@Jdiaz-co I just reproduced this, this is a bug and we will fix it in the next release. Can I ask why you want to disable SSL? You should be able to access the HTTP port on 8080 even if SSL is enabled.
If you are having trouble accessing Mango on port 8080, try disabling HSTS using ssl.hsts.enabled=false and clear your browser cache. HSTS tells your web browser to only ever use HTTPS for that website.
https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
This contains an important fix for Mango 4.4, without this fix Mango can become entirely locked up after someone uses the SIMPLIFY option on the REST API.
@ruan-0 I think that previously we were using jQuery to insert the HTML for the custom pages, however we have switched to using jQuery Lite (built into AngularJS). This uses Element.innerHTML to insert the markup and as per the HTML5 spec this should not execute scripts - https://developer.mozilla.org/en-US/docs/Web/API/Element/innerHTML#security_considerations
I would recommend configuring a user module on the "UI settings" page as an entry point for your custom Javascript.
@ruan-0 Are you inserting it in a custom page or dashboard designer page? I think I noticed this too, I will look into it for you.
@dennisbetty201 Phillip's instructions will not fix this issue. Please see https://forum.mango-os.com/topic/3551/data-sources-does-not-appear/14 or download an old web browser (e.g. standalone Firefox)
Update: There is a 3rd vulnerability reported in log4j - CVE-2021-45105
Mango is not affected by this particular vulnerability as
org.apache.logging.log4j.ThreadContext classFor more information, please see https://logging.apache.org/log4j/2.x/security.html
Mango will update to Log4J version 2.17.0 with our next release, however we do not believe this new CVE warrants an immediate patch.
@tungthanh500 have you seen the UI settings at /ui/administration/ui-settings which allow you to choose an audio file? There's no provision to loop an audio file as far as I remember, you would need to create a custom component for this.
@MattFox What it means is this:
The mangoNoSql module (IasTsdb) is trying to insert backdated values (that is values with timestamps which are older than those already contained in the series and saved to disk)
This is an expensive operation as it must rewrite the entire shard.
The TSDB queues the values in memory and tries to write them all out to the shard asynchronously.
Sometimes when this "backdate poster" thread tries to write the backdated values out the shard is already locked (due to a data source writing current values to the shard), resulting in messages like this.
@mihairosu the 3.7.9 upgrade contains nothing which would mess with your UI like this, it was a simple dependency update on the backend.
Have you cleared your browser cache? You should open your dev tools in your browser and see what HTTP request the UI is making when this happens. What it looks like to me is that its making a HTTP request for a JSON file or REST API call which should return JSON but it is getting HTML in response. I would be checking your proxy configuration.
Mango 3.7.11 has been released
Update log4j2 to version 2.16.0, fix for CVE-2021-45046
Mango 4.2.5 has been released
Update log4j2 to version 2.16.0, fix for CVE-2021-45046
@dhckris said in Apache CVE-2021-44228 log4j Remote Code Execution Vulnerability Resolution:
@mumcs01 Thank you for the post!
Any timeline on updating to log4j 2.16?
Apache put out a bulletin [1] regarding there still being pathways to exploit that 2.15 doesn't resolve.
[1] https://logging.apache.org/log4j/2.x/security.html
Mango by default would not be affected by CVE-2021-45046 as we do not use the patterns mentioned in our default logging configuration. However since users have the ability to customize their Log4J configurations we will schedule another release to upgrade to Log4J 2.16.0. Better safe than sorry!
@dan said in Possible bug in Reports module?:
@jared-wiltshire thanks Jared.
No problem, I have committed a fix which will be included in the next Mango core release. The bug was in the core, not the module.
As an alternative work-around you could override or create a new email template .ftl file and replace the <@img logo="true"/> with <@img src="logo.png"/>
To create a new email template for your Excel report -
cp /opt/mango/web/modules/excelReports/resources/ftl/excelReports/reportEmailBody.ftl /opt/mango-data/overrides/ftl/excelReports/myTemplate.ftlHey Dan. Thanks for reporting this. This is a bug, we will get a fix out soon.
Thanks,
-Jared
@ricardo said in Which NoSQL is used by Mango?:
@craigweb Is timeScaleDatabase ready? Any material on how to use it? I am interested in hosting the DB for the point values on another server apart from the application server.
Hi Ricardo,
Sorry to bear disappointing news, but no, the Timescale module is not ready for use. It was developed for a very specific internal use case and was never intended to be released as a general purpose module.
However we are currently developing support for other time series databases, it is very likely this will include Timescale support. I cannot give you 100% confirmation on this, or a release date, but it should ship with Mango 4.3 when it is released.
-Jared
Adoptium supplies a JDK for 32-bit ARM, this is what is preinstalled on the GT. It was previously known as AdoptOpenJDK
https://adoptium.net/
I looks like they don't have JDK 13 available any more so I would use JDK 11 (Mango will not work out of the box with JDK 17 currently).
This may seem counter intuitive, "upgrading" from JDK 13 to JDK 11, but each JDK gets incremental updates throughout its life. The latest JDK 11 build is newer than the JDK 13 build you have installed.
I hope this will solve your issue!
@mihairosu said in MangoGT Cannot Update Invalid CertificateVerify signature:
The modules cannot be updated on both our mangoGT devices due to this error:
"Error checking for upgrades — Invalid CertificateVerify signature"
core 3.7.7
This issue happens with the old and new interface.
This is due to your JDK not recognizing the certificate on our store. I would recommend
I think we have setup the .mylogin.cnf file correctly as we can connect to the remote mysql server with the following command:
Is this as root? If the script is running as root, make sure it works as root.
Next step would be to be run the script using sh -x and post the output here stripping out any private information.
Check the top of your log file/console output to see what configuration file Mango is using.