Releases: node-opcua/node-opcua
v2.124.0
What's changed:
Version 2.124.0 of our software introduces significant enhancements to the client automatic reconnection mechanism
- Client and Server Enhancements: Enhancements were made in reconnection logic and secure channel management, providing a more robust handling of network instabilities and secure communications.
- New Server Features: We introduced features like setNextSubscriptionId() to align with open62541 behavior (subcriptionId counting from 1)
- Maintenance and Debugging: We refined debugging outputs, adjusted test timings, and improved error handling across the system, enhancing both performance and developer experience.
- Bug Fixes: Notable bug fixes ensure correct behavior in data handling and client-server interactions, particularly in edge cases of network failures and reconnections.
🐛 Bug Fixes
- [0fb5fcf] Fixed an issue where getters with ExtensionObject were not exposing the correct dataValue statusCode, ensuring data integrity and accurate reporting.
- [e6b944d] Ensured
nodeVersion
operates properly when a node belongs to a custom namespace, maintaining namespace integrity. - [ac7fd1a] Corrected the
raiseEvent
method signature in TypeScript, aligning it with expected type definitions.
Security Updates
- [86d137b] Fixed vulnerabilities in
packages/node-opcua-local-discovery-server/Dockerfile
by upgrading dependencies to address security concerns highlighted by Snyk (Vulnerability 1, Vulnerability 2).
✨ Enhancements
- [5d34b30] Improved secure channel recreation, enhancing the stability and reliability of secure connections.
- [6fb0c97] Enhanced the reconnection workbench, optimizing the reconnection process under various network conditions.
- [2590d1a] Client: Refined handling of reconnection edge cases, including server disconnections and network failures during ongoing reconnection attempts.
- [7329295]
findEndpoint
now uses the same connection strategy as the parent OPCUAClient, harmonizing connection behaviors across the client. - [3e1e4a5] File-transfer: Exposed nodeId and async browseName, enhancing file handling capabilities in the client.
- [38caa35] Improved reconnection logic to provide smoother client-server interactions during network instability.
- [5ac2ae0] Updated
createMonitoredItemsLimit
to avoid usingmaxMonitoredItemsPerCall=0
, optimizing monitoring efficiency.
🛠 Maintenance and Refinements
- [a945169] Adjusted test timing to better reflect real-world operational conditions.
- [f0a57b2] Enhanced communication debug trace, offering more detailed diagnostic capabilities.
- [67ea74d] Traced connection closure events, improving monitoring and troubleshooting of disconnections.
- [ab393f2] Server: Added
setNextSubscriptionId()
to imitate open62541 behavior, enhancing subscription management capabilities.
v2.123.0
What's Changed
- In this release, we've resolved a persistent issue in the OPCUA Client interface that led to premature disconnections or problems with security token renewal when there was a significant time discrepancy between the client and server clocks. Now, the OPCUA Client utilizes its own time, captured when the OpenSecurityChannelResponse is received, instead of relying on the server's time to calculate the security token's lifetime expiration. Additionally, it will display a warning in the console
[NODE-OPCUA-W33]
if there's a notable time difference between the server's time and the local time on the computer where the OPCUA client is running. This enhancement aims to make it easier to identify servers with time synchronization issues (#1349) (#1351).
🎉 Special kudo to EirikVea for nailing the root cause.
the warning message looks like:
`
[NODE-OPCUA-W33] client : server token creation date exposes a time discrepancy of 10 minutes 23 seconds
the remote server clock doesn't match this computer date !
please check both server and client clocks are properly set .
server time: 2024-03-17 10:20:30.300Z
client time: 2024-03-17 10:30:53.300Z
server URL = opc.tcp.//mydevice:4840
- Furthermore, we've incorporated the Aes256_Sha256_RsaPss security policy in this version, completing our transition to the OPC UA 1.05 security profiles by setting Aes256_Sha256_RsaPss as the default. We have also removed the Basic128Rsa15 and Basic256 security policies from the server's default policies. However, these can be reactivated, if necessary, by specifying the
securityPolicies
parameter in the OPCUA Server constructor. (#1348)
Default policies used if securityPolicies
is not specified:
before | now in v2.123.0 |
---|---|
None | None |
Basic128Rsa15 | |
Basic256 | |
Basic256Sha256 | Basic256Sha256 |
Aes128_Sha256_RsaOaep | Aes128_Sha256_RsaOaep |
Aes256_Sha256_RsaPss |
-
We reintroduced PKCS1 padding (Issue #1347), which was previously removed in version 2.122.0, due to Node.js discontinuing support for PKCS padding with private key encryption. However, this reintroduction comes with a caveat for users of Node.js versions newer than 18.11.1 or NodeJS > 20.11.1. To enable PKCS1 padding, you must include the argument --security-revert=CVE-2023-46809 when running the Node.js executable. This step reverses a security fix in Node.js, allowing PKCS1 padding to function. Failure to apply this workaround may result in connectivity issues between the Client and Server when interacting with devices that still utilize the now-deprecated 128Rsa15 security policy for channel or user token encryption.
-
We found out that the recent version of NodeJS now emits an AggregateError instead of a Error on windows when multiple network cards are present, causing the connection mechanism to struggle, this only affects Node 20.11.1 on windows as far as we are aware [b4ff258]
details
🐛 Bug Fixes
- [cd9dcb0] Fix crawler has throw error if the object does not contain displayName or description #1343
- [b4ff258] Fix error message of AggregateError generated by Node.js 20.11.1 on Windows when connection is refused
✨ Enhancements
- [26359c0] Fix Aes256_Sha256_RsaPss security policy #1259 #1281 (sponsored)
- [31af8b2] Server: Adjust default security policies - add Aes256_Sha256_RsaPss in default security policies and remove deprecated Basic128Rsa15 and Basic256 from default security policies
- [a9ec280] Client now displays a warning when the remote server clock is out of sync by more than 5 seconds #1349
- [28efd1a] Now print time drift statistic to ClientSecureChannelLayer#toString
[92dd8db] Display warning when the nodejs--security-revert=CVE-2023-46809
command line option needs to be used to allow legacy Basic192Rsa15 encryption and server ( in 20.11.1 and 18.11.1 onward)
🛠 Maintenance
- [e65ef43] Chore: code cleanup
- [2f8275f] Chore: remove unused files
- [fa0b34f] Chore: coerceSecurityPolicies
- [bec0df2] Chore: improve client connection error feedback
- [5a10fb1] Chore: fix import issue
- [ccf10ee] Chore: adjust test assert
- [8fcfcdc] Chore: exclude tsbuildinfo files from packages
- [7402e8c] Chore: make build_address_space_for_conformance_testing async
- [b853ea6] Chore: add missing describe with leak detector in test
- [28fbdde] Investigate test failure on Windows
👬🏽 contributors
Full Changelog: v2.122.0...v2.123.0
🌟 Join the NodeOPCUA Support Network! 🌟
NodeOPCUA continues to grow and evolve, thanks to the invaluable support from community members like YOU! 🚀
We're dedicated to enhancing and expanding the capabilities of node-opcua, and we invite you to be a part of this exciting journey. Consider contributing through our membership program at Sterfive or by donating on
🤝 Your support is crucial!
Your contributions foster innovation and strengthen a community founded on cooperation and the exchange of knowledge. 🌱
🌍 Together, we can drive the future of node-opcua forward! 🌍
v2.122.0
What's Changed
🚨 Security update
- OPCUAClient now avoids selecting deprecated security policy while choosing user identity token #1344
For instance, when OPCUAClient encounters multiple identity token policyId for the same tokenType, the OPCUClient will select the policyId that provides the most robust encryption method. It will also avoid using Basic192RSA15, which is now deprecated in NodeJS 20.11.1 onward, to fix CVE-2023-46809.
Full Changelog: v2.121.0...v2.122.0
V2.121.0
Release Notes
🐛 Bug Fixes
d81924c60
Adjust UAVariable: fixing #1342 by forcing timestamp to be set when a simple variable getter is usedef9878409
Fix ambiguous abstract DataType with encoding while loading nodeset2 xml3b8613468
Server: monitored item; fix keep alive and resendInitialValue behavior7d161b074
Server channel: fix channel termination in registerChannelea7fac356
Fix release continuation point behaviorf521d25cb
Fix eventNotifier type to be a EventNotifierFlags in InstantiateObjectOptionse85efe29f
Fix boiler instantiation by specifying the correct value for event notifier7c42fe464
Ensure event notifier flag SubscribeToEvents automatically set when an object has EventSource or Notifieraacd2c86c
Fix default variable matrix value while loading nodeset2.xml7fb5d7c88
Fix a bug causing the server to crash while raising AuditCertificate Events1e51b2184
Call should return BadMethodInvalid instead of BadNodeIdUnknown when MethodId doesn't exist or is not a methode482774c8
BadChannelIdInvalid should be returned in a ServiceFault instead of a Valid Requestaae18eed7
Issue #1320 bug-fix: now instantiating variable with same name as parent objectType.b9503fdf4
Issue #1326 bug-fix: no longer adding nodes from an unrelated object type to a node with the same browseName.
🛡️ Security Updates
8ec25b71a
Deprecate RSAPKCS1V15_Decrypt due to CVE-2023-4680997568f4bf
Update packages - node-opcua-crypto@4.8.0 CVE-2023-468090a27cef67
Fix: dockertest/Dockerfile to reduce vulnerabilitiesce26af470
Fix: packages/node-opcua-local-discovery-server/Dockerfile to reduce vulnerabilities
✨ Enhancements
9ebe882e6
Feat: add description and displayName to base object when crawling17b48cc99
ArgumentList: verifyArgumentList returns BadTypeMismatch if at least one argument has a BadTypeMismatch status codeea7fac356
Fix release continuation point behavior
🛠 Maintenance
c38096565
Adjust flaky test on windows2eca643f2
Chore: reduce verbosity in test862ae72f5
Chore: adjust temporary folder location in tests22606c59b
Update CTT.xmladf2b22e9
CTT: ensure keepAlive is sent after 1xpublishInterval first time77ccf6417
Refactor: server tests to typescript88ba311f5
Add leak detector in test794e35cd1
Chore: fix typescript error in test47c75b7fb
Address space for ctt: fix matrix variables4610fa986
Chore: adjust TCP socket in testcd8d2705b
Chore: server_tcp_transport cleanup4e75b2d5a
ServerSecureChannel: return ServiceFault when OpenSecureChannel fails52388f80c
Chore: remove unused importb7b1f62ab
Chore: improve log messagedd8872782
Chore: fix typos in commentsf85e696f4
Chore: fix typescript issue2e60c9984
Chore: fix timer id déclaration515303c2f
Chore: improve error message in internalDecodeVariant, when matrices are inconsistent1dd5562a0
Update standard UA nodeSet2.xml to version 1.5.3e8d592bb9
Update standard status codesd5f8f15c3
Improve Variable value set typescript definition and add new async mode
👬🏽 Contributors
What's Changed
- feat: add a description and displayName to base object when crawling by @narttmk in #1338
- [Snyk] Security upgrade node from 21.2-alpine3.18 to 21.6-alpine3.18 by @erossignon in #1337
- [Snyk] Security upgrade node from 20.8-bookworm-slim to 20.11.0-bookworm-slim by @erossignon in #1340
- Fix variable with the same name as object type by @tetanw in #1329
New Contributors
Full Changelog: v2.120.0...v2.121.0
⚠️ Known issue
- This version may cause OPCUAClient to fail to connect when the OPCUA Server exposes a UserTokenIdentity policy based on Basic192RSA15. This issue has been addressed in 2.112.0
v2.120.0
Release note for v2.200.0
🐛 Bug Fixes
[521f18d2f]
Fixes #1277 - Instantiating ObjectType with two Folders[744648e3f]
Relax Encoding detection to cope with bugs in python's asyncua - fixing #1232[56b40b191]
ClientSecureChannel: fix connection issue highlighted when server imposes maxChunk=1 #1335 #1263[2372431fd]
Ensure client.isReconnecting=true when client emits the 'connection_reestablished' event fixing #1331
✨ Enhancements
[45240f862]
Add example for GitHub #1232
🛠 Maintenance
[a0234bbb5]
Update packages[37e181611]
Add open collective badges[2e6d5937b]
Update book URL[85bee187a]
Update lock file[af3520542]
Update copyright year[f3d452bd6]
Fix copyright year and other adjustments
👬🏽 contributors
- @Salvoc14 , @nakr94 , @szelski , @ePluvinage
🌟 Join the NodeOPCUA Support Network! 🌟
NodeOPCUA continues to grow and evolve, thanks to the invaluable support from community members like YOU! 🚀
We're dedicated to enhancing and expanding the capabilities of node-opcua, and we invite you to be a part of this exciting journey. Consider contributing through our membership program at Sterfive or by donating on
Your support is crucial! 🤝
Your contributions foster innovation and strengthen a community founded on cooperation and the exchange of knowledge. 🌱
🌍 Together, we can drive the future of node-opcua forward! 🌍
v2.119.0
Release Notes for 2.119.0
🐛 Bug Fixes
- [c70438e] Fix ConditionVariableType behavior with SourceTimestamp property
- [77f1bf6] Fix MultiStateValueDiscrete behavior #1323
- [3c7c80b] Fix: packages/node-opcua-local-discovery-server/Dockerfile to reduce vulnerabilities
- [9eeb81a] Use AcknowledgeableConditionType_Acknowledge/Confirm when ConditionId is not an instance
✨ Enhancements
- [84b55ee] Allow effectiveTransitionTime to be passed when setting a TwoStateVariable for instance UACondition#setEnableState(true, { effectiveTransitionTime: somedate})
- [200e233] Allow time and receiveTime to be optionally passed on raiseNewCondition
- [734c0d9] Issue #1303 refactor: Add 'host' parameter to OPCUAServer for specific interface binding
- [8166185] Add findMethodId utility function to find a MethodId in a object or in its super type
- [ee7b7e3] Factor out node-opcua-alarm-condition module
🛠 Maintenance
- [0270f16] Update packages
- [1cba6e9] Chore: refactor client example
- [7843dec] Add some more edge tests
👬🏽 contributors
- @muddasir-barnes , @tetanw
- special thanks for @iliareshetov for fixing #1303
🌟 Join the NodeOPCUA Support Network! 🌟
NodeOPCUA continues to grow and evolve, thanks to the invaluable support from community members like YOU! 🚀
We're dedicated to enhancing and expanding the capabilities of node-opcua, and we invite you to be a part of this exciting journey. Consider contributing through our membership program at Sterfive or by donating on OpenCollective. Your support is crucial! 🤝
Your contributions foster innovation and strengthen a community founded on cooperation and the exchange of knowledge. 🌱
🌍 Together, we can drive the future of node-opcua forward! 🌍
We're profoundly grateful for your continued support and commitment to our mission! 💕👐
v2.118.0
Release Notes for 2.118.0
In this version, OPCUA Server now automatically populate the following standard UA variables with the appropriate value from the OPCUAServer constructor options:
ServerConfiguration property | value |
---|---|
ServerCapabilities | same as options.capabilitiesForMDNS like ["DA", "HA"] |
ApplicationType | same as options.serverInfo.applicationType |
ApplicationUri | as computed by the server |
ProductUri | same as options.serverInfo.productUri |
MulticastDnsEnabled | true if Server uses the MDNS ie options.registerServerMethod === RegisterServerMethod.MDNS |
SupportedPrivateKeyFormats | defaulted to ["PEM"] |
✨ Enhancements
- [3410d69] - Server: deprecate alternateEndpoints
- [8a6eaf7] - Server: expose Server.ServerConfiguration properties
- [4d32977] - Server: add a mechanism to simulate user identity password being encrypted inside an encrypted channel to simulate Siemens PLCs behavior.
- [4192e06] - Add traceLog
🛠 Maintenance
- [147a330] - Update lock file
- [874a9c8] - Chore: clean-up imports
- [9d7eeb3] - Chore: use IBasicSessionAsync whenever possible
- [3e2be22] - Update packages node-opcua-crypto@4.6.2 node-opcua-pki@4.8.1
- [1d39983] - Chore: reorder import
💡 Sponsorship Call! 💡
NodeOPCUA thrives because of supporters like YOU! 🌟
As we passionately improve and broaden the scope of node-opcua, we're reaching out for your generous support. Join us in making a difference through our membership program at Sterfive or directly on OpenCollective. 🤝
Your contribution paves the way for innovation and nurtures a community built on collaboration and shared insights. 🚀
🌐 Let's shape the future of node-opcua together! 🌐
Thank you for being a pivotal part of our journey! 💖🙌
v2.117.0
🐛 Bug Fixes
- [4767145] - Fix subscription repair when the server doesn't support TransferSubscription nor Republish #1059
- [0243c5a] - Fix minor typos
🛠 Maintenance
- [131fa12] - No need for OpenSSL anymore in docker file
- [c1ef91a] - Add missing fixture file
- [45d754d] - Chore: replace xlsx component
- [3cd6926] - Chore: update .gitignore
- [ff70927] - Update packages
✨ Enhancements
Those two enhancements have been introduced to improve the performance of @sterfive/modeler and @sterfive/toolbox
- [91cd139] - Improve nodeset export
- better detect in which nodeset the references that are joining two nodes from different namespaces should belong to.
- [19b8863] - Improve loadnodeset
- nodeset2.xml doesn't have to be loaded in priority order; the loader will prescan them and figure out the correct loading order
🧪 Tests
👬🏽 Contributors:
- thanks mg90707 and robertsLando for reporting #1059 and our open-collective donators for sponsoring its resolution.
v2.116.0
🐛 Bug Fixes
- [66c0baf] - Server: don't display endpoint warning if URL contains localhost
- [a66305a] - Fix then/catch sequence
- [58e9758] - Fix: dockertest/Dockerfile to reduce vulnerabilities
- [f7b07a6] - Fix writing into variable with a custom basic dataType
🛠 Maintenance
- [2840c7c] - Refactor getIpAddresses
- [eac74c3] - Minor refactoring
- [95439f3] - Refactor readUAAnalogItem
- [0c855fb] - Refactor ISession interfaces
✨ Enhancements
- [475ab8d] - Server: add skipOwnNamespace option
- [d953163] - Address-space: detect nodeset loading ordering
- [d20eadd] - Add missing modules
- [9e5a34a] - Improve tests coverage for validate_data_type_correctness
- [c20155b] - Add test for UABaseNode#setDescription
🔒 Security
- [58e9758] - Fix: dockertest/Dockerfile to reduce vulnerabilities
🧪 Tests
v2.115.0
🐛 bug fixing
- 9cc09bc [nodeset2xml loading] use -1 as default EnumValue when not specified in XML
- 9f65a03 improve getBasicDataType
- 709cafc make sure to explore Variant value for building namespace dependencies durring nodeset export
🚀 enhancement
- f6bf8a6 add DeviceHealthAlarm helpers
- e5cf35d use es2020
- 12ef301 add sample test code for helping issue #1262
🪱 chore
- e37cfeb disable eslint no-unsafe-declaration-merging
- d3f410c add missing fixture
- 760e3a1 update lock file
- 9aa91a4 promote sponsors in readme.md
- 156a4e4 fix dependencies in package.json
- 7a6ed49 update ids
💡 Sponsorship Call! 💡
NodeOPCUA thrives because of supporters like YOU! 🌟
As we passionately improve and broaden the scope of node-opcua, we're reaching out for your generous support. Join us in making a difference through our membership program at Sterfive or directly on OpenCollective. 🤝
Your contribution paves the way for innovation and nurtures a community built on collaboration and shared insights. 🚀
🌐 Let's shape the future of node-opcua together! 🌐
Thank you for being a pivotal part of our journey! 💖🙌