What's Changed

⭐ Enhancements

• Improve RulesEngine locking by @wborn in #2745
• Improve UX consistency across several settings pages by @MartinaeyNL in #2793
• Improve RulesFacts asset state update performance by @wborn in #2772

Other changes

• Gradle: fix entry swagger-ui-bundle.js is a duplicate by @Ekhorn in #2781
• Update UI dependencies by @Ekhorn in #2792
• Reconfigure Knip workspaces to reintroduce openremote/util dev dependencies by @Ekhorn in #2796

Full Changelog: 1.24.0...1.24.1

⚠️ Important notes / Before you upgrade ⚠️

• This release requires openremote/postgresql version either 15.14+ or 17.9+
  The PostgreSQL TimescaleDB database now uses HyperCore compression by default.
  Not upgrading your containers to these versions will result in a failure to boot. See PR #2352.
  If you'd like to upgrade major PostgreSQL versions, first update to the latest openremote/postgresql version of 15.14+,
  follow the TimescaleDB documentation on upgrading, and change your major to 17.9+.

• "Data points max age days" meta item, and the OR_DATA_POINTS_MAX_AGE_DAYS environment variable have been deprecated.
  As of this version, these won't function anymore. Instead, use the OR_DATA_POINTS_MAX_AGE_WEEKS environment variable.
  You can not configure individual age policies for attributes as of this release. See PR #2352.

• We have upgraded to Groovy version 5.0.
  This will impact Groovy rules of your system, and tests in your custom projects.
  For a full breakdown, check the release notes for Groovy 5.0 here.

• Several breaking changes for people integrating or modifying the OpenRemote codebase.
  For full details, see the contents of this pull request: #2650

What's Changed

🛠 Breaking Changes

• Replace obsolete Keycloak adapter with Nimbus based JWT token verifier by @richturner in #2650

⭐ Enhancements

• Enable hypercore compression by default on the asset_datapoint table by @Miggets7 in #2352
• Add Giga and Tera units by @delamiro in #2746
• Update JSON Schema descriptions for SimulatorAgentLink by @Ekhorn in #2780
• Upgrade to groovy 5 and adapt spock dependency for it by @ebariaux in #2786
• Use ubi10 based OpenJDK base image and pin version to 1.24-5 by @ebariaux in #2787
• Upgrade gradle to 9.5.0 by @ebariaux in #2785

🐞 Bug fixes

• Fix WebSocket unsubscribe without event type or subscriptionId by @wborn in #2774

Other changes

• Remove secrets processing in pipeline by @Ekhorn in #2738
• CI/CD Fix if GFE_PASSWORD is missing by @Ekhorn in #2740
• CI/CD: Fix broken precedence of inputs and secrets by @richturner in #2739
• Add additional useful query exporter metric by @richturner in #2741
• Correctly set GFE_PASSWORD as environment variable by @Ekhorn in #2748
• CI/CD: Add breaking changes section to release notes by @richturner in #2783
• Limit forwarded SISH TCP ports to 100 by @denniskuijs in #2782
• Add Asset table fillfactor migration script and document postgres container memory settings by @richturner in #2773

Full Changelog: 1.23.1...1.24.0

What's Changed

⭐ Enhancements

• Update dependencies by @ebariaux in #2732

🐞 Bug fixes

• Fix RULE_RESET_IMMEDIATE not working as expected by @ebariaux in #2733
• Allow LoRaWAN asset attributes to ingest full JSON arrays by @rainerhitz in #2713
• Fix ColourRGB incorrectly displayed as JSON forms text input by @Ekhorn in #2702

Other changes

• Update security e-mail address by @ebariaux in #2731
• Add helper methods to get latitude and longitude from a GeoJSONPoint by @ebariaux in #2734

Full Changelog: 1.23.0...1.23.1

What's Changed

💥 Breaking Changes

• Several internal classes, like ContainerTrait.groovy, have undergone minor refactoring during our cleanup routine.
  If you maintain a fork or use the custom project template, review your code for possible signature changes.
  See #2656 for more details.

⭐ Enhancements

• JAX-RS client code cleanup by @richturner in #2656
• Bump gRPC version to 1.80.0 by @denniskuijs in #2704
• Update GHA versions by @wborn in #2705
• Polish locale translations with new keys and i18n fixes by @michalpankau in #2699
• Improve daily purge SQL querying by @richturner in #2728

🐞 Bug fixes

• Fix: skip kc token refresh for unauthenticated (public) users by @Hackerberg43 in #2703
• Fix for UI access token update interval not being ran by @MartinaeyNL in #2729

Other changes

• Fix Docker buildx action by @denniskuijs in #2706
• Fix Docker Buildx action by @denniskuijs in #2707
• Expose queryDatapoints in the AbstractDatapointService for ease of use by @pankalog in #2674
• Fix deploy step by @wborn in #2708
• Use axion-release-plugin v1.21.1 by @wborn in #2709
• Update deploy.sh by @richturner in #2723
• Mask workflow dispatch input values by @richturner in #2724

New Contributors

• @michalpankau made their first contribution in #2699

Full Changelog: 1.22.1...1.23.0

What's Changed

🔒 Security updates

• CVE-2026-41166 on improper access control in UserResourceImpl.java with cross-realm user role updates

⭐ Enhancements

• Fix invalid CronExpression for AWS DLM (Data Lifecycle Manager) by @denniskuijs in #2687
• Re-connect when MQTT connection lost in connect-and-publish load2 scenario by @ebariaux in #2693

🐞 Bug fixes

• Websocket connection initialisation threading issue fix by @richturner in #2655
• Improve access control and input validation on update parent endpoints by @ebariaux in #2692

Other changes

• Enforce test execution order and directly run the manager jar for app tests by @Ekhorn in #2689
• Aggregate test reports by @Ekhorn in #2691
• Exclude test tasks from report aggregation step and fix setups not provisioning for pipeline deployments by @Ekhorn in #2697

Full Changelog: 1.22.0...1.22.1

What's Changed

💥 Breaking Changes

• If your system contains automation Rules using JavaScript, these have become legacy and unsupported.
  JavaScript Rules have become readonly, won't run anymore, and can not be created nor updated as of this release.
  The JavaScript engine to run these Rules, has been removed from the codebase in its entirety.

🔒 Security updates

• CVE-2026-39842 on JavaScript Expression Injection in OpenRemote
• CVE-2026-40882 on XXE in Velbus Asset Import

🎉 New features

• UI: add Rive renderer component by @MartinaeyNL in #2666

⭐ Enhancements

• Replace pre-built gRPC JARs with Gradle Protobuf generation for ChirpStack and TTS by @rainerhitz in #2576
• k8s: Allow custom logging configuration via values files / ConfigMap by @ebariaux in #2663
• java dependencies update by @ebariaux in #2681

🐞 Bug fixes

• Fix connection retry issue in AbstractMQTT_IOClient by @richturner in #2653
• RuleService: preserve AttributeInfo ordering by @ebariaux in #2678

Full Changelog: 1.21.0...1.22.0

What's Changed

💥 Breaking Changes

• Only superusers can create JavaScript Rules as of this release. We're removing the JavaScript Rules engine in 1.22.0.

⭐ Enhancements

• Upgrade to Gradle 9.4.1 by @wborn in #2647
• Make JUnit tests run in parallel by @Ekhorn in #2652
• UI: replace Math.random() with crypto randomUUID by @MartinaeyNL in #2648
• load2 support for multiple HAProxy pod replicas by @ebariaux in #2657
• UI: Improve WebSocket stability using access token retrieval by @MartinaeyNL in #2573

🐞 Bug fixes

• Correctly cancel fallback scheduled future in Gateway connector by @richturner in #2654
• Fix deadlock in AbstractNettyIOClient by @richturner in #2646
• Fix race condition for timers around engine stop and timer reschedule. by @ebariaux in #2662
• Add permission checks for creating/modifying JavaScript rules by @qxyuan853 in #2671
• Fix schema generator generating duplicate type properties for the OAuthGrant subtypes by @Ekhorn in #2558

Other changes

• Kubernetes: use latest docker images for the different containers by @ebariaux in #2645
• Force exclude unused UI test tasks by @Ekhorn in #2649
• Fix deprecated gradle configurations by @Ekhorn in #2651
• Use thread executor in clustering setup for asset creation by @Ekhorn in #2658
• Improve maven release process by @wborn in #2659
• Make UI app tests wait for the manager to be healthy by @Ekhorn in #2664
• Fix Gradle deprecations by @wborn in #2667

New Contributors

• @qxyuan853 made their first contribution in #2671

Full Changelog: 1.20.2...1.21.0

What's Changed

⭐ Enhancements

• Fix map marker flickering when receiving WebSocket events by @Ekhorn in #2610
• Upgrade to JUnit 6 by @ebariaux in #2643

Other changes

• Fix Balena build issues by @wborn in #2602
• Improve test stability around DST date changes by @richturner in #2640
• Fix Provision Host CI/CD workflow by @denniskuijs in #2644

Full Changelog: 1.20.1...1.20.2

What's Changed

⭐ Enhancements

• Upgrade to gradle 9.4 by @ebariaux in #2626
• Add filter input to add asset dialog by @delamiro in #2625
• Agent: Add write value filter functionality to agent links by @Hackerberg43 in #2579

🐞 Bug fixes

• Bugfix for public asset permissions by @richturner in #2621

Other changes

• Fix duplicate dependency on rest package in manager app by @Ekhorn in #2627
• Reinstate gateway tests and added accessPublicRead option to gateway asset sync rules by @richturner in #2624
• Add missing accessPublicRead property in hashCode and equals methods by @Ekhorn in #2631
• Add query-exporter example configuration by @richturner in #2635

New Contributors

• @delamiro made their first contribution in #2625

Full Changelog: 1.20.0...1.20.1

What's Changed

💥 Breaking Changes

• If you are using Modbus with OpenRemote, please be aware of the refactor in #2097.
  A lot of improvement has been achieved, but it could have major impact depending on your hardware and software configurations.

⭐ Enhancements

• Update dependencies by @ebariaux in #2604
• Update UI dependencies by @Ekhorn in #2606
• insights app: add dashboard refresh timer and fix broken refresh button by @Hackerberg43 in #2596
• MODBUS protocol refactor by @Hackerberg43 in #2097

🐞 Bug fixes

• Fix degraded map performance after re-rendering map markers several times by @Ekhorn in #2614

Other changes

• load2 setup: need more time on smaller clusters by @ebariaux in #2608
• Add map clustering setup by @Ekhorn in #2615

Full Changelog: 1.19.0...1.20.0