Our cellular routers run a dedicated operating system (ICR-OS) that implements the core router functionality. This can be further extended by RouterApps and custom user scripts. We continuously maintain the ICR-OS as well as the RouterApps: we fix newly discovered security vulnerabilities or bugs and implement new features.

This page summarizes our software update policy.

Version Numbers

The ICR-OS has a version number x.y.z (e.g., 6.2.3).  When releasing a new version, we increment the:

1. X after doing fundamental changes that prevent reverting to a lower version;
2. Y after doing significant changes that require users to review and re-test the router configuration after update;
3. Z after doing small changes that do not impact existing functionality, which may be deployed automatically.

The RouterApps follow similar principles. When a RouterApp packages a specific well-known component (such as Docker or Zabbix), it overtakes its version number.

Update Frequency

New ICR-OS and RouterApp versions are released as needed. We announce new releases in our Blog, which can be monitored via an RSS Feed or subscriptions to individual Router Models.

For the ICR-OS we make our best effort:

1. To release new features at least twice a year.
2. To release fixes for newly identified security vulnerabilities within 60 or 90 days, as detailed below.

Release Notes

Whenever possible, we make new features available to all product families. Some products, though, cannot support certain features. For example, models equipped with built-in eMMC memory are required to support Docker.

Each ICR-OS release is accompanied by Release Notes that describe new features, fixes, and other changes implemented in the firmware and identify which products are affected by the change.

Security Fixes

As described in our Vulnerability Disclosure Policy, we calculate the severity (CVSS score) of each security vulnerability that affects our products.

For the ICR-OS, we make our best effort to fix each critical vulnerability (of CVSS score 9.0 and higher) within 60 days and each high severity vulnerability (of CVSS score 7.0 and higher) within 90 days after the vulnerability is published in NVD or reported to us.

For the RouterApps no particular remediation deadline is guaranteed.

Update Period

We provide ICR-OS updates at least during the entire warranty period of each product, including the End-of-Life (EOL) products under warranty. The warranty period for each product family is listed in our Service Policy. The life cycle is displayed for each Router Model.