[release] ChirpStack v4.6 test releases

v4.6.0-test.3

Features

End-to-end encryption

This feature makes it possible to implement end-to-end encryption between the end-device and end-application. On OTAA join, the join-server will provide Chirpstack with the encrypted AppSKey, which will be forwarded on every uplink to the end-application (integration events). The end-application then first decrypts the AppSKey with the KEK key shared between the JS and end-application, and then uses the decrypted AppSKey to decrypt the application payload.

On enqueue downlink, the end-application encrypts the application payload before enqueue. As well, it must set the f_cnt_down and is_encrypted fields such that ChirpStack knows that the payload is already encrypted and which downlink frame-counter was used during the encryption of the payload.

Note: This feature requires an external join-server.

Add chirpstack_integration crate

This chirpstack_integration crate can be used to build external integrations using the Redis Streams that are exposed by ChirpStack. An example implementation is the ChirpStack Pulsar Integration.

Tenant and application tags

This adds tags (like already can be found on device-profiles and devices) to tenants and applications. Note that the integration events will contain the aggregation of application + device-profile + device tags. Integration events will not contain the tenant tags.

Allow JoinEUI prefix configuration

This makes it possible to configure a JoinEUI prefix when configuring a join-server, to forward a range of JoinEUI to a single join-server without the need to add multiple join-server configuration blocks. As well, this makes it possible to configure a ‘catch-all’ join-server, using a JoinEUI prefix that would match all JoinEUIs.

Refactor streams API + expose Backend Interfaces requests

This moves some of the API:

• meta/meta.proto → streams/meta.proto
• api/frame_log.proto → streams/frames.proto
• api/request_log.proto → streams/api_requests.proto

If you are using these messages in your application, then you might need to update the import paths when updating the API SDK.

As well, this adds a new Redis Stream exposing the Backend Interfaces requests and responses (Passive Roaming + Join Server).

Improvements

• Expose skip_f_cnt and device variables to ADR plugins.
• Reset uplink ADR history table in case of DR / TxPower / NbTrans change.
• Add secondary_net_ids configuration option.
• Do not fail in case of corrupted mac-commands.
• Use region default RX2 frequency if device-session RX2 frequency == 0.
• Make it explicit that TX Power is in EIRP + update region configuration from ERP to EIRP.
• Refactor device-lock / scheduler_run_after setting.
• Ignore unknown JSON fields when decoding JSON to API structures in Rust.
• Rename time to gw_time and add ns_time to the gateway rx-info struct.
• Speed up API authorization validation queries (SQL).
• Improve log output (better log messages + adding better correlation identifiers to each message).
• Add preamble and no_crc fields to LoraModulationInfo (this is not used
  by ChirpStack, but it can be used by applications directly interacting with
  the gateway).
• Omit null fields in Backend Interfaces JSON output. (#316)
• Reduce dependencies for AWS SNS integration by replacing aws-sdk-sns crate with aws-sign-v4 + REST call.
• Make device metric name optional. (#313)
• Get all device-data in a single query to improve performance.

Bugfixes

• Debian package: Fix postinst to only run on install. (#295)
• Fix setting initial tags in tenant form (UI).
• Use unbounded MQTT client channels / fix dropping MQTT messages under high load.
• Add misspelled UnkownReceiver as valid ResultCode in Backend Interfaces (this is a typo in the specifications). (#317)
• Reload device on change event. (#319)

Testing

Debian

Use the testing channel instead of stable:

sudo echo "deb https://artifacts.chirpstack.io/packages/4.x/deb testing main" | sudo tee /etc/apt/sources.list.d/chirpstack.list

Docker

Use the chirpstack/chirpstack:4.6.0-test.3 image and tag.

v4.6.0-test.4

Features

End-to-end encryption

This feature makes it possible to implement end-to-end encryption between the end-device and end-application. On OTAA join, the join-server will provide Chirpstack with the encrypted AppSKey, which will be forwarded on every uplink to the end-application (integration events). The end-application then first decrypts the AppSKey with the KEK key shared between the JS and end-application, and then uses the decrypted AppSKey to decrypt the application payload.

On enqueue downlink, the end-application encrypts the application payload before enqueue. As well, it must set the f_cnt_down and is_encrypted fields such that ChirpStack knows that the payload is already encrypted and which downlink frame-counter was used during the encryption of the payload.

Note: This feature requires an external join-server.

Add chirpstack_integration crate

This chirpstack_integration crate can be used to build external integrations using the Redis Streams that are exposed by ChirpStack. An example implementation is the ChirpStack Pulsar Integration.

Tenant and application tags

This adds tags (like already can be found on device-profiles and devices) to tenants and applications. Note that the integration events will contain the aggregation of application + device-profile + device tags. Integration events will not contain the tenant tags.

Allow JoinEUI prefix configuration

This makes it possible to configure a JoinEUI prefix when configuring a join-server, to forward a range of JoinEUI to a single join-server without the need to add multiple join-server configuration blocks. As well, this makes it possible to configure a ‘catch-all’ join-server, using a JoinEUI prefix that would match all JoinEUIs.

Refactor streams API + expose Backend Interfaces requests

This moves some of the API:

• meta/meta.proto → streams/meta.proto
• api/frame_log.proto → streams/frames.proto
• api/request_log.proto → streams/api_requests.proto

If you are using these messages in your application, then you might need to update the import paths when updating the API SDK.

As well, this adds a new Redis Stream exposing the Backend Interfaces requests and responses (Passive Roaming + Join Server).

Add allow roaming option to Device Profile

This makes it possible to select which devices are allowed to use roaming and which devices not. This option can be configured in the device-profile. On migration this value will be set to true (as all devices could use roaming before this version).

Add assume_email_verified option for OIDC

Some OpenID Connect providers do not provide an email_verified value. By setting the assume_email_verified to true, ChirpStack will assume that the e-mail address has been verified. (#302)

Improvements

• Expose skip_f_cnt and device variables to ADR plugins.
• Reset uplink ADR history table in case of DR / TxPower / NbTrans change.
• Add secondary_net_ids configuration option.
• Do not fail in case of corrupted mac-commands.
• Use region default RX2 frequency if device-session RX2 frequency == 0.
• Make it explicit that TX Power is in EIRP + update region configuration from ERP to EIRP.
• Refactor device-lock / scheduler_run_after setting.
• Ignore unknown JSON fields when decoding JSON to API structures in Rust.
• Rename time to gw_time and add ns_time to the gateway rx-info struct.
• Speed up API authorization validation queries (SQL).
• Improve log output (better log messages + adding better correlation identifiers to each message).
• Add preamble and no_crc fields to LoraModulationInfo (this is not used
  by ChirpStack, but it can be used by applications directly interacting with
  the gateway).
• Omit null fields in Backend Interfaces JSON output. (#316)
• Reduce dependencies for AWS SNS integration by replacing aws-sdk-sns crate with aws-sign-v4 + REST call.
• Make device metric name optional. (#313)
• Get all device-data in a single query to improve performance.
• Change v4_migrate default to false (please v3 to v4 migration guide).

Bugfixes

• Debian package: Fix postinst to only run on install. (#295)
• Fix setting initial tags in tenant form (UI).
• Use unbounded MQTT client channels / fix dropping MQTT messages under high load.
• Add misspelled UnkownReceiver as valid ResultCode in Backend Interfaces (this is a typo in the specifications). (#317)
• Reload device on change event. (#319)
• Fix sending empty downlink to Relay in case uplink ADRACKReq bit was set.
• Return error in ThingsBoard integration if ThingsBoardAccessToken is not set. (#277)