Release 10.16.0.476
Fixes
| Component | Description | Issue |
|---|---|---|
| Authentication | Fixed a random issue ("invalid TFA token due to user inactivity") when logging in using the user alias and TFA SMS with basic authentication. | MTM-56608 |
| Core platform | Previously, the status for operations with a failureReason fragment could not be changed from FAILED, since the failureReason fragment was not allowed for other statuses. Now failureReason is automatically removed when moving an operation from the FAILED status. |
MTM-57995 |
| Microservices | Cumulocity IoT allows you to deploy microservices which may offer their own REST endpoints that can be used by Cumulocity IoT API client applications. In the cumulocity.json microservice manifest file you can optionally configure horizontal pod auto scaling using the "scale": "AUTO" configuration. When switching the value from "AUTO" to "NONE" the Kubernetes resource "horizontal pod auto scaler" was not removed again if the microservice was already subscribed at the time the new microservice version was uploaded. This problem is now fixed. |
MTM-56904 |
Release 10.16.0.461
Info
There have not been any significant improvements or fixes related to this component since the last Maintenance release.
Release 10.16.0.438
Fixes
| Component | Description | Issue |
|---|---|---|
| Messaging Service | Fixed an issue where Notifications 2.0 subscriptions with a type filter could fail when updating or deleting an object with an empty type. This issue would cause an error to be returned to the client even though the update or delete request was successful. | MTM-56450 |
Release 10.16.0.458
Fixes
| Component | Description | Issue |
|---|---|---|
| Administration | Fixed an issue where the title "Cumulocity" was briefly displayed when viewing microservice details. | MTM-57314 |
| Core platform | When using Docker engine in version 25 for creating the Cumulocity microservice container image the subsequent upload of the binary to core failed during the validation of the OCI image manifest due to a new manifest field. This issue is now fixed. | MTM-57448 |
Release 10.16.0.446
Fixes
| Component | Description | Issue |
|---|---|---|
| Administration | Fixed an issue with missing translation in the confirmation popup which is displayed while unsubscribing a microservice. | MTM-57253 |
Release 10.16.0.415
Fixes
| Component | Description | Issue |
|---|---|---|
| Java SDK | The dependency to org.json:json has been removed from the Java SDK. |
MTM-53340 |
Release 10.16.0.405
Fixes
| Component | Description | Issue |
|---|---|---|
| Support user | When logging into the platform as support user, you were redirected to the Management tenant. This automatic redirection has been removed. Instead, the platform now sets a cookie for the domain of the logged-in tenant to preserve the original login context. | MTM-54617 |
Release 10.16.0.396
Fixes
| Component | Description | Issue |
|---|---|---|
| Administration | The password strength indicator gets updated correctly now, and the Save button is available when the password meets the strength conditions. | MTM-50179 |
| SMS microservice | The sender name and address were missing when sending a request to the SMS gateway with the TFA code. This issue has been resolved. The sender name and address are now retrieved from the tenant option configuration. | MTM-56027 |
Release 10.16.0.383
Fixes
| Component | Description | Issue |
|---|---|---|
| Administration | Microservices which have been created via API without providing a binary for it can again be subscribed without getting an error message. | MTM-56037 |
Release 10.16.0.376
Info
There have not been any significant improvements or fixes related to this component since the last Maintenance release.
Release 10.16.0.369
Fixes
| Component | Description | Issue |
|---|---|---|
| Authentication | When a user logs in using OAI-Secure and a password change is required, a PasswordResetToken is returned in the response header, enabling the password reset. |
MTM-55200 |
| Authentication | Fixed an issue with incorrect loading of certificates to the trust store during core startup/restart, which caused errors in authenticating MQTT devices using certificates. | MTM-55328 |
| Authentication | The default value for the MQTT SSL handshake timeout has been increased from 10 seconds to 50 seconds to increase the time for the handshake to be successful. The value of this property can be configured by a platform administrator. | MTM-54184 |
| Messaging Service | Users of Notifications 2.0 will no longer encounter unequal distribution of notifications from tenant-context subscriptions amongst a set of shared consumers. | MTM-54859 |
| REST API | The data field has been removed from realtime API handshake responses where it was not required and always had a "null" value. |
MTM-55522 |
| REST API | When removing an application that is used in SSO access mappings, the login configuration will be updated accordingly. | MTM-52943 |
| REST API | The Measurement API now accepts leading zeroes provided for measurement values. | MTM-55156 |
Release 10.16.0.327
Fixes
| Component | Description | Issue |
|---|---|---|
| Administration | Improved the performance of the user hierarchy management by reducing the number of server requests executed when expanding the sub-user list. | MTM-49969 |
| Administration | Fixed an issue with an error message being displayed when switching between the Microservices and Applications pages using the navigator. | MTM-52865 |
| Administration | In some cases log files of devices stored in the platform could not be downloaded from the Logs tab. This has been addressed by requesting with the correct user credentials. | DM-2471 |
| Notifications 2.0 | DELETE notifications for Notifications 2.0 subscriptions to specific managed objects - that is, subscriptions to the managedObjects API in the mo context - are now always sent. Previously, these notifications were not reliably sent in all cases. |
MTM-54097 |
Release 10.16.0.316
Fixes
| Component | Description | Issue |
|---|---|---|
| Administration | Fixed an issues with cloning some of the default global roles (for example, "devices"). | MTM-45858 |
| Administration | The pagination check of the user list has been modified to prevent duplicate requests. | MTM-52287 |
| Messaging Service | Fixed an issue where requests from the core platform into the Messaging Service could take a long time to complete, slowing down the response to HTTP requests and potentially preventing the platform from handling new incoming requests. For example, a request from the core platform to publish a message using Notifications 2.0 could block if the tenant had reached its quota for unconsumed notifications, only timing out after a long delay. This issue has been resolved by ensuring that Messaging Service requests that would have blocked now time out quickly. | MTM-53509 |
Release 10.16.0.302
Improvements
| Component | Description | Issue |
|---|---|---|
| MongoDB | The MongoDB version has been upgraded to 5.0.18-1 in offline installation dependencies. | MTM-53200 |
Fixes
| Component | Description | Issue |
|---|---|---|
| Administration | Fixed an issue where the Clear button on the Usage statistics page failed to remove applied filters. | MTM-50302 |
| Authentication | Issues have been fixed with refreshing the session tokens when the OAI-Secure login mode is configured with two-factor authentication. | MTM-53559 |
| Notifications 2.0 | Fixed a regression where a simple type name was not accepted as a type filter when creating a Notifications 2.0 subscription. For backwards compatibility with older releases, if the type filter value cannot be parsed as an OData expression, it is now assumed to be a simple type name. | MTM-53848 |
Release 10.16.0.282
Fixes
| Component | Description | Issue |
|---|---|---|
| MQTT | The error handling when publishing operations to MQTT devices has been improved. | MTM-53168 |
Release 10.16.0.264
Info
There have not been any significant improvements or fixes related to this component since the last Maintenance release.
Release 10.16.0.259
Fixes
| Component | Description | Issue |
|---|---|---|
| Administration | Issues with the Ericsson DCP SMS provider when attempting to send an SMS have been resolved and outgoing requests are sent as expected to the Ericsson DCP API. | DM-2215 |
| Authentication | Issues on refreshing the session tokens when the OAI-Secure login mode is configured with two-factor authentication have been fixed. | MTM-53559 |
Release 10.16.0.256
Improvements
| Component | Description | Issue |
|---|---|---|
| Administration | Context help has been added in the Extensions page. | MTM-50209 |
| Core platform | Deleting measurements by the dateFrom and dateTo query parameters is now supported on tenants with enabled enhanced time series support. Parameters must be truncated to full hours (for example, 2022-08-19T14:00:00.000Z), otherwise an error is returned. |
MTM-49441 |
Fixes
| Component | Description | Issue |
|---|---|---|
| Administration | Redundant activity log entries in the application details are now filtered out. | MTM-52309 |
| Administration | Fixed an issue with the names of the files downloaded from the platform (for example, from the file repository or from event attachments). UTF-8 characters, for example, in the Japanese localization are no longer missing if the file name includes special characters like "+". | MTM-53056 |
| Administration | Fixed an issue where users which only had inventory roles could not add new groups. | MTM-52413 |
| Authentication | In the Trusted certificates page, refreshing and downloading the verification code for the Proof of Possession process now works properly if a new certificate was uploaded or the verification code was refreshed by the user. | MTM-52956 |
| Authentication | The verification code which is signed in the Proof of Possession process for trusted certificates now supports end-of-line characters from various operating systems. | MTM-53296 |
| Core platform | Fixed an issue with paging parameters ignored for the GET /cep/modules endpoint. |
MTM-53160 |
| Core platform | An HTTP error code 405 is now returned when trying to delete enhanced time series measurements by dateFrom or |
MTM-53457 |
Release 10.16.0.214
Info
There have not been any significant improvements or fixes related to this component since the last Maintenance release.
Release 10.16.0.205
Improvements
| Component | Description | Issue |
|---|---|---|
| REST API | The performance of GET requests on the /user/users endpoint has been improved by better utilization of database indexes. |
MTM-52566 |
| REST API | The performance of the Inventory API has been improved by removing two additional database queries for GET /managedObjects. |
MTM-51973 |
Release 10.16.0.200
Fixes
| Component | Description | Issue |
|---|---|---|
| Administration | UTF-8 characters are now supported in names of files downloaded from the files repository with the export functionality. | MTM-46346 |
| Authentication | Fixed an issue with the device request counter being increased while switching between standard apps (Administration, Cockpit, Device management). | MTM-49427 |
| Core platform | Fixed an issue where deleting enhanced time series measurements did not work with the fragmentType query parameter. |
MTM-51379 |
Release 10.16.0.163
Improvements
| Component | Description | Issue |
|---|---|---|
| REST API | The performance of the Identity API GET /externalIds/{type}/{externalId}
| MTM-50837 |
Fixes
| Component | Description | Issue |
|---|---|---|
| Authentication | The performance of the first user requests sent after node restart has been improved. Prior to this change, there was an issue in rare cases where the number of all global roles in a tenant was close to but not exceeding 100, and many thousands of devices were concurrently trying to authorize MQTT connections on the restarted node. | MTM-52049 |
| Data Broker | In order to address the CVE-2022-41881 vulnerability, the Netty version has been updated to "4.1.89.Final" in the data broker microservice. | MTM-51429 |
| Performance | The performance of widgets like the "Data point list", "Data point graph" and "Data point table" has been improved for users with inventory roles access. Moreover, the performance of the Measurements tab in the Device Management application and the Data explorer in the Cockpit application have been improved. | MTM-50693 |
| REST API | Fixed an issue where POST and PUT requests without Content-Type header were rejected with a 415 HTTP error. The fix has been applied to the Identity, Inventory, Measurements, Alarms and Events APIs. | MTM-51886 |
| Security | In the Cockpit application, several security issues in the HTML widget have been fixed. | MTM-50921 |
Release 10.16.0.121
Info
There have not been any significant improvements or fixes related to this component since the last Maintenance release.
Release 10.16.0.117
Improvements
| Component | Description | Issue |
|---|---|---|
| Administration | When the user is logged in, then every request at https://{url}/tenant/loginOptions will now be sent with the tenantId parameter, so that the request looks like this: https://{url}/tenant/loginOptions?tenantId={tenantId}
This improves logging via a tunnel and helps to avoid 401 errors. |
MTM-46604 |
| Administration | A context help drawer has been added to the Data broker, Subtenants, Tenant statistics and All applications pages. Moreover, the height has been changed to adapt to the drawer's content instead of having a fixed value. | DM-1296 |
| Administration | On creating a new property in the Properties library you could only use letters and digits for its name. Now it is also allowed to use underscores. | MTM-47277 |
| Administration | The tabs on the Microservices page, for example the Logs or the Status tab, are now correctly displayed after subscribing or unsubscribing a microservice. Moreover, a message is shown which informs about the status of the subscribing or unsubscribing process. | MTM-45285 |
| Administration | Tenant provisioning uses a new access mapping configuration, which allows the administrator to freely edit single sign-on (SSO) user roles. Only privileges that are listed in a predefined access mapping SSO configuration will be managed by the authentication server but others can be managed by the administrator. | MTM-47879 | Authentication | In the Authentication page, if the forbidden or trusted user agents lists for a specific authentication configuration are empty, the removal button will no longer be displayed. Related inconsistencies in previous versions have been fixed. | MTM-43723 |
| Core platform | Cumulocity IoT Core has been fully migrated to Java 11. | MTM-46640 |
| Core platform | The identifier for managed objects is now a random number and no longer monotonically increasing. | MTM-47763 |
| Core platform | The access mapping configuration has been extended with a new option manageRolesOnlyFromAccessMapping. This allows the authentication server to manage only the roles that are listed in the access mapping configuration. Other privileges which can be edited by the administrator will be unchanged after login. Therefore the single sign-on user can be managed by the platform as well as by the authentication server at the same time. |
MTM-47878 |
| Data Broker | The databroker-agent server microservice (a key part of the microservice-based data broker) has been upgraded to use the more secure Cumulocity IoT microservice API version 2. Additionally, a small change has been made to improve an existing error message which is logged when forwarding to the destination tenant fails. | MTM-47731 |
| Inventory roles | For users with inventory role access only, the performance for GET requests for operations has been improved. The feature is hidden behind a feature toggle which is already used for other improvements. The tenant option to enable/disable the toggle has the following payload: "category": "configuration", "key": "acl.algorithm-version", "value": "OPTIMIZED"/"LEGACY". For details, see the Cumulocity IoT OpenAPI Specification. |
MTM-42354 |
| Logging | The audit logging functionality for MQTT protocols has been extended and now logs every operation and error message sent from the platform to the device. | MTM-48101 |
| MongoDB | To improve the query performance, the default sort order has been disabled for timeseries measurements. | MTM-46924 |
| Notifications 2.0 | Non-persistent Notifications 2.0 subscriptions and shared subscribers are now available; new fields to support these options are provided in the Cumulocity REST endpoint resources and in Java SDK. Non-persistent subscriptions do not persist message backlogs in the Cumulocity IoT Messaging Service; new and reconnected consumers will always start consuming from the most recent message in the subscription channel. They will have lower resource cost and should allow higher message rates. Shared subscriber tokens use a common name and set a field in the token to indicate they are shared. They can be used to divide consumer workloads across multiple client processes; each sharing client receives publish-ordered messages from a unique subset of devices publishing to the given subscription channel, allowing more scalable notification clients to be implemented while maintaining per-device message ordering and at-least-once delivery guarantees. For details, see Notifications 2.0 in the Reference guide. | MTM-42808 |
| Notifications 2.0 | Introduced the possibility to filter queries on Notifications 2.0 subscriptions by additional fields:
- "subscription" - the subscription name. - "typeFilter" - the type filter. This will filter subscriptions by the subscriptionFilter.typeFilter field.
These new filtering capabilities are available via the REST API and the Java SDK. See the Cumulocity IoT OpenAPI Specification for more details of how to use the new query parameters. |
MTM-46242 |
| Product experience | The product experience tracking has been extended. In the bulk operations overview all user actions can now be tracked via custom product experience events. | DM-827 |
| REST API | The detail() and delete() method of the @c8y/client MeasurementService is shown as deprecated as it is not supported with the new timeseries. |
MTM-48529 |
| REST API | The activeVersionId and the hosted application's manifest will now be updated when updating the latest version of an application. |
MTM-48430 |
| REST API | The REST method GET /measurement/measurements/{id} is no longer supported for timeseries measurements. |
MTM-48344 |
| REST API | The performance of the Alarm API has been improved for requests which use the resolved query parameter. | MTM-49450 |
| REST API | The performance of GET /identity/globalIds/{type}/{externalId} has been improved by only fetching the managed object ID from the database instead of the full managed object. |
MTM-50232 |
| Security | An attribute was added to all external application links, that prevents tab nabbing, a security vulnerability that could be used to gain the user's browser session. | MTM-48156 | Single sign-on | Trial tenants created in Software AG Cloud are by default not allowed to access the single sign-on configuration in Cumulocity IoT to prevent its potential misconfiguration by users. A REST endpoint is used by the Management tenant to restrict or allow the access to the configuration for specific tenants. Refer to Administration > Single sign-on > Configuration access in the User guide for more details. | MTM-32508 |
| Single sign-on | The single sign-on (SSO) configuration page has been extended by a new access mapping option. Instead of a checkbox which sets the mapping during each login or only during user creation, a radio button has been added. Now three options are available:
- Perform access mapping for every login for all privileges (admin can not edit SSO user privileges) - Perform access mapping only on user creation (admin can edit SSO user privileges) - Perform access mapping for every login for those privileges listed in the configuration (admin can edit SSO user privileges) |
MTM-47903 |
| Single sign-on | The single sign-on configuration page is no longer accessible for users if the access to the single sign-on configuration object is forbidden for the tenant via the REST endpoint (HTTP error 403). | MTM-48466 |
Fixes
| Component | Description | Issue |
|---|---|---|
| Administration | Fixed an issue with incorrect titles on several application detail tabs. The page title now consistently shows the application name. | MTM-51150 |
| Administration | The Add smart rules button in the Microservices page is now displayed correctly. | MTM-47117 |
| Administration | When uploading a microservice ZIP file, the name for the microservice is first taken from the microservice's manifest file. If the name is not provided there, then it's derived from the ZIP file name (after dropping a recognized version suffix). | MTM-44947 |
| Administration | When setting the password for the admin user on creating a subtenant, the password validation is based on the selected tenant policy. An exception to this case is if strong password usage is enforced on system level. When setting a password for the admin user on an existing subtenant, the password validation is based on the security settings for the current tenant. | MTM-41226 |
| Administration | Fixed an issue with inconsistent phone number validation between UI and backend in the user details page which in some cases prevented a user from being saved. | MTM-48171 |
| Administration | The validation rules for phone numbers have been changed in order to support more formats. Prior to this change, issues occurred when provisioning new tenants with particular phone number formats. | MTM-42789 |
| Administration | The performance of the Users page has been improved. Loading root users with a large number of sub-users (100+) now takes less than 1s, while previously, with a larger number of sub-users (around 500), it took around 30-60s. Moreover, the request to fetch all children of a root user is now up to 10 times faster, depending on the number of sub-users and the number of their global roles. | MTM-45523 |
| Audit logs | Missing translations for various fields and tooltips in the Audit logs page in the Administration application have been added. | MTM-43353; MTM-46788 |
| Authentication | An issue with the QR code in the two-factor authentication setup window has been fixed. | MTM-49536 |
| Authentication | During the reset password process the tenant ID setup dialog was presented in certain cases instead of the reset password dialog. Now the reset password dialog appears correctly if the reset link is used. | MTM-50205 |
| Authentication | The two-factor authentication verification dialog does no longer show two Cancel buttons. | MTM-49935 |
| Authentication | On the Basic settings tab in the Authentication page, TFA (two-factor authentication) is now correctly shown as enabled if enforced by the platform. | MTM-49942 |
| Core platform | The cached content-length header value is now always added only for HTTP/1.0 for the binary download endpoint GET /inventory/binaries/{moID}. This is done to correctly support the chunked Transport-Encoding for HTTP/1.1+ and fixes the issue where devices could not upgrade firmware because of the missing Transport-Encoding=chunked header. |
MTM-48010 |
| Core platform | Deleting managed objects is no longer asynchronous. Delete requests will be blocked until the managed objects and the related data are deleted. Once status code 2xx is returned by the platform, all related data have been deleted. Prior to this change, the platform returned status code 2xx immediately and the operation was running asynchronously. When the operation was unsuccessful the managed objects remained. The main reason for this change is to make the platform able to reliably delete large hierarchies. | MTM-48008 |
| Core platform | To address security vulnerabilities, the third-party software SnakeYAML has been updated from version 1.30 to version 1.31. | MTM-49704 |
| Data broker | The data broker connection handling between source and target tenants has been improved. Excessive resource usage for connectors using the operations API has been reduced and it is now properly cleaned up. | MTM-48709 |
| Enterprise tenant | Fixed an issue in the Configuration page that prevented saving an empty string as email server password. Now this is possible for Enterprise tenants. | MTM-47000 |
| Enterprise tenant | Due to a change introduced in release 10.14, when a certificate for an Enterprise tenant was uploaded with this version, it was persisted in a faulty way. Although it was possible to activate the certificate when using the new domain this certificate failed to be parsed and the platform certificate was returned as backup. This issue has been resolved. After activating the certificate, the new domain will now be served with the respective certificate. | DM-1658 |
| Messaging Service | Error handling for Notification 2.0 was improved for the unlikely case that Pulsar is unavailable. | MTM-48138 |
| Reporting | The report download link in the default email template for scheduled exports has been modified to ensure that the download of respective reports also works for users which have TFA enabled. | MTM-46345 |
| REST API | Fixed the HTTP response code from 500 to 422 when rejecting tenant deletion because one of its applications is assigned to another tenant. | MTM-47097 |
| REST API | Fixed the behaviour of the withParents=false parameter for the REST managed object resource, that is GET /inventory/managedObjects?withParents=false.
When the false parameter value is provided, no parents are returned. |
MTM-48404 |
| Security | To improve the security, several system options have been secured. To retrieve such a secure system option via REST API, the user must have the permission ROLE_OPTION_MANAGEMENT_READ. For details on the enhancements see the Cumulocity IoT OpenAPI Specification. | MTM-45838 |
| Single sign-on | Fixed an issue which created a HTTP 500 error with a redirect during single sign-on user logout when the refresh token was not present. | MTM-47434 |
| Support user | Logging in with the support user is now possible even if the target tenant has basic authentication restrictions. Moreover, the tenant ID setup page will no longer appear for the domain containing "localhost" or "127.0.0.1". | MTM-47230 |