Changelog and Upgrade Guide

What has changed in 1.0.0?

This is the first stable release in the 1.0 series of the Connectware! Data governance and connectivity from the shopfloor to the enterprise is now easier and more reliable than ever.

The general changes compared to 0.x are explained in the page General changes from 0.x to 1.0. For upgrading and migrating, see Upgrading from 0.x to 1.0.

This Changelog describes the incremental changes between each different patch version.

Changes from last beta version


  • Unify swagger filenames to swagger.yaml everywhere

  • Update node.js in protocol-mapper to 12.16.x


  • Clarified constraints on username/password length in UI and REST API

  • Improved OPC UA reconnect behaviour

  • Mapping resource to respect the state of external MQTT connections

  • Fix erroneous handling of service id in REST API

  • Improved SOPAS sopas reconnection behaviour

  • Fixed performance of frontend adding separate event-backends in react-vrpc, unmounting views not seen in details view, filtering results in parent components and separating state changes into smaller components

What has changed in 1.0.0-beta5?

Preparation release on the way to 1.0.0 final release.


  • Added ‘trustAllCertificates’ option to user defined mqtt connection resources to allow for insecure (e.g. self-signed) certificates.

  • Mapping resource capabilities are extended to include mapping between different mqtt brokers.

  • Added more example commissioning files to the protocol documentation.


  • Connectware default user ‘admin’ and role ‘connectware-admin’ are now protected against deletion.

  • Connection details view now shows correct number of endpoints.

  • Made opcua reconnect behavior more resilient.

What has changed in 1.0.0-beta4?

Preparation release on the way to 1.0.0 final release.


  • new resource Cybus::Link replacing the button item previously available on Cybus::IngressRoute

  • config options allowing to run the protocol-mapper image in agent mode


  • extended and improved user documentation

  • removed property buttons from Cybus::IngressRoute, moved to new resource Cybus::Link


  • rendering of topics in the explorer after page reload

  • fixed interval property on Connection.subscribe

  • cleaning of container resources when rolling back services

  • fixed service file upload dialog keeping service file content in cache after closing the dialog

  • fixed misleading resources count on the service details view

  • fix installation on hosts with 0.38 installed in parallel

  • write, subscribe and unsubscribe of S7 protocol

  • fixed node-config warning messages when run in production

  • on installation, systemd uses docker-compose from installation’s PATH

  • Fix missing swagger files in production image of doc-server

  • fixed BACnet schema so that it works again

What has changed in 1.0.0-beta3?

Preparation release on the way to 1.0.0 final release.


  • extended user documentation with more information regarding the 1.0.0 release


  • solved an issue that leads to an endless loading loop on the Connectware home screen

  • restored functionality of the user documentation search-tool

What has changed in 1.0.0-beta2?


  • improved user experience with more detailed feedback in the admin UI


  • breaking change in commissioning file: HTTP protocol uses parameter name “scheme” to specify https or http, renamed from parameter name “protocol”

What has changed in 1.0.0-beta1?

First public beta release of the stable Connectware 1.0.x series.

See General changes from 0.x to 1.0 and Upgrading from 0.x to 1.0

What has changed in 0.38.4?

Maintenance release which improves stability of various protocol implementations


  • fixed zombie connection problems in MQTT<->MQTT Mappings often appearing when Middleware contained errors

  • improved stability of OPC-UA reconnection

  • improved stability of S7 protocol reconnection)

  • improved Sopas protocol documentation

What has changed in 0.38.3?

This is a maintenance release which includes improvements for the Heidenhain protocol.


  • improved Heidenhain protocol reconnection behavior

What has changed in 0.38.2?

Maintenance release which improves usability and stability.


  • fixed an issue with in place updates of selfhosted instances removing custom LDAP settings from the .env file

  • fixed an issue that caused the frontend device list to be empty even though devices were installed and running

  • fixed an issue that prevented the Connectware frontend to be reachable through indirect access, e.g. TCP forwarding

What has changed in 0.38.1?

This is a maintenance release which improves LDAP configuration.


  • extended the LDAP configuration with the ability to declare the RDN containing the username

What has changed in 0.38.0?

This release includes performance and UI improvements as well as the introduction of LDAP user management to the Connectware.


  • added LDAP based user authentication


  • fixed rendering of external URLs for service buttons

  • fixed an instability when preflight checks where performed offline

  • fixed an issue with internal certificates expiring too fast


  • extended capabilities of the Device-Mapper to access hardware interfaces on the host system

  • changed default roles to contain ‘connectware-‘ prefix

What has changed in 0.37.2?

This is a maintenance release which includes improvements to the Admin UI as well as the SHDR and Pfannenberg Connect protocols.


  • fixed an issue with automated updating the Admin UI after deleting a service

  • fixed an issue which prevented containers from reaching the Connectware host after performing platform updates or restarts

  • made Pfannenberg reconnect behavior on mote power-cycles more resilient

  • improved SHDR alarm message handling

What has changed in 0.37.1?

Performance and dependency update release with the new feature of being able to see license information in the Admin UI. This update also includes the breaking changes of moving to explicit license keys.


Version 0.37.0 has been pulled back. If you happen to have installed 0.37.0 and are facing troubles please contact Cybus Support.


  • added Connectware license information view so users can see details of their license


  • fixed general performance of the Admin UI including initial load time and status updates

  • fixed issues with numeric numeric wildcard backreferencing in device mapper middleware

  • fixed auto generated TLS certificates to comply with new MacOS Security.

  • fixed admin web ui websocket connection in Safari Browsers

  • fixed issues caused by incorrect opcua reconnect behavior.


  • changed maximum number of messages in history section of the Data Explorer in the Admin UI to be 50 instead of 30

  • Heidenhain Protocol is now able to connect to multiple Heidenhain Machines with a single windows agent. For this, heidenhain-agent version 3.5.0 or newer is required



Old username and password credentials for Connectware installs will be deprecated. Users will be prompted for a license key upon upgrade. Please contact for valid license keys.


Starting with this version, self-signed certificates generated on the initial implementation of Cybus Connectware do comply with the new certificate requirements introduced in MacOS Catalina. Specifically, these certificates now carry the extendedKeyUsage=serverAuth flag. Without this, all browsers on recent MacOS versions refuse to connect to the Connectware Admin UI and give no option to add an exception. Since we do not recommend using self-signed certificates in production, we currently do not replace any existing certificates automatically. For future releases, it is planned to include a UI based certificate management option. Until that, it is necessary to manually delete old, now invalid certificates from the system during the update process.

The following steps are only required if you face problems with accessing the connectware admin interface in your browser on MacOS due to security reasons with error: ERR_CERT_INVALID. If you see the error ERR_CERT_AUTHORITY_INVALID this is the normal behavior for self-signed certificates and can be solved by adding an exception in the browser.

For managed appliances, please contact Cybus Support for this process.

For self-hosted appliances, do the following steps:
  1. Stop existing Connectware Containers (docker-compose stop)

  2. Remove existing certificates. These are stored in a docker volume. The name of the volume depends on the name of the installation directory. If you chose the default /opt/connectware directory, the volume is names connectware_certs. To find out the name of your volume, type docker volume ls and then delete the volume with the command docker volume rm <volumename>

  3. Install the new version as described in the installation guide.

What has changed in 0.35.2?

This is a maintenance release to improve stability with the opcua protocol.


  • changed maximum number of messages in history section of the Data Explorer in the Admin UI to be 50 instead of 30

  • changed location of username in Admin UI to be in the right hand corner of of the appbar



Old username and password credentials for Connectware installs will be deprecated. Users will be prompted for a license key upon upgrade. Please contact for valid license keys.

  • fixed issues caused by incorrect opcua reconnect behavior.

What has changed in 0.35.1?


  • fixed an issue that would not enable the login button if the login form is being auto-filled

What has changed in 0.35.0?

Feature rich release including Middleware Layer, SHDR protocol for directly talking to MTConnect Adapters and Admin UI improvements including JSON rendering in Data Explorer.


  • added MQTT Middleware Stash, Filter, Transform, Cov, Burst and Parse

  • added support for the SHDR protocol for directly talking to MTConnect Adapters

  • added the capability to change user passwords from the login screen.

  • added ‘all’ field to werma protocol to combine all updates in a single message

  • added the ability to use named wildcards in MQTT subscriptions

  • added the ability to use template variables in MQTT and HTTP mappings for dynamic fields like topic and header

  • added JSON rendering in Admin UI Data Explorer


  • changed maximum log file size for Connectware docker images to 10 megabytes


  • fixed an issue that would reject all subscriptions in a single MQTT request, if a single one was not authorized.

  • fixed an issue in which multiple OPC-UA subscriptions to the same endpoint where not resolved correctly

  • fixed an issue on the logs API which prevented filtering in the log-view

  • fixed a number of UI bugs and improved the user experience in the admin web app in general

  • fixed compatibility bugs with Internet Explorer 11



MQTT Burst Mode is now configured as a middleware. If you have used the flag burstInterval in your MQTT Device Commissioning Files before, you now need to move this into the middleware section of the target.


  driver: s7
  connection: ...
  driver: mqtt
    burstInterval: 500


  driver: s7
  connection: ...
  driver: mqtt
    - name: burst
        burstInterval: 500

What has changed in 0.34.01?


  • improper reporting of unhealthy state in broker

What has changed in 0.34.0?

This is mainly a maintenance and cleanup release. Almost all internal dependencies have been updated to the latest versions.


  • container names in services are restricted in lengths to 63 and characters to alphanumeric and dashes

  • strack-slc4 protocol has been removed from default release


  • Security issues in CVE-2019-9900 (considered critical), CVE-2019-9901 (considered medium severity), CVE-2019-5021 (considered low severity)

  • a bug causing logs in admin web app to be tagged displayed always with current date

  • improved systemd file for self-hosted instances by removing unnecessary docker login command

  • Boosted performance of device view for large amounts of devices

  • Non system service installations of the Connectware can now be upgrade using the -oe -r options on the installer script


  • Authorization header on Service Proxy has been changed to X-Cybus-Authorization to avoid conflicts with user management inside of services

  • Heidenhain protocol has been fundamentally reworked, commissioning file structure has changed. Many new features have been added to Heidenhain TNC

What has changed in 0.33.1?


  • an issue regarding proper path rewriting for Service-Containers allowing inbound http(s) connections

  • an issue api with wildcard permissions not including the direct parent

What has changed in 0.33.0?


  • a new protocol: Heidenhain TNC, giving access to several CNC machine types

  • possibility to deploy the connectware as virtual or physical appliance

  • increased security measures by using more restrictive content security policies (CSPs)

  • moved to TLS1.2

  • dynamic configuration possibility of our ingress controller, allowing seamless integration of HTTP or even TCP based third-party applications within services

  • an easy-to-use install script available under:


  • self-signed certificates are generated automatically during connectware upstart

  • the default IP range has been moved to 172.X.X.X/24 to improve compatibility with company networks. NOTE: As a result existing .env files have to be adapted.


  • an issue with overflowing text in snackbar notifications

  • an issue of not being able to delete containers that got stuck in a restart loop

  • a sorting issue w.r.t. log message display

  • Api calls for wildcard permissions now include the direct parent


Before installing make sure:
  • possibly existing .env file is deleted in the targeted install folder

  • possibly existing docker volumes with name connectware_certs are deleted

What has changed in 0.32.0?


  • an option to handle retained messages in the DeviceMapper for MQTT connections (forwardRetained)

  • full documentation of the OPC-UA protocol (see OPC-UA)

  • possibility to install the Connectware via a single script (prerequisites are a linux based OS having docker and docker-compose installed)

  • a new User panel, allowing to manage users, set roles and access permissions (see User Management for details)

  • possibility to specify device names on individual instances

  • Beta feature for client-registration (see Client Registry)


  • the authentication and authorization scheme for both - the REST-ful management API and the MQTT-based data API.

    • Authentication now supports basic (password based), token (JWT based), and client-certificate methodology.

    • Authorization, i.e. access permissions can be generically formulated for both, individual REST-ful paths and MQTT topics. A set of permissions can be combined into named roles , ready for sharing with other users (see Add role to user).

  • the output format of the OPC-UA protocol. It now provides the data in the standard format (being {"value": "<value>", "timestamp": "<msSinceEpoch>"})

  • the output format of the MODBUS protocol. It now provides the data in the standard format (being {"value": "<value>", "timestamp": "<msSinceEpoch>"}).

    • NOTE: The new format is only enabled once the additional dataType property is provided with the commissioning file (see Modbus/TCP), else the behavior is unchanged.

  • the notification snackbars in the UI, they are now color-coded, categorized and perform stacking in case they appear shortly after each other

  • the logging panel in the UI, it provides a much clearer design and an improved filtering using chips for selecting log-categories, containers, etc. (see System)

  • the rendering of tabs in the UI, they are not spanning the full-width anymore but are more browser-like in look & feel


  • the Grantee and Permissions panel in the UI (got replaced by new User panel)