Changelog and Upgrade Guide

What has changed in 0.37.2?

This is a maintenance release which includes improvements to the Admin UI as well as the SHDR and Pfannenberg Connect protocols.


  • fixed an issue with automated updating the Admin UI after deleting a service

  • fixed an issue which prevented containers from reaching the Connectware host after performing platform updates or restarts

  • made Pfannenberg reconnect behavior on mote power-cycles more resilient

  • improved SHDR alarm message handling

What has changed in 0.37.1?

Performance and dependency update release with the new feature of being able to see license information in the Admin UI. This update also includes the breaking changes of moving to explicit license keys.


Version 0.37.0 has been pulled back. If you happen to have installed 0.37.0 and are facing troubles please contact Cybus Support.


  • added Connectware license information view so users can see details of their license


  • fixed general performance of the Admin UI including initial load time and status updates

  • fixed issues with numeric numeric wildcard backreferencing in device mapper middleware

  • fixed auto generated TLS certificates to comply with new MacOS Security.

  • fixed admin web ui websocket connection in Safari Browsers

  • fixed issues caused by incorrect opcua reconnect behavior.


  • changed maximum number of messages in history section of the Data Explorer in the Admin UI to be 50 instead of 30

  • Heidenhain Protocol is now able to connect to multiple Heidenhain Machines with a single windows agent. For this, heidenhain-agent version 3.5.0 or newer is required



Old username and password credentials for Connectware installs will be deprecated. Users will be prompted for a license key upon upgrade. Please contact for valid license keys.


Starting with this version, self-signed certificates generated on the initial implementation of Cybus Connectware do comply with the new certificate requirements introduced in MacOS Catalina. Specifically, these certificates now carry the extendedKeyUsage=serverAuth flag. Without this, all browsers on recent MacOS versions refuse to connect to the Connectware Admin UI and give no option to add an exception. Since we do not recommend using self-signed certificates in production, we currently do not replace any existing certificates automatically. For future releases, it is planned to include a UI based certificate management option. Until that, it is necessary to manually delete old, now invalid certificates from the system during the update process.

The following steps are only required if you face problems with accessing the connectware admin interface in your browser on MacOS due to security reasons with error: ERR_CERT_INVALID. If you see the error ERR_CERT_AUTHORITY_INVALID this is the normal behavior for self-signed certificates and can be solved by adding an exception in the browser.

For managed appliances, please contact Cybus Support for this process.

For self-hosted appliances, do the following steps:
  1. Stop existing Connectware Containers (docker-compose stop)

  2. Remove existing certificates. These are stored in a docker volume. The name of the volume depends on the name of the installation directory. If you chose the default /opt/connectware directory, the volume is names connectware_certs. To find out the name of your volume, type docker volume ls and then delete the volume with the command docker volume rm <volumename>

  3. Install the new version as described in the installation guide.

What has changed in 0.35.2?

This is a maintenance release to improve stability with the opcua protocol.


  • changed maximum number of messages in history section of the Data Explorer in the Admin UI to be 50 instead of 30

  • changed location of username in Admin UI to be in the right hand corner of of the appbar



Old username and password credentials for Connectware installs will be deprecated. Users will be prompted for a license key upon upgrade. Please contact for valid license keys.

What has changed in 0.35.1?


  • fixed an issue that would not enable the login button if the login form is being auto-filled

What has changed in 0.35.0?

Feature rich release including Middleware Layer, SHDR protocol for directly talking to MTConnect Adapters and Admin UI improvements including JSON rendering in Data Explorer.


  • added MQTT Middleware Stash, Filter, Transform, Cov, Burst and Parse

  • added support for the SHDR protocol for directly talking to MTConnect Adapters

  • added the capability to change user passwords from the login screen.

  • added ‘all’ field to werma protocol to combine all updates in a single message

  • added the ability to use named wildcards in MQTT subscriptions

  • added the ability to use template variables in MQTT and HTTP mappings for dynamic fields like topic and header

  • added JSON rendering in Admin UI Data Explorer


  • changed maximum log file size for Connectware docker images to 10 megabytes


  • fixed an issue that would reject all subscriptions in a single MQTT request, if a single one was not authorized.

  • fixed an issue in which multiple OPC-UA subscriptions to the same endpoint where not resolved correctly

  • fixed an issue on the logs API which prevented filtering in the log-view

  • fixed a number of UI bugs and improved the user experience in the admin web app in general

  • fixed compatibility bugs with Internet Explorer 11



MQTT Burst Mode is now configured as a middleware. If you have used the flag burstInterval in your MQTT Device Commissioning Files before, you now need to move this into the middleware section of the target.


driver: s7 connection: …


driver: mqtt defaults:

burstInterval: 500


driver: s7 connection: …


driver: mqtt defaults:

middleware: - name: burst


burstInterval: 500

What has changed in 0.34.01?


  • improper reporting of unhealthy state in broker

What has changed in 0.34.0?

This is mainly a maintenance and cleanup release. Almost all internal dependencies have been updated to the latest versions.


  • container names in services are restricted in lengths to 63 and characters to alphanumeric and dashes

  • strack-slc4 protocol has been removed from default release


  • Security issues in CVE-2019-9900 (considered critical), CVE-2019-9901 (considered medium severity), CVE-2019-5021 (considered low severity)

  • a bug causing logs in admin web app to be tagged displayed always with current date

  • improved systemd file for self-hosted instances by removing unnecessary docker login command

  • Boosted performance of device view for large amounts of devices

  • Non system service installations of the Connectware can now be upgrade using the -oe -r options on the installer script


  • Authorization header on Service Proxy has been changed to X-Cybus-Authorization to avoid conflicts with user management inside of services

  • Heidenhain protocol has been fundamentally reworked, commissioning file structure has changed. Many new features have been added to Heidenhain TNC

What has changed in 0.33.1?


  • an issue regarding proper path rewriting for Service-Containers allowing inbound http(s) connections

  • an issue api with wildcard permissions not including the direct parent

What has changed in 0.33.0?


  • a new protocol: Heidenhain TNC, giving access to several CNC machine types

  • possibility to deploy the connectware as virtual or physical appliance

  • increased security measures by using more restrictive content security policies (CSPs)

  • moved to TLS1.2

  • dynamic configuration possibility of our ingress controller, allowing seamless integration of HTTP or even TCP based third-party applications within services

  • an easy-to-use install script available under:


  • self-signed certificates are generated automatically during connectware upstart

  • the default IP range has been moved to 172.X.X.X/24 to improve compatibility with company networks. NOTE: As a result existing .env files have to be adapted.


  • an issue with overflowing text in snackbar notifications

  • an issue of not being able to delete containers that got stuck in a restart loop

  • a sorting issue w.r.t. log message display

  • Api calls for wildcard permissions now include the direct parent


Before installing make sure:
  • possibly existing .env file is deleted in the targeted install folder

  • possibly existing docker volumes with name connectware_certs are deleted

What has changed in 0.32.0?


  • an option to handle retained messages in the DeviceMapper for MQTT connections (forwardRetained)

  • full documentation of the OPC-UA protocol (see OPC-UA)

  • possibility to install the Connectware via a single script (prerequisites are a linux based OS having docker and docker-compose installed)

  • a new User panel, allowing to manage users, set roles and access permissions (see User Management for details)

  • possibility to specify device names on individual instances (see Commissioning file structure)

  • Beta feature for client-registration (see Self Registration)


  • the authentication and authorization scheme for both - the REST-ful management API and the MQTT-based data API.

    • Authentication now supports basic (password based), token (JWT based), and client-certificate methodology.

    • Authorization, i.e. access permissions can be generically formulated for both, individual REST-ful paths and MQTT topics. A set of permissions can be combined into named roles , ready for sharing with other users (see Add role to user).

  • the output format of the OPC-UA protocol. It now provides the data in the standard format (being {"value": "<value>", "timestamp": "<msSinceEpoch>"})

  • the output format of the MODBUS protocol. It now provides the data in the standard format (being {"value": "<value>", "timestamp": "<msSinceEpoch>"}).

    • NOTE: The new format is only enabled once the additional dataType property is provided with the commissioning file (see Modbus/TCP), else the behavior is unchanged.

  • the notification snackbars in the UI, they are now color-coded, categorized and perform stacking in case they appear shortly after each other

  • the logging panel in the UI, it provides a much clearer design and an improved filtering using chips for selecting log-categories, containers, etc. (see System)

  • the rendering of tabs in the UI, they are not spanning the full-width anymore but are more browser-like in look & feel


  • the Grantee and Permissions panel in the UI (got replaced by new User panel)