openPDC v2.8
Official stable release of version 2.8 of the openPDC (v2.8.115).
NOTE: If you are upgrading from a prior version of the openPDC, you must migrate your existing configuration to use the latest database schema when the Configuration Setup Utility is run after the installation completes - this version includes schema updates.
Security Fixes
Security scans of older releases of the openPDC have identified two JavaScript library vulnerabilities included from the Grid Solutions Framework, specifically jQuery and knockout. Installation of version 2.8 of the openPDC resolves these reported issues through library updates.
For jQuery the vulnerability was CVE-2019-11358:
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.
Because of the way GPA uses jQuery within the openPDC, GPA deems the risk of this vulnerability to be low.
For knockout the vulnerability was WS-2019-0015:
Knockout, before 3.5.0-beta, has an XSS injection point in “attr” name binding for browser IE7 and older.
Exploitation of the knockout vulnerability required the use of IE7. Since the openHistorian requires IE11 or better to function, GPA deems the risk of this vulnerability to be low. However, GPA does suggest updating to a newer, more secure browser regardless.
New Updates and Improvements
- Includes latest updates to STTP, including reverse connections
- Added NGEN based pre-compile at install time to boost overall performance and improve application start times.
- Improved functionality of point tag naming convention.
- Updated point tag naming convention to include phasor type and phase information.
- Added ability to disable self-web hosting
- Disabled checking for CAS publisher policy for all application config files to speed start time.
- Fixed various issues with web-based synchrophasor wizard
- Updated synchrophasor wizard to allow for either disabled or deleted phasors with better visual feedback on selected options.
- Updated synchrophasor device wizard to update baseKV for simple phasor updates.
- Improved phase guess operation in device wizard.
- Updated delete device operations in DataHub to also remove children devices before parent device.
- Updated dev wizard screen to allow export of config regardless of editor rights.
- Updated multi action adapter collection base implementation to allow for customized derived class connection string parsing.
- Updated independent adapter managers to support input, output and action adapter collection types.
- Updated to independent adapter manager samples to accommodate and end-user API.
- Updates to independent adapter manager classes to handle multiple inputs per adapter from collection manager base classes.
- Updated independent adapter managers to support grouped multiple inputs.
- Updated independent adapter manager collections functionality.
- Added configuration settings to control if eDNA and OSI-PI Grafana controllers are automatically loaded.
- Added error handling to SQL Server role migration in Configuration Setup Utility.
- Updated imported labels in device page to remove underscores with imported phasor labels
- Updated long/lat layout / operation on device wizard (dev page)
- Added initial options for connection string building with synchrophasor wizard screen
- Added serialized configuration section to device wizard
- Added ability to import and export config
- Updated location meta-data function signatures
- Cleared Sonar warnings and general code of newly added code.
- Fixed access keys to be unique in custom installer dialogs
- Applied custom action to installer to load previous company information.
- Added flag for enabling web hosting to systemSettings when missing
- Condensed PhasorHub initialization to web Startup.
- Updated knockout bindings in COMTRADE importer to target first body element.
- Updated GrafanAuthProxy to better handle initial startup user synchronization,
- Added sub-title feature to primary Layout.cshtml
- Cleaned up code for trend measurements and export data handler
- Updated buttons on select group devices page to read "export/import" instead of "save/load" to better serve context.
- Updated synchrophasor screen to accommodate application of calculation tags against devices setup with Gateway style connections.
- Added Grafana EndPoint to get all device alarm statuses
- Added Grafana Endpoint to get Device Groups
- Fixed naming of QueryAlarms issue in GrafanaController
- Updated device queries to only filter out device groups when both protocol is virtual and access ID is set
- Updated service host to inject DeviceGroupMeasurements selection table into data source updates
- Added extra safety checks for database to runtime ID conversion in data source propagation override in ServiceHost implementation.
- Updated metadata propagation handler for injection of DeviceGroupMeasurements table to better handle child devices of concentrator connections and to log error, but not fail, if there is an exception.
- Added check to ignore disabled group devices when creating DeviceGroupMeasurements metadata
- Improved comments and readability for propagation of DeviceGroupMeasurements
- Updated DeviceGroup model to default Enabled field to true
- Removed historian from device group setup, since it is not used.
- Added dynamic acronym database uniqueness validation to device and device group editing screens.
- Added code to dynamic selection tables to scroll to bottom after row is added.
- Added name as well as acronym to device group selection list
- Updated data operation for openHistorian adapters to automatically add metadata exclusions for device group records for all defined data publisher instances. This way device groups remain local.
- Updated default point tag name expression to always include base kV level when provided.
- Updated default point tag name expression in openHistorian manager application.
- Updated openHistorian manager to auto-elevate when using SQLite for cases when database is stored into program files folder.
- Fixed point tag name default expressions
- Updated SQLite database selection to not auto-select sample data script.
- Updated device dev wizard to ignore connection string values that contain a literal "null" string value.
- Updated web manager shortcut registry location to target SOFTWARE\Grid Protection Alliance instead of SOFTWARE\GPA to match other registry entries.
- Added additional config file for load file viewer application.