Proposal Idea Often times while working on Cumulocity microservice which makes use of the Cumulocity platform API there is a need to be aware of the existing APIs that can be leveraged, signature of the APIs i.e. request object it takes and the re...
API-function for checking the accepted length of the chain of X509-certificates
Excerpt from https://cumulocity.com/guides/10.11.0/device-sdk/mqtt/#device-certificates : βIf these device certificates are signed by the customer certificate, then the platform should trust them too. In this case, every device should send not onl...
Currently the SMS integration can be only configured by the Operations team. Integration for OpenIT can be configured through UI but is not supported anymore. sms77.io is supported but cannot be configured through UI. Telstra administrator needs t...
When implementing data grid with paging to show items fetched using the c8y API the implemented paging is not working very well. In our case we need to get the total count of items (with query params: withTotalPages=true, pageSize=1), the filtered...
User need to have the option to cancel the changes in Authentication settings and no need to have information provided by the platform for the same
User is Forced to "log out" once authentication mode is changed and no user Indication provided to the user. When user tries to Save the modified authentication mode, user is forced to logout from the platform and not provided with any option to "...
User need to have the option to cancel the changes in Authentication settings and no need to have information provided by the platform for the same
User is Forced to "log out" once authentication mode is changed and no user Indication provided to the user. When user tries to Save the modified authentication mode, user is forced to logout from the platform and not provided with any option to "...
Abuse of the password reset feature - Security Risk
A non-authenticated user can use the password reset functionality to send password reset emails toarbitrary addresses, even if they are not linked to any account of the Web application. The followingrequest and screenshot illustrate this vulnerabi...
Support of weak SSL/TLS encryption protocol - Security Risk
Environmentdormakabastaging.us.cumulocity.com DescriptionThe Web server supports the use of encryption protocols inferior to TLS1.2. Security vulnerabilities havebeen identified in these versions and / or they are no longer compliant with the PCI-...
Show application name exactly as they are configured
The application names are going through a "normalization process".
This means that application names like "MindSphere Launchpad", are normalized to:"mind sphere launchpad", which is not desired by the customer.
Reason is that changes to this migh...