This contains an important fix for Mango 4.4, without this fix Mango can become entirely locked up after someone uses the SIMPLIFY option on the REST API.
Posts made by Jared Wiltshire
-
RE: Release Notes for mangoApi 4.4.2
-
RE: <script> tag not working in Mango V4?
@ruan-0 I think that previously we were using jQuery to insert the HTML for the custom pages, however we have switched to using jQuery Lite (built into AngularJS). This uses
Element.innerHTML
to insert the markup and as per the HTML5 spec this should not execute scripts - https://developer.mozilla.org/en-US/docs/Web/API/Element/innerHTML#security_considerationsI would recommend configuring a user module on the "UI settings" page as an entry point for your custom Javascript.
-
RE: <script> tag not working in Mango V4?
@ruan-0 Are you inserting it in a custom page or dashboard designer page? I think I noticed this too, I will look into it for you.
-
RE: Excel Reports are not showing templates anymore
@dennisbetty201 Phillip's instructions will not fix this issue. Please see https://forum.mango-os.com/topic/3551/data-sources-does-not-appear/14 or download an old web browser (e.g. standalone Firefox)
-
RE: Apache CVE-2021-44228 log4j Remote Code Execution Vulnerability Resolution
Update: There is a 3rd vulnerability reported in log4j - CVE-2021-45105
Mango is not affected by this particular vulnerability as
- Mango does not use a context lookup in any of the patterns in the supplied log4j2.xml file
- Our codebase does not make use of the
org.apache.logging.log4j.ThreadContext
class
For more information, please see https://logging.apache.org/log4j/2.x/security.html
Mango will update to Log4J version 2.17.0 with our next release, however we do not believe this new CVE warrants an immediate patch.
-
RE: Audible Alarm with silence
@tungthanh500 have you seen the UI settings at
/ui/administration/ui-settings
which allow you to choose an audio file? There's no provision to loop an audio file as far as I remember, you would need to create a custom component for this. -
RE: [IAS TSDB Backdate Poster] - The backdate poster ran without inserting, , queue size: 73
@MattFox What it means is this:
The mangoNoSql module (IasTsdb) is trying to insert backdated values (that is values with timestamps which are older than those already contained in the series and saved to disk)
This is an expensive operation as it must rewrite the entire shard.
The TSDB queues the values in memory and tries to write them all out to the shard asynchronously.
Sometimes when this "backdate poster" thread tries to write the backdated values out the shard is already locked (due to a data source writing current values to the shard), resulting in messages like this. -
RE: <SOLVED> Unable to access WEB GUIs for any of my mango devices by DNS name
@mihairosu the 3.7.9 upgrade contains nothing which would mess with your UI like this, it was a simple dependency update on the backend.
Have you cleared your browser cache? You should open your dev tools in your browser and see what HTTP request the UI is making when this happens. What it looks like to me is that its making a HTTP request for a JSON file or REST API call which should return JSON but it is getting HTML in response. I would be checking your proxy configuration.
-
RE: Apache CVE-2021-44228 log4j Remote Code Execution Vulnerability Resolution
Mango 3.7.11 has been released
Update log4j2 to version 2.16.0, fix for CVE-2021-45046
-
RE: Apache CVE-2021-44228 log4j Remote Code Execution Vulnerability Resolution
Mango 4.2.5 has been released
Update log4j2 to version 2.16.0, fix for CVE-2021-45046
-
RE: Apache CVE-2021-44228 log4j Remote Code Execution Vulnerability Resolution
@dhckris said in Apache CVE-2021-44228 log4j Remote Code Execution Vulnerability Resolution:
@mumcs01 Thank you for the post!
Any timeline on updating to log4j 2.16?
Apache put out a bulletin [1] regarding there still being pathways to exploit that 2.15 doesn't resolve.
[1] https://logging.apache.org/log4j/2.x/security.htmlMango by default would not be affected by CVE-2021-45046 as we do not use the patterns mentioned in our default logging configuration. However since users have the ability to customize their Log4J configurations we will schedule another release to upgrade to Log4J 2.16.0. Better safe than sorry!
-
RE: Possible bug in Reports module?
@dan said in Possible bug in Reports module?:
@jared-wiltshire thanks Jared.
No problem, I have committed a fix which will be included in the next Mango core release. The bug was in the core, not the module.
As an alternative work-around you could override or create a new email template .ftl file and replace the
<@img logo="true"/>
with<@img src="logo.png"/>
To create a new email template for your Excel report -
- Copy the supplied template to your overrides, e.g.
cp /opt/mango/web/modules/excelReports/resources/ftl/excelReports/reportEmailBody.ftl /opt/mango-data/overrides/ftl/excelReports/myTemplate.ftl
- Restart Mango
- Edit your report to use the new template file
- Copy the supplied template to your overrides, e.g.
-
RE: Possible bug in Reports module?
Hey Dan. Thanks for reporting this. This is a bug, we will get a fix out soon.
Thanks,
-Jared -
RE: Which NoSQL is used by Mango?
@ricardo said in Which NoSQL is used by Mango?:
@craigweb Is timeScaleDatabase ready? Any material on how to use it? I am interested in hosting the DB for the point values on another server apart from the application server.
Hi Ricardo,
Sorry to bear disappointing news, but no, the Timescale module is not ready for use. It was developed for a very specific internal use case and was never intended to be released as a general purpose module.
However we are currently developing support for other time series databases, it is very likely this will include Timescale support. I cannot give you 100% confirmation on this, or a release date, but it should ship with Mango 4.3 when it is released.
-Jared
-
RE: MangoGT Cannot Update Invalid CertificateVerify signature
Adoptium supplies a JDK for 32-bit ARM, this is what is preinstalled on the GT. It was previously known as AdoptOpenJDK
https://adoptium.net/I looks like they don't have JDK 13 available any more so I would use JDK 11 (Mango will not work out of the box with JDK 17 currently).
This may seem counter intuitive, "upgrading" from JDK 13 to JDK 11, but each JDK gets incremental updates throughout its life. The latest JDK 11 build is newer than the JDK 13 build you have installed.
I hope this will solve your issue!
-
RE: MangoGT Cannot Update Invalid CertificateVerify signature
@mihairosu said in MangoGT Cannot Update Invalid CertificateVerify signature:
The modules cannot be updated on both our mangoGT devices due to this error:
"Error checking for upgrades — Invalid CertificateVerify signature"
core 3.7.7
This issue happens with the old and new interface.
This is due to your JDK not recognizing the certificate on our store. I would recommend
- Updating your JDK to the latest OpenJDK 11
- Update the ca-certificates package on your OS
- Change your store URL https://docs-v3.mango-os.com/updating-mango-store-path
-
RE: Mango 4.2 install-mango.sh script and mysql
I think we have setup the .mylogin.cnf file correctly as we can connect to the remote mysql server with the following command:
Is this as root? If the script is running as root, make sure it works as root.
Next step would be to be run the script using
sh -x
and post the output here stripping out any private information. -
RE: Mango 4.2 Change port from 8443 to 8080?
Check the top of your log file/console output to see what configuration file Mango is using.
-
RE: Could not convert socket to TLS; nested exception is: javax.net.ssl.SSLHandshakeException
@cbyrne said in Could not convert socket to TLS; nested exception is: javax.net.ssl.SSLHandshakeException:
@jared-wiltshire The mailserver isn't mine so I don't exactly have any other option. I'd rather use outdated TLS rather than no TLS. Thanks for the info.
Yep I understand, I would bring it up with whoever runs your mail server though :)