Mender blog

Mender 1.1.0 beta ready for testing!

Today we are happy to announce that Mender 1.1.0 beta is ready for testing!

We will cover some of the major new features requested by users below, and you can see the detailed items in the release notes in the documentation.

Signature management

Mender has since day one been focused on creating a robust and secure update process, which is critical but frequently overlooked when building homegrown updaters.

We are happy to take this significantly further with the introduction of signature management in Mender 1.1.0. End-to-end signatures and verification that supports offline signing means that you can be confident that what your devices install has been approved by a trusted party. This means a vastly reduced attack surface when you deploy updates using Mender.

The diagram below shows how the signature management works at a high level.

Mender signature management flow

To get started with codesigning, head over to the documentation on Signing and verification.

Device decommissioning

Mender 1.1.0 also introduces the feature to delete all data about a device, both from the UI and the API. You can see this new feature under the "Devices" tab of the Mender UI.

This allows you to decommission old devices that are no longer operational or remove test devices from your Mender Server.

Yocto Project version 2.3 (pyro) support

The meta-mender layer now includes support for the new Yocto Project release and the documentation for building Yocto Project images has been updated accordingly.

Note that according to the System requirements documentation, Mender only officially supports the latest branch of the Yocto Project (pyro in Mender 1.1). Older Yocto Project branches are placed under community support and if you need to ensure your Mender installation works with them we recommend subscribing to commerical software support.

Artifact format v2

In order to support signature management (and pre/post-install scripts soon), the Artifact format has been updated to version 2. Note that in general, older versions of the Mender client do not support new versions of Mender Artifacts.

For more information about Artifact version 2 and how you can update your Mender clients, take a look at the Mender Artifact documentation.

Try Mender 1.1.0 beta

The documentation has a new 1.1 section that includes all the resources you need to get going. To test the new features, you can start with these pages:

Give feedback

We are happy to continue to see your general feedback on Mender, be it positive or need for improvement, on the Mender mailing list. Your continued feedback ensures Mender will meet your needs even better in the future!

If you believe you have encoutered a bug, please submit your report at the Mender JIRA issue tracker.

We hope you enjoy the new features and are looking forward to hearing from you!

Recent articles

Driving secure innovation: ISO/SAE 21434 & UNECE compliance

Driving secure innovation: ISO/SAE 21434 & UNECE compliance

ISO/SAE 21434 and UNECE R155/R156 standards reshape cybersecurity in software-defined vehicles. Compliance with these frameworks is essential for protecting consumers, ensuring vehicle safety, and driving innovation in the automotive industry.
CVE-2024-46947 & CVE-2024-47190 - SSRF issues in Mender Enterprise Server

CVE-2024-46947 & CVE-2024-47190 - SSRF issues in Mender Enterprise Server

Recently discovered security vulnerabilities in Mender Server have been fixed.
CVE-2024-46948 - Missing filtering based on RBAC device groups

CVE-2024-46948 - Missing filtering based on RBAC device groups

A customer recently notified us of a security issue in Mender. For users of RBAC and device groups, one specific API did not filter devices correctly.
View more articles

Learn why leading companies choose Mender

Discover how Mender empowers both you and your customers with secure and reliable over-the-air updates for IoT devices. Focus on your product, and benefit from specialized OTA expertise and best practices.

 
sales-pipeline_295756365