Upgrade The Things Stack Cloud to v3.15.2
Scheduled Maintenance Report for The Things Industries
Completed
The scheduled maintenance has been completed.
Posted Oct 26, 2021 - 11:30 CEST
In progress
Scheduled maintenance is currently in progress. We will provide updates as necessary.
Posted Oct 26, 2021 - 09:30 CEST
Scheduled
During this maintenance window we will upgrade The Things Stack Cloud to v3.15.2.

We do not expect noticeable downtime during this deployment.

Here is the changelog since the current version v3.15.1:

### Added

- `tls.cipher-suites` config option to specify used cipher suites.
- Support for enhanced security policies of Packet Broker services.
- Handling of MAC and PHY versions in end device forms based on selected frequency plan in the Console.
- Support for scheduling downlink messages as JSON in the Console.
- Support for Packet Broker authentication through LoRaWAN Backend Interfaces. This adds the following configuration options:
- `interop.public-tls-address`: public address of the interop server. The audience in the incoming OAuth 2.0 token from Packet Broker is verified against this address to ensure that other networks cannot impersonate as Packet Broker;
- `interop.packet-broker.enabled`: enable Packet Broker to authenticate;
- `interop.packet-broker.token-issuer`: the issuer of the incoming OAuth 2.0 token from Packet Broker is verified against this value.
- Support for LoRaWAN Backend Interfaces in Identity Server to obtain an end device's NetID, tenant ID and Network Server address with the use of a vendor-specifc extension (`VSExtension`). This adds the following configuration options:
- `is.network.net-id`: the NetID of the network. When running a Network Server, make sure that this is the same value as `ns.net-id`.
- `is.network.tenant-id`: the Tenant ID in the host NetID. Leave blank if the NetID that you use is dedicated for this Identity Server.
- Configuration option `experimental.features` to enable experimental features.
- Tooltip descriptions for "Last activity" values (formerly "Last seen") and uplink/downlink counts in the Console.
- Status pulses being triggered by incoming data in the Console.
- Packet broker page crashing when networks with a NetID of `0` are present.
- Allowing to toggle visibility of sensitive values in text inputs in the Console.
- Webhook failed event.

### Changed

- Searching for entity IDs is now case insensitive.
- Renamed entitie's "Last seen" to "Last activity" in the Console.
- The database queries for determining the rights of users on entities have been rewritten to reduce the number of round-trips to the database.
- The default downlink path expiration timeout for UDP gateway connections has been increased to 90 seconds, and the default connection timeout has been increased to 3 minutes.
- The original downlink path expiration timeout was based on the fact that the default `PULL_DATA` interval is 5 seconds. In practice we have observed that most gateways actually send a `PULL_DATA` message every 30 seconds instead in order to preserve data transfer costs.
- The default duration for storing (sparse) entity events has been increased to 24 hours.

### Removed

- Option to select targeted stack components during end device import in the Console.

### Fixed

- LoRaWAN Backend Interfaces 1.1 fields that were used in 1.0 (most notably `SenderNSID` and `ReceiverNSID`). Usage of `NSID` is now only supported with LoRaWAN Backend Interfaces 1.1 as specified.
- Registering and logging in users with 2 character user IDs in the Account App.
- Frequency plan display for the gateway overview page in the Console.
- Frequency plan showing as `n/a` in the Console after creating a new gateway with assigned frequency plan.
- Header logo flickering in the Console when using Safari browser.
- Profile settings link not being present in the mobile menu in the Console.
- Calculation of "Last activity" values not using all available data in the Console.
- Layout jumps due to length of "Last activity" text.
- Invalid `session` handling in Network Layer settings form in the Console.

### Security

- Network Servers using LoRaWAN Backend Interfaces to interact with the Join Server can now provide a single Network Server address in the X.509 Common Name of the TLS client certificate (the old behavior) or multiple Network Server addresses in the X.509 DNS Subject Alternative Names (SANs). DNS names have precedence over an address in the Common Name.
Posted Oct 22, 2021 - 16:14 CEST
This scheduled maintenance affected: The Things Stack Cloud (Europe 1 (eu1), North America 1 (nam1), Australia 1 (au1)).