v5.19.0

OpenC3 COSMOS 5.19.0 - Command History and Validators (Enterprise)

Welcome to OpenC3 COSMOS 5.19.0!

This is an exciting release as we have a completely new tool for Enterprise Users - Command History! It provides a quick way to see what commands have been sent, by who, and if the commands were successful.

Associated is a new feature called Command Validators that is available for both Open Source and Enterprise Users. This feature allows us to know if the command was successful after its full lifecycle. Read more below.

Additionally we have grown to the point where security researchers are looking into COSMOS and creating CVEs. This release patches three CVEs that have been written against COSMOS. As always, we recommend updating to our latest version.

Affects Both Open Source and Enterprise Edition:

• CVE-2024-46977 - Path traversal via screen controller ([GHSL-2024-127]) - Moderate

Only Affects Open Source Edition:

• CVE-2024-43795 - Cross-site scripting in Login functionality (GHSL-2024-128) - High
• CVE-2024-47529 - Clear text storage of password/token (GHSL-2024-129) - Moderate

Command History Tool (Enterprise)

A new tool for our Enterprise users provides a quick way to see what commands have been sent, by who, and if the commands were successful.

Command Validators

Commands validators are a new class that can be associated with individual commands. Inside the class are a pre_check and post_check method which can be used to reject commands before they are sent (pre_check), or verify if the command worked successfully (post_check).

Python Redis Cluster Support (Enterprise)

Python now supports infinite scaling with Redis Cluster in COSMOS Enterprise Edition.

New Runner Role (Enterprise)

We have a new default role called "runner" that allows a user to run scripts but not edit them. Great for production environments where users are only authorized to run prebuilt scripts.

New DataViewer Item Component

This provides an easy way to scale viewing an item (or multiple items) over time in DataViewer (rather than an entire packet).

Time Zone Setting

Our settings page now includes a time zone setting where you can choose whether you want every tool to use UTC time or the local time zone.

Potentially Breaking Changes

• Our command line generators no longer default to ruby and now require --ruby or --python for each (or set the OPENC3_LANGUAGE environment variable)
• Updated to use docker compose run instead of docker run for cli actions in openc3.sh/openc3.bat
• The docker network is no longer hard coded in compose.yaml and is now auto set by Docker Compose
• RECEIVED_COUNT now returns 0 instead of nil/None for packets that have never been received
• Many more log messages are now JSON formatted
• extra is now a required parameter for the Interface#write_interface and Protocol#write_data methods

Other Improvements

• Added a ScriptRunner Line Delay Menu Option
• More Consistent use of 401 and 403 errors
• Python Stack Traces are now cleaner in ScriptRunner
• Greatly improved File Open Performance with a large number of files
• CmdTlmApi and ScriptRunner Rails logs are now JSON formatted
• Added the ability to clear graph data in TlmGrapher
• Bucket Explorer auto refreshes every minute

Other Bug Fixes

• Fixed a python wait_check bug causing it to block forever
• Improved escaping logic in TemplateAccessor
• Lots of spelling errors fixed - our pipeline now checks for spelling errors! (Typically in comments)
• Fixed a bug with the script open_file_dialog sometimes not working
• Command Sender error messages could reference the wrong command
• Fixed TlmViewer Spacer widget
• Fixed a bug with mixing old variable sized items with new variable sized items
• Fixed an issue with CmdTlmServer LogMessages not bringing up any history
• Fixed python tcpip_server_interface

All Pull Requests in this Release

• Coverage by @JL-Brothers in #1415
• Generator requires language by @JL-Brothers in #1490
• Better escaping in TemplateAccessor by @jmthomas in #1495
• Rework settings and add time zone by @jmthomas in #1446
• Correct spelling errors by @jmthomas in #1496
• Fix fileDialogCallback promise logic by @jmthomas in #1497
• Bump webpack from 5.93.0 to 5.94.0 in /openc3-cosmos-init/plugins/packages/openc3-cosmos-tool-packetviewer by @dependabot in #1502
• Cmd validation by @jmthomas in #1506
• Bump pypa/gh-action-pypi-publish from 1.9.0 to 1.10.0 by @dependabot in #1508
• Bump webpack from 5.93.0 to 5.94.0 in /openc3-cosmos-init/plugins/packages/openc3-cosmos-tool-dataviewer by @dependabot in #1507
• Bump pypa/gh-action-pypi-publish from 1.10.0 to 1.10.1 by @dependabot in #1524
• Bump webpack from 5.93.0 to 5.94.0 in /openc3-cosmos-init/plugins/packages/openc3-cosmos-tool-dataextractor by @dependabot in #1520
• Fix get_limits docs by @jmthomas in #1538
• Bump webpack from 5.93.0 to 5.94.0 in /openc3-cosmos-init/plugins/packages/openc3-cosmos-tool-cmdtlmserver by @dependabot in #1533
• Fix Command Sender error message by @jmthomas in #1516
• Bump webpack from 5.93.0 to 5.94.0 in /openc3-cosmos-init/plugins/packages/openc3-cosmos-tool-cmdsender by @dependabot in #1541
• Bump the npm_and_yarn group across 13 directories with 1 update by @dependabot in #1542
• Http interface tests by @JL-Brothers in #1513
• SR line delay menu option and log line delay changes by @jmthomas in #1540
• Python Redis Cluster Updates (Enterprise) by @ryanmelt in #1523
• Add runner role to SR by @jmthomas in #1519
• Applied OPENC3_OPERATOR_HOSTNAME to json_api.rb by @stephen-ritter in #1511
• Cli script wait by @JL-Brothers in #1501
• Allow upload and delete to /tmp by @jmthomas in #1544
• Properly return 403 for Forbidden by @ryanmelt in #1555
• Fix spacer widget by @jmthomas in #1553
• Fix python stack traces by @jmthomas in #1554
• Update SR file open / save dialog by @jmthomas in #1556
• Bump pypa/gh-action-pypi-publish from 1.10.1 to 1.10.2 by @dependabot in #1565
• Command validator returns true, false, nil by @jmthomas in #1561
• Improve target file performance by @jmthomas in #1560
• Setup rails for JSON logging by @ryanmelt in #1568
• Add ability to clear graph data by @jmthomas in #1570
• Add uuid to activities by @jmthomas in #1522
• RECEIVED_COUNT returns 0 if packet not received by @jmthomas in #1569
• Fix spec return code by @jmthomas in #1518
• Change cmd keyword from validator to validate by @jmthomas in #1574
• Fix python sleep and screen formatValue by @jmthomas in #1576
• Deterministic recalculate bit offsets by @ryanmelt in #1577
• Fix LogMessages history by @jmthomas in #1587
• Fix python tcpip_server_interface by @jmthomas in #1578
• Dependencies by @jmthomas in #1582
• Rework Graph edit dialog, change timezone in Astro clock by @jmthomas in #1583
• Add auto-refresh to Bucket Explorer by @ryan-pratt in #1585
• Address security issues by @ryanmelt in #1589
• cli updates by @ryanmelt in #1588
• Dv items by @jmthomas in #1593
• Fix tlm grapher button layout by @jmthomas in #1594
• Roadmap by @jmthomas in #1599
• Bump uplot from 1.6.30 to 1.6.31 in /openc3-cosmos-init/plugins/packages/openc3-tool-common in the npm_and_yarn group across 1 directory by @dependabot in #1602
• Fix Bucket Explorer auto-refresh playwright test for enterprise by @ryan-pratt in #1601
• Command authority documentation by @jmthomas in #1600

New Contributors

• @JL-Brothers made their first contribution in #1415
• @ryan-pratt made their first contribution in #1585

Prerequisites:
Docker - Running OpenC3 requires a working Docker or Podman installation. Typically Docker Desktop on Windows / Mac. Plain Docker or Podman also works on linux. We actively develop and run with Docker Desktop on Mac/Windows, and Linux on Raspberry Pi, so if you have any issues on another platform, please let us know by submitting a ticket!

Minimum Resources allocated to Docker: 4GB RAM, 1 CPU, 80GB Disk
Recommended Resources allocated to Docker: 16GB RAM, 2+ CPUs, 100GB Disk
Also requires docker compose version 1.27+

To Run:

• git clone https://github.com/openc3/cosmos-project.git cosmos-myproject
• cd cosmos-myproject
• Run Linux/Mac: ./openc3.sh run
• Run Windows: openc3.bat run
• Connect a web browser to http://localhost:2900/
• Have fun running OpenC3 COSMOS!

Please see our documentation at https://openc3.com

Try it out and let us know what you think! Please submit any issues as Github tickets, or any generic feedback to support@openc3.com.

Thanks!

Full Changelog: v5.18.0...v5.19.0