Releases: thingsboard/thingsboard
Releases · thingsboard/thingsboard
ThingsBoard 4.3.1.2 Release
c37fb50
This commit was signed with the committer’s verified signature.
What's Changed
Security
- Fixed CWE-770 in Jackson Core by @zzzeebra in #15368
- Fixed CVE-2026-34487, CVE-2026-34486, CVE-2026-34483 by @zzzeebra in #15417
- Fixed CVE-2025-70340: system alarm comments access control by @dashevchenko in #15377
- Fixed multiple CVEs: 2026-39364, 2026-39363, 2026-4800 by @vvlladd28 in #15466
- Fixed CVE-2026-40895 by @mtsymbarov-del in #15538
- Fixed CVE-2026-5588, CVE-2026-5598, CVE-2025-14813, CVE-2026-35554, CVE-2026-27314 by @zzzeebra in #15458
- Fixed CVE-2026-40975, CVE-2026-40973, CVE-2026-22740, CVE-2026-42198 by @zzzeebra in #15557
- Fixed SSRF vulnerability in AI model provider URLs by @zzzeebra in #15412
- Fixed SSRF and file access vulnerabilities in TBEL script sandbox by @zzzeebra in #15585
- Fixed CVE-2026-40682, CVE-2026-42027 by @zzzeebra in #15588
- Fixed CVE-2026-42579, CVE-2026-42583, CVE-2026-42584, CVE-2026-42587 by @ViacheslavKlimov in #15598
- Hardened remote JS executor script invocation by @smatvienko-tb in #15600
- Fixed CVE-2026-41284, CVE-2026-43512 by @ViacheslavKlimov in #15649
Core & Rule Engine
- Audit logging for tenant profile operations by @zzzeebra in #13076
- Added entity keys V2 endpoint with sample values by @dskarzh in #15044
- Performance and reliability improvements for Efento message processing by @dashevchenko in #15333
- Refactored APIs to meet OpenAPI standard by @dashevchenko and @ViacheslavKlimov in #15443
- Exposed HTTP response compression configuration params by @dashevchenko in #15520
- LZ4 compression support for Kafka by @volodymyr-babak in #15565
- Fixed WS sessions limit handling for public users by @dashevchenko in #15313
- Fixed REST API Call node blocking actor thread and semaphore permit leak by @smatvienko-tb in #15334
- Fixed entity filtering by boolean data key for EDQS by @dashevchenko in #15457
- Fixed alarm rule crash on duration source change by @zzzeebra in #15439
- Fixed MAX aggregation for mixed double and long telemetry values by @dashevchenko in #15560
- Added config property to control null ordering in dashboards by @dashevchenko in #15425
UI
- Improved default tenant home dashboard by @vvlladd28 in #15000
- Changed default "Add" button style in entity tables by @vvlladd28 in #14984
- Bumped Node.js version from 22.18.0 to 22.22.2 by @ViacheslavKlimov in #15330
- Enhanced localization: "save-to-gallery" translations by @deaflynx in #15339
- Exposed http-utils functions via WidgetContext.httpUtils by @vvlladd28 in #15395
- Added roundDown option to ShortNumberPipe by @vvlladd28 in #15393
- HTML container widget by @ikulikov in #15556
- Hidden "Add Telemetry" button for Entity view by @mtsymbarov-del in #15362
- Added '@angular/core/rxjs-interop' to modules map by @vvlladd28 in #15373
- Fixed Datasource determination for autocomplete patterns if datasource is empty by @mtsymbarov-del in #15340
- Fixed hint alignment for propagate alarm rule field by @mtsymbarov-del in #15360
- Fixed missing 'type' property in alarm rule condition on save by @vvlladd28 in #15392
- Fixed select options being clipped in widget settings form by @vvlladd28 in #15399
- Fixed translation for Asset and Device profile by @mtsymbarov-del in #15421
- Removed "Alarm rules" step from setting up device profile by @mtsymbarov-del in #15422
- Fixed display long texts in Alarm asignee panel by @mtsymbarov-del in #15408
- Fixed Alarm Assignee icon placement by @mtsymbarov-del in #15423
- Adjusted size of entity type select to fit error message by @mtsymbarov-del in #15427
- Fixed show/hide of custom header actions when using function to control visibility by @mtsymbarov-del in #15430
- Fixed not set pageSize to child nodes in Entities hierarchy widget by @mtsymbarov-del in #15433
- Fixed not process aggregation keys in Entities hierarchy widget by @mtsymbarov-del in #15434
- Fixed icon placement in Value stepper icon by @mtsymbarov-del in #15489
- Fixed display column panel hiding not selectable columns by @mtsymbarov-del in #15490
- Fixed map shape labels drifting from center after viewport resize by @mtsymbarov-del in #15531
- Map widget: fixed data aggregation for additional data keys and import/export widget JSON for polylines layer by @ChantsovaEkaterina in #15579
- Fixed CSV import not unescaping double quotes in unquoted fields by @ChantsovaEkaterina in #15581
- Removed unnecessary DomSanitizer bypass in photo camera input widget by @mtsymbarov-del in #15639
Transport
- Added automatic SSL/TLS certificate reload for transports without service restart by @AndriiLandiak in #15301
- Fixed app hanging on MQTT port conflict at startup by @zzzeebra in #15451
- SNMP: defer querying tasks until transport session is registered by @volodymyr-babak in #15346
Edge
- Added syncInProgress as edge attribute by @volodymyr-babak in #15111
- API key edge sync support by @volodymyr-babak in #15167
Full Changelog: v4.3.1.1...v4.3.1.2
Contributors
volodymyr-babak, ikulikov, and 10 other contributors
Assets 5
ThingsBoard 4.2.2.2 Release
1acb800
This commit was signed with the committer’s verified signature.
What's Changed
Security
- Fixed CWE-770 in Jackson Core by @zzzeebra in #15368
- Fixed CVE-2026-34487, CVE-2026-34486, CVE-2026-34483 by @zzzeebra in #15417
- Fixed CVE-2025-70340: system alarm comments access control by @dashevchenko in #15377
- Fixed multiple CVEs: 2026-39364, 2026-39363, 2026-4800 by @vvlladd28 in #15466
- Fixed CVE-2026-40895 by @mtsymbarov-del in #15538
- Fixed CVE-2026-5588, CVE-2026-5598, CVE-2025-14813, CVE-2026-35554, CVE-2026-27314 by @zzzeebra in #15458
- Fixed CVE-2026-40975, CVE-2026-40973, CVE-2026-22740, CVE-2026-42198 by @zzzeebra in #15557
- Fixed SSRF vulnerability in AI model provider URLs by @zzzeebra in #15412
- Fixed SSRF and file access vulnerabilities in TBEL script sandbox by @zzzeebra in #15585
- Fixed CVE-2026-40682, CVE-2026-42027 by @zzzeebra in #15588
- Fixed CVE-2026-42579, CVE-2026-42583, CVE-2026-42584, CVE-2026-42587 by @ViacheslavKlimov in #15598
- Hardened remote JS executor script invocation by @smatvienko-tb in #15600
- Fixed CVE-2026-41284, CVE-2026-43512 by @ViacheslavKlimov in #15649
Core & Rule Engine
- Performance and reliability improvements for Efento message processing by @dashevchenko in #15333
- Exposed HTTP response compression configuration params by @dashevchenko in #15520
- LZ4 compression support for Kafka by @volodymyr-babak in #15565
- Fixed WS sessions limit handling for public users by @dashevchenko in #15313
- Fixed REST API Call node blocking actor thread and semaphore permit leak by @smatvienko-tb in #15334
- Fixed entity filtering by boolean data key for EDQS by @dashevchenko in #15457
- Fixed MAX aggregation for mixed double and long telemetry values by @dashevchenko in #15560
- Added config property to control null ordering in dashboards by @dashevchenko in #15425
UI
- Bumped Node.js version from 22.18.0 to 22.22.2 by @ViacheslavKlimov in #15330
- HTML container widget by @ikulikov in #15556
- Hidden "Add Telemetry" button for Entity view by @mtsymbarov-del in #15362
- Added '@angular/core/rxjs-interop' to modules map by @vvlladd28 in #15373
- Fixed select options being clipped in widget settings form by @vvlladd28 in #15399
- Fixed display long texts in Alarm asignee panel by @mtsymbarov-del in #15408
- Fixed Alarm Assignee icon placement by @mtsymbarov-del in #15423
- Adjusted size of entity type select to fit error message by @mtsymbarov-del in #15427
- Fixed show/hide of custom header actions when using function to control visibility by @mtsymbarov-del in #15430
- Fixed not set pageSize to child nodes in Entities hierarchy widget by @mtsymbarov-del in #15433
- Fixed not process aggregation keys in Entities hierarchy widget by @mtsymbarov-del in #15434
- Fixed map shape labels drifting from center after viewport resize by @mtsymbarov-del in #15531
- Fixed CSV import not unescaping double quotes in unquoted fields by @ChantsovaEkaterina in #15581
Transport
- Added automatic SSL/TLS certificate reload for transports without service restart by @AndriiLandiak in #15301
- Fixed app hanging on MQTT port conflict at startup by @zzzeebra in #15451
- SNMP: defer querying tasks until transport session is registered by @volodymyr-babak in #15346
Full Changelog: v4.2.2.1...v4.2.2.2
Contributors
volodymyr-babak, ikulikov, and 8 other contributors
Assets 5
ThingsBoard 4.3.1.1 Release
c2a52e4
This commit was signed with the committer’s verified signature.
What's Changed
Security
- Fixed XSS vulnerability in notification center by @vvlladd28 in #15204
- Fixed CVE-2026-24308, CVE-2026-24281 and CVE-2026-24400 by @ViacheslavKlimov in #15244
- Added configurable security headers and env-var-backed CORS configuration by @ViacheslavKlimov in #15254
- Fixed SSRF DNS rebinding bypass, added allow-list by @ViacheslavKlimov in #15253
- Fixed CVE-2026-24281, CVE-2026-24308, CVE-2026-24400, CVE-2026-29063, CVE-2026-29087, CVE-2026-29786, CVE-2026-30827, CVE-2026-31802, CVE-2026-32141, CVE-2026-32635, CVE-2026-27904 by @vvlladd28 in #15251
- Fixed CVE-2026-22731, CVE-2026-22732, CVE-2026-22733, CVE-2026-22737 + Spring Boot 3.5 by @ViacheslavKlimov in #15278
- Fixed CVE-2026-33228 by @vvlladd28 in #15293
- Fixed CVE-2026-33870, CVE-2026-33871 and GHSA-72hv-8253-57qq by @ViacheslavKlimov in #15315
- Fixed CVE-2026-33895, CVE-2026-33894, CVE-2026-33896, CVE-2026-33750, CVE-2026-4923, CVE-2026-33671 by @vvlladd28 in #15322
- Fixed CVE-2026-0861, CVE-2026-0915, CVE-2025-15281 for Docker images by @ViacheslavKlimov
Core & Rule Engine
- Sanitize database error messages by @ViacheslavKlimov in #15262
- Added OTA package data cleanup by @AndriiLandiak in #14775
- Fixed notification requests and RPC cleanup timeout on large datasets by @AndriiLandiak in #14762
- Added WS update on telemetry deletion by @dashevchenko in #14781
UI
- Updated locales da_DK, de_DE, el_GR, es_ES, fr_FR, it_IT, ja_JP, nl_NL, no_NO, pt_BR, tr_TR, uk_UA, zh_CN by @vvlladd28 in #15237
- Hidden "Show on widgets" button on sysadmin level by @vvlladd28 in #15203
- Fixed WS reconnect loop and notification spam when session limit is reached by @vvlladd28 in #15219
- Fixed missing translation for Polylines toggle in map settings by @vvlladd28 in #15252
- Fixed resetting of validation on storeLink property by @mtsymbarov-del in #15168
- Fixed time series table widgets tab style by @mtsymbarov-del in #15267
- Fixed proxy error handling for 502/503/504 HTTP status codes by @vvlladd28 in #15292
- Fixed string-items-list autocomplete selection and blur handling by @vvlladd28 in #15273
Edge
- Support combined PEM cert+key for Edge gRPC SSL by @smatvienko-tb in #15205
Transport
- MQTTS metrics and client address logging on exceptionCaught by @smatvienko-tb in #15112
- Fixed LwM2M Redis stores startup: use separate connections for SCAN and GET by @smatvienko-tb in #15143
Full Changelog: v4.3.1...v4.3.1.1
Contributors
vvlladd28, AndriiLandiak, and 4 other contributors
Assets 5
ThingsBoard 4.2.2.1 Release
a933db2
This commit was signed with the committer’s verified signature.
What's Changed
Security
- Fixed XSS vulnerability in notification center by @vvlladd28 in #15204
- Fixed CVE-2026-24308, CVE-2026-24281 and CVE-2026-24400 by @ViacheslavKlimov in #15244
- Added configurable security headers and env-var-backed CORS configuration by @ViacheslavKlimov in #15254
- Fixed SSRF DNS rebinding bypass, added allow-list by @ViacheslavKlimov in #15253
- Fixed CVE-2026-24281, CVE-2026-24308, CVE-2026-24400, CVE-2026-29063, CVE-2026-29087, CVE-2026-29786, CVE-2026-30827, CVE-2026-31802, CVE-2026-32141, CVE-2026-32635, CVE-2026-27904 by @vvlladd28 in #15251
- Fixed CVE-2026-22731, CVE-2026-22732, CVE-2026-22733, CVE-2026-22737 + Spring Boot 3.5 by @ViacheslavKlimov in #15278
- Fixed CVE-2026-33228 by @vvlladd28 in #15293
- Fixed CVE-2026-33870, CVE-2026-33871 and GHSA-72hv-8253-57qq by @ViacheslavKlimov in #15315
- Fixed CVE-2026-33895, CVE-2026-33894, CVE-2026-33896, CVE-2026-33750, CVE-2026-4923, CVE-2026-33671 by @vvlladd28 in #15322
Core & Rule Engine
- Sanitize database error messages by @ViacheslavKlimov in #15262
- Added OTA package data cleanup by @AndriiLandiak in #14775
- Fixed notification requests and RPC cleanup timeout on large datasets by @AndriiLandiak in #14762
- Added WS update on telemetry deletion by @dashevchenko in #14781
UI
- Updated locales da_DK, de_DE, el_GR, es_ES, fr_FR, it_IT, ja_JP, nl_NL, no_NO, pt_BR, tr_TR, uk_UA, zh_CN by @vvlladd28 in #15237
- Hidden "Show on widgets" button on sysadmin level by @vvlladd28 in #15203
- Fixed WS reconnect loop and notification spam when session limit is reached by @vvlladd28 in #15219
- Fixed resetting of validation on storeLink property by @mtsymbarov-del in #15168
- Fixed proxy error handling for 502/503/504 HTTP status codes by @vvlladd28 in #15292
- Fixed string-items-list autocomplete selection and blur handling by @vvlladd28 in #15273
Edge
- Support combined PEM cert+key for Edge gRPC SSL by @smatvienko-tb in #15205
Transport
- Fixed LwM2M Redis stores startup: use separate connections for SCAN and GET by @smatvienko-tb in #15143
Full Changelog: v4.2.2...v4.2.2.1
Contributors
vvlladd28, AndriiLandiak, and 4 other contributors
Assets 5
ThingsBoard 4.3.1 Release
490482c
This commit was signed with the committer’s verified signature.
What's Changed
Security
- Fixed CVE-2026-24734 and CVE-2025-66614 by @ViacheslavKlimov in #15076
- Fixed CVE-2025-7783, CVE-2026-26996 and CVE-2026-26960 by @vvlladd28 in #15079
- Fixed CVE-2026-27903 and CVE-2026-27904 by @vvlladd28 in #15109
- Added SSRF protection (must be enabled with SSRF_PROTECTION_ENABLED env) by @ViacheslavKlimov in #15123
- Fixed CWE-770 in Jackson Core (GHSA-72hv-8253-57qq) by @ViacheslavKlimov in #15124
- Fixed CVE-2026-27970 and CVE-2026-2391 by @vvlladd28 in #15128
- Fixed CVE-2026-2781, CVE-2026-25646, CVE-2026-21945 and CVE-2026-21932 for Docker images by @ViacheslavKlimov and @smatvienko-tb
Major UI
Core & Rule Engine
- Fixed getTimeseries API (/{entityType}/{entityId}/values/timeseries) by @dashevchenko in #15054
- Added Cassandra result set byte-size limit by @ViacheslavKlimov in #15058
- Fixed TBEL script execution failures on repeated runs by @ViacheslavKlimov in #15078
- Fixed blocking JPA queries on access-validator single thread by @dskarzh in #15101
- Fixed preservation of rule node execution counter in delay and deduplication nodes by @dskarzh in #15100
- Improved Apple OAuth2 mapper and refactored OAuth2 client validation by @ViacheslavKlimov in #15120
- Fixed infinite loop when rule chain input node forwards to its own rule chain by @smatvienko-tb in #15102
- Made max WS message size configurable by @DmytroKhylko in #15116
UI
- Fixed Redirect Url encoding by @mtsymbarov-del in #14985
- Fixed loading and placement of Material icons by @mtsymbarov-del in #14959
- Fixed Popover placement for Marker, Polygon and Circle overlay config by @mtsymbarov-del in #14978
- Fixed adaptive in mail server configuration by @vvlladd28 in #15018
- Fixed Range and Bar chart limits setup by @mtsymbarov-del in #14964
- Fixed RGBA and HSLA inputs in color picker by @mtsymbarov-del in #15031
- Fixed Entity key autocomplete change check by @mtsymbarov-del in #15080
- Fixed a race condition causing the toast component by @mtsymbarov-del in #15071
- Fixed a race condition when init image map by @mtsymbarov-del in #15097
- Fixed default timewindow config in widget editor page by @vvlladd28 in #15108
- Removed pattern validation from name field on CF by @mtsymbarov-del in #15142
- Updated Ukrainian locale by @vvlladd28 in #15096
- Extend modules map: moment-timezone, canvas-gauges and ngx-hm-carousel added by @ChantsovaEkaterina in #15130
Transport
- Fixed Sparkplug BIRTH message validation for metrics with empty string values by @nickAS21 in #14760
Edge
- Event-sourced propagation for admin settings by @volodymyr-babak in #15050
Full Changelog: v4.3.0.1...v4.3.1
Contributors
volodymyr-babak, ikulikov, and 9 other contributors
Assets 5
ThingsBoard 4.2.2 Release
a5fdc71
This commit was signed with the committer’s verified signature.
What's Changed
Security
- Fixed CVE-2026-24734 and CVE-2025-66614 by @ViacheslavKlimov in #15076
- Fixed CVE-2025-7783, CVE-2026-26996 and CVE-2026-26960 by @vvlladd28 in #15079
- Fixed CVE-2026-27903 and CVE-2026-27904 by @vvlladd28 in #15109
- Added SSRF protection (must be enabled with SSRF_PROTECTION_ENABLED env) by @ViacheslavKlimov in #15123
- Fixed CWE-770 in Jackson Core (GHSA-72hv-8253-57qq) by @ViacheslavKlimov in #15124
- Fixed CVE-2026-27970 and CVE-2026-2391 by @vvlladd28 in #15128
- Fixed CVE-2026-2781 and CVE-2026-25646 for Docker images by @ViacheslavKlimov and @smatvienko-tb
Major UI
Core & Rule Engine
- Added Cassandra result set byte-size limit by @ViacheslavKlimov in #15058
- Fixed TBEL script execution failures on repeated runs by @ViacheslavKlimov in #15078
- Fixed blocking JPA queries on access-validator single thread by @dskarzh in #15101
- Fixed preservation of rule node execution counter in delay and deduplication nodes by @dskarzh in #15100
- Improved Apple OAuth2 mapper and refactored OAuth2 client validation by @ViacheslavKlimov in #15120
- Fixed infinite loop when rule chain input node forwards to its own rule chain by @smatvienko-tb in #15102
- Made max WS message size configurable by @DmytroKhylko in #15116
UI
- Extend modules map: moment-timezone, canvas-gauges and ngx-hm-carousel added by @ChantsovaEkaterina in #15130
- Fixed Redirect Url encoding by @mtsymbarov-del in #14985
- Fixed Popover placement for Marker, Polygon and Circle overlay config by @mtsymbarov-del in #14978
- Fixed adaptive in mail server configuration by @vvlladd28 in #15018
- Fixed a race condition causing the toast component by @mtsymbarov-del in #15071
- Fixed a race condition when init image map by @mtsymbarov-del in #15097
- Removed pattern validation from name field on CF by @mtsymbarov-del in #15142
Transport
- Fixed Sparkplug BIRTH message validation for metrics with empty string values by @nickAS21 in #14760
Edge
- Event-sourced propagation for admin settings by @volodymyr-babak in #15050
Full Changelog: v4.2.1.2...v4.2.2
Contributors
volodymyr-babak, ikulikov, and 8 other contributors
Assets 5
ThingsBoard 4.3.0.1 Release
What's Changed
Security
- Fixed CVE-2025-69420 and CVE-2025-69419 for Docker images by @ViacheslavKlimov and @smatvienko-tb
- Fixed CVE-2026-22610 by @vvlladd28 in #14865
Core & Rule Engine
- Fixed propagation path updates handling for propagation CF by @ShvaykaD in #14853
- Fixed unnecessary database updates for disabled users during failed login by @AndriiLandiak in #14751
UI
- Updated locales el_GR, es_ES, hi_IN, nl_NL, no_NO by @vvlladd28 in #14920
- Fixed form settings in Send RPC and Segmented Button widgets by @mtsymbarov-del in #14863
- Fixed help link for API key by @vvlladd28 in #14864
- Removed required from "Current Customer" field in entity alias by @mtsymbarov-del in #14816
- Fixed missing '%' character in alias help text by @mtsymbarov-del in #14903
- Fixed default settings in API Usage widget by @mtsymbarov-del in #14909
- Fixed padding in Range Chart and Bar Chart with label widgets when overlay enabled by @mtsymbarov-del in #14895
- Fixed errors when public user views alarm comments by @mtsymbarov-del in #14922
- Fixed errors in alarm rules by @ArtemDzhereleiko in #14941
- Fixed race condition during Power Button widget initialization by @mtsymbarov-del in #14925
Full Changelog: v4.3...v4.3.0.1
Contributors
ShvaykaD, vvlladd28, and 5 other contributors
Assets 5
ThingsBoard 4.2.1.2 Release
What's Changed
Security
- Fixed CVE-2025-68973, CVE-2025-6020, CVE-2025-13601, CVE-2025-69420, CVE-2026-21945, CVE-2025-69419 and CVE-2026-21932 for Docker images by @ViacheslavKlimov and @smatvienko-tb
- Fixed CVE-2026-22610 by @vvlladd28 in #14865
- Fixed CVE-2025-15284 by @vvlladd28 in #14729
Core & Rule Engine
- Added Redis ACL (username) authentication support by @AndriiLandiak in #14743
- Fixed invalid finish ts for jobs with zero tasks in task manager by @ViacheslavKlimov in #14728
- Fixed entity data query for sysadmin by @dashevchenko in #14564
- Fixed partition cleanup for non-public PostgreSQL schemas by @AndriiLandiak in #14631
- Fixed SMS usage state when disabled in tenant profile by @dashevchenko in #14792
- Fixed unnecessary database updates for disabled users during failed login by @AndriiLandiak in #14751
Transport
- Fixed NPE for LwM2M client context after reboot by @nickAS21 in #14645
- Fixed CoAP Unicast/Multicast MID Conflict and Silent ACK Rejection by @nickAS21 in #14748
UI
- Fixed LwM2M bootstrap toggle not persisting "Add Bootstrap config" button state by @mtsymbarov-del in #14614
- Fixed map action panel hide when switching to another data layer by @vvlladd28 in #14746
- Fixed opening tenant profile autocomplete when "Create new" button is clicked by @mtsymbarov-del in #14804
- Fixed country autocomplete autofill and improved validation by @vvlladd28 in #14802
- Fixed missing '%' character in alias help text by @mtsymbarov-del in #14903
- Fixed padding in Range Chart and Bar Chart with label widgets when overlay enabled by @mtsymbarov-del in #14895
- Fixed errors when public user views alarm comments by @mtsymbarov-del in #14922
Full Changelog: v4.2.1.1...v4.2.1.2
Contributors
vvlladd28, nickAS21, and 5 other contributors
Assets 5
ThingsBoard 4.3 Release
What's Changed
Major improvements
- Alarm rules 2.0 by @ViacheslavKlimov in #14036
- Calculated fields:
- Geofencing by @ShvaykaD in #13857
- Propagation by @ShvaykaD in #14107
- Time series data aggregation by @irynamatveieva in #14253
- Related entities aggregation by @irynamatveieva in #14141
- Calculated field output strategies by @irynamatveieva in #14225
- API keys by @AndriiLandiak in #14074
- Enforced 2FA by @ViacheslavKlimov in #13629
- Set default base Docker image to thingsboard/openjdk25:trixie-slim by @ViacheslavKlimov in #14687
Minor improvements
Core & Rule Engine
- Added new entity field 'displayName' by @vvlladd28 in #14136
- Added JSON ts type support for bulk import by @dashevchenko in #13786
- Added API for tenant admins to delete the entire tenant by @dashevchenko in #14156
- Added support for alarm originator label and alarm details in notification templates by @AndriiLandiak in #14236
- Added 'PATCH' request method for 'rest api call' node by @volodymyr-babak in #14268
- Added more find-by-ids API endpoints by @artem-barysh-dev in #14355
- Added Redis ACL (username) authentication support by @AndriiLandiak in #14743
- Configurable response timeout for Rule Engine API requests by @devaskim in #13924
- Clear alarm node: async processing by @dskarzh in #13987
- Configurable Swagger docs expansion by @dashevchenko in #13863
- Entity name conflict strategies by @dashevchenko in #14118
- Removed redundant persistence of CF links by @dskarzh in #14310
- Prohibited blank relation types by @dskarzh in #13806
UI
- Added support for setting a custom image as the widget title by @deaflynx in #13972
- Added default language and unit system selection to user form by @deaflynx in #14101
- Added ability to upload dashboard JSON file for update by @LeoMorgan113 in #13949
- Added translation support for timestamp column in timeseries widgets by @mtsymbarov-del in #14009
- Added tooltip truncation to entity version restore header by @deaflynx in #14058
- Added "Show all" option for Columns to Display by @mtsymbarov-del in #14060
- Added color adjustment for table pagination icons by @mtsymbarov-del in #14105
- Added polylines support on map widget by @LeoMorgan113 in #14155
- Added queryParams support to mobile handler navigation action by @vvlladd28 in #14144
- Added ability to save pictures from Photo Camera widget to Image library by @mtsymbarov-del in #14153
- Added option to sort tab entities in alphabetical order by @mtsymbarov-del in #14159
- Added prevent whitespaces in string autocomplete by @ArtemDzhereleiko in #14315
- Added system alarm comments localization by @dashevchenko in #14336
- Added "Search propagated alarms" option to alarm count widget by @mtsymbarov-del in #14339
- Added new 6h and 8h time window intervals with improved default time window by @vvlladd28 in #14379
- Added autocomplete pattern support in title widgets by @mtsymbarov-del in #14142
- Added filters for audit log table by @mtsymbarov-del in #14262
- Added string autocomplete for telemetry device tab by @mtsymbarov-del in #14507
- Added debug events modal to rule chain elements by @mtsymbarov-del in #14513
- Added support for dynamic Y-axis limits determination in time series charts by @mtsymbarov-del in #14488
- Added ability to save time window selection as default for dashboard by @vvlladd28 in #14472
- Added Calculated fields page by @vvlladd28 in #14629
- Always display point symbol for single-point line charts by @vvlladd28 in #14357
- Always show time window in "Show on widget" feature by @vvlladd28 in #14511
- Added local hi_IN and updated locales da_DK, de_DE, fr_FR, it_IT, ja_JP, nl_NL, tr_TR by @vvlladd28 in #14845
- Enhanced alarm severity colors by @ArtemDzhereleiko in #14672
- Improved create new action for entity autocomplete by @ArtemDzhereleiko in #13840
- Improved mobile actions by @ArtemDzhereleiko in #13849
- Improved attribute dialog style by @LeoMorgan113 in #13982
- Improved version name overflow handling in version control by @mtsymbarov-del in #14335
- Improved user password fields validation by @mtsymbarov-del in #14362
- Improved Audit log and Event details dialog by @vvlladd28 in #14653
- Optimized timewindow size in dashboard configuration when saving by @ChantsovaEkaterina in #13753
- Optimized size of dashboards and widgets when saving by @vvlladd28 in #13690
- Updated API usage dashboard by @ArtemDzhereleiko in #13944
- Updated password expiration message for en-US locale by @ArtemDzhereleiko in #14322
- Updated login page layout by @vvlladd28 in #14562
- Refactored tb-logo as link in login, fullscreen dashboard and menu by @deaflynx in #14057
- Shared UI components for extension: tb-phone-input, tb-widget-button by @DmytroKhylko in #14279
- Shared UI components for extension: time-unit-input by @kalutkaz in #14684
Transport
Edge
- [Edge] Added AI model sync by @jekka001 in #13998
- Sync user and user credentials from Edge to Cloud by @volodymyr-babak in #14352
- Propagate entity deletions from edge to cloud (asset, device, dashboard, entity view) by @MazurenkoNick in #14447
- Avoid duplicate edge updates by @MazurenkoNick in #14489
- Edge Events - added merge and filter duplicates by @volodymyr-babak in #14603
Bug Fixes
Core & Rule Engine
- Fixed calculated fields search not working by @WangXin3 in #13878
- Fixed telemetry deletion for keys with comma by @dashevchenko in #14287
- Fixed error when uploading resources approximately larger than 15 MB by @AndriiLandiak in #14205
- Fixed invalid finish ts for jobs with zero tasks in task manager by @ViacheslavKlimov in #14728
- Fixed entity data query for sysadmin by @dashevchenko in #14564
- Fixed CVE-2025-15284 by @vvlladd28 in #14729
- Fixed partition cleanup for non-public PostgreSQL schemas by @AndriiLandiak in #146...
Contributors
wiwiwa, volodymyr-babak, and 23 other contributors
Assets 5
ThingsBoard 4.2.1.1 Release
Patch release with the following bug fixes:
What's Changed
Core & Rule Engine
- Fixed redundant credentials update event and device reconnect on bulk import by @AndriiLandiak in #14211
- Added validation that prohibits last tenant admin deletion by @dashevchenko in #14235
- Fixed check of pre-provisioned devices by @dashevchenko in #14062
- Fixed firmware update when the OTA package has a URL instead of a file by @dashevchenko in #14179
- Fixed error when using resources and templatization with GitHub Models AI provider by @dashevchenko in #14209
- Fixed some tenant admins not displayed in related group with EDQS by @dashevchenko in #14245
- Fixed XSS vulnerability for some entities by @dashevchenko in #14457
- Fixed invalid alarm status subscription updates by @dashevchenko in #14487
- Fixed NPE when evaluating dynamic duration rules in device profile node by @dskarzh in #13836
- Improved support of customer-owned entities in
customer attributesandchange originatorrule nodes by @dskarzh in #14244 - Updated AI models autocomplete options by @dskarzh in #14467
- Fixed incorrect CF calculation when same key is used across multiple arguments by @irynamatveieva in #14195
- Fixed timestamp handling for calculated field arguments with missing telemetry by @irynamatveieva in #14526
- Fixed processing of telemetry batch in calculated fields by @irynamatveieva in #14623
- Fixed last update ts handling for CF arguments by @ShvaykaD in #14499
- Fixed key dictionary race condition causing Hibernate to cache zero keyId in cluster mode by @ShvaykaD in #14536
- Improved task cancellation handling in task manager by @ViacheslavKlimov in #14264
- Fixed vulnerabilities by @ViacheslavKlimov in #14479
- Fixed and improved CF states restore by @ViacheslavKlimov in #14572
- Fixed Kafka topics cache by @ViacheslavKlimov in #14587
Transports
- Fixed occasional application startup failure due to SNMP transport init by @artem-barysh-dev in #14327
- Added ACK when Gateway connect goes wrong by @artem-barysh-dev in #14407
- Fixed firmware update by URL for LwM2M by @nickAS21 in #14241
- Fixed observe after reboot without unregistration for LwM2M by @nickAS21 in #14294
- Fixed NPE after reboot if sleep for LwM2M by @nickAS21 in #14403
- Fixed tb-node startup when MQTT SSL enabled but MQTT transport disabled by @smatvienko-tb in #14624
Edge
- Fixed customer unassignments in the dashboard during edge event processing by @MazurenkoNick in #14461
- Fixed events from different edges being mixed together in one queue by @MazurenkoNick in #14613
- Fixed dead Kafka consumer groups causing Edge sync failures by @volodymyr-babak in #14425
- Fixed infinite loop on Edge Kafka consumer commit failure by @volodymyr-babak in #14616
UI
- Fixed check connectivity request for AI models by @ArtemDzhereleiko in #14481
- Fixed TinyMCE out-positioned image source by @deaflynx in #14396
- Fixed JS module file encoding to include handling of special symbols by @DmytroKhylko in #14377
- Fixed filtering entity and alarm tables by @LeoMorgan113 in #14134
- Fixed validation for "Email" fields by @mtsymbarov-del in #14022
- Added ability to access logout button when hide toolbar option is enabled on dashboard by @mtsymbarov-del in #14048
- Fixed dialogs adjusting to the screen resolution by @mtsymbarov-del in #14085
- Added support for custom translations in LED Indicator widget title by @mtsymbarov-del in #14091
- Fixed i18n custom translation in Attributes Card widget in data post-processing function by @mtsymbarov-del in #14092
- Fixed widget entity alias empty entity list field by @mtsymbarov-del in #14140
- Added alarm type list key translations by @mtsymbarov-del in #14143
- Added support for custom translations in the dashboard user filters dialog by @mtsymbarov-del in #14151
- Added draggable overlay option on map widget settings by @mtsymbarov-del in #14185
- Fixed misspelling in Entity views Time series data section by @mtsymbarov-del in #14248
- Fixed subscriptSizing of phone input by @mtsymbarov-del in #14261
- Fixed typo in get queue statistics request method by @mtsymbarov-del in #14296
- Fixed deleted user IDs remaining in Notification recipient user list by @mtsymbarov-del in #14297
- Fixed parse function calling for control widgets by @mtsymbarov-del in #14298
- Fixed profile saves triggers the saved configuration without changes by @mtsymbarov-del in #14569
- Fixed mutation in mergeDeepIgnoreArray function by @mtsymbarov-del in #14615
- Fixed incorrect error height of timeout message by @vvlladd28 in #14392
- Updated Lietuvių (Lithuanian) transla...
Contributors
volodymyr-babak, ShvaykaD, and 15 other contributors