10.18.0.479
Info
These release notes refer to build versions:
- cumulocity: 1018.0.479
- ui-c8y: 1018.0.278
Fixes
| Product area | Description | Issue | Build version | Build comp. |
|---|---|---|---|---|
| Core platform | The alarm count in managed objects could get out of sync with the actual count of alarms in the database. This issue has been fixed and alarms counts in managed objects are now in sync with alarm counts in the database. | MTM-54655 | 10.18.0.470 | cumulocity |
| Data broker | Data broker operations created on the destination tenant were not reliably forwarded to the source tenant during network interruptions. With this change, a robust retry mechanism has been introduced that ensures operations are delivered reliably, regardless of network stability. Users can now expect consistent data synchronization and improved reliability in data broker operations. | MTM-60479 | 10.18.0.477 | cumulocity |
| REST API | The performance of the valueFragmentType and valueFragmentSeries has been improved. |
MTM-60142 | 10.18.0.472 | cumulocity |
| REST API | The security for the credential options in the Tenant API has been improved. | MTM-49016 | 10.18.0.472 | cumulocity |
10.18.0.469
Info
These release notes refer to build versions:
- cumulocity: 1018.0.469
- ui-c8y: 1018.0.276
Fixes
| Product area | Description | Issue | Build version | Build comp. |
|---|---|---|---|---|
| Authentication | To enhance the OAI-Secure token management, the number of tokens generated in the JSON body will be limited to the maximum configured in the session configuration. | MTM-60271 | 10.18.0.467 | cumulocity |
10.18.0.463
Info
These release notes refer to build versions:
- cumulocity: 1018.0.463
- ui-c8y: 1018.0.271
Fixes
| Product area | Description | Issue | Build version | Build comp. |
|---|---|---|---|---|
| Core platform | Fixed a race condition related to deleting multiple managed objects from the same inventory hierarchy at the same time. | MTM-59516 | 10.18.0.453 | cumulocity |
10.18.0.457
Info
These release notes refer to build versions:
- cumulocity: 1018.0.457
- ui-c8y: 1018.0.271
Fixes
| Product area | Description | Issue | Build version | Build comp. |
|---|---|---|---|---|
| Administration | Audit logs for repeating alarms used the alarm creation date which resulted in audit logs having past dates. This issue has been fixed and now audit logs for repeating alarms are created with the date of the last alarm update. | MTM-58098 | 10.18.0.441 | cumulocity |
10.18.0.452
Info
These release notes refer to build versions:
- cumulocity: 1018.0.452
- ui-c8y: 1018.0.270
Fixes
| Product area | Description | Issue | Build version | Build comp. |
|---|---|---|---|---|
| Authentication | This fix addresses the intermittent handshake failures observed during certificate authentication. | MTM-59810 | 10.18.0.442 | cumulocity |
10.18.0.441
Info
These release notes refer to build versions:
- cumulocity: 1018.0.441
- ui-c8y: 1018.0.269
Info
There have not been any significant improvements or fixes related to this component since the last Maintenance release.
10.18.0.437
Info
These release notes refer to build versions:
- cumulocity: 1018.0.437
- ui-c8y: 1018.0.268
Info
There have not been any significant improvements or fixes related to this component since the last Maintenance release.
10.18.0.430
Info
These release notes refer to build versions:
- cumulocity: 1018.0.430
- ui-c8y: 1018.0.267
Fixes
| Product area | Description | Issue | Build version | Build comp. |
|---|---|---|---|---|
| Administration | In the Administration application, the sub-users count was not displayed in the user list although the user-hierachy feature was subscribed. This issue has been fixed. | MTM-59054 | 10.18.0.259 | ui-c8y |
| Core platform | This fix addresses a critical security issue that whilst has the ability to impact the integrity of Cumulocity IoT, is random in nature and is therefore not targetable. | MTM-59422 | 10.18.0.427 | cumulocity |
| Core platform | Fixed a periodic performance degradation of the Inventory API for users with inventory roles. | MTM-58671 | 10.18.0.429 | cumulocity |
10.18.0.421
Info
These release notes refer to build versions:
- cumulocity: 1018.0.421
- ui-c8y: 1018.0.261
Fixes
| Product area | Description | Issue | Build version | Build comp. |
|---|---|---|---|---|
| Administration | The labels for the following default roles are now translated. Global roles: "admins", "business", "devices". Inventory roles: "Manager". | MTM-58187 | 10.18.0.260 | ui-c8y |
| Authentication | After a platform upgrade from version 10.17 to a later version an issue occurred that the permissions for some SSO users got lost. This issue has been fixed and updating the platform version does no longer affect user permissions. | MTM-58907 | 10.18.0.401 | cumulocity |
| Microservices | Cumulocity IoT allows to extend the platform API with customer-specific functionality by deploying microservices. Technically, microservices are Docker containers hosted by Cumulocity IoT and they follow specific conventions. When building the microservice container image with Docker version 25 it could happen that the microservice upload failed with the following error: config file does not .json extension. This issue is now fixed. | MTM-58938 | 10.18.0.414 | cumulocity |
10.18.0.405
Info
These release notes refer to build versions:
- cumulocity: 1018.0.405
- ui-c8y: 1018.0.259
Info
There have not been any significant improvements or fixes related to this component since the last Maintenance release.
10.18.0.401
Info
These release notes refer to build versions:
- cumulocity: 1018.0.401
- ui-c8y: 1018.0.255
Info
There have not been any significant improvements or fixes related to this component since the last Maintenance release.
10.18.0.389
Info
These release notes refer to build versions:
- cumulocity: 1018.0.389
- ui-c8y: 1018.0.247
Info
There have not been any significant improvements or fixes related to this component since the last Maintenance release.
10.18.0.378
Info
These release notes refer to build versions:
- cumulocity: 1018.0.378
- ui-c8y: 1018.0.246
Fixes
| Product area | Description | Issue | Build version | Build comp. |
|---|---|---|---|---|
| Authentication | Fixed a random issue ("invalid TFA token due to user inactivity") when logging in using the user alias and TFA SMS with basic authentication. | MTM-56608 | 10.18.0.373 | cumulocity |
| Core platform | Previously, the status for operations with a failureReason fragment could not be changed from FAILED, since the failureReason fragment was not allowed for other statuses. Now failureReason is automatically removed when moving an operation from the FAILED status. |
MTM-57995 | 10.18.0.377 | cumulocity |
| Data broker | An issue has been resolved where the microservice-based data broker might fail to forward messages to the destination tenant after recovering from a temporary loss of connection to the Messaging Service. This connection loss could be caused by, for example, a transient network interruption or by maintenance on the Messaging Service. | MTM-57995 | 10.18.0.373 | cumulocity |
| Microservices | Cumulocity IoT allows you to deploy microservices which may offer their own REST endpoints that can be used by Cumulocity IoT API client applications. In the cumulocity.json microservice manifest file you can optionally configure horizontal pod auto scaling using the "scale": "AUTO" configuration. When switching the value from "AUTO" to "NONE" the Kubernetes resource "horizontal pod auto scaler" was not removed again if the microservice was already subscribed at the time the new microservice version was uploaded. This problem is now fixed. |
MTM-56904 | 10.18.0.374 | cumulocity |
10.18.0.372
Info
These release notes refer to build versions:
- cumulocity: 1018.0.372
- ui-c8y: 1018.0.244
Improvement
| Product area | Description | Issue | Build version | Build comp. |
|---|---|---|---|---|
| Authentication | To improve security, the inventory role permissions have been split up into separate roles for the managed objects and binaries. This allows to assign more granular permissions. The existing permissions will still work. For details, see the Cumulocity IoT OpenAPI Specification. | MTM-55275 | 10.18.0.277 | cumulocity |
10.18.0.366
Info
These release notes refer to build versions:
- cumulocity: 1018.0.366
- ui-c8y: 1018.0.240
Info
There have not been any significant improvements or fixes related to this component since the last Maintenance release.
10.18.0.356
Info
These release notes refer to build versions:
- cumulocity: 1018.0.356
- ui-c8y: 1018.0.233
Fixes
| Product area | Description | Issue | Build version | Build comp. |
|---|---|---|---|---|
| Authentication | The appearance of the single-sign-on login button has been unified with the Cumulocity IoT application styles. | MTM-57675 | 10.18.0.226 | ui-c8y |
10.18.0.348
Info
These release notes refer to build versions:
- cumulocity: 1018.0.348
- ui-c8y: 1018.0.225
Info
There have not been any significant improvements or fixes related to this component since the last Maintenance release.
10.18.0.341
Info
These release notes refer to build versions:
- cumulocity: 1018.0.341
- ui-c8y: 1018.0.215
Fixes
| Product area | Description | Issue | Build version | Build comp. |
|---|---|---|---|---|
| Administration | Fixed an issue with missing translation in the confirmation popup which is displayed while unsubscribing a microservice. | MTM-57253 | 10.18.0.213 | ui-c8y |
| SMS microservice | Outgoing SMS requests to the Bics SMS provider contained an incorrectly formatted request body. The content-type was corrected to "application/json" as required by the Bics API to be able to correctly send SMS with this provider. | DM-3176 | 10.18.0.337 | cumulocity |
10.18.0.329
Info
These release notes refer to build versions:
- cumulocity: 1018.0.329
- ui-c8y: 1018.0.213
Fixes
| Product area | Description | Issue | Build version | Build comp. |
|---|---|---|---|---|
| Messaging Service | Fixed an issue where Notifications 2.0 subscriptions with a type filter could fail when updating or deleting an object with an empty type. This issue would cause an error to be returned to the client even though the update or delete request was successful. | MTM-56450 | 10.18.0.321 | cumulocity |
10.18.0.320
Info
These release notes refer to build versions:
- cumulocity: 1018.0.320
- ui-c8y: 1018.0.205
Fixes
| Product area | Description | Issue | Build version | Build comp. |
|---|---|---|---|---|
| Administration | Fixed an issue with changing the password for another user as a support user. | MTM-56652 | 10.18.0.311 | cumulocity |
| Messaging Service | To address the CVE-2023-39410 vulnerability, the 3rd-party library Avro has been updated to version 1.11.3. | MTM-56779 | 10.18.0.309 | cumulocity |
| Notifications 2.0 | Notifications are now sent correctly for subscriptions to managed objects that represent microservices. Previously, notification subscriptions to these managed objects could cause microservice subscription and un-subscription to fail. | MTM-56947 | 10.18.0.314 | pulsar |
10.18.0.308
Info
These release notes refer to build versions:
- Core: 10.18.0.308
- UI: 10.18.0.201
Info
There have not been any significant improvements or fixes related to this component since the last Maintenance release.
10.18.0.298
Info
These release notes refer to build versions:
- Core: 10.18.0.298
- UI: 10.18.0.191
Info
There have not been any significant improvements or fixes related to this component since the last Maintenance release.
10.18.0.281
Info
These release notes refer to build versions:
- Core: 10.18.0.281
- UI: 10.18.0.186
Fixes
| Product area | Description | Issue | Build version | Build comp. |
|---|---|---|---|---|
| Support user | When logging into the platform as support user, you were redirected to the Management tenant. This automatic redirection has been removed. Instead, the platform now sets a cookie for the domain of the logged-in tenant to preserve the original login context. | MTM-54617 | 10.18.0.175 | UI |
10.18.0.261
Info
These release notes refer to build versions:
- Core: 10.18.0.261
- UI: 10.18.0.170
Fixes
| Product area | Description | Issue | Build version | Build comp. |
|---|---|---|---|---|
| Administration | The password strength indicator gets updated correctly now, and the Save button is available when the password meets the strength conditions. | MTM-50179 | 10.18.0.165 | UI |
| SMS microservice | The sender name and address were missing when sending a request to the SMS gateway with the TFA code. This issue has been resolved. The sender name and address are now retrieved from the tenant option configuration. | MTM-56027 | 10.18.0.252 | Core |
10.18.0.245
Info
These release notes refer to build versions:
- Core: 10.18.0.245
- UI: 10.18.0.164
Fixes
| Product area | Description | Issue | Build version | Build comp. |
|---|---|---|---|---|
| Administration | Resolved the issue that versioned applications might not be unpacked upon core startup, which resulted in an HTTP 404 error for some requests. | MTM-53724 | 10.18.0.231 | Core |
| Administration | Microservices which have been created via API without providing a binary for it can again be subscribed without getting an error message. | MTM-56037 | 10.18.0.159 | UI |
| Administration | Blueprint applications shared from a parent tenant can now be updated properly. | MTM-55332 | 10.18.0.151 | UI |
| REST API | Fixed the rare occurrence of an HTTP status 500 response from /tenant/statistics/allTenantsSummary, when one of the tenants was deleted during the request. |
MTM-53273 | 10.18.0.241 | Core |
10.18.0.229
Info
These release notes refer to build versions:
- Core: 10.18.0.229
- UI: 10.18.0.151
Fixes
| Product area | Description | Issue | Build version | Build comp. |
|---|---|---|---|---|
| Authentication | When a user logs in using OAI-Secure and a password change is required, a PasswordResetToken is returned in the response header, enabling the password reset. |
MTM-55200 | 10.18.0.209 | Core |
| Messaging Service | Users of Notifications 2.0 no longer encounter unequal distribution of notifications from tenant-context subscriptions among a set of shared consumers. | MTM-54859 | 10.18.0.198 | Core |
| REST API | The data field has been removed from realtime API handshake responses where it was not required and always had a "null" value. |
MTM-55522 | 10.18.0.207 | Core |
| REST API | When removing an application that is used in SSO access mappings, the login configuration will be updated accordingly. | MTM-52943 | 10.18.0.200 | Core |
| REST API | The Measurement API now accepts leading zeros provided for measurement values. | MTM-55156 | 10.18.0.183 | Core |
10.18.0.174
Info
These release notes contain all changes until build versions:
- Core: 10.18.0.174
- UI: 10.18.0.125
Improvements
| Product area | Description | Issue | Build version | Build comp. |
|---|---|---|---|---|
| Administration | The undelegate action button in the user details was not working. This has been fixed. | DM-2356 | 10.18.0.48 | UI |
| Administration | In the files repository, it is now possible to select a file, discard it and then select it again for upload. | MTM-52549 | 10.18.0.46 | UI |
| Administration | Context help has been added in the Extensions page. | MTM-50209 | 10.18.0.34 | UI |
| Administration | On the Data subscriptions page, real-time subscription to the managedObjects/* channel has been replaced by data polling with an interval of 15s to avoid putting extensive load on the platform. |
MTM-45892 | 10.17.283.0 | UI |
| Administration | The files repository now provides improved layout and user experience:
- each selected or dropped file is displayed in a separate row - a type icon and size info is displayed for each file - users can cancel the selection of any file - for easier usage, the drop area enlarges when files are being dragged over |
MTM-32081 | 10.17.283.0 | UI |
| Administration | Users can now configure inventory role mapping in the Access mapping section of the SSO configuration page. | MTM-51423 | 10.17.280.0 | UI |
| Administration | The Revoke Tokens button has been renamed to Logout all users. The button is only available from the User page. When used, a message warns that device tokens are revoked as well. | MTM-51772 | 10.17.275.0 | UI |
| Administration | In the updated package installation process, users are notified when installing community-created packages, indicating that a third-party plugin is being installed. | MTM-50206 | 10.17.225.0 | UI |
| Administration | The performance of GET requests on the /user/users endpoint has been improved by better utilization of database indexes. |
MTM-52566 | 10.18.0.9 | Core |
| Administration | The usability of the platform email communication dialogs has been improved. | MTM-51735 | 10.17.130.0 | UI |
| Administration | In the files repository, a preview button for image and video files has been added. | MTM-51562 | 10.17.116.0 | UI |
| Administration | The files repository view now uses the new data grid component. Filtering and sorting of files is now available. Additionally it is possible to select multiple files for bulk removal operations. | MTM-49740 | 10.17.73.0 | UI |
| Authentication | In the single sign-on configuration page, users can now enable and configure the external token validation. | MTM-49801 | 10.18.0.8 | UI |
| Authentication | The performance of the first user requests sent after node restart has been improved. Prior to this change, there was a rare issue where the number of all global roles in a tenant was close to but not exceeding 100, and many thousands of devices were concurrently trying to authorize MQTT connections on the restarted node. | MTM-52049 | 10.17.164.0 | Core |
| Authentication | In the single sign-on configuration page, the input fields for the body and the URL of request tokens have been enlarged to show more data. | MTM-50381 | 10.17.66.0 | UI |
| Core platform | The X-XSS-Protection header is no longer included in platform HTTP responses. | MTM-51504 | 10.17.161.0 | Core |
| Core platform | In order to address the CVE-2022-33681 vulnerability, the pulsar-client version has been updated to version 2.8.4. | MTM-50283 | 10.17.100.0 | Core |
| Core platform | The switch acl.measurement.only-accessible-fragments has been added to allow administrators to define inventory roles which let users retrieve a subset of the available fragments from all measurements. The property can be set globally or per tenant. If it is set, the measurement series is filtered according to the ACL (access control list) role owned by the user and assigned to the device group. Returned measurements only contain the available fragments listed in assigned ACL roles. |
MTM-49607 | 10.17.25.0 | Core |
| Enterprise tenant | For more security, the Enterprise tenant configuration email texts have been updated. | DM-2165 | 10.17.189.0 | Core |
| MongoDB | The MongoDB version has been upgraded to 5.0.18-1 in offline installation dependencies. | MTM-53200 | 10.18.0.119 | Core |
| Performance | The performance of widgets like the "Data point list", "Data point graph" and "Data point table", has been improved for users with inventory roles access. Moreover, the performance of the "Measurements" tab in the Device Management application and the data explorer in the Cockpit application have been improved. | MTM-50693 | 10.17.67.0 | UI |
| REST API | The performance of the Inventory API has been improved by removing two additional database queries for GET /managedObjects. |
MTM-51973 | 10.18.0.7 | Core |
| REST API | The performance of the Identity API GET /externalIds/{type}/{externalId} method has been improved. |
MTM-50837 | 10.17.122.0 | Core |
Fixes
| Product area | Description | Issue | Build version | Build comp. |
|---|---|---|---|---|
| Administration | Improved the performance of the user hierarchy management by reducing the number of server requests executed when expanding the sub-user list. | MTM-49969 | 10.18.0.112 | UI |
| Administration | The pagination check of the user list has been modified to prevent duplicate requests. | MTM-52287 | 10.18.0.106 | UI |
| Administration | In some cases log files of devices stored in the platform could not be downloaded from the Logs tab. This has been addressed by requesting with the correct user credentials. | DM-2471 | 10.18.0.102 | UI |
| Administration | Fixed an issue whith cloning some of the default global roles (for example, "devices"). | MTM-45858 | 10.18.0.98 | UI |
| Administration | Fixed an issue where the Clear button on the Usage statistics page failed to remove applied filters. | MTM-50302 | 10.18.0.93 | UI |
| Administration | The button name for confirming the revocation of all tokens has been revised to Log out all users and invalidate tokens. | MTM-53366 | 10.18.0.74 | UI |
| Administration | Issues with the Ericsson DCP SMS provider when attempting to send an SMS have been resolved and outgoing requests are sent as expected to the Ericsson DCP API. | DM-2215 | 10.18.0.69 | Core |
| Administration | Applications are now automatically deployed right after being copied (no additional request is needed). Moreover, the first manifest update request, right after the application copying, now works correctly. | MTM-51585 | 10.18.0.55 | Core |
| Administration | Fixed an issue where users which only have inventory roles could not add new groups. | MTM-52413 | 10.18.0.45 | UI |
| Administration | Fixed an issue with the names of the files downloaded from the platform (for example, from the file repository or from event attachments). UTF-8 characters, for example, in the Japanese localization are no longer missing if the file name includes special characters like "+". | MTM-53056 | 10.18.0.42 | UI |
| Administration | Redundant activity log entries in the application details are now filtered out. | MTM-52309 | 10.18.0.26 | UI |
| Administration | In the files repository, an issue has been fixed where the counter of the total files number displayed an incorrect value or was not displayed at all. | MTM-52710 | 10.18.0.4 | UI |
| Administration | Duplicate plugin installations are now prevented by graying out and disabling already installed plugins in the selection. | MTM-50012 | 10.17.192.0 | UI |
| Administration | UTF-8 characters are now supported in names of files downloaded from the files repository with the export functionality. | MTM-46346 | 10.17.125.0 | UI |
| Administration | Fixed an issue with incorrect titles on several application detail tabs. The page title now consistently shows the application name. | MTM-51150 | 10.17.70.0 | UI |
| Authentication | The default value for the MQTT SSL handshake timeout has been increased from 10 seconds to 50 seconds to increase the time for the handshake to be successful. The value of this property can be configured by a platform administrator. | MTM-54184 | 10.18.0.137 | Core |
| Authentication | Issues have been fixed with refreshing the session tokens when the OAI-Secure login mode is configured with two-factor authentication. | MTM-53559 | 10.18.0.113 | Core |
| Authentication | The verification code which is signed in the Proof of Possession process now supports end-of-line characters from various operating systems. | MTM-53296 | 10.18.0.63 | Core |
| Authentication | In the Trusted certificates page, refreshing and downloading the verification code for the Proof of Possession process now works properly if a new certificate was uploaded or the verification code was refreshed by the user. | MTM-52956 | 10.18.0.60 | UI |
| Authentication | Fixed an issue with the device request counter being increased while switching between the standard applications (Administration, Cockpit, Device management). | MTM-49427 | 10.17.265.0 | UI |
| Authentication | The REST API endpoint /application/applications/{id}/logs so far required the role ROLE_APPLICATION_MANAGEMENT_ADMIN. This has been changed. The endpoint now requires either the ROLE_APPLICATION_MANAGEMENT_ADMIN or ROLE_APPLICATION_MANAGEMENT_READ. |
MTM-52028 | 10.17.220.0 | Core |
| Authentication | Administrators can now update the roles of single sign-on users not only in the user details but also directly in the Users page. | MTM-49126 | 10.17.37.0 | Core |
| Core platform | Fixed an issue where deleting enhanced time series measurements did not work with the fragmentType query parameter. |
MTM-51379 | 10.17.204.0 | Core |
| Core platform | In order to address the CVE-2022-41881 vulnerability, the Netty version has been updated to version "4.1.89.Final". | MTM-51428 | 10.17.100.0 | Core |
| Core platform | To fix a security issue, the vulnerable library jackson-databind was upgraded to version 2.14.1. | MTM-51431 | 10.17.67.0 | Core |
| Enterprise tenant | Fixed a branding issue where the background color and the primary label were not using the brand color. | MTM-50807 | 10.17.86.0 | UI |
| Messaging Service | Fixed an issue where requests from the core platform into the Messaging Service could take a long time to complete, slowing down the response to HTTP requests and potentially preventing the platform from handling new incoming requests. For example, a request from the core platform to publish a message using Notifications 2.0 could block if the tenant had reached its quota for unconsumed notifications, only timing out after a long delay. This issue has been resolved by ensuring that Messaging Service requests that would have blocked now time out quickly. | MTM-53509 | 10.18.0.138 | Core |
| MQTT | The error handling when publishing operations to MQTT devices has been improved. | MTM-53168 | 10.18.0.90 | Core |
| Notifications 2.0 | DELETE notifications for Notifications 2.0 subscriptions to specific managed objects - that is, subscriptions to the managedObjects API in the mo context - are now always sent. Previously, these notifications were not reliably sent in all cases. |
MTM-54097 | 10.18.0.144 | Core |
| Notifications 2.0 | Fixed a regression where a simple type name was not accepted as a type filter when creating a Notifications 2.0 subscription. For backwards compatibility with older releases, if the type filter value cannot be parsed as an OData expression, it is now assumed to be a simple type name. | MTM-53848 | 10.18.0.109 | Core |
| REST API | Fixed the rare occurrence of an HTTP status 500 response from /tenant/statistics/allTenantsSummary, if one of the tenants was deleted during the request. |
MTM-53273 | 10.18.0.135 | Core |
| REST API | Several REST API methods have been changed so that at least one query parameter limiting the affected data is required to prevent accidental deletion of too many objects during a bulk delete operation.
This change affects the following APIs:
|
MTM-46642 | 10.17.231.0 | Core |
| REST API | Fixed an issue where POST and PUT requests without Content-Type header were rejected with a 415 HTTP error. The fix has been applied to the Identity, Inventory, Measurements, Alarms and Events APIs. | MTM-51886 | 10.17.170.0 | Core |
| Security | To improve security, the "Notes" widget on the Info tab in the device details now sanitizes links in user input by replacing any "target" and "rel" attributes of "a" tags by target="_blank" rel="noreferrer noopener nofollow". |
DM-2084 | 10.17.281.0 | UI |
| Security | In the Cockpit application, several security issues in the HTML widget have been fixed. | MTM-50921 | 10.17.52.0 | UI |