Release 10.13.0.432
Fixes
| Component | Description | Issue |
|---|---|---|
| Authentication | The REST API endpoint /application/applications/{id}/logs so far required the role ROLE_APPLICATION_MANAGEMENT_ADMIN. This has been changed. The endpoint now requires either the ROLE_APPLICATION_MANAGEMENT_ADMIN or ROLE_APPLICATION_MANAGEMENT_READ. |
MTM-52028 |
Release 10.13.0.405
Info
There have not been any significant improvements or fixes related to this component since the last Maintenance release.
Release 10.13.0.402
Fixes
| Component | Description | Issue |
|---|---|---|
| Authentication | The performance of the first user requests sent after node restart has been improved. Prior to this change, there was an issue in rare cases where the number of all global roles in a tenant was close to but not exceeding 100, and many thousands of devices were concurrently trying to authorize MQTT connections on the restarted node. | MTM-52049 |
Release 10.13.0.390
Fixes
| Component | Description | Issue |
|---|---|---|
| Authentication | On the Basic settings tab in the Authentication page, TFA (two-factor authentication) is now correctly shown as enabled if enforced by the platform. | MTM-49942 |
Release 10.13.0.389
Fixes
| Component | Description | Issue |
|---|---|---|
| Administration | Fixed an issue with incorrect titles on several application detail tabs. The page title now consistently shows the application name. | MTM-51150 |
Release 10.13.0.384
Info
There have not been any significant improvements or fixes related to this component since the last Maintenance release.
Release 10.13.0.376
Improvements
| Component | Description | Issue |
|---|---|---|
| Authentication | The single sign-on configuration page is no longer accessible for users if the access to the single sign-on configuration object is forbidden for the tenant via the REST endpoint (HTTP error 403). | MTM-49970 |
| Documentation | The URLs for the API documentation have been updated for more consistency:
- https://cumulocity.com/api for the landing page (no change). - https://cumulocity.com/api/core for the core API, pointing to the latest version. - https://cumulocity.com/api/core/[release] for the [release] release of the core API, where it was formerly https://cumulocity.com/api/[release]. - https://cumulocity.com/api/[product] for product APIs, pointing to the latest versions, where the products are: datahub, dtm, edge and oee. - https://cumulocity.com/api/[product]/[release] for the [release] release of the product API, where it was formerly https://cumulocity/[product]/api/[release]. |
MTM-48229 |
Release 10.13.0.370
Fixes
| Component | Description | Issue |
|---|---|---|
| Administration | Logging in with the support user is now possible even if the target tenant has basic authentication restrictions. Moreover, the tenant ID setup page will no longer appear for domains containing "localhost" or "127.0.0.1". | MTM-47230 |
Release 10.13.0.361
Fixes
| Component | Description | Issue |
|---|---|---|
| Data Broker | The data broker no longer passes on the c8y_ActiveAlarmsStatus fragment from devices in the source tenant to the destination tenant. This is an internal setting which cannot be updated by the user and which is not required on the destination tenant. The propagation of alarms to the destination tenant is not affected by this change. |
MTM-49670 |
Release 10.13.0.354
Info
There have not been any significant improvements or fixes related to this component since the last Maintenance release.
Release 10.13.0.349
Fixes
| Component | Description | Issue |
|---|---|---|
| Administration | The performance of the Users page has been improved. Loading root users with a large number of sub-users (100+) now takes less than 1s, while previously, with a larger number of sub-users (around 500), it took around 30-60s. Moreover, the request to fetch all children of a root user is now up to 10 times faster, depending on the number of sub-users and the number of their global roles. | MTM-45523 |
| Single sign-on | To prevent potential misconfiguration, trial tenants created in the Software AG Cloud are by default not allowed to access the single sign-on configuration. Via a REST endpoint the Management tenant can restrict or allow the access to the single sign-on configuration for specific tenants. Refer to Configuration access in the User guide for more details.
Note that with this fix the REST endpoint, assuming the Management tenant was configured accordingly, does prevent saving changes. However, the UI might still offer the option to do changes. These changes cannot be saved. This option in the UI will be removed in on of the next maintenance releases. |
MTM-49784 |
Release 10.13.0.342
Fixes
| Component | Description | Issue |
|---|---|---|
| Administration | The performance of loading user details in the Users page has been improved. Now, when scrolling down the user list, the system always loads the next 100 users in a much faster way than before. | MTM-48171 |
Release 10.13.0.321
Fixes
| Component | Description | Issue |
|---|---|---|
| Administration | Fixed an issue with inconsistent phone number validation between UI and backend in the user details page which in some cases prevented a user from being saved. | MTM-48171 |
| Administration | The validation rules for phone numbers have been changed in order to support more formats. Prior to this change, issues occurred when provisioning new tenants with particular phone number formats. | MTM-42789 |
Release 10.13.0.309
Fixes
| Component | Description | Issue |
|---|---|---|
| Data Broker | The data broker connection handling between source and target tenants has been improved. Excessive resource usage for connectors using the operations API was reduced and it is now properly cleaned up. | MTM-48709 |
Release 10.13.0.299
Info
There have not been any significant improvements or fixes related to this component since the last Maintenance release.
Release 10.13.0.292
Fixes
| Component | Description | Issue |
|---|---|---|
| Core platform | The cached content-length header value is now always added only for HTTP/1.0 for the binary download endpoint GET /inventory/binaries/{moID}. This is done to correctly support the chunked Transport-Encoding for HTTP/1.1+ and fixes the issue where devices could not upgrade firmware because of the missing Transport-Encoding=chunked header. |
MTM-48010 |
Release 10.13.0.281
Fixes
| Component | Description | Issue |
|---|---|---|
| Authentication | Fixed an issue which created an HTTP 500 error with a redirect during single sign-on user logout, when the refresh token was not present. | MTM-47434 |
| Support user | Logging in with the support user is now possible even if the target tenant has basic authentication restrictions. Moreover, the tenant ID setup page will no longer appear for the domain containing "localhost" or "127.0.0.1". | MTM-47230 |
Release 10.13.0.260
Info
There have not been any significant improvements or fixes related to this component since the last Maintenance release.
Release 10.13.0.230
Fixes
| Component | Description | Issue |
|---|---|---|
| Administration | On editing subtenants, parent tenants can no longer delete the administrators phone number, if the phone number is a mandatory field (for example, if TFA is enabled). | MTM-46183 |
| Enterprise tenant | Subtenants of an Enterprise tenant can be created only inside the domain of that Enterprise parent tenant, for example, parent.example.com is allowed to create subtenants only under *.example.com. | MTM-41980 |
Release 10.13.0.187
Fixes
| Component | Description | Issue |
|---|---|---|
| Data broker | Vulnerable libraries inside the databroker-agent-server microservice were updated in order to address CVE-2020-36518. Update details:
- pulsar-client updated from 2.8.2 to 2.8.3 - jackson-databind updated from 2.12.6 to 2.12.7 |
MTM-46149 |
| Smartrules | It is now again possible to add smartrules for subscribed microservices, not only for applications installed directly on the tenant. | MTM-45519 |
| SMS | In the Administration application, the SMS provider selection dropdown overlapped the delete confirmation dialog box. This has been fixed by making the delete confirmation dialog box the top visible element on the page. | MTM-46403 |
Release 10.13.0.167
Improvements
| Component | Description | Issue |
|---|---|---|
| REST API | The performance of creating measurements has been improved by removing redundant read requests to the database. | MTM-44162 |
Fixes
| Component | Description | Issue |
|---|---|---|
| Administration | The performance of the Status tab in the application's details has been improved by avoiding excessive communication with the backend. Reducing the load on the backend also improves the overall platform stability. | MTM-45279 |
| Authentication | Fixed an issue where a session was unintentionally removed for users logged in via OAI-Secure after renewing and revoking a token. | MTM-44091 |
| Authentication | It is now possible to display all audit log entries related to auth configuration by filtering by "Tenant Auth configuration". | MTM-45072 |
Release 10.13.0.125
Improvements
| Component | Description | Issue | |
|---|---|---|---|
| Administration | In the Own Applications detail view the read-only fields are now properly disabled so that it is clear that they cannot be edited. | MTM-26133 | |
| Administration | In the SMS provider configuration certain tenant options can be inherited from the microservice owner tenant. Previously, this could not be determined from the UI. Now an additional hint (inherited from <tenantID>) will be displayed to denote that. | MTM-38050 | |
| Administration | The list items in Data broker > Data connectors had a misaligned icon and title. This has been corrected by placing these elements in the same line. | MTM-43067 | |
| Administration | The navigation in the single sign-on authentication and Enterprise tenant configuration pages has been improved. All actionable elements are now visible without too much scrolling, for example, the enabled Save button is immediately visible after settings have been changed, instead of scrolling to the bottom of a long page. The layout of these pages was made consistent with the rest of the UI. | MTM-41905 | |
| Administration | The Default subscriptions page (previously under Applications and now under Ecosystem in the navigator of the Administration application) had several experience and layout problems. This has been fixed by correcting the title copy, moving the applications column to the left of both Tenant creation and Platform update checkbox columns and adding missing title properties for improved accessibility. | MTM-43360 | |
| Administration | The loading time of the subtenants list in the Tenants page has been improved. | MTM-41049 | |
| Administration | If a user with admin privileges changes the roles or the password of another user, a message shows up stating that this particular user will be logged out. | MTM-43059 | |
| Authentication | A new tooltip has been added to the authorization settings which explains that the Enforce that all passwords are strong (green) checkbox cannot be iterated because the property is enabled on system level. | MTM-36662 | |
| Billing | Two additional fields have been introduced to the device statistics:
- deviceType - value of the type field from the corresponding device
- deviceParents - list of unique identifiers of parents for the corresponding device |
MTM-41317 | |
| Core platform | The Inventory API has been enhanced to include information on the child hierarchy of a managed object, this improves both the API and the user interface.
A new parameter withChildrenCount has been introduced for the endpoints inventory/managedObjects and /inventory/managedObjects/{id} which returns the number of managed objects in lists: childAdditions, childAssets, childDevices.
It works as follows: - if not provided - number of documents is not returned (property is omitted) - for withChildrenCount=true - number of documents is returned - for withChildrenCount=false - number of documents is not returned (property is omitted) The parameter withChildrenCount can be used together with the parameter withChildren and for parameters withChildrenCount=true&withChildren=false the endpoint will return the number of documents in assets without a list of documents. |
MTM-40340 | |
| Messaging Service | It is now possible to configure a HTTP/HTTPS proxy for the data broker agent microservice, in the usual manner for microservices. See General aspects > Microservice manifest in the Microservice SDK guide. | MTM-41307 | |
| Messaging Service | All Messaging Service components, including the Pulsar server, notifications WebSocket server, and the data broker microservice, have been updated to fix the vulnerabilities in the log4j library reported as CVE-2021-44228 and CVE-2021-45046. | MTM-42838 | |
| REST API | The REST API has been updated to provide the ability to query alarms and events by filtering using lastUpdatedFrom=<iso-date-time> and lastUpdatedTo=<iso-date-time> parameters. |
MTM-41364 | |
| REST API | The legacy Dozer library has been removed from Cumulocity IoT core and CEP Esper, improving security by removing redundant code. | MTM-38301 | |
| REST API | The REST API has been updated to provide the ability to query alarms by filtering using createdFrom=<iso-date-time> and createdTo=<iso-date-time> parameters. |
MTM-42499 | |
| Security | As a protective measure for CVE-2021-44228 on start-up of a microservice Cumulocity IoT Core adds a specific property to the microservice environment variables in order to suppress log4-jndi lookups. Refer to the Microservice SDK guide for details. | MTM-42875 | |
| Security | Updated vulnerable libraries to safe versions: jackson-databind to v2.10.5.1 and ehcache to v2.10.9.2. | MTM-40685 | |
| Security | The vulnerable Log4j library has been updated to the secure 2.17.1 version. | MTM-43349 | |
| Security | Spring Boot for Microservice SDK has been upgraded to version 2.5.8. For details on the upgrade, see Microservice SDK for Java in the Microservice SDK guide. | MTM-41282 | |
| Support user | The support user feature can now also be used with session-based token authentication. Prior to this change, it was only available with Basic authentication. | MTM-39645 |
Fixes
| Component | Description | Issue | Administration | Microservice logs can be viewed with realtime on or off. If realtime is on, the next and the last page buttons are now disabled. | MTM-39675 |
|---|---|---|
| Administration | The New tenant form had some overlapping style issues on the Storage limit per device field resulting in unreadable error messages. These issues have been fixed. | MTM-41498 |
| Administration | It is now possible to collapse folders on the Inventory roles tab of users. | MTM-41004 |
| Administration | Password strength validation works consistently now during subtenant creation. | MTM-41565 |
| Administration | An issue has been fixed where translations were missing on the inventory roles assignment view. | MTM-41374 |
| Administration | Previously it was possible to save an invalid default value when editing or creating new properties which would lead to invalid forms being saved. Therefore, maxlength, minlength and pattern validation has been added when assigning a default value for properties in the Properties library page. Additionally, invalid forms in the Custom properties page now instantly trigger validation feedback. | MTM-42002 |
| Administration | The inventory roles selection dropdown list now only shows the roles available to the owner instead of all roles defined in the tenant. | MTM-41617 |
| Administration | The cell ID usage statistics icon showed an outdated layout. This has been fixed by a reference to the current Delite icon library. | MTM-42306 |
| Administration | On creating a user, it is now again possible to set a new owner in the user details. | MTM-42578 |
| Administration | The subtenants view now uses the new data grid component for displaying, filtering and sorting tenants. This change fixes the issue that loading of more items had been broken on larger screens. | MTM-38873 |
| Administration | The Add microservice button is no longer available in the Microservices page, if the microservice-hosting feature is not subscribed to the tenant. | MTM-44403 |
| Authentication | If the login mode is OAI-Secure, the user now must logout after password change. A confirmation dialog shows up in which the user confirms to be logged out to apply the new password. The change is added in the user settings and the user details view for the current user. | MTM-43440 |
| Bulk operations | The memory usage has been reduced when processing bulk operation requests for large, dynamic asset groups (smart groups). This fixes an issue that occurred with smart groups containing a large number of assets. | MTM-44591 |
| CEP (Esper) | Random blocking of database connection attempts from predefined smart rules has been fixed. | MTM-41797 |
| Core platform | Responses to the HEAD/GET requests to the file repository now return a Content-Length header which lets the requesting clients know the size of the files before downloading them. This makes the progress bar in the file repository more reliable. | MTM-41679 |
| Data broker | Updated the pulsar-client to version 2.8.2 to address security vulnerabilities identified in version 2.7.0. | MTM-43194 |
| Data broker | Previous releases of the Data Broker microservice could fail to upgrade correctly when a new version of the microservice was uploaded to the platform. When this happened, the older version would continue to run even though the new version was available. This issue could be mitigated by unsubscribing and re-subscribing to the microservice from the Management tenant. With this release, the microservice will correctly upgrade to the new version with no user interaction required. | MTM-43352 |
| Email templates | When the tenant administrator creates a new user, the user receives a confirmation email along with a password reset option. Previously, the default password reset email template did not contain the username. The template has been changed so that for new users the username is included in the email. | MTM-40430 |
| Enterprise tenant | The documentation about the delegation of authority in user hierarchies has been improved. See Enterprise tenant > Managing user hierarchies in the User guide. | MTM-40337 |
| Enterprise tenant | The REST client which is used for Enterprise tenant requests for managing SSL certificates has been optimized by increasing the connection pool size, introducing read, connect and connection keep alive timeout limits and enabling expired and idle connection evict mechanisms. | MTM-41182 |
| Enterprise tenant | On the Branding page the following fields are now mandatory: Main brand logo, Favicon, Main brand color. | MTM-42893 |
| Karaf/OSGI | The vulnerable netty-codec library has been updated from version 4.1.66 to version 4.1.70. | MTM-42147 |
| Karaf/OSGI | The Log4j library has been updated to version 2.16 to mitigate CVE-2021-44228. | MTM-42885 |
| Kubernetes | The microservice manifest provides settings to manage microservice instances and the application deployment in the Cumulocity IoT platform. Microservice providers are now enabled to configure requests for memory higher than 256M and for CPU higher than 250m. Note that based on system settings it might be the case that a higher or lower value is used when creating the microservice subscription. Refer to General aspects > Microservice manifest in the Microservice SDK guide for details about resource requests and limits. | MTM-38924 |
| MongoDB | The performance and memory consumption of inventory "query by text" has been improved by disabling the result sorting. This change is behind a feature toggle and must be switched on by the system administrator for a particular tenant. | MTM-42503 |
| Realtime | Fixed an issue where a real-time connection loss looked like a data loss. Now, when the real-time connection is recovered, the graph will be reloaded and re-rendered to avoid the impression of data loss. | MTM-41680 |
| Reporting | The date picker dropdown is now expanded correctly on the export creation screen when selecting a custom date range for a report. | MTM-41479 |
| Reporting | The export title has been missing in the filename of export files. This has been resolved. | MTM-41901 |
| Reporting | Removing the export configuration now properly removes its configured schedulers. As a result, the report agent doesn't attempt to create an export for non-existing configurations, which previously resulted in an error in logs. | MTM-40358 |
| REST API | When green password is enforced and the minimal strong password length (system.password.green.min-length property) is higher than the device password length (device-user.password.length property), the system will use the green.min-length value, i.e. generate a longer password. Prior to this change, the system rejected auto-generated passwords that were too short blocking device bootstrap. |
MTM-39836 |
| REST API | The race condition which can occur during the processing of the following requests has been corrected:
GET, POST, PUT /user/{tenantId}/users/{username}/roles/inventory GET, PUT, DELETE /user/{tenantId}/users/{username}/roles/inventory/{id} GET /user/{tenantId}/users/{username}/roles/inventory/{id}/roles In rare cases the race condition could have caused errors during the processing of the above requests. |
MTM-41855 |
| REST API | Previously, when there were issues related to SMTP, and any action triggered the platform sending an email, the request was blocked until timeout. Now the SMTP server is not blocked by emails which can't be delivered, such emails are rejected instead. | MTM-40429 |
| REST API | Fixed a race condition during event binary upload which caused a wrong binary assignment. | MTM-43591 |
| Security | To improve security, the 3rd party software moment.js and jQuery have been upgraded to their latest versions. | MTM-39227 |
| SMS | Removed default names related to Cumulocity IoT or Software AG in the SMS provider configuration. | MTM-41014 |
| SMS | It is now possible to override default spring-boot error message attributes by defining a microservice_error_attributes.properties file.
Sample content: server.error.include-message=ALWAYS server.error.include-binding-errors=ALWAYS |
MTM-42000 |
| SMS | In some non-deterministic cases the SMS configuration had not been shown properly after setting it. This was caused by a validation based on potentially outdated cached data in the sms-gateway microservice. This validation is now based on freshly loaded data. | MTM-42407 |