Firmware release notes 4.9.7
This article is a stub. Main article: Firmware release notes 4.9.x.
Release 4.9.7
Release name: "Castor" 4.9.7. Release date: April 28th, 2026.
Improvements
- When the device certificate used by a player to authenticate with the SpinetiX HUB platform becomes invalid or otherwise unusable, the player now automatically attempts to re-enroll to obtain a new certificate; ensuring continued operations in the rare event the certificates need to be replaced.
- The Recovery Console is updated to version 2.29.0.
- Added an option to control the display hot-plug functionality (enabled by default) from Control Center → Display & Audio → Other and via the
display-hotplugelement in the Configuration API. The feature can now be disabled if it causes problems with some displays, when display power management is also enabled, so that the screen resolution and video mode are set at boot and never modified later, regardless of display changes.
Fixes
- Fixed an issue where the rendering latency was wrongly reduced when serial port events were received, even though the interactive event processing was disabled. Both options must now be enabled to activate the interactivity boost.
- Fixed an incompatibility with UPnP software that uses IPv6 addresses formatted in non-canonical form (e.g., using uppercase letters or not removing redundant zeroes), in which requests from such software would be rejected by the player with a 412 Precondition Failed error, an example of such software is Intel's Device Spy. This was a regression introduced in DSOS 4.9.0.
- Fixed an issue where players could fail to receive commands from the SpinetiX HUB / ARYA when they re-enrolled at the same moment that they were starting up, requiring a reboot to recover. Note that re-enrollment at startup does not occur in normal operation, it is only used in exceptional situations, such as storage region migration.
- Fixed an issue where ISO8601 date/time strings missing the milliseconds were not correctly parsed as Date objects.
- The analog audio output was no longer working on these players. This was a regression introduced in DSOS 4.9.0.
- Restoring a configuration backup on players without the SYSTEMS Feature Set could fail when using backups from older firmware versions. This also affected the firmware update from DSOS 4.8.8 and earlier since it involves a backup and a restoration of the player configuration. These backups now restored correctly.
- Failure to load a TPM attestation key was incorrectly flagged as a FATAL error in the logs, when it is actually an expected and recoverable error after DSOS is reinstalled. This is now logged with ERROR level to reduce confusion.
Security
Updated base libraries and components; the main changes are as follows:
- avahi: fixed CVE-2026-24401, CVE-2025-68471, CVE-2025-68468, CVE-2025-68276, all of which affected DSOS.
- libtasn1: fixed CVE-2025-13151, which may have affected DSOS.
- expat: fixed CVE-2026-25210, which affected DSOS, and CVE-2026-24515, which did not affect DSOS.
- glibc: fixed CVE-2026-0915, CVE-2026-0861 and CVE-2025-15281, all of which may have affected DSOS.
- glib-2.0: fixed CVE-2026-1489, CVE-2026-1484 and CVE-2026-0988, all of which affected DSOS, and CVE-2026-1485 which did not affect DSOS.
- libpng: fixed CVE-2026-25646 and CVE-2026-22695, all of which affected DSOS, and CVE-2026-22801, which did not affect DSOS.
- libxml2: fixed CVE-2026-0990 and CVE-2026-0992, which did not affect DSOS.
- openssl: updated to version 3.0.19 which fixed CVE-2025-15467, CVE-2025-69418, CVE-2025-69419, CVE-2025-69420, CVE-2025-69421, CVE-2026-22795 and CVE-2026-22796, all of which affected DSOS, and CVE-2025-68160, which did not affect DSOS.
Developer
- Added the
<display-hotplug>configuration tag to control the display hot-plug functionality (enabled by default).