Release 10.10.0.41
Fixes
| Component | Description | Issue |
|---|---|---|
| Inventory roles | To improve performance, unnecessary type queries have been removed from the inventory roles assignment page. The has('c8y_IsDeviceGroup') fragment is used, instead of a type+eq+c8y_DeviceSubgroup query. |
MTM-46014 |
Release 10.10.0.36
Info
There have not been any significant improvements or fixes related to this component since the last Maintenance release.
Release 10.10.0.35
Fixes
| Component | Description | Issue |
|---|---|---|
| Administration | The performance of the Status tab in the application's details has been improved by avoiding excessive communication with the backend. Reducing the load on the backend also improves the overall platform stability. | MTM-45279 |
Release 10.10.0.33
Info
There have not been any significant improvements or fixes related to this component since the last Maintenance release.
Release 10.10.0.32
Fixes
| Component | Description | Issue |
|---|---|---|
| Microservices | In order to address the Spring4Shell vulnerability (CVE-2022-22965), the following Java Microservice SDKs have been updated.
- For Java & Microservice SDK 10.10 and 10.9: Spring Framework has been upgraded to version 5.2.20.RELEASE. - For Microservice SDK 10.7: Spring Framework has been upgraded to version 5.2.20.RELEASE. It is recommended that customers re-build their microservices with these updated SDKs. |
MTM-44862 |
Release 10.10.0.31
Info
There have not been any significant improvements or fixes related to this component since the last Maintenance release.
Release 10.10.0.30
Fixes
| Component | Description | Issue |
|---|---|---|
| CEP (Esper) | A performance issue has been fixed by optimizing the CEP event mapping time. | MTM-41219 |
Release 10.10.0.28
Fixes
| Component | Description | Issue |
|---|---|---|
| CEP (Esper) | Random blocking of database connection attempts from predefined smart rules has been fixed. | MTM-41797 |
| REST API | Fixed a race condition during event binary upload which caused a wrong binary assignment. | MTM-43591 |
Release 10.10.0.26
Improvements
| Component | Description | Issue |
|---|---|---|
| Administration | A new tooltip has been added to the authorization settings which explains that the Enforce that all passwords are strong (green) checkbox cannot be edited because the property is enabled on system level. | MTM-36662 |
| Messaging Service | All Messaging Service components, including the Pulsar server, notifications WebSocket server, and the data broker microservice, have been updated to fix the vulnerabilities in the log4j library reported as CVE-2021-44228 and CVE-2021-45046. | MTM-42838 |
| REST API | The REST API has been updated to provide the ability to query alarms by filtering using createdFrom=<iso-date-time> and createdTo=<iso-date-time> parameters. |
MTM-42499 |
| Security | The vulnerable Log4j library has been updated to the secure 2.17.1 version. | MTM-43349 |
Fixes
| Component | Description | Issue |
|---|---|---|
| Enterprise tenant | On the Branding page the following fields are now mandatory: Main brand logo, Favicon, Main brand color. | MTM-42893 |
Release 10.10.0.24
Fixes
| Component | Description | Issue |
|---|---|---|
| Administration | The cell ID usage statistics icon was still referring to the old FontAwesome icon library. This has been fixed by a reference to the current Delite icon library. | MTM-42306 |
| Karaf/OSGI | The Log4j library has been updated to version 2.16 to mitigate CVE-2021-44228. | MTM-42885 |
Release 10.10.0.21
Fixes
| Component | Description | Issue |
|---|---|---|
| Export | The export title has been missing in the filename of export files. This has been resolved. | MTM-41901 |
Release 10.10.0.20
Fixes
| Component | Description | Issue |
|---|---|---|
| Report-agent | Removing the export configuration now properly removes its configured schedulers. As a result, report-agent doesn't attempt to create an export for non-existing configurations, which previously resulted in an error in logs. | MTM-40358 |
Release 10.10.0.19
Info
There have not been any significant improvements or fixes related to this component since the last Maintenance release.
Release 10.10.0.18
Improvements
| Component | Description | Issue |
|---|---|---|
| Security | To support customers with older devices Cumulocity IoT supports weaker ciphers by default. If you are running on a self-hosted or dedicated environment and wish to remove support for these weaker ciphers you need to contact your Operations Team to request them to remove support for the weaker ciphers. For customers of Cumulocity IoT Public Cloud please contact Software AG Global Support to raise a ticket. | MTM-41831 |
Fixes
| Component | Description | Issue |
|---|---|---|
| REST API | The race condition which can occur during the processing of the following requests has been corrected:
GET, POST, PUT /user/{tenantId}/users/{username}/roles/inventory GET, PUT, DELETE /user/{tenantId}/users/{username}/roles/inventory/{id} GET /user/{tenantId}/users/{username}/roles/inventory/{id}/roles In rare cases the race condition could have caused errors during the processing of the above requests. |
MTM-41855 |
Release 10.10.0.17
Improvements
| Component | Description | Issue |
|---|---|---|
| REST API | Added the possibility to query alarms and events by filtering using lastUpdatedFrom=<iso-date-time> and lastUpdatedTo=<iso-date-time> parameters. |
MTM-41364 |
Fixes
| Component | Description | Issue |
|---|---|---|
| Email templates | When the tenant administrator creates a new user, the user receives a confirmation email along with a password reset option. Previously, the default password reset email template did not contain the username. The template has been changed so that for new users the username is included in the email. | MTM-40430 |
Release 10.10.0.16
Improvements
| Component | Description | Issue |
|---|---|---|
| Core platform | To improve performance, the default setting for the algorithm to generate database IDs has been changed. This change particularly affects high volume, high concurrency ingestion. | MTM-33426 |
Fixes
| Component | Description | Issue |
|---|---|---|
| Administration | The New tenant form had some overlapping style issues on the Storage limit per device field which made error messages unreadable. These issues have been fixed. | MTM-41498 |
| REST API | When the use of green passwords is enforced and the minimal strong password length (system.password.green.min-length property) is higher than the device password length (device-user.password.length property), the system will use the green.min-length value, that means, generate a longer password. Prior to this change, the system rejected auto-generated passwords that were too short blocking device bootstrap. |
MTM-39836 |
Release 10.10.0.15
Info
There have not been any significant improvements or fixes related to this component since the last Maintenance release.
Release 10.10.0.14
Fixes
| Component | Description | Issue |
|---|---|---|
| Administration | In the User page, the number of entries in the user list was restricted to 100 items. Now, the user list can show more than 100 users. | MTM-40458 |
| Administration | An issue with asynchronous tenant deletion has been resolved. Previously, when the platform failed to delete one tenant (for example due to database issues), then it stopped processing the deletion of a task. The fix contains handling errors, which now enable the deletion of other tenants to continue. Additionally, after a tenant deletion task failed for tenants, it retries the operation for up to 10 times. If it fails 10 times, then the affected tenant is suspended and an alarm is raised on the Management tenant. | MTM-40638 |
| Core platform | The Japanese version of the UI showed a wrong translation for the "Major" alarm severity. With this fix, the behaviour has been corrected. | MTM-40111 |
Release 10.10.0.13
Fixes
| Component | Description | Issue |
|---|---|---|
| Administration | In the User page, the number of entries in the user list was restricted to 100 items. Now, the user list can show more than 100 users. | MTM-40458 |
Release 10.10.0.12
Improvements
| Component | Description | Issue |
|---|---|---|
| Administration | Users can now use the User settings dialog to control the collection of usage data and product experience features such as Knowledge Hub and product notifications. See Getting started > User options and settings in the User guide. | MTM-37359 |
| Performance | The performance for querying top-level groups with inventory roles has been improved for large device hierarchies. This improves the responsiveness of the following pages: inventory roles assignment to users, top-level groups view in Device Management and Cockpit. | MTM-40298 |
Release 10.10.0.8
Improvements
| Component | Description | Issue |
|---|---|---|
| Administration | After removing delegated users, audit logs were not displayed for the shared user manager role and an error message "Cannot find document with ID" was displayed. The issue has been fixed by making sure that such events do no longer prevent audit logs from being displayed. | MTM-37679 |
| Administration | New SIM providers can now be added in the Connectivity page (Settings > Connectivity). The SIM provider settings use the JSON schema declaring the properties required to configure a given SIM provider, and will display a dialog in which users can create, update and delete their provider configuration. | MTM-37983 |
| Administration | The performance when paging the file repository with a large number of inventory binaries has been significantly improved. | MTM-37890 |
| Authentication | To improve the audit logs, information on password change and reset is now included. | MTM-38378 |
| Authentication | To improve the audit logs, user logins and login failures from oAuth Internal are now included. | MTM-38384 |
| Authentication | To improve the audit logs, information on single sign-on user logins is now included. | MTM-38383 |
| CEP (Esper) | Some Java library calls have been disabled in this release for security reasons. If you have Esper CEL that uses Java system calls, you should test your application carefully in an upgraded test environment before upgrading your production environment. | MTM-37710 |
| REST API | The Inventory API has been improved with a new "hasany()" function which now accepts multiple parameters. This means that on a query it is possible to use a single statement rather than multiple OR statements. For example: /inventory/managedObjects?query=$filter=hasany(c8y_IsDynamicGroup, c8y_Status) | MTM-38270 |
| Two-factor authentication | The Limit Token Validity field has been disabled for OAuth Internal. A popup message has been added which informs the user that in case of OAuth Internal the JWT token validity is used so that the field cannot be edited. | MTM-37723 |
Fixes
| Component | Description | Issue |
|---|---|---|
| Administration | In the Management tenant, providing a URL in Settings > Configuration > Support link will now enable the Request support button. Previously, the button was not visible. | MTM-37441 |
| Administration | Tenant domains used to allow underscore signs (_). However, those characters are not allowed in wildcard certificates (for example, subdomain.cumulocity.com). Now underscores are no longer allowed in tenant domains. | MTM-32420 |
| Core product | Fixed handling big values for measurements provided via scientific notation. Values are now stored as floating point type. | MTM-37811 |
| Core product | Deleted users will no longer break the audit logs for shared user manager users. | MTM-37679 |
| Data broker | Data broker will now automatically recreate destination devices that have been manually deleted. This will happen during child-parent relation creation, and during regular device synchronization tasks (every 6 hours). | MTM-37681 |
| Export | Measurements added from data points are now escaped with bracket notation in order to support special characters (for example,whitespaces) in fragment and series names. | MTM-38089 |
| Export | In the export details, the checkbox for the time range selection now correctly reflects the saved configuration when opened for editing. | MTM-37685 |
| Export | When migrating smart-rule-based schedules to the new reporting agent, the platform will make sure they are activated right away, without any required extra action from the user. | MTM-37718 |
| Microservices | To improve compatibility with CORS-dependent clients, the Access-Control-Allow-Origin header is now appended to the response returned from the microservice proxy when the Origin header is used in the request. |
MTM-35817 |
| Microservices | Custom microservice roles will be deleted now when unsubscribing or deleting the microservice. | MTM-38169 |
| MQTT | Error messages were improved to clearly indicate the root cause for issues when devices using an MQTT connection and device certificates fail to authenticate against the platform. | MTM-36963 |
| MQTT | The JWT token can now be generated for devices authenticated with certificates regardless of the preferred login mode set (Basic, OAuth Internal). Previously it was only possible when the login mode was set to OAuth Internal. | MTM-35965 |
| Realtime | Improved performance of creation and update of events and alarms for the devices in the deeper hierarchies. Because of the cache, the realtime notification from the children can be missed on the UI dashboards shortly after changing the device parents (in the first 5 minutes). | MTM-37336 |
| REST API | In some instances error messages were thrown as suspended tenant/s subscriptions were being removed from the system. This has been resolved. | MTM-36185 |
| REST API | Security has been improved by including the header X-Content-Type-Options: nosniff to all responses from the Cumulocity IoT platform. |
MTM-37335 |
| REST API | An endpoint has been added to allow filtering of bulk operations by time. For details, see Device control > Bulk operation in the Cumulocity IoT OpenAPI Specification. | MTM-32397 | REST API | For custom queries on the inventory API filtering by Boolean is now available.
Example: /inventory/managedObjects?query=my_bool eq false |
MTM-37407 |
| REST API | It is possible now to pass multiple parameters into the bygroupid(...,...,...) query function in the Inventory API. |
MTM-37053 |
| REST API | Binary API: The size of the binary sent to the API is now based on the actual size and not based on the Content-Length header. |
MTM-35295 |
| REST API | Numbers provided in scientific notation in REST requests will now be deserialized directly to 64 bit IEEE-754 floating point type (Double). This prevents "integer overflow" responses in corner cases. | MTM-38052 |
| Single sign-on | Users logged in by single sign-on can now change the UI language. | MTM-36038 |
| Smart rules | When creating a smart rule for an operation in the Control tab of a device, hovering over the remove button caused the cursor to flicker. This has been fixed, and the cursor no longer flickers. | MTM-33753 |
| SMS | The SMS provider OpenIT/plusserver now supports sending SMS with non-ASCII characters. | MTM-37600 |