CHANGELOG.md

1.5.13 (2024-10-23)

aziot-edge

Bug fixes

• Fix aziot-edged version check in iotedge check command ( ca5b8af 4976970 )

aziot-identity-service

Bug fixes

• Restore aziotctl --version command ( 17074d0 )

1.5.12 (2024-10-09)

Only Docker images are updated in this release. The daemon remains at version 1.5.10.

The following Docker images were updated because their base images changed:

• azureiotedge-agent
• azureiotedge-hub
• azureiotedge-simulated-temperature-sensor
• azureiotedge-diagnostics (remains at version 1.5.10 to match the daemon)

1.5.11 (2024-09-11)

Only Docker images are updated in this release. The daemon remains at version 1.5.10.

The following Docker images were updated because their base images changed:

• azureiotedge-agent
• azureiotedge-hub
• azureiotedge-simulated-temperature-sensor
• azureiotedge-diagnostics (remains at version 1.5.10 to match the daemon)

1.5.10 (2024-09-09)

Edge Agent

Features

• Add support for logging IoT Hub SDK events ( 3557a22 )

Bug fixes

• Don't sync reported properties to local cache until cloud sync completes ( e4c3dc0 )

Edge Hub

Features

• Add support for logging IoT Hub SDK events ( 3557a22 )

aziot-edge

OS support

• Add support for Ubuntu 24.04 ( 2807232 )
• Add support for Debian 12 ( 5b7d20f )

Bug fixes

• Increase dockerd client timeout ( e7abc49 )

aziot-identity-service

OS support

• Add support for Ubuntu 24.04 ( 0de6f80 )

1.5.9 (2024-09-09)

Only Docker images are updated in this release. The daemon remains at version 1.5.8.

The following Docker images were updated because their base images changed:

• azureiotedge-agent
• azureiotedge-hub
• azureiotedge-simulated-temperature-sensor
• azureiotedge-diagnostics (remains at version 1.5.8 to match the daemon)

1.5.8 (2024-08-19)

This release only updates aziot-edge and aziot-identity-service. The Docker images remain at 1.5.7.

aziot-edge

Bug fixes

• Fix snap startup error ( d950b62 )

aziot-identity-service

Bug fixes

• Update snap base image and remove unnecessary config ( c66b5c7 )

1.5.7 (2024-08-12)

Base image updates

The following Docker images were updated because their base images changed:

• azureiotedge-agent
• azureiotedge-hub
• azureiotedge-simulated-temperature-sensor
• azureiotedge-diagnostics

Edge Hub

Bug fixes

• Correctly close & dispose SDK client when it fails to open ( df2f019 )

aziot-edge

Bug fixes

• Fix docker-proxy startup issue in snaps @st3v3nmw ( 80e3465 )

aziot-identity-service

OS support

• Add support for Debian 12 (identity service only) ( d1cf0f5 )

Bug fixes

• Treat malformed key(pair) as missing in create-key(pair) code paths ( 0351353 )
• Update shlex dependency to patch security vulnerabilities ( bcc83b4 )

1.5.6 (2024-07-23)

Only Docker images are updated in this release. The daemon remains at version 1.5.0.

The following Docker images were updated because their base images changed:

• azureiotedge-agent
• azureiotedge-hub
• azureiotedge-simulated-temperature-sensor
• azureiotedge-diagnostics (remains at version 1.5.0 to match the daemon)

1.5.5 (2024-07-06)

Only Docker images are updated in this release. The daemon remains at version 1.5.0.

The following Docker images were updated because their base images changed:

• azureiotedge-agent
• azureiotedge-hub
• azureiotedge-simulated-temperature-sensor
• azureiotedge-diagnostics (remains at version 1.5.0 to match the daemon)

1.5.4 (2024-06-21)

Only Docker images are updated in this release. The daemon remains at version 1.5.0.

The following Docker images were updated because their base images changed:

• azureiotedge-agent
• azureiotedge-hub
• azureiotedge-simulated-temperature-sensor
• azureiotedge-diagnostics (remains at version 1.5.0 to match the daemon)

1.5.3 (2024-05-30)

Only Docker images are updated in this release. The daemon remains at version 1.5.0.

The following Docker images were updated because their base images changed:

• azureiotedge-agent
• azureiotedge-hub
• azureiotedge-simulated-temperature-sensor
• azureiotedge-diagnostics (remains at version 1.5.0 to match the daemon)

1.5.2 (2024-05-25)

Only Docker images are updated in this release. The daemon remains at version 1.5.0.

The following Docker images were updated because their base images changed:

• azureiotedge-agent
• azureiotedge-hub
• azureiotedge-simulated-temperature-sensor
• azureiotedge-diagnostics (remains at version 1.5.0 to match the daemon)

1.5.1 (2024-05-20)

Only Docker images are updated in this release. The daemon remains at version 1.5.0.

The following Docker images were updated because their base images changed:

• azureiotedge-agent
• azureiotedge-hub
• azureiotedge-simulated-temperature-sensor
• azureiotedge-diagnostics (remains at version 1.5.0 to match the daemon)

1.5.0 (2024-05-01)

What's new in 1.5?

The 1.5 version is the latest long-term servicing (LTS) release for Azure IoT Edge. It will be serviced with fixes for regressions and critical security issues through November 10, 2026 (product lifecycle).

Upgrade notes

If upgrading to 1.5 from 1.1 or earlier, refer to the notes on updating IoT Edge to the latest release.

Edge Agent

• Upgrade to .NET 8 ( 7508ffc )

Edge Agent

• Upgrade to .NET 8 ( 7508ffc )

aziot-edge

• Update iotedge CLI to detect latest supported version by querying https://aka.ms/azure-iotedge-latest-versions instead of https://aka.ms/latest-aziot-edge ( fad7ea1 )
• Remove support for CentOS 7 and Debian 10 (support continues in 1.4 through June 2024) ( c13dabb )
• Only reprovision when aziot-edged startup errors come from aziot-identityd ( 6f61f95 )
• Add an option to find and remove orphaned identities ( bfb6d2f )
• Update dependency on mio crate to get security fixes ( 8b5744c )

aziot-identity-service

• Update aziotctl CLI to detect the latest supported version by querying https://aka.ms/azure-iotedge-latest-versions instead of https://aka.ms/latest-aziot-identity-service ( b9fff6b )
• Remove support for CentOS 7 and Debian 10 (support continues in 1.4 through June 2024) ( 0f93f7a )
• Update dependency on mio crate to get security fixes ( 5d0c44e )
• Disable HTTP/2 in http-common ( 1a31efe )

1.4.34 (2024-04-10)

Only Docker images are updated in this release. The daemon remains at version 1.4.33.

The following Docker images were updated because their base images changed:

• azureiotedge-agent
• azureiotedge-hub
• azureiotedge-simulated-temperature-sensor
• azureiotedge-diagnostics (remains at version 1.4.33 to match the daemon)

1.4.33 (2024-03-12)

Edge Agent

Bug fixes

• Ensure agent and hub use logger for stack traces by @Gunni ( 4ae6c29 )

Edge Hub

Bug fixes

• Ensure agent and hub use logger for stack traces by @Gunni ( 4ae6c29 )

aziot-edge

OS support

• Add support for Snap amd64/arm64 packages ( c38e0c8 )

Bug fixes

• Fix apt purge --autoremove on Debian/Ubuntu ( 6c34f4b )

aziot-identity-service

OS support

• Add support for Snap amd64/arm64 packages ( 9743701 )

Features

• Add packages for debug symbols ( 0cea2bd )

Bug fixes

• Fix apt purge --autoremove on Debian/Ubuntu ( 014edf1 )

1.4.32 (2024-02-14)

The following Docker images were updated because their base images changed:

• azureiotedge-agent
• azureiotedge-hub
• azureiotedge-simulated-temperature-sensor
• azureiotedge-diagnostics (remains at version 1.4.27 to match the daemon)

1.4.31 (2024-01-27)

The following Docker images were updated because their base images changed:

• azureiotedge-agent
• azureiotedge-hub
• azureiotedge-simulated-temperature-sensor
• azureiotedge-diagnostics (remains at version 1.4.27 to match the daemon)

1.4.30 (2024-01-27)

The following Docker images were updated because their base images changed:

• azureiotedge-agent
• azureiotedge-hub
• azureiotedge-simulated-temperature-sensor
• azureiotedge-diagnostics (remains at version 1.4.27 to match the daemon)

1.4.29 (2024-01-11)

The following Docker images were updated because their base images changed:

• azureiotedge-agent
• azureiotedge-hub
• azureiotedge-simulated-temperature-sensor
• azureiotedge-diagnostics (remains at version 1.4.27 to match the daemon)

1.4.28 (2024-01-10)

The following Docker images were updated because their base images changed:

• azureiotedge-agent
• azureiotedge-hub
• azureiotedge-simulated-temperature-sensor
• azureiotedge-diagnostics (remains at version 1.4.27 to match the daemon)

1.4.27 (2023-12-07)

Edge Hub

Bug fixes

• Add support for GetCountFromStartKey for InMemoryDbStore ( f1a9da3 )

aziot-edge

Bug fixes

• Parse default edged path from environment variable by @ef4203 ( 1f048bf )
• Remove Ubuntu 18.04 support ( 765ec2d )

aziot-identity-service

Bug fixes

• Remove Ubuntu 18.04 support ( ea88b83 )
• Fix nullptr deref when decoding EST PKCS#7 response ( 3fd2073 )
• Only create PKCS#11 AES keys if AES-GCM is supported ( 79aae50 )

Other fixes

• Upgrade Functions sample to remove dependency on .NET Core 3.1 ( c38aa54 )

1.4.26 (2023-12-01)

The following Docker images were updated because their base images changed:

• azureiotedge-agent
• azureiotedge-hub
• azureiotedge-simulated-temperature-sensor
• azureiotedge-diagnostics (remains at version 1.4.20 to match the daemon)

1.4.25 (2023-11-15)

The following Docker images were updated because their base images changed:

• azureiotedge-agent
• azureiotedge-hub
• azureiotedge-simulated-temperature-sensor
• azureiotedge-diagnostics (remains at version 1.4.20 to match the daemon)

1.4.24 (2023-10-25)

The following Docker images were updated because their base images changed:

• azureiotedge-agent
• azureiotedge-hub
• azureiotedge-simulated-temperature-sensor
• azureiotedge-diagnostics (remains at version 1.4.20 to match the daemon)

1.4.23 (2023-10-13)

The following Docker images were updated because their base images changed:

• azureiotedge-agent
• azureiotedge-hub
• azureiotedge-simulated-temperature-sensor
• azureiotedge-diagnostics (remains at version 1.4.20 to match the daemon)

1.4.22 (2023-10-11)

The following Docker images were updated because their base images changed:

• azureiotedge-agent
• azureiotedge-hub
• azureiotedge-simulated-temperature-sensor
• azureiotedge-diagnostics (remains at version 1.4.20 to match the daemon)

1.4.21 (2023-09-29)

The following Docker images were updated because their base images changed:

• azureiotedge-agent
• azureiotedge-hub
• azureiotedge-simulated-temperature-sensor
• azureiotedge-diagnostics (remains at version 1.4.20 to match the daemon)

1.4.20 (2023-09-18)

Edge Agent

Bug fixes

• Fix container restart policy deserialization ( bd05d4d )

aziot-edge

Bug fixes

• Add support for 'prefer_module_identity_cache' option ( 9c7dbdd )
• Fix error in CLI warning message ( 978ccaa )

aziot-identity-service

Bug fixes

• Add support for 'prefer_module_identity_cache' option ( 137258d )
• Update EL package configuration to fix a conflict with distro's tpm2-tss package ( d644195 )
• Remove socket path if it is a directory instead of a file ( ed69cc4 )

1.4.19 (2023-09-13)

The following Docker images were updated because their base images changed:

• azureiotedge-agent
• azureiotedge-hub
• azureiotedge-simulated-temperature-sensor
• azureiotedge-diagnostics (remains at version 1.4.16 to match the daemon)

1.4.18 (2023-08-09)

The following Docker images were updated because their base images changed:

• azureiotedge-agent
• azureiotedge-hub
• azureiotedge-simulated-temperature-sensor
• azureiotedge-diagnostics (remains at version 1.4.16 to match the daemon)

1.4.17 (2023-08-08)

The following Docker images were updated because their base images changed:

• azureiotedge-agent
• azureiotedge-hub
• azureiotedge-simulated-temperature-sensor
• azureiotedge-diagnostics (remains at version 1.4.16 to match the daemon)

1.4.16 (2023-07-28)

Edge Hub

Bug fixes

• Ensure database shuts down properly before Edge Hub closes ( 238c121 )

aziot-edge

Bug fixes

• Ignore 'systemd daemon-reload' errors when purging debian package ( 291d716 )
• Patch vulnerabilities in cargo dependencies ( 9e71341 )
• Make RHEL8 package depend on moby-engine or docker-ce ( 3a2e68e )

aziot-identity-service

Bug fixes

• Ignore 'systemd daemon-reload' errors when purging debian package ( 7856c23 )
• Patch vulnerabilities in cargo dependencies ( 67fa660 )

1.4.15 (2023-07-11)

The following Docker images were updated because their base images changed:

• azureiotedge-agent
• azureiotedge-hub
• azureiotedge-simulated-temperature-sensor
• azureiotedge-diagnostics (remains at version 1.4.10 to match the daemon)

1.4.14 (2023-06-23)

The following Docker images were updated because their base images changed:

• azureiotedge-agent
• azureiotedge-hub
• azureiotedge-simulated-temperature-sensor
• azureiotedge-diagnostics (remains at version 1.4.10 to match the daemon)

1.4.13 (2023-06-15)

The following Docker images were updated because their base images changed:

• azureiotedge-agent
• azureiotedge-hub
• azureiotedge-simulated-temperature-sensor
• azureiotedge-diagnostics (remains at version 1.4.10 to match the daemon)

1.4.12 (2023-06-14)

The following Docker images were updated because their base images changed:

• azureiotedge-agent
• azureiotedge-hub
• azureiotedge-simulated-temperature-sensor
• azureiotedge-diagnostics (remains at version 1.4.10 to match the daemon)

1.4.11 (2023-05-26)

The following Docker images were updated because their base images changed:

• azureiotedge-agent
• azureiotedge-hub
• azureiotedge-simulated-temperature-sensor
• azureiotedge-diagnostics (remains at version 1.4.10 to match the daemon)

1.4.10 (2023-05-01)

Beginning with this release we are publishing installable packages for Red Hat Enterprise Linux 9 (amd64) on Microsoft's Linux package repository.

Note: On RHEL 9 the IoT Edge security subsystem has been tested with openssl 3.0. It may not function properly if older versions of openssl are also present on the device. If you previously installed openssl 1.1 in combination with an earlier version of IoT Edge then we would recommend removing both and starting fresh to avoid potential incompatibilities.

Base image updates

The following Docker images were updated because their base images changed:

• azureiotedge-agent
• azureiotedge-hub
• azureiotedge-simulated-temperature-sensor
• azureiotedge-diagnostics

Edge Agent

Bug fixes

• Update versions of .NET dependencies to patch security vulnerabilities ( 82ca5e8 )
• Update version of Azure IoT SDK to fix a memory leak ( d98f43c )
• Optionally detect and remove orphaned module identities when a new deployment is received ( 3bac802 )

Edge Hub

Bug fixes

• Update versions of .NET dependencies to patch security vulnerabilities ( 82ca5e8 )
• Update version of Azure IoT SDK to fix a memory leak ( d98f43c )
• Optionally check for server cert expiry at the given interval ( fbe35da )

aziot-edge

OS support

• Add support for RHEL 9 amd64 ( 32f7481 )

Bug fixes

• Add a timeout to prevent iotedge support-bundle from hanging in certain circumstances ( f7dd1aa )
• Relax padding requirement in symmetric keys ( 907eef1 )
• Fix memory and swap information reported by iotedge check and Edge Agent ( b29d736 )
• Add comment to config template about quickstart Edge CA ( a4196a4 )
• Update guidance in iotedge config apply warning message ( 86b8e69 )
• Update version of openssl crate to patch security vulnerabilities ( 3b8b9e3 )

aziot-identity-service

OS support

• Add support for RHEL 9 amd64 ( 24f227d )

Bug fixes

• Relax padding requirement in symmetric keys ( 77ca573 )
• Update version of openssl crate to patch security vulnerabilities ( df1885b )

1.4.9 (2023-02-14)

Beginning with this release we are publishing installable packages for Ubuntu 22.04 (amd64, arm64) on Microsoft's Linux package repository.

Note: On Ubuntu 22.04 the IoT Edge security subsystem has been tested with openssl 3.0. It may not function properly if older versions of openssl are also present on the device. If you previously installed openssl 1.1 in combination with an earlier version of IoT Edge then we would recommend removing both and starting fresh to avoid potential incompatibilities.

Base image updates

The following Docker images were updated because their base images changed:

• azureiotedge-agent
• azureiotedge-hub
• azureiotedge-simulated-temperature-sensor
• azureiotedge-diagnostics

Edge Agent

Bug fixes

• Fix incorrectly reported metrics on a module's expected and actual running time ( 94f8072 )

aziot-edge

OS support

• Add support for Ubuntu 22.04 amd64, arm64v8 ( b4b54da )

Bug fixes

• Enable >4GB files in support_bundle ZIP writer ( cea876f )
• Update cargo dependencies to take security updates ( a372eca )
• Update to the latest version of aziot-identity-service ( 37f51c2 )
• Fix iotedge restart command to correct a problem with workload sockets ( 08dfac5 )

aziot-identity-service

OS support

• Add support for Ubuntu 22.04 amd64, arm64v8 ( ea9e476 )

Bug fixes

• Retry with exponential backoff when IoT Hub throttles ( a6aacda )
• Update cargo dependencies to take security updates ( b3de517 )
• Use fair mutex to fix request ordering problem ( 03e383e )

1.4.8 (2023-01-26)

Edge Agent

Bug fixes

• Use ISO 8601 for UTC timestamps sent to IoT Hub ( 0ab44e1 )

Edge Hub

Bug fixes

• Eliminate 30 sec delay when M2M ack is interrupted by disconnect ( e32cfce )

aziot-edge

Bug fixes

• Use ISO 8601 for UTC timestamps sent to IoT Hub ( 0ab44e1 )
• Bump iot-identity-service to 1.4.2

1.4.7 (2023-01-10)

Edge Agent

Bug fixes

• Update to Newtonsoft.Json 13.0.2 ( f2b95bf )

Edge Hub

Bug fixes

• Update to Newtonsoft.Json 13.0.2 ( f2b95bf )

Base image updates

The following Docker images were updated because their base images changed:

• azureiotedge-agent
• azureiotedge-hub
• azureiotedge-simulated-temperature-sensor
• azureiotedge-diagnostics (remains at version 1.4.3 to match the daemon)

1.4.6 (2022-12-30)

The following Docker images were updated because their base images changed:

• azureiotedge-agent
• azureiotedge-hub
• azureiotedge-simulated-temperature-sensor
• azureiotedge-diagnostics (remains at version 1.4.3 to match the daemon)

1.4.5 (2022-12-16)

The following Docker images were updated because their base images changed:

• azureiotedge-agent
• azureiotedge-hub
• azureiotedge-simulated-temperature-sensor
• azureiotedge-diagnostics (remains at version 1.4.3 to match the daemon)

1.4.4 (2022-12-01)

The following Docker images were updated because their base images changed:

• azureiotedge-agent
• azureiotedge-hub
• azureiotedge-simulated-temperature-sensor
• azureiotedge-diagnostics (remains at version 1.4.3 to match the daemon)

1.4.3 (2022-11-22)

Edge Agent

• Fix bug causing Edge Agent to delay sending reported properties to IoT Hub by 1 hour ( e43cdc9 )
• Fix edgeagentuser's login shell ( 6274476 )
• Make client timeout configurable for management API ( 7a379d3, 8afaa3a )

Edge Hub

• Call IoT Device SDK CloseAsync before Dispose ( 8787301 )
• Upgrade DotNetty and set a timeout for shutdown calls to mitigate hangs ( 15e72bb )
• Fix edgehubuser's login shell ( 6274476 )

aziot-edge

• Make iotedge check respect journald as valid log rotation setting ( 3a39460 )

Other fixes

• Upgrade Azure Functions sample's base image ( c38c61d )
• Upgrade Newtonsoft.Json in samples and Azure Functions binding ( a5ae82b )

1.4.2 (2022-10-04)

Edge Hub

Bug Fixes

• Update dependency to fix OOM bug ( 906786c )

aziot-edge

Bug Fixes

• Fix confusing log message in image garbage collection ( 736116b )

Base image updates

The following Docker images were updated because their base images changed:

• azureiotedge-agent
• azureiotedge-hub
• azureiotedge-simulated-temperature-sensor
• azureiotedge-diagnostics

1.4.1 (2022-09-09)

aziot-edge

• Bump iot-identity-service to fix regression in TPM authentication key index ( fd90024 )

1.4.0 (2022-08-26)

What's new in 1.4?

The 1.4 version is the latest long-term support (LTS) version of IoT Edge. It will be serviced with fixes for regressions and critical security issues through November 12, 2024 (product lifecycle). In addition to long-term servicing, it includes the following improvements.

• Automatic cleanup of unused Docker images (doc)
• Ability to pass a custom json payload to DPS on provisioning (doc)
• Option to download all modules in a deployment before (re)starting any (doc)
• Use of the TCG TPM2 Software Stack which enables TPM hierarchy authorization values, specifying the TPM index at which to persist the DPS authentication key, and accommodating more TPM configurations (doc)

With this release, the 1.3.x release is no longer serviced with bug fixes and security patches.

Upgrade notes

When upgrading to 1.4 you should be aware of the following changes:

• Automatic cleanup of unused Docker images is on by default
• If upgrading from 1.0 or 1.1 then refer to the notes on updating IoT Edge to the latest release

Edge Agent

• Fix bug where Edge Agent is updated without backing image ( 72e5d648c )
• Fix user creation for edgeAgent and edgeHub ( 388ec1a34 )
• Add total memory to device metadata ( 683a2dde6 )
• Support feature flag ModuleUpdateMode ( 303b3fdcc )
• Update NewtonSoft to 13.0.1 ( 84e883779 )
• Remove docker mode ( 40824ed28 )

Edge Hub

• Fix user creation for edgeAgent and edgeHub ( 388ec1a34 )

aziot-edge

• Run cargo update everywhere ( 82d1c12c6 )
• Image garbage collection for iotedge ( f48335d68 )
• Allow socket throttling limits to be configurable ( ba7052fd3 )
• Support privileged modules specified without CAP_CHOWN and CAP_SETUID ( d0470e2e6 )
• Fix creation and cleanup of edgeagentuser and edgehubuser ( 89801b4d9 )
• Fix user creation for edgeAgent and edgeHub ( 388ec1a34 )
• Add total memory to device metadata ( 683a2dde6 )
• Trim leading $ from server cert SANs ( 9a6f39bcd )
• Run cargo update everywhere ( 96566c1d3 )
• Include tpmd configuration section from IIS ( 0a65c31a7 )
• Update version to 1.4.0 ( 1b3f818c2 )
• Support DPS custom allocation payloads ( b428ac9f4 )
• Socket Activation for Mariner Package Builds ( 6ac5577fd )
• Upgrade to latest Rust version ( 9a5ebddcf )
• Correct container runtime status code propagation ( fe3137061 )
• Enable Edge CA auto-renewal by default ( 279145c0a )
• Do not rename configuration items for SystemInfo ( 4c4717e83 )

1.3.0 (2022-06-24)

What's new in 1.3?

The 1.3 release is the next stable release after the 1.2 and includes the following in preparation for the next LTS:

• OS support changes
• System modules based on .NET 6 with Alpine as the base layer
• Required use of TLS 1.2 by default
• Ability to configure device identity, EST identity, and Edge CA certificate auto-renewal before expiration using config.toml, addresses #5787, #5788, and Azure/iot-identity-service#300
• Added a check for iotedge config apply to detect hostname changes to prevent mismatch between configuration and edgeHub server certificate, addresses #5773 and #6276
• Updates to the rust-based components to use tokio 1.0
• Various bug fixes

With this release the 1.2.x is no longer serviced with bug fixes and security patches.

Upgrade notes

Require TLS 1.2 by default

You can configure Edge Hub to still accept TLS 1.0 or 1.1 connections via the SslProtocols environment variable. Please note that support for TLS 1.0 and 1.1 in IoT Hub is considered legacy and may also be removed from Edge Hub in future releases. To avoid future issues, use TLS 1.2 as the only TLS version when connecting to Edge Hub or IoT Hub.

MQTT broker preview removed

The preview for the experimental MQTT broker in Edge Hub 1.2 has ended and is not included in Edge Hub 1.3. We are continuing to refine our plans for an MQTT broker based on feedback received. In the meantime, if you need a standards-compliant MQTT broker on IoT Edge, consider deploying an open-source broker like Mosquitto as an IoT Edge module.

Certificate renewal feature detail

You can have IoT Edge proactively renew device identity (for authentication to IoT Hub and DPS), Edge CA, and EST identity certificates by configuring a few basic options in the config.toml. Use this feature along with an EST server like GlobalSign IoT Edge Enroll or DigiCert IoT Device Manager to automate certificate renewals customized to your needs.

For example, adding the below configuration enables device identity certificate auto-renewal when the certificate is at 80% of its lifetime, retry at increment of 4% of lifetime, and rotate the private key:

[provisioning.attestation.identity_cert.auto_renew]
rotate_key = true
threshold = "80%"
retry = "4%"

To enable the certificate renewal feature, changes were made to consolidate and improve IoT Edge's certificate management system. There are some important differences in 1.3 compared to 1.2:

• All modules restart when Edge CA certificate is renewed. This is necessary so that each module receives the updated trust bundle with the new CA certificate. By default, and when there's no specific auto_renew configuration, Edge CA renews at 80% certificate lifetime and so modules would restart at that time.
• The device identity certificate no longer renews when reprovisioned within 1 day of certificate expiry. This old behavior in 1.2 is removed because it causes authentication errors with IoT Hub or DPS when using X.509 thumbprint authentication, since the new certificate comes with a new thumbprint that the user must manually update in Azure. In 1.3, device identity automatic renewal must be explicitly enabled similar to example above and should only be used with DPS X.509 CA authentication.
• The device identity certificate no longer renews when reprovisioned after certificate expiry. The reason for this change is same as above: device identity certificates do not renew by default since it causes issues with X.509 thumbprint authentication.

OS support

• Adding RedHat Enterprise Linux 8 for AMD and Intel 64-bit architectures.
• Adding Debian 11 (Bullseye) for ARM32v7 ( Generally available: Azure IoT Edge supports Debian Bullseye on ARM32v7 )

Retirement

• Debian 9 (Stretch) for ARMHF ( Update your IoT Edge devices on Raspberry Pi OS Stretch )

Compatibility script (Under development)

The IoT Edge compatibility script performs a variety of checks to determine whether a platform has the necessary capabilities to run IoT Edge. This stand-alone script is still considered under development, but we invite anyone to give it a try and send us your feedback by posting in the Issues. Go here to learn more about the checks it performs and how to use it.

Known issue: Debian 10 (Buster) on ARMv7

We recommend using Bullseye instead of Buster as the host OS. Seccomp on Buster may not be aware of new system calls used by your container resulting in crashes.

If you need to use Buster, then apply the following workaround to change the default seccomp profile for Moby's defaultAction to SCMP_ACT_TRACE:

1. Make sure you are runing latest docker and latest seccomp package from oldstable channel
2. Download Moby's default seccomp profile and put it somewhere.
3. On line 2 change the value for defaultAction from SCMP_ACT_ERRNO to SCMP_ACT_TRACE
4. Edit file /etc/systemd/system/multi-user.target.wants/docker.service to have it contain: --seccomp-profile=/path/to/default.json
5. Restart your container engine by running:

   sudo systemctl daemon-reload
   sudo systemctl restart docker

Edge Agent

• Remove unused plan runner and planner ( 2159dfad3 )
• Flatten additional properties of metrics ( dbc6af347 )
• Update Device SDK to the latest LTS version ( 90e5b3264 )
• Update ARM32 and ARM64 images to use Alpine ( 059aaea2d )
• Migrate to Dotnet 6 ( 37234e02b )
• Device product information ( 9faf5a5c0 )
• Update references to the default branch ( 04ee9751f )
• Update Microsoft.Azure.Devices.Client from 1.36.3 to 1.36.4 ( 19beaae55 )
• Remove k8s projects from master ( d81a032bc )
• Fix underflow possibility on ColumnFamilyDbStore ( bc78f1c )
• Remove BouncyCastle dependency ( aa2237988 )
• Fix Workload socket issue for concurrent module create ( 26bbf7145 )
• Handle Return Code From Get Module Logs Failure ( 5015eca6d )
• Update SDK from 1.36.2 to 1.36.3 to fix connectivity issues ( 865b275b4 )
• Restrict EdgeAgent parallel calls to edged to 5 ( 3bb4c8f7f )
• Recreate edgeAgent when not Running, Stopped, or Failed ( 6b21874fe )
• Add RocksDB_MaxManifestFileSize env var ( 2c878635c )
• Update SDK references to fix Dotnetty bug ( 0750a4414 )
• Update k8s client ( edad631d7 )
• Fix edgeAgent creates rogue ModuleClients in case of error ( e3892eb4a )
• Fix various RUSTSEC ( 89917f1bb )
• Make sure to dispose HttpContentStream when done reading module logs. ( 43d662397 )
• Introduce multiple workload sockets ( 323bdc9ac )
• Fix delayed frequent twin pulls on reconnect ( c87e85b0f )
• Properly dispose UDS for Workload Client. ( 472cee5, f9cdb59 )
• Use Docker Timestamp When Log Timestamp is not Available in JSON log ( 00cfb6fbe )
• Don't dispose stream too early ( ce0ca9a87 )
• Change default uid ( b443b0c2f )
• Update GetModuleLogs method when tail + since + until options are provided. ( 32df5ee8a )
• $upstream support for container registry address ( 58f5faa0c )
• Resolve security concern in logging ( e96554c63 )
• Verify Twin Signatures ( e8d2bc270 )

Edge Hub

• Remove experimental mqtt broker code ( 85084e4f0 )
• Batch incoming amqp messages to optimize sender feedback ( 5667c58ce )
• Bump Device SDK to latest LTS version ( 90e5b3264 )
• Restrict TLS protocol to 1.2 for EdgeHub and ApiProxy modules ( 4a76a20b1 )
• Update agent ARM32/64 images to use Alpine ( 059aaea2d )
• Configurable task for cancelling upstream calls ( cf9e04987 )
• Build docker images with embedded metadata ( a458af376 )
• Migrate to Dotnet 6 ( 37234e02b )
• Rust toolchain upgrade fixes ( a45cc5f71 )
• Device product information ( 9faf5a5c0 )
• Update regex to 1.5.5 ( 9f0f7f424 )
• Upgrade Rust toolchain ( ab700e82a )
• Update Microsoft.Azure.Devices.Client from 1.36.3 to 1.36.4 ( 19beaae55 )
• Remove thread_local for non-edgelet projects ( 6db976def )
• Add more logging to certificate import ( 49d41df98 )
• Fix edgeHub shutdown for renew certificate ( fcd4d007a )
• AMQP CBS token message dispose ( 4179221bc )
• Fix underflow possibility on ColumnFamilyDbStore ( bc78f1c )
• Remove BouncyCastle dependency ( aa2237988 )
• Update Base Images for a Security Patch ( e6d52d6f6, 7e0c1a5d3, 704250b04, b592e4776, 5cb16fb5d, b00a78805 )
• Allow identity translation for subscriptions ( 5fbd0d9f3 )
• Update vulnerable nix version ( 33c8a778f )
• Wait for configuration before starting protocol heads ( b6c5d861b )
• Update dependency on vulnerable package ( 76c22bf10 )
• Update SDK from 1.36.2 to 1.36.3 to fix connectivity issues ( 865b275b4 )
• Fix edgehub_queue_len counting ( d3f649886 )
• Fix detect fail-over from iot hub/sdk behavior and disconnect from hub ( 676a0f58c )
• Remove WebSocket Ping KeepAlives ( 31531ec22 )
• Update links to docs from .md files ( 97c803071 )
• Fix OnReconnectionClientsGetTwinsPulled() increased timeout ( e6ddd546b )
• Add RocksDB_MaxManifestFileSize env var ( 2c878635c )
• Add connection-check for direct method test ( 0ad320041 )
• Update SDK references to fix Dotnetty bug ( 0750a4414 )
• Create identities for leaf ( ca2f4aac5 )
• Add ComponentName to message properties ( 9a32670dd )
• Remove redundant tests and wait for device to be disconnected ( 221048a9c )
• Fix exception type in BrokerConnection::SendAsync ( bbe3525af )
• Don't dispose stream too early ( ce0ca9a87 )
• Fix edgeHub error code propagation in case of an error ( 8250d87a5 )
• Change default uid ( b443b0c2f )
• Format error message in registry controller (#4776) ( 0dceddcfa )
• Fix edgehub_queue_len_metric ( 065bf3297 )
• Update rust toolchain to 1.52.1 ( e5218d1e7 )
• Overwrite IsDirectConnection flag when device changes from Indirect ( 68d5ebff4 )
• Restore device scopes from older store (version < 1.2) ( 207a5f07b )
• Upgrade cargo deps for watchdog ( 797df90bc )
• Close AMQP connection explicitly when no more links ( 6c8134e6c )
• Add SharedAccessSignature to repo with fix for vulnerability ( 6c4269a0b )
• Add validation for null props inside objects inside arrays. ( f96961f4a )
• Fix resolving BrokeredCloudProxyDispatcher ( ef27142f9 )
• Fix getDeviceAndModuleOnBehalfOf to check if target device is in scope ( 7c3261a67 )
• Send connection device Id information on twin change notifications ( cd39064f5 )
• Update HttpClient timeout for scope sync ( 5b22e774f )
• Add caching to TokenProvider ( 8988456 )
• Registry API On-behalf-of calls auth check fix ( cad6c5b0c )
• Device scope cache refresh ( 44b599caa )
• Update rust toolchain to 1.51 ( 0f1d90c7c )
• Update bridge config validation. ( 78236a7ba )
• Add edgeHub identity to the scopes cache at the startup ( 0dbdd0577 )
• Drop messages when device is not in scope and auth mode is Scope ( 51ad827de )
• Update client twins after disconnect/connect ( 794c32459 )
• Throw transient error when edgeHubCore is disconnected from the broker ( b196a15e3 )
• Don't unsubscribe when there is no subscription registered ( 53ff15b8c )
• CloudConnection did not forward close() call to cloud proxy ( 6f3f8ecc4 )
• Move NestedEdgeEnabled out of experimental features. (#4467) ( 7e0fc1fae )
• Add a separate message pump for messages from upstream ( 0e6985445 )
• Verify Twin Signatures ( e8d2bc270 )

aziot-edge

• Enable Edge CA auto-renewal by default ( 04bd75d9c )
• Correct handling of /images/create response stream ( 287629d09 )
• Fix debug artifacts being used in the release pipeline. ( 59b192cff )
• Flatten additional properties of metrics ( dbc6af347 )
• Upgrade to latest Rust version ( 9f674bdf5, f9c174f98, 4dfe8b1bf )
• Remove check_submodules tool ( 038f1c5a2 )
• Fix for new hostname conflicting with old modules ( bb844b5a8 )
• Fix exit code when restarting due to reprovision ( 223f3922a )
• Fix subject name setting of Edge CA ( 921840e02 )
• Remove Debian 9 from main ( 30a1ee5d9 )
• Build docker images with embedded metadata ( a458af376 )
• Add auto-renewal of the Edge CA cert ( d8ae9bd7d )
• RHEL8 packages ( 53d3afc2a )
• Add settings for auto-renewal of Edge CA ( a8fb6465e )
• Remove failure dependency ( 496c89924 )
• Device product information ( 9faf5a5c0 )
• Upgrade Rust toolchain ( bf3f444b8 )
• Update regex to 1.5.5 ( 9f0f7f424 )
• Update scripts for removing keys and certificates on edge device ( 9557aecff )
• Update references to the default branch ( 04ee9751f )
• Update tokio, rayon, and crossbeam to latest compatible versions ( 54163699b )
• Upgrade Rust toolchain ( ab700e82a )
• Move test clients and functions to iot-identity-service ( f8155c06a )
• Update cargo dependency ( 512f1364b )
• Add Instructions to Run Azure IoT Edge Daemon Locally ( bd43e5d5e )
• Update vulnerable regex package ( cfeea7d14 )
• Change default common name of Edge CA cert to "aziot-edge CA" ( a62e2cad6 )
• Update vulnerable nix version ( 33c8a778f )
• Update tokio to 1.15.0 ( c941f0605 )
• Update edgelet cargo dependency ( 132e1d340 )
• Iotedge check proxy-settings ( dc6d0d093 )
• Remove moby check ( 3b95ec7c9 )
• Remove Subject Alternate Name Sanitization in Workload Cert Creation ( 070610dbc )
• Reorder identity_pk and identity_cert ( cb3d8b552 )
• Fix typo in template configuration ( 02cf5a733 )
• Update template configuration with subject DN options ( 452fcc5ee )
• Fix bug where Edge CA is always self-signed ( 4e7a5bbab )
• Use IS client retries ( 87f978e4f )
• Recreate edgeAgent when not Running, Stopped, or Failed ( 6b21874fe )
• Expand build targets to include Debian11 ( a9dc1df65 )
• Update cargo dependency ( 31c4afa17 )
• Add doc for device ID and Edge CA certs over EST ( 1d58e64c3 )
• Fix missing uptime in iotedge list ( f0cb947ab )
• Fix aziot-edged startup when mnt is missing ( 68f564c77 )
• Disable connection pooling for docker client. ( b35d36493 )
• Renew Edge CA on startup of edged ( 96d003115 )
• Use 1ES hosted agent for amd64 single-node connectivty tests ( b4b2d7d93 )
• Update edgelet to use tokio 1 ( 4c2f173b3 )
• Fix various RUSTSEC ( 89917f1bb )
• Add timestamp to the default support-bundle filename ( d7f36c178 )
• Handle proxy_uri consistently in iotedge check ( ff79848aa )
• Fix host cpu metric incorrectly reported at 100% (#5204) ( 3eaaae993 )
• Implement throttling mechanism to prevent spamming of workload socket ( 63c566b97 )
• Update connectivity check on ports to skip checks when not needed ( ec491d799 )
• Introduce multiple workload sockets ( 323bdc9ac )
• Fix Privileged Flag ( 07d6c3c67 )
• Introduce Timestamps Option via mgmt.sock (#4970) ( 244723e5c )
• Improve log message for container state ( c07ade738 )
• Device config has allow_privileged flag ( 6a035ea09 )
• Fix DPS E2E tests ( 46db9fdfc )
• Enable aziot-edged in CentOS package ( dafe2ece2 )
• Limit sysinfo crate FDs usage. ( bc5606131 )
• Change default uid ( b443b0c2f )
• Make edgelet uses humantime instead of parse_duration ( 450830433 )
• Edgelet RUSTSEC dep update ( 6cae62e46 )
• $upstream support for container registry address ( 58f5faa0c )
• Registration ID is optional in super-config ( 35da91ee8 )
• Fix auth certs for EST-issued Edge CA in iotedge config apply ( 4e29eabc8 )
• Fix Edge CA and module cert CSRs to use version 0 (v1) instead of non-existent version 2 (v3). ( a88f820a5 )
• Support issued Edge CA cert in iotedge config apply ( 0d579a75f )
• Resolve security concern in logging ( e96554c63 )
• Validate connection string during iotedge config mp ( 10c82de0d )
• Update iot-identity-service dependency ( d7cc38c27, 5c423cf87 )
• Update the dev version to 1.2 ( 1a796160e )
• Fix for expired CA certificate not renewing ( 04e78bd85 )
• Make super config public ( 825017957 )
• Fix links in help message ( 8533efe2c )
• aziotctl system improvements + system status formatting changes ( e9923a619 )
• Add iotedge user to systemd-journal group ( 1ec948635 )
• Update cargo dependency for iot-identity-service ( 8a6b87fca )
• Update iotedge check for version 1.2.0 ( 80f95d83a )
• Remove references to 'iotedged' from iotedge help text ( 0f82c622b )
• Cache device provisioning state ( d9be1e994 )
• Fix check-agent-image-version check for nested Edge scenarios. ( 146f53052 )
• Document the super-config's agent.config.createOptions value format more clearly. ( 28ec7b56a )
• Prepend iotedge-config suggestions with sudo. ( e021231b3 )
• Import master encryption key in iotedge config import ( 1b2ece4a0 )
• Fix iotedge config apply not picking up parent hostname because of serde bug. ( fb3c42c80 )
• Fix self-signed edge-ca cert to use its subject name as the issuer name. ( 40ddfff90 )
• Set default agent version to 1.2.0-rc4 ( d7ad36670 )
• Read parent_hostname configuration from aziot ( 13124b87c )
• Iotedge system stop ( 94226fd1c )
• Remove leftover unused lint exceptions ( 9d43de593 )
• Use unique common name for edged-ca cert when apply'ing super-config. ( 34e7a6c72 )
• Bump serde-yaml version to 0.8 ( 226c01b51 )
• Change default quickstart Edge CA expiry to 90 days. ( 0a1c70406 )
• Re-add dynamic provisioning support ( c0997a78f )
• Add iotedge system reprovision ( 98c916839 )
• Fix versioning scheme ( 9737395cf )
• Add check version for agent image ( deb8a62b8 )
• iotedge check improvements for nested edge ( 22819dd7f )
• Add "required" annotation to iotedge-config-mp's --connection-string parameter. ( 102936097 )
• Remove constrain that makes no sense in general case ( 168a79c2b )
• Add check up_to_date_config ( 8af0fe818 )
• Add iotedge config mp to create a super-config with a manual-provisioning connection string. ( 8a9787745 )
• Bump aziot version ( bb6d7aeb0 )
• Add optional proxy argument to iotedge ( 6b0c6c5d8 )
• Fix package purge when aziot-edged is running ( 73da8adcc )
• Ignore validity in cert API requests ( a526d6306 )
• Update postrm to delete iotedge user on purge ( 1c0fc8cd7 )
• Fix license type in aziot-edge.spec ( 062592e3b )
• Fix from bugbash ( c6a9bbb44, 7245c8e05 )
• Implement workaround for nested Edge until identityd supports parent_hostname. ( dc7c92944 )
• Convert iotedged config to TOML, and implement iotedge config ( d0978bf63 )
• Skip latest version check in nested scenarios ( 941479382 )

Other Modules

• Azure Functions Module supports only Amd64 ( c57446255 )
• Upgrade to latest Rust version ( 9f674bdf5 )
• Bump Device SDK to latest LTS version ( 90e5b3264 )
• Restrict TLS protocol to 1.2 for ApiProxy modules ( 4a76a20b1 )
• Update ARM32 and ARM64 images to use Alpine ( 059aaea2d )
• Build docker images with embedded metadata ( a458af376 )
• Api proxy image update ( cca4ae51d )
• Remove failure dependency ( 496c89924 )
• Migrate to Dotnet 6 ( 37234e02b )
• Update regex to 1.5.5 ( 9f0f7f424 )
• Fix API proxy for special characters ( 26ab9c135 )
• Update references to the default branch ( 04ee9751f )
• Upgrade Rust toolchain ( ab700e82a )
• Update Microsoft.Azure.Devices.Client from 1.36.3 to 1.36.4 ( 19beaae55 )
• Update Base Images for a Security Patch ( e6d52d6f6, 7e0c1a5d3, 704250b04, b592e4776, 5cb16fb5d, addda2b60, b00a78805 )
• Update tokio to 1.15.0 ( c941f0605 )
• Build rocksdb and arm images in amd64 hosts (ubuntu 20.04 hosts) ( 2ad61fa31 )
• Add delay between nginx crashes ( 2f6bfb30b )
• Add ContentEncoding and ContentType to support routing and Event Grid for TempSensor Module ( e261b4b43 )
• Update SDK from 1.36.2 to 1.36.3 to fix connectivity issues ( 865b275b4 )
• Change so nginx doesn't start as root by mistake ( 6769f901e )
• Update TempFilterFunc binding protocol to Amqp_Tcp_Only ( 72266d057 )
• Update SDK references to fix Dotnetty bug ( 0750a4414 )
• Fix functions sample on centos ( ada39f5c6 )
• Api proxy image update ( 5288a2763 )
• Update edgelet to use tokio 1 ( 4c2f173b3 )
• Update System.Text.Encodings.Web ( ad88f8e32 )
• Fix API proxy cache ( a6064515c )
• RUSTSEC fixes ( e24cec895 )
• Run API proxy as nginx user ( 05c9f7852 )
• Not running api proxy as root ( 675f0e3d0 )
• Change ssl protocols and ciphers ( e369ef883 )
• Update functions packages ( f52a88457 )
• Update tokio and hyper dependencies ( 39bd6dc31 )
• Add ACR unit tests for config parser ( ab6304d68 )
• Fix user configuration ( 73da8f688 )
• Fix setting up env var when receiving new config ( d0c1bf84a )
• Change default uid ( b443b0c2f )
• Fix merge problem. ( 1947aea51 )
• Fix potential instability in iotedged after UploadSupportBundle fails. ( 4c6f5d727 )
• edgehub-proxy update RUSTSEC deps ( e44dd81a6 )
• Adding boolean expression parsing to API proxy ( d1206d949 )
• Update rust toolchain to 1.52.1 ( e5218d1e7 )
• Simplify config parsing ( 5ade90d4c )
• Update functions to 3.0 ( 124a20cd4 )
• Change config on initial twin ( 5421f9e7b )
• Hide SAS key ( 9e8323524 )
• Upgrade api-proxy module to tokio1 ( 8155604c2 )
• Update rust toolchain to 1.51 ( 0f1d90c7c )
• Fix API proxy race condition (#4768) ( d2c331d60 )
• Fix Api proxy indirection ( d129a0719 )
• Merge api proxy edge hub pr ( 8ac0a7462 )
• iotedge check improvements for nested edge ( 22819dd7f )
• Change nginx from alpine to ubuntu bionic ( 89ad3dab0 )
• Fix arm64 image ( 17d7cadab )
• Remove references to iiot branches ( 436bada3a )
• Fix api proxy ( 1d7e0a1bb )
• Revert to nginx image ( c2bce19df )

1.2.10 (2022-05-27)

Edge Agent

Bug Fixes

• Restore SystemInfo structure for product information ( bf31d16 )
• Update Base Image to address security vulnerabilities CVE-2022-23267 CVE-2022-29117 CVE-2022-1271

Edge Hub

Bug Fixes

• Configurable task for cancelling hanging upstream calls( 12b52ba )
• Update Base Image to address security vulnerabilities CVE-2022-23267 CVE-2022-29117 CVE-2022-1271

aziot-edge

Bug Fixes

• Improve error logging for WorkloadManager ( f2e5a47 )
• Fix exit code when restarting due to reprovision( d7d98d0 )
• Mariner 2.0 Package Build for IoTEdge( 63273b1 )

Features

• Flatten additional properties of metrics ( 4983128 )

1.2.9 (2022-04-04)

Edge Agent

Bug Fixes

• Dev identity issues when switching identities ( fb8d034 )
• Update regex to 1.5.5 ( cb20b6b )
• Device product information ( 477814d )

Edge Hub

Bug Fixes

• AMQP CBS token message dispose ( 8670979 )
• Dev identity issues when switching identities ( fb8d034 )

aziot-edge

Bug Fixes

• Update tokio, rayon, and crossbeam to latest compatible versions( d468058, a0f148e )
• Update regex to 1.5.5 ( cb20b6b )
• Device product information ( 477814d )

1.2.8 (2022-02-24)

Edge Agent

Bug Fixes

• Fix underflow possibility on ColumnFamilyDbStore ( bc78f1c )
• Remove BouncyCastle dependency ( 403ca87, 7589457 )
• Update Microsoft.Azure.Devices.Client SDK ( 4b7570f )

Edge Hub

Bug Fixes

• Fix underflow possibility on ColumnFamilyDbStore ( bc78f1c )
• Remove BouncyCastle dependency ( 403ca87, 7589457 )
• Restart EdgeHub upon certificate renewal ( c5e90a7 )
• Update Microsoft.Azure.Devices.Client SDK ( 4b7570f )
• Workaround for windows-certificate import problem for EdgeHub in Visual Studio debug runs ( 0ed0c71 )

aziot-edge

Bug Fixes

• Remove sudo from iotedge check for local proxy setting check ( 5976efb )
• Update vulnerable regex package ( a34fd5b, fe7de0b )

1.2.7 (2022-01-19)

Edge Agent

Bug Fixes

• Update base image for security patch ( 8194a93 )

Edge Hub

Bug Fixes

• Update base image for security patch ( 8194a93 )
• Update vulnerable nix version ( ca6958f )

aziot-edge

Bug Fixes

• Removed Moby check ( 27a14d8 )
• Fix for workload socket issue for concurrent module creation ( 5712dcc )
• Addition of device ID to edge CA common name to support large number of devices ( 6627c7a )

Features

• New IoTedge check called proxy-settings which verifies proxy settings ( 4983128 )

1.2.6 (2021-11-12)

Edge Agent

Bug Fixes

• Revert 2677657, which inadvertently disabled duration and Unix timestamp formats in the since and until arguments of GetModuleLogs and UploadModuleLogs direct methods ( f7f4b89 )

1.2.5 (2021-11-09)

Edge Agent

Bug Fixes

• Add RocksDB_MaxManifestFileSize env var to Edge Agent and Edge Hub ( c9c4b29 )
• Recreate edgeAgent when not Running, Stopped, or Failed ( c5d6176 )
• Update SDK to 1.36.3 ( f12d7ca )
• Update Base Images for a security patch ( d6e3657 )
• Restricting EdgeAgent identity parallel operation calls to edged to 5 ( 2391cd9 )

Edge Hub

Bug Fixes

• Remove WebSocket Ping KeepAlives ( 2d451cc )
• Update SDK to 1.36.3 ( f12d7ca, 9a2a526 )
• Update Base Images for a security patch ( d6e3657 )
• Detect fail-over from Iot Hub and SDK behavior and disconnect from IoT Hub ( 52c563a )
• Fix edgehub_queue_len metric ( 487890d )

Azure Functions Module Sample

Bug Fixes

• Update TempFilterFunc binding protocol to Amqp_Tcp_Only ( a5e559c )
• Update Base Images for a security patch ( d6e3657 )
• Update SDK to 1.36.3 ( f12d7ca )

aziot-edge

Bug Fixes

• Disable connection pooling for docker client ( 12e12cf )
• Allows an issued Edge CA certificate to be specified in the super config ( 6368eb6 )
• Fix workload socket permission denied ( 861aceb )
• Backport EST documentation and update configuration template ( 3822152 )
• Fix typo in template configuration ( d0978ba )

1.2.4 (2021-09-29)

Edge Agent

Bug Fixes

• Delay frequent twin pulls on reconnect ( 95b4441 )
• Make sure to dispose HttpContentStream when done reading module logs ( 47011b1 )
• Update Base Images for a Security Patch ( 3b83e7f, 56e96cd )
• $upstream support for container registry address ( ebdb5be )
• Fix edgeAgent creates rogue ModuleClients when encounters an error ( 4b87cc9 )
• Update SDK to fix dotnetty bugs ( ea818f0 )

Edge Hub

Bug Fixes

• Add a component name to message properties ( 4f36aba )
• Update Base Images for a Security Patch ( 3b83e7f, 56e96cd )
• Enable leaf identity creation ( 358aeb7 )
• Update SDK to fix dotnetty bugs ( ea818f0 )
• Use separate flag for MQTT Buffer pooling ( 38f34f6 )

Azure Functions Module Sample

Bug Fixes

• Update Azure Functions packages ( d8ea036 )
• Update Base Images for a Security Patch ( 3b83e7f, 56e96cd )

MQTT Broker

Bug Fixes

• Fix find_first_block seek logic ( 1c9b39a )

aziot-edge

Bug Fixes

• Fix host cpu metric incorrectly reported at 100% ( 876900a )
• Add timeout to support bundle calls ( 16ede21 )
• Introduce allow_elevated_docker_permissions flag ( 175603c )
• RUSTSEC Security Update ( 24e4d27, b59a089, 5e2ba80, 790a8f9, c6d805b )
• $upstream support for container registry address ( ebdb5be )
• Improve Workload Manager logging and cleanup ( febd7a2 )
• Update cargo dependencies ( f147f12 )
• Update Azure IoT Identity Service components to version 1.2.3 ( fea0ae2 )

1.2.3 (2021-06-30)

aziot-edge

Bug Fixes

• Fix iotedge check recommending an old version of aziot-identity-service. ( 87381d9 )

1.2.2 (2021-06-23)

Edge Agent

Bug Fixes

• Properly dispose UDS for Workload Client. ( 472cee5, f9cdb59 )
• Update Base Images for Security Vulnerability ( d0e6113 )

Features

• Use Docker Timestamp When Log Timestamp is not Available in JSON-formatted log. ( d336d08 )

Edge Hub

Bug Fixes

• Update Base Images for Security Vulnerability ( d0e6113 )
• Propagate back error code from edgeHub ( 421347d )

Diagnostic Module

Bug Fixes

• Fix potential instability in iotedged after UploadSupportBundle fails. ( f567e38 )
• Update Base Images for Security Vulnerability ( d0e6113 )

Temperature Filter Function Module

Bug Fixes

• Update Temperature Filter Function sample module to be using .NET3.0. ( adf8878 )

aziot-edge

Bug Fixes

• Fix provisioning behavior when DPS changes. ( c6e8900 )
• Limit sysinfo crate FDs usage. ( 5947981 )

Features

• Enable aziot-edged in CentOS package. ( 0539cdb )
• Update IoT Identity Service to version 1.2.1 ( 572de56 )

1.2.1 (2021-06-01)

Edge Agent

Bug Fixes

• Update Base Images for Security Patch. ( 513f721 )

Edge Hub

Bug Fixes

• Update bridge config validation. ( afdc9c2 )
• Device scope cache retry for first initialization. ( 3b903a1 )
• Add validation for null props inside objects inside arrays. ( c25fcb9 )
• Adds SharedAccessSignature to repo with fix for vulnerability. ( 60d411c )
• Update GetModuleLogs method when tail + since + until options are provided. ( 2b650a8 )
• Fix edgehub queue len metric ( 4068369 )
• Update Base Images for Security Patch. ( 513f721 )

Features

• Restore device scopes from older store. ( c90245b )

aziot-edge

Features

• Introduce Timestamps Option via mgmt.sock. ( 37c661b )

1.2.0 (2021-04-9)

AWARENESS

This release contains a significant refactoring to the IoT Edge security daemon. It separates out the daemon's functionality for provisioning and providing cryptographic services for Linux-based devices into a set of stand-alone system services. Details on these individual system services can be found in the Overview of the related github repository in which they reside.

Impact to Edge modules

Every attempt has been made to ensure that the APIs on which Edge modules depend will remain unaffected and backward compatible. Issues affecting Edge modules will be treated with the highest priority.

Impact to installing / configuring IoT Edge

The refactoring does affect the packaging and installation of IoT Edge. While we've attempted to minimize the impact of these there are expected differences. For more details on these changes please refer to the discussion of Packaging.

Edge Agent

Bug Fixes

• Update Base Images for Security Vulnerability ( ac0da07 )
• Update SDK version ( 46c2d20 )
• Update .NET Core Runtime base images ( 8f9e22e )

Edge Hub

Bug Fixes

• Update http client timeout for scope sync ( 69d8c0c )
• Add caching to TokenProvider ( 8988456 )
• Update Base Images for Security Vulnerability ( ac0da07 )
• Fix edgeHub children mismatched leaf device subscriptions ( 39c600f )
• Improve registry controller error message ( 0b0a40e )
• Add edgeHub identity to the scopes cache at the startup ( 621a2ad )
• Improve AMQP messages Batchable delay ( e88c2b9 )
• Fix websocket authentication with certificates over ApiProxy ( 6c48961 )
• Fix EdgeHub dropping routing RP upon info forwarding ( fa60e52 )
• Fix registry API On-behalf-of calls authentication ( 64fb35b )
• Fix getDeviceAndModuleOnBehalfOf to check if target device is in scope ( 5e1028e )
• Fix resolving BrokeredCloudProxyDispatcher ( 5fc8dfb )
• Update SDK version ( 46c2d20 )
• Fix twins reconnection issue for clients with MQTT upstream ( eb6051c )
• Support new SDK subscription optimization ( 1e3ee4b )
• Propagate close() upon cloud proxy for CloudConnection ( b5177de )
• Update .NET Core Runtime base images ( 8f9e22e )
• Drop messages when device is not in scope and auth mode is the scope ( 7c08b9c )

Features

• Move NestedEdgeEnabled out of experimental features ( ee703c4 )
• Update iotedge check for version 1.2.0 ( db18594, ee73e76 )

aziot-edge

Bug Fixes

• Fix for expired CA certificate not renewing ( ac142d1 )
• Cache device provisioning state ( 9301f13 )
• Fix check-agent-image-version check for nested Edge scenarios ( 36d859e )
• Import master encryption key in iotedge config import ( 01ef049 )
• Fix iotedge config apply not picking up parent hostname because of serde bug ( b4c600a )
• Read parent_hostname configuration from aziot ( b14db9d )
• Update serde-yaml version ( 474ce0e )
• Enable dynamic provisioning support ( d9aa3ac )
• Fix package purge when aziot-edged is running ( 808a2d7 )
• Ignore validity in cert API requests ( 109ee6a )

Features

• Allow aziot-edge to collect system logs when calling remote support-bundle ( a0f3725 )
• aziotctl system improvements ( d62b22f )
• Update iotedge check & iotedge config for version 1.2.0 ( ee73e76, 33661f5 )
• Document the super-config's agent.config.createOptions value format more clearly ( 76c4b70 )
• Introduce iotedge system stop ( ca77919 )
• Introduce iotedge system reprovision ( cf62d66 )
• Introduce edgeAgent image version check ( be8bb55 )
• Allow Connection with trust bundle in the Nested topology ( fb3f1a3 )
• Introduce check up_to_date_config ( 8e4f685 )
• Introduce optional proxy argument to iotedge ( a0a883d )

1.0.8 (2019-07-22)

• Preview support for Linux arm64
• Upgrade Moby version in .cab file to 3.0.5 (f23aca1)
• Update .NET Core version to 2.1.10 (ad345ef)
• Stability improvements
• Upgrade C# Client SDK to 1.20.3 and Service SDK to 1.18.1
• Various improvements to iotedge check troubleshooting command
• Fix Win install setup for symmetric key provisioning mode (602472f)

Edge Agent

Features

• Support for arm64 (6189e21)
• Initial support for remote get of module logs (c49f957, 6bc92d2, e064a59, 5b310b1, a8cdf8d, 75d7460, 951afd8, edaad81, 83118b2, 5ce1903, 372026e)
• Additional optional settings to limit upstream bandwidth usage

Bug Fixes

• Fix NRE in IotHubReporter.ReportShutdown (81065db)
• In some cases Edge Agent won't restart a stopped module (6261fc9)
• Edge Agent can support local Docker registries (2086d4b)
• Be more resilient on GetTwin calls (2c4bc2a)
• Strip headers in get logs calls when sending to blob store (95a657a)
• Implement equality on registry credentials to prevent unnecessary backup (c6b0ba9)
• Add timeout to workload client calls (a1b77bf)
• Fix file extension for logs uploaded to blob store (49d8655)
• Add ability to get status of logs upload request (e7876eb)
• Put experimental features behind experimental flags (9e6ea0c)

Edge Hub

Features

• Support for arm64 (4fdfa40)
• Upstream performance improvements (864b33d)
• Twin Manager v2 is now default (96a0087)
• Encrypt twins at rest (075d5c0)
• Additional optional settings to limit upstream bandwidth usage

Bug Fixes

• Fix IoT Hub name parsing in AMQP SASL Plain auth (bb6c327)
• Set EdgeHub user id to UID 1000 explicitly (cf40c16)
• Fix possible NRE in messages (1c2efc6)
• Fix edge case in checking twin version when storing (663198c)
• Forward product information for connected devices and modules (749b9b7)
• Configure MQTT protocol head to use num_procs * 2 threads. Improves stability on constrained devices. (206568c)
• Put experimental features behind experimental flags (9e6ea0c)

iotedged

Features

• Update uTPM to support Resource Manager v2 (a272069)
• Return meaningful exit codes on failure (62f3d44)

Bug Fixes

• Properly handle asynchronous errors when pulling images (020ddbc)
• Fix RPM packages for SUSE (c16bc50)
• Don't lowercase the keys in config.yaml (34df35a)
• Windows install script checks for container feature (90f6368)
• Do not reconfigure when provisioning from the backup (b40ab5b)

Simulated Temperature Sensor

Features

• Support for arm64 (a9474e0)

1.0.7.1 (2019-05-24)

• Fix regression in DPS use on Windows
• Stability improvements

Edge Agent

Bug Fixes

• Workaround ObjectDisposedException bug in C# SDK by exiting the process (bbc8d3c)

Edge Hub

Bug Fixes

• Workaround ObjectDisposedException bug in C# SDK by recreating the client (e458e14, 7598ef0, c608f38)

iotedged

Bug Fixes

• Fix bug preventing iotedged service starting when DPS provisioning is configured (8a0f5c0, 1ac1e94)

1.0.7 (2019-05-06)

• Edge Agent pulls images before creating
• All processes in a container can authenticate with iotedged
• Provisioning: Symmetric key attestation method support
• iotedge check troubleshooting command
• Upgrade C# SDK to 1.20.1

Edge Agent

Features

• Agent pulls images before stopping (57c6f7d, 4992833)
• Upgrade to version 1.20.1 of the C# SDK (1637ff9)

Bug Fixes

• Twin refresh timer logic is now a simple loop (cb7af40)
• Add explicit timeout to Edge Agent <--> iotedged operations and more debug logs (f2cb600)

Edge Hub

Features

• Upgrade to version 1.20.1 of the C# SDK (1637ff9)

Bug Fixes

• Defaults to OptimizeForPerformance=false on arm32v7 (43d47b0)
• Limit MQTT thread count on arm32v7 (2509438, 56a6db1)
• Process subscriptions from clients in batch (20cb6c4)

iotedged

Features

• Support for DPS symmetric key provisioning (b7adfff)
• All modules processes are authorized to connect (777aec1)
• Add iotedge check troubleshooting command (1d74b97)
• Use CAB file for Windows installation (ce232a8)

Bug Fixes

• Encode deviceid/moduleid for IoT Hub operations (bb10be0)
• Load encryption key before generating it (9174a89)

Simulated Temperature Sensor

Features

• Add SendData and SendInterval twin configuration (7dc7041)
• Upgrade to version 1.20.1 of the C# SDK (1637ff9)

Functions Binding

Features

• Upgrade to version 1.20.1 of the C# SDK (1637ff9)

1.0.6.1 (2019-02-04)

iotedged

Bug Fixes

• Reverts name sanitization of the common name on generated certificates (078bda7)

1.0.6 (2019-01-31)

• Stability and reliability fixes

Edge Agent

Features

• Update to .NET Core 2.1.6 (d2023be)

Bug Fixes

• Fix module restart logic when Edge Agent clock is off (72f7112)
• Use HTTPS proxy on Linux and Windows (fceef9f)

Edge Hub

Features

• Update to .NET Core 2.1.6 (d2023be)
• Support X509 certificate authentication by default for downstream devices (4a46290)
• New improved Twin manager - in preview and not enabled by default (d99f8ff)

Bug Fixes

• Use HTTPS proxy on Linux and Windows (eb75f34)
• Allow modules on Edge devices with no device scope to connect to Edge Hub (761254f)
• Handle clients with special characters (82ce72e)
• Fix potential for dropped messages when device is rebooted (88fd5ab)

iotedged

Bug Fixes

• Sort serialization of environment variables in config.yaml (0e6a402)
• Support installing iotedged on localized Windows installations (d9b12c9)
• Reinstate "nat" as the Moby network for Windows containers (913678a)

1.0.5 (2018-12-17)

• Support Windows 10 1809 (RS5)
• Improved error messages in iotedge/iotedged
• Stability and reliability fixes

Edge Agent

Features

• Parallelize stopping modules on shutdown (271e930)

Bug Fixes

• Avoid caching backup.json on every reconcile (2cea69f)

Edge Hub

Features

• Drain messages from disconnected clients to IoT Hub (d3f801b)
• Make device/module client operation timeout configurable -- helps slow connections (6102e31)
• Resync service identity if client request cannot be authenticated (677e16d)
• Enable support for X.509 thumbprint and CA auth for downstream devices - not enabled by default (187e3df)
• Add support for X.509 auth for HTTP and MQTT over Websockets - not enabled by default (9b56f3d)
• AMQP and AMQP+WS support for X.509 authentication - not enabled by default (875776c)
• Allow multiplexing client connections over AMQP (93be534)

Bug Fixes

• Fix NRE in TwinManager (29f5b74)
• Handle NRE thrown by device SDK (5f5fd67)
• Fix obtaining upstream connection when offline (75e7968)
• Fix MessageStore initial offset after restart (81f93dc)
• Add timeout / cancellation support to Store apis (0eb279b)

iotedged

Features

• Add identity certificate endpoint to workload API (40f1095)
• Add module list to workload API (5547161)
• Support Unix Domain Sockets on Windows 🎉 (b1ee469)
• Move network-online.target to Wants from Requires in systemd unit (c525acc)
• Add more informative error messages (326ef8c)
• Add support for x.509 v3 extensions Subject and Auth Key Identifiers (9b98780)
• libiothsm-std now includes an so version (5667a9f)
• Remove write access for BUILTIN\Users in C:\ProgramData\iotedge (d6b8c3a)
• Update Windows images to RS5 (f72a238)
• Enable TLS 1.2 for Invoke-WebRequest (e93e707)
• Start service automatically on Windows startup when using Windows containers on Moby (f72a238)
• Restart service on crash (f72a238)
• Windows installer support for offline installation (using the `-OfflineInstallationPath parameter) (8cec3d5)
• Windows installer support for reusing previous config.yaml on reinstall (82b82cc)
• iothsm.dll now configured to use physical TPM instead of emulator

Bug Fixes

• Fix potential race in management API list modules (645545a)
• Update Windows installer to create user-defined network for modules (6d5b95a)

1.0.4 (2018-10-31)

• Stability and reliability fixes
• AMQP+WS in Edge Hub
• Functions Binding published as Nuget package

Edge Agent

Features

• Allow longer createOptions fields (ecfc2a0)

Bug Fixes

• N/A

Edge Hub

Features

• Add AMQP over Websockets protocol head (87372c8)
• Automatic server certificate renewal (f557fc3)

Bug Fixes

• Fix updating message store endpoints when routes are updated (98a61c0)
• Support C SDK CBS mode on AMQP (84be08c)
• Improve connection recovery after offline periods (6069f7f)
• Setup storage directory in all cases (e0a1a08)
• Fix handling of re-subscriptions after an offline period (d8b9038)

iotedged

Features

• Improved error messages for docker image pull failures (0d13741, 9f500e4)
• Update hyper http library to 0.12 (10d1d79)
• Regenerate quick start mode CA certificate on startup (d2195f8)
• Add aarch64 build scripts (13ddaa6)
• Support HTTP proxy authentication (42af84d)

Bug Fixes

• Do not return container sizes in list response (performance improvement) (8ecb27b)
• Add PartOf to iotedge.socket units to enable proper shutdown (f48a966)
• Add docker.service as a dependency of iotedged.service (281c73e)
• Improve Windows install/uninstall experience (a135bdf)
• Fix Stop-Service error on Windows (466fe02)

Functions Binding

Features

• Publish Functions Binding as a nuget package (c7ed2b5)

Bug Fixes

• N/A

Temperature Sensor

Features

• Limit number of messages sent (d0b2196)

Bug Fixes

• N/A

1.0.3 (2018-10-09)

Edge Agent

Features

• Update C# SDK to 1.18.1 (5e1a983)

Bug Fixes

• N/A

Edge Hub

Features

• Update C# SDK to 1.18.1 (5e1a983)
• Update Protocol Gateway to 2.0.1 (5e1a983)

Bug Fixes

• N/A

iotedged

Features

• N/A

Bug Fixes

• N/A

1.0.2 (2018-09-21)

• Adds HTTP Proxy support across the various components of the runtime (956c99f)

Edge Agent

Features

• N/A

Bug Fixes

• Remove CamelCase property name resolver from json deserializer (a924608)

Edge Hub

Features

• Add support for extended offline (various commits)
• Upgrade device SDK to 1.18.0 (eeee143)
• Improve startup time (3ac39ac)

Bug Fixes

• Fix MQTT topic parsing for topics with a trailing slash (DeviceNotFound exception) (2b09542)
• UpstreamProtocol environment variable values are now case insensitive (f48c780)
• DotNetty Timeout exceptions are mapped to general timeout exceptions (45bac36)
• Fix potential high-bandwidth usage when SAS tokens expire (9d2ba5e)
• Fix for possible NullReferenceException in the TwinManager (0b4ef50)
• Fix twin desired property change notification request handling (8b1fb67)

iotedged

Features

• Improved error messages for missing/invalid connection strings in config.yaml (94621d5)

Bug Fixes

• Fix volume creation for modules that mount volumes (0a1a47f)
• RPM changes to allow reboot (8d29056)

Functions Binding

Features

• Upgrade to v2.0 of the Azure Functions runtime (1bc69d1)

Bug Fixes

• N/A

1.0.1 (2018-08-21)

• Updates to license (allow redistribution) and third party notices (9ca6055)

Edge Agent

Features

• Update to .NET Core 2.1.2 (542971)
• Update to C# SDK 1.18.0 (dfc72b5)

Bug Fixes

• Ignore version property when comparing module definitions (2fd4bf1)
• Fix exception in logs when MQTT is used as upstream protocol (2d6824b)
• Reduce noise in the logs for planner failures (29fd10e)

Edge Hub

Features

• Update to .NET Core 2.1.2 (542971)
• Add option to turn off protocol heads (7a6419a)

Bug Fixes

• Fix backwards compatibility with iotedgectl (cc7e142)
• Add connectionDeviceId and connectionModuleId properties to outgoing messages on AMQP (e636135)
• Align direct method response with IoT Hub behavior (539f376)
• Prevent connecting to IoT Hub for disconnected clients. Prevents possible tight loop in token refresh (7c77b7f)
• Align MQTT topic parsing with IoT Hub behavior (b19bbb4)
• Fixes receiving messages in batches over AMQP (02f193a)
• Increase twin validation limits (2590d7e)
• Align AMQP link settle modes with IoT Hub (93f13b8)

iotedged

Features

• Windows installation script (dea9cfc)
• Support older version of systemd (df8d10b)
• Add RPM packages for CentOS/RHEL 7.5 (a090acb)

Bug Fixes

• Fix internal server error when exec'd into a container (31468a1)
• Module identity delete should return 204, not 200 (2163103)
• Ensure modules get new server certificates when requested (5bba698)

Functions Binding

Features

• Update to .NET Core 2.1.2 (542971)
• Update to latest Azure Functions runtime on armhf (31ad5be)
• Update to C# SDK 1.18.0 (dfc72b5)
• Binding uses MQTT protocol by default (f0ce4a5)

Temperature Sensor

Features

• Update to .NET Core 2.1.2 (542971)
• Update to C# SDK 1.18.0 (dfc72b5)

Bug Fixes

• Allow reset command to be an array of messages (bf5f374)

iotedgectl

• Add deprecation notice

1.0.0 (2018-06-27)

Initial release