New Features:

• Added the ability for data from remote hubs to be available in the central hub. Once connected, the central hub can perform smart queries and read the namespace of remote hubs. Remote hubs can opt into this ‘central data’ capability by adding a flag to the remoteconfig.json file.
• Added the ability for Pipelines to subscribe to complex data, including Namespaces, Instances, OPC UA Collections, Branches, and more. The subscriptions produce events when data changes, avoiding the need to poll and perform on-change filters. Using a pipeline trigger, these data changes propagate into a pipeline within a hub or from a remote hub to the central hub using central data.
• Added a new Pipeline AI Agent feature that can create, edit, and summarize pipelines through natural language prompts. The agent works with any configured LLM and provides UI feedback to show proposed changes and allows the user to assess, compare, and accept or reject the changes.
• Added connection to Databricks Zerobus. This supports low latency ingestion, automatic table creation, and schema evolution.
• Added a server interface for an alpha version of the i3X API. This version works with version 0.1.5 of i3X Explorer and allows i3X clients to browse data and models, read, and subscribe to data changes. Note the i3X specification is still in development, so this feature should not be used in production as it will break once the specification is released.
• Performance Improvements
  • Transform Stage
    • Optimized the transform stage to skip pipeline state when unused, reducing overhead for transform stages in Pipelines with large state payloads.
  • Model Stage
    • Added direct reference support, removing the need to always rely on JavaScript evaluation.
    • Added a model definition cache, improving model generation performance.
  • Model Validation Stage
    • Added a model definition cache, improving validation performance.
  • Switch Stage
    • Improved performance by batching case evaluations, significantly reducing execution time for stages with more than 2 cases.
  • Event Routing & Ingest
    • Optimized event routing between stages to reduce transit time between pipeline stages.
    • Optimized the ingestion of events from the Pipelines queue, increasing event throughput for fast pipelines.
  • Store & Forward
    • Improved Store & Forward write persistence to batch incoming events, enabling Store & Forward to store more events per second.
    • Added Store & Forward output throttling, giving users control over connection throughput and preventing overload with large payloads.
    • Improved storage performance of writes when Store & Forward is enabled for a connection.
  • Statistics
    • Batched statistic calculations per-pipeline to better enable Pipelines to process bulk events.
• Added stored procedure input support to Oracle Database connection.
• Added support for Apache Iceberg tables to the Snowflake Streaming connection, enabling data to be written to tables stored in an external volume (e.g., Amazon S3 bucket, Azure Blob Storage container).
• Updated Amazon Kinesis Data Streams to use asynchronous batching, grouping multiple writes into single requests to significantly increase write throughput.
• Added the ability to see the debug run event payload in the Pipelines UI, allowing users to drag and drop parts of the payload for certain stages (e.g., Model stage) as well as get autocomplete for the event value and metadata.
• Added the ability to import Models from JSON Schema.
• Introduced a new write throttle feature in Store & Forward that allows users to configure a per-target batch size and delay between writes to better control the speed of write processing and avoid overwhelming target systems.
• Enhanced Pipelines to quickly add new stages inline via a searchable fly-out menu.
• Added Continuous mode to the ‘Polled’ Trigger. In this mode, the Trigger starts as soon as the previous run is completed.
• Added a new Raw input type to the Sparkplug connection to read raw Sparkplug messages as JSON.
• Added quality, timestamp, and datatype to the Sparkplug metrics payload when the “include properties” option is enabled on the Sparkplug connection inputs.
• Added support for setting the max number of point changes returned in a read for PI Point Change inputs in the AVEVA PI System connection.
• Added support for spaces and dashes in Namespace node names. When used in Smart Query, names that contain these characters require quotes.
• Added support for EC2 Instance Profile authentication in AWS connections, allowing Intelligence Hub running on EC2 to access AWS resources via IAM policy without requiring Access or Secret Keys.
• Added support for configuring a proxy option in Snowflake Streaming and SQL connectors.
• Added support for NodeIds as input arguments to OPC UA Methods.
• Enhanced the UANodeSet file import option in Model Import to include more base UA types.
• Improved OPC UA CSV import reliability for Tag, Branch, and Collection input types. Event and Method inputs are not supported and now fail gracefully with clear error messages. Fixed several OPC UA CSV import issues that could cause inputs to be imported incorrectly.
• Added OPC UA CSV export support for Inputs.
• Enhanced Namespaces to autosave on successful drag-and-drop of a reference.
• Added average stage execution time metric to the Pipelines UI.
• Added Trigger Name and Trigger Type (triggerName and triggerType) to event metadata in Pipelines.
• The EventTrigger now populates the event metadata object with the input parameters associated with the event.
• Added the ability to review Model imports before committing them to the project.
• Added a Writes Per Hour dashboard widget that displays the most recent 24 hours of write throughput, expressed as an aggregate count per hour.
• Added a Store & Forward dashboard widget that displays pending writes and allocated storage by connection when Store & Forward is enabled.
• Added an optional description field to all Pipeline stages for annotation purposes or providing context to an AI Agent reasoning with an LLM.
• Enabled the UI to automatically detect light/dark theme based on system preference.
• Added the enabled/disabled state of MCP to the MCP Services interface.
• Added hotlinks to various reference fields to make navigation faster.
• Added auto-select when viewing a Pipeline replay to select the first stage or the first stage with an error.
• Removed the Pipeline Creation Wizard.

Fixes:

• Fixed an issue where parallel stages editing the same pipeline state could lead to data loss.
• Increased OPC browse timeout to 5 minutes and all other browse timeouts to 1 minute.
• Removed the “Auto” type option from OPC UA Method Input Parameters.
• Fixed an issue where Instance test reads would only display the first error. Now all errors are shown.
• Fixed an issue that would cause the Write New stage to error if the qualifier had no settings.
• Fixed an issue where indexing into a complex object with {{source}}[“attribute”] would fail if one of the attribute keys contained a “.”
• Fixed an issue where a templated Instance or Input would not be visible in the default HighByte Namespace if it didn’t also define parameters.
• Fixed an issue where pipeline statistics would have inconsistent alignment.
• Fixed an issue where some stages would appear editable in Pipeline Replay.
• Fixed an issue where namespace test read panel sizing would reset after a read.
• Updated the Dashboard Connection Widget to only redirect when clicking the “View” button (previously would happen when clicking anywhere).
• Removed a non-functional browse button from the reference panel for Ignition Module connections.
• Fixed an issue where the remote hub variables UI would not close after saving changes.
• Fixed an issue where a pipeline would not go into an error state when it reached the 10,000-value event queue limit.
• Fixed an issue where Pipelines would not subscribe to OPC UA tag updates if the OPC UA server was unavailable at Pipeline startup but operational after.
• Fixed an issue where connections with invalid or unresolved settings could appear healthy and continue being used, causing Pipelines to attempt data operations on invalid connections.
• Fixed an issue where publishing a wildcard in the group or edge node of a Sparkplug output would cause repeated write failures that could only be cleared by re-saving the connection.
• Fixed an issue where users could not change the Redundancy Ping Timeout setting in the UI.
• Fixed an issue where Sparkplug inputs with a metric filter would receive unwanted subscription updates for unrelated metrics under the same device.
• Fixed an issue where OPC UA tags with overridden sampling intervals could result in Pipelines failing to start.
• Fixed an issue that prevented the Condition Usage interface from listing the Instances that use the condition.
• Removed requirement in the MCP Client connection for a session ID from the target MCP Server, now aligning with the MCP specification.
• Fixed an issue in Instances where descendant attributes wouldn’t override nested values in the parent value.

Breaking Changes:

• Java 25 is now the minimum version required to run the Intelligence Hub.
• Updated REST Data, MCP, and i3X APIs to share a common TCP port. All existing REST Data endpoints remain unchanged. MCP clients hosted on a separate port are automatically moved to the common port. Shared settings can be configured under Settings > HTTP Server.
• Updated the default HTTP client character set (from ISO-8859-1 to UTF-8). This could cause connections like the REST Client, InfluxDB, and MCP Client connections sending multipart form requests to a server to no longer work due to unsupported content types.
• Changed the way templated Instances and Inputs are mapped to a Namespace node. Previously, all expansions of a template were grouped under a single node with a fixed name, returned as an array. This made it difficult to identify individual expansions. Now, the expansions are placed under a common parent node with a name matching the configured Input/Instance. The child nodes are assigned their template name, or a unique name derived from the parent node. This improves organization, avoids name conflicts, and improves performance. Existing Smart Queries that read nodes mapped to templated Inputs or Instances need to be updated to account for the path change. The path metadata field produced by the Smart Query stage will reflect the new path.
• Ordering of child nodes in the internal HighByte namespace (e.g., Connection Inputs, Instances) is now sorted alphanumerically. Previously, the order depended on the order configuration objects were created. This applies to Namespaces in the UI and Smart Query results.
• 4.4.2 Only: When starting the Intelligence Hub via Docker, the ACCEPT_EULA=Y environment variable is now required; the runtime will not start if it is absent. Review the End User License Agreement before starting the product.

Security Patch Updates:

Runtime:

• CVE-2026-1225: Defect that could allow crafted input to cause denial of service.
• CVE-2026-21452: Defect that allows specially crafted input to trigger excessive memory allocation and denial of service.
• CVE-2026-33701: Defect that allows specially crafted input to potentially achieve remote code execution.
• CVE-2026-25087: Defect that could allow memory corruption or denial of service.
• CVE-2026-39883: Defect that could allow PATH hijacking potentially enabling privilege escalation.
• CVE-2026-40682: Defect that allows specially crafted input to enable file disclosure or server-side request forgery.
• CVE-2026-42440: Defect that allows specially crafted input to trigger unbounded array allocation and potential denial of service.
• CVE-2026-42027: Defect that allows specially crafted input to potentially achieve remote code execution.
• CVE-2026-0994: Defect that could allow denial of service.

S3 Tables:

• CVE-2025-67721: Defect that allows malformed compressed data to expose previously stored buffer contents.

Azure IoT Hub:

• CVE-2026-33117: Defect that allows an unauthenticated attacker to bypass authentication and gain unauthorized access to resources.

Kafka Connection:

• CVE-2026-33557: Defect in Apache Kafka's default OAUTHBEARER JWT validator that allows an attacker to authenticate as any user by presenting an unvalidated JWT token.

PostgreSQL Connection:

• CVE-2026-42198: Defect that allows a malicious server to cause unbounded CPU consumption and denial of service.

SQLite Connection:

• CVE-2025-70873: Defect that could allow a crafted ZIP file to leak sensitive heap memory contents.

MQTT Broker, REST Server, REST API:

• CVE-2026-42581: Defect in Netty's HTTP/1.0 handling that allows requests with coexisting Transfer-Encoding and Content-Length headers to be used for request smuggling.
• CVE-2026-33870: Defect in Netty's HTTP/1.1 chunked transfer encoding parsing that allows crafted requests to be used for request smuggling.
• CVE-2026-33871: Defect in Netty's HTTP/2 implementation that could allow a denial of service.
• CVE-2026-42582: Defect in Netty's HTTP/3 QPACK decoder that could allow a denial of service.
• CVE-2026-42585: Defect in Netty's HTTP request decoder that allows malformed Transfer-Encoding headers to be used for request smuggling.
• CVE-2026-42578: Defect in Netty's HTTP proxy handler that allows CRLF sequences in user-controlled headers to enable HTTP header injection.
• CVE-2026-42584: Defect in Netty's HttpClientCodec that allows certain pipelined HTTP request sequences to cause response desynchronization.
• CVE-2026-42587: Defect in Netty's HttpContentDecompressor that could allow the maximum allocation limit to be bypassed for certain content encodings, leading to a decompression bomb denial of service.
• CVE-2026-42583: Defect in Netty's LZ4 frame decoder that could allow a crafted compressed frame to trigger unbounded memory allocation, leading to denial of service.
• CVE-2026-42579: Defect in Netty's DNS codec that allows input validation to be bypassed in the encoder and decoder, potentially enabling DNS response manipulation.
• CVE-2026-44248: Defect in Netty's MQTT decoder that could allow MQTT 5 header properties to be buffered without size limits, enabling resource exhaustion.

Frontend:

• CVE-2025-13465: Defect that allows prototype manipulation through crafted object paths.
• CVE-2025-64756: Defect that allows crafted filenames to trigger command injection and arbitrary command execution.
• CVE-2025-64718: Defect that allows prototype pollution when parsing malicious YAML input.
• CVE-2025-68470: Defect that allows crafted navigation paths to trigger unintended redirects to external URLs.
• CVE-2026-21884: Defect that allows cross-site scripting through improperly sanitized input during server-side rendering.
• CVE-2026-22029: Defect that could allow improper input handling, leading to potential denial of service.
• CVE-2026-22030: Defect that could allow improper input handling, leading to potential denial of service.
• CVE-2026-25639: Defect that could allow improper input validation, leading to denial of service.
• CVE-2026-27606: Defect that allows path traversal to overwrite files on the host filesystem.
• CVE-2026-27903: Defect that allows crafted glob patterns to cause excessive processing and denial of service.
• CVE-2026-29063: Defect that allows prototype pollution through crafted input, potentially altering object behavior.

Ignition Module:

• CVE‑2023‑28154: Defect that allows mishandled import parsing to enable cross‑realm object access and potential code compromise.
• CVE‑2024‑43788: Defect that could allow cross‑site scripting via improper input validation.
• CVE-2025-15284: Defect that allows attackers to bypass array limits and exhaust server resources via crafted requests.
• CVE‑2025‑30359: Defect that could allow source code exposure when serving content from a development server.
• CVE‑2025‑30360: Defect that could allow source code exfiltration via inadequate WebSocket origin validation.
• CVE-2025-68157: Defect that could allow specially crafted input to cause denial of service.
• CVE-2025-68458: Defect that could allow improper handling of input leading to unintended behavior or denial of service.
• CVE-2026-2391: Defect that could allow memory corruption, leading to potential code execution.
• CVE-2026-22029: Defect that could allow improper input handling, leading to potential denial of service.

Patch (4.4.1 2026.4.14.7)

• Fixed an issue with the EventTrigger when subscribing to OPC UA Branches, OPC UA Collections, and Sparkplug Inputs where the ‘All’ setting only returned changes. The trigger now returns all values (tags or metrics), including those that changed. The ‘Compressed’ option has been renamed to ‘Changed’.
• Added a new Index Window Mode option to PI System Point and Asset reads to control when the read returns data. Modes include Strict or Best Effort. Best Effort is the default behavior and returns data even if the full Index Window isn’t available. Strict only returns data and updates the Index if the full Index Window is available.
• Added support for Basic128Rsa15 in OPC UA Connections.
• Updated i3X server to the Beta version of the specification.

Patch (4.4.2 2026.5.21.2)

• Fixed an issue to correctly capture PI Asset Read Get selection of “Interpolate” vs. “Raw Values”.
• Fixed an issue where projects that were created in version 4.0 and contained pipelines with event triggers failed to import in version 4.4.
• Added Primary Host support to SparkplugB. When enabled, publishes ONLINE/OFFLINE state messages on connect/disconnect.
• Updated i3X Server to support the latest Beta changes to the spec in preparation for version 1.0.
• When starting the Intelligence Hub via Docker, the ACCEPT_EULA=Y environment variable is now required; the runtime will not start if it is absent. Review the End User License Agreement before starting the product.
• Added support to the PI System connector for exposing categories for assetmetadata, asset, and eventframe input types.