Additionally, the Linux kernel has been updated to 4.14 LTS.
The security of the administrative features of the device has been improved and hardened. The admin user now requires a password, and the admin dashboard and apps have been restricted to admin access only through a new authentication frontend. Non-admin users are no longer allowed to access or communicate with privileged CGI processes or apps on the device, which reduces the attack surface of the operating system and prevents several classes of remote code execution vulnerabilities.
The admin dashboard now also supports HTTPS with automatic certificate generation through Let’s Encrypt. If the device has been able to obtain a valid certificate and the browser is able to resolve the device correctly, the browser will be automatically redirected to HTTPS when accessing the admin dashboard.