Platform services

10.18.0.498

Info

These release notes refer to build versions:

  • cumulocity: 1018.0.498
  • ui-c8y: 1018.0.278

Fixes

Product area Description Issue Build version Build comp.
Core platform Each device registration request includes information on the group that the device will be assigned to once the registration is successful. Previously, the group’s “lastUpdated” fragment was not updated correctly. With this change, the “lastUpdated” fragment is updated to show the current date when the new device has been added successfully. MTM-55525 10.18.0.480 cumulocity

10.18.0.479

Info

These release notes refer to build versions:

  • cumulocity: 1018.0.479
  • ui-c8y: 1018.0.278

Fixes

Product area Description Issue Build version Build comp.
Core platform The alarm count in managed objects could get out of sync with the actual count of alarms in the database. This issue has been fixed and alarms counts in managed objects are now in sync with alarm counts in the database. MTM-54655 10.18.0.470 cumulocity
Data broker Data broker operations created on the destination tenant were not reliably forwarded to the source tenant during network interruptions. With this change, a robust retry mechanism has been introduced that ensures operations are delivered reliably, regardless of network stability. Users can now expect consistent data synchronization and improved reliability in data broker operations. MTM-60479 10.18.0.477 cumulocity
REST API The performance of the GET /measurement/measurements endpoint when filtering by both valueFragmentType and valueFragmentSeries has been improved. MTM-60142 10.18.0.472 cumulocity
REST API The security for the credential options in the Tenant API has been improved. MTM-49016 10.18.0.472 cumulocity

10.18.0.469

Info

These release notes refer to build versions:

  • cumulocity: 1018.0.469
  • ui-c8y: 1018.0.276

Fixes

Product area Description Issue Build version Build comp.
Authentication To enhance the OAI-Secure token management, the number of tokens generated in the JSON body will be limited to the maximum configured in the session configuration. MTM-60271 10.18.0.467 cumulocity

10.18.0.463

Info

These release notes refer to build versions:

  • cumulocity: 1018.0.463
  • ui-c8y: 1018.0.271

Fixes

Product area Description Issue Build version Build comp.
Core platform Fixed a race condition related to deleting multiple managed objects from the same inventory hierarchy at the same time. MTM-59516 10.18.0.453 cumulocity

10.18.0.457

Info

These release notes refer to build versions:

  • cumulocity: 1018.0.457
  • ui-c8y: 1018.0.271

Fixes

Product area Description Issue Build version Build comp.
Administration Audit logs for repeating alarms used the alarm creation date which resulted in audit logs having past dates. This issue has been fixed and now audit logs for repeating alarms are created with the date of the last alarm update. MTM-58098 10.18.0.441 cumulocity

10.18.0.452

Info

These release notes refer to build versions:

  • cumulocity: 1018.0.452
  • ui-c8y: 1018.0.270

Fixes

Product area Description Issue Build version Build comp.
Authentication This fix addresses the intermittent handshake failures observed during certificate authentication. MTM-59810 10.18.0.442 cumulocity

10.18.0.441

Info

These release notes refer to build versions:

  • cumulocity: 1018.0.441
  • ui-c8y: 1018.0.269
Info
There have not been any significant improvements or fixes related to this component since the last Maintenance release.

10.18.0.437

Info

These release notes refer to build versions:

  • cumulocity: 1018.0.437
  • ui-c8y: 1018.0.268
Info
There have not been any significant improvements or fixes related to this component since the last Maintenance release.

10.18.0.430

Info

These release notes refer to build versions:

  • cumulocity: 1018.0.430
  • ui-c8y: 1018.0.267

Fixes

Product area Description Issue Build version Build comp.
Administration In the Administration application, the sub-users count was not displayed in the user list although the user-hierachy feature was subscribed. This issue has been fixed. MTM-59054 10.18.0.259 ui-c8y
Core platform This fix addresses a critical security issue that whilst has the ability to impact the integrity of Cumulocity IoT, is random in nature and is therefore not targetable. MTM-59422 10.18.0.427 cumulocity
Core platform Fixed a periodic performance degradation of the Inventory API for users with inventory roles. MTM-58671 10.18.0.429 cumulocity

10.18.0.421

Info

These release notes refer to build versions:

  • cumulocity: 1018.0.421
  • ui-c8y: 1018.0.261

Fixes

Product area Description Issue Build version Build comp.
Administration The labels for the following default roles are now translated. Global roles: "admins", "business", "devices". Inventory roles: "Manager". MTM-58187 10.18.0.260 ui-c8y
Authentication After a platform upgrade from version 10.17 to a later version an issue occurred that the permissions for some SSO users got lost. This issue has been fixed and updating the platform version does no longer affect user permissions. MTM-58907 10.18.0.401 cumulocity
Microservices Cumulocity IoT allows to extend the platform API with customer-specific functionality by deploying microservices. Technically, microservices are Docker containers hosted by Cumulocity IoT and they follow specific conventions. When building the microservice container image with Docker version 25 it could happen that the microservice upload failed with the following error: config file does not .json extension. This issue is now fixed. MTM-58938 10.18.0.414 cumulocity

10.18.0.405

Info

These release notes refer to build versions:

  • cumulocity: 1018.0.405
  • ui-c8y: 1018.0.259
Info
There have not been any significant improvements or fixes related to this component since the last Maintenance release.

10.18.0.401

Info

These release notes refer to build versions:

  • cumulocity: 1018.0.401
  • ui-c8y: 1018.0.255
Info
There have not been any significant improvements or fixes related to this component since the last Maintenance release.

10.18.0.389

Info

These release notes refer to build versions:

  • cumulocity: 1018.0.389
  • ui-c8y: 1018.0.247
Info
There have not been any significant improvements or fixes related to this component since the last Maintenance release.

10.18.0.378

Info

These release notes refer to build versions:

  • cumulocity: 1018.0.378
  • ui-c8y: 1018.0.246

Fixes

Product area Description Issue Build version Build comp.
Authentication Fixed a random issue ("invalid TFA token due to user inactivity") when logging in using the user alias and TFA SMS with basic authentication. MTM-56608 10.18.0.373 cumulocity
Core platform Previously, the status for operations with a failureReason fragment could not be changed from FAILED, since the failureReason fragment was not allowed for other statuses. Now failureReason is automatically removed when moving an operation from the FAILED status. MTM-57995 10.18.0.377 cumulocity
Data broker An issue has been resolved where the microservice-based data broker might fail to forward messages to the destination tenant after recovering from a temporary loss of connection to the Messaging Service. This connection loss could be caused by, for example, a transient network interruption or by maintenance on the Messaging Service. MTM-57995 10.18.0.373 cumulocity
Microservices Cumulocity IoT allows you to deploy microservices which may offer their own REST endpoints that can be used by Cumulocity IoT API client applications. In the cumulocity.json microservice manifest file you can optionally configure horizontal pod auto scaling using the "scale": "AUTO" configuration. When switching the value from "AUTO" to "NONE" the Kubernetes resource "horizontal pod auto scaler" was not removed again if the microservice was already subscribed at the time the new microservice version was uploaded. This problem is now fixed. MTM-56904 10.18.0.374 cumulocity

10.18.0.372

Info

These release notes refer to build versions:

  • cumulocity: 1018.0.372
  • ui-c8y: 1018.0.244

Improvement

Product area Description Issue Build version Build comp.
Authentication To improve security, the inventory role permissions have been split up into separate roles for the managed objects and binaries. This allows to assign more granular permissions. The existing permissions will still work. For details, see the Cumulocity IoT OpenAPI Specification. MTM-55275 10.18.0.277 cumulocity

10.18.0.366

Info

These release notes refer to build versions:

  • cumulocity: 1018.0.366
  • ui-c8y: 1018.0.240
Info
There have not been any significant improvements or fixes related to this component since the last Maintenance release.

10.18.0.356

Info

These release notes refer to build versions:

  • cumulocity: 1018.0.356
  • ui-c8y: 1018.0.233

Fixes

Product area Description Issue Build version Build comp.
Authentication The appearance of the single-sign-on login button has been unified with the Cumulocity IoT application styles. MTM-57675 10.18.0.226 ui-c8y

10.18.0.348

Info

These release notes refer to build versions:

  • cumulocity: 1018.0.348
  • ui-c8y: 1018.0.225
Info
There have not been any significant improvements or fixes related to this component since the last Maintenance release.

10.18.0.341

Info

These release notes refer to build versions:

  • cumulocity: 1018.0.341
  • ui-c8y: 1018.0.215

Fixes

Product area Description Issue Build version Build comp.
Administration Fixed an issue with missing translation in the confirmation popup which is displayed while unsubscribing a microservice. MTM-57253 10.18.0.213 ui-c8y
SMS microservice Outgoing SMS requests to the Bics SMS provider contained an incorrectly formatted request body. The content-type was corrected to "application/json" as required by the Bics API to be able to correctly send SMS with this provider. DM-3176 10.18.0.337 cumulocity

10.18.0.329

Info

These release notes refer to build versions:

  • cumulocity: 1018.0.329
  • ui-c8y: 1018.0.213

Fixes

Product area Description Issue Build version Build comp.
Messaging Service Fixed an issue where Notifications 2.0 subscriptions with a type filter could fail when updating or deleting an object with an empty type. This issue would cause an error to be returned to the client even though the update or delete request was successful. MTM-56450 10.18.0.321 cumulocity

10.18.0.320

Info

These release notes refer to build versions:

  • cumulocity: 1018.0.320
  • ui-c8y: 1018.0.205

Fixes

Product area Description Issue Build version Build comp.
Administration Fixed an issue with changing the password for another user as a support user. MTM-56652 10.18.0.311 cumulocity
Messaging Service To address the CVE-2023-39410 vulnerability, the 3rd-party library Avro has been updated to version 1.11.3. MTM-56779 10.18.0.309 cumulocity
Notifications 2.0 Notifications are now sent correctly for subscriptions to managed objects that represent microservices. Previously, notification subscriptions to these managed objects could cause microservice subscription and un-subscription to fail. MTM-56947 10.18.0.314 pulsar

10.18.0.308

Info

These release notes refer to build versions:

  • Core: 10.18.0.308
  • UI: 10.18.0.201
Info
There have not been any significant improvements or fixes related to this component since the last Maintenance release.

10.18.0.298

Info

These release notes refer to build versions:

  • Core: 10.18.0.298
  • UI: 10.18.0.191
Info
There have not been any significant improvements or fixes related to this component since the last Maintenance release.

10.18.0.281

Info

These release notes refer to build versions:

  • Core: 10.18.0.281
  • UI: 10.18.0.186

Fixes

Product area Description Issue Build version Build comp.
Support user When logging into the platform as support user, you were redirected to the Management tenant. This automatic redirection has been removed. Instead, the platform now sets a cookie for the domain of the logged-in tenant to preserve the original login context. MTM-54617 10.18.0.175 UI

10.18.0.261

Info

These release notes refer to build versions:

  • Core: 10.18.0.261
  • UI: 10.18.0.170

Fixes

Product area Description Issue Build version Build comp.
Administration The password strength indicator gets updated correctly now, and the Save button is available when the password meets the strength conditions. MTM-50179 10.18.0.165 UI
SMS microservice The sender name and address were missing when sending a request to the SMS gateway with the TFA code. This issue has been resolved. The sender name and address are now retrieved from the tenant option configuration. MTM-56027 10.18.0.252 Core

10.18.0.245

Info

These release notes refer to build versions:

  • Core: 10.18.0.245
  • UI: 10.18.0.164

Fixes

Product area Description Issue Build version Build comp.
Administration Resolved the issue that versioned applications might not be unpacked upon core startup, which resulted in an HTTP 404 error for some requests. MTM-53724 10.18.0.231 Core
Administration Microservices which have been created via API without providing a binary for it can again be subscribed without getting an error message. MTM-56037 10.18.0.159 UI
Administration Blueprint applications shared from a parent tenant can now be updated properly. MTM-55332 10.18.0.151 UI
REST API Fixed the rare occurrence of an HTTP status 500 response from /tenant/statistics/allTenantsSummary, when one of the tenants was deleted during the request. MTM-53273 10.18.0.241 Core

10.18.0.229

Info

These release notes refer to build versions:

  • Core: 10.18.0.229
  • UI: 10.18.0.151

Fixes

Product area Description Issue Build version Build comp.
Authentication When a user logs in using OAI-Secure and a password change is required, a PasswordResetToken is returned in the response header, enabling the password reset. MTM-55200 10.18.0.209 Core
Messaging Service Users of Notifications 2.0 no longer encounter unequal distribution of notifications from tenant-context subscriptions among a set of shared consumers. MTM-54859 10.18.0.198 Core
REST API The data field has been removed from realtime API handshake responses where it was not required and always had a "null" value. MTM-55522 10.18.0.207 Core
REST API When removing an application that is used in SSO access mappings, the login configuration will be updated accordingly. MTM-52943 10.18.0.200 Core
REST API The Measurement API now accepts leading zeros provided for measurement values. MTM-55156 10.18.0.183 Core

10.18.0.174

Info

These release notes contain all changes until build versions:

  • Core: 10.18.0.174
  • UI: 10.18.0.125

Improvements

Product area Description Issue Build version Build comp.
Administration The undelegate action button in the user details was not working. This has been fixed. DM-2356 10.18.0.48 UI
Administration In the files repository, it is now possible to select a file, discard it and then select it again for upload. MTM-52549 10.18.0.46 UI
Administration Context help has been added in the Extensions page. MTM-50209 10.18.0.34 UI
Administration On the Data subscriptions page, real-time subscription to the managedObjects/* channel has been replaced by data polling with an interval of 15s to avoid putting extensive load on the platform. MTM-45892 10.17.283.0 UI
Administration The files repository now provides improved layout and user experience:
- each selected or dropped file is displayed in a separate row
- a type icon and size info is displayed for each file
- users can cancel the selection of any file
- for easier usage, the drop area enlarges when files are being dragged over
MTM-32081 10.17.283.0 UI
Administration Users can now configure inventory role mapping in the Access mapping section of the SSO configuration page. MTM-51423 10.17.280.0 UI
Administration The Revoke Tokens button has been renamed to Logout all users. The button is only available from the User page. When used, a message warns that device tokens are revoked as well. MTM-51772 10.17.275.0 UI
Administration In the updated package installation process, users are notified when installing community-created packages, indicating that a third-party plugin is being installed. MTM-50206 10.17.225.0 UI
Administration The performance of GET requests on the /user/users endpoint has been improved by better utilization of database indexes. MTM-52566 10.18.0.9 Core
Administration The usability of the platform email communication dialogs has been improved. MTM-51735 10.17.130.0 UI
Administration In the files repository, a preview button for image and video files has been added. MTM-51562 10.17.116.0 UI
Administration The files repository view now uses the new data grid component. Filtering and sorting of files is now available. Additionally it is possible to select multiple files for bulk removal operations. MTM-49740 10.17.73.0 UI
Authentication In the single sign-on configuration page, users can now enable and configure the external token validation. MTM-49801 10.18.0.8 UI
Authentication The performance of the first user requests sent after node restart has been improved. Prior to this change, there was a rare issue where the number of all global roles in a tenant was close to but not exceeding 100, and many thousands of devices were concurrently trying to authorize MQTT connections on the restarted node. MTM-52049 10.17.164.0 Core
Authentication In the single sign-on configuration page, the input fields for the body and the URL of request tokens have been enlarged to show more data. MTM-50381 10.17.66.0 UI
Core platform The X-XSS-Protection header is no longer included in platform HTTP responses. MTM-51504 10.17.161.0 Core
Core platform In order to address the CVE-2022-33681 vulnerability, the pulsar-client version has been updated to version 2.8.4. MTM-50283 10.17.100.0 Core
Core platform The switch acl.measurement.only-accessible-fragments has been added to allow administrators to define inventory roles which let users retrieve a subset of the available fragments from all measurements. The property can be set globally or per tenant. If it is set, the measurement series is filtered according to the ACL (access control list) role owned by the user and assigned to the device group. Returned measurements only contain the available fragments listed in assigned ACL roles. MTM-49607 10.17.25.0 Core
Enterprise tenant For more security, the Enterprise tenant configuration email texts have been updated. DM-2165 10.17.189.0 Core
MongoDB The MongoDB version has been upgraded to 5.0.18-1 in offline installation dependencies. MTM-53200 10.18.0.119 Core
Performance The performance of widgets like the "Data point list", "Data point graph" and "Data point table", has been improved for users with inventory roles access. Moreover, the performance of the "Measurements" tab in the Device Management application and the data explorer in the Cockpit application have been improved. MTM-50693 10.17.67.0 UI
REST API The performance of the Inventory API has been improved by removing two additional database queries for GET /managedObjects. MTM-51973 10.18.0.7 Core
REST API The performance of the Identity API GET /externalIds/{type}/{externalId} method has been improved. MTM-50837 10.17.122.0 Core

Fixes

Product area Description Issue Build version Build comp.
Administration Improved the performance of the user hierarchy management by reducing the number of server requests executed when expanding the sub-user list. MTM-49969 10.18.0.112 UI
Administration The pagination check of the user list has been modified to prevent duplicate requests. MTM-52287 10.18.0.106 UI
Administration In some cases log files of devices stored in the platform could not be downloaded from the Logs tab. This has been addressed by requesting with the correct user credentials. DM-2471 10.18.0.102 UI
Administration Fixed an issue whith cloning some of the default global roles (for example, "devices"). MTM-45858 10.18.0.98 UI
Administration Fixed an issue where the Clear button on the Usage statistics page failed to remove applied filters. MTM-50302 10.18.0.93 UI
Administration The button name for confirming the revocation of all tokens has been revised to Log out all users and invalidate tokens. MTM-53366 10.18.0.74 UI
Administration Issues with the Ericsson DCP SMS provider when attempting to send an SMS have been resolved and outgoing requests are sent as expected to the Ericsson DCP API. DM-2215 10.18.0.69 Core
Administration Applications are now automatically deployed right after being copied (no additional request is needed). Moreover, the first manifest update request, right after the application copying, now works correctly. MTM-51585 10.18.0.55 Core
Administration Fixed an issue where users which only have inventory roles could not add new groups. MTM-52413 10.18.0.45 UI
Administration Fixed an issue with the names of the files downloaded from the platform (for example, from the file repository or from event attachments). UTF-8 characters, for example, in the Japanese localization are no longer missing if the file name includes special characters like "+". MTM-53056 10.18.0.42 UI
Administration Redundant activity log entries in the application details are now filtered out. MTM-52309 10.18.0.26 UI
Administration In the files repository, an issue has been fixed where the counter of the total files number displayed an incorrect value or was not displayed at all. MTM-52710 10.18.0.4 UI
Administration Duplicate plugin installations are now prevented by graying out and disabling already installed plugins in the selection. MTM-50012 10.17.192.0 UI
Administration UTF-8 characters are now supported in names of files downloaded from the files repository with the export functionality. MTM-46346 10.17.125.0 UI
Administration Fixed an issue with incorrect titles on several application detail tabs. The page title now consistently shows the application name. MTM-51150 10.17.70.0 UI
Authentication The default value for the MQTT SSL handshake timeout has been increased from 10 seconds to 50 seconds to increase the time for the handshake to be successful. The value of this property can be configured by a platform administrator. MTM-54184 10.18.0.137 Core
Authentication Issues have been fixed with refreshing the session tokens when the OAI-Secure login mode is configured with two-factor authentication. MTM-53559 10.18.0.113 Core
Authentication The verification code which is signed in the Proof of Possession process now supports end-of-line characters from various operating systems. MTM-53296 10.18.0.63 Core
Authentication In the Trusted certificates page, refreshing and downloading the verification code for the Proof of Possession process now works properly if a new certificate was uploaded or the verification code was refreshed by the user. MTM-52956 10.18.0.60 UI
Authentication Fixed an issue with the device request counter being increased while switching between the standard applications (Administration, Cockpit, Device management). MTM-49427 10.17.265.0 UI
Authentication The REST API endpoint /application/applications/{id}/logs so far required the role ROLE_APPLICATION_MANAGEMENT_ADMIN. This has been changed. The endpoint now requires either the ROLE_APPLICATION_MANAGEMENT_ADMIN or ROLE_APPLICATION_MANAGEMENT_READ. MTM-52028 10.17.220.0 Core
Authentication Administrators can now update the roles of single sign-on users not only in the user details but also directly in the Users page. MTM-49126 10.17.37.0 Core
Core platform Fixed an issue where deleting enhanced time series measurements did not work with the fragmentType query parameter. MTM-51379 10.17.204.0 Core
Core platform In order to address the CVE-2022-41881 vulnerability, the Netty version has been updated to version "4.1.89.Final". MTM-51428 10.17.100.0 Core
Core platform To fix a security issue, the vulnerable library jackson-databind was upgraded to version 2.14.1. MTM-51431 10.17.67.0 Core
Enterprise tenant Fixed a branding issue where the background color and the primary label were not using the brand color. MTM-50807 10.17.86.0 UI
Messaging Service Fixed an issue where requests from the core platform into the Messaging Service could take a long time to complete, slowing down the response to HTTP requests and potentially preventing the platform from handling new incoming requests. For example, a request from the core platform to publish a message using Notifications 2.0 could block if the tenant had reached its quota for unconsumed notifications, only timing out after a long delay. This issue has been resolved by ensuring that Messaging Service requests that would have blocked now time out quickly. MTM-53509 10.18.0.138 Core
MQTT The error handling when publishing operations to MQTT devices has been improved. MTM-53168 10.18.0.90 Core
Notifications 2.0 DELETE notifications for Notifications 2.0 subscriptions to specific managed objects - that is, subscriptions to the managedObjects API in the mo context - are now always sent. Previously, these notifications were not reliably sent in all cases. MTM-54097 10.18.0.144 Core
Notifications 2.0 Fixed a regression where a simple type name was not accepted as a type filter when creating a Notifications 2.0 subscription. For backwards compatibility with older releases, if the type filter value cannot be parsed as an OData expression, it is now assumed to be a simple type name. MTM-53848 10.18.0.109 Core
REST API Fixed the rare occurrence of an HTTP status 500 response from /tenant/statistics/allTenantsSummary, if one of the tenants was deleted during the request. MTM-53273 10.18.0.135 Core
REST API Several REST API methods have been changed so that at least one query parameter limiting the affected data is required to prevent accidental deletion of too many objects during a bulk delete operation.

This change affects the following APIs:
DELETE /alarm/alarms
DELETE /event/events
DELETE /measurements/measurement

MTM-46642 10.17.231.0 Core
REST API Fixed an issue where POST and PUT requests without Content-Type header were rejected with a 415 HTTP error. The fix has been applied to the Identity, Inventory, Measurements, Alarms and Events APIs. MTM-51886 10.17.170.0 Core
Security To improve security, the "Notes" widget on the Info tab in the device details now sanitizes links in user input by replacing any "target" and "rel" attributes of "a" tags by target="_blank" rel="noreferrer noopener nofollow". DM-2084 10.17.281.0 UI
Security In the Cockpit application, several security issues in the HTML widget have been fixed. MTM-50921 10.17.52.0 UI