Announcing the New Mango 5 Pre-Release: Download Now and Explore Exciting Features!

To the Mango Community! Meet Mango 5!

We are thrilled to announce the much-anticipated release of Mango 5, the latest version of our powerful IoT platform. Packed with innovative features and enhanced capabilities, Mango 5 is here to revolutionize your IoT experience. Whether you're a developer, a system integrator, or an end-user, this release has something extraordinary for everyone - as this release truly was driven by the community!

We are 'pre-releasing' Mango 5 (somewhat quietly) to the forum. Rest assured, this is not a beta release but a fully tested release version we have spent the last year moving towards. We plan to release this on June 8th, 2023, to a wider audience. To get your hands on Mango 5, head to [www.radixiot.com/mango5], register, and download it today. This new release is designed to streamline your operations and is packed with new features described on the website above. Ultimately, all the new features target 'scale' and make Mango a more intuitive experience to empower your projects and drive better business outcomes.

Our documentation site at [docs-v5.radixiot.com] is your go-to resource for those seeking in-depth technical insights. You'll find deeper technical notes to maximize Mango 5's capabilities there. From installation instructions to advanced features, you'll find it there. Understand that we are adding the resources available to learn the new features over the next few weeks. However, the best place to raise this is right here on the forum! We will take topics from here and try to respond to all of them! (While also taking this information as feedback to improve our DOCs site).

Mango 5 represents our commitment to continuous improvement and cutting-edge solutions for our community, existing customers, and future customers. We are grateful for your ongoing support and feedback, which have played a crucial role in shaping this remarkable release. Your success is our top priority, and we believe that Mango 5 will empower you to unlock the full potential of your projects, both large and small!

Download Mango 5 today by visiting [radixiot.com/mango5], and please use the forum for feedback and questions!

Thank you for being a part of the Radix IoT community.

Sincerely,
Michael Skurla
Chief Product Officer
Radix IoT, LLC

Hi Everyone. As promised we have added Series 4 pricing to the radixiot.com website. You can find it under Products / Pricing. At this point, it is a direct PDF, but as we have eluded to we have a 100% new website coming out hopefully in the next month that merges all of the other websites into one resource, and this will include an interactive pricing page.

You can also directly link to the pricing here:
https://radixiot.com/wp-content/uploads/2021/10/mango_v12.0_pricing_guide-FINALa.pdf

On December 9th, 2021, an exploit was discovered in the widely used Apache Log4j logging libraries. This bug exposes a class of security vulnerability known as a Remote Code Execution Vulnerability. This package is widely used in Java-based enterprise applications and cloud services across verticals and institutions worldwide. Mango also uses this package.

Following the publication of this information by Apache, Radix has produced two high-priority security updates:
• 4.2.4 which is an update to the 4.2 series of Mango.
• 3.7.9 is an update to the legacy 3.7 series of Mango.

All customers, specifically those with public IP-facing connections, should immediately upgrade to mitigate the risk of this exploit.

For customers that are unable for technical reasons to upgrade to these newest versions, the is a manual alternative that can be followed below depending on your version.

Further public information can be found on this exploit here: https://www.cisa.gov/uscert/ncas/current-activity/2021/12/10/apache-releases-log4j-version-2150-address-critical-rce

Version: Mango 4.0+

Linux Environments

If you are starting Mango via start-mango.sh or our supplied systemd mango.service file:

• If you do not have start-options.sh in your data directory:
  • Copy start-options.sh from Mango installation directory to your data directory
  • Edit start-options.sh and add the following line:

MA_JAVA_OPTS="$MA_JAVA_OPTS -Dlog4j2.formatMsgNoLookups=true"

• Restart Mango

Verify that Mango loaded your start-options.sh file and the java process was started with the -Dlog4j2.formatMsgNoLookups=true option:

ps aux | grep java

If you are not using Mango's supplied start-mango.sh or mango.service file to start Mango:

• Set the Java system property log4j2.formatMsgNoLookups=true (This is done by providing the following argument to java -Dlog4j2.formatMsgNoLookups=true)
• Restart Mango

Windows Environments

• Ensure the java property log4j2.formatMsgNoLookups is set to true. This is done by adding -Dlog4j2.formatMsgNoLookups=true to the Java command that starts Mango.
• Restart Mango

Version: Mango 3.6-3.7

Linux Environments
The fix is dependent on how Mango is being started. By default Mango will use the ma.sh start command, if you are using this command:

• Add an extension to the bin/ext-enabled folder that is an executable file with this content:

#!/bin/bash

case "$1" in

    init)

    #Disable lookups during message formatting

  JAVAOPTS="$JAVAOPTS -Dlog4j2.formatMsgNoLookups=true"

        ;;

esac

• Restart Mango

Windows Environments

• Ensure the java property log4j2.formatMsgNoLookups is set to true. This is done by adding -Dlog4j2.formatMsgNoLookups=true to the Java command that starts Mango.
• Restart Mango

If you have questions please contact Radix IOT customer support at support@radixiot.com

With the release of Mango Series 4, we have a new upgrade system we are launching! In the next several weeks Mango v4 users will be offered an upgrade through the standard upgrade process to upgrade to v4.2. (A future newsletter and post here will provide more info). So long as you perform this upgrade by November 15th your system will receive notifications and be able to access the upgrade server into the future without any problems.

For users that are still on Mango 3, or for those customers in series 4 that choose to not upgrade by November 15th, you will need to change the location of where Mango looks for updates to this new update location. You only need to do this once on your Mango system, and from there on out, you’ll get upgrade notifications into the future.

Information on how to do this can be found at https://docs-v4.mango-os.com/updating-the-mango-store-path. Have any questions? Feel free to drop a note in the forum or you can reach out to support@radixiot.com”

Remember, so long as you upgrade when 4.2 comes out - before 11/15 all of this will be automatic.

Additionally, the following test can be performed at a command prompt to test if the instance of Mango is vulnerable:

Execute the following:

curl "https://mango.example.com:8443/$\{java:runtime\}" --data ""

Following this, Check the ma.log file or stdout

If the instance is vulnerable you will see the following:

WARN  2021-12-10T15:50:05,553 (com.serotonin.m2m2.web.mvc.spring.security.MangoAccessDeniedHandler.handle:65)[MangoAccessDeniedHandler] - Access denied to resource '/OpenJDK Runtime Environment (build 17+35-LTS) from Azul Systems, Inc.', for user '', IP address '127.0.0.1'

If the instance is already patched and not vulnerable you will be the following:

WARN  2021-12-10T15:53:31,895 (com.serotonin.m2m2.web.mvc.spring.security.MangoAccessDeniedHandler.handle:65)[MangoAccessDeniedHandler] - Access denied to resource '/${java:runtime}', for user '', IP address '127.0.0.1'

Do you have a passion for Mango and have some free time on your hands, or are you looking for a place to use your Mango skills to grow your career? We are interested in talking if you do!!! Radix IoT, LLC is looking for folk with a background in Mango from all skill sets and backgrounds. We are actively looking in our community for people that love the art of Mango and speak our fun (and sometimes nerdy) language of automation and IoT.

We offer highly flexible full-time, part-time, and even project-based opportunities for anyone with a good foundation in Mango. From Java developers to graphic designers that understand the Mango relationship of HTML5 and Angular to individuals who understand how to design and architect monitoring and management solutions. Please drop us a note! All conversations are confidential, and your location doesn't matter! We LOVE remote team members (ask any of us, even me).

We would love to hear from you! Send us a note at: hr@radixiot.com

@tungthanh500 Feel free to post here, and yeah- tagging it as Mango 5 would be helpful! Either way - we are listening.

@MrMaxwell

We really appreciate the feedback. We had this in the works, and I wanted you to be the first that saw it. We have a fairly comprehensive tutorial on how Pi-Portfolio works now in the Documentation website. We just got it in today.

Here is the link to it [https://docs-v4.radixiot.com/pi-portfolio-help]. I certainly hope this helps, as I know it's a fairly prominent feature with lots of options.

As to user management, we are working on something. This area of the software changed a ton in v4, and again in v5 however the v5 changes are mostly cosmetic to allow an easier view. Functionally it's the same (even if you click on a user you will notice the same dialog that was in v4 is there). We will work to change the Documentation to reflect the changes in workflow. If there is anything else in the user management section that you feel is off - please let me know and we can look into it.

Again - thanks for the feedback here, that's what the forum is for.

All the best,
Mike.

@tungthanh500 Feel free to post here, and yeah- tagging it as Mango 5 would be helpful! Either way - we are listening.

To the Mango Community! Meet Mango 5!

We are thrilled to announce the much-anticipated release of Mango 5, the latest version of our powerful IoT platform. Packed with innovative features and enhanced capabilities, Mango 5 is here to revolutionize your IoT experience. Whether you're a developer, a system integrator, or an end-user, this release has something extraordinary for everyone - as this release truly was driven by the community!

We are 'pre-releasing' Mango 5 (somewhat quietly) to the forum. Rest assured, this is not a beta release but a fully tested release version we have spent the last year moving towards. We plan to release this on June 8th, 2023, to a wider audience. To get your hands on Mango 5, head to [www.radixiot.com/mango5], register, and download it today. This new release is designed to streamline your operations and is packed with new features described on the website above. Ultimately, all the new features target 'scale' and make Mango a more intuitive experience to empower your projects and drive better business outcomes.

Our documentation site at [docs-v5.radixiot.com] is your go-to resource for those seeking in-depth technical insights. You'll find deeper technical notes to maximize Mango 5's capabilities there. From installation instructions to advanced features, you'll find it there. Understand that we are adding the resources available to learn the new features over the next few weeks. However, the best place to raise this is right here on the forum! We will take topics from here and try to respond to all of them! (While also taking this information as feedback to improve our DOCs site).

Mango 5 represents our commitment to continuous improvement and cutting-edge solutions for our community, existing customers, and future customers. We are grateful for your ongoing support and feedback, which have played a crucial role in shaping this remarkable release. Your success is our top priority, and we believe that Mango 5 will empower you to unlock the full potential of your projects, both large and small!

Download Mango 5 today by visiting [radixiot.com/mango5], and please use the forum for feedback and questions!

Thank you for being a part of the Radix IoT community.

Sincerely,
Michael Skurla
Chief Product Officer
Radix IoT, LLC

A critical error was found on the newly released v4.4.1 Mango NoSQL Database module released 1/23/23. This release has been disabled and is no longer available for download from any of the Mango download locations.

Few people downloaded this version given the short period it was released, however, if you did download and install this it is recommended you upgrade to version 4.4.2, which will be released by the end of the day today.

Description of the issue:
There is a potential data loss in the Mango NoSQL Database v4.4.1 module, however, this is related only to exceptionally large samples of data.

Resolution:
Update to version 4.4.2

Hi @gimmick. Thanks for using Mango.

Drop me a note in email. I'd like to know a bit more about your project, and I'm positive we can work something out for.

You can find me at michael.skurla@radixiot.com

Additionally, the following test can be performed at a command prompt to test if the instance of Mango is vulnerable:

Execute the following:

curl "https://mango.example.com:8443/$\{java:runtime\}" --data ""

Following this, Check the ma.log file or stdout

If the instance is vulnerable you will see the following:

WARN  2021-12-10T15:50:05,553 (com.serotonin.m2m2.web.mvc.spring.security.MangoAccessDeniedHandler.handle:65)[MangoAccessDeniedHandler] - Access denied to resource '/OpenJDK Runtime Environment (build 17+35-LTS) from Azul Systems, Inc.', for user '', IP address '127.0.0.1'

If the instance is already patched and not vulnerable you will be the following:

WARN  2021-12-10T15:53:31,895 (com.serotonin.m2m2.web.mvc.spring.security.MangoAccessDeniedHandler.handle:65)[MangoAccessDeniedHandler] - Access denied to resource '/${java:runtime}', for user '', IP address '127.0.0.1'

Thanks for the note! It's been a top priority today, and we are happy to have a resolution for everyone as of an hour ago. This vulnerability is going to be a pretty big deal for lots of software out in the wild, and we are super pleased we were able to get a fix out, and roll both 3.7 and 4.2 updates pretty much in hours for everyone.

Please see the info here: https://forum.mango-os.com/topic/5404/apache-cve-2021-44228-log4j-remote-code-execution-vulnerability-resolution

Have a wonderful weekend!
MIke.

On December 9th, 2021, an exploit was discovered in the widely used Apache Log4j logging libraries. This bug exposes a class of security vulnerability known as a Remote Code Execution Vulnerability. This package is widely used in Java-based enterprise applications and cloud services across verticals and institutions worldwide. Mango also uses this package.

Following the publication of this information by Apache, Radix has produced two high-priority security updates:
• 4.2.4 which is an update to the 4.2 series of Mango.
• 3.7.9 is an update to the legacy 3.7 series of Mango.

All customers, specifically those with public IP-facing connections, should immediately upgrade to mitigate the risk of this exploit.

For customers that are unable for technical reasons to upgrade to these newest versions, the is a manual alternative that can be followed below depending on your version.

Further public information can be found on this exploit here: https://www.cisa.gov/uscert/ncas/current-activity/2021/12/10/apache-releases-log4j-version-2150-address-critical-rce

Version: Mango 4.0+

Linux Environments

If you are starting Mango via start-mango.sh or our supplied systemd mango.service file:

• If you do not have start-options.sh in your data directory:
  • Copy start-options.sh from Mango installation directory to your data directory
  • Edit start-options.sh and add the following line:

MA_JAVA_OPTS="$MA_JAVA_OPTS -Dlog4j2.formatMsgNoLookups=true"

• Restart Mango

Verify that Mango loaded your start-options.sh file and the java process was started with the -Dlog4j2.formatMsgNoLookups=true option:

ps aux | grep java

If you are not using Mango's supplied start-mango.sh or mango.service file to start Mango:

• Set the Java system property log4j2.formatMsgNoLookups=true (This is done by providing the following argument to java -Dlog4j2.formatMsgNoLookups=true)
• Restart Mango

Windows Environments

• Ensure the java property log4j2.formatMsgNoLookups is set to true. This is done by adding -Dlog4j2.formatMsgNoLookups=true to the Java command that starts Mango.
• Restart Mango

Version: Mango 3.6-3.7

Linux Environments
The fix is dependent on how Mango is being started. By default Mango will use the ma.sh start command, if you are using this command:

• Add an extension to the bin/ext-enabled folder that is an executable file with this content:

#!/bin/bash

case "$1" in

    init)

    #Disable lookups during message formatting

  JAVAOPTS="$JAVAOPTS -Dlog4j2.formatMsgNoLookups=true"

        ;;

esac

• Restart Mango

Windows Environments

• Ensure the java property log4j2.formatMsgNoLookups is set to true. This is done by adding -Dlog4j2.formatMsgNoLookups=true to the Java command that starts Mango.
• Restart Mango

If you have questions please contact Radix IOT customer support at support@radixiot.com

Hi Everyone. As promised we have added Series 4 pricing to the radixiot.com website. You can find it under Products / Pricing. At this point, it is a direct PDF, but as we have eluded to we have a 100% new website coming out hopefully in the next month that merges all of the other websites into one resource, and this will include an interactive pricing page.

You can also directly link to the pricing here:
https://radixiot.com/wp-content/uploads/2021/10/mango_v12.0_pricing_guide-FINALa.pdf

Hey all! Sorry for the delay. So we have new Mango Series 4 pricing coming out this week and will be publishing it. Given all of the changes, we are following a much more simple approach that I think people will find easier to deal with. It also offers a much more streamlined approach to hosting for customers that want a managed hosting instance of Mango.

This will be up and out by mid-next week and will be linked to the radixiot.com website. I will respond to this thread with the link when it's out.

If you need immediate pricing (Like in the next few days), please drop us a note at sales@radixiot.com and we will get back to you quickly.

More to come very soon! and as always thanks for your support!