Releases: steve-community/steve
Releases · steve-community/steve
steve-3.7.1
What's new:
- Backport of #1526: Validate chargeBoxId for websocket connections with a regex. The chargeBoxId regex was also tightened to prevent some unwanted characters. If you want to go back to the previous, less restrictive, regex, you can override this behaviour with the newly introduced property/config
charge-box-id.validation.regex. You can set it to the old regex value which was\\S+. However, please only do so if the chargeBoxIds in your system are incompatible with the new regex. - Backport of #1533: Encode values properly when rendering HTML pages.
This is a security update. We urge all v3.7.0 users to update to this version.
steve-3.6.1
What's new:
- Backport of #1526: Validate chargeBoxId for websocket connections with a regex. The chargeBoxId regex was also tightened to prevent some unwanted characters. If you want to go back to the previous, less restrictive, regex, you can override this behaviour with the newly introduced property/config
charge-box-id.validation.regex. You can set it to the old regex value which was\\S+. However, please only do so if the chargeBoxIds in your system are incompatible with the new regex. - Backport of #1533: Encode values properly when rendering HTML pages.
This is a security update. We urge all v3.6.0 users to update to this version.
steve-3.5.1
What's new:
- Backport of #1526: Validate chargeBoxId for websocket connections with a regex. The chargeBoxId regex was also tightened to prevent some unwanted characters. If you want to go back to the previous, less restrictive, regex, you can override this behaviour with the newly introduced property/config
charge-box-id.validation.regex. You can set it to the old regex value which was\\S+. However, please only do so if the chargeBoxIds in your system are incompatible with the new regex. - Backport of #1533: Encode values properly when rendering HTML pages.
This is a security update. We urge all v3.5.0 users to update to this version.
steve-3.7.0
What's new:
- Refine grammar/fix typo of the title of stop button in transaction.jsp (#1224)
- add support for incoming calls to OcppJsonChargePoint (de399e5)
- add chargeBoxId to table transaction_stop_failed (#1331)
- Fix issue related to invalid characters in tags being submitted (#1322)
- drop support for mysql 5.7 (#1349)
- switch to java 17 (#1348)
- List Tag at RemoteStart if it's max transaction count is not reached (#1378)
- reservationId=0 being synonymous with "null" in StartTransaction (#1414)
- transactionId=0 being synonymous with "null" in MeterValues (#1415)
- remove the flag firstArrivingMeterValueIfMultiple and its usage (#1423)
- Fix suboptimal DB views with slow queries (#1219)
- insert connector conditionally for SetChargingProfile tasks (#1474)
- not fail on receiving with unknown ocpp properties in Json messages (#1460)
- Setting a database baseline (#1439)
- better msg if logs are unavailable (#1511)
- Update docker-compose.yml to add restart policies (#1508)
- Refactor: Extract tag authorization in a dedicated service (#1005)
- transaction detail page shows only energy meter values (#1515)
- Update dependencies, plugins, github actions
Thanks to all the contributors!
steve-3.6.0
What's new:
- Remove charging profile regardless of reply status (#968)
- Set the correct http status if chargeboxid is not recognized (#1020)
- Allow Heartbeat Interval to be zero (#1088)
- Accept '"null" alongside of "{}" as empty payload (#1109)
- Update transactions web page with a better description of "Stop" functionality (#1162)
- Add thread name to logs in prod env (e2c4c14)
- Start using maven wrapper (#998)
- API endpoints for automation and integration (#910)
This is big: We start exposing some APIs for 3rd party integration. - Use the default values for input/output buffers (#846)
This is big: There has been ongoing complaints about the memory behaviour, and more specifically OOM. @jpires did a great job uncovering and fixing it in #1058 - Update dependencies
Thanks to all the contributors!
Contributors
jpires
Assets 2
steve-3.5.0
What's new:
- update ocpp_protocol in db after a ws/json station connects
- wrap cell contents in case of table overflow (#803)
- relax extraction of chargebox id (#689)
- consider only Raw meter values in TransactionStopService.findLastMeterValue (#816)
- Add recommended, additional configuration keys for OCMF (#819)
- Replace NotificationService direct calls by indirect calls via ApplicationEventPublisher (#844)
- respect X-Forwarded-For headers if present (#570)
- escape html chars during json ser/deser
- remove 'value' validation on ChangeConfigurationParams (#920)
- update dependencies
steve-3.4.9
What's new:
- update spring version to address RCE vulnerability (#791)
- update jackson databind to address CVE (FasterXML/jackson-databind#2816)
- migrate from jetty 9 to jetty 10
- mark not connected JSON charge points as disconnected (#355)
- increase hikari's maxLifetime (#736)
- migrate tests from junit 4 to 5
- improve websocket handshake logic
- update dependencies
we urge all users to update to this version.
steve-3.4.8
What's new:
- important: another update of log4j2 to fix another vulnerability (#715).
we urge all users to update to this version.
steve-3.4.7
What's new:
- important: another update of log4j2 to fix vulnerability (#708). it turns out that the previous log4j2 fix was incomplete. therefore, we are updating it again.
we urge all users to update to this version due to the vulnerability discovered in old log4j2 versions.