Release 10.7.0.49
Fixes
| Component | Description | Issue |
|---|---|---|
| Microservices | In order to address the Spring4Shell vulnerability (CVE-2022-22965), for the Java Microservice SDK 10.7 Spring Framework has been upgraded to version 5.2.20.RELEASE.
It is recommended that customers re-build their microservices with this updated SDK. |
MTM-44862 |
Release 10.7.0.47
Fixes
| Component | Description | Issue |
|---|---|---|
| Karaf/OSGI | The Log4j library has been updated to version 2.16 to mitigate CVE-2021-44228. | MTM-42885 |
Release 10.7.0.46
Info
There are no significant improvements or fixes related to this component since the last Maintenance release.
Release 10.7.0.45
Fixes
| Component | Description | Issue |
|---|---|---|
| UI | It's now possible to select dates in the "Registration date" column filter. | MTM-39972 |
Release 10.7.0.43
Fixes
| Component | Description | Issue |
|---|---|---|
| Administration | Breadcrumbs are no longer duplicated on the Simulator page and the SmartRest templates page. The issue occurred since this feature had not been fully migrated to the ngx-component. Now, breadcrumbs in AngularJS can be added in 3 different places/ways:
- c8yBreadcrumbsSet component - c8yBreadcrumbsProvider by adding breadcrumbs array - c8yBreadcrumbsProvider by adding function which can be invoked All breadcrumbs added by AngularJS in one of these ways should now work correctly. |
MTM-38693 |
| Security | Security has been improved by preventing HTTPS redirects with invalid HOST headers. | MTM-38168 |
Release 10.7.0.42
Fixes
| Component | Description | Issue |
|---|---|---|
| Administration | An issue has been resolved where it was possible to use a weak password when a strong password enforcement had been configured. | MTM-38479 |
| REST API | Security has been improved by including the header "X-Content-Type-Options: nosniff" to all responses from the Cumulocity IoT platform. | MTM-37335 |
| UI | Translation issues with several UI strings have been resolved. | MTM-38376 |
Release 10.7.0.38
Info
There are no significant improvements or fixes related to this component in this Maintenance release.
Release 10.7.0.37
Improvements
| Component | Description | Issue |
|---|---|---|
| Administration | After removing delegated users, audit logs were not displayed for the shared user manager role and an error message "Cannot find document with ID" was displayed. The issue has been fixed by making sure that such events do no longer prevent audit logs from being displayed. | MTM-38363 |
| CEP (Esper) | Some Java library calls have been disabled in this release for security reasons. If you have Esper CEL that uses Java system calls, you should test your application carefully in an upgraded test environment before upgrading your production environment. | MTM-37710 |
Fixes
| Component | Description | Issue |
|---|---|---|
| MQTT | The JWT token can now be generated for devices authenticated with certificates regardless of the preferred login mode set (Basic, OAuth Internal). Previously it was only possible when the login mode was set to OAuth Internal. | MTM-35965 |
Release 10.7.0.36
Improvements
| Component | Description | Issue |
|---|---|---|
| REST API | Username validation and NewDeviceRequest validation have been improved. | MTM-37120 |
| Two-factor authentication | The QR code for the TOTP configuration is now generated by JS framework instead of Google API. | MTM-37833 |
Fixes
| Component | Description | Issue |
|---|---|---|
| Administration | In the User page, changing the password for the current user is now working. | MTM-37314 |
| Administration | The tenant password policy widget is now aligned with the page flow. | MTM-37387 |
| Administration | Implemented translation-related changes:
- Better matching for multiline translation strings - Fixed issue where strings were not translated upon page load/refresh or user translation changes - Fixed minor bugs caused by missing translation pipes |
MTM-37044 |
| Core product | Fixed handling big values for measurements provided via scientific notification. Values are now stored as floating point type. | MTM-37811 |
| Microservices | To improve compatibility with CORS-dependent clients, the 'Access-Control-Allow-Origin' header is now appended to the response returned from the microservice proxy when the 'Origin' header is used in request. | MTM-35817 |
| Report agent | The add/edit/duplicate/delete options are now hidden when the user does not have the permission to change export schedules, or the report microservice is not subscribed. | MTM-37312 |
| Report agent | When migrating smart-rule-based schedules to the new reporting agent, the platform will make sure they are activated right away, without any required extra action from user side. | MTM-37718 |
| SMS microservice | The SMS77 configuration with inherit.enable=true now allows the inheritance of encrypted api.key defined by credentials.api.key. | MTM-36982 |
Release 10.7.0.32
Improvements
| Component | Description | Issue |
|---|---|---|
| REST API | Username validation and NewDeviceRequest validation have been improved. | MTM-37120 |
Fixes
| Component | Description | Issue |
|---|---|---|
| SMS microservice | The SMS77 configuration with inherit.enable=true now allows the inheritance of encrypted api.key defined by credentials.api.key. | MTM-36982 |
Release 10.7.0.31
Improvements
| Component | Description | Issue |
|---|---|---|
| CEP | Customers who are still using CEL (Esper) as a CEP engine will receive an alarm once a day which informs them about the deprecation of the service. | MTM-36221 |
| Data Broker | When validating the data-broker connector the test has been improved to ensure it works correctly in all cases. | MTM-36786 |
Fixes
| Component | Description | Issue |
|---|---|---|
| Administration | In the Inventory tab, a user without relevant permission will no longer see the inventory tree. The error message displayed if a user does not have the relevant permission now shows the correct information. In the Application access tab, a user without relevant permission will no longer be able to edit. | MTM-33393 |
| Administration | Fixed an issue, when the UI was treating file size limits in bits instead of bytes. | MTM-35966 |
| Enterprise tenant | In the Branding tab, the validation of the favicon has been fixed. It is now again possible to upload an .ico file. | MTM-36883 |
| Realtime | To improve performance, the memory consumption has been reduced when using inventory roles READ ACLs for realtime notifications on /* channels. | MTM-36926 |
| Two-factor authentication | It should say that when the user (which has been disabled) trys to login it shows this message instead of TOTP screenFor more clarity, a new warning message shows up when a disabled user with TOTP tries to log in, stating that the user is disabled. | MTM-36710 |
Release 10.7.0.24
Improvements
| Component | Description | Issue |
|---|---|---|
| Administration | On the Inventory roles tab in the user details, the groups tree is now loaded progressively. Only the root groups are loaded. The user can click each group to expand the sub groups, or click Expand all groups to expand every sub group in sequence. This change was motivated for performance reasons, improving the speed considerably in tenants with large number of groups and devices. | MTM-32456 |
| Administration | Audit logs are created when a bulk operation has been changed. | MTM-33153 |
| Administration | A new Knowledge Hub is available for free-trial tenants on the Cumulocity IoT Cloud instances. The Knowledge Hub provides access to short videos, tours, articles, help and shortcuts, and thus introduces to the Cumulocity IoT platform, see also Getting started > Knowledge Hub in the User guide. The new Knowledge Hub is based on the integration of GainSight PX (GSPX), a user analytics and customer engagement platform, which aims at improving the customer experience. | MTM-31817 |
| Billing | The "/application/currentApplication" address has been excluded from request counting. | MTM-32206 |
| Billing | The microservice resource usage returned by the tenant usage statistics API has been documented, see Tenants > Tenants usage statistics in the Reference guide. | MTM-33623 |
| Billing | Information has been added on microservice custom metrics when sending the monthly statistics email report. | MTM-32866 |
| Billing | To ensure parity in the billing for customers the request counting in SmartREST and MQTT is now more consistent. The behaviour now matches that for the REST interface. For details see, Tenants > Tenant usage statistics in the Reference guide. | MTM-32970 |
| Data broker | The following changes have been implemented for alarms on queue overflow:
- An alarm is now also sent when the output queue is full (similar to the alarm for the input queue). - For output queues, the alarm text will include the affected connector. - The alarm severity has been changed from CRITICAL to MAJOR. |
MTM-32280 |
| Kubernetes | The security of the microservice hosting feature has been improved. Microservices must communicate with the core platform services but can longer invoke other microservices on the cluster directly. | MTM-32039 |
| MQTT-SN | Paho MQTT client has been upgraded to version 1.2.4. | MTM-33410 |
| Report-agent | The migration of scheduled exports based on smart rules is now automatically executed while displaying a message informing the user about the process. | MTM-31426 |
| REST API | Bulk operations have been extended with a new property generalStatus. Possible values for general status are: SCHEDULED, CANCELED, EXECUTING, EXECUTING_WITH_ERROR, FAILED and SUCCESSFUL. For details, see Device control > Bulk operation in the Reference guide. |
MTM-33724 |
| REST API | An endpoint has been added to allow forcing the general status of a bulk operation to SUCCESSFUL. For details, see Device control > Bulk operation in the Reference guide. | MTM-33151 |
| REST API | An endpoint has been added to allow filtering of bulk operations by time. For details, see Device control > Bulk operation in the Reference guide. | MTM-32397 |
| REST API | An endpoint has been added to allow filtering by one or more bulk operation general statuses. For details, see Device control > Bulk operation in the Reference guide. | MTM-35298 |
| REST API | The performance for API calls that require checking of inventory permissions has been improved. | MTM-32045 |
| REST API | Support has been added for the "withChildren" parameter when querying managed objects child collections. | MTM-32440 |
| REST API | It is now possible to order managed object's subcollections using the query parameter. | MTM-32730 |
| REST API | Deletion of audit logs is no longer permitted. All DELETE requests to the audit API should return the error “405 Method not allowed”. See also Release 10.7.0 > Important announcements. | MTM-27301 |
| REST API | Apache CXF library has been upgraded to version 3.3.7. | MTM-32511 |
| Retention rules | Retention rule execution makes better use of the system resources, this increases performance of the retention rule execution and reduces load on the system. | MTM-30785 |
| Single Sign On | JWKS token verification now supports all RSA public keys types. | MTM-31980 |
| Single Sign On | JWT headers have been added to audit logs. | MTM-32707 |
| Smart rules | Java SDK: To optimize query performance, support for the inventory API query parameter without children has been added. The parameter now allows to execute queries to get a list or single managed objects faster by omitting the children list. Moreover, the amount of data returned by the endpoint is reduced. This is highly useful when querying a device group with a large set of child devices. Smart rule: Increased performance when getting the smart rules defined for a large group of devices. |
MTM-32455 |
| Smart rules | The smart rule “On measurement threshold create alarm” will create an alarm if the configuration is not valid when the rule is executed. | MTM-34500 |
| Two-factor Authentication | If TFA is enforced on the system level for all users or for a single role, this information is now displayed under Administration > Authentication > TFA Settings. | MTM-33351 |
| Two-factor authentication | The administrator can now enforce TOTP for other users. | MTM-33430 |
| Various | The Core and Load Balancer nodes can have SELinux enabled; this improves the security of the Cumulocity IoT Cluster. | MTM-30305 |
Fixes
| Component | Description | Issue |
|---|---|---|
| Administration | The OpenIT service URL has been changed from sms.openit.de to https://sms.plusserver.com/put.php . | MTM-33053 |
| Administration | The support user until now was not able to change another account's password because the Confirm password dialog would not accept the support user's current password. This issue has been fixed, and now the support user is able to change the password for another account successfully. | MTM-32577 |
| Administration | The branding binary can only be deleted by removing the whole application. On the Branding page, the delete button is now disabled for the active binary. | MTM-32574 |
| Administration | The tenant option sms77.api.key is now prefixed with "credentials." implicitly in order to fetch the correct option value. | MTM-34362 |
| Administration | When handling timezones in the tenant usage statistics, the timezone information is now taken into account. | MTM-35137 |
| Administration | The menu item for the SMS provider setting is now only visible in the navigator if the microservice for the SMS functionality (sms-gateway) is subscribed to the corresponding tenant. | MTM-35261 |
| CellID | If the Google geolocation service does not know the WLAN that a smartbox device sends to the Cumulocity IoT platform, it will no longer use the center of Germany as fall back but throw a 404 exception instead. | MTM-32403 |
| Core platform | An issue caused by the openresty package upgrade has been resolved. | MTM-31279 |
| Core platform | Improved inter-cluster communication mechanism to deal with situations when one of the nodes is responding slowly. | MTM-32159 |
| Data broker | An issue has been fixed with concurrent activation of multiple data broker connectors. | MTM-31946 |
| Data broker | The error message that shows up when a data-broker connector cannot be created now includes details, such as the SSL certificate problem with the destination URL. | MTM-35686 |
| Enterprise tenant | The branding option for changing hover-color now works correctly. | MTM-31628 |
| Enterprise tenant | After changing/saving the admin user´s phone number in the tenant editor it is now updated correctly in the subtenants. | MTM-34388 |
| Logging | Improved the load balancer configuration to not flood the error logs with meaningless entries. | MTM-23462 |
| MongoDB | Improved MongoDB performance that was impacted when counting documents. | MTM-35111 |
| Operations | The outdated URL https://www.cumulocity.com/guides/reference-guide/#error_reporting has been changed to https://cumulocity.com/guides/reference/rest-implementation#error_reporting in error messages and is accessible. | MTM-33710 |
| Realtime | Realtime notifications on deletion of managed objects are no longer sent twice. | MTM-32567 |
| Realtime | When a user is logged in via SSO, the access to the /cep/notification endpoint is no longer prevented. | MTM-31094 |
| Realtime | The error response from the real-time endpoint will not return sensitive server information. | MTM-34650 |
| REST API | Fixed an issue which made passwords with slashes not work during WebSocket connection. | MTM-33764 |
| REST API | CORS settings: Calls on the same domain are not blocked. The backend allows all requests which come from the baseUrl domain, no matter if HTTP or HTTPS is used. | MTM-31025 |
| REST API | Real-time notifications for managed object updates will send refreshed data if a device becomes unavailable. | MTM-33401 |
| REST API | The alarm count in managed objects now is correctly updated after deleting a bulk of alarms. | MTM-32757 |
| REST API | Additional validation has been added to check the occurrence of control characters in messages sent by MQTT. Allowed characters are "\n \t \r". | MTM-34174 |
| Security | Resolved incorrect support user elevated rights assignment in the management tenant. | MTM-32527 |
| Single sign-on | Firmware binary files can now be downloaded without issues when a user is logged in via SSO. | MTM-32121 |
| Single sign-on | Login with SSO is again possible without the requestOrigin parameter. | MTM-34221 |
| Smart rules | On creating or updating a "On measurement threshold create alarm" smart rule, validation of global threshold ranges in the Data Point Library has been added. | MTM-32926 |
| SMS | sms-gateway no longer returns an error when the "receiptRequest" element is not provided in the request. | MTM-32957 | Two-factor Authentication | Users with the login mode "OAuth internal" can now log in with a user alias. | MTM-33743 |
| Two-factor Authentication | The activity time for the support user is updated if SMS TFA is used. | MTM-33015 |
| Two-factor authentication | Issue fixed when logging in as a support user, once the tenant ID is provided in the user input on the login screen. | MTM-35125 |