Release Notes
BrightSignOS

8.5

10min
8 5 53 2 (oct 17, 2024) improvements os 17836 (general) fixed a local privilege escalation vulnerability 8 5 53 (sep 18, 2024) improvements os 16200 (all) upgraded to latest version of openembedded, fixing many cves os 16143 (all) added libcurl security fixes (cve 2023 38545 and cve 2023 38546) bug fixes os 16196 (all) fixed an issue where a crash would occur when trimming incorrect http responses during network diagnostics os 16251 (all) fixed an issue where a crash would occur when the virtual keyboard was enabled in htmlwidgetqt os 16298 (all) fixed an issue where a player using aest does not correctly change time with dst os 16310 (all) fixed a time zone issue where local times in mexico would be incorrect os 16350 (all) fixed an issue where a virtual keyboard would not be initialized properly and thus not display os 16422 (all) fixed an issue where user variables would not be properly set when the value is an empty string supervisor (2 0 20), dws (0 1 51) and default autorun (0 0 80) updates (os 16336, os 16603, os 16746) bcn 14806 cleaned up supervisor rest api logging to make it easier to find important information bcn 15316 fixed a regression in which the chromium debugging section was not being displayed on the dws diagnostics screen bcn 15244 added the ability for users to diagnostic web server (dws) docid\ xue20rjxhft lq0rdmjbw in addition to the existing info, warning and error levels bcn 15081 lfn splash screen now shows ip address for wifi and ethernet bcn 15321 dws improvements when displaying edid information 8 5 47 (oct 05, 2023) improvements os 14162 (general) ensured that the brightsign "verified" header is always sent to prevent spoofing os 15988 (xd4/xt4) added “tun0” network interface to network configuration bug fixes os 14699 fixed an issue where the player would crash when attempting to use @brightsign/serialport os 15414 (xd4/xt4) fixed an issue where a screen does not rotate as expected but instead reverts to the default landscape orientation os 15551 fixed a chromium iframe memory leak related to qtwebengine os 15686 fixed a layering issue with certain css animations and z order os 15722 fixed an issue where the player does not properly perform ipv6 stateless address autoconfiguration (slaac) os 15731 fixed an issue where the browser fails to hide an already playing video when the “hwz” attribute is set to “z index 1” os 15972 (general) fixed an issue where hostconfiguration getconfig() returns “true” for loginpassword even when no password is set if no password is set, it should return “false” os 16105 (hd4/ls4/xd4/xt4) fixed an issue where html video would be hidden behind a black rectangle supervisor (2 0 17) and dws (0 1 49) updates bcn 9959 enabled access to a player’s registry via the remote and local dws bcn 14338 fixed an issue that prevented usb700 usb c and cellular modem usb a from connecting properly bcn 14422 added the ability to format both ssd and usb stick media when it is not formatted or mounted correctly this can be found under the diagnostics tab > format storage bcn 14781 added support for the upload and download of binary (non text) files through the rdws, including support for files of type ‘application/octet stream’ bcn 15069 created a new dws ui for telnet/ssh 8 5 36 (apr 26, 2023) improvements os 14731 upgraded to latest packages per openssl security advisory bug fixes os 13160 fixed an issue where dhcp ip in ipv6 was bound to the duid and not the mac address bcn 13310 fixed support for remote directory creation 8 5 33 (dec 05, 2022) improvements os 13924 forced redraw if html widget is moved os 14000 html widget storage quota can now be made large bug fixes os 14166 fixed non hwz video on 4k242, 4k1042, and 4k1142 models os 14238 fixed simultaneous video playback from multiple html widgets 8 5 31 (oct 24, 2022) notable changes os 12400 node upgraded to version 14 17 6 os 12444 chromium upgraded to version 87 0 4280 144 os 13121, os 13172 applied numerous cve fixes (merged all chromium cve fixes up to chromium99) cve 2021 0129, cve 2021 45960, cve 2021 46143, cve 2022 22822 27, cve 2022 23852, cve 2022 23990, cve 2022 25235, cve 2022 25236, cve 2022 25313 5, cve 2021 42374, cve 42376, cve 2020 36254, cve 2021 27218, cve 2021 27219, cve 2021 28153, cve 2021 3995, cve 2021 3996, cve 2021 45078, cve 202 23903, cve 2020 10531, cve 2021 33560, cve 2021 40528, cve 2021 36976, cve 2021 3658, cve 2022 23308, cve 2022 1271, cve 2022 0204, cve 2022 0563, cve 2021 3541, cve 2021 3517, cve 2021 30553, cve 2021 30569, 1204814 and 1197786, cve 2021 30560, cve 2021 30627, cve 2021 30618, cve 2021 30603, cve 2021 30585, cve 2021 30559, cve 2021 30547, cve 2021 30522, cve 2021 21227, cve 2021 30513, cve 2021 21231, cve 2021 30513, cve 2021 30518, cve 2021 30513, cve 2021 30515, cve 2021 21231, cve 2021 21207, cve 2021 21230, cve 2021 21227, cve 2021 21223, cve 2021 21203, cve 2021 21204, cve 2021 21202, cve 2021 21214, cve 2021 21221, cve 2021 21206, cve 2021 21220, cve 2021 21160, cve 2021 21156, cve 2021 21188, cve 2021 21195, cve 2021 21198, cve 2021 21175, cve 2021 21193, cve 2021 21190, cve 2021 21160, cve 2021 21165, cve 2021 21157, cve 2021 21148, cve 2021 21137, cve 2021 21153, cve 2021 21138, cve 2021 21119, cve 2021 21140, cve 2021 21140, cve 2021 21120, cve 2020 16044, cve 2020 16044, cve 2020 16044, cve 2021 21146, cve 2021 21114, cve 2020 16042, cve 2020 16030, cve 2020 16027, cve 2020 16016, cve 2020 16040, cve 2020 16034, cve 2020 16028, cve 2020 16024, cve 2020 16022, cve 2020 16014, cve 2020 16011, cve 2020 16008 fixed cve 2021 44532 in tls/node the chromium remote inspector is disabled by default on 8 5 release, even when it is enabled by rohtmlwidget enable inspector flag, or rohtmlwidget startinspectorserver an extra registry value has been added (”enable web inspector” in the “html” registry section) to enable the inspector this ensures that users do not unintentionally enable the remote inspector on production software, which is not secure and may increase memory usage chromium has dropped support for desktop style scrollbars brightsign os 8 5 is shipped with overlay scrollbars overlay scrollbars overlay on graphics and are only displayed when a page is scrolled they disappear when the page is still chromium87 uses separate javascript contexts for data urls it is no longer possible to inject javascript from the data url and access window context data urls no longer share the same url domain with the origin domain it is no longer possible to access cross site data from data urls chromium has added support to view remote device screen through inspector view this is not supported on brightsign devices due to architectural differences between desktop chromium and brightsign chromium has added more stringent security policies around cross site requests some of these security options can be disabled if needed but, unlike our security params ( rohtmlwidget docid\ xljq5 yhdma2ssmpzimtk ), these security options cannot be disabled per instance we have added an “html” → “disable web security” registry option to disable these security checks this change takes effect after a reboot improvements os 12211 added useinitiatoraddressfrompacket() method to bscectransmitter os 12538 clipped input from setcursorposition to resolution os 12767 brightsign video player has been extended to play in memory, or partially in memory blobs from html video elements os 12943 added a recipe for nodejs epoll package and included it in mission image os 13010 hdcp2 2 beta functionality is now disabled by default this can still be enabled if users wish to experiment with hdcp2 2 os 13022 rourltransfer no longer allows curl debug in encrypted brightscript os 13089 fixed black screen flash when switching between videos of different resolutions os 13154 raised mouse move events in html widget os 13206 html popups can now be accepted or rejected through script os 13363 ensured that removing the last item invalidates the rolist index os 13403 re instated support for elo touchscreens with a custom binary driver os 13512 added reassociate function that can safely re connect wifi connection without losing user configurations os 13705 made @brightsign/pointercalibration startcalibration arguments optional os 13764 reinstated the ability to disable mouse input on rohtmlwidget os 13781 web inspector now requires a registry entry to enable it os 13512 provided reassociate() method for scripts to reconnect wifi without losing user configurations bug fixes os 12831 added a fix for video capture being erroneously selected when playing back a video stream os 13053 fixed video location mismatch error os 13741 added focus management for overlapping widgets os 13117 added a registry option to enable allow running insecure content os 13827 avoid flushing cache when mapping assetpool can cause problem with active connections