Skip to main content
  • Log in
  • Manage Cookies
projects.eclipse.org
Download
  • Projects
  • Working Groups
  • Members
  • Community
    • Marketplace
    • Events
    • Planet Eclipse
    • Newsletter
    • Videos
    • Blogs
  • Participate
    • Report a Bug
    • Forums
    • Mailing Lists
    • Wiki
    • IRC
    • Research
  • Eclipse IDE
    • Download
    • Learn More
    • Documentation
    • Getting Started / Support
    • How to Contribute
    • IDE and Tools
    • Newcomer Forum
  • More
      • Community

      • Marketplace
      • Events
      • Planet Eclipse
      • Newsletter
      • Videos
      • Blogs
      • Participate

      • Report a Bug
      • Forums
      • Mailing Lists
      • Wiki
      • IRC
      • Research
      • Eclipse IDE

      • Download
      • Learn More
      • Documentation
      • Getting Started / Support
      • How to Contribute
      • IDE and Tools
      • Newcomer Forum
    • Search

  1. Home
  2. Projects
  3. Eclipse IoT
  4. Eclipse Kapua™
  5. 1.1.0
  6. 1.1.0 Release Review

Eclipse Kapua™ 1.1.0 Release Review

Type: 
Release
State: 
Successful
End Date of the Review Period: 

Reviews run for a minimum of one week. The outcome of the review is decided on this date. This is the last day to make comments or ask questions about this review.

Wednesday, October 16, 2019
Project: 
Eclipse Kapua™
Release: 

1.1.0

Description: 

Eclipse Kapua 1.1.0 is aimed at improving and consolidate the following areas:

  • Device Connectivity
  • Message Routing
  • Device Management
  • Data Management
  • Security
  • Administration Console
  • REST API Documentation

A total of 365 issues have been closed in this version from the previous 1.0.0 release.

The most notable features and changes introduced by this release are:

  • Full Eclipse Kura DEPLOY-V2 support. In Kapua 1.1.0, compatibility with the Eclipse Kura DEPLOY-V2 Request Handler has been enhanced, extending the support to all the non-mandatory options for the Package Download Request. More info at Eclipse Kura MQTT Namespace. This enable the user to have more control over the Package Download capabilities offered by the Kura framework, to suit different constrained scenarios (i.e. a Kura device with very low connectivity bandwidth) or different kinds of downloaded files (i.e. OSGi bundle or executable script).
  • Long Running Operations can now provide a real time feedback on their execution. Device Jobs feature has been enhanced to support tracking asynchronous operations. This enables a full support of long running Device management operations (i.e. interaction with Kura DEPLOY-V2) and the capability to create chain of operations on the Device Job targets. Alongside this improvement comes the history of all package management operations executed on a Devices both with interactive management and batch jobs.
  • A Device Job can now be scheduled to start as soon as Targets connect to Kapua. This feature is very handy when the Devices connects according to a due tight schedule in order to save bandwidth or due to limited connectivity. This feature allows Devices to be processed as soon as they connect, allowing concurrent processing.
  • A new REST API has been implemented to retrieve all the permissions and the Access Token related to a user session. This way, retrieving all the permissions for a given user is way easier, getting all the permissions with a single REST call instead of performing 5 different calls to the currently available APIs.
  • SwaggerUI, that is currently used in the REST API container to provide documentation, has been upgraded to 3.23.0 in order to support OpenAPI 3.0 specification files and resolve security issues in the previous version.
  • Kapua datastore service now supports Basic HTTP Authentication to the Elasticsearch instance.
  • Environment parameters have been added to Docker containers (Broker, REST API and Console) in order to inject certificates used to establish SSL connections.
API Certification: 

The project leadership certifies that the APIs in this release are "Eclipse Quality".

Security Issues: 

The following CVEs have been addressed in this release:

  • Upgraded SwaggerUI version from 2.1.4 to 3.23.0 - CVE-2016-5682 - CWE-79
  • Upgraded protobuf-java version from 2.6.1 to 3.8.0 - CVE-2015-5237 - CWE-119
  • Upgraded jackson-databind version from 2.9.9 to 2.9.9.1 - CVE-2019-12814 - CWE-200; CVE-2019-12384 - CWE-502
  • Upgraded commons-beanutils version from 1.9.2 to 1.9.3 - CVE-2014-0114 - CWE-20
  • Upgraded commons-collections version from 3.2.1 to 3.2.2 - CVE-2015-7501 - CWE-502
  • Upgraded Guava version from 19.0 to 27.1-jre - CVE-2018-10237 - CWE-119
  • Upgraded Qpid Jms Client version from 0.24.0 to 0.40.0 - CVE-2018-17187 - CWE-300
  • Upgraded Jackson Databind version from 2.8.6 to 2.9.9 - CVE-2018-14718 - CWE-502
  • Upgraded Slf4j-api version from 25.0 to 26.0 - CVE-2018-8088 - CWE-502
  • Upgraded Logback version from 1.1.8 to 1.2.3 - CVE-2017-5929 - CWE-502
  • Upgraded H2 version from 1.4.192 to 1.4.199 - CVE-2018-10054 - CWE-94
  • Upgraded Jetty from 9.4.6 to 9.4.12 - CVE-2018-12545 - CWE-20; CVE-2018-12536 - CWE-200; CVE-2017-9735 - CWE-200; CVE-2017-7657 - CWE-190
  • Removed Apache POI version 3.11 - CVE-2017-5644 - CWE-399
Non-Code Aspects: 

The Test Framework has been refactored to improve reusing of code (especially Cucumber Steps) among the whole project. Also, Docker containers are now used for integration tests instead of embedded servers.

Conforms To UI/UX Guidelines: 
Not verified
Usability Details: 

The team has put a lot of effort to improve the usability of the Administration Console, constantly improving the views and integrating community feedback.

Some effort has been put also in improving ergonomics for REST APIs; the new LoginInfo REST API is specifically geared towards improving the usability of whole Permissions feature, allowing to retrieve all the permissions for a single user with a single REST API call.

Communities: 

A new communication channel has been established opening a Gitter room for Kapua. This has allowed a more direct interaction with the users, with a few report that resulted in issues that have the been fixed in a short time. Also, it reduced the amount of Github issues that were just questions or support request, keeping the issue database cleaner.

  • Sign in to post comments.

Project Links

  • Getting Started
  • Website
Eclipse Kapua™

Related Projects

Project Hierarchy:

  • Eclipse IoT
  • Eclipse Kapua™

Tags

Technology Types
  • IoT and Edge

Eclipse Foundation

  • About Us
  • Contact Us
  • Sponsor
  • Members
  • Governance
  • Code of Conduct
  • Logo and Artwork
  • Board of Directors
  • Careers

Legal

  • Privacy Policy
  • Terms of Use
  • Copyright Agent
  • Eclipse Public License
  • Legal Resources

Useful Links

  • Report a Bug
  • Documentation
  • How to Contribute
  • Mailing Lists
  • Forums
  • Marketplace

Other

  • IDE and Tools
  • Projects
  • Working Groups
  • Research@Eclipse
  • Report a Vulnerability
  • Service Status

Copyright © Eclipse Foundation. All Rights Reserved.

Back to the top