v3.12.1

Added

• Payload formatter testing functionality in the Console.
• Options in the Identity Server to reject passwords that contain the user ID (is.user-registration.password-requirements.reject-user-id) or common passwords (is.user-registration.password-requirements.reject-common).

Changed

• Network Server now takes uplink data rate index for ADR.
• Event streams are now closed when the callers rights are revoked.

Fixed

• It is no longer possible to accidentally create API keys without any rights.
• Application overview page crashing for collaborators without certain rights.
• mac_settings.factory_preset_frequencies handling in US-like bands.

Security

• This release fixes an issue that prevented some request messages from being validated correctly, allowing invalid values in certain fields.

Release notes

Docker images

• docker pull thethingsnetwork/lorawan-stack:3.12
• docker pull thethingsnetwork/lorawan-stack:3.12.1
• docker pull ghcr.io/thethingsnetwork/lorawan-stack:3.12
• docker pull ghcr.io/thethingsnetwork/lorawan-stack:3.12.1

v3.11.4

Security

• This release fixes an issue that prevented some request messages from being validated correctly, allowing invalid values in certain fields.

Release notes

Docker images

• docker pull thethingsnetwork/lorawan-stack:3.11
• docker pull thethingsnetwork/lorawan-stack:3.11.4
• docker pull ghcr.io/thethingsnetwork/lorawan-stack:3.11
• docker pull ghcr.io/thethingsnetwork/lorawan-stack:3.11.4

v3.12.0

Added

• API and CLI commands for listing, searching for and restoring recently deleted applications, OAuth clients, gateways, organizations and users.
• State Description fields for adding context to the (rejected, flagged, suspended) state of Users and OAuth clients.
  • This requires a database schema migration (ttn-lw-stack is-db migrate) because of the added columns.
• Searching for gateways by EUI.
• Searching for users and OAuth clients by state.
• Gateway Server forwards Tx Acknowlegdment packets to the Network Server for scheduled downlinks. These can be used by the Network Server to forward downlink_ack upstream messages to the Application Server.
• UDP connection error caching. The duration can be configured via the gs.udp.connection-error-expires configuration entry.
• Option to require individual gateways to use authenticated connections.
  • This requires a database schema migration (ttn-lw-stack is-db migrate) because of the added columns.
• Login Tokens (magic login links) that can be used for password-less login.
  • This requires a database schema migration (ttn-lw-stack is-db migrate) because of the added columns.
  • This feature is disabled by default; use the new is.login-tokens.enabled option to enable it.
• Packet Broker registration, configuration of routing policies, listing home networks and viewing routing policies set by forwarding networks. See ttn-lw-cli packetbroker --help for more information.
• Support LoRa 2.4 GHz with Packet Broker.
• Include gateway identifiers from Packet Broker in metadata.
• Session and MAC state import functionality. This means that devices can be migrated without rejoin.
• Rate limiting for HTTP endpoints, gRPC endpoints, MQTT, UDP and WebSockets connections.
  • Rate limiting is disabled by default. Refer to the rate-limiting configuration entry to enable.
• Profile settings link to header dropdown menu.

Changed

• Changed the pub/sub channels that the Redis backend of the Events system uses.
• Changed the encoding of events transported by the Redis backend of the Events system.
• All external HTTP calls are now using TLS client configuration. This fixes issues where HTTP calls would fail if custom (e.g. self-signed) CAs were used.
• All external HTTP calls are now using a default timeout. This fixes issues where HTTP calls would stall for a long time.
• All value wrappers now are encoded and decoded as the value being wrapped in JSON. That means, that, e.g. format of mac_settings.rx1_delay is changed from {"value": 2} to just 2.
• Changed the error that is returned when attempting to validate already validated contact info.
  • This requires a database schema migration (ttn-lw-stack is-db migrate) because of the added column.
• Update Go to 1.16
• Network Server now performs more strict validation and will disallow creation and updates of invalid devices.
• DevEUI is not required for multicast devices anymore, regarding of LoRaWAN version.

Fixed

• Incorrect documentation url for event details data formats.
• Search functionality for applications, gateways and organizations in the Console.
• Error handling of end device template formats for the application overview page in the Console.
• Payload size limits for AU915 data rates 8 and 9, which are now consistent with Regional Parameters RP002-1.0.2.
• Payload size limit calculation in Network Server.
• Occasional panic in Network Server on downlink with corrupted device states.
• Occasional panic in Identity Server on extracting log fields from invalid requests.
• Print an error message stating that the Storage Integration is not available in the open source edition of The Things Stack when trying to execute ttn-lw-stack storage-db commands.

Release notes

Docker images

• docker pull thethingsnetwork/lorawan-stack:3.12
• docker pull thethingsnetwork/lorawan-stack:3.12.0
• docker pull ghcr.io/thethingsnetwork/lorawan-stack:3.12
• docker pull ghcr.io/thethingsnetwork/lorawan-stack:3.12.0

v3.11.3

Added

• sentry.environment configuration option to set the environment tag on Sentry reports.
• TR005 QR code format, with ID tr005.
• LoRa Cloud Geolocation Services support for TOA/RSSI end device geolocation.

Changed

• Default value of gs.udp.addr-change-block is now 0, which disables the IP firewall for UDP traffic. Deployments that need to enforce the IP check should set a value greater than 0. Note that the new default value makes UDP connections less secure.
• Prevent flooding logs with "Packet Filtered" messages when UDP gateways exceed the maximum rate limit. Only one message per minute will be printed for each gateway.

Deprecated

• TR005 Draft 2 and 3 QR code formats. Use the final version of the technical recommendation, with ID tr005.

Fixed

• Downlink queue operations on ABP devices not working under specific circumstances.
• NwkKey handling for end devices in the Console.

Release notes

Docker images

• docker pull thethingsnetwork/lorawan-stack:3.11
• docker pull thethingsnetwork/lorawan-stack:3.11.3
• docker pull ghcr.io/thethingsnetwork/lorawan-stack:3.11
• docker pull ghcr.io/thethingsnetwork/lorawan-stack:3.11.3

v3.11.2

Added

• Pagination flags for the users oauth authorizations list and users oauth access-tokens list CLI commands.
• End device ID generation based on DevEUI in The LoRaWAN Device Repository creation form in the Console.
• remote_ip and user_agent metadata on OAuth events.
• created_at and updated_at fields to API Keys.
• Telemetry for Packet Broker Agent.

Changed

• temp field of the UDP stats message is now type float32 (pointer).

Fixed

• Ocassional race condition in uplink matching with replicated Network Server instances.
• Ocassional race condition when matching pending sessions.
• Conflict error when registering an end device via the wizard in the Console.
• Pagination in the List and ListTokens RPCs of the OAuthAuthorizationRegistry.
• Event name on user login.
• Application uplink queue handling in Network Server.
• Application Server session desynchronization with the Network Server. The Application Server will now attempt to synchronize the end device session view on downlink queue operational errors. This fixes the f_cnt_too_low and unknown_session errors reported on downlink queue push and replace.
• Panic while generating SX1301 config for frequency plans without radio configuration.

Release notes

Docker images

• docker pull thethingsnetwork/lorawan-stack:3.11
• docker pull thethingsnetwork/lorawan-stack:3.11.2
• docker pull ghcr.io/thethingsnetwork/lorawan-stack:3.11
• docker pull ghcr.io/thethingsnetwork/lorawan-stack:3.11.2

v3.11.1

Added

• Profile settings view to the Account App.
  • Functionality to change basic profile information, such as name, email address and profile picture.
  • Functionality to update the account password.
  • Functionality to delete the account.

Changed

• Improved logging.

Fixed

• Synchronization in Gateway Server scheduler that caused race conditions in scheduling downlink traffic.

Release notes

Docker images

• docker pull thethingsnetwork/lorawan-stack:3.11
• docker pull thethingsnetwork/lorawan-stack:3.11.1
• docker pull ghcr.io/thethingsnetwork/lorawan-stack:3.11
• docker pull ghcr.io/thethingsnetwork/lorawan-stack:3.11.1

v3.10.10

Release notes

Fixed

• Synchronization in Gateway Server scheduler that caused race conditions in scheduling downlink traffic.
• Handling of DLChannelReq if dependent NewChannelReq was previously rejected.

Docker images

• docker pull thethingsnetwork/lorawan-stack:3.10
• docker pull thethingsnetwork/lorawan-stack:3.10.10
• docker pull ghcr.io/thethingsnetwork/lorawan-stack:3.10
• docker pull ghcr.io/thethingsnetwork/lorawan-stack:3.10.10

v3.11.0

Important

• The v3.11 Identity Server requires a database schema migration (ttn-lw-stack is-db migrate) when upgrading from v3.10.
• The v3.11 Network Server requires Redis 6 or higher.
• The v3.11 Network Server requires a data migration (ttn-lw-stack ns-db migrate) when upgrading from v3.10.

Added

• Reset functionality in Network Server, which resets session context and MAC state (see ttn-lw-cli end-devices reset command). For OTAA all data is wiped and device must rejoin, for ABP session keys, device address and downlink queue are preserved, while MAC state is reset.
• Store and retrieve Gateway Claim Authentication Code from database.
  • This requires a database schema migration (ttn-lw-stack is-db migrate) because of the added column.
  • This uses the same encryption key set using the is.gateways.encryption-key-id configuration option.
• Improved handling of connection issues in the Console, as well as automatic reconnects.
• Helpful details for synthetic meta events in the data view of the Console.
• Support field mask paths in Storage Integration API requests.
• CUPS redirection.
  • This requires a database schema migration (ttn-lw-stack is-db migrate) because of the added columns.
• Configuration option (is.user-registration.enabled) to enable or disable user registrations.
• Missing CLI commands for getting single API keys or collaborators for entities.
• New Account App for authentication, authorization and account related functionality.
  • This introduces various UX improvements and new designs around e.g. user login, registration and the "forgot password" flow.
• Integrate Device Repository.
• Device Repository component to integrate Device Repository with The Things Stack. See the dr configuration section.
  • The Device Repository database is bundled automatically into Docker release images. See the ttn-lw-stack dr-db init command to manually fetch the latest changes.
• Device repository service to the JavaScript SDK.
• Choosing array representation for end device session keys as well as gateway EUI.

Changed

• Network Server does not store recent_uplinks, recent_adr_uplinks and recent_downlinks anymore.
• Improved Network Server downlink task performance.
• Improved Network Server matching performance.
• Network Server matching mapping in the database.
  • This requires a database migration (ttn-lw-stack ns-db migrate).
• Sending a non-empty implicitly specified field disallowed field will now cause RPCs to fail. E.g. if RPC supports paths A and A.B, sending value with A.C non-empty and field mask A would result in an error.
• Improved content of emails sent by the Identity Server.
• Stricter validation of the maximum length of string fields, binary fields, lists and maps.
• Frequency plans and webhook templates are now included in Docker images, and used by default, instead of fetching directly from GitHub.
• JavaScript entrypoints changed from oauth.css and oauth.js to account.css and account.css. Note: For deployments using custom frontend bundles (e.g. via --is.oauth.ui.js-file), the filenames have to be updated accordingly as well.

Removed

• Application Server linking. The Network Server now pushes data to the cluster Application Server instead.
  • Applications which desire to handle payload decryption within their own domains should disable payload decryption at application or device level and decrypt the payload on their own end.
  • While not backwards compatible, the decision to remove linking was heavily motivated by scalability concerns - the previous linking model scales poorly when taking high availability and load balancing concerns into account.
• The option to disable CUPS per gateway gcs.basic-station.require-explicit-enable.

Fixed

• Network Server DevStatusReq scheduling conditions in relation to frame counter value.
• Missing authentication, remote_ip and user_agent fields in events when using event backends other than internal.
• Handling of DLChannelReq if dependent NewChannelReq was previously rejected.
• Login after user registration leading to dead-end when originally coming from the Console.
• Frame counter display of end devices on initial page load in the Console.
• AU915-928 data rate indexes in Regional Parameter specification versions below 1.0.2b.

Release notes

Docker images

• docker pull thethingsnetwork/lorawan-stack:3.11
• docker pull thethingsnetwork/lorawan-stack:3.11.0
• docker pull ghcr.io/thethingsnetwork/lorawan-stack:3.11
• docker pull ghcr.io/thethingsnetwork/lorawan-stack:3.11.0

v3.11.0-rc2

Release notes

Docker images

• docker pull thethingsnetwork/lorawan-stack:3.11
• docker pull thethingsnetwork/lorawan-stack:3.11.0-rc2
• docker pull ghcr.io/thethingsnetwork/lorawan-stack:3.11
• docker pull ghcr.io/thethingsnetwork/lorawan-stack:3.11.0-rc2

v3.11.0-rc1

Release notes