Thingsboard v4.3.1 Release Notes
Release Date: 2026-03-10 // 3 months ago-
What's Changed
🔒 Security
- 🛠 Fixed CVE-2026-24734 and CVE-2025-66614 by @ViacheslavKlimov in #15076
- 🛠 Fixed CVE-2025-7783, CVE-2026-26996 and CVE-2026-26960 by @vvlladd28 in #15079
- 🛠 Fixed CVE-2026-27903 and CVE-2026-27904 by @vvlladd28 in #15109
- Added SSRF protection (must be enabled with SSRF_PROTECTION_ENABLED env) by @ViacheslavKlimov in #15123
- 🛠 Fixed CWE-770 in Jackson Core (GHSA-72hv-8253-57qq) by @ViacheslavKlimov in #15124
- 🛠 Fixed CVE-2026-27970 and CVE-2026-2391 by @vvlladd28 in #15128
- 🛠 Fixed CVE-2026-2781, CVE-2026-25646, CVE-2026-21945 and CVE-2026-21932 for Docker images by @ViacheslavKlimov and @smatvienko-tb
💻 Major UI
Core & Rule Engine
- 🛠 Fixed getTimeseries API (/{entityType}/{entityId}/values/timeseries) by @dashevchenko in #15054
- ➕ Added Cassandra result set byte-size limit by @ViacheslavKlimov in #15058
- 🛠 Fixed TBEL script execution failures on repeated runs by @ViacheslavKlimov in #15078
- 🛠 Fixed blocking JPA queries on access-validator single thread by @dskarzh in #15101
- 🛠 Fixed preservation of rule node execution counter in delay and deduplication nodes by @dskarzh in #15100
- 👌 Improved Apple OAuth2 mapper and refactored OAuth2 client validation by @ViacheslavKlimov in #15120
- 🛠 Fixed infinite loop when rule chain input node forwards to its own rule chain by @smatvienko-tb in #15102
- 🔧 Made max WS message size configurable by @DmytroKhylko in #15116
💻 UI
- 🛠 Fixed Redirect Url encoding by @mtsymbarov-del in #14985
- 🛠 Fixed loading and placement of Material icons by @mtsymbarov-del in #14959
- 🛠 Fixed Popover placement for Marker, Polygon and Circle overlay config by @mtsymbarov-del in #14978
- 🛠 Fixed adaptive in mail server configuration by @vvlladd28 in #15018
- 🛠 Fixed Range and Bar chart limits setup by @mtsymbarov-del in #14964
- 🛠 Fixed RGBA and HSLA inputs in color picker by @mtsymbarov-del in #15031
- 🛠 Fixed Entity key autocomplete change check by @mtsymbarov-del in #15080
- 🛠 Fixed a race condition causing the toast component by @mtsymbarov-del in #15071
- 🛠 Fixed a race condition when init image map by @mtsymbarov-del in #15097
- 🛠 Fixed default timewindow config in widget editor page by @vvlladd28 in #15108
- ✂ Removed pattern validation from name field on CF by @mtsymbarov-del in #15142
- ⚡️ Updated Ukrainian locale by @vvlladd28 in #15096
- Extend modules map: moment-timezone, canvas-gauges and ngx-hm-carousel added by @ChantsovaEkaterina in #15130
Transport
- 🛠 Fixed Sparkplug BIRTH message validation for metrics with empty string values by @nickAS21 in #14760
Edge
- Event-sourced propagation for admin settings by @volodymyr-babak in #15050
Full Changelog : v4.3.0.1...v4.3.1
Previous changes from v4.3
-
What's Changed
Major improvements
- 📄 Alarm rules 2.0 by @ViacheslavKlimov in #14036
-
- Geofencing by @ShvaykaD in #13857
- Propagation by @ShvaykaD in #14107
- Time series data aggregation by @irynamatveieva in #14253
- Related entities aggregation by @irynamatveieva in #14141
📄 Calculated field output strategies by @irynamatveieva in #14225
🔒 API keys by @AndriiLandiak in #14074
📄 Enforced 2FA by @ViacheslavKlimov in #13629
🐳 Set default base Docker image to thingsboard/openjdk25:trixie-slim by @ViacheslavKlimov in #14687
Minor improvements
Core & Rule Engine
- ➕ Added new entity field 'displayName' by @vvlladd28 in #14136
- ➕ Added JSON ts type support for bulk import by @dashevchenko in #13786
- ➕ Added API for tenant admins to delete the entire tenant by @dashevchenko in #14156
- ➕ Added support for alarm originator label and alarm details in notification templates by @AndriiLandiak in #14236
- ➕ Added 'PATCH' request method for 'rest api call' node by @volodymyr-babak in #14268
- ➕ Added more find-by-ids API endpoints by @artem-barysh-dev in #14355
- ➕ Added Redis ACL (username) authentication support by @AndriiLandiak in #14743
- 🔧 Configurable response timeout for Rule Engine API requests by @devaskim in #13924
- Clear alarm node: async processing by @dskarzh in #13987
- 🔧 Configurable Swagger docs expansion by @dashevchenko in #13863
- Entity name conflict strategies by @dashevchenko in #14118
- ✂ Removed redundant persistence of CF links by @dskarzh in #14310
- Prohibited blank relation types by @dskarzh in #13806
💻 UI
- ➕ Added support for setting a custom image as the widget title by @deaflynx in #13972
- ➕ Added default language and unit system selection to user form by @deaflynx in #14101
- ➕ Added ability to upload dashboard JSON file for update by @LeoMorgan113 in #13949
- ➕ Added translation support for timestamp column in timeseries widgets by @mtsymbarov-del in #14009
- ➕ Added tooltip truncation to entity version restore header by @deaflynx in #14058
- ➕ Added "Show all" option for Columns to Display by @mtsymbarov-del in #14060
- ➕ Added color adjustment for table pagination icons by @mtsymbarov-del in #14105
- ➕ Added polylines support on map widget by @LeoMorgan113 in #14155
- ➕ Added queryParams support to mobile handler navigation action by @vvlladd28 in #14144
- ➕ Added ability to save pictures from Photo Camera widget to Image library by @mtsymbarov-del in #14153
- ➕ Added option to sort tab entities in alphabetical order by @mtsymbarov-del in #14159
- ➕ Added prevent whitespaces in string autocomplete by @ArtemDzhereleiko in #14315
- ➕ Added system alarm comments localization by @dashevchenko in #14336
- ➕ Added "Search propagated alarms" option to alarm count widget by @mtsymbarov-del in #14339
- ➕ Added new 6h and 8h time window intervals with improved default time window by @vvlladd28 in #14379
- ➕ Added autocomplete pattern support in title widgets by @mtsymbarov-del in #14142
- ➕ Added filters for audit log table by @mtsymbarov-del in #14262
- ➕ Added string autocomplete for telemetry device tab by @mtsymbarov-del in #14507
- ➕ Added debug events modal to rule chain elements by @mtsymbarov-del in #14513
- ➕ Added support for dynamic Y-axis limits determination in time series charts by @mtsymbarov-del in #14488
- ➕ Added ability to save time window selection as default for dashboard by @vvlladd28 in #14472
- ➕ Added Calculated fields page by @vvlladd28 in #14629
- Always display point symbol for single-point line charts by @vvlladd28 in #14357
- Always show time window in "Show on widget" feature by @vvlladd28 in #14511
- ⚡️ Added local hi_IN and updated locales da_DK, de_DE, fr_FR, it_IT, ja_JP, nl_NL, tr_TR by @vvlladd28 in #14845
- ✨ Enhanced alarm severity colors by @ArtemDzhereleiko in #14672
- 👌 Improved create new action for entity autocomplete by @ArtemDzhereleiko in #13840
- 👌 Improved mobile actions by @ArtemDzhereleiko in #13849
- 👌 Improved attribute dialog style by @LeoMorgan113 in #13982
- 👌 Improved version name overflow handling in version control by @mtsymbarov-del in #14335
- 👌 Improved user password fields validation by @mtsymbarov-del in #14362
- 👌 Improved Audit log and Event details dialog by @vvlladd28 in #14653
- ⚡️ Optimized timewindow size in dashboard configuration when saving by @ChantsovaEkaterina in #13753
- ⚡️ Optimized size of dashboards and widgets when saving by @vvlladd28 in #13690
- ⚡️ Updated API usage dashboard by @ArtemDzhereleiko in #13944
- ⚡️ Updated password expiration message for en-US locale by @ArtemDzhereleiko in #14322
- ⚡️ Updated login page layout by @vvlladd28 in #14562
- 🔨 Refactored tb-logo as link in login, fullscreen dashboard and menu by @deaflynx in #14057
- 💻 Shared UI components for extension: tb-phone-input, tb-widget-button by @DmytroKhylko in #14279
- 💻 Shared UI components for extension: time-unit-input by @kalutkaz in #14684
Transport
Edge
- 🔀 [Edge] Added AI model sync by @jekka001 in #13998
- 🔀 Sync user and user credentials from Edge to Cloud by @volodymyr-babak in #14352
- Propagate entity deletions from edge to cloud (asset, device, dashboard, entity view) by @MazurenkoNick in #14447
- ⚡️ Avoid duplicate edge updates by @MazurenkoNick in #14489
- 🔀 Edge Events - added merge and filter duplicates by @volodymyr-babak in #14603
🐛 Bug Fixes
Core & Rule Engine
- 🛠 Fixed calculated fields search not working by @WangXin3 in #13878
- 🛠 Fixed telemetry deletion for keys with comma by @dashevchenko in #14287
- 🛠 Fixed error when uploading resources approximately larger than 15 MB by @AndriiLandiak in #14205
- 🛠 Fixed invalid finish ts for jobs with zero tasks in task manager by @ViacheslavKlimov in #14728
- 🛠 Fixed entity data query for sysadmin by @dashevchenko in #14564
- 🛠 Fixed CVE-2025-15284 by @vvlladd28 in #14729
- 🛠 Fixed partition cleanup for non-public PostgreSQL schemas by @AndriiLandiak in #146...