Skip to content

Releases: OPCFoundation/UA-.NETStandard

OPC UA 1.05 Maintenance Update

04 Dec 12:12
f5d00d9
Compare
Choose a tag to compare

1.05.374 roll up until Dec 4th.

This release is based on the 1.05.03 Nodeset with generated files from the ModelCompiler.
The focus in this release was on perf improvements and bug fixes.

Breaking change

Based on a recent security review, the Https server endpoints enforce by request TLS mutual authentication and change behavior without.
It is highly recommended to only use mutual TLS authentication. Some clients may not support the new scheme yet.

A new configuration variable

    <HttpsMutualTls>true</HttpsMutualTls>

enables or disables the mutual TLS authentication support (default: true).

The behavior of the https TLS endpoint changes according to the following settings:

HttpsMutualTls is true

  • The server checks the trust on the certificate which is used by the client for TLS authentication. It must be a valid OPC UA application certificate which is trusted.
  • A client can still connect without providing a client certificate, but then it is only able to call discovery services.
  • In order to create a session, the client must use the same application certificate that was used for the TLS channel.

HttpsMutualTls is false

  • There is no application authentication. The server endpoint uses security None and there is no client application authentication.
  • Instead, only user authentication is used to secure the server, anonymous user authentication is disabled.
  • Discovery service calls are supported.

Enhancements

  • Supports native .NET 9 assemblies. A new X509CertificateLoader was introduced for older .NET versions to keep the code readable without ifdef.
  • Server GDS Push CreateSigningRequest supports regeneration of the public/private key pair. by @romanett.
  • Callback to notify about channel token renewal.
  • Server detection algorithm for clients which try to exploit the known Basic128Rsa15 vulnerability.

Bug fixes

  • Client ReadNodes throws an BadInvalidType if a value type returns null.
  • Client reading of large dictionaries is split in chunks. by @ThomasNehring.
  • Mixed opc.https and https endpoint prevent a server from starting up .
  • Server endpoint certificates were not updated after GDS Push UpdateCertificate. by @romanett.
  • Event reports ignore session context. by @Filippo-Oliva-ABB.
  • Accept namespace Uri which are not well formed. Stricter handling was added in previous release, but for IOP is again relaxed.
  • Reading complex types from a server could cause a null pointer exception in BinaryDecoder. by @marcschier.
  • Reading operation limits could cause an exception (thus operation limits were ignored).
  • CRL with invalid content could cause exception when reading property with lazy decoding, decode CRL always when constructore is called to catch issues early.
  • Channel token HMAC references were not disposed after a channel renew.
  • Allow decoding of extension objects which set the length to -1.
  • Fix for CauseMappings and bug in ConditionRefresh/2 by @Archie-Miller

What's Changed

  • Bump Serilog and System.Diagnostics.DiagnosticSource by @dependabot in #2780
  • Update CauseMappings to support transitions correctly by @Archie-Miller #2877
  • ConditionRefreshAsync always results in BadNodeIdUnknown by @Archie-Miller #2876
  • [Server] GDS Push: Enable regeneratePrivatekey for CreateSigningRequest method of Server by @romanett in #2778
  • Client ReadNodes, throw BadInvalidType if a value type returned by an attribute is null by @mregen in #2746
  • [Client] Read large dictionaries by @ThomasNehring in #2782
  • Server doesn't start up with mixed https endpoints by @mregen in #2789
  • #2777 Fix for - MonitoredItem2.OnReportEvent Ignores Session in ISystemContext During Notification Process by @Filippo-Oliva-ABB in #2779
  • [Server] update endpoint descriptions after certificate update by @romanett in #2735
  • Moved the modified reference server from the unit test to its own file by @ThomasNehring in #2725
  • #2656 Fix for - Session is not provided by ClearChangeMasks when a change is notified by @Filippo-Oliva-ABB in #2772
  • Revert "#2656 Fix for - Session is not provided by ClearChangeMasks w… by @mregen in #2792
  • Fix ExpandedNodeId.Format output for not well formed uri and JSON Verbose WriteStatusCode by @mregen in #2794
  • Null pointer exception when reading a complex type from umati server.… by @marcschier in #2798
  • Add ReturnDiagnostics to Session Constructor by @romanett in #2810
  • IOP: Fix FetchOperationLimits for some use cases by @mregen in #2807
  • Update version.json to allow preview builds from develop by @mregen in #2813
  • Fix bugs in JSON decoder by @mregen in #2828
  • Update brokerHostName before MqttClientOptionsBuilder uses it's value by @mrsuciu in #2830
  • Improve crl handling in certificate stores by @romanett in #2829
  • Using Uri.TryCreate causes regression with namespace uri that use mixed lower/uppercase letters in the of the Uri. by @KircMax in #2837
  • ChannelToken: Dispose HMAC and improve lifetime calculations. by @mregen in #2846
  • Added a minimal rogue client detection mechanism at the transport level by @mrsuciu in #2850
  • ValidateRolePermissions for MIs montioring the Value of a Node by @romanett in #2809
  • [Server] ValidateRolePermissions of MonitoredItems based of the saved user identity to allow validation when no session is present by @romanett in #2832
  • Support .NET 9.0 build by @mregen in #2865
  • Client perf and memory improvements for JSON encoding and subscriptions by @mregen in #2864
  • Register callback to notify about new channel token activation (#2872) by @marcschier in #2873
  • [Client] Fix: KeepAliveInterval was not updated on ModifySubscription by @romanett in #2871
  • Merge fixes from master in stable branch by @mregen in #2878
  • Bump BouncyCastle.Cryptography from 2.4.0 to 2.5.0 by @mregen in #2875
  • Allow decoding of extension objects for legacy devices which do not set the length by @mregen in #2869
  • Enable mutual tls on server https endpoints by @mrsuciu in #2849
  • fix serialization of ApplicationConfiguration /CertificateTrustList by @romanett in #2879
  • Merge develop/main374 into release/1.5.374 by @mregen in #2881

New Contributors

Full Changelog: 1.5.374.126...1.5.374.158

OPC UA 1.05 Maintenance Update

14 Oct 21:27
0b23e5f
Compare
Choose a tag to compare

One urgent bug in complex type decoding and two issues for the JSON encoder were found in the latest release:

  • The output of the Pubsub JSON encoder namespace Uri for servers which use a not well formed namespace Uri added a http:// prefix, while the previous implementation passed the non well formed Uri along. To preserve the existing behavior, the change was reverted.
  • WriteStatusCode in the JSON encoder could produce invalid JSON when used with NonReversible/Verbose encoding.
  • A new issue was found when a complex type contains an empty array (length -1), the binary decoder fails to decode the type with a BadDecodingError.

What's Changed

  • Fix ExpandedNodeId.Format output for not well formed uri and JSON Ver… by @mregen in #2795
  • Null pointer exception when reading a complex type with empty arrays.… by @marcschier in #2799

Full Changelog: 1.5.374.124...1.5.374.126

OPC UA 1.05 Maintenance Update

26 Sep 14:04
4c2744e
Compare
Choose a tag to compare

1.05.374 Bug fix and JSON Preview Update

This release is based on the 1.05.03 Nodeset with generated files from the ModelCompiler.
The focus in this release was on a preview of the new JSON Compact and Verbose encoding types and bug fixes.

Improvements and bug fixes

  • Certificate Directory Store created default folders in the last release which can cause issues when mapping folders in dockers.
    Fix: removed to create the default folders until a certificate is stored (behavior before 118)
  • Fix for the Pubsub Interval runner where the timebase could drift.
  • The JSON decoder supports all new encoding type variations including the NodeId encoding as a single JSON string value.
    -- It supports to build the namespace table from Uri transferred by a publisher.

JSON encoder preview and known issues

  • The JSON encoder supports a preview of new Compact and Verbose encoding types.
  • The raw encoding for Compact and Verbose is not implemented yet.
  • An enumeration in a Variant in Verbose encoding is encoded as Int32 but contains JSON string values. Tbd.

JSON encoder breaking changes

  • The JSON encoder defaults for non reversible encoding were changed according to spec:
    -- encode the namespaceUri if available
    -- always encode default values

What's Changed

Full Changelog: 1.5.374.118...1.5.374.124

OPC UA 1.05 August Maintenance Update

13 Sep 06:54
c4f0f73
Compare
Choose a tag to compare

1.05.374 August Release

This release is based on the 1.05.03 Nodeset with generated files from the ModelCompiler.
The focus in this release was on security and performance improvements and bug fixes.

Improvements and bug fixes

  • Various smaller bug fixes.
  • Removed the mandatory client check for a match of the application Uri in the server certificate and the returned endpoint. Many production servers have it incorrectly configured. Open work item to make the check optional.
  • Winforms samples were moved to the samples repo. The Reference server Quickstart samples are available in a Nuget package from the preview feed.
  • Improve handling of client publish max request count. by @marcschier
  • The rejected store can be completely disabled (by @romanett) and the rejected certificate history can be limited with a new setting MaxRejectedCertificates. Rejected store is only supported with Directory store.
  • Better support for client browse with a ManagedBrowse implementation, which handles BrowseNext and all various types of errors that can occur. Implicitely also used by the NodeCache and other API that exposed browse functionality. by @ThomasNehring.
  • Reduce Server NodeManager contention on high load by moving some dictionaries to ConcurrentDictionary to avoid blocking in service calls.
  • Fix a server deadlock in channel cleanup.
  • More fuzz targets for the Xml Encoder/decoder. Now all encoders follow the dispose pattern.

Breaking changes

  • ICertificateStore has a new member NoPrivateKeys and a new method AddRejected optimized to save certs with low overhead.
  • CertificateStoreIdentifier.OpenStore has been flagged deprecated to allow for certificate caching.
  • CertificateStoreIdentifier with DirectoryStore supports to cache certificates if the store is just closed, not disposed.
  • Removed https package from OPCFoundation.NetStandard.Opc.Ua and marked it deprecated. Recommended is to set a dependency only to required packages, e.g. Server, Client, GDS.Client etc. to minimize the number of dependencies.
  • The Basic128Rsa15 policy has been removed from server configurations. It is considered unsafe and should only be used when connecting to legacy devices with no other option.

Released packages

OPCFoundation.NetStandard.Opc.Ua
OPCFoundation.NetStandard.Opc.Ua.Core
OPCFoundation.NetStandard.Opc.Ua.Security.Certificates
OPCFoundation.NetStandard.Opc.Ua.Configuration
OPCFoundation.NetStandard.Opc.Ua.Server
OPCFoundation.NetStandard.Opc.Ua.Client
OPCFoundation.NetStandard.Opc.Ua.Client.ComplexTypes
OPCFoundation.NetStandard.Opc.Ua.Bindings.Https
OPCFoundation.NetStandard.Opc.Ua.PubSub

What's Changed

  • remove winforms sample projects from main repo by @romanett in #2626
  • Client Structure by @romanett in #2668
  • Add test cases which need security none but are currently skipped on a secured server by @mregen in #2678
  • Bump NUnit.Console from 3.17.0 to 3.18.1 by @dependabot in #2682
  • Remove System.Security.Cryptography.Cng dependency by @mregen in #2688
  • Bump Serilog and System.Diagnostics.DiagnosticSource by @dependabot in #2689
  • Bump NUnit3TestAdapter from 4.5.0 to 4.6.0 by @dependabot in #2690
  • Bump NunitXml.TestLogger from 3.1.20 to 4.0.254 by @dependabot in #2691
  • Enhance publish request count management to allow limiting the publish requests to a max count by @marcschier in #2681
  • (bug) fix #2697 - m_keepAliveInterval should always be >= kMinKeepAliveTimerInterval by @BoBiene in #2698
  • Fix template based constructor in Subscription.cs by @ThomasNehring in #2677
  • Added PublisherMqttClientOptions and SubscriberMqttClientOptions for enabling custom configurations. by @mrsuciu in #2672
  • Remove default rejected store creation by @romanett in #2696
  • More fuzz targets for binary and Xml decoders by @mregen in #2621
  • Bump Microsoft.NET.Test.Sdk from 17.9.0 to 17.10.0 by @dependabot in #2701
  • [Server] Limit Access to server diagnostics array to Admin User by @romanett in #2695
  • Fix CI Build flaky tests by reducing log output, default tests to net8.0, by @mregen in #2704
  • Bump Nerdbank.GitVersioning from 3.6.139 to 3.6.141 by @dependabot in #2706
  • Bump BenchmarkDotNet from 0.13.12 to 0.14.0 and fix some build issues for legacy platforms by @dependabot in #2707
  • Managed Browse and Browse Next for the UA client. by @ThomasNehring in #2673
  • Server SDK mistakenly uses SendBufferSize as ReceiveBufferSize and vice versa by @mregen in #2718
  • Bump System.Security.Cryptography.Cng from 4.5.2 to 5.0.0 by @dependabot in #2724
  • Bump Newtonsoft.Json and System.Runtime.InteropServices.RuntimeInformation by @dependabot in #2723
  • Improve reconnect error messages, misc. small improvements by @mregen in #2719
  • Remove example of how to select unrecommended RSA15 Policy by @Archie-Miller in #2728
  • In the managed browse, pass the request header into browse next. by @ThomasNehring in #2726
  • Allow bad status code for optional Attributes in ReadNodes by @NoahHoelterhoff in #2730
  • Add tolerance to timestamp validation to reduce excessive future time… by @BoBiene in #2711
  • Skip client server cert app uri validation due to IOP issues by @mregen in #2733
  • Fix a deadlock in binary channel on cleanup, reduce contention due to locks on high server load by @mregen in #2714
  • AddRejected method for ICertificateStore by @mregen in #2720
  • Add a 1.05 update notice by @BoBiene in #2709
  • Check that DataValue.Value is not null when verifying the event notifier for an object by @kristianmo in #2729
  • August release testing: Improve cert blob decoding hot path and fix cert validator semaphore regression by @mregen in #2748
  • Remove https package from OPCFoundation.NetStandard.Opc.Ua dependencies, causes build issues. by @mregen in #2751
  • Release testing: Fix channel remove issue and channel exhaustion on reconnect by @mregen in #2749
  • Merge main in release branch by @mregen in #2750
  • Bump Moq from 4.20.70 to 4.20.72 by @dependabot in #2758
  • Bump MQTTnet from 4.3.6.1152 to 4.3.7.1207 by @dependabot in #2756
  • Bump Microsoft.NET.Test.Sdk from 17.11.0 to 17.11.1 by @dependabot in #2757
  • Openstore returns null if CertificateIdentifier is empty by @mregen in #2761
  • Merge some fixes for release by @mregen in #2762

New Contributors

Full Changelog: 1.5.374.78...1.5.374.118

OPC UA 1.05 Maintenance Update

16 Aug 14:38
1a7d9b8
Compare
Choose a tag to compare
Pre-release

Changes:

  • 1a7d9b8 Remove m_monitoredItems (#2715)
  • d588ece improve server contention, fix a deadlock in binary channel on cleanup
  • 4b822fc Bump BenchmarkDotNet from 0.13.12 to 0.14.0 and fix some build issues for legacy platforms (#2707)
  • aaf6f7d Bump Nerdbank.GitVersioning from 3.6.139 to 3.6.141 (#2706)
  • b81e9d6 Fix CI Build flaky tests by reducing log output, default tests to net8.0, (#2704)
  • 02761c7 [Server] Limit Access to server diagnostics array to Admin User (#2695) [ #2691 ]
  • afb94e7 Bump missed test dependencies in fuzz test project (#2701)
  • 1032d71 More fuzz targets for binary and Xml decoders (#2621)
  • 84628ee Remove default rejected store creation (#2696)
  • e7ae573 Added PublisherMqttClientOptions and SubscriberMqttClientOptions for allowing custom configuration (#2672)
See More
  • d184c9c Fix template based constructor in Subscription.cs (#2677)
  • 055d2c5 (bug) fix #2697 - m_keepAliveInterval should always be greater or equal to kMinKeepAliveTimerInterval (#2698)
  • 784dde6 Enhance publish request count management to allow limiting the publish requests to a max count (#2681)
  • d967bd5 Bump NunitXml.TestLogger from 3.1.20 to 4.0.254 (#2691)
  • 49407c2 Bump NUnit3TestAdapter from 4.5.0 to 4.6.0 (#2690)
  • 1f6708a Bump Serilog and System.Diagnostics.DiagnosticSource (#2689)
  • b48fe7b Remove System.Security.Cryptography.Cng dependency (#2688)
  • fd649e9 Bump NUnit.Console from 3.17.0 to 3.18.1 (#2682)
  • 2aec785 Add client tests which need security none (#2678)
  • 3479eb6 Opc UA Client Structure (#2668)
  • 65f245d Remove winforms sample projects from main repo (#2626)

This list of changes was auto generated.

OPC UA 1.05.374 June Maintenance Update

11 Jul 10:53
b493b34
Compare
Choose a tag to compare

1.05.374 June Release

This release is based on the 1.05.03 Nodeset with generated files from the ModelCompiler.
The focus in this release was on security improvements and bug fixes.

Improvements and bug fixes

  • Moved opc.https client support back to the core library, to avoid the client dependency on a kestrel server package. Now the opc.https package is only needed to enable server https profile support.
  • Add back support for netstandard2.0 (excl. complex types) to support some legacy applications.
    Please note the following restrictions:
    -- no support for the client complex types library due to the lack of support for System.Emit.
    -- ECC profiles will not be supported.
  • Support .NET Framework 4.7.2. as base version for .NET Framework. (previously 4.8)
  • Fixes a null reference in the XmlDecoder by @JSGInray
  • The client time calculations for keep alive and subscriptions are now based on a contiguous clock counter, so changing the system time should not disconnect or time out sessions and subscriptions. By @mrsuciu.
  • Fix issues found by fuzzing the UA Binary and UA Json encoders.
  • Fix a regression in the connect function which prevented RegisterServer calls to connect to a LDS. by @MD-V.
  • Bump CVE flagged System.Formats.Asn1 to 8.0.1.

Released packages

OPCFoundation.NetStandard.Opc.Ua
OPCFoundation.NetStandard.Opc.Ua.Core
OPCFoundation.NetStandard.Opc.Ua.Security.Certificates
OPCFoundation.NetStandard.Opc.Ua.Configuration
OPCFoundation.NetStandard.Opc.Ua.Server
OPCFoundation.NetStandard.Opc.Ua.Client
OPCFoundation.NetStandard.Opc.Ua.Client.ComplexTypes
OPCFoundation.NetStandard.Opc.Ua.Bindings.Https
OPCFoundation.NetStandard.Opc.Ua.PubSub

What's Changed

  • Fix macOS build, move https client transport back to core and other maintenance, by @mregen in #2659
  • Fix NullReference in XmlDecoder.ReadExpandedNodeId by @JSGInray in #2636
  • Bump Serilog.Sinks.File and System.Diagnostics.DiagnosticSource by @dependabot in #2654
  • [Client] Compute time intervals independent of System Time changes by @mrsuciu in #2639
  • Fix exception in TcpTransportlistener OnAccept call by @mregen in #2661
  • Fuzzing issues found in June by @mregen in #2663
  • Fix: RegisterServer and RegisterServer2 do not initiate connection by @MD-V in #2664
  • Fix NodeId compare found by fuzzer, Bump Asn1 Nuget due to security update by @mregen in #2669
  • Merge main for June release by @mregen in #2670

Full Changelog: 1.5.374.70...1.5.374.78

OPC UA 1.05 ECC-preview

05 Jul 10:41
f2477ec
Compare
Choose a tag to compare
Pre-release

1.05.375 ECC-preview Release

This release is based on the 1.05.03 Nodeset with generated files from the ModelCompiler.
The focus in this release was on Elliptic Curve Cryptography (ECC) support.

ECC support

  • Changes to applications configuration
  • Configuration permits specifying multiple application certificate types details
  • Bacword compatibility with existing configurations - meaning no ECC just RSA encryption support
  • Further details can be found here

Known Limitations

Not all curves are supported by all OS platforms and not all .NET implementations offer cryptographic API support for all curve types.
Due to these limitations, the support for ECC profiles is available starting with the following target platforms: .NET 4.8, .NET standard 2.1 and .NET 5 and above.
The supported ECC curve types are the following:

  • NistP256 for ECC certificates with NIST P256 curve
  • NistP384 for ECC certificates with NIST P384 curve
  • BrainpoolP256r1 for ECC certificates with Brainpool P256r1 curve
  • BrainpoolP384r1 for ECC certificates with Brainpool P384r1 curve

Released packages

OPCFoundation.NetStandard.Opc.Ua
OPCFoundation.NetStandard.Opc.Ua.Core
OPCFoundation.NetStandard.Opc.Ua.Security.Certificates
OPCFoundation.NetStandard.Opc.Ua.Configuration
OPCFoundation.NetStandard.Opc.Ua.Server
OPCFoundation.NetStandard.Opc.Ua.Client
OPCFoundation.NetStandard.Opc.Ua.Client.ComplexTypes
OPCFoundation.NetStandard.Opc.Ua.Bindings.Https
OPCFoundation.NetStandard.Opc.Ua.PubSub

What's Changed

  • Fix special case for reconnect without activate by @mregen in #2643
  • Bump Serilog.Sinks.Console and System.Diagnostics.DiagnosticSource by @dependabot in #2642
  • Make X509CertificateStore support CRLs on Windows by @romanett in #2571
  • [Client] add null check to avoid warning message when checking Security Level for anonymous user token by @romanett in #2646
  • Bump Microsoft.IO.RecyclableMemoryStream from 3.0.0 to 3.0.1 by @dependabot in #2649
  • Bump Serilog.Sinks.Debug and System.Diagnostics.DiagnosticSource by @dependabot in #2650
  • Bump docker/build-push-action from 5 to 6 by @dependabot in #2647
  • Bump Serilog.Expressions and System.Diagnostics.DiagnosticSource by @dependabot in #2648
  • Fix macOS build, move https client transport back to core and other maintenance, by @mregen in #2659
  • Fix NullReference in XmlDecoder.ReadExpandedNodeId by @JSGInray in #2636
  • Bump Serilog.Sinks.File and System.Diagnostics.DiagnosticSource by @dependabot in #2654
  • [Client] Compute time intervals independent of System Time changes by @mrsuciu in #2639
  • Fix exception in TcpTransportlistener OnAccept call by @mregen in #2661
  • Fuzzing issues found in June by @mregen in #2663
  • Fix: RegisterServer and RegisterServer2 do not initiate connection by @MD-V in #2664
  • Create 1.5.375-ECC-preview by @mrsuciu in #2667

Full Changelog: 1.5.374.61-preview...1.5.375.71-ECC-preview

OPC UA 1.05 May Maintenance Update

19 Jun 09:57
1ee3beb
Compare
Choose a tag to compare

1.05.374 May Release

This release is based on the 1.05.03 Nodeset with generated files from the ModelCompiler.
The focus in this release was on new features, security improvements and bug fixes.

Improvements and bug fixes

  • Client: Fix for a case when the client reconnects automatically but is not sending an ActivateSession, so a lot BadSessionInvalid were logged before the SessionReconnectHandler was able to recover. These service calls are now immediately returning a BadNotConnected error, allowing the SessionReconnectHandler to issue an ActivateSession immediately.
  • Client: A client sample and bug fix how to use a user certificate for authentication. (thanks @romanett)
  • Client: Choose the most secure security profile based on internal rating and not by rating returned by the server endpoint, to avoid accidently selecting a less secure profile if the server doesn't return the proper rating. (thanks @romanett)
  • Add CRL support for the X509CertificateStore on Windows. Added test cases and validated with CTT cert tests. (thanks @romanett)
  • GDS: Add method for GetCertificates support and fix CheckRevocationStatus. (thanks @romanett)

Released packages

OPCFoundation.NetStandard.Opc.Ua
OPCFoundation.NetStandard.Opc.Ua.Core
OPCFoundation.NetStandard.Opc.Ua.Security.Certificates
OPCFoundation.NetStandard.Opc.Ua.Configuration
OPCFoundation.NetStandard.Opc.Ua.Server
OPCFoundation.NetStandard.Opc.Ua.Client
OPCFoundation.NetStandard.Opc.Ua.Client.ComplexTypes
OPCFoundation.NetStandard.Opc.Ua.Bindings.Https
OPCFoundation.NetStandard.Opc.Ua.PubSub

What's Changed

  • Bump MQTTnet from 4.3.3.952 to 4.3.6.1152 by @dependabot in #2629
  • Bump BouncyCastle.Cryptography from 2.3.1 to 2.4.0 by @dependabot in #2630
  • Bump Microsoft.NET.Test.Sdk from 17.9.0 to 17.10.0 by @dependabot in #2631
  • Fix reopen secure channel without activate by @mregen in #2577
  • [Client] Fix UserIdentity for CertificateIdentifer & add parameter for console reference client to specify UserCertificate by @romanett in #2624
  • [Client] select the most secure User Identity Token if a server offers multiple ones by @romanett in #2611
  • [GDS] Add Method GetCertificates to GDS for Pull Support and ServerConfiguration for Push Support / Fix CheckRevocationStatus by @romanett in #2553
  • Bump Serilog and System.Diagnostics.DiagnosticSource by @dependabot in #2633
  • Fix special case for reconnect without activate by @mregen in #2643
  • Bump Serilog.Sinks.Console and System.Diagnostics.DiagnosticSource by @dependabot in #2642
  • Make X509CertificateStore support CRLs on Windows by @romanett in #2571
  • [Client] add null check to avoid warning message when checking Security Level for anonymous user token by @romanett in #2646
  • Bump Microsoft.IO.RecyclableMemoryStream from 3.0.0 to 3.0.1 by @dependabot in #2649
  • Bump Serilog.Sinks.Debug and System.Diagnostics.DiagnosticSource by @dependabot in #2650
  • Bump docker/build-push-action from 5 to 6 by @dependabot in #2647
  • Bump Serilog.Expressions and System.Diagnostics.DiagnosticSource by @dependabot in #2648
  • Prep 1.5.374 May release merge by @mregen in #2652

Full Changelog: 1.5.374.54...1.5.374.70

OPC UA 1.05 Maintenance Update

06 Jun 10:51
33319d2
Compare
Choose a tag to compare
Pre-release

Changes:

  • 33319d2 Bump Serilog and System.Diagnostics.DiagnosticSource (#2633)
  • 6ad2873 [GDS] Add Method GetCertificates to GDS for Pull Support and ServerConfiguration for Push Support / Fix CheckRevocationStatus (#2553)
  • 8a0349e [Client] select the most secure User Identity Token if a server offers multiple ones (#2611)
  • 8a1df6d [Client] Fix UserIdentity for CertificateIdentifer & add parameter for console reference client to specify UserCertificate (#2624)
  • ebf8f62 Fix reopen secure channel without activate (#2577)
  • 3ba3b17 Bump Microsoft.NET.Test.Sdk from 17.9.0 to 17.10.0 (#2631)
  • 1e1de48 Bump BouncyCastle.Cryptography from 2.3.1 to 2.4.0 (#2630)
  • e4b880d Bump MQTTnet from 4.3.3.952 to 4.3.6.1152 (#2629)

This list of changes was auto generated.

OPC UA 1.05 April Update

16 May 15:50
6bc90c9
Compare
Choose a tag to compare

1.05.374 April Release

This release is based on the 1.05.03 Nodeset with generated files from the ModelCompiler.
The focus in this release was on security improvements and bug fixes.

Improvements

  • Bug Fixes for the GDS support (@romanett).
  • Fix many typos and simplify Xml floating point encoder/decoder (@mtx500).
  • More tests for PubSub (@mrsuciu).
  • Add timer in the server to clean up stale channels, limit the total number of active channels (@mrsuciu).
  • UA Fuzzer framework for afl-fuzz and libfuzzer, fuzz targets for Binary and Json (@mregen).
  • Fixes in Encoder/Decoder found by fuzzing (@mregen).
  • Fix unnecessary server Shutdown delay when no LDS is present to unregister (@romanett).

New Configuration settings:

  • ChannelLifeTime is used by the server channel clean up timer.
  • MaxChannelCount can be specified in the configuration to limit number of channel per server (see...)
  <MaxChannelCount>1000</MaxChannelCount>
  <ChannelLifetime>30000</ChannelLifetime>
  • Configurable encoding limits
<MaxEncodingNestingLevels>200</MaxEncodingNestingLevels>
<MaxDecoderRecoveries>0</MaxDecoderRecoveries>

Breaking change:

  • Encoders and Decoders should follow the Dispose pattern (so far Close was sufficient to dispose the stream)

Released packages

OPCFoundation.NetStandard.Opc.Ua
OPCFoundation.NetStandard.Opc.Ua.Core
OPCFoundation.NetStandard.Opc.Ua.Security.Certificates
OPCFoundation.NetStandard.Opc.Ua.Configuration
OPCFoundation.NetStandard.Opc.Ua.Server
OPCFoundation.NetStandard.Opc.Ua.Client
OPCFoundation.NetStandard.Opc.Ua.Client.ComplexTypes
OPCFoundation.NetStandard.Opc.Ua.Bindings.Https
OPCFoundation.NetStandard.Opc.Ua.PubSub

What's Changed

  • Nuget README: add Readme to NuSpec to include in Pipeline builds by @romanett in #2580
  • Typos by @mtx500 in #2581
  • Added PubSub KeyFrameCount and DeltaFrame tests by @mrsuciu in #2579
  • Remove unnecessary casts to RoleBasedIdentity when checking for WellKnownRoles by @romanett in #2578
  • Added a limit to the Channels on the server side and removed "stale" channels by @mrsuciu in #2540
  • Bump NUnit from 3.14.0 to 4.1.0 by @dependabot in #2535
  • make tests put out readable StatusCodes by @romanett in #2593
  • Serialization of floating point values to XML: Remove superfluous handling of special values by @mtx500 in #2588
  • fix disposal of ConsoleReferenceClient by @romanett in #2601
  • Make NodeStateCollectionConcurrencyTests more robust by @saurla in #2594
  • check Application URI of the server Certificate on OpenSecureChannel by @romanett in #2583
  • Add UA Fuzzer solution for afl-fuzz and libfuzzer by @mregen in #2603
  • [Server] Fix Shutdown Delay when registration is enabled no LDS is present. by @romanett in #2589
  • Fix decode of empty CRLs by @mregen in #2609
  • Remove unnecessary dependency on System.Net.Http by @mregen in #2610
  • Set TCP defaults for max message size to align with min buffer size by @mregen in #2616
  • Bump BouncyCastle.Cryptography from 2.3.0 to 2.3.1 by @dependabot in #2617
  • Update Bouncy Castle to 2.3.1 by @mregen in #2620
  • Merge for April release by @mregen in #2619

Full Changelog: 1.5.374.36...1.5.374.54