Eclipse Kura 5.0.0 Release Review

This major release of Eclipse Kura, compatible with Java 8 and OSGi R7, introduces new security related features. It brings HTTPS for the Web UI with the possibility to perform not only password-based authentication but also certificate-based authentication on top of mTLS. The framework now runs on a dedicated user named "kurad" and provides a new set of APIs for privileged and unprivileged execution. Eclipse Kura now is also capable to log in an audit file, the security-related operations performed in the framework. The firewall implementation has been significantly updated to support iptables custom chains and integration with other linux services like Docker.

The project is now EPL-2.0 compatible.

New and updated APIs

• org.eclipse.kura: New exception messages in KuraError class; 
• org.eclipse.kura.certificate: New APIs to support HTTPS certificates. New APIs for improved cretificate listing and management
• org.eclipse.kura.crypto: Extended the Crypto functionalities supporting sha-256 and making hash function generic for future use.
• org.eclipse.kura.message: Added support for birth certificate extensibility. Introduced tamper-detection APIs.
• org.eclipse.kura.executor: New API to support uniform privileged and unprivileged executions in the framework 
• org.eclipse.kura.net.modem: Added support for multiple modem management
• org.eclipse.kura.net.wifi: Added support for Wifi 802.11a (5 GHz)
• org.eclipse.kura.security: Added tamper detection and network threat management APIs  
• org.eclipse.kura.security.keystore: New set of APIs to create an abstraction over framework managed keystores.
• org.eclipse.kura.ssl: Deprecated SSL APIs in SSLManagerService
• org.eclipse.kura.system: new APIs related to privileged and unprivileged command executions, new package inventory APIs, support for Birth Certificate extensibility and Virtual network interfaces management
• org.eclipse.kura.audit: new set of APIs to support framework operations logging

Features

• Added support for new Quectel EC25, BG96 and ZTE modems
• Multi-modem support: the framewor is now capable to manage multiple modems connected to the gateway
• Custom Firewall chains for Kura
• New Audit framework for auditing security-related actions in a specific audit file
• Support for Web UI certificate login
• Support for REST APIs certificate login
• Support for Web UI multiple identities and related permissions
• Privileged and unprivileged command execution
• New Kura and Kurad users for privileged and unprivileged execution. The framework is not running anymore as root
• New Threat manager feature with Flooding protection support
• Updated crypto service with new symmetric crypto algorithm
• Updated crypto service with extended hashing capabilities
• New framework folder structure
• New Birth message with extended properties support
• New Log Download feature from Local Web UI with support for both SysV and Systemd systems
• Updated XSRF token feature in local Web UI
• Added support for Virtual network interfaces
• New Trigonometry Wire Component examples
• New Math Wire Component examples
• New Boolean Multiport Wire Component examples
• New Security section in Web UI with framework-managed certificates listing and management
• New NAT warning message for connection sharing
• New Tamper detection support with examples
• New support for Wifi 802.11a (5 GHz)
• New Inventory feature to list all the framework and system packages with versions. New INVENTORY-V1 request handler for cloud interaction
• Various Web UI improvements and cleanups

Features Preview

• Web UI extendibility APIs and examples

Breaking Changes

• The updated crypto algorithm makes impossible to reuse old encrypted snapshots.
• The updated framework folder structure

Deprecated APIs

• org.eclipse.kura.command.CommandService
• org.eclipse.kura.driver.DriverService
• org.eclipse.kura.ssl.SSLManagerService (Partial)
• org.eclipse.kura.certificate.CertificateService (Partial)
• org.eclipse.kura.net.dhcp.DhcpServerConfigIP4 (Partial)
• org.eclipse.kura.net.dhcp.DhcpServerConfigIP6 (Partial)
• org.eclipse.kura.net.firewall.FirewallNatConfig (Partial)
• org.eclipse.kura.net.modem.ModemGpsEnabledEvent (Partial)
• org.eclipse.kura.net.modem.ModemManagerService (Partial)
• org.eclipse.kura.linux.bluetooth.util
• org.eclipse.kura.linux.bluetooth.le.beacon

New Hardware Platforms and Distributions

• New Alpine linux based Docker container

Target Platform Updates

• org.apache.felix.gogo.command.version=1.0.2.v20170914-1324 
• org.apache.felix.gogo.runtime.version=1.1.0.v20180713-1646
• org.apache.felix.gogo.shell.version=1.1.0.v20180713-1646
• org.apache.felix.scr.version=2.1.16.v20200110-1820
• org.eclipse.core.contenttype.version=3.7.800.v20200724-0804
• org.eclipse.core.jobs.version=3.10.800.v20200421-0950
• org.eclipse.core.runtime.version=3.19.0.v20200724-1004
• org.eclipse.equinox.app.version=1.5.0.v20200717-0620
• org.eclipse.equinox.cm.version=1.4.400.v20200422-1833
• org.eclipse.equinox.common.version=3.13.0.v20200828-1034
• org.eclipse.equinox.console.version=1.4.200.v20200828-1034
• org.eclipse.equinox.ds.version=1.6.200.v20200422-1833
• org.eclipse.equinox.event.version=1.5.500.v20200616-0800
• org.eclipse.equinox.http.jetty.version=3.7.400.v20200123-1333
• org.eclipse.equinox.http.registry.version=1.2.0.v20200614-1851
• org.eclipse.equinox.http.servlet.version=1.6.600.v20200707-1543
• org.eclipse.equinox.io.version=1.1.100
• org.eclipse.equinox.launcher.version=1.5.800.v20200727-1323
• org.eclipse.equinox.metatype.version=1.5.300.v20200422-1833
• org.eclipse.equinox.preferences.version=3.8.0.v20200422-1833
• org.eclipse.equinox.registry.version=3.9.0.v20200625-1425
• org.eclipse.equinox.util.version=1.1.300
• org.eclipse.equinox.wireadmin.version=1.0.800
• org.eclipse.osgi.services.version=3.9.0.v20200511-1725
• org.eclipse.osgi.util.version=3.5.300.v20190708-1141
• org.eclipse.osgi.version=3.16.0.v20200828-0759
• org.eclipse.jetty.continuation.version=9.4.39.v20210325
• org.eclipse.jetty.http.version=9.4.39.v20210325
• org.eclipse.jetty.io.version=9.4.39.v20210325
• org.eclipse.jetty.security.version=9.4.39.v20210325
• org.eclipse.jetty.server.version=9.4.39.v20210325
• org.eclipse.jetty.servlet.version=9.4.39.v20210325
• org.eclipse.jetty.util.version=9.4.39.v20210325
• org.eclipse.jetty.util.ajax.version=9.4.39.v20210325
• Google Protobuf 3.8.0
• com.eclipsesource-json 0.9.5
• org.apache.felix.useradmin 1.0.4.k1
• org.apache.camel.camel-amqp.version=2.25.3
• org.apache.camel.camel-core.version=2.25.3
• org.apache.camel.camel-core-osgi.version=2.25.3
• org.apache.camel.camel-jms.version=2.25.3
• org.apache.camel.camel-script.version=2.25.3
• org.apache.camel.camel-stream.version=2.25.3
• org.apache.servicemix.bundles:org.apache.servicemix.bundles.spring-beans.version=4.3.20.RELEASE_1
• org.apache.servicemix.bundles:org.apache.servicemix.bundles.spring-context.version=4.3.20.RELEASE_1
• org.apache.servicemix.bundles:org.apache.servicemix.bundles.spring-core.version=4.3.20.RELEASE_1
• org.apache.servicemix.bundles:org.apache.servicemix.bundles.spring-expression.version=4.3.20.RELEASE_1
• org.apache.servicemix.bundles:org.apache.servicemix.bundles.spring-jms.version=4.3.20.RELEASE_1
• org.apache.servicemix.bundles:org.apache.servicemix.bundles.spring-tx.version=4.3.20.RELEASE_1
• io.netty.version=4.1.68.Final
• jakarta.activation-api.version=1.2.2 (build-only)
• jakarta.annotation-api.version=1.3.5 (build-only)
• jakarta.xml.bind-api.version=2.3.3 (build-only)
• jakarta.xml.ws-api.version=2.3.3 (build-only)
• jakarta.xml.soap-api.version=1.4.2 (build-only)
• jaxb-osgi.version=2.3.3 (build-only)
• osgi-resource-locator.version=1.0.3 (build-only)