Software Update Release Notes:

SecureSync™ Model 2400

10-May-2023

Software Version 1.7.0: Release Notes

Orolia released a software update for SecureSync 2400. Customers can download this software
update at no charge from the Orolia website. This software update will upgrade the unit’s system
software to Version 1.7.0.

This update provides added benefits through new features, enhancements to existing
functionality, as well as software fixes and security updates, as described in this document.

Note: if your unit is currently on a software version below 1.4.1, it is necessary to upgrade to
1.4.1 before proceeding further (see image below). The upgrade to 1.4.1 comes with significant
system changes and does not allow downgrading to earlier versions. Refer to the upgrade
warnings section of the 1.4.1 release notes in this document for specific information.

For your convenience, older legacy releases are also described in this document.

orolia.com SecureSync 2400 Release Notes V1.7.0 | 1

 SecureSync 2400 Software Release Notes

Table of Contents
Table of Contents ............................................................................................................................................................................................... 2

Version 1.7.0 ..........................................................................................................................................................................................................3

Version 1.6.0 ..........................................................................................................................................................................................................6

Version 1.4.3 ..........................................................................................................................................................................................................9

Version 1.4.1 ......................................................................................................................................................................................................... 10

Version 1.3.0 ........................................................................................................................................................................................................ 14

Version 1.2.2 ........................................................................................................................................................................................................ 17

Version 1.2.1 .........................................................................................................................................................................................................18

Version 1.2.0 ........................................................................................................................................................................................................ 19

Version 1.1.0a ...................................................................................................................................................................................................... 22

Version 1.0.2 ....................................................................................................................................................................................................... 23

Which SW version is installed on my SecureSync? ......................................................................................................................... 24

How to download and install the new SW ........................................................................................................................................... 25

How to contact Technical Support ......................................................................................................................................................... 26

orolia.com SecureSync 2400 Release Notes V1.7.0 | 2

 SecureSync 2400 Software Release Notes

Version 1.7.0

Newly released features

• Increased password policy security, authentication constraints, and lockout responses.
• Corrected the Secure LDAP (LDAPS) path and filenames for security certificates
functionality, made LDAPS the default setting, and added a warning message if LDAP is
configured to not use the secure settings. Adjusted settings to match LDAP password
permissions. Added a Disable Server Certificate Checks option to authenticate, if necessary,
LDAPS without proper security certificates.
• Added support for default user groups to configure permission levels of RADIUS, TACACS+,
and LDAP users.
• Added the SNMP variables ssSysStaDisciplining, ssSysSetManualTime, and
ssSysStaSyncState to the unit MIB to query the disciplining state.

Enhancements and fixes

The following improvements were applied to existing features and functions:

• Added support for the DER file type for uploading HTTPS certificates.
• Repaired inconsistencies in the REST API variables and documentation.
• Added support for special characters “:” “;” and “-“ to SNMP contact field.
• PTP status is now recorded in the daemon log.
• Expanded NTP Symmetric Key Strings to allow up to 40 hexadecimal characters. MD5 keys
can optionally allow up to 20 ASCII characters instead.

The following defects were corrected:

• Corrected PTP slave functionality within the G.8265.1 profile to accept profile-specific clock
classes.
• Fixed issue performing SNMP GET on the sysSetManualTime object.
• Corrected allowed constellation combination inconsistencies on the Web UI and CLI so that
settings align with receiver capabilities.
• Repaired time jumps occurring on PTP masters when applying leap seconds.
• On multicast, a PTP master now properly enters passive mode when not best in domain.
• Added prompting error messages for incomplete Web UI fields on the NTP setup page.
• Fixed an issue with units not completing Sanitization state as expected.
• Repaired HAVE QUICK Input 0 (via the 15-pin multi-I/O) sync issue.
• Fixed loss of GNSS signal when changing constellations via the front panel information
menu.
• Corrected Disciplining State Fault error message when GNSS is disabled on Low Phase
Noise units.

orolia.com SecureSync 2400 Release Notes V1.7.0 | 3

 SecureSync 2400 Software Release Notes

• Fixed issue with the timing system to reduce errors during receiver configuration.
• Corrected an intermittent LDAP certificate upload path issue.

Security enhancements and fixes

• Web UI logins and logouts are now recorded in the Auth log.
• Changes to Web UI passwords or password policy are now recorded in the Journal log.
• Changes to LDAP, TACACS+, and RADIUS server configurations are now recorded in the
journal log (sensitive data such as passwords are not logged directly, but the action of
change is noted).
• Added security to Web UI to prevent cross-site scripting attacks.
• Increased login security for user enumeration attacks and bad user lockdowns.
• Repaired PKCS7 http certificate uploads in the .der and .pem file formats.
• The LDAP bindpw field is no longer automatically populated on the Web UI or in the REST
API. Users are now required to reenter the password during configuration changes.

Option Card enhancements and fixes

• Upgraded option card versions:
o 1204-19 to 1.03
o 1204-21 to 1.02
o 1204-2B to 1.02
• Fixed an issue on 1204-19, -21, and -2B cards where a PPS output the signal could persist if
disabled during the span of the PPS pulse.
• Corrected 1204-0F card configuration errors

REST API enhancements and fixes

The latest REST API documentation (version 5) for this release contains the following changes:

• Added endpoints
o Added Set Global TACACS+ Configuration endpoint with required variable
user_group to configure user permission level.
• Changes to existing endpoints
o LDAP bindpw field is no longer automatically populated on Get LDAP Settings and
Set LDAP Settings responses.
• Added required variables
o When adding a TACACS+ server in Add TACACS+ Server endpoint, the button
variable is now required in the request body with the value "add_tacacs_server".
o Added required variable user_group to the Set Global RADIUS Configuration
endpoint for user permission levels.
o Added required variable disable_cert_check to Configure LDAP Settings
endpoint to enable LDAP-S without a valid certificate.

orolia.com SecureSync 2400 Release Notes V1.7.0 | 4

 SecureSync 2400 Software Release Notes

o Added required variable user_group to Configure LDAP Settings endpoint for

user permission level.
• Updated documentation
o Added documentation for Set Global RADIUS Configuration endpoint.
o Corrected misspelling of URL in PTP collection's Set Settings endpoint.
o Corrected inconsistencies in "success" field of response body for PTP collection's
Restore Settings and Clear Statistics endpoints.
o Changed collection to reflect validation correction for Get Symmetric Keys and Add
Symmetric Key endpoints.
o Added documentation for the Delete Interface IPv6 Address endpoint.
o Corrected typos in field names in the request and response bodies for the Edit
Symmetric Key endpoint.

Known Issues
• Option cards 1204-49 and 1204-4A are limited to install on slots 1 & 2 only.
• This software version DOES NOT ALLOW downgrades before version 1.4.1.
• ASCII time code format ICD-153c is supported only on the -02 and -1F option cards, and only
if the unit has a SAASM receiver installed. This format is not supported on the main board
interface (from 1.3.0).
• The clean command does not reset the GNSS position. It is recommended to unplug the
receiver, reset the receiver in the Web UI, and then run the clean command to reset the
GNSS position (from 1.3.0). The Sanitize functionality can also serve this purpose.
• PTP over a VLAN interface is not currently functional (from 1.4.1).
• PTP Power Profile (IEEE C37.238) is unable to pass the Alternate Time Offset Indicator and
Total Time Inaccuracy TLVs through the system when PTP interfaces are configured as both
a master and a slave (from 1.4.1).
• The SFP fiber link-state on models AVAGO AFBR-5710PZ and FTLF8519P2BNL are not
working properly (from 1.4.1).
• PTP Power Profile (IEEE C37.238) is only able to sync to an EdgeSync master when set to
mixed Unicast mode (from 1.4.1).
• Changing the system timescale will require PTP to be manually restarted (from 1.6.0).
• Telecom Quality Level clock classes are not supported for G.8265.1 PTP masters (from
1.7.0).
• GNSS receiver constellation configuration changes may intermittently fail to succeed.
Customers are advised to confirm constellation selections and retry the operation if the
changes were not successful (from 1.7.0).

orolia.com SecureSync 2400 Release Notes V1.7.0 | 5

 SecureSync 2400 Software Release Notes

Version 1.6.0

Newly released features

• Implemented a new Web UI Security Issues page and added warning messages related to
common web security concerns (some of these warnings may arise after upgrade if
conditions are present).
• Added full Sanitization support in the Web UI and CLI. Sanitizing the unit will remove all
user-related data, location history, usage statistics, etc., rewrite both partitions with clean
software, and return the unit to a state completely without user data. Full status reporting
of the sanitization process is available through the serial connection.
• Added support for HSTS (HTTP Strict Transport Security).
• Enabled Broadshield SNMP traps for jamming and spoofing monitoring.
• Created new REST API documentation (found at https://www.orolia.com/portal/public-
downloads/rest-api-for-securesync-netclock-9400-and-versasync/) to clearly outline
endpoints for the user. This documentation is also available within the Web UI on the HELP
page.
• Added detailed Hot Swap Power Supply (HSPS) monitoring features to the unit front panel,
SNMP communications, the Web UI, and the CLI. HSPS monitoring can be disabled to limit
alarming and communications about the state of a particular sled in a bay, if only one power
supply is installed.
• Added NMEA-over-UDP functionality. For more information, see the App Note
https://www.orolia.com/document/nmea-over-udp/ . Note: multicast frames can only be
sent on Eth0 (not Eth1).

Enhancements and fixes

The following improvements were applied to existing features and functions:

• Upgraded several packages:

o Updated the Linux kernel to 5.10.104
o Upgraded Apache to 2.4.54
o Upgraded Openssl to 1.1.1q
o Upgraded NetSNMP to version 5.9
o Upgraded OpenSSH to version 8.9p1
o Upgraded PHP to version 8.0.20
o Upgraded GPSD to version 3.23.1
o Upgraded CakePHP to 4.3.10
• Repaired non-functioning SNMP queries to objects in the UCD-SNMP-MIB file
• Fixed a problem with the SNMPv3 EngineID changing between reboots.
• When halting the unit, the fans are now set to run statically until power is removed.
• Added date information to the Timing menu of the front panel.

orolia.com SecureSync 2400 Release Notes V1.7.0 | 6

 SecureSync 2400 Software Release Notes

• The extension board now has version and upgrade capability. Information on the extension
board version can be found on the Upgrade page of the Web UI.
• Added password entry to Open LDAP server configuration.
• Enabled configuration of the alternate timescale displayname for a PTP Power System
profile master.
• Added support for querying the Broadshield jamming and spoofing state via SNMP.
• Added the speed over ground measurement to the RMC NMEA message type.
• In order to support vlan network tasks, users are now encouraged to use interface names
(eth0, eth1) instead of indexing via CLI commands.
• Added IPv6tables editing to admin accounts.
• Added support for specifying the delay asymmetry between outgoing and incoming paths to
counteract timing offsets introduced by the asymmetry.
• Spaces are now accepted characters in all compatible fields for LDAP setup in the Web UI.

The following defects were corrected:

• Fixed a Known Issue with the tcpdump command functionality, which was found to have
incorrect ownership, thereby preventing users from deleting files, even with admin rights.
(from 1.4.1).
• Fixed a Known Issue: DHCPv6 may not perform as expected. It is recommended to use
either static or stateless (SLAAC) IPv6 addressing, particularly with network time
distribution (from 1.2.0). The fix limits support to the default DHCPv6 prefix length of 64.
• Fixed the Known Issue: The restore factory defaults function clean does not currently reset
the Network Access control rule (from 1.4.1).
• Corrected a defect with duplicate log entries in the oscillator log.
• Fixed an issue wherein usernames were not being carried over by config bundles.
• Corrected an error that prevented deletion of config bundles created through the CLI.
• Added the unit serial number to the manifest log.
• Fixed an issue with timescale adjustments on ASCII references set via the Web UI.
• Added the In Sync message to the Events log.
• Fixed a problem with NTP peers, configured using hostnames instead of IP addresses, not
appearing correctly.
• Corrected an error in a chart on the Web UI GSPD Setup page that incorrectly sorted
elevation values.
• Corrected the default Receiver Mode to Standard (instead of Mobile).
• Corrected a PTP UTC offset of 0 sent from master to slave.
• Repaired an error in which disabling a master Ethernet port did not end the synchronization
of slaves to that port appropriately.
• Fixed the removal of local clocks in the unit configuration via the clearcfg command.
• Removed filtered offset thresholding in PTP to limit reference invalidation and increase
fidelity. Network instability is noted in the logs instead of the filtered offset.
• Corrected an incorrect 37 s PTP offset timestamp from master to slave when adjusting the
timescale setting.

orolia.com SecureSync 2400 Release Notes V1.7.0 | 7

 SecureSync 2400 Software Release Notes

• Fixed an issue with Ethernet connectivity if the default interface is not enabled
• Repaired upgrade logging functionality to ensure record on non-clean upgrade.
• Removed the possibility of creating a local clock without a name.
• Fixed an error with authentication logs not reaching the remote logging server.
• Fixed a failure of an NTP client to sync to another server.
• Fixed an incorrect 37 s PTP offset seen on the slave after loss of connection to master.
• Corrected an issue with initialization phase of LPN Rubidium oscillators.
• Resolved error on the front panel which only displayed the right fan speed but not the left.
• Fixed a bug which prevented the IP address on the front panel from updating.
• Corrected certain internal communications with SRO-100 oscillators.
• Fixed a memory leak problem with certain front panel screens being active.

Security enhancements and fixes

• Updated SSH functionality to limit weak MAC algorithms.

Option Card enhancements and fixes

• Updated the Extension Board to version 1.07
• Updated the 1204-4A and 1204-49 cards to version 1.2.0
• Updated option card 1204-18 to version 1.03 to correct an error with persistent signals.
• The 1204-3E STL card no longer requires reentry of security credentials for configuration.

Known Issues
• Option cards 1204-49 and 1204-4A are limited to install on slots 1 & 2 only.
• This software version DOES NOT ALLOW downgrades before version 1.4.1.
• ASCII time code format ICD-153c is supported only on the -02 and -1F option cards, and only
if the unit has a SAASM receiver installed. This format is not supported on the main board
interface (from 1.3.0).
• The clean command does not reset the GNSS position. It is recommended to unplug the
receiver, reset the receiver in the Web UI, and then run the clean command in order to
reset the GNSS position (from 1.3.0).
• PTP over a VLAN interface is not currently functional (from 1.4.1).
• PTP Power Profile (IEEE C37.238) is unable to pass the Alternate Time Offset Indicator and
Total Time Inaccuracy TLVs through the system when PTP interfaces are configured as both
a master and a slave (from 1.4.1).
• The SFP fiber link-state on models AVAGO AFBR-5710PZ and FTLF8519P2BNL are not
working properly (from 1.4.1).
• PTP Power Profile (IEEE C37.238) is only able to sync to an EdgeSync master when set to
mixed Unicast mode (from 1.4.1).
• Changing the system timescale will require PTP to be manually restarted.

orolia.com SecureSync 2400 Release Notes V1.7.0 | 8

 SecureSync 2400 Software Release Notes

Version 1.4.3

Notes
• Units with Hot Swap Power will display a Timing System Hardware Alarm (major) after
upgrading to this release if one or more power supplies is disconnected or not functional.

Enhancements and fixes

The following improvements were applied to existing features and functions:

• Fixed a bug occurring on cold boot that provided PTP slaves an incorrect timescale offset.
• Corrected a corrupt database sometimes caused by power removal during boot sequence.
• Fixed an issue with LPN-Rb oscillator units seen occasionally at startup.

Known Issues
• Option cards 1204-49 and 1204-4A are limited to install on slots 1 & 2 only.
• This software version DOES NOT ALLOW downgrades before version 1.4.1.
• ASCII time code format ICD-153c is supported only on the -02 and -1F option cards, and only
if the unit has a SAASM receiver installed. This format is not supported on the main board
interface (from 1.3.0).
• The clean command does not reset the GNSS position. It is recommended to unplug the
receiver, reset the receiver in the Web UI, and then run the clean command in order to
reset the GNSS position (from 1.3.0).
• PTP over a VLAN interface is not currently functional (from 1.4.1).
• The SFP fiber link-state on models AVAGO AFBR-5710PZ and FTLF8519P2BNL are not
working properly (from 1.4.1).
• The restore factory defaults function clean does not currently reset the Network Access
control rule (from 1.4.1).
• PTP Power Profile (IEEE C37.238) is unable to pass the Alternate Time Offset Indicator and
Total Time Inaccuracy TLVs through the system when PTP interfaces are configured as both
a master and a slave (from 1.4.1).
• PTP Power Profile (IEEE C37.238) is only able to sync to an EdgeSync master when set to
mixed Unicast mode (from 1.4.1).
• The tcpdump command has incorrect ownership, blocking all users from deleting files. To
remove files, the user can update to the same or a newer version. To prevent this scenario,
you can execute tcpdump as sudo tcpdump -Z <user> ..., (for example: sudo
tcpdump -Z spadmin -i eth0 -w file.pcap). This will cause the captured file to be
created with ownership of the specified user, allowing said user to delete (from 1.4.1).
• DHCPv6 may not perform as expected. It is recommended to use either static or stateless
(SLAAC) IPv6 addressing, particularly with network time distribution.

orolia.com SecureSync 2400 Release Notes V1.7.0 | 9

 SecureSync 2400 Software Release Notes

Version 1.4.1

Notes
• CAUTION: The 1.4.1 software does not allow downgrading. After applying this upgrade
bundle, the unit cannot switch to an earlier version of the software without being returned
to Orolia for reprogramming.
• This software version will upgrade BOTH system partitions to version 1.4.1 in order to
solidify significant system changes. Future standard upgrade files will only upgrade one
partition at a time.
• Some upgrade scenarios may cause a loss of user settings. See the Known Issue Upgrade
warnings for loss of or altered configurations for more information.
• Units with Hot Swap Power will display a Timing System Hardware Alarm (major) after
upgrading to this release if one or more power supplies is disconnected or not functional.

Newly released features

• Added support for downgrades and software rollback. This feature alters the file formats of
the upgrades (from .tar.gz to .squashfs) and has important effects:
o When upgrading from any earlier software version, you are REQUIRED to first upgrade
to version 1.4.1 in order to move to a later version.
o Users will be able to use the “rollback” feature following this software update; however,
the rollback feature will simply switch to the simultaneously installed version of this
software extant within the other partition.
o All subsequent software versions will allow downgrading to this version, but will not
allow customers to go below 1.4.1.
• Added support for Linux PTP profiles IEEE C37.238-2017 (power systems profile) and IEC
61850-9-3:2016 (power utility profile).
• Added support for the ED25519 host key algorithm for SSH.
• Added software support for DC fixed and Hot Swap power supply options.

Enhancements and fixes

The following improvements were applied to existing features and functions:

• Added missing journal logging for pin configuration, network settings, and NTP and PTP
configuration changes.
• Added statistics database to log bundles.
• The Authentication logging option was added to the Local Logging panel of the Web UI to
allow user configuration.
• Improved the performance and stability of network timing.

orolia.com SecureSync 2400 Release Notes V1.7.0 | 10

 SecureSync 2400 Software Release Notes

• Set System Time Message, Daytime Protocol, and Time Protocol settings to default to OFF.
Configuration enabling these features will persist through this upgrade.
• Added the ability for the user to reset PTP statistics.
• Improved Web UI behavior for PTP configuration.
• Assigned a Major Hardware alarm (called Timing System Hardware Error) in the event of the
Hot Swap Power Supply failure. This alarm will also be triggered if you disconnect or unplug,
but do not remove, a power supply sled.
• Implemented the FP_lock and FP_unlock CLI commands to effectively lock and unlock the
front panel.
• Added support for updated hardware (version 2) on the 1204-50 card.

The following defects were corrected:

• Fixed the Known Issue: When configured as a slave, the on-unit PTP will sometimes
incorrectly remain in a Sync state when the Master has gone out of sync (found in 1.3.0).
• Fixed the Known Issue: The 4A/49 option card user configurations will be lost when
performing an upgrade that is not “clean”. The card can be reconfigured and will function,
but any new configuration will not persist after a power cycle of the unit. Cleaning the unit
configuration (or performing a clean upgrade) will allow new configuration to persist
correctly. An applied configuration bundle saved from an earlier software version will
encounter the same difficulty (found in 1.3.0).
• Fixed the Known Issue: Any changes to the Logging Configuration (for instance, turning on
Local Logging) will not take effect without restarting the unit (found in 1.3.0).
• Fixed the Known Issue: If a user configures the time zone via the front panel, the
configuration will be lost after upgrade or config bundles are applied (found in 1.3.0).
• Fixed the Known Issue: The Reference Priority configuration is sometimes not restored
properly from configuration bundles and will have to be reconfigured following upgrades or
application of a config bundle from pre-1.3.0 software (found in 1.3.0).
• Fixed the Known Issue: When multiple major or minor alarms are present, the front panel
LED alarm status light will not activate. All other alarm behavior, including notifications,
operates as expected (found in 1.3.0).
• Resolved network timing and communication performance issues with the Belfuse SFP-
1GBT-05 in ETH1.
• Limited simultaneous UI selection of QZSS with incompatible GNSS signals in order to
prevent cross-correlation.
• Corrected an issue occurring when changing certain network settings that required
resetting DHCP to resolve.
• Fixed a Web UI 500 error seen when setting the default network interface for IPv6.
• Fixed a Web UI issue that allowed users to incorrectly set the PPS source field for ASCII
inputs delivered through the 15-pin connector.
• Edited Web UI settings to correct outdated branding.
• Repaired an issue with the detection of the General Purpose Output being incorrectly
identified as a Square Wave output.

orolia.com SecureSync 2400 Release Notes V1.7.0 | 11

 SecureSync 2400 Software Release Notes

• Corrected a Web UI error providing users with an incorrect “pulse width” field which does
not apply to 1PPS and 1PPM Output modes.
• Fixed an issue with the pin matrix failing to reset on a clean upgrade.
• Fixed a rare error with Rubidium oscillators in which the disciplining was incorrect.
• Resolved an omission in the Web UI upgrade log in which upgrade validation failures were
not displaying correctly.
• Fixed a problem with the receiver mode reporting incorrectly.
• Corrected a minor issue with ZDA NMEA message type displaying on the front panel when
used with ASCII output.
• Repaired Web UI issue not correctly displaying the 1204-4A and 1204-49 cards.
• Repaired a few minor errors occurring in the rare circumstance that the reference table is
fully emptied by the user.

Security enhancements and fixes

• Applied small patch to kernel to mitigate the Dirty Pipe vulnerability (CVE-2022-0847).
• Removed support for the SSH DSA algorithm due to insufficient key length. Customers are
advised to use RSA or equivalent. (DSA configuration will not be removed upon update or
while in use unless the user deletes the configuration).
• Added a console (serial) port connection timeout (60 minutes).
• Enhanced the REST API security by verifying the user’s privilege at expected points in order
to limit tampering.
• Limited access to databases without full REST API credentials.
• Fixed an error with HTTPS certificate generation in which the Organization and
Organization Unit fields were flipped.

Option Card enhancements and fixes

• Option cards 1204-49 and 1204-4A have been upgraded to version 1.1.2
o Fixed configuration loss after upgrade.
• Corrected an issue with the 1204-2F Programmable Frequency card reverting to default
settings following unit reboot.
• Fixed a problem with the 1204-32 PTP Grandmaster card IP settings being lost on reboot.
• Added a user field for the 1204-3E STL card to enter a time offset to compensate for
system or antenna cable delays.

Known Issues
• Option cards 1204-49 and 1204-4A are limited to install on slots 1 & 2 only.
• This software version DOES NOT ALLOW downgrades. If you put this software on your
system, and later need to return your unit to a software version that came before version
1.4.1, it will be necessary to return your unit to Orolia for reprogramming (from 1.3.0).

orolia.com SecureSync 2400 Release Notes V1.7.0 | 12

 SecureSync 2400 Software Release Notes

• ASCII time code format ICD-153c is supported only on the -02 and -1F option cards, and only
if the unit has a SAASM receiver installed. This format is not supported on the main board
interface (from 1.3.0).
• The clean command does not reset the GNSS position. It is recommended to unplug the
receiver, reset the receiver in the Web UI, and then run the clean command in order to
reset the GNSS position (from 1.3.0).
• PTP over a VLAN interface is not currently functional.
• The SFP fiber link-state on models AVAGO AFBR-5710PZ and FTLF8519P2BNL are not
working properly.
• The restore factory defaults function clean does not currently reset the Network Access
control rule.
• Upgrade warnings for loss of or altered configurations:
o On software versions before 1.3.0, SNMP, GPSD, and LDAP settings are preserved
on upgrade but not correctly transferred in configuration bundles. These services
will need to be re-enabled following the application of a configuration bundle.
o On software versions before 1.3.0, certain front panel settings for the Local Clock
and the Lock Keyboard function do not persist after upgrade.
o Upon upgrading to 1.4.1 or applying a configuration bundle from an earlier version,
the System Time Message feature will be set to ON, regardless of previous setting.
Following a Clean upgrade to 1.4.1, the System Time Message, Daytime Protocol, and
Time Protocol features will be configured to OFF (the new default state).
o If your current software is on 1.1.0a or earlier, a direct upgrade to 1.4.1 will fail unless
the clean option is selected. To prevent configuration loss, users are advised to save
a configuration bundle, perform a clean upgrade to 1.4.1, and apply the saved config
file.
• PTP Power Profile (IEEE C37.238) is unable to pass the Alternate Time Offset Indicator and
Total Time Inaccuracy TLVs through the system when PTP interfaces are configured as both
a master and a slave.
• PTP Power Profile (IEEE C37.238) is only able to sync to an EdgeSync master when set to
mixed Unicast mode.
• The tcpdump command functionality was found to have incorrect ownership, thereby
preventing users from deleting files, even with admin rights. To remove these files, the user
can update to the same or a newer version. To prevent this scenario, you can execute
tcpdump as sudo tcpdump -Z <user> ..., (for example: sudo tcpdump -Z spadmin
-i eth0 -w file.pcap). This will cause the captured file to be created with ownership of
the specified user, allowing said user to delete the file.

orolia.com SecureSync 2400 Release Notes V1.7.0 | 13

 SecureSync 2400 Software Release Notes

Version 1.3.0

Notes
• CAUTION: The 1.3.0 software does not allow downgrading. After applying this upgrade
bundle, the unit cannot switch to an earlier version of the software without being returned
to Orolia for reprogramming.

Newly released features

• Improved the on-unit PTP functionality. PTP now has an updated software subsystem, more
PTP profile options, and supports both Slave and Master configurations, Unicast, Multicast,
and Hybrid settings, and both IPv4 and IPv6 connections.
• Enabled the use of the High Security HTTPS option to restrict the use of TLSv1.
• Standardized the REST API functionality and the documentation procedure for it. All future
major changes to REST API endpoints will be documented in these release notes.

Enhancements and fixes

The following improvements were applied to existing features and functions:

• Upgraded several packages:

o Updated the Linux kernel to 5.10.19
o Upgraded Apache to 2.4.46
o Upgraded NTP to version 4.2.8p15
o Upgraded Openssl to 1.1.1j
o Upgraded NetSWP to version 5.8
o Upgraded OpenSSH to version 8.1p1
o Upgraded PHP to version 7.4.15
o Upgraded GPSD to version 3.23
NOTE: this upgrade contains a bug fix for the GPS week rollover issue on 2021-10-23.
• Improved the function of the clearlogs, clearstats, and clean commands in the Web UI.
• Improved the RADIUS, LDAP, and TACACS+ forms in the Web UI.
• Improved the user experience of the configuration page of the GP Output.

The following defects were corrected:

• Fixed the Known Issue: “In version 1.2.2, the 2400 cannot be configured to operate as both a
PTP slave and NTP client.”
• Fixed the Known Issue: “When switching PTP configuration between master and slave,
occasionally the change will not take effect unless manually disabling/reenabling PTP on
that interface.”

orolia.com SecureSync 2400 Release Notes V1.7.0 | 14

 SecureSync 2400 Software Release Notes

• Fixed the Known Issue: “The following option cards are currently limited in use to only slots 1
& 2: 1204-2F, 1204-13, 1204-23, 1204-49, 1204-4A, and 1204-30.” Two option cards (1204-
49 and 1204-4A) are still limited to install on slots 1 & 2 only. All other option cards are
available for use in any slot.
• Fixed the Known Issue: “STANAG 4430 HVK EXTENDED EDITION 1 is not currently
functional.”
• Fixed the Known Issue: “Units with more than four 1204-15 IRIG OUT cards installed at once
may experience failures and difficulty with programming the outputs.”
• Improved Galileo configuration to follow ublox receiver recommendations.
• Resolved an error with the gpsreset command
• Corrected an issue with certain services (LDAP, GPSD) that were preserved on an upgrade
but not during configuration bundle upload.
• Corrected an error in which the temperature alarm configuration was not properly
transferred on upgrade.
• Added a missing timescale selection field in the IRIG Output configuration.
• Corrected the Signature Control functionality in GP Output configurations.
• Added a missing toggle to enable/disable the System Time Message.

Security enhancements and fixes

• Resolved compatibility with DHCP, IPv6, and TACACS+.

Option Card enhancements and fixes

• Option card 1204-4A upgraded to version 1.1.1.
• Option cards 1204-23 now available for use on all slots.
• 1204-32 Gb PTP Master Card had several improvements with the updated version 1.31
firmware
o fixed inoperability with devices that use non-standard values for the PTP
transportSpecific field
o resolved an issue with PTP packets being broadcast before the unit is fully synchronized
o changed generation of clockAccuracy parameter to reduce unnecessary transitions
between Best Masters
o fixed configuration of TTL value on PTP multicast announce packets
o corrected the MAC address in Layer 2 PTP packets.

Known Issues
• Option cards 1204-49 and 1204-4A are still limited to install on slots 1 & 2 only.
• This software version DOES NOT ALLOW downgrades. If you put this software on your
system, and later need to return your unit to a software version that came before version
1.3.0, it will be necessary to return your unit to Orolia for reprogramming.
• When configured as a slave, the on-unit PTP will sometimes incorrectly remain in a Sync
state when the Master has gone out of sync.

orolia.com SecureSync 2400 Release Notes V1.7.0 | 15

 SecureSync 2400 Software Release Notes

• ASCII time code format ICD-153c is supported only on the -02 and -1F option cards, and only
if the unit has a SAASM receiver installed. This format is not supported on the main board
interface.
• The 4A/49 option card user configurations will be lost when performing an upgrade that is
not “clean”. The card can be reconfigured and will function, but any new configuration will
not persist after a power cycle of the unit. Cleaning the unit configuration (or performing a
clean upgrade) will allow new configuration to persist correctly. An applied configuration
bundle saved from an earlier software version will encounter the same difficulty.
• The clean command does not reset the GNSS position. It is recommended to unplug the
receiver, reset the receiver in the Web UI, and then run the clean command in order to
reset the GNSS position.
• Any changes to the Logging Configuration (for instance, turning on Local Logging) will not
take effect without restarting the unit.
• If a user configures the time zone via the front panel, the configuration will be lost after
upgrade or config bundles are applied.
• The Reference Priority configuration is sometimes not restored properly from configuration
bundles and will have to be reconfigured following upgrades or application of a config
bundle from pre-1.3.0 software.
• When multiple major or minor alarms are present, the front panel LED alarm status light will
not activate. All other alarm behavior, including notifications, operates as expected.

orolia.com SecureSync 2400 Release Notes V1.7.0 | 16

 SecureSync 2400 Software Release Notes

Version 1.2.2

Enhancements and fixes

The following defects were corrected:

• Fixed a one second offset found in PTP synchronization between the master and slave.
• Corrected an issue with PTP slaves incorrectly reporting as in-sync despite no longer
receiving messages from the master.
• Corrected an issue with PTP slaves incorrectly reporting as in-sync despite the designated
master no longer being in sync.

Known Issues
• In version 1.2.2, the 2400 cannot be configured to operate as both a PTP slave and NTP
client.
• When switching PTP configuration between master and slave, occasionally the change will
not take effect unless manually disabling/reenabling PTP on that interface.

orolia.com SecureSync 2400 Release Notes V1.7.0 | 17

 SecureSync 2400 Software Release Notes

Version 1.2.1

Enhancements and fixes

The following defects were corrected:

• Fixed an issue with a memory leak when specific pages were viewed on the front panel. This
includes pages viewed that timed out while open. This leak can be found in all previous
software versions and is automatically cleared upon a reboot, including when updating to
software version 1.2.1.

Known Issues
• The following option cards are currently limited in use to only slots 1 & 2: 1204-2F, 1204-13, 1204-
23, 1204-49, 1204-4A, and 1204-30.
• On units that have manually-set time as a PTP Master and then are switched to using a valid
reference, the Slave time does not correctly switch to the reference but will instead stay on
manual time. If switching between manually-set time and an external reference, the PTP master
must be restarted for the slaves to properly follow the new time source.
• When restoring configurations, the GNSS Constellations configuration is on rare occasions not
loading correctly.

orolia.com SecureSync 2400 Release Notes V1.7.0 | 18

 SecureSync 2400 Software Release Notes

Version 1.2.0
*Amendment issued on 2021/11/4: Thermal control of the cooling fans was added in this release.*

Newly released features

• Updated front panel appearance and functionality to add visual indications of reboot,
upgrade, and halt states, am/pm indicator light, front panel keypad lock, fan state, and to
allow users to configure the time zone of seven segment display.
• Added support for the Hotswap Power Supply feature in the Web UI and on the front panel.
• VLAN is now supported.
• Implemented support for IPv6, including PTP, front panel, and Web UI support
• Enabled support of the SAASM GPS system via option card 1204-50.
• Added support for NTP over Anycast.
• Added GPSD support on units with commercial receivers

Enhancements and fixes

The following improvements were added:

• Added static routes by interface into the Web UI

• Added an option to broadcast PTP timestamps in UTC rather than TAI with an added offset.
• Added enhanced support when the unit is configured as an NTP client to allow close
discipling of the oscillator.
• Enabled TACACS+ usernames and passwords to allow the “_” character
• Improved KTS host disciplining
• Upgraded the Linux kernel to version 4.19.120.
• Improved SFP functionality and reliability
• Removed faulty downgrade paths to earlier, non-standard versions. It will not be possible to
downgrade past 1.2.0 from this point forward.
• Changed SNMP monitoring output messages in order to match the SecureSync 1200
functionality to accommodate customers with both systems.
• Allowed users to select SNMP port

The following defects were corrected:

• Fixed an issue wherein the NTP and PTP references were incorrectly handled through the
Reference Monitoring chart in the Web UI.
• Corrected 1PPS and 10 MHz alignment
• Fixed a problem with errors on IRIG Outputs.
• Repaired routing to allow destination-based addressing

orolia.com SecureSync 2400 Release Notes V1.7.0 | 19

 SecureSync 2400 Software Release Notes

• Repaired an issue with the GNSS config file sometimes not saving correctly
• Fixed an error with phase validation reference monitoring.
• Resolved a problem occurring when manually set time was removed but the system did not
resync to correct references.
• Fixed an issue with the command clearlogs causing a break in the NTP stats recording
process
• Corrected a defect with log rotation functionality that caused potential storage problems.
• The net4 command now no longer returns Interface not Activated
• Repaired MTU settings changes in the Web UI
• Fixed a problem in which the listed event times in the Web UI were incorrectly displayed.

Security enhancements and fixes

• Addressed CSRF vulnerabilities related to POST/GET Restful functions
• Removed FTP support to allow for greater security (via SFTP)

Option Card enhancements and fixes

• Added support for option cards 1204-0A, -0F, -03, -09, -1F, -14, -40, -41, -42, -49, -50.
• Upgraded firmware version on the following option card:
1204-4A and 1204-49 cards to version 1.1.0.
Released version 1.31 for option card 1204-32
1204-10 upgraded to 1.03
1204-14 upgraded to1.02
1204-15 upgraded to 1.12
1204-1B upgraded to 1.04
1204-1E upgraded to 1.03
1204-22 upgraded to 1.03
1204-28 upgraded to 1.02
1204-34 upgraded to 1.01
• Added a field in the Web UI to allow the addition of an offset value to the output of the
1204-02 card

The following defects were corrected:

• Corrected a known issue in which the 1204-4A card configuration was not properly
transferred through the config bundle.

Known Issues
• Units with more than four 1204-15 IRIG OUT cards installed at once may experience failures and
difficulty with programming the outputs.

orolia.com SecureSync 2400 Release Notes V1.7.0 | 20

 SecureSync 2400 Software Release Notes

• STANAG 4430 HVK EXTENDED EDITION 1 is not currently functional.

• An issue exists with DHCPv6 not setting up valid subnet routes.

orolia.com SecureSync 2400 Release Notes V1.7.0 | 21

 SecureSync 2400 Software Release Notes

Version 1.1.0a

Enhancements and fixes

The following improvements were added:

• Added support for the Interference Detection & Mitigation Suite

• Added support for the 4A option card.
• Enabled PTP on both Ethernet ports.
• Created High Security HTTPS option
• Added LED blinking support for the front panel menu buttons to provide status indicators
• Implemented TACACS+, RADIUS, and LDAP security functionality.
• Inserted the latest version of the pdf User Manual directly to the Web UI.
• Improved clarity over GNSS selection combinations.
• Increased the size of the reference table beyond 16 entries.
• Added the clearcfg command to clear configurations but retain log information.

The following defects were corrected:

• Fixed an issue wherein the NTP status page did not display client throughput.
• Repaired a problem with ASCII Input Time validity in the GGA format.
• Corrected front panel problems: a difficulty displaying leap seconds, a problem halting and
clearing configurations, an issue with disabling output through the front panel, a problem
with the display of the IP address, and added a front panel test menu.
• Fixed a few minor Web UI errors involving display of option cards
• Repaired a few CLI command issues with the clean command, between IPv4 and IPv6
commands, portset/ portget, and gw4set/ gw6set. Confirmed consistency of CLI
commands and underlying network configuration functions.

Security enhancements and fixes

• Added Web UI security features to prevent login simultaneously from multiple locations and
mitigate brute force password attacks.

orolia.com SecureSync 2400 Release Notes V1.7.0 | 22

 SecureSync 2400 Software Release Notes

Version 1.0.2

Enhancements and fixes

The following defects were corrected:

• Fixed an issue with Rubidium units skipping the warmup fix.

Security enhancements and fixes

• No major vulnerabilities are currently known or repaired in this release.

orolia.com SecureSync 2400 Release Notes V1.7.0 | 23

 SecureSync 2400 Software Release Notes

Which SW version is installed on my SecureSync?

To determine the software version currently installed on your unit:

1. Login to the unit’s Web UI
2. Navigate to Tools > Upgrade/Backup. The System Configuration panel in center of the screen
displays the current version number under System:

Figure 1: Software revision reported under Tools > Upgrade/Backup.

orolia.com SecureSync 2400 Release Notes V1.7.0 | 24

 SecureSync 2400 Software Release Notes

How to download and install the new SW

Installing the Software Update

To upgrade the software installed on your unit, download the latest version from the Orolia
website: files.spectracom.com/downloads/24xx

Log on to the Web UI and navigate to Tools > Upgrade/Backup and click on Update System
Software in the Actions panel.

Click the Choose File button and select the upgrade file location; click Upload.

Click the Perform Upgrade checkbox. If desired, select the Clean Upgrade checkbox as well.

Click on the Submit button. The upgrade will begin immediately. The unit will reboot during this
process; it will be necessary to begin a new Web UI session.

For more information on this process or any other feature or function of the SecureSync 2400,
refer to the main user manual.

orolia.com SecureSync 2400 Release Notes V1.7.0 | 25

 SecureSync 2400 Software Release Notes

How to contact Technical Support

Should you have any questions or comments regarding any of the above-mentioned features or fixes, please
contact Technical Support:

https://www.orolia.com/support/

- End of document -

orolia.com SecureSync 2400 Release Notes V1.7.0 | 26