Just a warning if you have special characters in your password at the start and update to 22.214.171.124 you may not be able to login.
Recommend you make another admin user and backup your config
Should you be locked out you have to reset login with cisco default change password Swap firmware Image to old 126.96.36.199 reboot then load your config login change your password then Swap firmware Image to new 188.8.131.52 and your up and running again.
Same problem with SG350-10MP.. This is a stupid bug and will catch anyone out who cares about security!
How to reset password: https://www.cisco.com/c/en/us/support/docs/smb/switches/cisco-small-business-300-series-managed-switches/smb4985-administrator-password-recovery-for-300-and-500-series-manag.html
I did not experience this issue upgrading an SG350X-12PMV from v184.108.40.206 to v220.127.116.11. (Password 60+ characters/350+ bits/multi-case alphanumeric plus special characters.)
You may need to log a case with the TAC so they can investigate and eventually file a bug. Following the standard process, this can be escalated and fixed with some of the next firmware releases.
According to the release notes the password encryption changed between 18.104.22.168 and 22.214.171.124 but I had no problems with that release.
I have verified that the username line in my config file was the same in an externally backed up 126.96.36.199 config file as when I recovered it from 188.8.131.52 using the console cable.
My password I've now checked was/is exactly 20 characters long with just lowercase and uppercase alphanumerics (it had no special characters).
What is possible is between 184.108.40.206 and 220.127.116.11 my password age was not updated and between 18.104.22.168 and 22.214.171.124 it had erroneously expired.
Resetting it using a console cable to exactly the same password as before works fine.. of course the line now looks different due to a different password age (presumably the date the password was set is stored in there) and salt ("In current release user credentials are salted and hashed using PBKDF2 based on HMAC-SHA-512 hash").
So while I haven't changed the outcome - I can bring clarity that it's unlikely to be specific passwords or a config upgrade issue that is causing the issue rather password expiry.
In my 126.96.36.199 config I had no reference to ageing but in 188.8.131.52+ I have "passwords aging 0 ", I wonder if there's an expiry bug we will see in the default ageing period (potentially 180 days). I'll keep my console cable handy.
Same issue with SG250X and 184.108.40.206. Update completed, rebooted and now "invalid password". 16 lenght with only & and ^ as special chars. Rest numbers and letters (mixed case)
Another SG350X updated at the same time (same version number), with the same password complexity and lenght has no issue. 16 lenght with only @ and ^ as specials chars. Rest numbers and letters (mixed case)