.

Security

• ntp: CVE-2018-12327, which does not affect the firmware
• openssl: CVE-2018-0732, which does affect the firmware, and CVE-2018-5407, which does not affect the firmware
• libxml2: CVE-2018-14404, which does affect the firmware, and CVE-2018-9251, CVE-2018-14567, CVE-2017-8872, CVE-2017-15412 and CVE-2017-18258, which do not affect the firmware
• avahi: CVE-2017-6519, which affects the firmware.

Release 3.4.5

Version: "Dome du Gouter" 3.4.5-1.0.33978. Release date: November 21, 2018.

Fixed

• The NTP statistics page in Control Center shows a bogus line of equal signs that breaks the page layout.
• The NTP daemon kiss-of-death packet and rate limiting was not effective due to a misconfiguration; other HMPs using as NTP server an HMP running this firmware and running firmware version earlier than 3.4.3 will not be able to to the initial time synchronization at boot.
• The NTP daemon was restarted every 2 hours due to an incorrect sanity check, as a consequence the synchronization accuracy is degraded; this was a regression introduced in 3.4.3.

Developer

The JavaScript libraries have been updated, matching those of Elementi 2018 Update 2.

Release 3.4.4

Version: "Dome du Gouter" 3.4.4-1.0.33407. Release date: August 20, 2018.

Improvements

• Updated the timezone database to version 2018e (was 2017c). Changes affect São Tomé and Príncipe, Brazil and Palestine.

Security

The following security vulnerabilities have been fixed:

• CRLF injection vulnerability: URLs with an embedded, non-escaped, carriage return and/or line feed could be used to inject malicious HTTP headers in requests done by the player or Elementi. URLs are now always checked for non-escaped control characters and spaces (including but not limited to carriage returns or line feeds) and escaped when safe to do so or the URLs is otherwise rejected.
• kernel: CVE-2016-0821.
• ntp: CVE-2018-7185, CVE-2018-7183, CVE-2018-7184, CVE-2018-7170 and CVE-2018-7182, none of which affects the firmware
• libxml2: CVE-2016-9318, CVE-2017-7375 and CVE-2017-5130, which may affect the firmware; CVE-2017-7376, which does not affect the firmware
• openssl: CVE-2018-0737, which does not affect the firmware

Unresolved

The following regression has been introduced in this firmware:

• NTP statistics in HMP Control Center include a bogus line of equal signs that breaks the page layout. The workaround is to highlight and copy the text within this window and paste it somewhere else to see the full NTP statistics.

Release 3.4.3 build 2

Version: "Dome du Gouter" 3.4.3-2.0.33205. Release date: June 29, 2018.

Fixed

• The player can reboot in a loop and end in Recovery mode when none of the DNS servers is reachable during boot; this is a regression introduced in firmware 3.4.3 by the update of ntp.

Release 3.4.3

Version: "Dome du Gouter" 3.4.3-1.0.330590. Release date: June 1, 2018.

Backward compatibility issues

• Please check the release notes of release 3.4.0 .

Minor features / improvements

• The JavaScript libraries have been updated.
  • The jSignage.Weather.js library is updated to version 1.0.3
  • The jSignage.QRCode.js library is updated to version 1.1.2
  • The jSignage.js library is updated to version 1.5.0
  • The jSignage.Social.js library is updated to version 1.2.0
  • New jSignage.UI.js library, version 1.0.0
• Make the user-agent header, sent when doing requests to external HTTP servers, more similar to browsers to improve compatibility.
• Use conditional HTTP GET instead of HEAD for improved compatibility with modern web services.
• The device report file now includes the most-recently-used list for NTP to aid in diagnostics.
• Hardened the configuration of the internal FastCGI server.

Widgets

• Use REST API for Google sheets and calendar feeds to improve response time and reliability.
• Upgrade Facebook API version and reflect new data access limitations decided by Facebook.
• PowerApps compatibility by supporting relative URIs (image, video, or audio) in spreadsheet data.
• Support for new widgets in Elementi 2018.
• Make sure that media folder widgets renew authorization tokens for medias as needed and download media files according to chosen refresh policy.

Pull Mode

• Added new webdav properties for the download of the project: download-src props. If specified this source will be used to download the file instead of using the target location to determine the source file.

Bug fixes

• HTTP servers which change SSL / TLS certificates or which are hosted cloud infrastructure with multiple certificates could incorrectly trigger a "Server certificate changed: connection intercepted?" error.
• Alignment of text block in a text area should not change the way right-to-left text is rendered.
• Charset part of the content-type is not correctly interpreted for XHR responses.
• Any spx:attribute set on a text layer from Layer Properties > Advanced is ignored.
• Handle square brackets inside formatted data fields.
• Q, q and e LDML date formatting not behaving as documented.
• Slide duration override for indefinite duration layers in playlist widgets.
• Conditional formatted data field cannot use column names that are reserved JavaScript keywords.
• Outlook calendar events not sorted by start time by default.

Fusion

• Fusion users could not see snapshot or where prompted for a password, when authentication was enabled for the monitoring area.

Pull Mode

• If a query string is specified in the resource href for the xml database, then it is now also used to fetch the resource on the server.

Security

• Fixed the following security vulnerabilities.
  • libxml2: CVE-2017-5969; not affected.
  • expat: CVE-2017-9233 and CVE-2016-9063; which could affect the firmware.
  • openssl: CVE-2017-3735; which may affect the firmware.
  • Linux kernel: CVE-2017-17558, which may affect the firmware.
  • p7zip: CVE-2017-17969, which may affect the firmware.
  • ntp: updated ntp to version 4.2.8p10, fixing numerous vulnerabilities.

Release 3.4.2

Version: "Dome du Gouter" 3.4.2-1.0.31894 Release date: 7 December 2017.

Backward compatibility issues

• Please check the release notes of release 3.4.0 .

Minor features / improvements

• Include dump of IPv6 routes in report for better diagnostics.
• The JavaScript libraries have been updated.
  • The Finance widgets were no longer working since Yahoo! retired its Financial services. The data source has been replaced with the AlphaVantage provider. Existing projects that were using Yahoo! should transparently switch to the new data source, newly created projects will explicitly use the new data source.

Bug fixes

• Fixed the following security vulnerabilities.
  • Apache httpd: CVE-2016-8743, CVE-2017-7679, CVE-2017-9788 and CVE-2017-9798, which may all affect the firmware ; and CVE-2016-5387, CVE-2017-7668, CVE-2017-3169 and CVE-2017-3167, none of which affect the firmware. The Apache httpd version is now 2.2.34, plus security patches.
• The JavaScript libraries have been updated to support fix a few issues.
  • The creation date and time of Twitter posts was not correctly parsed.
  • Date fields from data feeds were not being correctly parsed in multi-screen projects.
• Other
  • Upon network initialization any existing IPv4 addresses on the network device being initialized are flushed, but a filter was missing and addresses on other network devices could be flushed as well.

Release 3.4.1

Version: "Dome du Gouter" 3.4.1-1.0.31507 Release date: 13 Sept. 2017.

Backward compatibility issues

• Please check the release notes of release 3.4.0 .

Minor features / improvements

• Updated timezone data to 2017b (was 2016j). Affected timezones are Mongolia, America/Punta_Arenas and Haiti.
• The device report file now includes augmented file information data to aid in diagnostics.

Bug fixes

• Fixed the following security vulnerabilities.
  • In libxml2: CVE-2017-9047, CVE-2017-9048, CVE-2017-9049, CVE-2017-9050, CVE-2017-0663.
  • In OpenSSL: CVE-2017-3731 and CVE-2016-7056.
• A reset to factory defaults would make the cookie database inaccessible to either the player or uploader (i.e. pull mode), effectively disabling the display of channel feeds. Updating to firmware 3.4.1 will automatically resolve the problem on affected systems.
• The embedded web server could occasionally return a "500 Internal Server Error" or garbled responses including a trailing HTML error document when applying some configuration changes.
• When restoring the default content the "Web storage" data was not being removed.

Release 3.4.0

Version: "Dome du Gouter" 3.4.0-1.0.30951. Release date: 6 April 2017.

Backward compatibility issues

• Cross-origin requests on the /rpc and /info endpoints of the embedded web server now require an API key to be provided.

Major features

• Cross-origin requests on the /rpc and /info endpoints of the embedded web server now require an API key to be provided or are otherwise rejected. This is done to prevent possible CSRF attacks. This is a non-backwards compatible change, users of cross-origin requests need to enable the API key via Control Center and add the API key to their requests.

Minor features / improvements

• The JavaScript libraries have been updated to be compatible with Elementi 2017.
  • jSignage.js updated to version 1.4.0, exposing new APIs.
  • jSignage.Social.js updated to version 1.1.0, exposing new APIs.
  • jSignage.QRCode.js updated to version to 1.1.1, exposing new APIs.
  • jSignage.Multiscreen.js updated to version 1.0.2, exposing no new APIs.
• Added the /snapshot/snapshot and /snapshot/info URL paths as alternatives to /status/snapshot and /status/info, for compatibility with firmware 4.2.0.
• Changed the default debug log format to include milliseconds in the timestamps.
• Improved the detection of Network source failure in case they are being used as Primary or Secondary source for the content. It makes sure that the content is switched to the secondary source in all causes of errors.

Bug fixes

Control Center

• Placeholder values, such as "[serial]", in the pull mode schedule URI would not be kept as-is in the configuration backup, preventing sharing of configuration backups between players.

Security

• Fixed the following security vulnerabilities.
  • In libxml2: CVE-2016-4447, CVE-2016-4448, CVE-2016-1762, CVE-2016-4449, CVE-2016-4483 and CVE-2016-5131, which may all affect the firmware and CVE-2015-6837 and CVE-2015-6838, which do not affect the firmware.
  • In OpenSSL: CVE-2016-8610, which affects the firmware.
  • In expat: CVE-2016-4472, CVE-2012-6702, CVE-2016-5300 and CVE-2016-0718, which may all affect the firmware.
  • In harfbuzz: CVE-2015-8947, which affects the firmware.
  • In cairo: CVE-2016-3190, which affects the firmware.
  • In fontconfig: CVE-2016-5384, which does not affect the firmware.

Misc

• Updated fontconfig to version 2.10.2 to match that of firmware 4.2.0, which fixes N'ko orthography and fixes an issue that depending on the locale some fonts could be skipped in the matching logic.
• Text layer bottom alignment is not kept when text does not fit on a single line.
• A network address would show up in the welcome screen of an unconfigured player when no network cable was plugged.
• A deadlock may occur in SPXThreadPool? when shutting down.
• Some players could fail to update firmware from SpinetiX repository with an authentication error.
• Edge blending gradients were not being displayed.
• A race condition could could cause the uploader service to crash when cockpit is used, causing a player reboot.

Release 3.3.2

Version: "Piz Bernina " 3.3.2-1.0.30193. Release date: 14 Dec 2016.

Backward compatibility issues

• Please check the release notes of version 3.3.0.

Minor features / improvements

• Updated jSignage.Social.js to 1.0.3 top matching the version in 4.1.2.
• Added support for the new "more than 140 characters" tweeter API.

Bug fixes

• The connection to Cockpit would stop working after 50 days of uptime. This was a regression introduced in 3.3.0.

Release 3.3.1

Version: "Piz Bernina " 3.3.1-1.0.30061. Release date: 17 Oct 2016.

Backward compatibility issues

• Please check the release notes of version 3.3.0.

Known issues

• Player will be shown as offline in Cockpit after 50 days of up-time. This is a regression introduced in 3.3.0.

Bug fixes

• Using an rtp:// or udp:// video stream url (MPEG2 transport streams) causes a crash.
• There were still some cases where the player could crash if the network connection was lost while reading data from an HTTP server.
• The "image not supported" icon did not match that used by Elementi.
• Error messages during firmware update could display HTML codes.

jSignage

• Updated jSignage to 1.3.2 to fix several bugs, matching the version in 4.1.1.
• Updated jSignage.Social.js to 1.0.2 to fix several bugs, matching the version in 4.1.1.

Release 3.3.0 build 3

Version: "Piz Bernina " 3.3.0-3.0.29733. Release date: 5 Oct 2016.

Known issues

• HMP will reboot whenever an MPEG2 transport stream is used with rtp:// or udp:// url, independently of the codec.

  This is a regression introduced in 3.3.0-1.0.29615

Backward compatibility issues

• Please check the release notes of version 3.3.0.

Bug fixes

• Fusion Playlists with automatic duration were displaying the playlist for the default duration of the program instead displaying the complete playlist.

  This is a regression introduced in 3.3.0-1.0.29615.

• Playlists of items whose duration was resolved at run time (e.g., soft scheduling, non looping RSS feed) where displayed for the configured default duration of the playlist, instead of waiting for the item to end.

  This is a regression introduced in 3.3.0-1.0.29615

Security

• Fixed the following OpenSSL security vulnerabilities.
  • CVE-2016-2183, CVE-2016-6303, CVE-2016-6302, CVE-2016-2182 and CVE-2016-2180, which may affect the firmware
  • CVE-2016-6304, CVE-2016-2179, CVE-2016-2181 and CVE-2016-6306, which do not affect the firmware

Release 3.3.0 build 2

Version: "Piz Bernina " 3.3.0-2.0.29630. Release date: 21 Sept 2016.

Known issues

• HMP will reboot whenever an MPEG2 transport stream is used with rtp:// or udp:// url, independently of the codec.

  This is a regression introduced in 3.3.0-1.0.29615

Backward compatibility issues

• Please check the release notes of version 3.3.0.

Bug fixes

• The firmware update on old HMP100 products may take more than one hour to complete, which triggered a timeout that rebooted the unit during the update which results in a corrupted firmware. The timeout has been increased to two hours to avoid the problem.

Release 3.3.0

Version: "Piz Bernina " 3.3.0-1.0.29615. Release date: 15 Sept 2016.

Known issues

• HMP will reboot whenever an MPEG2 transport stream is used with rtp:// or udp:// url, independently of the codec.

  This is a regression introduced in 3.3.0-1.0.29615

Backward compatibility issues

• The Chinese font AR PL New Sung, the Korean Un fonts (UnBatang and UnGraphic) and the Japanese IPA fonts (IPAGothic, IPAMincho, IPAPGothic, IPAPMincho) have been removed in favor of Noto Sans.

Minor features / improvements

• Updated jSignage to be compatible with Elementi 2016 (4.1.0).
• Added new jSignage.Social.js library.
• Cookies supported when communicating with an HTTP server.
• It is now possible to do AJAX RPC request from any location using CORS even password protection is enabled.
• Allow using https://download.spinetix.com/spxjslibs as an alternative URI for jSignage.

Fonts

• A common font covering all world scripts is now included. This is the complete collection of Google Noto fonts, including all available Noto Sans, Noto Serif, Arabic, Urdu, CJK and Emoji.
• Specifying "Noto Sans" as the font family will automatically use the appropriate script specific "Noto Sans" font, falling back to "Noto Sans SC" for CJK and "Noto Kufi Arabic" for Arabic.
• Specifying "Noto Serif" as the font family will automatically use the appropriate script specific "Noto Serif" font, falling back to "Noto Sans SC" for CJK and "Noto Naskh Arabic" for Arabic.
• The four regional variants of CJK fonts are included as separate font families.
  • "Noto Sans SC" for simplified Chinese.
  • "Noto Sans TC" for traditional Chinese.
  • "Noto Sans JP" for Japanese.
  • "Noto Sans KR" for Korean.
  • To use a specific regional variant of a CJK font specify the variant specific family name (e.g., "Noto Sans JP") instead of the generic "Noto Sans" name.
• The "Noto Naskh Arabic", "Noto Kufi Arabic" and "Noto Nastaliq Urdu" font families are available to select a specific style of Arabic.
• Not all scripts are available in italic form, when the italic form is not available synthesized oblique form will be used.
• The CJK fonts are only included in the regular weight, when specifying bold weight a synthesized bold form will be used.
• Not all the scripts are available in "Noto Serif".
• The "Noto Mono" monospaced font is now included.

Bug fixes

Security

• Fixed p7zip vulnerabilities CVE-2015-1038 and CVE-2016-2335, which could potentially affect the firmware.
• OpenSSL: fixed the following security vulnerabilities.
  • CVE-2016-2177 and CVE-2016-2178, which affect the firmware / software
  • CVE-2016-0703 and CVE-2016-0704, which do not affect the firmware / software
• libpng vulnerabilities CVE-2015-8540, CVE-2015-8472, CVE-2015-8126 and CVE-2015-7981 where still present since not all binaries of libpng were updated to 1.2.56 in firmware 3.2.2, that is now fixed.
• Updated libxml2 to version 2.9.1 with all security patches, as in firmware 4.1.0

Network

• Unstable networks could cause a player crash and reboot when accessing remote resources.
• Fixed potential crash of IPv4 local-link address monitoring.

Pull mode

• Insure that repeating events are not executed if there execution time is in the past.
• If there are too many event in the event queue (50 or more), skip new event as not to overload the player.

Miscellaneous

• System logs could be filled with innocuous warnings from avahi when Windows 10 computers are present in the local network, due to an incomplete Bonjour implementation in Windows 10.
• Timezone database updated to 2016d, was 2014h.
• File descriptor leak in the RPC API would limit the number of RPC call to change a local variable to ~1000.
• Handle missing frame rate information in the SPS VUI for H.264 video streaming over MPEG2 transport streams

Release 3.2.2

Version: "Weisshorn" 3.2.2-1.0.28801. Release date: 26 May 2016.

Minor features / improvements

• Updated jSignage to be compatible with Elementi 2015 Update 2 (4.0.2)
• OpenSSL has been updated to 1.0.1. This adds support for TLS 1.1 and 1.2 and removes support for outdated and vulnerable SSL 2.0.

Bug fixes

• JavaScript: double insertion of elements in the document tree could lead to a crash.
• RPC polling time above 2147 seconds where considered a 0s by the player, which could cause a DoS on the RPC concentrator.
• AJAX requests to Sharepoint servers could fail with a 500 error due to the referrer using a custom protocol URL, the referrer used for AJAX requests is now always "about:blank" to maximize compatibility.
• Too many jpeg files may be opened when using transition in multiscreen content.
• Text may become too big and the flames may disappear when automatic scroll is used.

Security

• Updated Apache httpd to 2.2.31, solving vulnerabilities CVE-2013-5704 (affected), CVE-2015-3183 (affected), CVE-2014-0118 (not affected), CVE-2014-0231 (not affected) and CVE-2014-0226 (not affected).
• Updated OpenSSL to 1.0.1, solving the following vulnerabilities (not all affected the firmware): CVE-2016-2108, CVE-2016-2107, CVE-2016-2105, CVE-2016-2106, CVE-2016-2109, CVE-2016-2176, CVE-2016-0800, CVE-2016-0705, CVE-2016-0798, CVE-2016-0797, CVE-2016-0799, CVE-2016-0702 and CVE-2015-3197; note that newly announced CVE-2016-0703 and CVE-2016-0704 were already fixed in firmware 3.2.1.
• Updated libpng to 1.2.56 solving vulnerabilities CVE-2015-8540, CVE-2015-8126, CVE-2015-7981, CVE-2014-9495, CVE-2012-3386, CVE-2011-3048, CVE-2011-3026, CVE-2011-2690, CVE-2011-2691, CVE-2011-2692, CVE-2010-1205, CVE-2012-3425, CVE-2015-8472.

Release 3.2.1

Version: "Weisshorn" 3.2.1-1.0.28042. Release date: 25 Feb 2016.

Minor features / improvements

• Updated jSignage to be compatible with Elementi 2015 Update 1 (4.0.1)
• Some grayscale JPEG images could fail to render correctly or crash the device.
• A warning message will now be logged if a document is not rendered because the maximum depth is exceeded
• Updated OpenSSL library to version 0.9.8zh solving the following security vulnerabilities (not all affected the firmware): CVE-2015-3195 (not affected), CVE-2015-1788, CVE-2015-1789, CVE-2015-1790 (not affected), CVE-2015-1792 (not affected), CVE-2015-1791, CVE-2015-0286, CVE-2015-0287, CVE-2015-0289 (not affected), CVE-2015-0293, CVE-2015-0209, CVE-2015-0288, CVE-2014-3570, CVE-2014-3571, CVE-2015-0204, CVE-2014-3572, CVE-2014-8275, CVE-2014-3569, CVE-2014-3567, CVE-2014-3568.

Bug fixes

• When using an ICS file with pull mode, the pull mode would stop fetching the ICS file is the servers returns a 503 answer at any time
• Garbage may appear on top of PNG images when using rotated screens
• The on-screen display may fail to show the IP address on some occasions when a 3G modem is being used
• The HMP may go into recovery mode instead of safe mode if the "disable audio when power is off" option is enabled
• The HMP00, HMP130 and HMP200 cannot format disks larger than 500 GB, but this limit was not enforced, resulting in unexpected reboots when formatting larger drives. The firmware now enforces this limit and does not allow to format disks larger than 500 GB.
• Entry / exit effect with animations on megapixel images did not work properly (concerns multiscreen projects only).

Fusion

• Tab tooltips where not displayed correctly

Other

• Firmware 3.2.x is not affected by the glibc getaddrinfo() stack-based buffer overflow vulnerability (CVE-2015-7547)

Release 3.2.0

Version: "Weisshorn" 3.2.0-1.0.26450. Release date: 7 Aug 2015.

For more information on how to update your firmware to 3.2.0, please check Updating the HMP firmware to 3.2.

Backward compatibility issues

• Please check the release notes of version 3.1.0.
• Data feed parsers no longer support selecting the date as data format. For RFC822 and ISO8601 date format, this has no influence on the rendered content. For other date format, a custom parser or a date parser must be added using Elementi 2015.

Major features

• New simplified interface to automatically add a player in Cockpit.
• Added support to configure multiple RPC Concentrators, thus allowing users to configure Cockpit and their own RPC concentrator.

Elementi 2015 Compatibility

• Updated jSignage to be compatible with Elementi 2015.
• Added support for the new data feeds generated by Elementi 2015.
• Added support for document duration as computed by Elementi 2015.

Multiscreen

• Added support for the new Multiscreen layout generated by Elementi 2015.
• Added support for multiscreen sync data feeds generated by Elementi 2015.
• Added support for the drag & drop multiscreen configuration generated by Elementi 2015.
• Added support for display of megapixel images up to gigapixel size at the optimal resolution as created by Elementi 2015.

Minor features / improvements

• Added an option to enable / disable the audio directly from the configuration Wizard.
• Improved support for buggy servers returning a mime type 'text/html' for video files. This solves compatibility issue with Stinova servers.
• Added warning in the logs, when there are UTF-8 encoding errors in data feeds.
• Added testAndSet() method on the SharedVariable object.

Cockpit

• Added dedicated configuration string to enable / disable Cockpit in the configuration file.
• Convert Cockpit configuration from inline ICS file to specific cockpit configuration when updating the firmware from 3.1 to 3.2.

jSignage

• Added a warning log if the user tries to re-define the jSignage object ($) using a custom js file.
• Added RGBToHSL(), HSLToRGB() and hsl() functions in jSignage.
• Added Multiscreen and Astronomy libraries.
• jSignage.Graph
  • Added library version number.
  • Added the 'f' option in ticks.
• jSignage.QRCode
  • Added support for non-Latin chars.

Bug fixes

• NTLM may crash the player when the server do not return a realm. Note that NTLM can only be used together with HTTPS.
• Updated the text on the on-screen wizard.
• Enable serial port would have no effect if none of the settings were changed compared to the default settings.
• Fixed support for UTC timezones.
• The HMP may freeze when the Multiscreen ID is switched.
• When using large padding value, media size is not correct (and rotated).
• Rendering of multiple sub-paths incorrect.
• Multiscreen news feed does not show anything the first time it is opened if the sync variable is remote
• Some touchscreens were reporting touch events twice, breaking calibration; duplicate reporting of events is now avoided.

Media

• Player may crash and go in safe mode if a video was outside the viewing area, but the video bounding box was inside the viewing area.
• HMP200 may crash due to a incorrectly packetized 720p H.264 video. The logs shows: The bitstream cannot be decoded correctly.
• Remote video located on HTTP may trigger the player to go in safe mode when the audio is disabled. This issue was trig by the fact that the server was supporting partial GET request, but not returning an ETag, causing the HMP to wait for the whole file to be downloaded before displaying it.
• Unexpected HMP crash when streaming is used in conjunction with playlist and effect.
• WMAv2 without bit reservoir not supported correctly.

Pull mode

• RPC events may not be executed between GMT midnight and local timezone midnight under some rare conditions.
• Pull Mode would not allow polling time larger then 30 min.
• If a server used in Pull Mode was returned a truncated XML description file, the media where still downloaded from the server, resulting in an incomplete content on the player. Now partial file are logged as erroneous and not used for download.
• RPC add_pull_action could be missed (not executed) if a remote pull mode ICS is used.
• null is now accepted as an 'empty' response from an RPC concentrator.

Text effects

• Fixed possible player crash when using Retro or Super Hero text effect.
• Text interline space may be incorrect when using empty lines.
• 3D text filter may be incorrect rendered when used in conjunction with Smart text effects.
• Anaglyph text effect may not be correctly rendered.

jSignage

• Gauge attributes: animateBars and animateIndicator, cannot be disabled.
• Wrong default color used for gradient fill.
• Incorrect axes draw for negative dataMin.
• Wrong parameters for stackedAndGroupedHorizontalBarGauge function.
• Ticks are not at the right position in graph when a starting point different from 0 is used.
• Gauge issue when using multiple center-positioned texts.
• Removed global variables in jGraph, as it prevents any other document of using a global variable with the same name.
• Removed incorrect usage of a global variable "i" in jSignage.
• When using the countdown widget, and the count unit set to days, the number of days may be incorrect if the end of the timer is not in the same month as the current day.
• Infinite loop (causing HMP to crash) could be triggered if a wrong date format was used in one of the feed widgets, or the date-time widgets.
• Date of format RFC822 and ISO8601 are automatically converted to dates if a date formatting is applied to them. Other date formats need to be explicitly parsed as dates. Note that this trigger a small backward compatibility issue for data feed widgets using a date format not RFC822/ISO8601 but that was recognized by the JavaScript Date() constructor.
• In a feed widget, if a data field is not a date, but a date formatting is applied to it, display the raw data and something like "LONG_DATE2015"
• Added the zoom transition in playlist when random is chosen.

Release 3.1.1 build 2

Version: "Grand Combin" 3.1.1-2.0.24093. Release date: 9 Feb 2015.

Bug fixes

• Fixed the glibc GHOST vulnerability (CVE-2015-0235). This vulnerability could potentially lead to execution of arbitrary commands, although no vector of attack is currently known in the case of HMP.

Release 3.1.1

Version: "Grand Combin" 3.1.1-1.0.23444. Release date: 4 Dec 2014.

Backward compatibility issues

• Please check the release notes of version 3.1.0.
• No new backward compatibility issues from version 3.1.0.

Minor features / improvements

• The automatic upload of project to the HMP (a.k. pull mode) can now be configured to upload the Project every hours instead of only once per day. This option is available both trough Control Center (Content Settings -> Pull Mode) and the backup (using "XX:00" as the publish time) .
• Backup files for the config now use the extension .cfg as the extension .spx is reserved for some audio format.

Bug fixes

• Some touchscreens could be mistakenly identified as gamepads or joysticks and filtered out of the touchscreen processing, resulting in touchscreens that would not work.
• Uri entered for the firmware update are now fully validated before being accepted. This prevent user from entering an invalid URI preventing the firmware update of the player.
• Removed harmless warnings about empty icalendar file properties, that tended to clutter the log with icalendar files from outlook.

Feeds

• Using an iCal Parser as data source with the "To" field as "indefinite" was not working
• XmlHttpRequest callback was not triggered if the XHR send() function is not called from the onload handler, such as in $(function(){}).
• The new refresh mechanism for data feeds could trigger a JavaScript exception "QuotaExceededError". This is no longer possible.

RPC

• The firmware version returned when doing a 'get_info' RPC call was including and extra end of line ('\n') at the end of the description.
• Under some conditions the player could stop sending RPC request to the concentrator for up to 24h.

Fusion

• The global options for Fusion was not working anymore (since version 3.0.0). This option is now working again.
• Creating a Template or a Skin without any layers could crash Fusion.

Release 3.1.0

Version: "Grand Combin" 3.1.0-1.0.22690. Release date: 13 Oct 2014.

Backward compatibility issues

• Shared variable are no longer reset when the HMP reboot.
• Log structure and syntax has been modified
• The add_pull_action() had a bug forcing the user to encode XML chars such as &. As the bug is now fixed, encoding & as &amp; will result in the URI to be no longer valid.

Major features

New APIs

• XMLHttpRequest Level 1 API, including the FormData and Blob APIs.
• CanvasRenderingContext2D API and <canvas> SVG element.
• Limited support for SVG Filters
  • <filter> SVG element and filter property, <feFlood>, <feGaussianBlur>, <feMerge> and <feOffset> primitives.
  • <feBlend> primitive in normal mode
  • <feColorMatrix> primitive provided the matrix does no transfer between alpha and color components
  • <feComposite> with over, in and out operators
  • <feImage> primitive with SVG fragment source
• Offcial support for Node.js API Events, Stream and UDP/Datagram.

JavaScript

• New $.Graph and $.QRCode jSignage APIs
• JavaScript engine updated to Spidermonkey 17.
  • JavaScript language support now includes typed arrays and the JSON.parse() function for secure parsing of json data.
• The Shared Variable framework has been merged with the local storage.
  • This means that shared variable are now kept upon reboot. It also means that changing a shared variable will trigger a modification of the local storage.

Log files

• The logs files of the player have been fully redesigned
• The log files have been consolidated into single log files. Old log files will be removed progressively after the update as they become older than seven days.
• The time ans date format of the uploader logs has been modified to match the one of the player logs.
• The syntax of the performances counter has been redesigned to include CPU performances and frame drop.
• Stats of the player is now displayed every seconds for the first 20s, then every 10s for the first 5 minutes.

OpenSSL

The OpenSSL library has been updated to match that of Elementi (version 0.9.8zb), this adds the following features to secure HTTP connections (i.e. https):

• Support for the increasingly popular SSL/TLS certificates using SHA-256 digests (e.g., Twitter), SHA-224, SHA-384 and SHA-512 are also supported.
• Support for SSL/TLS Server Name Extensions (SNI).
• Support for name and policy constraints as well as policy mappings in CA certificates.
• Support for literal IPv6 addresses in certificates.

RPC

• New Shared variable RPC API.
  • It is now possible to modify a shared variable using the RPC API.
  • See the RPC documentation for the list of new RPC commands related to shared variables.
  • User with admin rights or content rights may use this new set of commands.
• Modified the get_info call to return more 'live' info such as temperature, disk usage, up-time and performances
• New info() notification that can be send automatically by the player at regular interval.
  • This must be configured as part of the RPC concentrator configuration.
  • See the pull mode documentation for more details.
• It is now possible to receive the reason of a player reboot in the reboot notification.
  • This must be configured as part of the RPC concentrator configuration.
  • See the pull mode documentation for more details.

Multiscreen id error screen

• If a multicreen project is published on the device and no multiscreen ID is configured on this device, then the error screen is now shown instead of displaying the full content.
• It is still possible to display the full content by explicitly using 'fullscreen' as multiscreen ID.

Minor features / improvements

• The IDEA cypher is now enabled for SSL/TLS secure HTTP connections.
• The rendering timeout has been increased from 30 to 60 seconds.
• Bonjour announcements now report if a player is configured or not.
• User added public certificates are now included in the generated system reports to aid in diagnosing.
• The NTP time offsets to all NTP servers is now measured when system reports are generated and the values included in the report to aid in diagnosing.
• Updated the timezone database to version 2014h
  • Affects Palestine, Paraguay, Macquarie Island, Morocco, Israel, Fiji, Tocantins, Jordan, Libya, Western Sahara, Western Amazonas, Turkey, Crimea and Egypt.

JavaScript

• SVGGlobal.writeCOMPort function can now take any typed array object as input (typically an Uint8Array would make sense) and COM port event has a new "bytes" property to access the input data as a typed array of bytes.
• New getElementsByTagName() function on XML documents and elements.
• Added the "supported property names" interface to WebStorage, i.e. variable can be referenced as javascript properties of the localStorage or sessionStorage object
• Added the event.which property for compatibility with browsers
• Support for UTF-16 surrogates in JavaScript
• New Date.localTime() and Date.timeLocal() functions to support timezone conversion in JavaScript
• jSignage now uses jQuery 1.11 XHR and Events objects

Data feeds

• The raw, unparsed html title and description fields are now returned in an RSS feed, as respectively the htmlTitle and htmlDescription properties.
• parseICAL returns the priority and all properties of events in a calendar. This includes property params (as property_param, e.g. ATTENDEE_CN) and repeated properties which are indexed, e.g. ATTENDEE and ATTENDEE_2.
• Data feeds use XHR as the default method to get http data
• The JavaScript alert message "Playlist is looping inside a schedule [...]" is replaced by "The playlist is set to loop and its total duration cannot be determined; using the playlist within a schedule or a multiscreen project might cause problems."

Network

• Support pseudo URLs udp://@:<port>/ and rtp://@:<port>/ for unicast streaming to a designated local port.
• Support credentials for RTSP addresses. Uri such as rtsp://user:password@192.168.1.90/stream are now supported.
• Added the spx:overrideFPS attribute to correct the fps information from broken headers, especially streaming sources
• Improved reporting of SSL/TLS over HTTP errors to aid in diagnosing problems.

HMP200 specific:

• The bootloader will be updated to version 2009.08-21581 when the firmware is installed or updated, this bootloader contains a fix for CompactFlash cards that may hang if a power loss occurs when a write is ongoing.

Control Center

• Updated the yii library to 1.9.2.
• It is now possible to enable the Serial port without specifying an FSM file.
  • The Control Center interface for serial port has been updated accordingly.
• It is now possible to copy the internal content of the player to an USB device.
  • A typical usage is to move content created by Fusion to a larger storage by using an external USB drive.
• Performances and errors are now reported in /info of the player.
• Layout of the USB drive configuration page has been modified to use an accordion.
• New option to turn the audio off when the screen is powered off.
• All USB settings ( extended number of USB devices and enabling the USB IO API) has been moved to the IO page.

Fusion

• The user is no longer requested for a content password when accessing media from Fusion.
  • Note that this would only happen when a password was explicitly configured for the content area.
• Fusion now support working with files using both xml:id and id (as created by Elementi 3.1).

Backup

• Added a reset FSM command allowing to remove all FSM file on the device.

RPC

• RPC commands with missing required arguments now generate an error.
• If a pull action is requested with a badly formated URI, an error is not reported trough the pull_status RPC notification.
• Allowing user with 'monitoring' rights to query the player info ( get_info() call)
• The amount of transferred bytes is now returned as part of the pull_status.

Bug fixes

• Updated HTTP server to Apache httpd 2.2.27 fixing CVE-2013-6438 and CVE-2013-1896 security vulnerabilities which could affect the HMP.
• Fixed the shellshock bash vulnerabilities (CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186 and CVE-2014-7187). These vulnerabilities could potentially lead to execution of arbitrary commands, although no vector of attack is currently known.
• Silenced spurious warning message in logs "Report from Linux HID '/dev/usb/hiddevX' under top-level collection #Y maps to unreferenced HIDDevice".
• Long video files (1-2 hours) with audio were taking a very long time to open.
• Attempting to format a USB memory stick while content was being played on it would fail as expected but the reported exit code was not correct and the error was not reported to the user.

JavaScript

• Ignore encoding in <?xml> when parsing strings from javascript
• Added missing .animateZoom() and .animateRotate() to jSignage
• Make DOMException.toString() similar to IE, chrome and firefox
• Missing SVGPath.quadTo() support
• this object must be the window object in global callbacks
• Inserting a script element into the rendering tree may cause an exception to be thrown while compiling the script. Pass this exception to the calling script instead of ignoring it.
• Encoding of javascript string ( e.g. '\0050') could be incorrectly interpreted by Elementi or the uploader. Note that such string where however correctly interpreted by the rendering engine.

Feeds

• Bug in generation of the non-overlapping schedule from calendar events if more then two priority levels are used
• Data feed column with date type did not allow to apply date formating on it
• Allow custom parsers to return a date object

Rendering engine

• Resize handler called when the preserveAspectRatio of the viewport is changed
• Standards compliant implementation of animation of the viewBox property, including the "none" case
• Text sometimes clipped when using synthetic bold
• Use exponential values in audio fade in/out to get linear effect in dB
• MPEG2 High or High-1440 videos are erroneously reported in the log as not supported on HMP100/130
• Detection of JPEG 4:4:0 images which are not supported on the HMP200.

Network

• If the user choose not to validate HTTPS certificates, the validity of the certificates (the date) was still checked. This is no longer the case.
• RTP streams with an RTP-Info without an rtptime fields could crash the player.
• Better handling of the Content-Type returned by the server, file encoding is now kept in all cases.
• Do not crash when using an HTTP streaming resource without explicitly disabling the cache.
• When the server do not reply to an HEAD request, we do not consider this to be an error anymore, we know consider that the server do not support HEAD, and we stop using for this resource.
• Insure that a resource is never cached longer that the specified spx:cacheMaxAge, even if it was previously in the cache.
• Connections to secure HTTP servers (i.e. https) that implemented SNI (Server Name Extensions) could fail with a "SSL handshake failed" error.

USB I/O API

• The USB I/O API did not correctly report buttons and other button-like controls when multiple buttons were pressed.
• The USB I/O API incorrectly skipped null values from the returned reports.
• The USB I/O API incorrectly included array type elements with the usage ID 0, although this ID means "no event" and should thus be skipped.
• A malfunctioning HID device could potentially crash the player due to some missing bound checks.
• Device resources were not freed when a device was removed until all !JavaScript references from the USB I/O API in user code were destroyed, which could potentially be a long time; device resources are now freed immediately.

Control Center

• Enable and disabling audio now restart the playback of the content. This insure the settings are immediately applied.
• Improved the error message in case the user enter a badly formated URI as remote ICS file.
• Improving the error message when an uploaded backup is not a valid backup file.
• It is now possible to set en empty password in the Credential configuration page.
• USB IO API is now disabled by default and must be explictly enabled in Control Center.
• The reduce latency to 60ms is now only enabled when events are allowed.

Fusion

• It was possible for an user with admin right to delete himself, causing Fusion to crash.
• Modified the 'remember me' sentence when login to avoid confusion.
• Restoring a backup in Fusion may have caused the screen to go black until the user re-activate a program.
• The calendar view was not correct in Japanese.

Backup

• Syntax correction: Renamed all pooling to polling, note that old backup are still accepted by the player.

RPC

• The add_pull_action now support using the char '&' as part of the URL. In 3.0 it was necessary to escape the '&' as '&' in the RPC request. Note that using '&' is no longer supported.

Pull mode

• Fixed various cases that could cause the uploader to retry too many time sending commands to RPC concentrators.
• When an ICS created by Elementi is used by the pull mode, all modification done by Elementi are now automatically detected by the player. It is no longer necessary to delete and re-create a new events for the changes to be taken into consideration.
• The pull mode may fail to upload files or content listings to a remote server 48 hours after boot due to cleaning of temporary files being too aggressive.

Release 3.0.6 build 3

Version: "Monte Rosa" 3.0.6-3.0.24084. Release date: 9 Feb 2015.

Bug fixes

• Fixed the glibc GHOST vulnerability (CVE-2015-0235). This vulnerability could potentially lead to execution of arbitrary commands, although no vector of attack is currently known in the case of HMP.

Release 3.0.6 build 2

Version: "Monte Rosa" 3.0.6-2.0.22635. Release date: 8 Oct 2014.

Bug fixes

• Fixed the Shellshock bash vulnerabilities (CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186 and CVE-2014-7187). These vulnerabilities could potentially lead to execution of arbitrary commands, although no vector of attack has been identified for the HMP.

Release 3.0.6

Version: "Monte Rosa" 3.0.6-1.0.21932. Release date: 9 Jul 2014.

Backward compatibility issues

• Please check the release notes of version 3.0.0 and updating from 2.x to 3.x page.
• No new backward compatibility issues from version 3.0.5, 3.0.4, 3.0.3, 3.0.2, 3.0.1 or 3.0.0.

Minor features / improvements

Pull mode

• Added option "-buffer" to allow the upload of files (snapshot, report and logs) in a buffered mode. In this case the file is first stored on the local storage of the device, before being uploaded to the server. This option is necessary for the upload to Amazon S3.
• Added option "-data" to allow the upload of additional data in a POST request. This option is necessary for the upload to Amazon S3 using POST.

Network

• Added the possibility to disable the cache usage for streaming media resources (i.e. spx:maxCacheAge="disable"). Note that this should not be used for other media resources as the player might freeze and reboot. See spx:maxCacheAge attribute for more details.

Bug fixes

Pull mode

• Escaped URIs were not properly handled for uploads.

Network

• Fixed the support for postURL(). Regression introduced in 3.0.3.
• Fixed issue that may cause the player to stop retrieving external data feeds, when at least 5 documents requesting an external data feed (using getURL() function) are opened simultaneously.

HMP200 only

• Recognize new bootloader versions as valid.

Release 3.0.5

Version: "Monte Rosa" 3.0.5-1.0.21179. Release date: 27 Mar 2014.

Backward compatibility issues

• Please check the release notes of version 3.0.0 and updating from 2.x to 3.x page.
• No new backward compatibility issues from version 3.0.4, 3.0.3, 3.0.2, 3.0.1 or 3.0.0.

Minor features / improvements

HMP Control Center / Wizard

• Disallowed the access to HMP Control Center using a direct link, without going trough the Wizard, for unconfigured devices.
• Changed the default overscan margin value from "3" to "0".

RPC

• Enabled cross-origin resource sharing (CORS) for RPC commands to allow sending RPC commands from AJAX clients.

Network

• Image format detection is now based on the content of the file, the file extension and the Content-Type returned by an HTTP server is now ignored. This solves the cases of HTTP server returning incorrect Content-Type for image files (necessary for compatibility with Stinova server that was broken in 3.0.3 and 3.0.4).
• Added heuristic file-type detection (based on the file extension) for resources returned with "text/plain" Content-Type from HTTP servers. This improves support for HTTP servers wrongly configured to return "text/plain" for all content types (necessary for compatibility with Stinova server that was broken in 3.0.3 and 3.0.4).
• Added a log entry for the case where a getUrl() call from JavaScript is cancelled by the HMP / Elementi due to very slow servers or having too many concurrent calls.

Bug fixes

Backup

• Removed the possibility to use an empty value for the 'hdmi-link-type' in the backup (i.e. only valid value are accepted).
• Fixed the erroneous rebooting of unconfigured devices when applying a backup, if no <reboot/> element is present in the backup file.
• Clarified the error message triggered when trying to restore a player configuration with a file that is not a backup.

HMP Control Center / Wizard

• The DNS check was overly strict and did not allow DNS IP addresses from other subnets in some cases.
• Changed the value for unconfigured screen orientation reported by '/info' page from empty value to "horizontal".
• Unified the aspect ratio text label on the Display Settings page for the different configuration types.
• Updated copyright information and references to state "SpinetiX AG" instead of the older "SpinetiX SA".

Peripherals

• Some touchscreens (e.g., LG WT30) that report a very large number of contacts were not recognizing the touch coordinates.

Network

• Images returned by an HTTP server with a charset encoding in the Content-Type HTTP header were no longer decoded by the player. This regression affects only firmware 3.0.3 and 3.0.4.
• Removed case-sensitiveness for MimeType info returned by the server (e.g., 'image/jpg' and 'image/JPG' are now both supported).

jSignage

• Increased jSignage version to 1.0.3.
• Fixed the exception thrown by $.updadeCanned() when a layer is not defined to avoid unexpected behavior of the rendered content.
• Fixed smart text ping-pong effect not working together with in / out effects.

Release 3.0.4

Version: "Monte Rosa" 3.0.4-1.0.20618. Release date: 20 Dec 2013.

Backward compatibility issues

• Please check the release notes of version 3.0.0 and updating from 2.x to 3.x page.
• No new backward compatibility issues from version 3.0.3, 3.0.2, 3.0.1 or 3.0.0.

Bug fixes

Rendering

• Scheduled event doesn't start in certain conditions. This regression was introduced in firmware 3.0.3.

Release 3.0.3

Version: "Monte Rosa" 3.0.3-1.0.20549. Release date: 12 Dec 2013.

Backward compatibility issues

• Please check the release notes of version 3.0.0 and updating from 2.x to 3.x page.
• No new backward compatibility issues from version 3.0.2, 3.0.1 or 3.0.0.

Minor features / improvements

Control Center / Wizard

• Beta builds now show the build number in the status page of Control Center.
• The XML document returned from the /info URL now includes the bootid field.
• If a firmware update has not been completed Control Center will now warn the user that it needs to be finished. The /info URL will now also show the update status.
• The user may now override the auto-detection of the display type connected on the HDMI output (HDMI or plain DVI display) and force either HDMI or DVI, this is mostly useful with HDMI extenders that do not replicate the complete E-EDID from the display and make the auto-detection fail.
• The version of the XML returned by the /info URL has been bumped to 4 to indicate new fields.
• The configuration wizard does no longer check for an available firmware update if an update was done less than 24 hours ago and no update was available.

HMP100 / HMP130

• Added support for Apacer 19nm NAND MLC microSD cards.
• Improved error checking and reporting in the SD card driver for better diagnostics.
• Improved SD card initialization procedure for increased card compatibility.
• Added extensive logging capability to the SDIO block driver and !DaVinci SDIO HCD, disabled by default.
• The SD card driver now retries failed reads and writes up to two times for improved robustness.

Pull mode

• Add RPC pull_status notification of the end of an upload.
• Partial RPC notification are now send when a publish (or upload) fails. It is no longer necessary to wait for the end of the publish action to be notified.

Rendering

• Reception of unicast UDP and RTP streaming is now supported, using the udp://@:<port> and rtp://@:<port> syntax.
• Added the attribute "spx:silent" to remove the animation during the connection to a streaming source.

Bug fixes

System

• The system would crash and reboot if the RTC was accessed by a program at the same time as the kernel syncs the RTC to the system time due to incorrect initialization of a mutex, note that this race condition is extremely rare. .
• The system would crash and reboot if the E-EDID information returned by an HDMI sink (e.g., display) has no video mode timing information in the base block.
• Input data from high speed USB HID devices could be missed (note that most high speed HID devices are rare, most are low or high speed).
• The fonts folder was missing from the default content.
• The touch events on the LG touchscreen model 23ET83 (and possibly other models) were not working since firmware 3.0.0.

HMP100 / HMP130

• The SD card driver could issue two requests simultaneously to SD card after an SD card error.
• The SD card driver could do double completion of some requests upon an SD card error or unusual command response timing.
• The SD card driver did not report CRC errors in command responses.
• The SD card driver did not set the DMA segment length requirements correctly, although this did not have any effect in practice.
• The SD card driver did not correctly re-initialize itself after the failure of an SD read or write command and would corrupt data on subsequent write commands, the corruption would appear as a two byte shift of the written data blocks.
• The read fatigue and limited data retention compensation mechanism introduced in 2.2.6 (in the hwwatchdog daemon) could trigger a bug in certain SD cards that causes a temporary failure of read and write commands and then degenerates into corruption of the SD card's content which make the system gradually fail and boot into recovery mode. On units with affected SD cards this problem can be triggered every 6 months. It can also be triggered about 40 minutes after a firmware is updated from 2.2.5 or earlier to 2.2.6 via the firmware update feature, but not if installed from the recovery console. The condition that triggers the bug in these SD cards is now avoided. This problem has been observed only with some manufacturing batches of !SanDisk 2GB SD cards.

Rendering

• Player may crash if the cube transition is used on a playlist located partially outside the viewing area.
• Corrupted mp4 video may crash the player.
• A malformed UTF-8 byte sequence could corrupt memory due to an out of bounds access.
• Some documents using the Node.cloneNode(), like the HMD yahoo weather template could cause a "memory thrashing" restart.
• Parsing very large calendar files could trigger a "memory thrashing" restart.

Network

• Crash when connecting to a windows based server using NTLM authentication.
• Player may reboot if an external resource is used and the option spx:cacheMaxAge="0" is used.
• When using many image from a remote server (http), the player may crash.
• If a server was returning multiple authentication method (digest, then basic) only the first one was used by the player.
• Using ASX files could result in the player rebooting.
• Charset returned by an HTTP server where ignored by the player when the cache is enabled.
• Player may send an unnecessary HEAD request just after a GET request.
• Player may send an HEAD request even if the caching time for a resource is still valid.
• Resource returned by a server without a Content-Length header were considered as error by the player.
• XML document returned by a server using the text/html mimetype and other encoding thn UTF-8 would not be decoded properly by the player.

Control Center

• Improved checking of URL entered by the user. Invalid url are refused
• Control Center may show a incorrect time when time configuration is changed in installation mode.
• Possible crash of the interface when the user tries to view the logs of the firmware update.
• Is was not possible to specify an aspect ratio for custom screen resolution.
• Improved reporting of 3G modem status in Control Center status page.
• Clearing the logs, causes the uploader (pull mode) not to generate any log until either the device was rebooted or the logs were rotated.
• Do not report what an USB key is used anymore, as it can be used for different purposes (update, content,...)

Backup

• Various fixes to the validation of configuration file backups.
• Various fixes to prevent unnecessary reboots when applying a configuration file.
• It was no longer possible to disable fusion using the backup or the wizard (regression introduced in 3.0.1)
• The default uri was returned in the >firmware-update-uri/<. Now if the default uri is used, the element is empty.
• Setting an admin password using the backup may result in the admin not being able to access the content and monitoring pages.
• Enabling the pull mode from a backup file was automatically enforcing HTTPS certificates validation, regardless of the settings configured by the users.
• It was not possible to enable to upload of logs using the pull mode from a backup file.
• The backup do no longer returns port, username and passwords for proxy when no proxy are used.

Fusion

• When creating a Template or Skin with Elementi, any type of layer can now be used as a placeholder for fusion media.
• Make sure that the preview of the media match the uploaded media, without a need to force the browser to clear the cache.

Pull mode

• File from MyDrive.ch may be downloaded multiple time even if not modified.
• File may be downloaded twice if an XML description is used and no Etags are provided in the XML file.
• index.svg may be downloaded multiple times if not present in the XML description.
• When there are errors in a pull mode publish and multiple trials are done, the number of failed files is now reported only for the last trial.
• Pull mode daemon may use 100% CPU if the device ends up in safe mode and RPC is enabled.
• Number of modified files was not reported correctly in RPC pull_status notification.
• Using manual setting for the Pull mode with Fusion enabled was not working as expected.
• Using POST to upload a file may crash the pull mode daemon.
• Using POST to upload a file was crashing when uploading to a password protected server.
• POST of logs may fails for the uploader.log
• Upload of zero length files via HTTP can fail, in particular with ISS servers, due to missing "Content-Length" header.

RPC

• Result of RPC commands may not be sent back to the concentrator if pull actions where trig in the past.
• Timezone may be incorrect in the backup retrieved from RPC, if it has been modified previously and the player was not rebooted since.

jSignage 1.0.2

• Detection of svg file duration was not working as expected.
• Compatibility with Chrome browser was broken starting from version 30.
• Improved the guessSlideDur() function for the case where an image is added to a playlist with the ctor="media"
• keyPoints parameter was not working in $.animateMotion.
• The version of the spxjslibs package in firmware has been increased to 1.2.1 as it includes the updated jSignage.

Release 3.0.2

Version: "Monte Rosa" 3.0.2-1.0.19687. Release date: 29 Jul 2013.

Backward compatibility issues

• Please check the release notes of version 3.0.0 and updating from 2.x to 3.x page.
• No new backward compatibility issues from version 3.0.1 or 3.0.0.

Bug fixes

Generic

• HMP would not boot when connected to a ViewSonic touchscreen TD2340
• When using the pull mode, files from MyDrive.ch are repeatedly downloaded even if not modified
• FSM was not sending NUL (i.e. binary 0) bytes (entered in FSM files using %c{0} or &FF00;); regression introduced in 3.0.0.
• POST requests using the $.post() or postURL() were returning an error when server was using Chunked transfer encoding for the response.

Fusion

• File uploads from iPad were not allowed, now they allowed as from other devices. Note that iOS 6 is required, on iOS 5 and earlier the button is shown but has no effect.
• HMP would reboot if there was nothing to be played in a program because of scheduling constraints.
• Modified the behavior for 'automatic' slide duration within Programs to avoid a tight rendering loop for Slides with a small duration (e.g., simple Slide with an image) that could lead to a reboot. Slides within a Programs will now be played for their duration but at a minimum for the default duration. If the slide duration is shorter than the default duration in the Program, the slide stop and remain on display at its last frame until the default duration is reached.
• ScrollingTextArea are now shown using a large text box when edited in Slides.

Release 3.0.1

Version: "Monte Rosa" 3.0.1-1.0.19459. Release date: 01 Jul 2013.

Backward compatibility issues

• Please check the release notes of version 3.0.0 and updating from 2.x to 3.x page.
• No new backward compatibility issues from version 3.0.0.

Minor features / improvements

• Added support for H.264 Full HD 1080p videos with 5 reference frames - this allows some level 5.0 videos that have level 4 characteristics except for the number of reference frames, to be accepted and decoded.
• Add a get report button on Control Center's log page to help support
• New flag for the getURL() function: GETURL_ALWAYS_CHECK which limits the caching time to 10s.

Bug fixes

Generic

• Minor fixes to the Control Center appearance
• Increased the display time of the OSD IP info screen to 30s.
• OSD Message was not displayed correctly when Internet cable was not plugged.
• The /info page was broken if the device was configured for fixed IP (regression introduced in 3.0.0)
• propFindURL returns an incorrect href if the uri of the folder does not end with a slash.
• Layer not displayed if it is of much greater size than the screen and has an entry zoom effect applied.
• Demo content banner might appear when playing projects using very old versions of the playlist template. (regression introduced in 3.0.0)

Control Center / Wizard

• Simplified error message when there is no Internet access and the Wizard is enabled
• Protocol file name may be garbled when containing non ASCII characters
• Allow .cer files to be used as SSL/HTPPS certificates
• Improved the look of the wizard when no Internet access is available
• Improved the look of the wizard for small PC screens

Fusion

• When using a template composed of multiple SVG files, the name of the slide based on this template needs to be left unchanged (no renaming or copying) otherwise the inner SVG files are not linked correctly. (regression introduced in 3.0.0)
• Frame may not be displayed at the right position when working with slides
• Typos in Fusion messages
• When configuring a Skin / Template that uses multiple SVG files with Fusion options, the group title for those options might wrongly be displayed as a JSON string. (regression introduced in 3.0.0)
• Added support for json-color, index attribute and name-XX attributes in Slides and Skins
• It was not possible to set a duration for an item that was smaller than the default duration. Now the default duration is only used when no duration are set.
• If a propertyName attribute was present in the Slide properties for a JSON property, it was not displayed
• Validity days are not remembered when re-opening the Program
• Default video is not displayed if a slide contains a customizable video

Updater

• The firmware update module crashed if a proxy was configured hence firmware update or check could not be carried out when a proxy was required (regression introduced in 3.0.0)
• Updating the firmware from USB storage (e.g., memory stick) from firmware 2.2.4 or earlier would fail after updating the update module (regression introduced in 3.0.0)
• The bootloader checker / updater module was not aware of newer hardware revisions and would report them as unknown

Video

• Interlaced full HD streaming content not displayed correctly.
• H.264 videos that define a cropping rectangle with the frame cropping offset parameters in the sequence parameter set are not decoded correctly
• H.264 interlaced live streams crash the player
• H.264 live streams that do not start with an IDR picture are not decoded

Configuration backup

• Restoring of backup of screen configuration was broken (regression introduced in 3.0.0)
• Always reboot the player when applying a backup for the first time
• Restoring a backup with display settings in VGA shows an error (regression introduced in 3.0.0)
• Restoring a configuration may fail with the error "cannot change media source when fusion is active" even if the backup is valid

RPC

• Sending a configuration file may return an error: "ConfigBackup.needreload" is not defined.

Pull mode

• Do not show "Event already queued, skipping" every 4 hours.
• Uploader (Pull mode daemon) version name was not correct.
• index.svg was not reloaded every time the time if it had not been modified on the server but other files had been modified

jSignage

• Updated version to 1.0.1
• If transition is null in $.textBar attributes it specifies no transition. If transition is absent the default transition is used.
• The path option in a JSON datafeed always caused no content to be returned.
• CSS3 selector combinators such as space and > always returned no content when used as XML parser column selectors.
• begin attibute of animateOpacity was ignored

Release 3.0.0

Version: "Monte Rosa" 3.0.0-1.0.18906. Release date: 18 Apr 2013.

Backward compatibility issues

• Default file name for the pull action as been modified. The default option now uses the time of the pull action "%n-%s-%d-%h.%x" (instead of the last modification date of the file, i.e. "%n-%s-%D-%H.%x").
• USB I/O in FSM file is no longer supported, it has been replaced by the new JavaScript I/O API.
• <onUpdate> is no longer supported in FSM files
• Element.textContent now fully conforms to the DOM API and thus returns the white spaces and newlines from the SVG files if there are "significant" according to the XML specification. When reading the content of a DOM Element from JavaScript, always use trim() on the result of .textContent to remove unneeded white spaces.

Major features

Rendering

• New initial content displayed when the device is not configured. Best resolution for the attached display is used when the unit is not yet configured.
• Added support for the publish_screen feature during a publish action (either publishing from Elementi or using Pull mode) which enables the user to specify an image or an SVG document to be displayed during the publish action.

Control Center

• Added wizard for the initial and simplified configuration of the player.
• Added management of SSL certificates.

Fusion

• It is now possible to set a default content for fusion when enabling it. The default content may be in a USB memory stick or in the /publish folder.

JavaScript

• New API: HTMLImageElement, see JavaScript and HTMLImageElement.
• New API: Web Storage, see Web Storage API.
• New API: node.js (experimental), see JavaScript.
• New API: USB I/O (experimental), see USB I/O API.
• New API: writeCOMPort (experimental), see JavaScript COM API.
• Second generation of parser helpers for XML, RSS, CSV and iCalendar feeds.

jSignage

• Support for locale (set with $.setLocale()), use for formatting date and time.

Minor features / improvements

General

• New HTTP cache engine design, solving the long standing issues of the HTTP cache in previous releases.
• Add display of the IPv6 address when pressing the HMP blue button.
• Removed old HTTP configuration interface (deprecated since 2.2).
• SSL/TLS certificate validation is now enabled by default.
• New splash screens, installing or updating to firmware 3.0.0 will also update the splash screens of the recovery console to match the new splash screens in the firmware.
• Improved support for USB HID touch screens, touch screens which report the events under multiple top-level HID collections now work.
• PHP error logging has been modified, errors of level E_PARSE, E_USER_ERROR, E_CORE_WARNING, E_COMPILE_WARNING are now also directed to the syslog log file.
• PHP has been updated to 5.3.18.
• PHP now uses the system timezone database instead of its own copy.
• PHP presence and its version number are no longer reported in the HTTP response headers.
• Secured the PHP environment used by PHP code called from SVG files; the following additional restrictions are now enforced:
  • Only the /var/tmp/ and /srv/raperca/ directories are accessible.
  • Execution time is limited to 30 seconds.
  • Memory usage is limited to 8 MB.
  • All PCNTL functions which have a side effect are disabled (pcntl_alarm, pcntl_exec, pcntl_fork, pcntl_setpriority, pcntl_signal_dispatch, pcntl_signal, pcntl_sigprocmask, pcntl_sigtimedwait, pcntl_sigwaitinfo, pcntl_wait, pcntl_waitpid).
  • All functions that allow to create new processes are disabled (passthru, exec, system, popen, shell_exec, proc_open).
  • The sysvshm, sysvmsg and sysvsem extensions are now disabled.
• Tuned the kernel virtual memory parameters so as to minimize the decrease of rendering performance during a large publish and minimize the number of small writes to the internal storage.
• All syslog files under /var/log are now consolidated into a single file named syslog.
• Updated the system timezone database to version 2013b; this new version includes updates to the Morocco, Tokelau, Fiji, Samoa, Palestine, Bahia, Tocantins, Israel, Jordan, Cubam, Libya, Chile, Haiti, Paraguay zones and the introduction of three new zones (Asia/Khandyga, Asia/Ust-Nera, Europe/Busingen).
• USB HID devices with application collections in the digitizer page (pen, light pen, touch screen, touch pad and white board) are now recognized as input devices.
• Faster parsing of XML and RSS feeds.
• The m4v file extension now maps to the "video/mp4" media type. Use .m4ves instead for MPEG-4 elementary streams.
• Error messages when a media is not compatible are clearer and more precise.
• Dead shared variable connections to other devices which are uncleanly rebooted or removed from the network are now detected and restarted (via TCP keep alive on the sockets used for shared variables).

Rendering

• Much smoother zoom animations thanks to the rendering engine caching animated graphics only once at their full, non-animated, resolution.
• Support "slice" mode in preserveAspectRatio attribute.
• Faster document opening times for documents using JavaScript.
• Support the "left", "right" and "justify" values for the text-align attribute of a <textArea> element.
• Synthesize italic and bold character drawing when the font files does not include italic or bold variants.
• Use hinting in TrueType fonts as appropriate.
• Thai word breaking is now supported.
• The OpenType text shaper has been updated to use Pango with HarfBuzz, improving international language support.
• Improved memory usage of the text shaper, in particular when many font variants are in use.
• Update to fontconfig 2.10.1 updates the language orthography definitions.

HMP100 and HMP130

• Improved SD card performance by expanding the number of scatter-gather segments of the SD host controller to 32.

Streaming

• The green screen that gets displayed when video streaming starts is replaced with a black screen.
• Support for QuickTime's rstp-over-http tunneling as streaming protocol.

Pull mode

• HTTP redirects are now supported by the pull mode deamon.
• WebDAV support on remote servers is now checked using an 'OPTION' request prior to issuing any WebDAV specific requests.
• Added support for query string in XML database file . Modification of the query string is equivalent to specifying a new resource.
• Add Support for inline RPC commands

RPC

• When an RPC concentrator is enabled a notification is sent to the concentrator at the end of a project publish done via pull mode.
• The RPC restart() call now returns an object with a success or failure code.

Control Center

• Streaming captures are now shown in the Debugging tab of the Maintenance page.
• Added configuration of an RPC concentrator in the Pull Mode page.
• Moved pull mode settings under the content page.
• Simplified the page for the screen settings. Created a new tab for settings not directly related to the video mode (e.g., audio, VGA output enable)
• Modified backup structure from XML file to a 7-Zip archive. Backups now also contain custom splash screens and fsm files. Backups may also contain a default Fusion backup (max. 10MB).
• Added automatic reload of the Control Center pages after reboot.
• Preventing user to change anything in the config interface in the middle of the firmware update to avoid conflicting changes.
• Improved the "/info" XML page to match the recovery console output.
• Added shutdown button on the maintenance interface.
• Renamed the RS232 / IO page to I/O Automation.
• WebStorage configuration page to clear all WebStorage data.
• USB memory sticks can now contain content and firmware updates without interference.
• The PHP cache is now enabled for Control Center, speeding access to Control Center pages, in particular when the player is heavily loaded.
• The generated report now includes a copy of the configuration backup under /var/cache/raperca/spxbackup.xml for ease of diagnostics.
• The maximum file upload size is now 10 MB so as to support configuration backups with embedded Fusion content.

FSM, Serial I/O

• User FSM files can now be downloaded and deleted.

Fusion

• Added preview of the current active Skin.
• Added support for templates built using Elementi (based on JSON properties).
• Added a default built-in fullscreen Skin that is always present.
• Added image size checking for PNG and GIF.
• New playlists based on jSignage with improved transitions and configuration parameters, including random play order.
• Add shared variables that can be used to be notified of program changes (FusionProgramInfo@localhost) or to change the media of a program (FusionProgramControl@localhost).
• When no media are valid in the program the shared variable called "FusionProgramInfo@localhost" is set to "" (empty), this can be used in a Skin to create some actions, like turning off the display.
• User can now setup the Fusion admin password directly from Control Center.
• When importing file, slide, templates, with a name already present, add a numbered suffix instead of replacing existing files.

JavaScript

• New API: window.deviceInfo, see JavaScript and Global variables.
• New API: propFindURL, see JavaScript.
• Make sure there is always an entry in the log when the JavaScript file fails to compile.
• jSignage library loads into the JavaScript environment of a new document in zero time, provided the download.spinetix.com URL is used.
• RSS feeds containing images in a <content:encoded> tag are supported.
• Updated JavaScript engine to SpiderMonkey 1.8.5, implementing ECMAScript 5th edition.
• Experimentally enabled ECMAScript for XML (E4X) support in JavaScript, but this may go away in future releases.
• getURL() callbacks are now always called asynchronously to help detect issues in code that might rely on a synchronous call.
• JavaScript garbage collection logic is improved to detect precisely when garbage collection should run so as to avoid a reboot because of out of memory conditions.
• SharedVariable.addUpdateListener now takes an optional second argument to make the callback not time synchronized, thus avoiding a lot of issues linked to synchronization such as missing the first few frames of a media or of a transition launched on a shared variable update.

jSignage

• support for interactivity related attributes on layers: pointerEvents, focusable, navNext, navPrev, focusHighlight and editable.
• support for transformBehavior attribute on media layers.
• visual improvements and bug fixes on frame decorations, including better compatibilty between decorations and effects.
• new $.setGetURLFlags() function to control caching in $.get().

External libraries / utilities

• Updated p7zip to 9.20.1
• Updated neon to 0.29.6.
• Updated giflib to 5.0.0.
• Updated raptor to 2.0.8.
• Updated live555 to 2012.09.13.
• Updated libical to 0.48.
• Updated fontconfig to 2.10.1.
• Updated glib to 2.34.1.
• Updated Pango to 1.32.3.
• Updated SpiderMonkey to 1.8.5.
• Updated FreeType to 2.4.10.
• Updated Cairo to 1.12.8.

Bug fixes

General

• When using a network project the download of the index.svg file is retried multiples times before switching to the fallback source to make sure that even if there is a timeout error, the player may still succeed in playing the network project.
• Fallback project source was not always used when the primary source had no content.
• Minor memory leak when changing the power state of VGA and DVI displays.
• USB memory sticks that had firmware update files would not be used as content source even if playing content from USB storage was enabled.
• System time resets from NTP could cause the device to reboot, potentially in a loop and fall back to the recovery console; this would happen when the NTP server(s) used for initial synchronization cannot be reached at boot time but these and/or other NTP servers are reachable after the rendering engine starts and the date saved in the internal RTC is off by more than 30 seconds.
• Various modifications in the syntax of the logs.
• Not all credentials were used if multiple credentials were set for the same host.
• Close HTTP sessions after 2 minutes to clear passwords faster.
• HTTP redirects were not handled correctly in some cases.
• Added support for HTTP redirect when using a POST request.
• The 'csv' file extension was not recognized by the player.
• If an HTTP server returns "application/octet-stream" as media type (i.e. it does not know what it is actually sending back), a media type is derived based on the file name extension.
• Show a warning in the logs when a URI is not really valid (i.e. some unsafe chars are not encoded).
• Updated licenses.
• Improved resilience to invalid URIs.
• The 'charset' parameter in the media type returned by an HTTP server was ignored.
• When doing a getUrl(), always consider the input as UTF-8 if no charset is specified.
• POST request with file of length zero was not working.
• When an HTTP server returned the "no-cache" instruction the cache incorrectly cached the resource for the default duration, effectively caching it.
• Do not consider max-age=0 as an absence of cache directive in HTTP resources.
• Supported legacy types "application/javascript" and "text/javascript" as synonyms for "text/ecmascript" for the type attribute of <script> elements.
• Media type "video/x-m4v" is now recognized.
• Some error messages may show ">illegal<", instead of JPEG and PNG for the image type.
• Some of the freed memory was not returned to the system for other uses.

Rendering

• Overflow if more than 32 font faces were used.
• currentColor is a valid value for the viewport-fill attribute.
• textArea content not rendered correctly when the transform causes the text to be "flipped".
• Blinking at the end of a "fly in accelerate" effect.
• <animation> element which specifies a repeatDur and whose content is static should not be assumed to imply fill=freeze.
• Because of rounding errors some documents and medias could be opened in a multiscreen project even though they are outside of the area assigned to a player, causing performance issues.
• Computation of the intersection of clipping regions was wrong if a transform that "flips" the x or y coordinates was applied.
• Use consistent mapping of color coordinates from [0,1] range to [0,255] in all places, thus preventing inconsistent values from being returned when e.g. setting a color with setAttribute('fill', '#rrggbb') and reading its value as an SVGRGBColor object in JavaScript.
• Leak of references to custom font files caused a limitation on the number of different fonts that could be used in a project.
• Updated FreeType to 2.4.10, fixing various minor font rendering problems.

HMP200

• Large progressive JPEGs were not displayed.

Streaming

• The content is now restarted when enabling or disabling stream captures so that the change is immediately taken into account.

Pull mode

• Wrong syntax in the XML database could crash the pull mode deamon.
• Correctly handle the case where the device storage is full when pulling a new project.
• Removed capability of emulating WebDAV PROPFIND using a GET and parsing of HTML directory listings as it is not reliable.
• Always create a fonts folder on the device when doing a publish.
• If the pull mode calendar cannot be parsed, keep the old calendar instead of assuming an empty calendar.
• Ignore white space in uploader directives.
• Pull mode is no longer allowed to retrieve local files.
• Pull mode may trigger an HTTP 500 error during upload of files with a zero length.
• Always use action time for the default names of the files uploaded.
• Files uploaded from resources that do not have a modification time (e.g., snapshot) used the action time as modification time instead of using the current time for the %D and %H specifiers.
• When an upload action was composed of multiple sub-actions, all sub-actions were retried if one failed, now only the failed sub-actions are re-retried.
• The '-logs' option now works if used on two different servers in parallel.
• Indirect RPC did not work when Control Center was password protected if the password was set in a firmware prior to version 2.2.4.
• Upload of zero length resources could fail subsequent uploads with an HTTP "400 bad request" error.

Control Center

• Ignore trailing spaces when entering an IP address.
• Various text changes and improvements.
• Layout of the log page.
• Add possibility to configure also the 2nd and 3rd DNS server in the backup.
• Fix for the timezone selection page and the special case of some Russian timezones.
• Do not allow setting no NTP servers when using NTP as time source.
• Removed the device model from the page title.
• Enabling audio did not always reboot the player, although it is sometimes necessary for the change to be taken into account.
• In case of error while getting the firmware state update, stop the refresh and display an error.
• If the timezone is not found, then ask the user to choose one, instead of selecting the first in the list.
• Display the logs without the .gz extension to improve cross browser compatibility.

FSM, Serial I/O

• Do not start any of the IO engines when in safe mode.

Fusion

• Disabling Fusion now also resets the content to the default to avoid confusions.
• Correctly detect when Fusion is enabled or not, and provide a nicer error message with a link to activate Fusion.
• Nicer messages in case of errors.
• Disabling / enabling Fusion now resets all settings, including users and languages.
• Added support for ending time before starting time in a program (e.g., enabling a media from 10 PM to 8 AM is now possible).
• Changing user settings (e.g., language) now reloads all the user interface.
• Include user fonts in backup if user fonts are available.
• Nicer Fusion enabled logo.
• Do not reset the language when creating a new user.
• Media files with special characters (=, & and ; ) in their name could be deleted.
• Preview of templates with tabs was not showing the tabs.

JavaScript

• window global variable should return the SVGGlobal object for the current document, not the SVGGlobal prototype object.
• Make sure that when a document restarts its global variables are reset. It could be the case only if JavaScript code was run that did not touch the DOM tree.
• Crash when a JavaScript event handler raises an uncaught exception.

jSignage

• Crash when transition provided as a function that returns a transition returns null.
• .removeAttr(x) was not equivalent to .attr(x, null).
• Crash in . setInitialVisibility() or . setFillFreeze() on an image layer.
• .text() always clears all content in an element.
• Make $.textArea work with latest Firefox versions.

Security

• Updated giflib to 5.0.0 fixing CVE-2005-2974 and CVE-2005-3350
• Updated raptor to 2.0.8 fixing CVE-2012-0037
• Updated FreeType to 2.4.10 fixing CVE-2012-1126 to CVE-2012-1144, CVE-2011-3439, CVE-2011-3256, CVE-2011-0226
• Updated libxml2 to 2.9.0 fixing CVE-2012-0841, CVE-2011-3905, CVE-2010-4008, CVE-2011-2834, CVE-2011-1944, CVE-2011-0216, CVE-2011-3919
• Updated glib to 2.34.1 fixing CVE-2008-4316
• Fix for libxml2 CVE-2012-5134