0.4.1 Release

In this article, we want to give an overview of the 0.4.1 hawkBit release (Friday, January 12, 2024)

hawkBit 0.4.1 release

Steps towards removal of the legacy Vaadin8-based UI

As announced at Vaadin 8 UI discontinuation the current Vaadin 8 based UI will be removed. This release will likely be the last one including it. Some steps are taken to mitigate this.

  • First of all, this release introduces Simple UI - a demo/PoC level UI. It includes the most essential functionality allowing you to play around with hawkBit. It could not be compared to legacy UI in features and maturity in any case. Some notes for it:
    • Status - as already said - low maturity and very feature-limited, EXPERIMENTAL
    • Intended for demo/play-around purposes. It could become an initial version of a new hawkBit UI but currently, there are no resources for further development. Any contribution to this UI in the direction of making it a full-fledged mature UI is welcome!
    • It provides features like - create software modules & distribution sets, targets, and rollouts
    • In contrast with legacy UI the new UI is a standalone application and uses only REST API to provide functionality to the user.
  • To the legacy monolith update server application there is added a new microservice-based application. As part of this effort, there was introduced an example of legacy Vaadin 8 UI standalone application. This legacy UI standalone application could be used together with future hawkBit update server versions as long as it is compatible and on the user’s responsibility. Some notes for it:
    • NOT RECOMMENDED - it might contain security vulnerabilities and bugs. It could be hard to verify its compatibility with the new hawkBit versions.
    • ON USER’s RESPONSIBILITY - no guarantees of any kind are provided for that application. It is entirely the user’s responsibility to test, scan for vulnerabilities, and use it.
    • Provides an option to use the legacy Vaadin 8 UI with the new hawkBit versions under the conditions above
    • It uses directly the database and legacy update server code
    • It includes the outdated Spring Boot 2.7 which is after its end of support
    • It will not be developed any further and new features won’t be available
    • No bugfixes would be provided for it

Extended access control management - entity-based

There is a new feature implemented in access control management. Up until now, permissions (e.g. CREATE_TARGET) were assigned to the users, and based on that users were able to execute some action or not. Now there is added a pluggable mechanism via AccessController that allows to further restrict the access based on the entity. For instance, a developer could implement its custom access controller for targets that, depending on the user, could grant or reject permissions for accessing targets of certain target types.