steve-3.9.0

What's new:

• Generate endpoint info on About page based on provided HTTP host header (#822)
• Spring Boot prep: #1744 #1820 #1821
• Migrate to Spring Boot (#1822)
• Fixes after Spring Boot migration: #1843 #1844 #1846
• Fix: mail address handling in GUI (558e5be)
• Add User ID on transaction pages (#1857)
• User notification per email on charging session related events (#1263)
• Add latitude longitude to address table (#1860)
• Close websocket connection (if any) after deletion of a charging station (#1872)
• Implement OCPP 1.6 Security (#1854)
  This is big: We finally implemented OCPP 1.6 Security Whitepaper Edition 3. It might be rough at some areas.
• Data import and export (#1873)

Thanks to all the contributors!

steve-3.8.0

What's new:

• migrate from javax to jakarta APIs (#1519)
• migrate to java 21 (#1707)
• validate chargeBoxId for WS connections (#1526)
• Encode values properly when rendering HTML pages (#1533)
• add authorization support to open-api and swagger-ui (#1043)
• Fix SOAP/WS connection issues (#1542)
• Implement database-based multi user system for Web UI (#1539)
• switch to basic auth for API access (#1545 #1608)
• switch open-api spec to basic auth (#1540)
• add APIs link to navigation header (#1577)
• Add missing OpenAPI descriptions (#1666)
• ensure consistent OpenAPI controller/endpoint ordering (415e1d5)
• fix swagger ui issues behind proxy (7893695)
• Improve query functionality (#1682)
• add ability to query only stopped transactions (#1705)
• fix the way request params are rendered on Swagger UI (#1706)
• add nuanced impl when querying stopped transactions (71dea99)
• extend ignoring of transactionIds to all negative values (#1415)
• add impl to delete unfinished tasks (#741)
• fix: not showing intermediate meter values (#1731)
• switch from log4j2 to logback (#1734)
• move code analysis config files to project root (#1742)
• Allow a user to have more than one OcppTag (#1766)
  IMPORTANT: this might be a breaking change for some existing installations, due to this database model change. adjust your assignments beforehand for a conflict-free migration.
• add userId as filter to ocpp tags, reservations and transactions (#1778)
• Migrate from LocalDateTime to DateTime in web layer (#1789)
• Add query filter to users (and ocpp tags) to express association variants (#1808)
• TxProfile within RemoteStartTransaction.req (#1809)
• transactionId support for SetChargingProfile (i.e. TxProfile support for ChargingProfilePurpose) (#1816)
• various refactors
• various dependency updates

Thanks to all the contributors!

steve-3.7.1

What's new:

• Backport of #1526: Validate chargeBoxId for websocket connections with a regex. The chargeBoxId regex was also tightened to prevent some unwanted characters. If you want to go back to the previous, less restrictive, regex, you can override this behaviour with the newly introduced property/config charge-box-id.validation.regex. You can set it to the old regex value which was \\S+. However, please only do so if the chargeBoxIds in your system are incompatible with the new regex.
• Backport of #1533: Encode values properly when rendering HTML pages.

This is a security update. We urge all v3.7.0 users to update to this version.

steve-3.6.1

What's new:

• Backport of #1526: Validate chargeBoxId for websocket connections with a regex. The chargeBoxId regex was also tightened to prevent some unwanted characters. If you want to go back to the previous, less restrictive, regex, you can override this behaviour with the newly introduced property/config charge-box-id.validation.regex. You can set it to the old regex value which was \\S+. However, please only do so if the chargeBoxIds in your system are incompatible with the new regex.
• Backport of #1533: Encode values properly when rendering HTML pages.

This is a security update. We urge all v3.6.0 users to update to this version.

steve-3.5.1

What's new:

• Backport of #1526: Validate chargeBoxId for websocket connections with a regex. The chargeBoxId regex was also tightened to prevent some unwanted characters. If you want to go back to the previous, less restrictive, regex, you can override this behaviour with the newly introduced property/config charge-box-id.validation.regex. You can set it to the old regex value which was \\S+. However, please only do so if the chargeBoxIds in your system are incompatible with the new regex.
• Backport of #1533: Encode values properly when rendering HTML pages.

This is a security update. We urge all v3.5.0 users to update to this version.

steve-3.7.0

What's new:

• Refine grammar/fix typo of the title of stop button in transaction.jsp (#1224)
• add support for incoming calls to OcppJsonChargePoint (de399e5)
• add chargeBoxId to table transaction_stop_failed (#1331)
• Fix issue related to invalid characters in tags being submitted (#1322)
• drop support for mysql 5.7 (#1349)
• switch to java 17 (#1348)
• List Tag at RemoteStart if it's max transaction count is not reached (#1378)
• reservationId=0 being synonymous with "null" in StartTransaction (#1414)
• transactionId=0 being synonymous with "null" in MeterValues (#1415)
• remove the flag firstArrivingMeterValueIfMultiple and its usage (#1423)
• Fix suboptimal DB views with slow queries (#1219)
• insert connector conditionally for SetChargingProfile tasks (#1474)
• not fail on receiving with unknown ocpp properties in Json messages (#1460)
• Setting a database baseline (#1439)
• better msg if logs are unavailable (#1511)
• Update docker-compose.yml to add restart policies (#1508)
• Refactor: Extract tag authorization in a dedicated service (#1005)
• transaction detail page shows only energy meter values (#1515)
• Update dependencies, plugins, github actions

Thanks to all the contributors!

steve-3.6.0

What's new:

• Remove charging profile regardless of reply status (#968)
• Set the correct http status if chargeboxid is not recognized (#1020)
• Allow Heartbeat Interval to be zero (#1088)
• Accept '"null" alongside of "{}" as empty payload (#1109)
• Update transactions web page with a better description of "Stop" functionality (#1162)
• Add thread name to logs in prod env (e2c4c14)
• Start using maven wrapper (#998)
• API endpoints for automation and integration (#910)
  This is big: We start exposing some APIs for 3rd party integration.
• Use the default values for input/output buffers (#846)
  This is big: There has been ongoing complaints about the memory behaviour, and more specifically OOM. @jpires did a great job uncovering and fixing it in #1058
• Update dependencies

Thanks to all the contributors!

steve-3.5.0

What's new:

• update ocpp_protocol in db after a ws/json station connects
• wrap cell contents in case of table overflow (#803)
• relax extraction of chargebox id (#689)
• consider only Raw meter values in TransactionStopService.findLastMeterValue (#816)
• Add recommended, additional configuration keys for OCMF (#819)
• Replace NotificationService direct calls by indirect calls via ApplicationEventPublisher (#844)
• respect X-Forwarded-For headers if present (#570)
• escape html chars during json ser/deser
• remove 'value' validation on ChangeConfigurationParams (#920)
• update dependencies

steve-3.4.9

What's new:

• update spring version to address RCE vulnerability (#791)
• update jackson databind to address CVE (FasterXML/jackson-databind#2816)
• migrate from jetty 9 to jetty 10
• mark not connected JSON charge points as disconnected (#355)
• increase hikari's maxLifetime (#736)
• migrate tests from junit 4 to 5
• improve websocket handshake logic
• update dependencies

we urge all users to update to this version.

steve-3.4.8

What's new:

• important: another update of log4j2 to fix another vulnerability (#715).

we urge all users to update to this version.