ESF 7.4.2 - Release

Eurotech Everyware Software Framework ESF 7.4.2 (Eclipse Kura - 5.4.2) - March 2024

This service release of ESF includes the following changes:

  • Improvements and fixes to the GWT Servlet code.

This release addresses CVE-2024-3046. Please see:

Target Environments:

  • ESF supports the following Devices and Everyware Linux (EL) versions:
    • ReliaGATE 10-12;
      • EL 27.0.1
      • EL 27.1.0
    • ReliaGATE 10-20;
      • EL 27.0.0
    • ReliaGATE 20-25;
      • EL 23.0.0
    • BoltGATE 20-25;
      • EL 21.4.0
      • EL 30.1.0 (RC4 tested)
    • ReliaGATE 10-14;
      • EL 27.0.3
      • EL 27.1.0
      • EL 40.0.0 (generic-arm64 profile)
    • DynaGATE 10-14;
      • EL 33.0.0 (generic-arm64 profile)
    • BoltGATE 20-31;
      • EL 20.1.0
      • EL 30.1.0 (RC4 tested)
    • DynaGATE 20-30;
      • EL 20.1.0
      • EL 30.1.0 (RC4 tested)
    • BoltGATE 10-12;
      • EL 27.1.0
    • DynaCOR 44-11;
      • Ubuntu 22.04 LTS (generic-x86-64 profile)
    • ReliaCOR 40-12;
      • Ubuntu 22.04 LTS (generic-x86-64 profile)
    • Generic profiles;
      • generic-arm32
      • generic-arm64
      • generic-x86_64
      • generic-arm32-nn
      • generic-arm64-nn
      • generic-x86_64-nn
    • Raspberry Pi 2/3/4 with Raspberry Pi OS 32bit (Bookworm tested);
    • Raspberry Pi 3/4 with Raspberry Pi OS 64bit (Bookworm tested);
  • ESF is also available as a pre-built Docker container based on:
    • Rocky Linux latest x86_64 and aarch64
    • ubi-minimal latest x86_64 and aarch64

Bug Fixes (Kura):

  • e5ef19d594 - GWT servlet review [backport release-5.4.0] (#5191) (nicolatimeus)

Known Issues (ESF):

  • [ECESF-6641] The installation of the com.eurotech.framework.fuse bundle causes an error in the log file. However, the bundle works correctly.
  • [ECESF-3394] Non-existent unsaved changes in UI preserved after update from 7.0.2
  • ReliaCELL Dual SIM option not supported
  • Hardware watchdog: not implemented on all platforms
  • On Reliagate 10-20 the watchdog cannot be disabled ("watchdog no-way-out")
  • During ESF shutdown, an error stacktrace can be shown in the log from the Jetty server. This does not affect the success of the procedure
  • 872: Provisioning Service: provisioned flag not reset if provisioning is re-enabled
  • 786: Connection Failed on Snapshot Rollback
  • 624: [Serial] RXTX fails to set 38400 bauds
  • 509: [ESF 5.2.0 QA] Check message verification failed with diagnostics ping
  • 423: [Terminal Services] socat resets the tty configuration on TCP client disconnect
  • 395: ESF on RG 20-25 reports wwan0 interface with LE910 V1 modem.
  • 358: [20-25] digital in/out gpio numbers are incorrect
  • 81: [Security - Message Signing] ESF verifies the signature of every control message
  • 64: Message signature propagated to application bundles

Known Issues (Kura):

  • The firewall rule applied by the network threat manager that block uncommon TCP MSS values is not applied in the Nvidia Jetson Nano.
  • When the IPv6 network threat manager is disabled, the filtering on TCP fragments is disabled only after a reboot.
  • The republish.mqtt.birth.cert.on.modem.detect property in the CloudService configuration is not supported for devices that use NetworkManager. The property value is ignored.
  • When dnsmasq is used as DHCP server, only one file is used to store the leases.
  • When dnsmasq is used as DHCP server, the DHCP List field in the DHCP and NAT tab shows the leases for all the interfaces.
  • The system reboot command cannot be issued even with a privileged user in Debian Bookworm due to an OS issue related to the CAP_SYS_BOOT capability.
  • The Wi-Fi AP scanning may fail in Debian Bookworm on the first scanning attempt in the specific Raspberry PI profile. A forced rescan can succeed and properly display the available APs.
  • The nvidia-jetson-nano installer disables FAN protocol support due to compatibility issues (see #4593)
  • The nvidia-jetson-nano doesn't support the Unprivileged Command Service (see #3598)
  • isc-dhcp-server fails upon first Kura installation on Raspberry Pi Bullseye. This is due to how the isc-dhcp-server installer package is
    built and run immediately after installation.
  • An update to the sslmanagerservice where the pid of the keystoreservice is updated can lead to an error in the following reconnection.
    The issue impact is limited, if the dataservice reconnect option is enabled.
  • The implementation of the CryptoService performs encryption using a
    password that is hardcoded and published.
  • Modem: Ublox Lisa U201 may not be able to establish PPP connection when CHAP/PAP authentication is required.
  • WiFi on Raspberry Pi 2 has only been tested with WiPi WiFi Dongle (Realink RT5370 chipset) and official Pi USB WiFi Dongle (Broadcom BCM43143 chipset).
    AccessPoint WiFi mode not working for Broadcom chipset.
  • Hardware watchdog: not implemented on all platforms
  • Only one WAN interface is currently supported with old networking. A warning in displayed
    in the WEB UI if the user attempts to enable more than one WAN interface
  • 4212: Wrong order of BIRTH/APPLICATION certificates for custom APP IDs registration
  • 3972: Topic name validation: issue with names containing "//" (Cloud Subscriber)
  • 4141: Sometimes user is not logged in after changing password
  • 3796: Server manager does not close properly
  • 3211: Kura Docker | Bluetooth error in log during starting service
  • 3005: Kura Gets Stuck in Loading View if Services Clicked Too Fast
  • 2843: Access Banner Content All in One Line
  • 2747: No Spacing Between "Wire Components" and Error in Wire Graph
  • 2728: WireGraph Component Description Windows Too Wide
  • 2725: Different Pop-up Windows for Warnings
  • 2702: Error Message For Long Item Names Not Displayed Properly
  • 2696: Component Name Inteferes With Wire Graph Border
  • 2695: Component Names in Wires Not Limited
  • 2410: Deployment handler and URLs with many query parameters
  • 2038: [Kura 3.2.0 QA] Package uninstallation log
  • 1993: Search Domains Are Not Supported
  • 1663: Authentication Issue with Deploy V2
  • 1572: serial modbus has errors on some hardware
  • 1529: OSGI console is not redirected to Eclipse IDE with Kura 3.0
  • 1161: Incorrectly configuring a component can be irreversable.
  • 1128: [Kura 3.0.0 M1 QA] Unable to delete manually added CamelFactory services
  • 1016: ConfigurationServiceImpl creates duplicate instances
  • 797: Design of ServiceUtil is broken
  • 771: Web UI fails with INTERNAL_ERROR when WireHelperService is not registered
  • 654: Clean up static initialization around "modem" functionality
  • 645: Clean up internal dependencies in Kura
  • 522: [Net] Modem monitor should monitor interfaces, not modems
  • 486: Build environment broken on Windows
  • 406: Replace System.get* with calls to SystemService.getProperties
  • 329: [DEPLOY-V2] Review/refactoring needed
  • 297: [Status led] What connection instance controls the status led?
  • 253: Check if bundle contexes correctly unget services after invoking getService
  • 222: CloudConnectionStatusServiceImpl does not cancel workers on component deactivation

Changelog (ESF):

  • 6f3181bac4 - chore: automated uptick to 7.4.2 (#2184) (github-actions[bot])
  • fd92917546 - refactor(network.threat.manager): Updated flooding protection metatype [backport release-7.4.0] (#2182) (github-actions[bot])
  • 3d2599db48 - chore: automated uptick to 7.4.2-SNAPSHOT (#2178) (github-actions[bot])
  • 527b0a814c - chore: Added known issue for the network threat manager (#2177) (Pierantonio Merlino)

Changelog (Kura):

  • 83477cf365 - chore: automated uptick to 5.4.2 (#5189) (github-actions[bot])
  • e5ef19d594 - fix: GWT servlet review [backport release-5.4.0] (#5191) (nicolatimeus)
  • cc449e2eda - chore: automated uptick to 5.4.2-SNAPSHOT (#5171) (github-actions[bot])