v3.1.1

What's Changed

• fix: Bump golang libs to resolve CVEs by @cloudxxx8 in #4793
• fix: Bump dependencies to resolve CVEs by @cloudxxx8 in #4799

Full Changelog: v3.1...v3.1.1

v3.1.0 - Napa

[3.1.0] Napa - 2023-11-15 (Only compatible with the 3.x releases)

• Source code
• Compatible EdgeX Compose
• Documentation
• Migration Guide

Changelog

First-party Dependencies

• go-mod-bootstrap
• go-mod-core-contracts
• go-mod-messaging
• go-mod-registry
• go-mod-secrets
• go-mod-configuration (indirect dependency)

✨ Features

• Remove snap packaging (#4706) (b52c6cf…)

BREAKING CHANGE: Remove snap packaging ([#4706](https://github.com/edgexfoundry/edgex-go/issues/4706))

• Implement notification retention feature (b213c8a…)
• Implement data retention feature (2b2ffc9…)
  Add new export error metrics to App Service common config (#4696) (a045e8e…)
• Add LastConnected metric to device service common config (596b81e…)
• Allow name field escape configurable (#4674) (8690ef6…)
• Accept Url escape in API path (67d489b…)
• Use a better error handling logic and messages when run in hybrid mode with no common config (#4617) (e9743d5…)
• Use file load for UoM to allow reading from local file or URI (#4600) (c4e9678…)
• Take secrets base directory from existing configuration (#4592) (b4f3d37…)
• Add warn log for create/update interval (#4597) (db7b7ee…)

♻ Code Refactoring

• Replace mux with Echo for all services (d8e3ff3…)
• Replace gorilla/mux router library with Echo (f0b0b88…)
• Update UrlDecodeMiddleware to use echo format (84ead09…)
• Move all the common APIs into go-mod-bootstrap (b3c3aff…)
• Remove old InsecureSecrets backward compatibility elements (#4672) (5e4c173…)
• Remove github.com/pkg/errors from Attribution.txt (92b822a…)
• Remove duplicate definitions (#4692) (34f840c…)

🐛 Bug Fixes

• (security) CORS Allow-Credentials header applies to ALL CORS requests (#4669) (2bac5d1…)
• (security) Fix crash in entrypoint.sh due to exit code (#4642) (cd3e8a6…)
• (security) Restore CORS functionality broken in EdgeX 3.0 (#4638) (5be6da0…)
• Purge notifications properly (4482fa8…)
• Core-command fuzzing test http error 500 (7fce62d…)
• Initialize interval in the local time zone (418c923…)

📖 Documentation

• Fix core-command swagger file (#4631) (fe3620c…)
• Update core-metadata swagger for missing tags and description' (#4612) (54d035b…)
• Fix typo in README (78e29ba…)
• Add common API /secret to all Swagger files (74fb306…)

👷 Build

• Upgrade to go-1.21, Linter1.54.2 and Alpine 3.18 (#4680) (4687b85…)
• Pull spire-server and spire-agent from prebuilt containers (#4667) (7bfebe8…)

🧪 Testing

• (core-data) To improve core-data fuzzing test coverage with swagger… (#4690) (8da9149…)
• Add dockerfile and script to perform fuzzing test on all swagger files and individual (#4569) (6b7b8e6…)
• Report FuzzLean result to fuzz_results folder (#4637) (74b98e4…)

🤖 Continuous Integration

• Add automated release workflow on tag creation (f296da7…)

v3.0.0 - Minnesota

[3.0.0] Minnesota - 2023-05-31 (Only compatible with the 3.x releases)

• Source code
• Compatible EdgeX Compose
• Documentation
• Migration Guide

Changelog

First-party Dependencies

• go-mod-bootstrap
• go-mod-core-contracts
• go-mod-messaging
• go-mod-registry
• go-mod-secrets
• go-mod-configuration (indirect dependency)

Features ✨

• Update base API version to v3 (#4519)

  BREAKING CHANGE: All base API version is updated to v3
  

• Change configuration file format to YAML (#4456)

  BREAKING CHANGE: Configuration files are now in YAML format, Default file name is now configuration.yaml.
  

• Accept URL escape for device command name and resource name (#4376) (#1bf67f4f)
• Common config bootstrapper and config implementation (#4292) (#9f6c2d12)
• Add ability to customize spiffe services (#4533) (#824c097d)
• Implement common config flag for security (#4464) (#0e3a5bd4)
• Add env override capability for common configuration (#4449) (#98f26a0c)
• Remove ZeroMQ MessageBus capability (#4234) (#a2765a98)

  BREAKING CHANGE: ZeroMQ MessageBus capability no longer available
  

• Consume watch for common Writable config changes (#4432) (#043fa686)
• Add GetSecret and RunTimeSecret metrics (#4556) (#079d219b)
• Consume common config (#4335)

  BREAKING CHANGE: Remove the common config information from all services.
  

• Remove UseMessageBus from config (#4330) (#6d8f4899)
• Remove old metrics collection and REST endpoint for all services (#4311)

  BREAKING CHANGE: Remove old metrics collection and REST endpoint from all services.
  

• Change Database configuration to be single instance (#4308)

  BREAKING CHANGE: Database configuration for services has changed from a Map to a single instance.
  

• Push common config to config provider (#4306) (#228e514b)
• command: Enable regex for Commands via Messaging (#f55e44b8)
• data Update Add Event REST endpoint to include service name (#4368)

  BREAKING CHANGE: Event RSET endpoint will become `/event/{serviceName}/{profileName}/{deviceName}/{sourceName}`.
  

• metadata Remove device callback calls (#36411bb3)

  BREAKING CHANGE: Device callback calls are replaced by Device System Events
  

• metadata Apply provision watcher model changes (#4471)

  BREAKING CHANGE: Apply provision watcher model changes. Add 'discoveredDevice' field which includes profileName,adminState,autoEvents, and properties for discovered device.
  

• metadata Switch UoM API to YAML format (#4462)

  BREAKING CHANGE: It was decided in Minnesota planning that all TOML files would be change to be YAML format, so switching YAML in UoM API.
  

• metadata Remove Notify field out of Device dto and add Properties field into ProvisionWatcher DTO (#4375)

  BREAKING CHANGE: Per edgexfoundry/go-mod-core-contracts#807, the boolean field notify of Device DTO is removed as device creation notification is handled by system event message now. Per edgexfoundry/go-mod-core-contracts#803, the ProvisionWatcher DTO is updated with a new Properties field.
  

• metadata Remove LastConnected, LastReported fields from Device and UpdateLastConnected configs (#4369)

  BREAKING CHANGE: Remove LastConnected, LastReported fields from Device and UpdateLastConnected configs
  

• metadata Replace REST device validation callback with MessageBus (#4366)

  BREAKING CHANGE: Adding new Device requires Device Service running for validation.
  

• metadata Implement Device Service System Events (#4351)

  BREAKING CHANGE: Publish System Events for Device Service add/update/delete, and remove the Device Service REST callback.
  

• metadata Allow Device Profile to be empty string in ProvisionWatcher (#8898ba7a)
• metadata Implement Provision Watcher System Events (#7d9adc03)
• metadata Implement Device Profile System Events (#4336) (#966ddbcd)
• metadata Remove DeviceChanged Notifications mechanism (#4320)

  BREAKING CHANGE: Remove the 'Notifications' config and 'Clients.support-notifications' dependency. In EdgeX 3.0, metadata will leverage device system events to replace the original device change notifications
  

• scheduler Add authentication to support-scheduler actions (#4419) (#923421b8)
• security Create security-proxy-auth microservice (for proxy swapout) (#4387) (#68f229a3)
• security Support for sending outgoing JWTs from core services to device service REST APIs (#4384) (#248dcbaf)
• security Vault tokens are now identity-based instead of anonymous (#4327) (#fd143bca)
• security Implementation of JWT authentication ADR (#4244)

  BREAKING CHANGE: Requires JWT authentication for all inbound requests except for /api/v2/ping URL. Removes support for Kong reverse proxy. In place of Kong, uses NGINX proxy auth module and introduces new security-prox-auth service. Changes secrets-config proxy adduser/deluser commands to create Vault users instead of Kong user. Changes secrets-config proxy tls command to write TLS certificate to docker volume instead of Kong. Removes security-proxy-setup go binary and replaces with shell script to create default TLS token.
  

• snap Remove secrets-config proxy snap options (#4511)

  BREAKING CHANGE: The ability to add users by public key has been removed in secrets-config v3. The remaining parts which are to replace default TLS certificate, is possible via other, more secure means. As a result, this feature along with all its complexity is being removed.
  

• snap: Add core-common-config-bootstrapper (#4347) (#8ffa5fbc)

Bug Fixes 🐛

• Set exitcode of secrets-config for command execution errors (#4418) (#5942442a)
• Enable delayed-start services to get message-bus credential (#4550) (#2c041b41)
• Don't register spiffe token provider s...

v2.3.0 - Levski

[v2.3.0] Levski - 2022-11-09 (Only compatible with the 2.x release)

• Browse source code here
• Compatible with EdgeX Compose here.
• View Documentation here

Changelogs for EdgeX Dependencies

• go-mod-bootstrap
• go-mod-core-contracts
• go-mod-messaging
• go-mod-registry
• go-mod-secrets
• go-mod-configuration (indirect dependency)

Features ✨

• Secure MQTT Bus Credentials (#4142) (#21503d9d)
• Add secure mqtt support for eKuiper (#4155) (#b7de7b77)
• Enable common security secret service metrics (#4184) (#8629e80a)
• Add go-winio to attribution (new SPIFFE dependency) (#4029) (#ba7dda9b)
• use different consul service policy rule for service role (#4104) (#85bfaaf4)
• Implement Device System Events (#4101) (#643a1ec0)
• Add management acl token and save token info to file (#4126) (#96e03a37)
• Add option to build Core/Support services with NATS Capability (#4137) (#604c3c95)
• Add NATS Subject for autoprovisioning streams (#4165) (#cf21bfd5)
• Add security Consul metrics (#4203) (#1656a83b)
• command: 3rd party command query via messaging (#4135) (#a0e04e55)
• command: Command request from external MQTT to internal MessageBus (#4153) (#1c2713d9)
• command: Update core-command to support message bus access (#4129) (#fd31c876)
• command: Publish device service response to external MQTT (#4166) (#1845739d)
• command: Subscribe command request via internal messaging (#6f71b1dc)
• command: Command query via internal messaging (#4182) (#07636ef9)
• metadata: Add UoM validation to POST deviceresource API (#4140) (#f87a0e7a)
• metadata: Implement GET Units of Measure API (#4127) (#de42c75f)
• metadata: Implement Unit of Measure (UoM) ADR (#4119) (#03487ec6)
• snap: Remove device-virtual (#4041) (#fed831e0)
• snap: Add secretstore token for device camera services (#4034) (#6f84e707)

Bug Fixes 🐛

• Delayed start services for support- services fail (#4159) (#726ff502)
• Fixed security-bootstrapper Docker volume init semantics (#4085) (#ad21f989)
• Fix security-secretstore-setup volume init semantics (#4092) (#66f7195a)
• Fixed Missing error check (#4100) (#062af8d3)
• Always run "kong migrations up" (#4172) (#f2edda91)
• Security services' bootstrap handler return true/false properly (#4107) (#48044024)
• Add consul policy list check (#4164) (#a3948579)
• Add missing edgex/security config stem resolution in security-consul-bootstrapper (#4110) (#a9913775)
• Addressed permission error in redis v7 #4027 (#4118) (#153a8924)
• Change redis username from redis5 to default (#4031) (#4c165043)
• data: Fix deleting numerous events HTTP request timeout by goroutines (#4063) (#e2bcede5)
• scheduler: Check interval when adding intervalAction (#895df5c4)
• scheduler: Remove unused field in scheduler config (#81b3411d)
• snap: Bind redis server to loopback interface (#4154) (#0ef95e30)

Code Refactoring ♻

• Move all the db related check to the infrastructure layer (#b0f671d9)
• Move consul access and role interface (#4193) (#5b680ce2)
• command: refactor messaging handler (#4204) (#23251983)
• data: Use deepCopy of messageBusInfo to avoid external adds (#4038) (#9735311b)
• snap: Option handling and helper-go build (#822255de)
• snap: Merge install and configure packages (#d8cdf693)
• snap: Environment variable usage and const definitions (#4207) (#87ac77fe)
• snap: Use snapctl and log packages (#4187) (#d47f91d7)

Documentation 📖

• Publish swager to 2.3.0 (#4023) (#f46214d8)

Build 👷

• Dockerfile fix (#4217) (#8ec17376)
• Upgrade CodeQL modules, enable additional checkers (#4080) (#c49e1d00)
• Upgrade to go 1.18 and latest golangci-lint (#4068) (#fb67e349)
• Add convenient alias for each service's build and docker target (#4123) (#23918450)
• Optimize test-attribution-txt.sh to use go.mod, not vendor (#4059) ([#25cc1d46](https://github.com/edgexfoundry...