Skip to content

Release history

Thingsboard releases

Open-source IoT Platform - Device management, data collection, processing and visualization.

Back to tool Latest release

All releases

9 shown

Upgrade now
v4.3.1.2 Breaking risk
RCE / SSRF Auth Breaking upgrade

CVE fixes + UI & transport improvements

Open
Upgrade now
v4.2.2.2 Security relevant
RCE / SSRF Auth

CVE fixes + module improvements

Open
v4.3.1.1 Security relevant
Security fixes
  • CVE-2026-24308 — Fixed
  • CVE-2026-24281 — Fixed
  • CVE-2026-24400 — Fixed
Full changelog

What's Changed

Security

  • Fixed XSS vulnerability in notification center by @vvlladd28 in https://github.com/thingsboard/thingsboard/pull/15204
  • Fixed CVE-2026-24308, CVE-2026-24281 and CVE-2026-24400 by @ViacheslavKlimov in https://github.com/thingsboard/thingsboard/pull/15244
  • Added configurable security headers and env-var-backed CORS configuration by @ViacheslavKlimov in https://github.com/thingsboard/thingsboard/pull/15254
  • Fixed SSRF DNS rebinding bypass, added allow-list by @ViacheslavKlimov in https://github.com/thingsboard/thingsboard/pull/15253
  • Fixed CVE-2026-24281, CVE-2026-24308, CVE-2026-24400, CVE-2026-29063, CVE-2026-29087, CVE-2026-29786, CVE-2026-30827, CVE-2026-31802, CVE-2026-32141, CVE-2026-32635, CVE-2026-27904 by @vvlladd28 in https://github.com/thingsboard/thingsboard/pull/15251
  • Fixed CVE-2026-22731, CVE-2026-22732, CVE-2026-22733, CVE-2026-22737 + Spring Boot 3.5 by @ViacheslavKlimov in https://github.com/thingsboard/thingsboard/pull/15278
  • Fixed CVE-2026-33228 by @vvlladd28 in https://github.com/thingsboard/thingsboard/pull/15293
  • Fixed CVE-2026-33870, CVE-2026-33871 and GHSA-72hv-8253-57qq by @ViacheslavKlimov in https://github.com/thingsboard/thingsboard/pull/15315
  • Fixed CVE-2026-33895, CVE-2026-33894, CVE-2026-33896, CVE-2026-33750, CVE-2026-4923, CVE-2026-33671 by @vvlladd28 in https://github.com/thingsboard/thingsboard/pull/15322
  • Fixed CVE-2026-0861, CVE-2026-0915, CVE-2025-15281 for Docker images by @ViacheslavKlimov

Core & Rule Engine

  • Sanitize database error messages by @ViacheslavKlimov in https://github.com/thingsboard/thingsboard/pull/15262
  • Added OTA package data cleanup by @AndriiLandiak in https://github.com/thingsboard/thingsboard/pull/14775
  • Fixed notification requests and RPC cleanup timeout on large datasets by @AndriiLandiak in https://github.com/thingsboard/thingsboard/pull/14762
  • Added WS update on telemetry deletion by @dashevchenko in https://github.com/thingsboard/thingsboard/pull/14781

UI

  • Updated locales da_DK, de_DE, el_GR, es_ES, fr_FR, it_IT, ja_JP, nl_NL, no_NO, pt_BR, tr_TR, uk_UA, zh_CN by @vvlladd28 in https://github.com/thingsboard/thingsboard/pull/15237
  • Hidden "Show on widgets" button on sysadmin level by @vvlladd28 in https://github.com/thingsboard/thingsboard/pull/15203
  • Fixed WS reconnect loop and notification spam when session limit is reached by @vvlladd28 in https://github.com/thingsboard/thingsboard/pull/15219
  • Fixed missing translation for Polylines toggle in map settings by @vvlladd28 in https://github.com/thingsboard/thingsboard/pull/15252
  • Fixed resetting of validation on storeLink property by @mtsymbarov-del in https://github.com/thingsboard/thingsboard/pull/15168
  • Fixed time series table widgets tab style by @mtsymbarov-del in https://github.com/thingsboard/thingsboard/pull/15267
  • Fixed proxy error handling for 502/503/504 HTTP status codes by @vvlladd28 in https://github.com/thingsboard/thingsboard/pull/15292
  • Fixed string-items-list autocomplete selection and blur handling by @vvlladd28 in https://github.com/thingsboard/thingsboard/pull/15273

Edge

  • Support combined PEM cert+key for Edge gRPC SSL by @smatvienko-tb in https://github.com/thingsboard/thingsboard/pull/15205

Transport

  • MQTTS metrics and client address logging on exceptionCaught by @smatvienko-tb in https://github.com/thingsboard/thingsboard/pull/15112
  • Fixed LwM2M Redis stores startup: use separate connections for SCAN and GET by @smatvienko-tb in https://github.com/thingsboard/thingsboard/pull/15143

Full Changelog: https://github.com/thingsboard/thingsboard/compare/v4.3.1...v4.3.1.1

View release on GitHub
v4.2.2.1 Security relevant
Security fixes
  • CVE-2026-24308 — XSS vulnerability in notification center
  • CVE-2026-24281, CVE-2026-24400, CVE-2026-29063, CVE-2026-29087, CVE-2026-29786, CVE-2026-30827, CVE-2026-31802, CVE-2026-32141, CVE-2026-32635, CVE-2026-27904
  • CVE-2026-22731, CVE-2026-22732, CVE-2026-22733, CVE-2026-22737 (Spring Boot 3.5 upgrade)
Notable features
  • Configurable security headers via env-var-backed CORS configuration
Full changelog

What's Changed

Security

  • Fixed XSS vulnerability in notification center by @vvlladd28 in https://github.com/thingsboard/thingsboard/pull/15204
  • Fixed CVE-2026-24308, CVE-2026-24281 and CVE-2026-24400 by @ViacheslavKlimov in https://github.com/thingsboard/thingsboard/pull/15244
  • Added configurable security headers and env-var-backed CORS configuration by @ViacheslavKlimov in https://github.com/thingsboard/thingsboard/pull/15254
  • Fixed SSRF DNS rebinding bypass, added allow-list by @ViacheslavKlimov in https://github.com/thingsboard/thingsboard/pull/15253
  • Fixed CVE-2026-24281, CVE-2026-24308, CVE-2026-24400, CVE-2026-29063, CVE-2026-29087, CVE-2026-29786, CVE-2026-30827, CVE-2026-31802, CVE-2026-32141, CVE-2026-32635, CVE-2026-27904 by @vvlladd28 in https://github.com/thingsboard/thingsboard/pull/15251
  • Fixed CVE-2026-22731, CVE-2026-22732, CVE-2026-22733, CVE-2026-22737 + Spring Boot 3.5 by @ViacheslavKlimov in https://github.com/thingsboard/thingsboard/pull/15278
  • Fixed CVE-2026-33228 by @vvlladd28 in https://github.com/thingsboard/thingsboard/pull/15293
  • Fixed CVE-2026-33870, CVE-2026-33871 and GHSA-72hv-8253-57qq by @ViacheslavKlimov in https://github.com/thingsboard/thingsboard/pull/15315
  • Fixed CVE-2026-33895, CVE-2026-33894, CVE-2026-33896, CVE-2026-33750, CVE-2026-4923, CVE-2026-33671 by @vvlladd28 in https://github.com/thingsboard/thingsboard/pull/15322

Core & Rule Engine

  • Sanitize database error messages by @ViacheslavKlimov in https://github.com/thingsboard/thingsboard/pull/15262
  • Added OTA package data cleanup by @AndriiLandiak in https://github.com/thingsboard/thingsboard/pull/14775
  • Fixed notification requests and RPC cleanup timeout on large datasets by @AndriiLandiak in https://github.com/thingsboard/thingsboard/pull/14762
  • Added WS update on telemetry deletion by @dashevchenko in https://github.com/thingsboard/thingsboard/pull/14781

UI

  • Updated locales da_DK, de_DE, el_GR, es_ES, fr_FR, it_IT, ja_JP, nl_NL, no_NO, pt_BR, tr_TR, uk_UA, zh_CN by @vvlladd28 in https://github.com/thingsboard/thingsboard/pull/15237
  • Hidden "Show on widgets" button on sysadmin level by @vvlladd28 in https://github.com/thingsboard/thingsboard/pull/15203
  • Fixed WS reconnect loop and notification spam when session limit is reached by @vvlladd28 in https://github.com/thingsboard/thingsboard/pull/15219
  • Fixed resetting of validation on storeLink property by @mtsymbarov-del in https://github.com/thingsboard/thingsboard/pull/15168
  • Fixed proxy error handling for 502/503/504 HTTP status codes by @vvlladd28 in https://github.com/thingsboard/thingsboard/pull/15292
  • Fixed string-items-list autocomplete selection and blur handling by @vvlladd28 in https://github.com/thingsboard/thingsboard/pull/15273

Edge

  • Support combined PEM cert+key for Edge gRPC SSL by @smatvienko-tb in https://github.com/thingsboard/thingsboard/pull/15205

Transport

  • Fixed LwM2M Redis stores startup: use separate connections for SCAN and GET by @smatvienko-tb in https://github.com/thingsboard/thingsboard/pull/15143

Full Changelog: https://github.com/thingsboard/thingsboard/compare/v4.2.2...v4.2.2.1

View release on GitHub
v4.3.1 Breaking risk
Security fixes
  • CVE-2026-24734 – fixed
  • CVE-2025-66614 – fixed
  • CVE-2025-7783 – fixed
Notable features
  • Angular 20 migration for the UI
  • Cassandra result set byte-size limit added
Full changelog

What's Changed

Security

  • Fixed CVE-2026-24734 and CVE-2025-66614 by @ViacheslavKlimov in https://github.com/thingsboard/thingsboard/pull/15076
  • Fixed CVE-2025-7783, CVE-2026-26996 and CVE-2026-26960 by @vvlladd28 in https://github.com/thingsboard/thingsboard/pull/15079
  • Fixed CVE-2026-27903 and CVE-2026-27904 by @vvlladd28 in https://github.com/thingsboard/thingsboard/pull/15109
  • Added SSRF protection (must be enabled with SSRF_PROTECTION_ENABLED env) by @ViacheslavKlimov in https://github.com/thingsboard/thingsboard/pull/15123
  • Fixed CWE-770 in Jackson Core (GHSA-72hv-8253-57qq) by @ViacheslavKlimov in https://github.com/thingsboard/thingsboard/pull/15124
  • Fixed CVE-2026-27970 and CVE-2026-2391 by @vvlladd28 in https://github.com/thingsboard/thingsboard/pull/15128
  • Fixed CVE-2026-2781, CVE-2026-25646, CVE-2026-21945 and CVE-2026-21932 for Docker images by @ViacheslavKlimov and @smatvienko-tb

Major UI

  • Angular 20 migration by @ikulikov in https://github.com/thingsboard/thingsboard/pull/14944

Core & Rule Engine

  • Fixed getTimeseries API (/{entityType}/{entityId}/values/timeseries) by @dashevchenko in https://github.com/thingsboard/thingsboard/pull/15054
  • Added Cassandra result set byte-size limit by @ViacheslavKlimov in https://github.com/thingsboard/thingsboard/pull/15058
  • Fixed TBEL script execution failures on repeated runs by @ViacheslavKlimov in https://github.com/thingsboard/thingsboard/pull/15078
  • Fixed blocking JPA queries on access-validator single thread by @dskarzh in https://github.com/thingsboard/thingsboard/pull/15101
  • Fixed preservation of rule node execution counter in delay and deduplication nodes by @dskarzh in https://github.com/thingsboard/thingsboard/pull/15100
  • Improved Apple OAuth2 mapper and refactored OAuth2 client validation by @ViacheslavKlimov in https://github.com/thingsboard/thingsboard/pull/15120
  • Fixed infinite loop when rule chain input node forwards to its own rule chain by @smatvienko-tb in https://github.com/thingsboard/thingsboard/pull/15102
  • Made max WS message size configurable by @DmytroKhylko in https://github.com/thingsboard/thingsboard/pull/15116

UI

  • Fixed Redirect Url encoding by @mtsymbarov-del in https://github.com/thingsboard/thingsboard/pull/14985
  • Fixed loading and placement of Material icons by @mtsymbarov-del in https://github.com/thingsboard/thingsboard/pull/14959
  • Fixed Popover placement for Marker, Polygon and Circle overlay config by @mtsymbarov-del in https://github.com/thingsboard/thingsboard/pull/14978
  • Fixed adaptive in mail server configuration by @vvlladd28 in https://github.com/thingsboard/thingsboard/pull/15018
  • Fixed Range and Bar chart limits setup by @mtsymbarov-del in https://github.com/thingsboard/thingsboard/pull/14964
  • Fixed RGBA and HSLA inputs in color picker by @mtsymbarov-del in https://github.com/thingsboard/thingsboard/pull/15031
  • Fixed Entity key autocomplete change check by @mtsymbarov-del in https://github.com/thingsboard/thingsboard/pull/15080
  • Fixed a race condition causing the toast component by @mtsymbarov-del in https://github.com/thingsboard/thingsboard/pull/15071
  • Fixed a race condition when init image map by @mtsymbarov-del in https://github.com/thingsboard/thingsboard/pull/15097
  • Fixed default timewindow config in widget editor page by @vvlladd28 in https://github.com/thingsboard/thingsboard/pull/15108
  • Removed pattern validation from name field on CF by @mtsymbarov-del in https://github.com/thingsboard/thingsboard/pull/15142
  • Updated Ukrainian locale by @vvlladd28 in https://github.com/thingsboard/thingsboard/pull/15096
  • Extend modules map: moment-timezone, canvas-gauges and ngx-hm-carousel added by @ChantsovaEkaterina in https://github.com/thingsboard/thingsboard/pull/15130

Transport

  • Fixed Sparkplug BIRTH message validation for metrics with empty string values by @nickAS21 in https://github.com/thingsboard/thingsboard/pull/14760

Edge

  • Event-sourced propagation for admin settings by @volodymyr-babak in https://github.com/thingsboard/thingsboard/pull/15050

Full Changelog: https://github.com/thingsboard/thingsboard/compare/v4.3.0.1...v4.3.1

View release on GitHub
v4.2.2 Breaking risk
⚠ Upgrade required
  • Enable SSRF protection by setting env var SSRF_PROTECTION_ENABLED to true.
Security fixes
  • CVE-2026-24734 — fixed
  • CVE-2025-66614 — fixed
  • CVE-2025-7783 — fixed
Notable features
  • Angular 20 migration
  • Cassandra result set byte-size limit added
  • Max WS message size configurable
Full changelog

What's Changed

Security

  • Fixed CVE-2026-24734 and CVE-2025-66614 by @ViacheslavKlimov in https://github.com/thingsboard/thingsboard/pull/15076
  • Fixed CVE-2025-7783, CVE-2026-26996 and CVE-2026-26960 by @vvlladd28 in https://github.com/thingsboard/thingsboard/pull/15079
  • Fixed CVE-2026-27903 and CVE-2026-27904 by @vvlladd28 in https://github.com/thingsboard/thingsboard/pull/15109
  • Added SSRF protection (must be enabled with SSRF_PROTECTION_ENABLED env) by @ViacheslavKlimov in https://github.com/thingsboard/thingsboard/pull/15123
  • Fixed CWE-770 in Jackson Core (GHSA-72hv-8253-57qq) by @ViacheslavKlimov in https://github.com/thingsboard/thingsboard/pull/15124
  • Fixed CVE-2026-27970 and CVE-2026-2391 by @vvlladd28 in https://github.com/thingsboard/thingsboard/pull/15128
  • Fixed CVE-2026-2781 and CVE-2026-25646 for Docker images by @ViacheslavKlimov and @smatvienko-tb

Major UI

  • Angular 20 migration by @ikulikov in https://github.com/thingsboard/thingsboard/pull/14935

Core & Rule Engine

  • Added Cassandra result set byte-size limit by @ViacheslavKlimov in https://github.com/thingsboard/thingsboard/pull/15058
  • Fixed TBEL script execution failures on repeated runs by @ViacheslavKlimov in https://github.com/thingsboard/thingsboard/pull/15078
  • Fixed blocking JPA queries on access-validator single thread by @dskarzh in https://github.com/thingsboard/thingsboard/pull/15101
  • Fixed preservation of rule node execution counter in delay and deduplication nodes by @dskarzh in https://github.com/thingsboard/thingsboard/pull/15100
  • Improved Apple OAuth2 mapper and refactored OAuth2 client validation by @ViacheslavKlimov in https://github.com/thingsboard/thingsboard/pull/15120
  • Fixed infinite loop when rule chain input node forwards to its own rule chain by @smatvienko-tb in https://github.com/thingsboard/thingsboard/pull/15102
  • Made max WS message size configurable by @DmytroKhylko in https://github.com/thingsboard/thingsboard/pull/15116

UI

  • Extend modules map: moment-timezone, canvas-gauges and ngx-hm-carousel added by @ChantsovaEkaterina in https://github.com/thingsboard/thingsboard/pull/15130
  • Fixed Redirect Url encoding by @mtsymbarov-del in https://github.com/thingsboard/thingsboard/pull/14985
  • Fixed Popover placement for Marker, Polygon and Circle overlay config by @mtsymbarov-del in https://github.com/thingsboard/thingsboard/pull/14978
  • Fixed adaptive in mail server configuration by @vvlladd28 in https://github.com/thingsboard/thingsboard/pull/15018
  • Fixed a race condition causing the toast component by @mtsymbarov-del in https://github.com/thingsboard/thingsboard/pull/15071
  • Fixed a race condition when init image map by @mtsymbarov-del in https://github.com/thingsboard/thingsboard/pull/15097
  • Removed pattern validation from name field on CF by @mtsymbarov-del in https://github.com/thingsboard/thingsboard/pull/15142

Transport

  • Fixed Sparkplug BIRTH message validation for metrics with empty string values by @nickAS21 in https://github.com/thingsboard/thingsboard/pull/14760

Edge

  • Event-sourced propagation for admin settings by @volodymyr-babak in https://github.com/thingsboard/thingsboard/pull/15050

Full Changelog: https://github.com/thingsboard/thingsboard/compare/v4.2.1.2...v4.2.2

View release on GitHub
v4.3.0.1 Breaking risk
Security fixes
  • CVE-2025-69420 — fixed in Docker images
  • CVE-2025-69419 — fixed in Docker images
  • CVE-2026-22610 — fixed
Full changelog

What's Changed

Security

  • Fixed CVE-2025-69420 and CVE-2025-69419 for Docker images by @ViacheslavKlimov and @smatvienko-tb
  • Fixed CVE-2026-22610 by @vvlladd28 in https://github.com/thingsboard/thingsboard/pull/14865

Core & Rule Engine

  • Fixed propagation path updates handling for propagation CF by @ShvaykaD in https://github.com/thingsboard/thingsboard/pull/14853
  • Fixed unnecessary database updates for disabled users during failed login by @AndriiLandiak in https://github.com/thingsboard/thingsboard/pull/14751

UI

  • Updated locales el_GR, es_ES, hi_IN, nl_NL, no_NO by @vvlladd28 in https://github.com/thingsboard/thingsboard/pull/14920
  • Fixed form settings in Send RPC and Segmented Button widgets by @mtsymbarov-del in https://github.com/thingsboard/thingsboard/pull/14863
  • Fixed help link for API key by @vvlladd28 in https://github.com/thingsboard/thingsboard/pull/14864
  • Removed required from "Current Customer" field in entity alias by @mtsymbarov-del in https://github.com/thingsboard/thingsboard/pull/14816
  • Fixed missing '%' character in alias help text by @mtsymbarov-del in https://github.com/thingsboard/thingsboard/pull/14903
  • Fixed default settings in API Usage widget by @mtsymbarov-del in https://github.com/thingsboard/thingsboard/pull/14909
  • Fixed padding in Range Chart and Bar Chart with label widgets when overlay enabled by @mtsymbarov-del in https://github.com/thingsboard/thingsboard/pull/14895
  • Fixed errors when public user views alarm comments by @mtsymbarov-del in https://github.com/thingsboard/thingsboard/pull/14922
  • Fixed errors in alarm rules by @ArtemDzhereleiko in https://github.com/thingsboard/thingsboard/pull/14941
  • Fixed race condition during Power Button widget initialization by @mtsymbarov-del in https://github.com/thingsboard/thingsboard/pull/14925

Full Changelog: https://github.com/thingsboard/thingsboard/compare/v4.3...v4.3.0.1

View release on GitHub
v4.2.1.2 Security relevant
Security fixes
  • CVE-2025-68973
  • CVE-2025-6020
  • CVE-2025-13601
Notable features
  • Added Redis ACL (username) authentication support
Full changelog

What's Changed

Security

  • Fixed CVE-2025-68973, CVE-2025-6020, CVE-2025-13601, CVE-2025-69420, CVE-2026-21945, CVE-2025-69419 and CVE-2026-21932 for Docker images by @ViacheslavKlimov and @smatvienko-tb
  • Fixed CVE-2026-22610 by @vvlladd28 in https://github.com/thingsboard/thingsboard/pull/14865
  • Fixed CVE-2025-15284 by @vvlladd28 in https://github.com/thingsboard/thingsboard/pull/14729

Core & Rule Engine

  • Added Redis ACL (username) authentication support by @AndriiLandiak in https://github.com/thingsboard/thingsboard/pull/14743
  • Fixed invalid finish ts for jobs with zero tasks in task manager by @ViacheslavKlimov in https://github.com/thingsboard/thingsboard/pull/14728
  • Fixed entity data query for sysadmin by @dashevchenko in https://github.com/thingsboard/thingsboard/pull/14564
  • Fixed partition cleanup for non-public PostgreSQL schemas by @AndriiLandiak in https://github.com/thingsboard/thingsboard/pull/14631
  • Fixed SMS usage state when disabled in tenant profile by @dashevchenko in https://github.com/thingsboard/thingsboard/pull/14792
  • Fixed unnecessary database updates for disabled users during failed login by @AndriiLandiak in https://github.com/thingsboard/thingsboard/pull/14751

Transport

  • Fixed NPE for LwM2M client context after reboot by @nickAS21 in https://github.com/thingsboard/thingsboard/pull/14645
  • Fixed CoAP Unicast/Multicast MID Conflict and Silent ACK Rejection by @nickAS21 in https://github.com/thingsboard/thingsboard/pull/14748

UI

  • Fixed LwM2M bootstrap toggle not persisting "Add Bootstrap config" button state by @mtsymbarov-del in https://github.com/thingsboard/thingsboard/pull/14614
  • Fixed map action panel hide when switching to another data layer by @vvlladd28 in https://github.com/thingsboard/thingsboard/pull/14746
  • Fixed opening tenant profile autocomplete when "Create new" button is clicked by @mtsymbarov-del in https://github.com/thingsboard/thingsboard/pull/14804
  • Fixed country autocomplete autofill and improved validation by @vvlladd28 in https://github.com/thingsboard/thingsboard/pull/14802
  • Fixed missing '%' character in alias help text by @mtsymbarov-del in https://github.com/thingsboard/thingsboard/pull/14903
  • Fixed padding in Range Chart and Bar Chart with label widgets when overlay enabled by @mtsymbarov-del in https://github.com/thingsboard/thingsboard/pull/14895
  • Fixed errors when public user views alarm comments by @mtsymbarov-del in https://github.com/thingsboard/thingsboard/pull/14922

Full Changelog: https://github.com/thingsboard/thingsboard/compare/v4.2.1.1...v4.2.1.2

View release on GitHub
v4.3 Breaking risk
Security fixes
  • Fixed CVE-2025-15284
Notable features
  • Alarm rules 2.0
  • Calculated fields with geofencing, propagation, time series aggregation, and related entity aggregation
Full changelog

What's Changed

Major improvements

  • Alarm rules 2.0 by @ViacheslavKlimov in https://github.com/thingsboard/thingsboard/pull/14036
  • Calculated fields:
    • Geofencing by @ShvaykaD in https://github.com/thingsboard/thingsboard/pull/13857
    • Propagation by @ShvaykaD in https://github.com/thingsboard/thingsboard/pull/14107
    • Time series data aggregation by @irynamatveieva in https://github.com/thingsboard/thingsboard/pull/14253
    • Related entities aggregation by @irynamatveieva in https://github.com/thingsboard/thingsboard/pull/14141
  • Calculated field output strategies by @irynamatveieva in https://github.com/thingsboard/thingsboard/pull/14225
  • API keys by @AndriiLandiak in https://github.com/thingsboard/thingsboard/pull/14074
  • Enforced 2FA by @ViacheslavKlimov in https://github.com/thingsboard/thingsboard/pull/13629
  • Set default base Docker image to thingsboard/openjdk25:trixie-slim by @ViacheslavKlimov in https://github.com/thingsboard/thingsboard/pull/14687

Minor improvements

Core & Rule Engine

  • Added new entity field 'displayName' by @vvlladd28 in https://github.com/thingsboard/thingsboard/pull/14136
  • Added JSON ts type support for bulk import by @dashevchenko in https://github.com/thingsboard/thingsboard/pull/13786
  • Added API for tenant admins to delete the entire tenant by @dashevchenko in https://github.com/thingsboard/thingsboard/pull/14156
  • Added support for alarm originator label and alarm details in notification templates by @AndriiLandiak in https://github.com/thingsboard/thingsboard/pull/14236
  • Added 'PATCH' request method for 'rest api call' node by @volodymyr-babak in https://github.com/thingsboard/thingsboard/pull/14268
  • Added more find-by-ids API endpoints by @artem-barysh-dev in https://github.com/thingsboard/thingsboard/pull/14355
  • Added Redis ACL (username) authentication support by @AndriiLandiak in https://github.com/thingsboard/thingsboard/pull/14743
  • Configurable response timeout for Rule Engine API requests by @devaskim in https://github.com/thingsboard/thingsboard/pull/13924
  • Clear alarm node: async processing by @dskarzh in https://github.com/thingsboard/thingsboard/pull/13987
  • Configurable Swagger docs expansion by @dashevchenko in https://github.com/thingsboard/thingsboard/pull/13863
  • Entity name conflict strategies by @dashevchenko in https://github.com/thingsboard/thingsboard/pull/14118
  • Removed redundant persistence of CF links by @dskarzh in https://github.com/thingsboard/thingsboard/pull/14310
  • Prohibited blank relation types by @dskarzh in https://github.com/thingsboard/thingsboard/pull/13806

UI

  • Added support for setting a custom image as the widget title by @deaflynx in https://github.com/thingsboard/thingsboard/pull/13972
  • Added default language and unit system selection to user form by @deaflynx in https://github.com/thingsboard/thingsboard/pull/14101
  • Added ability to upload dashboard JSON file for update by @LeoMorgan113 in https://github.com/thingsboard/thingsboard/pull/13949
  • Added translation support for timestamp column in timeseries widgets by @mtsymbarov-del in https://github.com/thingsboard/thingsboard/pull/14009
  • Added tooltip truncation to entity version restore header by @deaflynx in https://github.com/thingsboard/thingsboard/pull/14058
  • Added "Show all" option for Columns to Display by @mtsymbarov-del in https://github.com/thingsboard/thingsboard/pull/14060
  • Added color adjustment for table pagination icons by @mtsymbarov-del in https://github.com/thingsboard/thingsboard/pull/14105
  • Added polylines support on map widget by @LeoMorgan113 in https://github.com/thingsboard/thingsboard/pull/14155
  • Added queryParams support to mobile handler navigation action by @vvlladd28 in https://github.com/thingsboard/thingsboard/pull/14144
  • Added ability to save pictures from Photo Camera widget to Image library by @mtsymbarov-del in https://github.com/thingsboard/thingsboard/pull/14153
  • Added option to sort tab entities in alphabetical order by @mtsymbarov-del in https://github.com/thingsboard/thingsboard/pull/14159
  • Added prevent whitespaces in string autocomplete by @ArtemDzhereleiko in https://github.com/thingsboard/thingsboard/pull/14315
  • Added system alarm comments localization by @dashevchenko in https://github.com/thingsboard/thingsboard/pull/14336
  • Added "Search propagated alarms" option to alarm count widget by @mtsymbarov-del in https://github.com/thingsboard/thingsboard/pull/14339
  • Added new 6h and 8h time window intervals with improved default time window by @vvlladd28 in https://github.com/thingsboard/thingsboard/pull/14379
  • Added autocomplete pattern support in title widgets by @mtsymbarov-del in https://github.com/thingsboard/thingsboard/pull/14142
  • Added filters for audit log table by @mtsymbarov-del in https://github.com/thingsboard/thingsboard/pull/14262
  • Added string autocomplete for telemetry device tab by @mtsymbarov-del in https://github.com/thingsboard/thingsboard/pull/14507
  • Added debug events modal to rule chain elements by @mtsymbarov-del in https://github.com/thingsboard/thingsboard/pull/14513
  • Added support for dynamic Y-axis limits determination in time series charts by @mtsymbarov-del in https://github.com/thingsboard/thingsboard/pull/14488
  • Added ability to save time window selection as default for dashboard by @vvlladd28 in https://github.com/thingsboard/thingsboard/pull/14472
  • Added Calculated fields page by @vvlladd28 in https://github.com/thingsboard/thingsboard/pull/14629
  • Always display point symbol for single-point line charts by @vvlladd28 in https://github.com/thingsboard/thingsboard/pull/14357
  • Always show time window in "Show on widget" feature by @vvlladd28 in https://github.com/thingsboard/thingsboard/pull/14511
  • Added local hi_IN and updated locales da_DK, de_DE, fr_FR, it_IT, ja_JP, nl_NL, tr_TR by @vvlladd28 in https://github.com/thingsboard/thingsboard/pull/14845
  • Enhanced alarm severity colors by @ArtemDzhereleiko in https://github.com/thingsboard/thingsboard/pull/14672
  • Improved create new action for entity autocomplete by @ArtemDzhereleiko in https://github.com/thingsboard/thingsboard/pull/13840
  • Improved mobile actions by @ArtemDzhereleiko in https://github.com/thingsboard/thingsboard/pull/13849
  • Improved attribute dialog style by @LeoMorgan113 in https://github.com/thingsboard/thingsboard/pull/13982
  • Improved version name overflow handling in version control by @mtsymbarov-del in https://github.com/thingsboard/thingsboard/pull/14335
  • Improved user password fields validation by @mtsymbarov-del in https://github.com/thingsboard/thingsboard/pull/14362
  • Improved Audit log and Event details dialog by @vvlladd28 in https://github.com/thingsboard/thingsboard/pull/14653
  • Optimized timewindow size in dashboard configuration when saving by @ChantsovaEkaterina in https://github.com/thingsboard/thingsboard/pull/13753
  • Optimized size of dashboards and widgets when saving by @vvlladd28 in https://github.com/thingsboard/thingsboard/pull/13690
  • Updated API usage dashboard by @ArtemDzhereleiko in https://github.com/thingsboard/thingsboard/pull/13944
  • Updated password expiration message for en-US locale by @ArtemDzhereleiko in https://github.com/thingsboard/thingsboard/pull/14322
  • Updated login page layout by @vvlladd28 in https://github.com/thingsboard/thingsboard/pull/14562
  • Refactored tb-logo as link in login, fullscreen dashboard and menu by @deaflynx in https://github.com/thingsboard/thingsboard/pull/14057
  • Shared UI components for extension: tb-phone-input, tb-widget-button by @DmytroKhylko in https://github.com/thingsboard/thingsboard/pull/14279
  • Shared UI components for extension: time-unit-input by @kalutkaz in https://github.com/thingsboard/thingsboard/pull/14684

Transport

  • Set default LwM2M server CID length to 8 by @nickAS21 in https://github.com/thingsboard/thingsboard/pull/14309

Edge

  • [Edge] Added AI model sync by @jekka001 in https://github.com/thingsboard/thingsboard/pull/13998
  • Sync user and user credentials from Edge to Cloud by @volodymyr-babak in https://github.com/thingsboard/thingsboard/pull/14352
  • Propagate entity deletions from edge to cloud (asset, device, dashboard, entity view) by @MazurenkoNick in https://github.com/thingsboard/thingsboard/pull/14447
  • Avoid duplicate edge updates by @MazurenkoNick in https://github.com/thingsboard/thingsboard/pull/14489
  • Edge Events - added merge and filter duplicates by @volodymyr-babak in https://github.com/thingsboard/thingsboard/pull/14603

Bug Fixes

Core & Rule Engine

  • Fixed calculated fields search not working by @WangXin3 in https://github.com/thingsboard/thingsboard/pull/13878
  • Fixed telemetry deletion for keys with comma by @dashevchenko in https://github.com/thingsboard/thingsboard/pull/14287
  • Fixed error when uploading resources approximately larger than 15 MB by @AndriiLandiak in https://github.com/thingsboard/thingsboard/pull/14205
  • Fixed invalid finish ts for jobs with zero tasks in task manager by @ViacheslavKlimov in https://github.com/thingsboard/thingsboard/pull/14728
  • Fixed entity data query for sysadmin by @dashevchenko in https://github.com/thingsboard/thingsboard/pull/14564
  • Fixed CVE-2025-15284 by @vvlladd28 in https://github.com/thingsboard/thingsboard/pull/14729
  • Fixed partition cleanup for non-public PostgreSQL schemas by @AndriiLandiak in https://github.com/thingsboard/thingsboard/pull/14631
  • Fixed SMS usage state when disabled in tenant profile by @dashevchenko in https://github.com/thingsboard/thingsboard/pull/14792

UI

  • Fixed help link for JavaScript library by @LeoMorgan113 in https://github.com/thingsboard/thingsboard/pull/13993
  • Fixed multiple identical requests and updated template style in version control by @deaflynx in https://github.com/thingsboard/thingsboard/pull/14011
  • Fixed extra ']' in RPC debug terminal help by @371518473 in https://github.com/thingsboard/thingsboard/pull/13882
  • Fixed action buttons blinking in table widgets during API requests by @vvlladd28 in https://github.com/thingsboard/thingsboard/pull/13892
  • Fixed map widget tooltip closing when hovering from overlay to tooltip by @vvlladd28 in https://github.com/thingsboard/thingsboard/pull/13894
  • Fixed decimals support in Liquid level widget by @mtsymbarov-del in https://github.com/thingsboard/thingsboard/pull/14012
  • Fixed column order for "On cell click" action in Entities Table widget by @mtsymbarov-del in https://github.com/thingsboard/thingsboard/pull/14020
  • Fixed empty link in entity details menu by @mtsymbarov-del in https://github.com/thingsboard/thingsboard/pull/14038
  • Fixed bar chart label position by @mtsymbarov-del in https://github.com/thingsboard/thingsboard/pull/14157
  • Changed type of color picker fields by @mtsymbarov-del in https://github.com/thingsboard/thingsboard/pull/14255
  • Fixed Microsoft Teams notification preview by @vvlladd28 in https://github.com/thingsboard/thingsboard/pull/14420
  • Fixed 'TypeError: Missing parameter name ...' when running web-ui with TB_ENABLE_PROXY=true by @wiwiwa in https://github.com/thingsboard/thingsboard/pull/14493
  • Fixed slider styles for iOS platform by @mtsymbarov-del in https://github.com/thingsboard/thingsboard/pull/14582
  • Fixed LwM2M bootstrap toggle not persisting "Add Bootstrap config" button state by @mtsymbarov-del in https://github.com/thingsboard/thingsboard/pull/14614
  • Fixed background flashes when opening or closing date-time selector by @vvlladd28 in https://github.com/thingsboard/thingsboard/pull/14744
  • Fixed map action panel hiding when opening other data layer by @mtsymbarov-del in https://github.com/thingsboard/thingsboard/pull/14745
  • Fixed applying aggregation options for latest timeseries data keys in map widgets by @ChantsovaEkaterina in https://github.com/thingsboard/thingsboard/pull/14685
  • Fixed typo in Korean translation for 2FA activation by @cafe-jun in https://github.com/thingsboard/thingsboard/pull/14772
  • Fixed opening tenant profile autocomplete when "Create new" button is clicked by @mtsymbarov-del in https://github.com/thingsboard/thingsboard/pull/14804
  • Fixed country autocomplete autofill and improved validation by @vvlladd28 in https://github.com/thingsboard/thingsboard/pull/14802

Transport

  • Fixed time LwM2M resource handling by @nickAS21 in https://github.com/thingsboard/thingsboard/pull/14077
  • Fixed NPE for LwM2M client context after reboot by @nickAS21 in https://github.com/thingsboard/thingsboard/pull/14645
  • Fixed CoAP Unicast/Multicast MID Conflict and Silent ACK Rejection by @nickAS21 in https://github.com/thingsboard/thingsboard/pull/14748

Edge

  • Improved Edge session cleanup to prevent resource leaks and message backlog due to unstable network conditions and Kafka busy timeout by @bcblr1993 in https://github.com/thingsboard/thingsboard/pull/13843

New Contributors

  • @371518473 made their first contribution in https://github.com/thingsboard/thingsboard/pull/13882
  • @WangXin3 made their first contribution in https://github.com/thingsboard/thingsboard/pull/13878
  • @bcblr1993 made their first contribution in https://github.com/thingsboard/thingsboard/pull/13843
  • @wiwiwa made their first contribution in https://github.com/thingsboard/thingsboard/pull/14493
  • @cafe-jun made their first contribution in https://github.com/thingsboard/thingsboard/pull/14772

Full Changelog: https://github.com/thingsboard/thingsboard/compare/v4.2.1.1...v4.3

View release on GitHub

Beta — feedback welcome: [email protected]