Platform services

Release 10.13.0.432

Fixes

Component Description Issue
Authentication The REST API endpoint /application/applications/{id}/logs so far required the role ROLE_APPLICATION_MANAGEMENT_ADMIN. This has been changed. The endpoint now requires either the ROLE_APPLICATION_MANAGEMENT_ADMIN or ROLE_APPLICATION_MANAGEMENT_READ. MTM-52028

Release 10.13.0.405

Info
There have not been any significant improvements or fixes related to this component since the last Maintenance release.

Release 10.13.0.402

Fixes

Component Description Issue
Authentication The performance of the first user requests sent after node restart has been improved. Prior to this change, there was an issue in rare cases where the number of all global roles in a tenant was close to but not exceeding 100, and many thousands of devices were concurrently trying to authorize MQTT connections on the restarted node. MTM-52049

Release 10.13.0.390

Fixes

Component Description Issue
Authentication On the Basic settings tab in the Authentication page, TFA (two-factor authentication) is now correctly shown as enabled if enforced by the platform. MTM-49942

Release 10.13.0.389

Fixes

Component Description Issue
Administration Fixed an issue with incorrect titles on several application detail tabs. The page title now consistently shows the application name. MTM-51150

Release 10.13.0.384

Info
There have not been any significant improvements or fixes related to this component since the last Maintenance release.

Release 10.13.0.376

Improvements

Component Description Issue
Authentication The single sign-on configuration page is no longer accessible for users if the access to the single sign-on configuration object is forbidden for the tenant via the REST endpoint (HTTP error 403). MTM-49970
Documentation The URLs for the API documentation have been updated for more consistency:

- https://cumulocity.com/api for the landing page (no change).
- https://cumulocity.com/api/core for the core API, pointing to the latest version.
- https://cumulocity.com/api/core/[release] for the [release] release of the core API, where it was formerly https://cumulocity.com/api/[release].
- https://cumulocity.com/api/[product] for product APIs, pointing to the latest versions, where the products are: datahub, dtm, edge and oee.
- https://cumulocity.com/api/[product]/[release] for the [release] release of the product API, where it was formerly https://cumulocity/[product]/api/[release].
MTM-48229

Release 10.13.0.370

Fixes

Component Description Issue
Administration Logging in with the support user is now possible even if the target tenant has basic authentication restrictions. Moreover, the tenant ID setup page will no longer appear for domains containing "localhost" or "127.0.0.1". MTM-47230

Release 10.13.0.361

Fixes

Component Description Issue
Data Broker The data broker no longer passes on the c8y_ActiveAlarmsStatus fragment from devices in the source tenant to the destination tenant. This is an internal setting which cannot be updated by the user and which is not required on the destination tenant. The propagation of alarms to the destination tenant is not affected by this change. MTM-49670

Release 10.13.0.354

Info
There have not been any significant improvements or fixes related to this component since the last Maintenance release.

Release 10.13.0.349

Fixes

Component Description Issue
Administration The performance of the Users page has been improved. Loading root users with a large number of sub-users (100+) now takes less than 1s, while previously, with a larger number of sub-users (around 500), it took around 30-60s. Moreover, the request to fetch all children of a root user is now up to 10 times faster, depending on the number of sub-users and the number of their global roles. MTM-45523
Single sign-on To prevent potential misconfiguration, trial tenants created in the Software AG Cloud are by default not allowed to access the single sign-on configuration. Via a REST endpoint the Management tenant can restrict or allow the access to the single sign-on configuration for specific tenants. Refer to Configuration access in the User guide for more details.

Note that with this fix the REST endpoint, assuming the Management tenant was configured accordingly, does prevent saving changes. However, the UI might still offer the option to do changes. These changes cannot be saved. This option in the UI will be removed in on of the next maintenance releases.
MTM-49784

Release 10.13.0.342

Fixes

Component Description Issue
Administration The performance of loading user details in the Users page has been improved. Now, when scrolling down the user list, the system always loads the next 100 users in a much faster way than before. MTM-48171

Release 10.13.0.321

Fixes

Component Description Issue
Administration Fixed an issue with inconsistent phone number validation between UI and backend in the user details page which in some cases prevented a user from being saved. MTM-48171
Administration The validation rules for phone numbers have been changed in order to support more formats. Prior to this change, issues occurred when provisioning new tenants with particular phone number formats. MTM-42789

Release 10.13.0.309

Fixes

Component Description Issue
Data Broker The data broker connection handling between source and target tenants has been improved. Excessive resource usage for connectors using the operations API was reduced and it is now properly cleaned up. MTM-48709

Release 10.13.0.299

Info
There have not been any significant improvements or fixes related to this component since the last Maintenance release.

Release 10.13.0.292

Fixes

Component Description Issue
Core platform The cached content-length header value is now always added only for HTTP/1.0 for the binary download endpoint GET /inventory/binaries/{moID}. This is done to correctly support the chunked Transport-Encoding for HTTP/1.1+ and fixes the issue where devices could not upgrade firmware because of the missing Transport-Encoding=chunked header. MTM-48010

Release 10.13.0.281

Fixes

Component Description Issue
Authentication Fixed an issue which created an HTTP 500 error with a redirect during single sign-on user logout, when the refresh token was not present. MTM-47434
Support user Logging in with the support user is now possible even if the target tenant has basic authentication restrictions. Moreover, the tenant ID setup page will no longer appear for the domain containing "localhost" or "127.0.0.1". MTM-47230

Release 10.13.0.260

Info
There have not been any significant improvements or fixes related to this component since the last Maintenance release.

Release 10.13.0.230

Fixes

Component Description Issue
Administration On editing subtenants, parent tenants can no longer delete the administrators phone number, if the phone number is a mandatory field (for example, if TFA is enabled). MTM-46183
Enterprise tenant Subtenants of an Enterprise tenant can be created only inside the domain of that Enterprise parent tenant, for example, parent.example.com is allowed to create subtenants only under *.example.com. MTM-41980

Release 10.13.0.187

Fixes

Component Description Issue
Data broker Vulnerable libraries inside the databroker-agent-server microservice were updated in order to address CVE-2020-36518. Update details:
- pulsar-client updated from 2.8.2 to 2.8.3
- jackson-databind updated from 2.12.6 to 2.12.7
MTM-46149
Smartrules It is now again possible to add smartrules for subscribed microservices, not only for applications installed directly on the tenant. MTM-45519
SMS In the Administration application, the SMS provider selection dropdown overlapped the delete confirmation dialog box. This has been fixed by making the delete confirmation dialog box the top visible element on the page. MTM-46403

Release 10.13.0.167

Improvements

Component Description Issue
REST API The performance of creating measurements has been improved by removing redundant read requests to the database. MTM-44162

Fixes

Component Description Issue
Administration The performance of the Status tab in the application's details has been improved by avoiding excessive communication with the backend. Reducing the load on the backend also improves the overall platform stability. MTM-45279
Authentication Fixed an issue where a session was unintentionally removed for users logged in via OAI-Secure after renewing and revoking a token. MTM-44091
Authentication It is now possible to display all audit log entries related to auth configuration by filtering by "Tenant Auth configuration". MTM-45072

Release 10.13.0.125

Improvements

Component Description Issue
Administration In the Own Applications detail view the read-only fields are now properly disabled so that it is clear that they cannot be edited. MTM-26133
Administration In the SMS provider configuration certain tenant options can be inherited from the microservice owner tenant. Previously, this could not be determined from the UI. Now an additional hint (inherited from <tenantID>) will be displayed to denote that. MTM-38050
Administration The list items in Data broker > Data connectors had a misaligned icon and title. This has been corrected by placing these elements in the same line. MTM-43067
Administration The navigation in the single sign-on authentication and Enterprise tenant configuration pages has been improved. All actionable elements are now visible without too much scrolling, for example, the enabled Save button is immediately visible after settings have been changed, instead of scrolling to the bottom of a long page. The layout of these pages was made consistent with the rest of the UI. MTM-41905
Administration The Default subscriptions page (previously under Applications and now under Ecosystem in the navigator of the Administration application) had several experience and layout problems. This has been fixed by correcting the title copy, moving the applications column to the left of both Tenant creation and Platform update checkbox columns and adding missing title properties for improved accessibility. MTM-43360
Administration The loading time of the subtenants list in the Tenants page has been improved. MTM-41049
Administration If a user with admin privileges changes the roles or the password of another user, a message shows up stating that this particular user will be logged out. MTM-43059
Authentication A new tooltip has been added to the authorization settings which explains that the Enforce that all passwords are strong (green) checkbox cannot be iterated because the property is enabled on system level. MTM-36662
Billing Two additional fields have been introduced to the device statistics:
- deviceType - value of the type field from the corresponding device
- deviceParents - list of unique identifiers of parents for the corresponding device
MTM-41317
Core platform The Inventory API has been enhanced to include information on the child hierarchy of a managed object, this improves both the API and the user interface.
A new parameter withChildrenCount has been introduced for the endpoints inventory/managedObjects and /inventory/managedObjects/{id} which returns the number of managed objects in lists: childAdditions, childAssets, childDevices.
It works as follows:
- if not provided - number of documents is not returned (property is omitted)
- for withChildrenCount=true - number of documents is returned
- for withChildrenCount=false - number of documents is not returned (property is omitted)
The parameter withChildrenCount can be used together with the parameter withChildren and for parameters withChildrenCount=true&withChildren=false the endpoint will return the number of documents in assets without a list of documents.
MTM-40340
Messaging Service It is now possible to configure a HTTP/HTTPS proxy for the data broker agent microservice, in the usual manner for microservices. See General aspects > Microservice manifest in the Microservice SDK guide. MTM-41307
Messaging Service All Messaging Service components, including the Pulsar server, notifications WebSocket server, and the data broker microservice, have been updated to fix the vulnerabilities in the log4j library reported as CVE-2021-44228 and CVE-2021-45046. MTM-42838
REST API The REST API has been updated to provide the ability to query alarms and events by filtering using lastUpdatedFrom=<iso-date-time> and lastUpdatedTo=<iso-date-time> parameters. MTM-41364
REST API The legacy Dozer library has been removed from Cumulocity IoT core and CEP Esper, improving security by removing redundant code. MTM-38301
REST API The REST API has been updated to provide the ability to query alarms by filtering using createdFrom=<iso-date-time> and createdTo=<iso-date-time> parameters. MTM-42499
Security As a protective measure for CVE-2021-44228 on start-up of a microservice Cumulocity IoT Core adds a specific property to the microservice environment variables in order to suppress log4-jndi lookups. Refer to the Microservice SDK guide for details. MTM-42875
Security Updated vulnerable libraries to safe versions: jackson-databind to v2.10.5.1 and ehcache to v2.10.9.2. MTM-40685
Security The vulnerable Log4j library has been updated to the secure 2.17.1 version. MTM-43349
Security Spring Boot for Microservice SDK has been upgraded to version 2.5.8. For details on the upgrade, see Microservice SDK for Java in the Microservice SDK guide. MTM-41282
Support user The support user feature can now also be used with session-based token authentication. Prior to this change, it was only available with Basic authentication. MTM-39645

Fixes

Component Description Issue
Administration Microservice logs can be viewed with realtime on or off. If realtime is on, the next and the last page buttons are now disabled. MTM-39675
Administration The New tenant form had some overlapping style issues on the Storage limit per device field resulting in unreadable error messages. These issues have been fixed. MTM-41498
Administration It is now possible to collapse folders on the Inventory roles tab of users. MTM-41004
Administration Password strength validation works consistently now during subtenant creation. MTM-41565
Administration An issue has been fixed where translations were missing on the inventory roles assignment view. MTM-41374
Administration Previously it was possible to save an invalid default value when editing or creating new properties which would lead to invalid forms being saved. Therefore, maxlength, minlength and pattern validation has been added when assigning a default value for properties in the Properties library page. Additionally, invalid forms in the Custom properties page now instantly trigger validation feedback. MTM-42002
Administration The inventory roles selection dropdown list now only shows the roles available to the owner instead of all roles defined in the tenant. MTM-41617
Administration The cell ID usage statistics icon showed an outdated layout. This has been fixed by a reference to the current Delite icon library. MTM-42306
Administration On creating a user, it is now again possible to set a new owner in the user details. MTM-42578
Administration The subtenants view now uses the new data grid component for displaying, filtering and sorting tenants. This change fixes the issue that loading of more items had been broken on larger screens. MTM-38873
Administration The Add microservice button is no longer available in the Microservices page, if the microservice-hosting feature is not subscribed to the tenant. MTM-44403
Authentication If the login mode is OAI-Secure, the user now must logout after password change. A confirmation dialog shows up in which the user confirms to be logged out to apply the new password. The change is added in the user settings and the user details view for the current user. MTM-43440
Bulk operations The memory usage has been reduced when processing bulk operation requests for large, dynamic asset groups (smart groups). This fixes an issue that occurred with smart groups containing a large number of assets. MTM-44591
CEP (Esper) Random blocking of database connection attempts from predefined smart rules has been fixed. MTM-41797
Core platform Responses to the HEAD/GET requests to the file repository now return a Content-Length header which lets the requesting clients know the size of the files before downloading them. This makes the progress bar in the file repository more reliable. MTM-41679
Data broker Updated the pulsar-client to version 2.8.2 to address security vulnerabilities identified in version 2.7.0. MTM-43194
Data broker Previous releases of the Data Broker microservice could fail to upgrade correctly when a new version of the microservice was uploaded to the platform. When this happened, the older version would continue to run even though the new version was available. This issue could be mitigated by unsubscribing and re-subscribing to the microservice from the Management tenant. With this release, the microservice will correctly upgrade to the new version with no user interaction required. MTM-43352
Email templates When the tenant administrator creates a new user, the user receives a confirmation email along with a password reset option. Previously, the default password reset email template did not contain the username. The template has been changed so that for new users the username is included in the email. MTM-40430
Enterprise tenant The documentation about the delegation of authority in user hierarchies has been improved. See Enterprise tenant > Managing user hierarchies in the User guide. MTM-40337
Enterprise tenant The REST client which is used for Enterprise tenant requests for managing SSL certificates has been optimized by increasing the connection pool size, introducing read, connect and connection keep alive timeout limits and enabling expired and idle connection evict mechanisms. MTM-41182
Enterprise tenant On the Branding page the following fields are now mandatory: Main brand logo, Favicon, Main brand color. MTM-42893
Karaf/OSGI The vulnerable netty-codec library has been updated from version 4.1.66 to version 4.1.70. MTM-42147
Karaf/OSGI The Log4j library has been updated to version 2.16 to mitigate CVE-2021-44228. MTM-42885
Kubernetes The microservice manifest provides settings to manage microservice instances and the application deployment in the Cumulocity IoT platform. Microservice providers are now enabled to configure requests for memory higher than 256M and for CPU higher than 250m. Note that based on system settings it might be the case that a higher or lower value is used when creating the microservice subscription. Refer to General aspects > Microservice manifest in the Microservice SDK guide for details about resource requests and limits. MTM-38924
MongoDB The performance and memory consumption of inventory "query by text" has been improved by disabling the result sorting. This change is behind a feature toggle and must be switched on by the system administrator for a particular tenant. MTM-42503
Realtime Fixed an issue where a real-time connection loss looked like a data loss. Now, when the real-time connection is recovered, the graph will be reloaded and re-rendered to avoid the impression of data loss. MTM-41680
Reporting The date picker dropdown is now expanded correctly on the export creation screen when selecting a custom date range for a report. MTM-41479
Reporting The export title has been missing in the filename of export files. This has been resolved. MTM-41901
Reporting Removing the export configuration now properly removes its configured schedulers. As a result, the report agent doesn't attempt to create an export for non-existing configurations, which previously resulted in an error in logs. MTM-40358
REST API When green password is enforced and the minimal strong password length (system.password.green.min-length property) is higher than the device password length (device-user.password.length property), the system will use the green.min-length value, i.e. generate a longer password. Prior to this change, the system rejected auto-generated passwords that were too short blocking device bootstrap. MTM-39836
REST API The race condition which can occur during the processing of the following requests has been corrected:
GET, POST, PUT /user/{tenantId}/users/{username}/roles/inventory
GET, PUT, DELETE /user/{tenantId}/users/{username}/roles/inventory/{id}
GET /user/{tenantId}/users/{username}/roles/inventory/{id}/roles
In rare cases the race condition could have caused errors during the processing of the above requests.
MTM-41855
REST API Previously, when there were issues related to SMTP, and any action triggered the platform sending an email, the request was blocked until timeout. Now the SMTP server is not blocked by emails which can't be delivered, such emails are rejected instead. MTM-40429
REST API Fixed a race condition during event binary upload which caused a wrong binary assignment. MTM-43591
Security To improve security, the 3rd party software moment.js and jQuery have been upgraded to their latest versions. MTM-39227
SMS Removed default names related to Cumulocity IoT or Software AG in the SMS provider configuration. MTM-41014
SMS It is now possible to override default spring-boot error message attributes by defining a microservice_error_attributes.properties file.
Sample content:
server.error.include-message=ALWAYS
server.error.include-binding-errors=ALWAYS
MTM-42000
SMS In some non-deterministic cases the SMS configuration had not been shown properly after setting it. This was caused by a validation based on potentially outdated cached data in the sms-gateway microservice. This validation is now based on freshly loaded data. MTM-42407