Merge remote-tracking branch 'origin/staging/4.3' into release/4.3

Author: ashvayka

.gitignore

@@ -7,3 +7,4 @@ CNAME
 .idea/**
 **/*.iml
 _config.yml
+/.claude/

_config.yml

@@ -83,19 +83,19 @@ release:
   branch: release-4.3
   branch_major_next: master
   # In short form (e.g. 4.3)
-  ver: 4.3.0.1
+  ver: 4.3.1
   # In short form (e.g. 4.3)
-  ce_ver: 4.3.0.1
+  ce_ver: 4.3.1
   # In short form (e.g. v4.3)
-  ce_tag: v4.3.0.1
+  ce_tag: v4.3.1
   # In full form (e.g. 4.3.0, 4.3.0.1)
-  ce_full_ver: 4.3.0.1
+  ce_full_ver: 4.3.1
   # In short form (e.g. 4.3pe)
-  pe_ver: 4.3.0.1pe
+  pe_ver: 4.3.1pe
   # In full form (e.g. 4.3.0PE, 4.3.0.1PE)
-  pe_full_ver: 4.3.0.1PE
+  pe_full_ver: 4.3.1PE
   # In short form (e.g. v4.3)
-  wd_examples_commit: v4.3.0.1
+  wd_examples_commit: v4.3.1
   # >>> EDGE
   edge_ver: 4.3.0.1
   edge_tag: v4.3.0.1

_data/upgrade-instructions-data.yml

@@ -1,4 +1,13 @@
+4.3.1:
+  upgradable-from: "4.2.1.x"
+  release-date: Mar 10 2026
+  lts: "true"
+  patch: "true"
+  x: "true"
+  windows:
+    zip: "true"
 4.3.0.1:
+  known-vulnerabilities: "true"
   upgradable-from: "4.2.1.x"
   release-date: Feb 3 2026
   release-date-edge: Feb 4, 2026
@@ -12,7 +21,16 @@
   release-date-edge: Jan 21 2026
   lts: "true"
   x: "true"
+4.2.2:
+  upgradable-from: "4.2.0"
+  release-date: Mar 10 2026
+  lts: "true"
+  patch: "true"
+  x: "true"
+  windows:
+    zip: "true"
 4.2.1.2:
+  known-vulnerabilities: "true"
   upgradable-from: "4.2.0"
   release-date: Feb 3 2026
   release-date-edge: Feb 4, 2026

_includes/centos-upgrade-instructions.md

@@ -41,8 +41,8 @@
 {%- assign prev_major = prev_parts[0] -%}
 {%- assign prev_minor = prev_parts[1] -%}
 
-{% if patch_status == "true" %}
-### Upgrading {{ platform }} to latest {{ base_version }} ({{ current_version }})
+{% if include.is_latest_patch == "true" %}
+### Upgrading {{ platform }} to latest {{ curr_major }}.{{ curr_minor }}.x ({{ current_version }})
 {% else %}
 ### Upgrading {{ platform }} to {{ current_version }}
 {% endif %}
@@ -71,7 +71,7 @@
 {% capture difference %}
 **NOTE:**
 {% if curr_major > "4" or (curr_major == "4" and curr_minor >= "2") %}
-These upgrade steps are applicable for ThingsBoard version {{ prev_version }}{% if patch_status == "true" %} or any {{ base_version }} patch{% endif %}.
+{% if include.is_latest_patch == "true" %}{% if prev_version contains ".x" %}{% assign prev_version_plus = prev_version | replace: ".x", "+" %}{% else %}{% assign prev_version_plus = prev_version | append: "+" %}{% endif %}These upgrade steps are applicable for ThingsBoard version {{ prev_version_plus }}.{% else %}These upgrade steps are applicable for ThingsBoard version {{ prev_version }}{% if patch_status == "true" %} or any {{ base_version }} patch{% endif %}.{% endif %}
 In order to upgrade to {{ current_version_with_platform | upcase }} you need to [**upgrade to {{ prev_version }} first**]({{ prev_version_href }}).
 {% else %}
 These upgrade steps are applicable for ThingsBoard version {{ prev_version_label }}{% if applicable_versions %}{% assign versions = applicable_versions | split: "," %}{% for v in versions %} and ThingsBoard version {{ v | strip }}{% endfor %}{% endif %}.
@@ -91,6 +91,8 @@ In order to upgrade to {{ current_version_with_platform | upcase }} you need to
 {% include templates/info-banner.md content=difference %}
 {% endif %}
 
+{% include templates/install/upgrade-version-warning.md version=include.raw_version known_vulnerabilities=include.known_vulnerabilities %}
+
 {%- if curr_major_n > 4 -%}
   {%- if docsPrefix == "pe/" -%}
     {% include templates/install/pe-tb-products-upgrade-compatibility.md %}
@@ -161,8 +163,9 @@ Package installer may ask you to merge your ThingsBoard configuration. It is pre
 {% capture update_note %}
 {% assign base_version_parts = base_version | split: "." %}
 {% assign patch_part = base_version_parts[2] %}
+{% assign prev_version_script = previous_version %}{% if previous_version contains ".x" %}{% assign prev_version_script = previous_version | replace: ".x", "+" %}{% endif %}
 {% if patch_status == "true" %}
-If you are upgrading from {{ previous_version }}, you **must** run the script below. However, if you are upgrading from version {{ family | append: "." | append: patch_part | append: ".x" }}, **DO NOT** run the upgrade script; proceed directly to starting the service.
+{% if is_latest_patch == "true" %}{% assign prev_maintenance = patch_part | minus: 1 %}If you are upgrading from {{ prev_version_script }}, you **must** run the script below. However, if you are upgrading from version {{ family | append: "." | append: prev_maintenance | append: "+" }}, **DO NOT** run the upgrade script; proceed directly to starting the service.{% else %}If you are upgrading from {{ prev_version_script }}, you **must** run the script below. However, if you are upgrading from version {{ family | append: "." | append: patch_part | append: ".x" }}, **DO NOT** run the upgrade script; proceed directly to starting the service.{% endif %}
 {% else %}
 If you are upgrading from version {{ previous_version }}, you must run the script below
 {% endif %}

_includes/docker-compose-upgrade-instructions.md

@@ -38,8 +38,8 @@
 {%- assign prev_major = prev_parts[0] -%}
 {%- assign prev_minor = prev_parts[1] -%}
 
-{% if patch_status == "true" %}
-### Upgrading {{ platform }} to latest {{ base_version }} ({{ current_version }})
+{% if include.is_latest_patch == "true" %}
+### Upgrading {{ platform }} to latest {{ curr_major }}.{{ curr_minor }}.x ({{ current_version }})
 {% else %}
 ### Upgrading {{ platform }} to {{ current_version }}
 {% endif %}
@@ -68,7 +68,7 @@
 {% capture difference %}
 **NOTE:**
 {% if curr_major > "4" or (curr_major == "4" and curr_minor >= "2") %}
-These upgrade steps are applicable for ThingsBoard version {{ prev_version }}{% if patch_status == "true" %} or any {{ base_version }} patch{% endif %}.
+{% if include.is_latest_patch == "true" %}{% if prev_version contains ".x" %}{% assign prev_version_plus = prev_version | replace: ".x", "+" %}{% else %}{% assign prev_version_plus = prev_version | append: "+" %}{% endif %}These upgrade steps are applicable for ThingsBoard version {{ prev_version_plus }}.{% else %}These upgrade steps are applicable for ThingsBoard version {{ prev_version }}{% if patch_status == "true" %} or any {{ base_version }} patch{% endif %}.{% endif %}
 In order to upgrade to {{ current_version_with_platform | upcase }} you need to [**upgrade to {{ prev_version }} first**]({{ prev_version_href }}).
 {% else %}
 These upgrade steps are applicable for ThingsBoard version {{ prev_version_label }}{% if applicable_versions %}{% assign versions = applicable_versions | split: "," %}{% for v in versions %} and ThingsBoard version {{ v | strip }}{% endfor %}{% endif %}.
@@ -84,6 +84,8 @@ In order to upgrade to {{ current_version_with_platform | upcase }} you need to
 {% include templates/info-banner.md content=difference %}
 {% endif %}
 
+{% include templates/install/upgrade-version-warning.md version=include.raw_version known_vulnerabilities=include.known_vulnerabilities %}
+
 {% assign docker-compose-repo-link = "https://github.com/thingsboard/" %}
 
 {% if docsPrefix == "pe/" %}

_includes/docker-upgrade-instructions.md

@@ -38,8 +38,8 @@
 {%- assign prev_major = prev_parts[0] -%}
 {%- assign prev_minor = prev_parts[1] -%}
 
-{% if patch_status == "true" %}
-### Upgrading {{ platform }} to latest {{ base_version }} ({{ current_version }})
+{% if include.is_latest_patch == "true" %}
+### Upgrading {{ platform }} to latest {{ curr_major }}.{{ curr_minor }}.x ({{ current_version }})
 {% else %}
 ### Upgrading {{ platform }} to {{ current_version }}
 {% endif %}
@@ -68,7 +68,7 @@
 {% capture difference %}
 **NOTE:**
 {% if curr_major > "4" or (curr_major == "4" and curr_minor >= "2") %}
-These upgrade steps are applicable for ThingsBoard version {{ prev_version }}{% if patch_status == "true" %} or any {{ base_version }} patch{% endif %}.
+{% if include.is_latest_patch == "true" %}{% if prev_version contains ".x" %}{% assign prev_version_plus = prev_version | replace: ".x", "+" %}{% else %}{% assign prev_version_plus = prev_version | append: "+" %}{% endif %}These upgrade steps are applicable for ThingsBoard version {{ prev_version_plus }}.{% else %}These upgrade steps are applicable for ThingsBoard version {{ prev_version }}{% if patch_status == "true" %} or any {{ base_version }} patch{% endif %}.{% endif %}
 In order to upgrade to {{ current_version_with_platform | upcase }} you need to [**upgrade to {{ prev_version }} first**]({{ prev_version_href }}).
 {% else %}
 These upgrade steps are applicable for ThingsBoard version {{ prev_version_label }}{% if applicable_versions %}{% assign versions = applicable_versions | split: "," %}{% for v in versions %} and ThingsBoard version {{ v | strip }}{% endfor %}{% endif %}.
@@ -84,6 +84,8 @@ In order to upgrade to {{ current_version_with_platform | upcase }} you need to
 {% include templates/info-banner.md content=difference %}
 {% endif %}
 
+{% include templates/install/upgrade-version-warning.md version=include.raw_version known_vulnerabilities=include.known_vulnerabilities %}
+
 {%- if curr_major_n > 4 -%}
 {%- if docsPrefix == "pe/" -%}
 {% include templates/install/pe-tb-products-upgrade-compatibility.md %}

_includes/docs/pe/releases/releases-table/v4-2-2.md

@@ -0,0 +1,9 @@
+### ThingsBoard PE v4.2.2 (Mar 10, 2026)
+
+Everything from [CE v4.2.2](/docs/releases/releases-table/v4-2-x/#thingsboard-ce-v422-mar-10-2026){: target="_blank"} with the following fixes.
+
+* Security
+  * Fixed local files enumeration vulnerability
+
+* Edge
+  * Fixed construction of Edge in case add-on

_includes/docs/pe/releases/releases-table/v4-3-1.md

@@ -0,0 +1,12 @@
+### ThingsBoard PE v4.3.1 (Mar 10, 2026)
+
+Everything from [CE v4.3.1](/docs/releases/releases-table/v4-3-x/#thingsboard-ce-v431-mar-10-2026){: target="_blank"} with the following fixes.
+
+* Security
+  * Fixed local files enumeration vulnerability
+
+* UI
+  * Updated max length validator on secret storage value
+
+* Edge
+  * Fixed construction of Edge in case add-on

_includes/docs/pe/user-guide/install/new-docker-upgrade-steps.md

@@ -1,12 +1,12 @@
 {% assign current_version = include.version %}
 {% assign previous_version = include.previous_version %}
-{%- assign family = include.family -%}
 
 {% capture update_note %}
 {% assign base_version_parts = base_version | split: "." %}
 {% assign patch_part = base_version_parts[2] %}
+{% assign prev_version_script = previous_version %}{% if previous_version contains ".x" %}{% assign prev_version_script = previous_version | replace: ".x", "+" %}{% endif %}
 {% if patch_status == "true" %}
-If you are upgrading from {{ previous_version }}, you **must** run the script below. However, if you are upgrading from version {{ family | append: "." | append: patch_part | append: ".x" }}, **DO NOT** run the upgrade script; proceed directly to starting the service.
+{% if is_latest_patch == "true" %}{% assign prev_maintenance = patch_part | minus: 1 %}If you are upgrading from {{ prev_version_script }}, you **must** run the script below. However, if you are upgrading from version {{ family | append: "." | append: prev_maintenance | append: "+" }}, **DO NOT** run the upgrade script; proceed directly to starting the service.{% else %}If you are upgrading from {{ prev_version_script }}, you **must** run the script below. However, if you are upgrading from version {{ family | append: "." | append: patch_part | append: ".x" }}, **DO NOT** run the upgrade script; proceed directly to starting the service.{% endif %}
 {% else %}
 If you are upgrading from version {{ previous_version }}, you must run the script below
 {% endif %}

_includes/docs/releases/releases-table/v4-2-2.md

@@ -0,0 +1,41 @@
+### ThingsBoard CE v4.2.2 (Mar 10, 2026)
+
+**What's Changed**
+
+* Security
+  * [#15076](https://github.com/thingsboard/thingsboard/pull/15076) Fixed CVE-2026-24734 and CVE-2025-66614 by @ViacheslavKlimov
+  * [#15079](https://github.com/thingsboard/thingsboard/pull/15079) Fixed CVE-2025-7783, CVE-2026-26996 and CVE-2026-26960 by @vvlladd28
+  * [#15109](https://github.com/thingsboard/thingsboard/pull/15109) Fixed CVE-2026-27903 and CVE-2026-27904 by @vvlladd28
+  * [#15123](https://github.com/thingsboard/thingsboard/pull/15123) Added SSRF protection (must be enabled with SSRF_PROTECTION_ENABLED env) by @ViacheslavKlimov
+  * [#15124](https://github.com/thingsboard/thingsboard/pull/15124) Fixed CWE-770 in Jackson Core (GHSA-72hv-8253-57qq) by @ViacheslavKlimov
+  * [#15128](https://github.com/thingsboard/thingsboard/pull/15128) Fixed CVE-2026-27970 and CVE-2026-2391 by @vvlladd28
+  * Fixed CVE-2026-2781 and CVE-2026-25646 for Docker images by @ViacheslavKlimov and @smatvienko-tb
+
+* Major UI
+  * [#14935](https://github.com/thingsboard/thingsboard/pull/14935) Angular 20 migration by @ikulikov
+
+* Core & Rule Engine
+  * [#15058](https://github.com/thingsboard/thingsboard/pull/15058) Added Cassandra result set byte-size limit by @ViacheslavKlimov
+  * [#15078](https://github.com/thingsboard/thingsboard/pull/15078) Fixed TBEL script execution failures on repeated runs by @ViacheslavKlimov
+  * [#15101](https://github.com/thingsboard/thingsboard/pull/15101) Fixed blocking JPA queries on access-validator single thread by @dskarzh
+  * [#15100](https://github.com/thingsboard/thingsboard/pull/15100) Fixed preservation of rule node execution counter in delay and deduplication nodes by @dskarzh
+  * [#15120](https://github.com/thingsboard/thingsboard/pull/15120) Improved Apple OAuth2 mapper and refactored OAuth2 client validation by @ViacheslavKlimov
+  * [#15102](https://github.com/thingsboard/thingsboard/pull/15102) Fixed infinite loop when rule chain input node forwards to its own rule chain by @smatvienko-tb
+  * [#15116](https://github.com/thingsboard/thingsboard/pull/15116) Made max WS message size configurable by @DmytroKhylko
+
+* UI
+  * [#15130](https://github.com/thingsboard/thingsboard/pull/15130) Extend modules map: moment-timezone, canvas-gauges and ngx-hm-carousel added by @ChantsovaEkaterina
+  * [#14985](https://github.com/thingsboard/thingsboard/pull/14985) Fixed Redirect Url encoding by @mtsymbarov-del
+  * [#14978](https://github.com/thingsboard/thingsboard/pull/14978) Fixed Popover placement for Marker, Polygon and Circle overlay config by @mtsymbarov-del
+  * [#15018](https://github.com/thingsboard/thingsboard/pull/15018) Fixed adaptive in mail server configuration by @vvlladd28
+  * [#15071](https://github.com/thingsboard/thingsboard/pull/15071) Fixed a race condition causing the toast component by @mtsymbarov-del
+  * [#15097](https://github.com/thingsboard/thingsboard/pull/15097) Fixed a race condition when init image map by @mtsymbarov-del
+  * [#15142](https://github.com/thingsboard/thingsboard/pull/15142) Removed pattern validation from name field on CF by @mtsymbarov-del
+
+* Transport
+  * [#14760](https://github.com/thingsboard/thingsboard/pull/14760) Fixed Sparkplug BIRTH message validation for metrics with empty string values by @nickAS21
+
+* Edge
+  * [#15050](https://github.com/thingsboard/thingsboard/pull/15050) Event-sourced propagation for admin settings by @volodymyr-babak
+
+**Full Changelog**: [https://github.com/thingsboard/thingsboard/compare/v4.2.1.2...v4.2.2](https://github.com/thingsboard/thingsboard/compare/v4.2.1.2...v4.2.2)