This offer is only addressed to commercial customers including freelancers and entrepreneurs. All prices are exclusive of value added tax (VAT).
Bosch IoT Suite
  • Share via email
  • Subscribe to blog alert

Continue permission migration, tighten API validation, and fix list loading in UI

May 19, 2026

We have migrated several controllers and APIs to the new permission model and removed legacy role and identity components, improving security and maintainability. The API specification now enforces stricter validation for string and integer inputs to reduce the risk of invalid or malicious data. Additionally, list pages with persisted sorting now load with a single HTTP request, improving performance and reducing unnecessary traffic.

Improvements

Permissions

  • ROLEX-2499: Migrate recipe tag permissions to the new authorization model
  • ROLEX-2500: Migrate tenant permissions to the new authorization model
  • ROLEX-2666: Migrate system-actions permissions to the new authorization model
  • ROLEX-2501: Migrate install-controller APIs to the new authorization model
  • ROLEX-2667: Remove deprecated role and identity controllers and their UI to streamline security management

API specification

  • ROLEX-2664: Tighten API string input validation to improve security of the API specification
  • ROLEX-2663: Add format and min/max bounds to integer schemas in the API specification to enforce stricter validation

Other

  • ROLEX-2631: Delete updatable modules automatically when a THING_DELETED DMF message is received i.e., when a IoT Rollouts target is deleted

Bugs fixed

  • ROLEX-2648: Eliminate duplicate HTTP requests on list pages when a persisted sort is active