Skip to main content

Siemens and HighByte partner on industrial data operations to scale Industrial AI 🚀 Learn more >

Download Software
Account Login
Release Notes HighByte Intelligence Hub Version 4.5 Beta
New Features:
  • AI Agents
    • Added a new AI Agent interface and multiple agents for generating Models, Instances, and Inputs and browsing Connections.
  • Configuration Graph Support
    • Updated the Usage tab to display an interactive graph to visualize data flow dependencies for the selected entity. The current entity is shown as the focal node, highlighted at the center of the graph. The Usage tab is available on all Connections, Conditions, Models, Instances, Pipelines, and Dictionaries.
    • Added config_graph_describe, config_graph_get_schema, config_graph_read_cypher, and config_graph_read_sql MCP tools. These tools can be used to query project configuration relationships and are available when Configuration Tools are enabled in Application Settings.
  • PI Performance Improvements
    • Introduced support for retrieving historical PI Point, PI Point Change data, and Asset changes in Parquet format. When leveraging this option, memory usage is significantly reduced and transmission time is improved.
    • Optimized the JSON serialization logic in the PI Agent layer, reducing serialization overhead by up to 40% in certain scenarios.
    • Enabled the point cache in the PI SDK, which reduces redundant requests to the PI Server and improves performance in high-frequency read scenarios involving PI points.
    • Added a permanent point cache to the PI SDK. This reduces the need for redundant PI lookups, improving the performance of high-frequency point reads.
    • Updated point and asset changes to return good no data instead of an empty value where there are no changes in the PI Agent.
  • File Handling Improvements
    • Added a “Move” output type to the File connector.
    • Added a “Delete” output type to the File connector.
    • Added an “Event” input type to File connector.
    • Added support for writing files from disk to Databricks Storage, Microsoft OneLake, Azure Blob Storage, and Amazon S3, removing the need to load files into memory.
  • DevOps Enhancements
    • Changed the Docker base image from Alpine to an Ubuntu Linux-based Temurin image.
    • Added ability to import multiple files per Git deployment fragment.
    • Added JSON Schema and UANodeSet model import support to Git deployments.
    • Added ability to set custom High Availability heartbeat expirations on HA Cluster create. See User Guide for specifics and restrictions.
    • Added ability to configure and start a HighByte Intelligence Hub in High Availability via Docker environment variables.Added /v2/livez and /v2/readyz endpoints for liveness/readiness checks; in HA mode, secondaries return 503 on readiness while all nodes report role metadata (role, node ID, primary ID) in the response body.
    • Added support for distinguishing authenticated proxy users on remote hubs. When a user proxied from a central hub to a remote hub makes a change, the username will be output in the format {hubName}.{userName}.
    • Added support for optional custom Intelligence Hub display names. The hub name is passed to OpenTelemetry as an attribute on all metrics and logs.
  • Data Dictionary
    • Added dictionary capability to allow storage of multiple lists of name value pairs. The dictionaries can be referenced in Instances and Pipelines to perform high frequency value substitutions.
    • Added support for dynamically populating dictionary values, enabling lookups to be fetched from external sources for faster, up-to-date data access across Pipelines and Instances.
    • Added support for statically populating dictionary values, enabling long-lived data to be defined once and reused across Pipelines and Instances.
  • Added a NATS connector.
  • Enhanced Oracle CDC to build committed transactions in memory instead of relying on Oracle LogMiner.
  • Added support for Basic128Rsa15, Basic256, Aes128_Sha256_RsaOaep, and Aes256_Sha256_RsaPss OPC UA Security Policies.
  • Added support for retrieving metadata with Ignition UDT and Tag reads, including source timestamp, path, and quality.
  • Added support for disabling checksum validation and enforcing path-style addressing for Amazon S3.
  • Added support for editing and copying text in text array-style fields.
  • Added hot key option to support using down-arrow on inline pipeline stage add menu.
  • Added the option to expand arrays to the model stage to simplify modeling lists of objects.
  • JSON Schema exports to i3X will now include Model and Attribute descriptions.
  • Added support for resolving environment and system variables in output settings.
  • Configuration schemas are now downloadable from the Resources page via the HighByte logo menu.
Fixes:
  • Fixed an issue that could lead to multiple, duplicate reads against the same input when using the Instance reference field with a unique path.
  • Enhanced reference path resolution logic to better reflect JavaScript-style referencing. Added support for interpreting bracketed paths, including empty quotes ([""]) and escaped quotes (["escaped\"quote"]).
  • Fixed an issue where the clear button would not clear attribute filters in the Filter Stage in pipelines.
  • Fixed an issue where certain application failures would not exit with a bad status. Now all application failures end with status code 1.
  • Fixed an issue where Sparkplug properties of type DateTime were not properly read when the ‘Include Properties’ option for Sparkplug inputs is enabled.
  • Fixed an issue where the tag page would not reload the tag list after bulk untagging an object.
  • Improved stability of JSON Schema importing when title or id is missing.
  • Fixed an issue where enabling Redundancy mode would lead to multiple pipeline start events.
  • Fixed an issue where pipeline statistics could be negative due to miscalculated machine time.
  • Removed redundant warning message for missing intelligencehub-settings.json file. Changed "License not found ..." error into a warning.
  • Fixed an issue that would cause a pipeline to get cleared during rapid save operations.
  • Fixed an issue where Instance Dynamic Template References would not be shown on the Usage interface.
  • Fixed an issue where pipelines were slow to update when using templated flow triggers after saving a configuration change.
  • Fixed an issue with OnChange stages using Disk Persistence Mode where some datatypes would change when persisted, resulting in the stage always considering the value changed when mode was set to Disk. The following datatypes were affected:
    • Integer types, Int16, Int32, Int64 (and unsigned types) became Int64
    • FP types, Real32 and Real64 became Real64
    • DateTime became String
     
Breaking Changes:
  • Added the ability to set custom OTel Agent Properties via environment variables. Note: Enabling OpenTelemetry is now controlled by setting the environment variable `OTEL_AGENT_PROPERTIES` instead of modifying entry scripts.
  • When starting the Intelligence Hub via Docker, the ACCEPT_EULA=Y environment variable is now required; the runtime will not start if it is absent. Review the End User License Agreement before starting the product

Security Patch Updates:
  • Frontend:
    • CVE-2025-62718: Defect that allows improper hostname normalization when evaluating NO_PROXY rules to enable proxy bypass and server-side request forgery against internal services.
    • CVE-2026-39363: Defect that allows WebSocket connections without an Origin header to retrieve arbitrary files by bypassing filesystem access controls.
    • CVE-2026-39364: Defect allows crafted query parameters to bypass the server.fs.deny blocklist and retrieve sensitive files such as .env or certificates.
    • CVE-2026-39365: Defect that allows path traversal via .map request URLs to retrieve source map files outside the project root, bypassing filesystem restrictions.
    • CVE-2026-40175: Defect that allows CRLF sequences in HTTP headers to enable header injection, which can be chained with prototype pollution to achieve server-side request forgery or cloud credential exfiltration.
    • CVE-2026-42033: Defect that could allow prototype pollution from a co-dependency to enable silent interception and modification of JSON responses, or full hijacking of the underlying HTTP transport including credentials and headers.
    • CVE-2026-42034: Defect that allows streamed uploads to bypass the configured maxBodyLength limit when maxRedirects is set to 0, enabling unbounded upload sizes.
    • CVE-2026-42035: Defect that could allow prototype pollution from any dependency to inject arbitrary HTTP headers into outgoing requests.
    • CVE-2026-42036: Defect that allows streamed responses using responseType: 'stream' to bypass the configured maxContentLength limit, enabling unbounded downstream consumption.
    • CVE-2026-42037: Defect that allows CRLF sequences in a Blob's type property to inject arbitrary MIME part headers into multipart form-data request bodies.
    • CVE-2026-42038: Defect that allows IP aliases and loopback equivalents to bypass NO_PROXY rules via pure string matching, enabling server-side request forgery.
    • CVE-2026-42039: Defect that could allow deeply nested request data to trigger unbounded recursion, leading to denial of service.
    • CVE-2026-42040: Defect that allows the safe percent-encoding of null bytes to be reversed, enabling null byte injection into URL query strings.
    • CVE-2026-42041: Defect that could allow prototype pollution to suppress all HTTP error responses, causing status codes such as 401 and 403 to be treated as successful responses and bypassing authentication checks.
    • CVE-2026-42042: Defect that could allow prototype pollution to short-circuit the same-origin check, causing XSRF tokens to be sent to cross-origin servers.
    • CVE-2026-42043: Defect that allows crafted URLs to bypass NO_PROXY rules via RFC 1122 loopback subnet ranges, enabling server-side request forgery against internal services.
    • CVE-2026-42044: Defect that could allow prototype pollution to inject a custom JSON reviver, enabling invisible surgical modification of all parsed JSON API responses.
    • CVE-2026-42264: Defect that could allow prototype pollution to silently inject polluted config properties into every outbound HTTP request.
  • Amazon Redshift:
    • CVE-2026-8178: Defect that allows attacker-controlled JDBC connection properties with a datatype. prefix to be passed to Class.forName(), enabling arbitrary class loading and remote code execution.
  • UNS Client:
    • CVE-2026-41242: Defect that allows arbitrary code injected into the type fields of protobuf definitions to execute during object decoding, enabling remote code execution.
  • Kafka Connection:
    • CVE-2026-35554: Defect that could allow a buffer pool race condition to cause messages to be silently delivered to unintended topics, leading to data corruption or unauthorized data exposure.
  • Ignition Module:
    • CVE-2026-0636: Defect that allows crafted input to inject malicious elements into LDAP queries, enabling query manipulation.
    • CVE-2026-2950: Defect that allows array-wrapped path segments to bypass prototype pollution protections, enabling deletion of properties from built-in JavaScript prototypes.
    • CVE-2026-4800: Defect that allows untrusted options.imports key names to inject code, enabling arbitrary code execution at template compilation time.
    • CVE-2026-5588: Defect that allows an empty signature sequence to be accepted as valid, potentially enabling signature verification bypass.
    • CVE-2026-33228: Defect that allows crafted JSON input to leak a live reference to Array.prototype, enabling global prototype chain pollution.
    • CVE-2026-33532: Defect that allows deeply nested flow sequences to trigger unbounded recursion and a stack overflow, leading to denial of service.
    • CVE-2026-33672: Defect that allows crafted glob patterns to inject inherited method names into generated regular expressions, causing incorrect glob matching behavior.
    • CVE-2026-33894: Defect that allows non-canonical signatures to be accepted as valid, potentially enabling authentication bypass in applications relying on signature uniqueness.
    • CVE-2026-33895: Defect that allows forged signatures to pass validation for low public exponent keys, enabling signature forgery.
    • CVE-2026-33896: Defect that allows leaf certificates lacking basicConstraints extensions to act as certificate authorities, enabling forged certificate chains.
    • CVE-2026-5598: Defect that could allow non-constant time comparisons to leak private key material via a timing side-channel attack.
    • CVE-2026-6321: Defect that allows percent-encoded path separators and dot segments to be decoded before normalization, enabling path traversal and bypass of path-based security policies.
    • CVE-2026-6322: Defect that allows percent-encoded authority delimiters to be decoded during normalization, enabling host confusion attacks that bypass domain validation.
    • CVE-2026-44728: Defect that allows specially crafted input to cause the compiler to generate output that executes arbitrary code.

 

+1 844.DATA.OPS
163 Fore Street, 4th Floor
Portland, Maine 04101 USA
 
Inc. 5000 232 Fastest-Growing Private Companies
Intelligence Hub
Resources
Company
Customers

Copyright ©2026 HighByte, Inc. All rights reserved. Privacy Policy