Skip to content

Releases: steve-community/steve

steve-3.7.1

06 Aug 21:49
880fb4d
Compare
Choose a tag to compare

What's new:

  • Backport of #1526: Validate chargeBoxId for websocket connections with a regex. The chargeBoxId regex was also tightened to prevent some unwanted characters. If you want to go back to the previous, less restrictive, regex, you can override this behaviour with the newly introduced property/config charge-box-id.validation.regex. You can set it to the old regex value which was \\S+. However, please only do so if the chargeBoxIds in your system are incompatible with the new regex.
  • Backport of #1533: Encode values properly when rendering HTML pages.

This is a security update. We urge all v3.7.0 users to update to this version.

steve-3.6.1

06 Aug 22:06
7f095a0
Compare
Choose a tag to compare

What's new:

  • Backport of #1526: Validate chargeBoxId for websocket connections with a regex. The chargeBoxId regex was also tightened to prevent some unwanted characters. If you want to go back to the previous, less restrictive, regex, you can override this behaviour with the newly introduced property/config charge-box-id.validation.regex. You can set it to the old regex value which was \\S+. However, please only do so if the chargeBoxIds in your system are incompatible with the new regex.
  • Backport of #1533: Encode values properly when rendering HTML pages.

This is a security update. We urge all v3.6.0 users to update to this version.

steve-3.5.1

06 Aug 22:31
1fe3e13
Compare
Choose a tag to compare

What's new:

  • Backport of #1526: Validate chargeBoxId for websocket connections with a regex. The chargeBoxId regex was also tightened to prevent some unwanted characters. If you want to go back to the previous, less restrictive, regex, you can override this behaviour with the newly introduced property/config charge-box-id.validation.regex. You can set it to the old regex value which was \\S+. However, please only do so if the chargeBoxIds in your system are incompatible with the new regex.
  • Backport of #1533: Encode values properly when rendering HTML pages.

This is a security update. We urge all v3.5.0 users to update to this version.

steve-3.7.0

27 Jul 11:53
4262604
Compare
Choose a tag to compare

What's new:

  • Refine grammar/fix typo of the title of stop button in transaction.jsp (#1224)
  • add support for incoming calls to OcppJsonChargePoint (de399e5)
  • add chargeBoxId to table transaction_stop_failed (#1331)
  • Fix issue related to invalid characters in tags being submitted (#1322)
  • drop support for mysql 5.7 (#1349)
  • switch to java 17 (#1348)
  • List Tag at RemoteStart if it's max transaction count is not reached (#1378)
  • reservationId=0 being synonymous with "null" in StartTransaction (#1414)
  • transactionId=0 being synonymous with "null" in MeterValues (#1415)
  • remove the flag firstArrivingMeterValueIfMultiple and its usage (#1423)
  • Fix suboptimal DB views with slow queries (#1219)
  • insert connector conditionally for SetChargingProfile tasks (#1474)
  • not fail on receiving with unknown ocpp properties in Json messages (#1460)
  • Setting a database baseline (#1439)
  • better msg if logs are unavailable (#1511)
  • Update docker-compose.yml to add restart policies (#1508)
  • Refactor: Extract tag authorization in a dedicated service (#1005)
  • transaction detail page shows only energy meter values (#1515)
  • Update dependencies, plugins, github actions

Thanks to all the contributors!

steve-3.6.0

04 Jun 06:41
Compare
Choose a tag to compare

What's new:

  • Remove charging profile regardless of reply status (#968)
  • Set the correct http status if chargeboxid is not recognized (#1020)
  • Allow Heartbeat Interval to be zero (#1088)
  • Accept '"null" alongside of "{}" as empty payload (#1109)
  • Update transactions web page with a better description of "Stop" functionality (#1162)
  • Add thread name to logs in prod env (e2c4c14)
  • Start using maven wrapper (#998)
  • API endpoints for automation and integration (#910)
    This is big: We start exposing some APIs for 3rd party integration.
  • Use the default values for input/output buffers (#846)
    This is big: There has been ongoing complaints about the memory behaviour, and more specifically OOM. @jpires did a great job uncovering and fixing it in #1058
  • Update dependencies

Thanks to all the contributors!

steve-3.5.0

05 Oct 05:25
Compare
Choose a tag to compare

What's new:

  • update ocpp_protocol in db after a ws/json station connects
  • wrap cell contents in case of table overflow (#803)
  • relax extraction of chargebox id (#689)
  • consider only Raw meter values in TransactionStopService.findLastMeterValue (#816)
  • Add recommended, additional configuration keys for OCMF (#819)
  • Replace NotificationService direct calls by indirect calls via ApplicationEventPublisher (#844)
  • respect X-Forwarded-For headers if present (#570)
  • escape html chars during json ser/deser
  • remove 'value' validation on ChangeConfigurationParams (#920)
  • update dependencies

steve-3.4.9

31 Mar 12:45
Compare
Choose a tag to compare

What's new:

  • update spring version to address RCE vulnerability (#791)
  • update jackson databind to address CVE (FasterXML/jackson-databind#2816)
  • migrate from jetty 9 to jetty 10
  • mark not connected JSON charge points as disconnected (#355)
  • increase hikari's maxLifetime (#736)
  • migrate tests from junit 4 to 5
  • improve websocket handshake logic
  • update dependencies

we urge all users to update to this version.

steve-3.4.8

19 Dec 10:35
7dd838b
Compare
Choose a tag to compare

What's new:

  • important: another update of log4j2 to fix another vulnerability (#715).

we urge all users to update to this version.

steve-3.4.7

15 Dec 08:10
f05887c
Compare
Choose a tag to compare

What's new:

  • important: another update of log4j2 to fix vulnerability (#708). it turns out that the previous log4j2 fix was incomplete. therefore, we are updating it again.

we urge all users to update to this version due to the vulnerability discovered in old log4j2 versions.

steve-3.4.6

11 Dec 16:05
Compare
Choose a tag to compare

What's new:

  • important: update log4j2 to fix vulnerability (#708)
  • fix: ConnectorStatus shows rejected CS connectors even as available (#691)
  • refactorings
  • other dependency updates

we urge all users to update to this version due to the vulnerability discovered in old log4j2 versions.