What's Changed
Security
- Fixed CWE-770 in Jackson Core by @zzzeebra in #15368
- Fixed CVE-2026-34487, CVE-2026-34486, CVE-2026-34483 by @zzzeebra in #15417
- Fixed CVE-2025-70340: system alarm comments access control by @dashevchenko in #15377
- Fixed multiple CVEs: 2026-39364, 2026-39363, 2026-4800 by @vvlladd28 in #15466
- Fixed CVE-2026-40895 by @mtsymbarov-del in #15538
- Fixed CVE-2026-5588, CVE-2026-5598, CVE-2025-14813, CVE-2026-35554, CVE-2026-27314 by @zzzeebra in #15458
- Fixed CVE-2026-40975, CVE-2026-40973, CVE-2026-22740, CVE-2026-42198 by @zzzeebra in #15557
- Fixed SSRF vulnerability in AI model provider URLs by @zzzeebra in #15412
- Fixed SSRF and file access vulnerabilities in TBEL script sandbox by @zzzeebra in #15585
- Fixed CVE-2026-40682, CVE-2026-42027 by @zzzeebra in #15588
- Fixed CVE-2026-42579, CVE-2026-42583, CVE-2026-42584, CVE-2026-42587 by @ViacheslavKlimov in #15598
- Hardened remote JS executor script invocation by @smatvienko-tb in #15600
- Fixed CVE-2026-41284, CVE-2026-43512 by @ViacheslavKlimov in #15649
Core & Rule Engine
- Performance and reliability improvements for Efento message processing by @dashevchenko in #15333
- Exposed HTTP response compression configuration params by @dashevchenko in #15520
- LZ4 compression support for Kafka by @volodymyr-babak in #15565
- Fixed WS sessions limit handling for public users by @dashevchenko in #15313
- Fixed REST API Call node blocking actor thread and semaphore permit leak by @smatvienko-tb in #15334
- Fixed entity filtering by boolean data key for EDQS by @dashevchenko in #15457
- Fixed MAX aggregation for mixed double and long telemetry values by @dashevchenko in #15560
- Added config property to control null ordering in dashboards by @dashevchenko in #15425
UI
- Bumped Node.js version from 22.18.0 to 22.22.2 by @ViacheslavKlimov in #15330
- HTML container widget by @ikulikov in #15556
- Hidden "Add Telemetry" button for Entity view by @mtsymbarov-del in #15362
- Added '@angular/core/rxjs-interop' to modules map by @vvlladd28 in #15373
- Fixed select options being clipped in widget settings form by @vvlladd28 in #15399
- Fixed display long texts in Alarm asignee panel by @mtsymbarov-del in #15408
- Fixed Alarm Assignee icon placement by @mtsymbarov-del in #15423
- Adjusted size of entity type select to fit error message by @mtsymbarov-del in #15427
- Fixed show/hide of custom header actions when using function to control visibility by @mtsymbarov-del in #15430
- Fixed not set pageSize to child nodes in Entities hierarchy widget by @mtsymbarov-del in #15433
- Fixed not process aggregation keys in Entities hierarchy widget by @mtsymbarov-del in #15434
- Fixed map shape labels drifting from center after viewport resize by @mtsymbarov-del in #15531
- Fixed CSV import not unescaping double quotes in unquoted fields by @ChantsovaEkaterina in #15581
Transport
- Added automatic SSL/TLS certificate reload for transports without service restart by @AndriiLandiak in #15301
- Fixed app hanging on MQTT port conflict at startup by @zzzeebra in #15451
- SNMP: defer querying tasks until transport session is registered by @volodymyr-babak in #15346
Full Changelog: v4.2.2.1...v4.2.2.2