Route all parse-failure throws through a single parseFailure(action, itemType[, section], cause) helper so the user-facing wording lives in one place and update paths share the template with install paths.
Align the four entity table "Add from IoT Hub" descriptors (devices,
rule chains, calculated fields, widget types) with the new hub icon
already used by the IoT Hub menu and breadcrumb. Drops the old
`store` glyph that no longer matches the rest of the IoT Hub UI.
- IotHubRestClient.getVersionFileData now streams the response and
enforces a configurable size cap (iot-hub.max-file-data-size-bytes,
env IOT_HUB_MAX_FILE_DATA_SIZE_BYTES, default 100 MiB). Oversized
payloads are rejected up front via Content-Length and mid-stream
for chunked transfers, preventing OOMs from unknown bodies.
- DefaultIotHubService guards every iotHubRestClient.getVersionInfo
call against a null response, and rejects update attempts where
the installed item's type does not match the new version's type
("Installed item type does not match the new version's item type.").
Solution-template descriptor is also populated with
tenantTelemetryKeys / tenantAttributeKeys captured during install.
Drops the empty updateDeviceProfile stub.
- Add a tenant-scoped findByTenantIdAndId + deleteByTenantIdAndId to
IotHubInstalledItemDao (and the bulk deleteByTenantIdAndIdIn JPA
query). IotHubInstalledItemServiceImpl now uses these so reads
and deletes always honour the tenant boundary.
- Database: add lts schema_update.sql + schema-entities-idx.sql
indexes on iot_hub_installed_item(tenant_id),
(tenant_id, item_type), and (tenant_id, item_id) for the new
tenant-scoped lookups.
- DefaultSolutionService: minor cleanup touched alongside.
- .gitignore trailing-newline fix; remove stale superpowers
plan/spec docs that have been folded into the implementation.
- New input[matAutocomplete]/textarea[matAutocomplete] directive
that keeps an open MatAutocomplete panel attached to its anchor
while the page scrolls or the window resizes: tracks the
input's visibility via IntersectionObserver and re-requests
panel position (or closes the panel when off-screen) when the
nearest scroll container or window emits a resize/scroll event.
- Declare and export the directive from SharedModule so it lights
up across every screen that uses mat-autocomplete.
- Drop the transparent backdrop from
MAT_AUTOCOMPLETE_DEFAULT_OPTIONS (the directive now handles
scroll-and-resize repositioning, so the backdrop-driven outside-
click close is no longer needed) and keep the existing
hideSingleSelectionIndicator default.
Add a DEVICE arm to getInstalledItemUrl so device-installs link to
their generated dashboard (descriptor.dashboardId / EntityType.DASHBOARD),
matching the existing SOLUTION_TEMPLATE handling instead of falling
through to no URL.
Bump the installed-items table .mat-column-createdTime width
from 100px to 160px so the new "MMM d, y, h:mm a" format
(introduced when the column started showing the install time)
fits without wrapping or ellipsis.
Switch the createdTime column formatter from 'mediumDate' (date
only) to the custom pattern 'MMM d, y, h:mm a' so each row also
surfaces the install time. Angular's built-in 'medium' alias was
not used because it includes seconds.
- Guard the helper against a missing descriptor by short-circuiting
to null up front instead of letting the switch crash on
`undefined.type`.
- Expand the inline single-line `case 'X': … break;` arms in the
switch so each branch reads on its own line, matching the
formatting of the already-multi-line CALCULATED_FIELD /
ALARM_RULE arms.
- Add a single getInstalledItemUrl(descriptor) helper to
iot-hub-installed-item.models that maps every descriptor type
(WIDGET / DASHBOARD / CALCULATED_FIELD / ALARM_RULE / RULE_CHAIN /
SOLUTION_TEMPLATE) to its entity-details URL via the shared
getEntityDetailsPageURL utility, appending `?selectedTab=cf` for
calculated-field installs so the entity tabs page lands on the CF
tab on first paint.
- Drop the parallel resolveEntityDetailsUrl helper +
iot-hub-components.models.ts file and rewire every installed-item
open path (install dialog, update dialog, installed-items table,
item detail dialog) to call getInstalledItemUrl. Installed-items
table openEntity collapses to parseUrl + serializeUrl on the
helper's output now that any selectedTab is part of the URL.
- Teach EntityDetailsPageComponent to honour a `selectedTab=…`
query param: read it from the current route on entityId change,
strip it (replaceUrl) so refresh doesn't keep jumping the tab,
then resolve a tab index via the new
EntityTabsComponent.resolveTabIndex(tab) hook. Asset, device,
asset-profile, and device-profile tabs override the hook to map
the `cf` shortcut to their respective Calculated Fields tab
position; other entities fall back to index 0.
- EntityDetailsPanelComponent now applies this.selectedTab to the
underlying MatTabGroup both when the entity-tabs query list
refreshes and after view init, so the initial tab matches the
resolved index instead of staying on 0.
- Add a `showOverflowedTitle` boolean input (defaults to false,
coerceBoolean-decorated) to ChipOverflowDirective. When true and
hiddenCount > 0, the overflow `+N` chip gets a `title` attribute
set to the comma-joined trimmed textContent of every overflowing
chip, surfacing them via the native browser tooltip. When the
flag is off, no items overflow, or hiddenCount drops back to
zero, the title attribute is removed.
- Keep `pointer-events` in sync with the title so the native
tooltip actually fires: remove `pointer-events: none` while a
title is present; reapply it otherwise (matches the initial
state set in createOverflowChip).
- Opt the IoT Hub item detail dialog's three tb-chip-overflow
meta-chip groups (connectivity, categories, use-cases) into
showOverflowedTitle so hovering the `+N` chip lists the hidden
values.
- TbIotHubMarkdownComponent.parseData now runs through a
forceLinksOpenInNewTab post-pass that (a) appends the
{:target="_blank"} suffix to the TEXT of any markdown link
[text](url) that doesn't already carry it, matching the
MarkedOptionsService.renderer.link contract that strips the
suffix and rewrites the <a> with target="_blank", and (b)
injects target="_blank" into raw <a ...> HTML anchors that
don't already declare a target= attribute. Image syntax
 is excluded via lookbehind.
- iot-hub-markdown SCSS narrows the link styling selector to
a:not(.mdc-button):not(.tb-iot-hub-item-link-card) so the
embedded item-link card anchor keeps its own typography.
- iot-hub-item-link-card now renders a verified icon (teal
#00695c via a new tb-iot-hub-item-link-verified-icon class)
when item.creatorVerified is true, matching the item-card
treatment; the default person icon is used otherwise.
- Add itemTypeIcons + getItemTypeIcon helper to
iot-hub-item.models, mirroring mp-item.models in the iot-hub
project: widgets / dashboard / apps / mdi:function-variant /
settings_ethernet / mdi:bell-cog / devices_other with `category`
as the fallback.
- Replace every hand-rolled item-type → icon switch with calls to
getItemTypeIcon: item detail dialog (getTypeIcon / getCompactIcon
fallback path), installed-items table (getItemTypeIcon),
iot-hub-home (getCompactIcon / getItemTypeIcon), item-card
(getPlaceholderIcon default + per-type fallbacks), item-link-card
(getCompactIcon / getTypeIcon).
- Swap the remaining mat-icon placeholders that render an item-type
icon to tb-icon (installed-items table chip, home search popup
thumb placeholder, item-link-card thumb fallback). Generic
status / action icons stay on mat-icon.
- Refresh the colored item-type chip palette in the installed
items table to match itemTypeChipColors from mp-item.models, and
add the previously-missing tb-type-alarm-rule rule so that chip
picks up the new orange palette instead of falling through to no
background.
Treat DEVICE, CALCULATED_FIELD, ALARM_RULE, and RULE_CHAIN as
count-based item types in maybeOpenDeepLinkedItem: all four resolve
via getInstalledItemCounts(this.config.type) and pass only { count }
to openItemDetail. Singular-entity types (widgets, dashboards,
solution templates) still go through resolveInstalledItem and pass
{ installed }.
Collapse maybeOpenDeepLinkedItem into a single openItemDetail call.
Devices resolve via getInstalledItemCounts and pass only the
{ count } for the deep-linked itemId; every other type resolves via
resolveInstalledItem and passes only the matching { installed }
entity (no more synthetic 0/1 count for non-device types).
Bring the same fetch-failure UI to every IoT Hub surface (browse,
search, home, creator profile) so all of them recover gracefully
from network / server outages instead of dead-ending on a global
error toast or a hard redirect.
- Add a tb-no-service-bg global utility in form.scss that mirrors
tb-no-data-bg but renders /assets/home/no-service.svg (copied
from thingsboard.io). Same primary-color mask treatment, so PE
builds retint without re-exporting the asset.
- Add hasError / retryTimer state to the four affected components
and switch their data calls to ignoreErrors: true so the global
toast no longer fires. hasError flips to true on error, stays
true while retries are pending, and is only cleared in the
`next` callback of the next request that actually succeeds.
- Add retryLoad* helpers (retryLoadItems / retryLoadResults /
retryLoadPopularItems / retryLoadCreator) that set isLoading=true
immediately and schedule the real load via a 350ms setTimeout so
rapid-fire retry clicks coalesce into one network round-trip.
- Search component drops the inline switchMap-on-searchSubject path
and pipes the debounced subject straight into loadResults() so
search-triggered loads go through the same error / spinner /
retry plumbing.
- Render the error block consistently across surfaces: in browse
and search inside their respective results container, on the
home page right after the category cards, on the creator profile
as the whole page body (replacing the old router.navigate to
/iot-hub). Each block uses .tb-no-service-bg + the new
iot-hub.network-server-unavailable / -text / try-again locale
keys and binds the primary button to the matching retryLoad*
method.
- Add the matching .tb-iot-hub-empty-state typography (18/500
title, 14/0.54 body, 24px button gap) to the home and creator
profile SCSS so the wrapper matches the layout already used in
browse / search.
Also pick up an unrelated dashboard-widget-select adjustment touched
in the same workspace.
- Drop the DEVICE-only `tb-iot-hub-card-preview-device` /
`dlg-preview-device` variants in the item card and item detail
dialog. The previously-special white-background-with-border treatment
is gone — device previews now reuse the same dot-pattern background
as widgets / solution templates for a consistent look.
- In the home-page iot-hub widget, fold the
`tb-iot-hub-widget-card-image-pattern` modifier into the base
`.tb-iot-hub-widget-card-image` so every preview card already paints
the dot pattern (no opt-in class required).
- Rename `.tb-search-categories` to `.tb-results-container` across
the iot-hub-search component / search page / creator profile pages
so the wrapper class better reflects what it actually contains
(browse / search results) and stays consistent between the search
component and the screens that embed it.
- Pick up incidental browse / search component html / scss tweaks
touched alongside the rename.
- Provide a scoped Angular ErrorHandler on the dynamic component's
injector in HtmlContainerWidgetComponent so template-runtime
exceptions raised inside user-authored Angular templates flow
through handleWidgetException instead of crashing the global
Angular ErrorHandler.
- Add `ctx.invokeAction($event, actionName, additionalParams?)` to
WidgetActionsApi / WidgetComponent and a `WidgetDestroyCallback` +
ctx.registerDestroyCallback() API on WidgetContext (callbacks run
in registration order on destroy, errors per-callback are caught
so one bad cleanup doesn't break the rest).
- Surface widget actions on the HTML Container basic config: render
tb-widget-actions-panel with the new strokedPanel input below
the html-container settings, and register a default "JavaScript"
multi-action source on the html_container widget JSON.
- Expand the widget-completion docs for `registerDestroyCallback`
(when it fires, what to use it for, lifecycle semantics, exact
callback signature `() => void`) and for `invokeAction`'s
`additionalParams` arg (forwarded to the configured JS action
handler, common payload examples).
Netty 4.1.133.Final introduced a regression in MqttDecoder while fixing
CVE-2026-44248: when multiple MQTT packets are present in the same
cumulation buffer, the per-message size check used the total buffer size
instead of the current packet's declared remaining length. Valid in-limit
packets get rejected with TooLongFrameException("message length exceeds
65536: <small number>"). Fixed upstream by netty/netty#16787 and ported
to 4.1 as netty/netty@30f8f284db, released in 4.1.134.Final.
- Add a public listing item-version endpoint to IotHubApiService
(GET /api/listings/public/by-slug/{slug}/item-version?ce=true&
tbVersion=N) returning MpItemVersionView, with the new
ListingItemVersionNotFound shape capturing the documented 404
bodies (noMatchingVersions / peRequired / minTbVersionRequired).
- Wire a tbVersionIntToString helper alongside the existing
tbVersionToInt so the dialogs can render the resolved versions
compactly (430 → "4.3", 421 → "4.2.1").
- Route /iot-hub/listing/:slug to TbIotHubItemResolverComponent.
Resolver picks the slug path first, dispatches the 404 bodies to
three handlers: noMatchingVersions reuses the existing
deep-link-not-found notification, peRequired opens a new dialog,
minTbVersionRequired opens another with the resolved min version.
- New TbIotHubPeRequiredDialogComponent renders the "Professional
Edition required" prompt and TbIotHubUpgradeRequiredDialogComponent
renders the "ThingsBoard upgrade required" prompt. Both reuse a
single upgrade-required.svg asset (Figma export) tinted via CSS
mask + background-color so the PE accent inherits without touching
the asset. The shared "Upgrade instance" button links to the right
upgrade doc per dialog.
- New TbIotHubAlarmRulesUnavailablePageComponent replaces
TbIotHubItemsPageComponent on /iot-hub/alarm-rules. It mirrors the
iot-hub-home glow-blob + dot-pattern background (alarm-rule
accent), renders the alarm-rules hero, a 28px title with the
primary "Thingsboard v4.3" span, the description, an Upgrade
instance link (https://thingsboard.io/docs/installation/upgrade-
instructions/), Back to IoT Hub, and the current platform version
read from env.tbVersion.
- Locale: pe-required-title / pe-required-message (bolded "Professional
Edition" / "Community Edition"), upgrade-required-title /
upgrade-required-message (bolded interpolations), and the alarm-
rules-unavailable-* keys for the new page.
- Group the slide-toggle and the conditionally rendered profile
pickers in a single bordered card via tb-form-panel.stroked,
matching the 4.3 entity-aggregation 'Apply await timeout' pattern.
- Set the toggle's class to 'mat-slide flex' to match the canonical
TB idiom; switch the tooltip label to plain interpolation.
- Restore the trailing '?' in install-confirm-title — the confirm
step is still a real confirmation question for item types that
don't go through the select-entity flow.
CF and Rule Chain installs now open directly into the selection form,
skipping the prior "Install?" confirmation step. Rule Chain uses a
single "Set as profile default rule chain" toggle that reveals the
profile pickers when enabled, replacing the previous two-button
design. The overwrite-confirmation step is preserved.
Follow-up to #15645.
- Move the widget-types table add-action descriptors from the
constructor into resolve() and gate "Add from IoT Hub" so it
only appears for TENANT_ADMIN; sys-admins keep just the
create-new / import options.
- Swap the iot_hub system widget JSON to its own dedicated image
resource (iot_hub_system_widget_image.png) instead of reusing the
dashboards placeholder, with the matching link / title /
fileName / publicResourceKey / base64 data and reformatted tags
block.
Extend the IoT Hub install dialog so installing a rule chain can also set
it as the Default rule chain on a Device or Asset profile in one step.
The confirm step shows three actions: Cancel, Install (creates the chain
without targeting any profile), and Set for profile (opens a picker step).
The picker step has Cancel, Back, and Install — confirming with a profile
that already has a non-null defaultRuleChainId routes through a
confirm-overwrite step before replacing it. CALCULATED_FIELD keeps its
existing single-button flow unchanged.
Backend:
* RuleChainInstalledItemDescriptor gains a nullable EntityId
targetProfileId field, persisted in the existing descriptor JSON column
(no schema migration; @JsonIgnoreProperties(ignoreUnknown=true) handles
pre-existing rows).
* DefaultIotHubService.installRuleChain() now accepts SecurityUser and
JsonNode data; a new setAsDefaultRuleChain() helper applies the chain
as Default rule chain on the selected DEVICE_PROFILE or ASSET_PROFILE
via the existing tbDeviceProfileService / tbAssetProfileService save
paths (so the change shows up in the tenant audit log as a normal
profile update).
Frontend:
* iot-hub-install-dialog.component grows a per-ItemType selectEntityConfig
map, a 'confirm-overwrite' state, and the methods
installAsEntityProfileDefault, selectEntityBack, resolveOverwrite,
confirmOverwriteReplace, confirmOverwriteCancel.
* tb-entity-select gets a 512px min-width above the gt-sm breakpoint so
the picker renders at a consistent width regardless of the prompt text
length (mirrors the pattern in recipient-notification-dialog).
* New i18n keys: rule-chain-install-desc, rule-chain-install-as-default,
select-profile-for-rule-chain, rule-chain-overwrite-title,
rule-chain-overwrite-body, rule-chain-overwrite-replace.
The form rendering for the SHOW_FORM step was inline in the dialog template.
Extract it into a presentation-only InstallFormRendererComponent next to the
dialog. The dialog now binds [fields], [formGroup], [resolveImagePath], and
[reviewMode] inputs.
[reviewMode] consolidates the previous dialog-side passwordVisible[key]=true
assignment into the renderer's own state — the dialog no longer needs to
track per-field password visibility.
Layout mirrors thingsboard-pe so changes propagate cleanly between branches.
The form rendering for the SHOW_FORM step was inline in the dialog template.
Extract it into a presentation-only InstallFormRendererComponent next to the
dialog. The dialog now binds [fields], [formGroup], [resolveImagePath], and
[reviewMode] inputs.
[reviewMode] consolidates the previous dialog-side passwordVisible[key]=true
assignment into the renderer's own state — the dialog no longer needs to
track per-field password visibility.
Layout mirrors thingsboard-pe so changes propagate cleanly between branches.
- ${images.gallery(...)} accepts JS-style image objects
({src, alt?, caption?}) that may span multiple lines and contain
whitespace inside the gallery brackets. Captions go through a
whitelist sanitiser (b/strong/i/em/u/s/mark/small/sub/sup/br/code/
span with class+style only — style values containing
expression()/javascript:/url() are dropped) so authors can use
inline markup without exposing XSS.
- Promote escapeHtml / escapeHtmlAttr to exported helpers in
iot-hub-markdown.utils, add the new sanitizeInlineHtml. Drop the
duplicate copies (and the now-unused DocLinks helpers + buildDocLinkButton)
from shared/models/iot-hub/device-package.models.
- Move the PhotoSwipe wiring out of TbIotHubMarkdownComponent into a
reusable tbPhotoSwipeGallery shared directive, declared/exported
by SharedModule. The component now just renders the
data-attributed wrapper and the directive lazy-binds PhotoSwipe.
- Tighten the gallery layout: 200px-min auto-fill grid, 8px vertical
margins, hover border swapped to the shared #2a7dec accent token.
Two test layers covering the controller surface that the JVN PoC uses:
Java unit (Spring MockMvc):
RuleChainControllerTest#testScriptForbiddenForCustomer asserts a
customer JWT against POST /api/ruleChain/testScript returns 403,
locking in the existing @PreAuthorize('TENANT_ADMIN') guard.
Black-box (live docker-compose):
JsExecutorSandboxIsolationTest#testRuleChainScriptCannotReachHostProcess
posts the JVN exploit payload as a tenant admin and asserts the
response carries error='process is not defined'. End-to-end through
tb-node -> Kafka -> tb-js-executor with use_sandbox=true.
Registered the new org.thingsboard.server.msa.security package in
the connectivity TestNG suite so the black-box runner picks it up.
Added a thin TestRestClient.testRuleChainScript() helper.
Four test cases under describe('js-executor'):
- sandbox isolates args from host realm (JVN#16937365 — regression guard)
- sandbox passes string args through unchanged
- non-sandbox path does not isolate from host realm (documented contract)
- non-sandbox path passes string args through unchanged
Tests use Node's built-in node:test + node:assert (zero new devDependencies;
ts-node was already there). Two npm scripts:
test — spec output for local dev
test:ci — spec to stdout + Node's built-in junit reporter to
target/surefire-reports/TEST-js-executor.xml
Wired 'yarn test:ci' into the Maven 'test' phase via frontend-maven-plugin,
so 'mvn test -pl=msa/js-executor' produces JUnit XML that TeamCity's
Maven runner auto-discovers under the 'js-executor' suite name.
TEST_FAST.md picks up the same step.
tsconfig excludes test/ from the production pkg bundle.
Igor Kulikov
Maksym Tsymbarov
Viacheslav Klimov
Andrew Shvayka
Andrii Landiak
dashevchenko
dshvaika
dpinkevych
Vladyslav Prykhodko
Sergey Matvienko