Platform services

Release 10.16.0.483

Info
There have not been any significant improvements or fixes related to this component since the last Maintenance release.

Release 10.16.0.476

Fixes

Component Description Issue
Authentication Fixed a random issue ("invalid TFA token due to user inactivity") when logging in using the user alias and TFA SMS with basic authentication. MTM-56608
Core platform Previously, the status for operations with a failureReason fragment could not be changed from FAILED, since the failureReason fragment was not allowed for other statuses. Now failureReason is automatically removed when moving an operation from the FAILED status. MTM-57995
Microservices Cumulocity IoT allows you to deploy microservices which may offer their own REST endpoints that can be used by Cumulocity IoT API client applications. In the cumulocity.json microservice manifest file you can optionally configure horizontal pod auto scaling using the "scale": "AUTO" configuration. When switching the value from "AUTO" to "NONE" the Kubernetes resource "horizontal pod auto scaler" was not removed again if the microservice was already subscribed at the time the new microservice version was uploaded. This problem is now fixed. MTM-56904

Release 10.16.0.461

Info
There have not been any significant improvements or fixes related to this component since the last Maintenance release.

Release 10.16.0.438

Fixes

Component Description Issue
Messaging Service Fixed an issue where Notifications 2.0 subscriptions with a type filter could fail when updating or deleting an object with an empty type. This issue would cause an error to be returned to the client even though the update or delete request was successful. MTM-56450

Release 10.16.0.458

Fixes

Component Description Issue
Administration Fixed an issue where the title "Cumulocity" was briefly displayed when viewing microservice details. MTM-57314
Core platform When using Docker engine in version 25 for creating the Cumulocity microservice container image the subsequent upload of the binary to core failed during the validation of the OCI image manifest due to a new manifest field. This issue is now fixed. MTM-57448

Release 10.16.0.446

Fixes

Component Description Issue
Administration Fixed an issue with missing translation in the confirmation popup which is displayed while unsubscribing a microservice. MTM-57253

Release 10.16.0.415

Fixes

Component Description Issue
Java SDK The dependency to org.json:json has been removed from the Java SDK. MTM-53340

Release 10.16.0.405

Fixes

Component Description Issue
Support user When logging into the platform as support user, you were redirected to the Management tenant. This automatic redirection has been removed. Instead, the platform now sets a cookie for the domain of the logged-in tenant to preserve the original login context. MTM-54617

Release 10.16.0.396

Fixes

Component Description Issue
Administration The password strength indicator gets updated correctly now, and the Save button is available when the password meets the strength conditions. MTM-50179
SMS microservice The sender name and address were missing when sending a request to the SMS gateway with the TFA code. This issue has been resolved. The sender name and address are now retrieved from the tenant option configuration. MTM-56027

Release 10.16.0.383

Fixes

Component Description Issue
Administration Microservices which have been created via API without providing a binary for it can again be subscribed without getting an error message. MTM-56037

Release 10.16.0.376

Info
There have not been any significant improvements or fixes related to this component since the last Maintenance release.

Release 10.16.0.369

Fixes

Component Description Issue
Authentication When a user logs in using OAI-Secure and a password change is required, a PasswordResetToken is returned in the response header, enabling the password reset. MTM-55200
Authentication Fixed an issue with incorrect loading of certificates to the trust store during core startup/restart, which caused errors in authenticating MQTT devices using certificates. MTM-55328
Authentication The default value for the MQTT SSL handshake timeout has been increased from 10 seconds to 50 seconds to increase the time for the handshake to be successful. The value of this property can be configured by a platform administrator. MTM-54184
Messaging Service Users of Notifications 2.0 will no longer encounter unequal distribution of notifications from tenant-context subscriptions amongst a set of shared consumers. MTM-54859
REST API The data field has been removed from realtime API handshake responses where it was not required and always had a "null" value. MTM-55522
REST API When removing an application that is used in SSO access mappings, the login configuration will be updated accordingly. MTM-52943
REST API The Measurement API now accepts leading zeroes provided for measurement values. MTM-55156

Release 10.16.0.327

Fixes

Component Description Issue
Administration Improved the performance of the user hierarchy management by reducing the number of server requests executed when expanding the sub-user list. MTM-49969
Administration Fixed an issue with an error message being displayed when switching between the Microservices and Applications pages using the navigator. MTM-52865
Administration In some cases log files of devices stored in the platform could not be downloaded from the Logs tab. This has been addressed by requesting with the correct user credentials. DM-2471
Notifications 2.0 DELETE notifications for Notifications 2.0 subscriptions to specific managed objects - that is, subscriptions to the managedObjects API in the mo context - are now always sent. Previously, these notifications were not reliably sent in all cases. MTM-54097

Release 10.16.0.316

Fixes

Component Description Issue
Administration Fixed an issues with cloning some of the default global roles (for example, "devices"). MTM-45858
Administration The pagination check of the user list has been modified to prevent duplicate requests. MTM-52287
Messaging Service Fixed an issue where requests from the core platform into the Messaging Service could take a long time to complete, slowing down the response to HTTP requests and potentially preventing the platform from handling new incoming requests. For example, a request from the core platform to publish a message using Notifications 2.0 could block if the tenant had reached its quota for unconsumed notifications, only timing out after a long delay. This issue has been resolved by ensuring that Messaging Service requests that would have blocked now time out quickly. MTM-53509

Release 10.16.0.302

Improvements

Component Description Issue
MongoDB The MongoDB version has been upgraded to 5.0.18-1 in offline installation dependencies. MTM-53200

Fixes

Component Description Issue
Administration Fixed an issue where the Clear button on the Usage statistics page failed to remove applied filters. MTM-50302
Authentication Issues have been fixed with refreshing the session tokens when the OAI-Secure login mode is configured with two-factor authentication. MTM-53559
Notifications 2.0 Fixed a regression where a simple type name was not accepted as a type filter when creating a Notifications 2.0 subscription. For backwards compatibility with older releases, if the type filter value cannot be parsed as an OData expression, it is now assumed to be a simple type name. MTM-53848

Release 10.16.0.282

Fixes

Component Description Issue
MQTT The error handling when publishing operations to MQTT devices has been improved. MTM-53168

Release 10.16.0.264

Info
There have not been any significant improvements or fixes related to this component since the last Maintenance release.

Release 10.16.0.259

Fixes

Component Description Issue
Administration Issues with the Ericsson DCP SMS provider when attempting to send an SMS have been resolved and outgoing requests are sent as expected to the Ericsson DCP API. DM-2215
Authentication Issues on refreshing the session tokens when the OAI-Secure login mode is configured with two-factor authentication have been fixed. MTM-53559

Release 10.16.0.256

Improvements

Component Description Issue
Administration Context help has been added in the Extensions page. MTM-50209
Core platform Deleting measurements by the dateFrom and dateTo query parameters is now supported on tenants with enabled enhanced time series support. Parameters must be truncated to full hours (for example, 2022-08-19T14:00:00.000Z), otherwise an error is returned. MTM-49441

Fixes

Component Description Issue
Administration Redundant activity log entries in the application details are now filtered out. MTM-52309
Administration Fixed an issue with the names of the files downloaded from the platform (for example, from the file repository or from event attachments). UTF-8 characters, for example, in the Japanese localization are no longer missing if the file name includes special characters like "+". MTM-53056
Administration Fixed an issue where users which only had inventory roles could not add new groups. MTM-52413
Authentication In the Trusted certificates page, refreshing and downloading the verification code for the Proof of Possession process now works properly if a new certificate was uploaded or the verification code was refreshed by the user. MTM-52956
Authentication The verification code which is signed in the Proof of Possession process for trusted certificates now supports end-of-line characters from various operating systems. MTM-53296
Core platform Fixed an issue with paging parameters ignored for the GET /cep/modules endpoint. MTM-53160
Core platform An HTTP error code 405 is now returned when trying to delete enhanced time series measurements by dateFrom or . MTM-53457

Release 10.16.0.214

Info
There have not been any significant improvements or fixes related to this component since the last Maintenance release.

Release 10.16.0.205

Improvements

Component Description Issue
REST API The performance of GET requests on the /user/users endpoint has been improved by better utilization of database indexes. MTM-52566
REST API The performance of the Inventory API has been improved by removing two additional database queries for GET /managedObjects. MTM-51973

Release 10.16.0.200

Fixes

Component Description Issue
Administration UTF-8 characters are now supported in names of files downloaded from the files repository with the export functionality. MTM-46346
Authentication Fixed an issue with the device request counter being increased while switching between standard apps (Administration, Cockpit, Device management). MTM-49427
Core platform Fixed an issue where deleting enhanced time series measurements did not work with the fragmentType query parameter. MTM-51379

Release 10.16.0.163

Improvements

Component Description Issue
REST API The performance of the Identity API GET /externalIds/{type}/{externalId} MTM-50837

Fixes

Component Description Issue
Authentication The performance of the first user requests sent after node restart has been improved. Prior to this change, there was an issue in rare cases where the number of all global roles in a tenant was close to but not exceeding 100, and many thousands of devices were concurrently trying to authorize MQTT connections on the restarted node. MTM-52049
Data Broker In order to address the CVE-2022-41881 vulnerability, the Netty version has been updated to "4.1.89.Final" in the data broker microservice. MTM-51429
Performance The performance of widgets like the "Data point list", "Data point graph" and "Data point table" has been improved for users with inventory roles access. Moreover, the performance of the Measurements tab in the Device Management application and the Data explorer in the Cockpit application have been improved. MTM-50693
REST API Fixed an issue where POST and PUT requests without Content-Type header were rejected with a 415 HTTP error. The fix has been applied to the Identity, Inventory, Measurements, Alarms and Events APIs. MTM-51886
Security In the Cockpit application, several security issues in the HTML widget have been fixed. MTM-50921

Release 10.16.0.121

Info
There have not been any significant improvements or fixes related to this component since the last Maintenance release.

Release 10.16.0.117

Improvements

Component Description Issue
Administration When the user is logged in, then every request at https://{url}/tenant/loginOptions will now be sent with the tenantId parameter, so that the request looks like this:
https://{url}/tenant/loginOptions?tenantId={tenantId}
This improves logging via a tunnel and helps to avoid 401 errors.
MTM-46604
Administration A context help drawer has been added to the Data broker, Subtenants, Tenant statistics and All applications pages. Moreover, the height has been changed to adapt to the drawer's content instead of having a fixed value. DM-1296
Administration On creating a new property in the Properties library you could only use letters and digits for its name. Now it is also allowed to use underscores. MTM-47277
Administration The tabs on the Microservices page, for example the Logs or the Status tab, are now correctly displayed after subscribing or unsubscribing a microservice. Moreover, a message is shown which informs about the status of the subscribing or unsubscribing process. MTM-45285
Administration Tenant provisioning uses a new access mapping configuration, which allows the administrator to freely edit single sign-on (SSO) user roles. Only privileges that are listed in a predefined access mapping SSO configuration will be managed by the authentication server but others can be managed by the administrator. MTM-47879
Authentication In the Authentication page, if the forbidden or trusted user agents lists for a specific authentication configuration are empty, the removal button will no longer be displayed. Related inconsistencies in previous versions have been fixed. MTM-43723
Core platform Cumulocity IoT Core has been fully migrated to Java 11. MTM-46640
Core platform The identifier for managed objects is now a random number and no longer monotonically increasing. MTM-47763
Core platform The access mapping configuration has been extended with a new option manageRolesOnlyFromAccessMapping. This allows the authentication server to manage only the roles that are listed in the access mapping configuration. Other privileges which can be edited by the administrator will be unchanged after login. Therefore the single sign-on user can be managed by the platform as well as by the authentication server at the same time. MTM-47878
Data Broker The databroker-agent server microservice (a key part of the microservice-based data broker) has been upgraded to use the more secure Cumulocity IoT microservice API version 2. Additionally, a small change has been made to improve an existing error message which is logged when forwarding to the destination tenant fails. MTM-47731
Inventory roles For users with inventory role access only, the performance for GET requests for operations has been improved. The feature is hidden behind a feature toggle which is already used for other improvements. The tenant option to enable/disable the toggle has the following payload: "category": "configuration", "key": "acl.algorithm-version", "value": "OPTIMIZED"/"LEGACY". For details, see the Cumulocity IoT OpenAPI Specification. MTM-42354
Logging The audit logging functionality for MQTT protocols has been extended and now logs every operation and error message sent from the platform to the device. MTM-48101
MongoDB To improve the query performance, the default sort order has been disabled for timeseries measurements. MTM-46924
Notifications 2.0 Non-persistent Notifications 2.0 subscriptions and shared subscribers are now available; new fields to support these options are provided in the Cumulocity REST endpoint resources and in Java SDK. Non-persistent subscriptions do not persist message backlogs in the Cumulocity IoT Messaging Service; new and reconnected consumers will always start consuming from the most recent message in the subscription channel. They will have lower resource cost and should allow higher message rates. Shared subscriber tokens use a common name and set a field in the token to indicate they are shared. They can be used to divide consumer workloads across multiple client processes; each sharing client receives publish-ordered messages from a unique subset of devices publishing to the given subscription channel, allowing more scalable notification clients to be implemented while maintaining per-device message ordering and at-least-once delivery guarantees. For details, see Notifications 2.0 in the Reference guide. MTM-42808
Notifications 2.0 Introduced the possibility to filter queries on Notifications 2.0 subscriptions by additional fields:
- "subscription" - the subscription name.
- "typeFilter" - the type filter. This will filter subscriptions by the subscriptionFilter.typeFilter field. These new filtering capabilities are available via the REST API and the Java SDK. See the Cumulocity IoT OpenAPI Specification for more details of how to use the new query parameters.
MTM-46242
Product experience The product experience tracking has been extended. In the bulk operations overview all user actions can now be tracked via custom product experience events. DM-827
REST API The detail() and delete() method of the @c8y/client MeasurementService is shown as deprecated as it is not supported with the new timeseries. MTM-48529
REST API The activeVersionId and the hosted application's manifest will now be updated when updating the latest version of an application. MTM-48430
REST API The REST method GET /measurement/measurements/{id} is no longer supported for timeseries measurements. MTM-48344
REST API The performance of the Alarm API has been improved for requests which use the resolved query parameter. MTM-49450
REST API The performance of GET /identity/globalIds/{type}/{externalId} has been improved by only fetching the managed object ID from the database instead of the full managed object. MTM-50232
Security An attribute was added to all external application links, that prevents tab nabbing, a security vulnerability that could be used to gain the user's browser session. MTM-48156
Single sign-on Trial tenants created in Software AG Cloud are by default not allowed to access the single sign-on configuration in Cumulocity IoT to prevent its potential misconfiguration by users. A REST endpoint is used by the Management tenant to restrict or allow the access to the configuration for specific tenants. Refer to Administration > Single sign-on > Configuration access in the User guide for more details. MTM-32508
Single sign-on The single sign-on (SSO) configuration page has been extended by a new access mapping option. Instead of a checkbox which sets the mapping during each login or only during user creation, a radio button has been added. Now three options are available:
- Perform access mapping for every login for all privileges (admin can not edit SSO user privileges)
- Perform access mapping only on user creation (admin can edit SSO user privileges)
- Perform access mapping for every login for those privileges listed in the configuration (admin can edit SSO user privileges)
MTM-47903
Single sign-on The single sign-on configuration page is no longer accessible for users if the access to the single sign-on configuration object is forbidden for the tenant via the REST endpoint (HTTP error 403). MTM-48466

Fixes

Component Description Issue
Administration Fixed an issue with incorrect titles on several application detail tabs. The page title now consistently shows the application name. MTM-51150
Administration The Add smart rules button in the Microservices page is now displayed correctly. MTM-47117
Administration When uploading a microservice ZIP file, the name for the microservice is first taken from the microservice's manifest file. If the name is not provided there, then it's derived from the ZIP file name (after dropping a recognized version suffix). MTM-44947
Administration When setting the password for the admin user on creating a subtenant, the password validation is based on the selected tenant policy. An exception to this case is if strong password usage is enforced on system level. When setting a password for the admin user on an existing subtenant, the password validation is based on the security settings for the current tenant. MTM-41226
Administration Fixed an issue with inconsistent phone number validation between UI and backend in the user details page which in some cases prevented a user from being saved. MTM-48171
Administration The validation rules for phone numbers have been changed in order to support more formats. Prior to this change, issues occurred when provisioning new tenants with particular phone number formats. MTM-42789
Administration The performance of the Users page has been improved. Loading root users with a large number of sub-users (100+) now takes less than 1s, while previously, with a larger number of sub-users (around 500), it took around 30-60s. Moreover, the request to fetch all children of a root user is now up to 10 times faster, depending on the number of sub-users and the number of their global roles. MTM-45523
Audit logs Missing translations for various fields and tooltips in the Audit logs page in the Administration application have been added. MTM-43353; MTM-46788
Authentication An issue with the QR code in the two-factor authentication setup window has been fixed. MTM-49536
Authentication During the reset password process the tenant ID setup dialog was presented in certain cases instead of the reset password dialog. Now the reset password dialog appears correctly if the reset link is used. MTM-50205
Authentication The two-factor authentication verification dialog does no longer show two Cancel buttons. MTM-49935
Authentication On the Basic settings tab in the Authentication page, TFA (two-factor authentication) is now correctly shown as enabled if enforced by the platform. MTM-49942
Core platform The cached content-length header value is now always added only for HTTP/1.0 for the binary download endpoint GET /inventory/binaries/{moID}. This is done to correctly support the chunked Transport-Encoding for HTTP/1.1+ and fixes the issue where devices could not upgrade firmware because of the missing Transport-Encoding=chunked header. MTM-48010
Core platform Deleting managed objects is no longer asynchronous. Delete requests will be blocked until the managed objects and the related data are deleted. Once status code 2xx is returned by the platform, all related data have been deleted. Prior to this change, the platform returned status code 2xx immediately and the operation was running asynchronously. When the operation was unsuccessful the managed objects remained. The main reason for this change is to make the platform able to reliably delete large hierarchies. MTM-48008
Core platform To address security vulnerabilities, the third-party software SnakeYAML has been updated from version 1.30 to version 1.31. MTM-49704
Data broker The data broker connection handling between source and target tenants has been improved. Excessive resource usage for connectors using the operations API has been reduced and it is now properly cleaned up. MTM-48709
Enterprise tenant Fixed an issue in the Configuration page that prevented saving an empty string as email server password. Now this is possible for Enterprise tenants. MTM-47000
Enterprise tenant Due to a change introduced in release 10.14, when a certificate for an Enterprise tenant was uploaded with this version, it was persisted in a faulty way. Although it was possible to activate the certificate when using the new domain this certificate failed to be parsed and the platform certificate was returned as backup. This issue has been resolved. After activating the certificate, the new domain will now be served with the respective certificate. DM-1658
Messaging Service Error handling for Notification 2.0 was improved for the unlikely case that Pulsar is unavailable. MTM-48138
Reporting The report download link in the default email template for scheduled exports has been modified to ensure that the download of respective reports also works for users which have TFA enabled. MTM-46345
REST API Fixed the HTTP response code from 500 to 422 when rejecting tenant deletion because one of its applications is assigned to another tenant. MTM-47097
REST API Fixed the behaviour of the withParents=false parameter for the REST managed object resource, that is GET /inventory/managedObjects?withParents=false. When the false parameter value is provided, no parents are returned. MTM-48404
Security To improve the security, several system options have been secured. To retrieve such a secure system option via REST API, the user must have the permission ROLE_OPTION_MANAGEMENT_READ. For details on the enhancements see the Cumulocity IoT OpenAPI Specification. MTM-45838
Single sign-on Fixed an issue which created a HTTP 500 error with a redirect during single sign-on user logout when the refresh token was not present. MTM-47434
Support user Logging in with the support user is now possible even if the target tenant has basic authentication restrictions. Moreover, the tenant ID setup page will no longer appear for the domain containing "localhost" or "127.0.0.1". MTM-47230