Releases: eclipse/kapua
1.6.12
Enhancements
💄 [Console GWT] Added lockout policy fields in Credential grid (#4086)
🔧 [Datastore] Datastore caches individually configurable (#4075)
⚡ [Datastore] Reduce the number of queries to keep the registry info updates (#4081)
🐛 [Docker] Fixed mirrors for CentOS 7 (#4074)
✨ [Docker] Migrated to Docker Compose V2 (#4091)
🔥 [Docker] Removed obsolete 'version' from Docker Compose files (#4092)
✨ [Messaging] Introduced configuration to optionally skip Device.id resolution for KapuaDataMessage (#4058)
✨ [REST API] Added "askTotalCount" parameter for tags api (#4078)
✨ [REST API] Batch of askTotalCount & matchTerm queryParameters for some APIs (#4080)
✨ [REST API] Implement sorting functionality in /{scopeId}/endpointInfos API (#4090)
✨ [REST API] Implement sorting functionality in /{scopeId}/roles API (#4093)
✨ [REST API] Implement sorting functionality in /{scopeId}/groups API (#4094)
✨ [REST API] Implement sorting functionality in /{scopeId}/credentials API (#4095)
✨ [REST API] FEATURE: Implemented askTotalCount in API '/{scopeId}/credentials' (#4101)
Bugfixes
🐛 [Authentication] Restrict editing of credential critical properties to admin (#4088)
:fix: introduce KapuaSessionCustomizer (#4108)
🐛 [Broker] Added missing Eclipse Link ASM dependency (#4110)
🐛 [Open API] FIX - Removed base64 format on dataChannel API docoumentation (#4082)
🐛 [Open API] FIX - API doc. on "GET /{scopeId}/devices" request section (#4084)
🐛 [REST API] Fix NPE in ServiceConfigurations resource by handling missing Account (#4062)
🐛 [REST API] MetricType unmarshalling in APIs (#4063)
🐛 [REST API] Fix ServiceConfigurations to return KapuaIllegalArgument instead of 204 (#4064)
🐛 [REST API] Fix ClassNotFoundException handling in ServiceConfigurations (#4068)
🐛 [REST API] Fix add input validation to KapuaConfigurableServiceBase (#4069)
Dependencies
⬆️ [Docker] Bumped version of docker-maven-plugin to 0.44.0 (#4055)
1.6.11
Enhancements
⬆️ [CI] Updated GitHub Actions for test coverage reports from Codecov Bash Uploader to codecov-action v4 (#4027)
⬆️ [CI] Update GitHub Actions components (#4028
[Core] Added loggin on components startup (#3923)
[Device Management] feat(deviceManagement): mapped missing DeviceInventoryContainer.state property (#3925)
Bugfixes
🐛 [CI] fixed providing of CODECOV_TOKEN to CI steps (#4030)
[Console GWT] fix(console): fixed error reporting for DeviceAssetChannel (#3947)
[Console GWT] Remove unnecessary localization logic (#4038)
[Core] FIX - introduced new changeset to update databasechangelog (#3926)
[Core] FIX - Problem of wrong serialization of ComposedKey fields on the cache (#4032)
🐛 [Core] Added missing error message for KapuaEntityUniquenessException (#4039)
[CORS] FIX - wrong Cors filtering error upon unauthorized API request (#3954)
[Datastore] FIX - LimitExceeded value on Data Metric/Message/Client/Channel GET APIs when more than 10k documents stored (#3919)
[Datastore] FIX - Fix offset limit datastore api (#3920)
[Datastore] FIX - Function "convertToDataIndexes" throwing error when one bad format index is present (#3981)
[Device Management] fix(deviceManagement): fixed validation of DeviceManagementBundle id validation (#3927)
[Device Management] Fix device snapshot handling in XML format (#3935)
[Device Management] fix(deviceManageemntInventory): fixed handling of 'null' state for a InventoryContainer (#3956)
[Documentation] Fix DevicePackage OpenAPI documentation (#3929)
[Documentation] fix(openapi): added missing DeviceInventory schermas to root openapi.yaml (#3930)
[Documentation] FIX - Restored support on XML content option on openApi doc for device snapshots (#3941)
[Documentation] FIX - Restored support on XML content option on openApi doc for device configurations (#3942)
[Documentation] Include clientId field in Device update REST API example (#3953)
[Documentation] fix(openapi): fixed openAPI deviceInventory example (#3958)
[Documentation] Add OpenAPI schema and description for JobStep object (#3985)
[Documentation] FIX - inserted missing elements to "job execution" schema (#3992)
[Documentation] Fix OpenAPI schema for StepProperties of a Job (#3995)
🐛 [Jobs] fixed JobStep.jobStepDefinitionId not being editable (#3991)
[Jobs] Fix default value handling during job step creation (#4052)
[REST API] FIX - Jaxb configuration changed to serialize EntityUniquenessExceptionInfo (#3943)
[REST API] Fix issue with job execution filtering in REST API for start date (#3983)
[REST API] FIX - Added missing @XmlJavaTypeAdapter on some fields of JobExecution (#3994)
🐛 [REST API] Fixed returnNotNullEntity correctly handle null KapuaEntities (#4041)
🐛 [REST API] Fixed DeviceNotConnectedException mapped HTTP error code to be 400 (#4047)
🐛 [REST API] Fixed HTTP error code for DeviceNotConnectedException from 400 to 409 (#4050)
:fix: [REST API] Credential Marshalling (#4053)
Dependencies
[Dependencies] :fix: bumped eclipslink from 2.7.7 to 2.7.12 (#3950)
⬆️ Bump commons-configuration2 from 2.9.0 to 2.10.1 - CVE-2024-29131 (#4037)
⬆️ Bump logback from 1.2.11 to 1.2.13 - CVE-2023-6481 (#4036)
1.6.10
Enhancements
[Build] Provide compiled version of protobuf payload on 1.6.x branch (#3905)
[Jobs] Improve error message for batch job execution log (#3879)
Bugfixes
[Broker] broker crashes on 1.6.x branch due to missing dependency (#3900)
[Datastore] fix(datastore): improve performances on messages store (#3915)
[Device Management] FIX - fixed logging for device command execution error when arguments are null (#3887)
[Documentation] Specify how variables export should be done for SSL deployment (#3882)
[Documentation] FIX - scopeID definition in openapi file (#3907)
[Liquibase] FIX - Foreign keys liquibase scripts correctly imported and executed (#3884)
[Test] FIX - CI configuration improvements Bug build (#3912)
Dependencies
[Dependencies] dependency: bumped version of Apache Commons Compress from 1.22 to 1.24.0 - CVE-2023-42503 (#3866)
[Dependencies] dependency: bumped Eclipse Jetty version from 9.4.50.v20221201 to 9.4.52.v20230823 - CVE-2023-26049 CVE-2023-36479 CVE-2023-40167 (#3867)
[Dependencies] dependency: bumped Google Guava version from 30.1-jre to 32.1.2-jre - CVE-2020-8908 CVE-2023-2976 (#3868)
[Dependencies] dependency: bumped Snakeyaml from 1.33 to 2.2 - CVE-2022-1471 (#3869)
[Dependencies] dependency: bumped Netty versions from 4.1.87.Final to 4.1.97.Final - CVE-2023-34462 (#3877)
[Dependencies] dependency: bumped Jackson dependencies from 2.13.4 to 2.15.2 (#3880)
[Dependencies] build(deps): bump io.netty:netty-codec-http2 from 4.1.97.Final to 4.1.100.Final (#3886)
[Dependencies] Bump jetty version from 9.4.52.v20230823 to 9.4.53.v20231009 - CVE-2023-36478 (#3895)
[Dependencies] fix: cve2023-4660 (#3898)
1.6.9
Enhancements
[REST API][FEATURE] Inserted a way to automatically obtain rest API url endpoint with swagger Documentation Enhancement (#3762)
[REST API] Feature - Bump OpenApi version from 3.0.2 to 3.0.3 Enhancement REST API (#3843)
[REST API] Feature - Bump OpenApi from 3.0.2 to version 3.0.3 to all openApi yaml files (#3857)
chng(job): Changeg max length for JobStepProperty.value from 100MB to 10MB (#3861)
Bugfixes
[Console GWT] Fix - Fixed retrieval of metrics with same name and different types from Console GWT (#3829)
[Datastore] MappingException malformed error message in log (#3834)
[Datastore] Datastore GET /messages REST API returns empty result if limit is set over 10000 (#3822)
[DeviceManagement] Fix TransportClientPool exhausted exception handling and logging (#3763)
fix(jobEngine): added missing mappings in JobEngine locator.xml for DeviceConnectionService and DeviceConnectionFactory (#3852)
fix(jobEngine): Changed 'jbtc_job_status.obj' type to longblob to support changes made in #3828 (#3851)
[Job Engine] Fix JobEngineException log messages (#3848)
Dependencies
[Dependencies] Bumped version of Apache Commons Fileupload from 1.4 to 1.5 - CVE-2023-24998 (#3864)
[Dependencies] Set fixed version of commons-configuration2 dependency to 2.9.0 (#3856)
[Dependencies] Bump shiro version from 1.10.0 to 1.12.0 - CVE-2023-34478 (#3853)
[Dependencies] Feature - Bump H2 Database from 1.4.199 to 1.4.200 (#3849)
[Dependencies] Feature - Bump swagger-ui from 3.52.4 to 4.19.1 (#3844)
[Dependencies] Events broker update (#3558)
1.6.8
Enhancements
[Console GWT] The console should provide a way to reset the password of a user (#3733)
[Credentials] Change password functionality should be done in a backend service (#3718)
[Credentials] Missing functionality to reset password (#3720)
[Credentials] Improved CredentialService.getMinimumPasswordLength to handle also ANY as scopeId (#3757)
[Jobs] Step properties field having different names (#3580)
[Jobs] Print job execution log timestamps in ISO 8601 UTC format (#3774)
[Jobs] feat(jobs): Added JobStepProperty overrides on JobEngineStartOptions (#3781)
[Jobs] feat(job): Increased length of JobStepProperty.propertyValue field to allow up to 4GB (#3828)
[System Info] Add endpoint to retrieve system info Enhancement REST API (#3716)
[System Info] Version endpoint should provide more details (#3728)
[User] An authenticated user should be able to change his own profile information Enhancement (#3744)
Bugfixes
[Console GWT] Timeout field tooltip should report time in milliseconds (#3738)
[Console GWT] The change password dialog is not fully visible when mfa enabled (#3739)
[Console GWT] Fix - deletion of mandatory property for "displayName" device parameter (#3741)
[Console GWT] Fixed JobTarget showing when Device is not found (#3751)
[Console GWT] FIX - Deployment packages tab throwing a nullPointer exception upon rendering (#3760)
[Console GWT] FIX - mods. to DeviceTab classes to correctly handle background tabs (#3761)
[Console GWT] fix(console): Fixed DeviceSessionPermission reference in kapua-console-module-data module (#3782)
[Console GWT] Fix URL regex marking as invalid legal URL (#3789)
[CORS] Fix - Updated CORS filtering logic to remove false positives (#3750)
[CORS] FIX - modification to cors filtering typo sec-fetch-site check (#3753)
[Credentials] UserCredentialService#changePassword should not calls CredentialsService#update (#3731)
[Datastore] Normalize fields containing dots before querying to es (#3825)
[Deployment] Fix - Added environment deployment variable to define allowed cors origins (#3743)
[Deployment] Fix - changed IMAGE_VERSION env. variable default value (#3779)
[Deployment] fix(deployment): Added missing --help options and fixed usage print do docker-deploy.sh (#3792)
[Device Management] Fix MqttClient exception messages (#3722)
[Device Management] Fix - Inserted device package fields limits (#3808)
[Docker] FIX - removed timestamp from the tag of docker images built (#3784)
[Documentation] Example for GET /systemInfo has a typo (#3746)
[Documentation] [FEATURE] Inserted a way to automatically obtain rest API url endpoint with swagger (#3762)
[Documentation] [FIX] update in openAPI documentation to reach consistency with responseCode field (#3766)
[Documentation] FIX - Reached consistency with enums on openApi doc files (#3767)
[Documentation] FIX - updated readme file to provide a functioning demo setup (#3777)
[Documentation] FIX - fixed missing properties on device Event openAPI.yaml schema definition (#3790)
[Endpoints] Correct retrieval of specific endpoints (#3727)
[Jobs] Added NPE checking on JobEngineClient response error handling (#3724)
[Jobs] Add maximum length to configuration put step definition (#3812)
[Jobs] Fixed handling of jobStepProperty null value when validating (#3827)
[Project] fix(git): Added missing JEnv .java-version in .gitignore (#3783)
[Project] FIX - Cleanup of readme file to fix badges (#3814)
[REST API] Inserted time range filter on job execution rest endpoint (#3723)
[REST API] Various modifications on rest APIs to reach coherence with documentation (#3725)
[REST API] The credentialKey should not be reported in Credential responses (#3735)
[REST API] UserCredentialService#changePasswordRequest should have a more consistent name (#3748)
[REST API] Credential unlock resource should match other "action" resources (#3754)
[REST API] FIX - Added exception mapper for duplicate pass exception (#3805)
[REST API] FIX - changed the logger properties for KapuaDuplicatePasswordCredentialExceptionMapper (#3806)
[REST API] Introduced right exception for metric type null (#3826)
[SSO] Fail to create the correct URL to connect to Auth0 as the external OpenIDConnect provider (#3797)
[Test] FIX - fixed dependencies in cucumber report module (#3769)
Dependencies
[Dependencies] Bumped protobuf-java version from 3.21.9 (3.8.0) to 3.23.2 - CVE-2022-3510 CVE-2022-3509 CVE-2022-3171 CVE-2021-22569 (#3802)
1.6.7
Enhancements
[Liquibase Unlocker] Liquibase unlocker tool (#3685)
[Liquibase Unlocker] liquibase unlocker tool - dependency refinements (#3708)
[Jobs] Job execution log should report step name and step index (#3700)
[Jobs] Job execution log should report target name and target short uuid (#3698)
Bugfixes
[Accounts] Fix - users that can modify expiration date of the account in which are defined (#3689)
[Core] KapuaException throws NPE on null error code, but only if there is a message bundle (#3677)
[Device groups] Fixed permission checks for not-groupable domains (#3678)
[Device Lifecycle] Improve handling and checking of values in Birth Message (#3697)
[Device Lifecycle] Device registration error when connectionIp exceeds field size (#2726)
[Device Lifecycle] device registry - device lifecycle test scenario may fail for some network configurations (#1237)
[Documentation] Wrong example for endpoint PUT Rest API method (#3709)
[Documentation] Target statusMessage field not documented in Swagger UI example values (#3681)
[Documentation] Response description in SwaggerUI is wrong for jobs endpoints (#3674)
[REST API] Added support for askTotalCount on Roles-related endpoints (#3714)
[REST API] Return an ordered list of service configurations with (#3712)
[REST API] Missing endpoint for changing user password (#3710)
Dependencies
[Dependencies] Bump and aligned Jersey version to 2.38 (#3702)
[Dependencies] Bumped Jetty from 9.4.44.v20210927 to 9.4.50.v20221201 - CVE-2022-2047 CVE-2022-2048 (#3696)
[Dependencies] Bump Netty version from 4.1.84.Final to 4.1.87.final - CVE-2022-41881 CVE-2022-41915 (#3692)
[Dependencies] Upgraded Dependency Check plugin from 1.4.5 to 7.4.4- CVE-2018-12036 (#3687)
1.6.6
1.6.5
c4ed7b0
Coduz
Alberto Codutti
Bugfixes
[Account] Fixed AccountService improper segregation (#3670)
[Console GWT] Fixed Endpoint View permissions (#3660)
[Broker] Disabled device can still connect to the broker (#3619)
Enhancements
[Core] KapuaId implementation use the same way to perform equals, hashCode and toString operations (#3669)
1.6.4
f1cb907
Coduz
Alberto Codutti
Bugfixes
[Build] Added Eclipse Dash Tool step in Kapua CI GitHub workflow (#3600)
[Build] Refactored Eclipse Dash License Tool workflow usage according to suggestions (#3602)
[Build] Upgrade GitAction actions versions 1.x (#3622)
[Console GWT] Entirely show the new credential mask even with allowed special chars (#3607)
[Console GWT] New Credential mask not entirely shown (#3606)
[Console GWT] Organization addressLine3 is missing in admin console (#3650)
[Console GWT] Password tips should report the allowed special characters (#3567)
[Documentation] Added SECURITY.md file (#3597)
[Documentation] Fixed Action definition missing SUBMIT in OpenAPI (#3586)
[Documentation] Fixed JobTarget OpenAPI definition (#3585)
[Documentation] Missing mandatory field "targetScopeId" in swagger documentation for role endpoints (#3592)
[Documentation] Swagger documentation mistakenly show serialNumber example as number (#3624)
[Documentation] Wrong "phoneNumber" swagger field for account creation (#3590)
[Documentation] Wrong data format in swagger example (#3588)
[MFA] Refactored and improved MfaAuthenticatorImpl (#3655)
[Misc] Set loglevel for Cache Configuration Printer (#3584)
[Rest API] Disable the Swagger UI if needed (#3595)
[Service Configuration] Fix NPE implicit casting on configurable resources checks (#3610)
[Service Configuration] KapuaCofigurableService cleanup and added a bunch of javadoc (#3571)
[Test] Avoiding test antipattern in Kapua api (#3632)
[Test] Commons - importing Assert instead of extending (#3629)
[Test] Commons - test fixes (style, not substance) (#3630)
[Test] First batch of test refactorings in kapua services (#3633)
[Test] Further test refactorings in kapua - no semantic changes (#3634)
[Test] KapuaFileUtilsTest fails due to no longer available file over the internet (#3639)
[Test] Messages - better testing syntax (#3631)
[Test] Refactored KapuaFileUtilsTest (#3641)
[Test] Test classes not longer extending Assert for broker tests (#3628)
Dependencies
[Dependencies] Replaced org.apache.sanselan:sanselan with org.apache.commons:commons-imaging - CVE-2018-17201 CVE-2018-17202 (#3654)
[Dependencies] Upgraded Apache Commons Compress from 1.18 to 1.22 - CVE-2021-35515 CVE-2021-35516 CVE-2021-35517 CVE-2021-36090 (#3657
[Dependencies] Upgraded Gson dependencies from 2.7 to 2.10 - CVE-2022-25647 (#3648)
[Dependencies] Upgraded Httpcomponents to latest 4.x (#3652)
[Dependencies] Upgraded Jackson dependencies from 2.13.1 to 2.13.4/2.13.4.2 - CVE-2020-36518 CVE-2022-42003 CVE-2022-42004 (#3645)
[Dependencies] Upgraded JUnit dependency from 4.12 to 4.13.2 - CVE-2020-15250 (#3649)
[Dependencies] Upgraded Logback dependencies from 1.2.3 to 1.2.11 - CVE-2021-42550 (#3647)
[Dependencies] Upgraded Netty dependencies from 4.1.60.Final to 4.1.84.Final - CVE-2021-21409 CVE-2021-37136 CVE-2021-37137 CVE-2021-43797 CVE-2022-24823 (#3635)
[Dependencies] Upgraded Shiro dependencies from 1.8.0 to 1.10.0 - CVE-2022-40664 CVE-2022-32532 (#3626)
[Dependencies] Upgraded Snakeyaml dependency from 1.28 to 1.33 - CVE-2022-38752 CVE-2022-38751 CVE-2022-38750 CVE-2022-38749 (#3646)
[Dependencies] Upgraded Spring Security from 4.1.3.RELEASE to 4.2.20.RELEASE in Kapua 1.x - CVE-2018-1199 CVE-2020-5408 (#3643)
1.5.7
35600e0
Coduz
Alberto Codutti
Bugfixes
[Build] Added Eclipse Dash Tool step in Kapua CI GitHub workflow (#3600)
[Build] Refactored Eclipse Dash License Tool workflow usage according to suggestions (#3602)
[Build] Upgrade GitAction actions versions 1.x (#3622)
[Console GWT] Entirely show the new credential mask even with allowed special chars (#3607)
[Console GWT] Remove encoding for password changing (#3570)
[Docker] Fixed Docker Compose unquoted ports (#3575)
[Documentation] Added SECURITY.md file (#3597)
[Documentation] Fix OpenAPI Device Keystore definitions (#3574)
[Documentation] Fixed Action definition missing SUBMIT in OpenAPI (#3586)
[Documentation] Fixed JobTarget OpenAPI definition (#3585)
[Documentation] Fixed TriggerProperty OpenAPI definition (#3566)
[MFA] Refactored and improved MfaAuthenticatorImpl (#3655)
[Misc] Set loglevel for Cache Configuration Printer (#3584)
[Service Configuration] Fix NPE implicit casting on configurable resources checks (#3610)
[Service Configuration] KapuaCofigurableService cleanup and added a bunch of javadoc (#3571)
[Test] Avoiding test antipattern in Kapua api (#3632)
[Test] Commons - importing Assert instead of extending (#3629)
[Test] Commons - test fixes (style, not substance) (#3630)
[Test] First batch of test refactorings in kapua services (#3633)
[Test] Further test refactorings in kapua - no semantic changes (#3634)
[Test] Messages - better testing syntax (#3631)
[Test] Refactored KapuaFileUtilsTest (#3641)
[Test] Test classes not longer extending Assert for broker tests (#3628)
Dependencies
[Dependencies] Upgraded Apache Commons Compress from 1.18 to 1.22 - CVE-2021-35515 CVE-2021-35516 CVE-2021-35517 CVE-2021-36090 (#3657)
[Dependencies] Replaced org.apache.sanselan:sanselan with org.apache.commons:commons-imaging - CVE-2018-17201 CVE-2018-17202 (#3654)
[Dependencies] Upgraded Httpcomponents to latest 4.x (#3652)
[Dependencies] Upgraded JUnit dependency from 4.12 to 4.13.2 - CVE-2020-15250 (#3649)
[Dependencies] Upgraded Gson dependencies from 2.7 to 2.10 - CVE-2022-25647 (#3648)
[Dependencies] Upgraded Logback dependencies from 1.2.3 to 1.2.11 - CVE-2021-42550 (#3647)
[Dependencies] Upgraded Snakeyaml dependency from 1.28 to 1.33 - CVE-2022-38752 CVE-2022-38751 CVE-2022-38750 CVE-2022-38749 (#3646)
[Dependencies] Upgraded Jackson dependencies from 2.13.1 to 2.13.4/2.13.4.2 - CVE-2020-36518 CVE-2022-42003 CVE-2022-42004 (#3645)
[Dependencies] Upgraded Spring Security from 4.1.3.RELEASE to 4.2.20.RELEASE in Kapua 1.x - CVE-2018-1199 CVE-2020-5408 (#3643)
[Dependencies] Upgraded Netty dependencies from 4.1.60.Final to 4.1.84.Final - CVE-2021-21409 CVE-2021-37136 CVE-2021-37137 CVE-2021-43797 CVE-2022-24823 (#3635)
[Dependencies] Upgraded Shiro dependencies from 1.8.0 to 1.10.0 - CVE-2022-40664 CVE-2022-32532 (#3626)