Changelog

The introduction of the Device Auditlog brings an enhanced level of monitoring and tracking for device-related activities, available to all FlowFuse users.

Events Recorded in the Device Auditlog:

• Fleet mode / Developer mode enabled/disabled
• Remote access enabled/disabled
• Credentials re-generated
• Device assigned

For organizations using Single Sign-On with FlowFuse, we have now added the ability to manage their user's team memberships and roles via their Identity Provider.

This makes it easier to control access to the FlowFuse Platform from providers such as Okta and Microsoft Entra. For example, you can create a group of Team Owners and a separate group of Team Viewers.

Whenever a user logs in via SSO, the platform will update their roles to match the groups they are in.

More information on configuring groups can be found in our Single Sign-on documentation.

This feature is available to Enterprise Tier teams on FlowFuse Cloud, as well as self-hosted Enterprise instances.

As part of our dedication to providing a secure platform for our customers, we operate a Bug Bounty programme to encourage responsible disclosure of potential issues.

With all disclosures we evaluate their severity in terms of their direct impact, the nature of the issue and overall risk.

We have received a number of reports recently that we have been evaluating. Whilst none of the recent disclosures has been deemed high severity, we have applied a number of updates to the platform.

These include:

• Tougher rate limiting on routes that manage user information including email addresses
• Better handling of the password-reset flow to prevent stale links being reused
• Avoiding disclosure of a user's email address to other members of a team

This last item is one I wanted to say a bit more about. As you would expect, a user's email address is sensitive information that we do not disclose to unauthorised users. However, we also consider a Team as having a higher level of trust between its members. On review, we have decided there is not a technical reason for this higher level of trust to include a member's email address, so we have removed it from the relevant API responses.

We value the effort people put into making responsible disclosures to us and look to reward the work where it meets our criteria.

Find out more about our Bug Bounty programme.

In our continuous effort to enhance user experience and clarity, we are pleased to announce an update to our device mode terminology. Previously known as "Default Device" mode, we have now rebranded it as "Fleet Mode." This change aims to establish a clearer distinction from "Developer Mode," thereby streamlining the understanding of operational modes for our devices.

• Fleet Mode: Runs any target Snapshots defined. Blocks remote editing of device.
• Developer Mode: Blocks any new Target Snapshots running, but allows for remote editing on the Device.

We are pleased to announce the introduction of Device Groups for Enterprise Tier customers. This new feature enables users to logically group their devices assigned to an application. Additionally, Device Groups can be integrated into the DevOps Pipeline. This integration facilitates more streamlined and efficient deployments across your fleet of devices.

The newly introduced feature offers email notifications tied to particular Audit log events, available to all users with Team Tier access or higher. This feature is designed to facilitate immediate notification and action in response to Node-RED Instance crashes. For detailed information and guidance on this functionality, please refer to our documentation.

We have updated the blueprint selection interface to enhance the user experience by offering a clearer and more comprehensive overview. This improvement aims to facilitate easier navigation and selection of blueprints. Additionally, we are excited to announce that our blueprint library will be expanding in the coming days, with the addition of new blueprints to FlowFuse.

For more detailed information about our blueprints and how to utilize them effectively, please refer to our dedicated article.

With Node-RED 3.1.3 being released this week, we've updated our stacks to ensure it's available to everyone in FlowFuse Cloud. We have also made it the default version you'll get when creating new instances.

If you want to update your existing instances to this new stack you can follow the guide here.

For more information about the changes in Node-RED 3.1.3, check the release's changelog.

Dashboard 2.0 just got a lot more powerful with our new updates to the ui-template node. New features added to the node include: Support for a full Vue component to be defined using the VueJS Options API.

Running of raw JavaScript within <script /> tags Loading of external dependencies through <script /> tags

We now have more flexible billing options in FlowFuse Cloud for customers that wish to purchase an annual subscription or where entering credit card details is not appropriate. We're committed to accommodating your specific billing preferences and can set up a process that aligns with your organizational needs.

If you are interested in this new option or have any questions, please don't hesitate to contact us. We're here to help you with your billing and subscription needs.

In our ongoing commitment to strengthen security, we're excited to announce the addition of two-factor authentication (2FA) for FlowFuse. This enhancement ensures an extra layer of security for your account. Setting up 2FA is straightforward, and the system supports all commonly used TOTP (Time-Based One-Time Password) tools, such as Google Authenticator. To enable 2FA, simply navigate to your User Settings and follow the easy setup process.

For more Details see our Documentation 2FA is available for all FlowFuse Cloud users and for Enterprise Self-Hosted customers.

Building on our previous release that enabled the management of devices independently of instances. Now, the integration of individual devices into DevOps Pipelines is possible. This update marks a significant step towards more flexible and efficient device management within FlowFuse. In our ongoing efforts, we are also developing features to group devices, aiming to streamline and improve the overall device management experience.

Devices in DevOps Pipelines are available for every customer who has access to DevOps Pipelines. This includes all Cloud customers and those from the Team Tier onwards for our self-hosted version.

From today onwards, Project Nodes will now be available for devices assigned to an application. Previously, it was necessary for devices to be bound to an instance to utilize this functionality.

• Learn more about the Project nodes
• learn more about the difference between Instances, Devices, and Applications.

With the latest update, devices operating in Developer Mode will now have the Open Editor feature enabled by default. This enhancement is designed to improve the User Experience.

As a developer, sometimes you have to hold up your hands and realise something you've spent two weeks building needs to be thrown away and restarted.

It's been a little while since we've done an update, since we last posted we've moved into the 0.7.x releases for Dashboard 2.0. With these we're making big strides in improving the UX for charting your data, as well as starting to focus on migration paths from Dashboard 1.0 to 2.0.

Teams Tier customers can now leverage a curated selection of certfied Node-RED nodes, enhancing workflow efficiency and security.

• Quality Assurance: Each certified node undergoes testing, ensuring it's free from harmful components, aligning with our commitment to reliability.
• Proactive Security Measures: While prioritizing immediate resolutions for detected vulnerabilities, we maintain the discretion to revoke a node's certified status, ensuring system integrity. Affected customers will receive prompt notifications.
• Support: Assistance for certified nodes is provided, aiming for, but not promising, issue resolution.

How? You can find all certified nodes in your Node-RED palette manager or on the dedicated page on our website.

In the FlowFuse Audit Log (see Documentation)of an instance, it will now display when the resource utilization of CPU or memory exceeds 75% over a period of five minutes. This should provide transparency regarding resource utilization and serve as an indicator for choosing the appropriate instance size.

The Device Agent now passes the PATH environment variable to the Node-RED instances. Erroneously, the agent didn't capture it to expose to Node-RED again for usage. This prevented some nodes from being installed, like node-red-serial-port when assigned to an application.