node-opcua

🐴 enhancements:

• [915ea02] add monitored item hooks as async methods that can be executed when a monitored item is created or deleted on the server-side.
• [11f818d] add timestamp getter/setter with promise on variable binders
• [f27efa6] use server certificate manager when the server is registering itself to the LDS

🐛 bug fixes

• [9896793] fix max subject length ( to 63) to prevent openssl to crash.

🐛 bug fixes

• [4015266ac87582a68c7abf42590e8a2e58bc486f][6111bd468ac69282c449a839b102543429d75267] #933 avoid exposure of restricted endpoint on server in CreateSessionResponse Message ( contributor : @treestructure )

🚀 Enhancement

• [5dd3c948484edc38c0848f97fc99db72393e6b70] improve request/response traces in Debug mode

💔 Breaking changes for developers :
now activation of trace from server and client are separated in the NODEOPCUADEBUG environment variable

• set NODEOPCUADEBUG=CLIENT{TRACE} => display request/response trace for clients
• set NODEOPCUADEBUG=SERVER{TRACE} => display request/response trace for server communication
• set NODEOPCUADEBUG=CLIENT{TRACE-REQUEST-RESPONSE-PERF-STAT} => display the full output of client communication
• set NODEOPCUADEBUG=SERVER{TRACE-REQUEST-RESPONSE-PERF-STAT} => display the full output of server communication

👬 contributors

• @treestructure

🐛 bug fixes

• [d1ba0af16c88e2cd757f2cc3fab5d1d12c777cce] [79cec7b0f56e484541212a6bff35964a36a88119] #936 fix certificate sanity check and improve default certificate generation

• [cd3cda6527d279325b3671799751ae9a0bcee999] #931 fix issue that causes OPCUA#disconnect not to cancel backoff on some edge cases.

🚀 enhancements

• [12fb6c8d2522b31aa18fff530dc12a768eb7c33e] #935 #934 improve inputArgumentDiagnosticsInfo

👬 contributors

• @MarcoSeb , @bruegth , @mariodiciccio

🐛 bug fixes

• #931 fix disconnection of connecting clients

🚀 enhancements

• [2796d78ee9a54a631f78ebadf1a0976308f7d724] address-space get better error message when nodeset2 file doesn't exist
• #927 allow further adjustment of inputArgumentResults in UaMethod

👬 contributors

• @mariodiciccio for finding #931
• @MarcoSeb for #927 PR

🐛 bug fixes

• #925 [0fb4ee37cb1c24417c659e60c493102340ebeecd] fix certificate thumprint calculation

🚀 enhancements

• [a3a1a7529a883582256d9767138df15a62839442] OPCUAClient now accepts a OPCUACertificateManager for strict certificate validation. If a certificate manager is not provided at construction time the OPCUAClient will create a default one that automatically accept unknown server certificates. ( resolves #637 )
• OPCUAClient & OPCUAServer : the location of the default PKI is now created in $HOME\.config folder (linux) or in the %APPDATA% folder (windows) instead of inside the node_module itself.
• you can get the exact default location like this:

console.log("pki folder for serverc", server.serverCertificateManager.rootFolder);
console.log("pki folder for client", client.clientCertificateManager.rootFolder);

🍨 refactoring

• [98ca360dfa36270627edb90222d3cc63ce23d220] rename endpoint_must_exist in endpointMustExist to conform to the camel case convention.
• experimentaly try to run mocha tests in parallel => huge gain on computer with large number of core from 20min to 5min.
• default certificats for client and server are now not generated anymore during installed time. They are not created inside the nodejs module anymore. This should reduce installation issues found on some nodejs setup where node_modules folder read/write access may be restrictied (sometime happens on raspbian ).
• OPCUAClient and OPCUAServer now create their default certificates and private during first run.
  please refer to online documentation available to members at https://support.sterfive.com/ for detailed explaination.
• test trace are now less noisy.

better warning

• In order to limit access to support for classic gotcha, node-opcua will now emit comprehensive warning to information you when certain parameters are inconsistent. For instance:
• when the private key and public do not match
• when the provided certificate for server and client is out of date;
• when the session timeout and subscription parameters are inconsistant
• .....
• those warning messages starts with a prefix [NODE-OPCUA-WXX] or [NODE-OPCUA-EXX] where XX is the unique message id.

💔 deprecation warning

• [98ca360dfa36270627edb90222d3cc63ce23d220] the client options now accepts endpointMustExist in place of endpoint_must_exist at construction time options. endpoint_must_exist option will be fully deprecated later.
  if you use endpoint_must_exist a warning will be displayed to remind you to change your code but the behavior will be unchanged.
  if you are using typescript then the compiler will immediately inform you about this change.
• [4d23a94874272584cd470d00356e3294293cdf2b] we discontinue the continuous integration tests on nodejs version 8.0. nodejs version 8 has been deprecated in 2019 and is no longer supported by the packages node-opcua need to rely on. ( for instance : mocha, yargs , etc ...)

👬 contributors

• @Filipecordeiro [for finding #925]

🔥 : Hotfix

• [e88f10a034cd7483a9154a138f4ed248feac9391] fix a bug in server that causes certain 3rd party OPCUA client to reject the connection because CreateSessionResponse contained a empty serverEndpoints List. This bug was apparent expecially when the endpoint used to connect didn't exactly match one of the endpoint exposed by the server.

🚀 enhancements

• [835179d40abfee47b52f9c45003d83b21f4c91ff] add support for XmlElement in nodeset2.xml loading

🚀 enhancements

• [d3cfd19ceb0dff7a39ede0056152982699606fcc] add support for QualifiedName in nodeset2.xml loading

🚀 enhancements

• [033254a1d91fbede6aee53d576168a1af3433739] [cf00c32a1c97875e2bf881db42990b358bc3aee9] [df887b98c485e7797f7ff3fcc79332ba7c9cb504] add more standard units
• [74cb0a6d3752e5da3fcd030d819d537d7e635015] RegisterServerToLDS - improve selection of hight security profile
• [41a340319d1a2d6ac23642ff0ef93188238b203e] Improve MultiStateDiscreteVariable and MultiStateValueDiscrete by enabling value getter/setter at construction time
• [74c49a7e6d69d265b90b7d7e8e1cc07d82bb2d0a] improve client keepAlive mecanism
• [c0609a65d900a5fe1258255a370a9481f3631465] #918 display warning if TwoStateDiscreteVariable doesn not have mandatory True/False state

🐛 bug fixes

• [f65e68b0f98bbf68f97f6e4d77220ccdf1826243] protect susbscriptionDiagnostics property access
• [d1b2abeef4b7885ea4a73dd2e38edb2594b8c53f] make comparaison of endpointUri case insensitive
• update typescript version: [ee769f6fce7d9bf9adbec2873d87e29aaf5e820e] fixes untyped promise issue

😞 travis

• [4e4ad9b0c3b33884666273bef8c5d7b333c95674] we had to drop CI build on MacOS on Travis, due to change of policy and excessive pricing.
  please contact us if you like to sponsor us to restore MacOS build in CI.
• continuous intregration : switch to Github action
  use github action now to build faster and circunvent new limitations imposed by Travis ( 10000 credit / 1 job at a time)

👬 contributors

• @Graos (ABB)

🚀 enhancements

• [98d7c2f8d8a55447d6d552275346c9060786b343 ] improve TwoStateDiscreate variable support
• [56da9eb63d068cbabaf69166d017603891ab4c03] improve diagnostic output to help diagnose LDS connection issue
• [3286479357f02531051a4e449cab14cf9053054e] improve exception message for better diagnostics
• [2c1cc7dd5629b568463a30e95350b99278a5c54a] add MachineTool nodeset2.xml

🐛 bug fixes

• #914 [8354cad43f8c5b69cf51055afb9506610aee34b2] fixes nodeset CommercialKitchenEquipment is not found (lacks '.xml' at code)
• [5a15a8cd3fea343f65098aab2715b59f12035c50] fixes some documentations

👬 contributors

• @IagoSRL

🚀 enhancement

• add latest machine tool nodeset

🐛 fixes

• #912 fix bug causing PublishRequest to be canceled prematuraly if client and server clock are out of sync by a large amount.
• #911 remove use of underscore, move async to dependencies

👬 contributors:

• @IagoSRL

🚀 enhancements

• #910 update nodesets2.xml to latest official 1.04 version
• #910 add machinery and cnc nodeset

🐛 bug fix

• #910 fix an issue in initializing default variant when variable dataType is the abstract type "Number"

Machinery nodeset support

• a example can be found here

🐛 bug fix

• fix potential crash in client when connecting when the requested endpoint can be found on server (fixing https://github.com/mikakaraila/node-red-contrib-opcua/issues/215 && https://github.com/mikakaraila/node-red-contrib-opcua/issues/220)

👬 contributors:

• @mika @mhechthz

🚀 enhancements:

• #899 implements parsing of NodeId value in nodeset2.xml loading
• improve CTT test compliance:
  • improve SeverDiagnostic
  • fix default UAVariable initialisation with defaults values when loading nodeset2 file

👬 contributors

• @graos

🐛 bug fixes:

• #904 fixing client connection to servers that provide empty or null serverNonce

🏎️ enhancements

• #896 Executing UAMethod now checks for user authorization
• #898 improve documentation for multiple roles

👬 contributors

• @MarcoSeb, @mirkocomparetti-synesis

🐛 bug fix:

• [90ddcdd] fix datatype Extraction on Wago Plc

🚀 enhancements

• improve test coverage
• improve serialization performance of OPCUA objects
• improve code generator and speed improvement on deserialization
• refactor AddressSpace and Namespace to use Map instead of {}

🐛 bug fixes

• #888 #874 [Client] Added support for more than one nodeId in readAggregate
• [d6309a9] fix handling of ReadPRocessDetails on server side
• bedc06d [Client] add keepAlive after ActivateSession
• #886 fix "Cannot compile typescript when esModuleInterop is true"
• 1aa5042 exclude tsbuildinfo from published packages

👬 contributors

• @shreeramk, @padraic-padraic

🐛

• #881 fix issue preventing a connection when the server exposes alternate endpoints.
• fix certificate validation issue for CTT, [367d6de1e6782737254500f191a6b1df0b6fabff]. Now issuers must be explicitly trusted to allow untrusted certificated that they emit to be automatically trusted => makes CTT security test passes 🥳

👬 contributors

• @andi00, for detecting an issue with alternate endpoints

💔 breaking change

You may experience some change in behavior on the server since we now conform to more strict endpoint verification on the server-side to be compliant with CTT 1.0.4. This is particularly true if your server uses the 'alternateHostname' options during construction to expose more endpoints.

OPCUA Server may now reject connections from servers that do not provide an endpoint that is known by the server during the create session/ActiveSession process.

The behavior is :

• If your server does not provide an alternate hostname specifically, you should be able to access it with any type of endpoint URL that resolved to the server machine. for instance:
  opc.tcp://localhost:1234; opc.tcp://MYSERVER.com:1234 opc.tcp://myserver.mycompany.com:1234, opc.tcp://10.2.3.4:1234.
  In these circumstances, the server will resolve the endpoint to the internal one, and there will be no ambiguity.

• if your server exposes an alternateHostname then the client must specifically use one of the endpoints exposed by the server.
  In these circumstances, the server cannot resolve the endpoint to the internal one, and there is an ambiguity regarding which endpoint to use.
  In version prior to 2.19.0, node-opcua server used to replace the unknown endpoint with one endpoint chosen at random amongst the possible one. But later on, this was causing random rejection during the activateSession process as the UserTokenPolicy.

If you are facing this type of issues you can either:

• not used alternateHostname options at all (this option is usually rarely used, and is only useful when the server has 2 network interfaces and addressed by two different hostnames )
• or complete alternateHostname by setting it up as an array containing all the possible endpoints to access the server.

Also, as spotted by #881, make sure that endpoint letter cases are correct in your endpoints.

• several refactoring to improve browserify-ability of some modules

• fix client subscription and monitored item definition in typescript definition [ef3000866641b6113aceffc9adae1c6e9d472324]
• #870 always return an ERR message when OpenSecureChannel fails after checking certificates
  (this was causing UAExpert 1.5.1 build 331. to crash after being rejected by the server with BadCertificateUntrusted)

👬 contributors

• @marcodisarno
• special thanks to UAAutomation that fixed UAExpert on their end as well