Release 10.14.0.422
Fixes
| Component | Description | Issue |
|---|---|---|
| Core platform | The data field has been removed from realtime API handshake responses where it was not required and always had a "null" value. |
MTM-55522 |
Release 10.14.0.413
Fixes
| Component | Description | Issue |
|---|---|---|
| Administration | Improved the performance of the user hierarchy management by reducing the number of server requests executed when expanding the sub-user list. | MTM-49969 |
| Administration | In some cases log files of devices stored in the platform could not be downloaded from the Logs tab. This has been addressed by requesting with the correct user credentials. | DM-2471 |
Release 10.14.0.402
Fixes
| Component | Description | Issue |
|---|---|---|
| Administration | Fixed an issues with cloning some of the default global roles (for example, "devices"). | MTM-45858 |
| Administration | Fixed an issue where the Clear button on the Usage statistics page failed to remove applied filters. | MTM-50302 |
Release 10.14.0.393
Info
There have not been any significant improvements or fixes related to this component since the last Maintenance release.
Release 10.14.0.383
Fixes
| Component | Description | Issue |
|---|---|---|
| MQTT | The error handling when publishing operations to MQTT devices has been improved. | MTM-53168 |
Release 10.14.0.372
Info
There have not been any significant improvements or fixes related to this component since the last Maintenance release.
Release 10.14.0.370
Fixes
| Component | Description | Issue |
|---|---|---|
| Administration | Fixed an issue with the names of the files downloaded from the platform (for example, from the file repository or from event attachments). UTF-8 characters, for example, in the Japanese localization are no longer missing if the file name includes special characters like "+". | MTM-53056 |
| Authentication | Validation issues with the minimum and maximum values for the session renewal timeout in the OAI-Secure configuration have been resolved. The correct minimum and maximum values are now displayed. | MTM-52678 |
| Core platform | Fixed an issue with paging parameters being ignored by the GET /cep/modules endpoint. |
MTM-53160 |
Release 10.14.0.348
Fixes
| Component | Description | Issue |
|---|---|---|
| Authentication | Fixed an issue with the device request counter being increased while switching between the standard applications (Administration, Cockpit, Device management). | MTM-49427 |
Release 10.14.0.338
Info
There have not been any significant improvements or fixes related to this component since the last Maintenance release.
Release 10.14.0.330
Info
There have not been any significant improvements or fixes related to this component since the last Maintenance release.
Release 10.14.0.324
Fixes
| Component | Description | Issue |
|---|---|---|
| Authentication | The performance of the first user requests sent after node restart has been improved. Prior to this change, there was an issue in rare cases where the number of all global roles in a tenant was close to but not exceeding 100, and many thousands of devices were concurrently trying to authorize MQTT connections on the restarted node. | MTM-52049 |
| Core platform | For devices which are monitored by the device availability monitoring functionality, removing the external ID with type c8y_Serial from the device stops the monitoring of this ID while adding a new external ID with type c8y_Serial starts the monitoring of this ID.
|
MTM-50025 |
Release 10.14.0.315
Fixes
| Component | Description | Issue |
|---|---|---|
| Administration | UTF-8 characters are now supported in names of files downloaded from the files repository with the export functionality. | MTM-46346 |
| Authentication | On the Basic settings tab in the Authentication page, TFA (two-factor authentication) is now correctly shown as enabled if enforced by the platform. | MTM-49942 |
| Performance | The performance of widgets like the "Data point list", "Data point graph" and "Data point table", has been improved for users with inventory roles access. Moreover, the performance of the Measurements tab in the Device Management application and the data explorer in the Cockpit application have been improved. | MTM-50693 |
Release 10.14.0.300
Fixes
| Component | Description | Issue |
|---|---|---|
| Administration | Fixed an issue with incorrect titles on several application detail tabs. The page title now consistently shows the application name. | MTM-51150 |
| Security | In the Cockpit application, several security issues in the HTML widget have been fixed. | MTM-50921 |
Release 10.14.0.288
Improvements
| Component | Description | Issue |
|---|---|---|
| REST API | The performance of GET /identity/globalIds/{type}/{externalId} has been improved by only fetching the managed object ID from the database instead of the full managed object. |
MTM-50232 |
Release 10.14.0.273
Improvements
| Component | Description | Issue |
|---|---|---|
| Authentication | The single sign-on configuration page is no longer accessible for users if the access to the single sign-on configuration object is forbidden for the tenant via the REST endpoint (HTTP error 403). | MTM-49970 |
| Documentation | The URLs for the API documentation have been updated for more consistency:
- https://cumulocity.com/api for the landing page (no change). - https://cumulocity.com/api/core for the core API, pointing to the latest version. - https://cumulocity.com/api/core/[release] for the [release] release of the core API, where it was formerly https://cumulocity.com/api/[release]. - https://cumulocity.com/api/[product] for product APIs, pointing to the latest versions, where the products are: datahub, dtm, edge and oee. - https://cumulocity.com/api/[product]/[release] for the [release] release of the product API, where it was formerly https://cumulocity/[product]/api/[release]. |
MTM-48229 |
Release 10.14.0.268
Fixes
| Component | Description | Issue |
|---|---|---|
| Administration | Logging in with the support user is now possible even if the target tenant has basic authentication restrictions. Moreover, the tenant ID setup page will no longer appear for domains containing "localhost" or "127.0.0.1". | MTM-47230 |
| REST API | The performance of the Alarm API has been improved for requests which use the resolved query parameter. | MTM-49450 |
Release 10.14.0.256
Info
There have not been any significant improvements or fixes related to this component since the last Maintenance release.
Release 10.14.0.250
Fixes
| Component | Description | Issue |
|---|---|---|
| Administration | The performance of the Users page has been improved. Loading root users with a large number of sub-users (100+) now takes less than 1s, while previously, with a larger number of sub-users (around 500), it took around 30-60s. Moreover, the request to fetch all children of a root user is now up to 10 times faster, depending on the number of sub-users and the number of their global roles. | MTM-45523 |
| Data broker | The data broker no longer passes on the c8y_ActiveAlarmsStatus fragment from devices in the source tenant to the destination tenant. This is an internal setting which cannot be updated by the user and which is not required on the destination tenant. Passing on alarms to the destination tenant is not affected by this change. |
MTM-49670 |
| Single sign-on | To prevent potential misconfiguration, trial tenants created in the Software AG Cloud are by default not allowed to access the single sign-on configuration. Via a REST endpoint the Management tenant can restrict or allow the access to the single sign-on configuration for specific tenants. Refer to Configuration access in the User guide for more details.
Note that with this fix the REST endpoint, assuming the Management tenant was configured accordingly, does prevent saving changes. However, the UI might still offer the option to do changes. These changes cannot be saved. This option in the UI will be removed in on of the next maintenance releases. |
MTM-49784 |
Release 10.14.0.231
Info
There have not been any significant improvements or fixes related to this component since the last Maintenance release.
Release 10.14.0.222
Fixes
| Component | Description | Issue |
|---|---|---|
| Enterprise tenant | Due to a change introduced in release 10.14, when a certificate for an Enterprise tenant was uploaded with this version, it was persisted in a faulty way. Although it was possible to activate the certificate when using the new domain this certificate failed to be parsed and the platform certificate was returned as backup. This issue has been resolved. After activating the certificate, the new domain will now be served with the respective certificate. | DM-1658 |
Release 10.14.0.213
Fixes
| Component | Description | Issue |
|---|---|---|
| Administration | Fixed an issue with inconsistent phone number validation between UI and backend in the user details page which in some cases prevented a user from being saved. | MTM-48171 |
| Administration | The validation rules for phone numbers have been changed in order to support more formats. Prior to this change, issues occurred when provisioning new tenants with particular phone number formats. | MTM-42789 |
Release 10.14.0.204
Improvements
| Component | Description | Issue |
|---|---|---|
| Logging | The audit logging functionality for MQTT protocols has been extended and now logs every operation and error message sent from the platform to the device. | MTM-48101 |
Fixes
| Component | Description | Issue |
|---|---|---|
| Core platform | Deleting managed objects is no longer asynchronous. Delete requests will be blocked until the managed objects and the related data are deleted. Once status code 2xx is returned by the platform, all related data have been deleted. Prior to this change, the platform returned status code 2xx immediately and the operation was running asynchronously. When the operation was unsuccessful the managed objects remained. The main reason for this change is to make the platform able to reliably delete large hierarchies. | MTM-48008 |
| Data broker | The data broker connection handling between source and target tenants has been improved. Excessive resource usage for connectors using the operations API was reduced and it is now properly cleaned up. | MTM-48709 |
Release 10.14.0.182
Info
There have not been any significant improvements or fixes related to this component since the last Maintenance release.
Release 10.14.0.172
Fixes
| Component | Description | Issue |
|---|---|---|
| Core platform | The cached content-length header value is now always added only for HTTP/1.0 for the binary download endpoint GET /inventory/binaries/{moID}. This is done to correctly support the chunked Transport-Encoding for HTTP/1.1+ and fixes the issue where devices could not upgrade firmware because of the missing Transport-Encoding=chunked header. |
MTM-48010 |
Release 10.14.0.153
Fixes
| Component | Description | Issue |
|---|---|---|
| Support user | Logging in with the support user is now possible even if the target tenant has basic authentication restrictions. Moreover, the tenant ID setup page will no longer appear for the domain containing "localhost" or "127.0.0.1". | MTM-47230 |
Release 10.14.0.143
Fixes
| Component | Description | Issue |
|---|---|---|
| Enterprise tenant | Subtenants of an Enterprise tenant can be created only inside the domain of that Enterprise parent tenant, for example, parent.example.com is allowed to create subtenants only under *.example.com. | MTM-41980 |
| REST API | Fixed eager in-memory data loading to prevent potential out of memory errors. | MTM-47730 |
Release 10.14.0.141
Fixes
| Component | Description | Issue |
|---|---|---|
| Administration | On editing subtenants, parent tenants can no longer delete the administrators phone number, if the phone number is a mandatory field (for example, if TFA is enabled). | MTM-46183 |
Release 10.14.0.117
Fixes
| Component | Description | Issue |
|---|---|---|
| Security | For security reasons, some system options have been secured.
For a user without the OPTION_MANAGEMENT_READ role:
- querying /system/option: the value system options considered as secured will be replaced with the <<Encrypted>> string
- querying /system/option/{category}/{key}: when the system option is considered as secured a 403 HTTP will be returned, not secured options will be returned as before.
For users with the OPTION_MANAGEMENT_READ role nothing has changed. | MTM-45838 |
Release 10.14.0.68
Fixes
| Component | Description | Issue |
|---|---|---|
| Data broker | Vulnerable libraries inside the databroker-agent-server microservice were updated in order to address CVE-2020-36518. Update details:
- pulsar-client updated from 2.8.2 to 2.8.3 - jackson-databind updated from 2.12.6 to 2.12.7 |
MTM-46149 |
| Smart rules | It is now again possible to add smart rules for subscribed microservices, not only for applications installed directly on the tenant. | MTM-45519 |
Release 10.14.0.45
Improvements
| Component | Description | Issue |
|---|---|---|
| Administration | If a user with admin privileges changes the roles or the password of another user, a message is displayed to warn that this particular user will be logged out. | MTM-43059 |
| Administration | It is now possible to log out all SSO users from the platform using the Keycloak (External SSO Provider) admin console. Support for this feature for other external SSO providers such as Azure AD will be introduced in later releases. | MTM-43913 |
| Administration | The correct error message is now shown when an error occurs during application archive upload. | MTM-44631 |
| Audit logging | To improve security, a new audit logging functionality has been introduced which provides the possibility to record almost every request (REST, SmartREST, MQTT, realtime, and so on). | MTM-43455 |
| Authentication | Added a description on how to disable TOTP for a user to Administration > Two-factor authentication > TOTP in the User guide. | MTM-42594 |
| Core platform | OIDC back-channel logout is now available with the Keycloak authorization server in versions higher than 12.0.0. | MTM-42766 |
| Data broker | Updated the pulsar-client to version 2.8.2 to address security vulnerabilities identified in version 2.7.0. | MTM-43194 |
| Data broker | Previous releases of the Data Broker microservice could fail to upgrade correctly when a new version of the microservice was uploaded to the platform. When this happened, the older version would continue to run even though the new version was available. This issue could be mitigated by unsubscribing and re-subscribing to the microservice from the Management tenant. With this release, the microservice will correctly upgrade to the new version with no user interaction required. | MTM-43352 |
| Notifications 2.0 | The Notifications 2.0 API has a new REST operation to unsubscribe a subscriber from a notification subscription. It is also possible to unsubscribe a subscriber over the Web Socket protocol. See also Notifications 2.0 in the Reference guide or the Cumulocity IoT API documentation for usage. | MTM-43042 |
| Notifications 2.0 | The "hello-world notification microservice", which serves as an example of the new Notifications 2.0 functionality, lacked a detailed user description. New instructions have been added that provide step-by-step setup, even for a first time user. A new script to simplify the setup process has been added as well, which helps in setting up a measurement device and simulate sending measurements. See https://github.com/SoftwareAG/cumulocity-examples/tree/develop/hello-world-notification-microservice for full details and instructions. | MTM-42420 |
| REST API | If a user adds the query parameter withTotalElements to a request, a new field called totalElements will be returned. This change is available on almost all REST APIs. The withTotalElements field contains the amount of all documents that this API can return. For details, see the Cumulocity IoT OpenAPI Specification. |
MTM-40341 |
| REST API | The user creation API and the tenant creation API now require the email address property value as mandatory. | MTM-34357 |
Fixes
| Component | Description | Issue |
|---|---|---|
| Administration | In the Applications page it is now possible to delete the current application if a subscribed application with the same context-path exists. Prior to this change, deleting the current application was permitted, which made it difficult to delete custom Administration applications (as this is usually the application used when deleting an applications). | MTM-43280 |
| Administration | The Add microservice button is no longer available in the Microservices page, if the microservice-hosting feature is not subscribed to the tenant. | MTM-44403 |
| Administration | The issue has been fixed that requests sent to /tenant/statistics/files did not return statistic files. | MTM-43017 |
| Administration | The performance of the Status tab in the application's details has been improved by avoiding excessive communication with the backend. Reducing the load on the backend also improves the overall platform stability. | MTM-45279 |
| Authentication | The connection timeout for the HTTP client used in single sign-on login mode has been increased. | MTM-42674 |
| Authentication | The "Forbidden for web browser" flag now switches to false in the authorization configuration, after the preferred login mode changed to Basic. Prior to this change, the website was blocked unintentionally when the Forbidden for web browser checkbox was selected, while switching the preferred login mode from OAI-Secure to Basic. With this fix, the checkbox is automatically cleared in such a case. | MTM-44199 |
| Authentication | The Certificate ID field in the SSO configuration page (custom configuration for signature verification for two or more certificates), now shows additional information on the field. | MTM-44156 |
| Authentication | Fixed an issue where a session was unintentionally removed for users logged in via OAI-Secure after renewing and revoking a token. | MTM-44091 |
| Authentication | It is now possible to display all audit log entries related to auth configuration by filtering by "Tenant Auth configuration". | MTM-45072 |
| Bulk operations | The memory usage has been reduced when processing bulk operation requests for large, dynamic asset groups (smart groups). This fixes an issue that occurred with smart groups containing a large number of assets. | MTM-44591 |
| Core platform | Responses to the HEAD/GET requests to the file repository now return a Content-Length header which lets the requesting clients know the size of the files before downloading them. This makes the progress bar in the file repository more reliable. | MTM-41679 |
| Data broker | A rare issue has been eliminated where the connector state on the destination tenant was not reflecting the connector deletion on the source side. This situation could have been observed when the connector was deleted shortly after creation (few minutes). | MTM-45108 |
| Enterprise tenant | Custom brandings are now always shown when applying a new branding to child tenants. Prior to this change, it could happen that in some combinations the Cumulocity IoT branding was shown. | MTM-43088 |
| Inventory roles | Fixed an issue in Administration > Accounts > Users > (user) > Inventory roles where it was not possible to provide a user access to a subgroup from its owner (in case the owner was not an admin user). Now the list displays all groups and subgroups from the user's owner correctly. | MTM-39536 |
| MongoDB | The performance for querying by c8y_Mobile.iccid on the inventory API has been improved. Previously users observed slow querying. | MTM-40522 |
| MongoDB | The performance and memory consumption of inventory "query by text" has been improved by disabling the result sorting. This change is behind a feature toggle and must be switched on by the system administrator for a particular tenant. | MTM-42503 |
| REST API | Fixed a race condition during event binary upload which caused a wrong binary assignment. | MTM-43591 |
| REST API | It is now possible to use decimal numbers with the Inventory Query Language. You must add a "d" or "f" suffix to mark an element as decimal number instead of a string, for example GET {url}/inventory/managedObjects?query=$filter=price+lt+2.5d. |
MTM-43024 |
| REST API | Bulk device registration now correctly processes all UTF-8 characters, including special characters. | MTM-43915 |
| REST API | Fixed a memory leak for binary download that could occur when the download process was broken due to timeout or error. | MTM-44662 |
| REST API | The validation for the alarm source during creation has been improved. If an invalid source format is provided, a valid HTTP error code 422 is now returned instead of the error code 500. | MTM-37423 |