5296: Refactor misleading login failure message on internal IdP
Refactored the login failure messages in the internal IdP to be less misleading for the case where the user is locked out
Visualization
5031: Realtime Tag Paths do not work as the source value of a pen on a power chart in versions 8.1.3+
Now, a non-historical tag path like [default]Simulator/Sine/Sine0 is converted to a historical format like histprov:default:/tag:Simulator/Ramp/Ramp0 for each pen. Any updates to the pen done via the UI will write the converted (historical) path back to the data.source property of the pen. This keeps all of the data.source properties of the pens in a historical format while still allowing an initial non-historical tag path to add pen data to the chart display.
2324: Qualified Value created with a ânullâ quality from an expression causes Vision window to not be able to opened in designer
Fixed a null pointer exception thrown when opening Vision windows with invalid BasicQualifiedValue objects serialized into them.
5228: WebSocketSession: âjava.lang.IllegalStateException: Delegate is not setâ warning when logging out of Perspective via IdP with the Inactivity setting
Fixed an âjava.lang.IllegalStateException: Delegate is not setâ warning Gateway log message when logging out of a Perspective Project which requires authentication due to inactivity
Data Model
4873: Edge History Sync Task fails to update sync id due to sqlite connection lock
Fixed this issue by increasing sqlite busy timeout for local syncable databases.
5326: Internal historian data isnât synced remotely if tag path is repeated for same syncid
Historical data is now forwarded properly through data sync if history set contains repeating tag path.
Visualization
5332: Perspective download() script function support for mobile apps
The Perspective download scripting function now interacts with the mobile apps directly to ensure that download requests function as expected and can be saved to the local device. Requires version 1.0.2 of the mobile apps.
2143: Reporting- Page break on row doesnât work without headers
Enabling a page break per row for a Reporting table group no longer returns only a single row of data.
1450: Perspective embedded views bidirectional bindings writing default values to tags when view is opened
Fixed issue that could cause bidirectional bindings on View parameters to inadvertently write back when loading the view.
244: Perspective Sessions Page Fails To Display Active Sessions
Fix issue occurring with Perspective status pages where page fails to display when a componentâs name is empty while gathering session info.
2027: Performance: audit and improve designer front-end performance of basic interactions (i.e. selection, resize, move) and more
Improved front-end performance of Designer selection and component interaction.
1845: Perspective Table: Deleting the last row while editing a table cell causes a Component Error
Resolve Table component error that occurs when the last row is deleted while editing a cell of that last row
Enterprise
1712: Gateway Network Client Trust Managerâs trusted certificates cache can become stale
In order to improve the security and organization of the Gateway Networkâs trusted certificates model through âseparation of concernsâ, and to gain functionality from a more mature and proven certificate model (Miloâs OPC UA Client / Server Trust Lists), the Gateway Networkâs trusted certificates are now split into client and server certificates.
Client certificates are the certificates of peer Gateways that the current Gateway trusts when it is making outgoing connections.
Server certificates are the certificates of peer Gateways that the current Gateway trusts when it is handling incoming connections.
The new trusted certificates model is organized in a way very similar to the Milo OPC UA client and server embedded within Ignition:
Server certificates live under $GATEWAY_HOME/data/gateway-network/server/security/pki/
Client certificates live under $GATEWAY_HOME/data/gateway-network/client/security/pki/
Both client and server certificates are further organized as follows:
On upgrade, to preserve backwards-compatibility: certificates which were previously shared by both client and server will be copied to each of the new client and server directories
Trusted / Approved certificates which previously lived in $GATEWAY_HOME/data/certificates/gateway_network/ will be copied over to $GATEWAY_HOME/data/gateway-network/{server|client}/security/pki/trusted/certs/
Rejected / Quarantined certificates which previously lived in $GATEWAY_HOME/data/certificates/gateway_network/quarantine/ will be copied over to $GATEWAY_HOME/data/gateway-network/{server|client}/security/pki/rejected/
Issuer (CA) certificates which previously lived as entries in the keystore file located at $GATEWAY_HOME/data/certificates/cert-chain-store will be copied over to $GATEWAY_HOME/data/gateway-network/{server|client}/security/pki/issuers/certs/
When the Gateway makes an outgoing connection to a peer Gateway whose certificate is not yet trusted, the peer certificate (or its certificate chain if one is configured) is copied into the $GATEWAY_HOME/data/gateway-network/client/security/pki/rejected/ directory
This new model allows users to configure the Gateway Network client to trust the peer Gateways on outgoing connections by moving the certificate on the filesystem from $GATEWAY_HOME/data/gateway-network/client/security/pki/rejected/ to $GATEWAY_HOME/data/gateway-network/client/security/pki/trusted/certs/. This filesystem change will be picked up immediately by the Gateway and the connection will be trusted when it attempts to reconnect again. This was not easily possible before.
The same goes for the case where a Gateway handles an incoming connection, except the directory is under $GATEWAY_HOME/data/gateway-network/server/ instead of $GATEWAY_HOME/data/gateway-network/client/. The Gateway Network config UIâs Incoming Connections tab was made compatible with this new model so that incoming connection certificates may continue to be approved, denied, or deleted there.
The keystore at $GATEWAY_HOME/webserver/metro-keystore continues to be used as the source for the private key and certificate used by both the Gateway Network client and server for the purposes of authenticating itself to its peer.
These changes only apply for Gateway Network connections over SSL / TLS (default port 8060). For the Gateway Network client making outgoing connections, two-way authentication must be enabled as well.
All certificates and files / folders under $GATEWAY_HOME/data/gateway-network/ are included in Gateway backups and restored upon restoration of such backups.
1344: Add additional context/parameters to project update script
Project update gateway event script now reports which resources were modified during project save.
Security
1570: Audit Initial User Lockout Event
The event where a user in a user source profile transitions from a state of unlocked to locked out is now audited to the Gateway Audit Profile if such a profile is configured.
Visualization
2332: Setting a dynamic height and width for nested views can fail to evaluate on initial view load
All views are now able to respond to dynamic changes to width/height.
4935: ScheduledScriptManager should use an unbounded thread-pool and execution queues for each distinct script
Scheduled scripts now use a cached thread pool and per-script execution queues. This facilitates parallel execution of scheduled scripts within a projectâuseful for both longer running scripts and situations where multiple scripts have the same schedule. A given scheduled script will enqueue and wait for any previous invocations to complete before running again.
Enterprise
4039: Allow Gateway Network Proxy Depth to be set from the Gateway UI
Gateway Network Proxying Depth is now configured via the Gateway Configuration Webpage UI. The previous checkbox for âAllow Proxyingâ has been replaced with the numeric depth count (where <= 0 is âdisabledâ and > 0 is âenabledâ). Previous values of the ignition.gan.maxproxydepth system property are absorbed into this new configuration field (if âAllow Proxyingâ was enabled) on upgrade.
5325: Remove log4j reference from EAM remote upgrader
Removed unused log4j reference from EAM remote upgrader.
Visualization
5259: Table Component passing the wrong viewParams to subviews when filtered
Regression fix for incorrect view params being passed to View instances of the Table component when filtered or paged. A regression introduced in 8.1.12.
2907: AST, AJT, and Table Components: Implement runtime column ordering via drag
Implement runtime column drag reordering for Table, Alarm Status Table, and Alarm Journal Table.
3036: Table highlight get stuck on top row of perspective table when you hover away
Fix Table mouseover highlight getting stuck on top row when mouse leaves the component.
Connectivity
5225: CIP Security Information item not supported
Fixed a bug that caused the Logix Driver to cycle between Idle and Connected upon receiving a CIP Security Information item as part of a ListIdentity response.
Security
3941: Include actor host within audit log query results
Audit Log Queries via system.util.queryAuditLog() and Vision Binding Function now include the âActor Hostâ field in the returned dataset.
Infrastructure
3315: Provide An Open Gateway Option From Designer Cards In Launcher
Added a âGo to Gatewayâ link in the Designer launcher.