Changelog

Back in June 2023 we announced that FlowFuse would be investing into building out the next generation of Node-RED Dashboard, the most popular UI framework for Node-RED.

We followed this up with the first release (0.0.1) in July, just one month later, and today, we are pleased to announce that we have reached a major milestone in this journey, with the release of our first major version (1.0.0) of Node-RED Dashboard 2.0.

To start editing flows on a device, it needs to be assigned to an application in your team. Up until now this has been a two step process; creating the device and then assigning it. This wasn't as intuitive as it needed to be.

To help streamline the user experience, you can now assign a device to an application when you create it. It's a small update, but it helps users get to where they want to be much quicker.

We have added some new blueprints to FlowFuse Cloud to help users get started with a range of common manufacturing scenarios.

They are available to all users on FlowFuse Cloud. Additionally, upon request, all our Teams and Enterprise Self-Hosted customers gain access to this collection.

List of new Blueprints:

• Andon Live
• CRUD for Mongo DB
• 5S Manufacturing checklist
• Performance Operator Terminal

Curious about what Blueprints are? Read our recent blog post that introduced Blueprints to FlowFuse.

For an overview of all available Blueprints check out our Blueprint Library.

The v2.0 release of the FlowFuse Helm Chart includes a breaking change for deployments making use of the forge.localPostgresql setting when upgrading. This is where the helm chart installs a dedicated PostgreSQL database instance.

With v2.0 we have updated the version of the Bitnami PostgreSQL Helm sub-chart we bundle and the upgrade process will require some manual intervention to ensure things work correctly. A fresh install should not require any extra steps.

The steps are documented on the Upgrade instructions page, please read them carefully before upgrading

Also included in this release is the ability to set resource constraints and Pod Security Context on the FlowFuse application, File-Server Application and MQTT broker containers if required. Details of how to set those can be found in the Helm Chart README.md

Four weeks ago, we launched the Device Groups feature, for our Enterprise customers. This innovation marked a significant step in simplifying device management within DevOps Pipelines. Now we enhacent the Device Groups functionality.

With this update, the behavior of Device Groups has been refined to further streamline your workflow. Now, whenever a Snapshot is assigned to a Device Group, any newly added devices to that group will automatically receive the update. This ensures that all devices within the group are consistently synchronized with the latest changes, eliminating the need for manual updates. This improvement not only saves time but also enhances the consistency and reliability of device management across your fleet.

The introduction of the Device Auditlog brings an enhanced level of monitoring and tracking for device-related activities, available to all FlowFuse users.

Events Recorded in the Device Auditlog:

• Fleet mode / Developer mode enabled/disabled
• Remote access enabled/disabled
• Credentials re-generated
• Device assigned

For organisations using Single Sign-On with FlowFuse, we have now added the ability to manage their user's team memberships and roles via their Identity Provider.

This makes it easier to control access to the FlowFuse Platform from providers such as Okta and Microsoft Entra. For example, you can create a group of Team Owners and a separate group of Team Viewers.

Whenever a user logs in via SSO, the platform will update their roles to match the groups they are in.

More information on configuring groups can be found in our Single Sign-on documentation.

This feature is available to Enterprise Tier teams on FlowFuse Cloud, as well as self-hosted Enterprise instances.

As part of our dedication to providing a secure platform for our customers, we operate a Bug Bounty programme to encourage responsible disclosure of potential issues.

With all disclosures we evaluate their severity in terms of their direct impact, the nature of the issue and overall risk.

We have received a number of reports recently that we have been evaluating. Whilst none of the recent disclosures has been deemed high severity, we have applied a number of updates to the platform.

These include:

• Tougher rate limiting on routes that manage user information including email addresses
• Better handling of the password-reset flow to prevent stale links being reused
• Avoiding disclosure of a user's email address to other members of a team

This last item is one I wanted to say a bit more about. As you would expect, a user's email address is sensitive information that we do not disclose to unauthorised users. However, we also consider a Team as having a higher level of trust between its members. On review, we have decided there is not a technical reason for this higher level of trust to include a member's email address, so we have removed it from the relevant API responses.

We value the effort people put into making responsible disclosures to us and look to reward the work where it meets our criteria.

Find out more about our Bug Bounty programme.

In our continuous effort to enhance user experience and clarity, we are pleased to announce an update to our device mode terminology. Previously known as "Default Device" mode, we have now rebranded it as "Fleet Mode." This change aims to establish a clearer distinction from "Developer Mode," thereby streamlining the understanding of operational modes for our devices.

• Fleet Mode: Runs any target Snapshots defined. Blocks remote editing of device.
• Developer Mode: Blocks any new Target Snapshots running, but allows for remote editing on the Device.

We are pleased to announce the introduction of Device Groups for Enterprise Tier customers. This new feature enables users to logically group their devices assigned to an application. Additionally, Device Groups can be integrated into the DevOps Pipeline. This integration facilitates more streamlined and efficient deployments across your fleet of devices.

The newly introduced feature offers email notifications tied to particular Audit log events, available to all users with Team Tier access or higher. This feature is designed to facilitate immediate notification and action in response to Node-RED Instance crashes. For detailed information and guidance on this functionality, please refer to our documentation.

We have updated the blueprint selection interface to enhance the user experience by offering a clearer and more comprehensive overview. This improvement aims to facilitate easier navigation and selection of blueprints. Additionally, we are excited to announce that our blueprint library will be expanding in the coming days, with the addition of new blueprints to FlowFuse.

For more detailed information about our blueprints and how to utilize them effectively, please refer to our dedicated article.

With Node-RED 3.1.3 being released this week, we've updated our stacks to ensure it's available to everyone in FlowFuse Cloud. We have also made it the default version you'll get when creating new instances.

If you want to update your existing instances to this new stack you can follow the guide here.

For more information about the changes in Node-RED 3.1.3, check the release's changelog.

Dashboard 2.0 just got a lot more powerful with our new updates to the ui-template node. New features added to the node include: Support for a full Vue component to be defined using the VueJS Options API.

Running of raw JavaScript within <script /> tags Loading of external dependencies through <script /> tags

We now have more flexible billing options in FlowFuse Cloud for customers that wish to purchase an annual subscription or where entering credit card details is not appropriate. We're committed to accommodating your specific billing preferences and can set up a process that aligns with your organizational needs.

If you are interested in this new option or have any questions, please don't hesitate to contact us. We're here to help you with your billing and subscription needs.

In our ongoing commitment to strengthen security, we're excited to announce the addition of two-factor authentication (2FA) for FlowFuse. This enhancement ensures an extra layer of security for your account. Setting up 2FA is straightforward, and the system supports all commonly used TOTP (Time-Based One-Time Password) tools, such as Google Authenticator. To enable 2FA, simply navigate to your User Settings and follow the easy setup process.

For more Details see our Documentation 2FA is available for all FlowFuse Cloud users and for Enterprise Self-Hosted customers.

Building on our previous release that enabled the management of devices independently of instances. Now, the integration of individual devices into DevOps Pipelines is possible. This update marks a significant step towards more flexible and efficient device management within FlowFuse. In our ongoing efforts, we are also developing features to group devices, aiming to streamline and improve the overall device management experience.

Devices in DevOps Pipelines are available for every customer who has access to DevOps Pipelines. This includes all Cloud customers and those from the Team Tier onwards for our self-hosted version.

From today onwards, Project Nodes will now be available for devices assigned to an application. Previously, it was necessary for devices to be bound to an instance to utilize this functionality.

• Learn more about the Project nodes
• learn more about the difference between Instances, Devices, and Applications.

With the latest update, devices operating in Developer Mode will now have the Open Editor feature enabled by default. This enhancement is designed to improve the User Experience.