Upgrade to The Things Network v3.15.2 (completed)

Completed: Upgrade to The Things Network v3.15.2

This is a cross-post of an incident on our status page. It will be updated automatically.

Impact: Maintenance

Scheduled: Mon, 25 Oct 2021 09:30:00 +0200 until 11:30:00 +0200

Resolved: Mon, 25 Oct 2021 11:30:30 +0200

Affected Components

  • Europe 1 (eu1.cloud.thethings.network): Operational
  • North America 1 (nam1.cloud.thethings.network): Operational
  • Australia 1 (au1.cloud.thethings.network): Operational


Posted: Fri, 22 Oct 2021 16:15:04 +0200

During this maintenance window we will upgrade The Things Network v3.15.2

We do not expect noticeable downtime during this deployment.

Here is the changelog since the current version v3.15.1:


  • tls.cipher-suites config option to specify used cipher suites.
  • Support for enhanced security policies of Packet Broker services.
  • Handling of MAC and PHY versions in end device forms based on selected frequency plan in the Console.
  • Support for scheduling downlink messages as JSON in the Console.
  • Support for Packet Broker authentication through LoRaWAN Backend Interfaces. This adds the following configuration options:
    • interop.public-tls-address: public address of the interop server. The audience in the incoming OAuth 2.0 token from Packet Broker is verified against this address to ensure that other networks cannot impersonate as Packet Broker;
    • interop.packet-broker.enabled: enable Packet Broker to authenticate;
    • interop.packet-broker.token-issuer: the issuer of the incoming OAuth 2.0 token from Packet Broker is verified against this value.
  • Support for LoRaWAN Backend Interfaces in Identity Server to obtain an end device's NetID, tenant ID and Network Server address with the use of a vendor-specifc extension (VSExtension). This adds the following configuration options:
    • is.network.net-id: the NetID of the network. When running a Network Server, make sure that this is the same value as ns.net-id.
    • is.network.tenant-id: the Tenant ID in the host NetID. Leave blank if the NetID that you use is dedicated for this Identity Server.
  • Configuration option experimental.features to enable experimental features.
  • Tooltip descriptions for "Last activity" values (formerly "Last seen") and uplink/downlink counts in the Console.
  • Status pulses being triggered by incoming data in the Console.
  • Packet broker page crashing when networks with a NetID of 0 are present.
  • Allowing to toggle visibility of sensitive values in text inputs in the Console.
  • Webhook failed event.


  • Searching for entity IDs is now case insensitive.
  • Renamed entitie's "Last seen" to "Last activity" in the Console.
  • The database queries for determining the rights of users on entities have been rewritten to reduce the number of round-trips to the database.
  • The default downlink path expiration timeout for UDP gateway connections has been increased to 90 seconds, and the default connection timeout has been increased to 3 minutes.
    • The original downlink path expiration timeout was based on the fact that the default PULL_DATA interval is 5 seconds. In practice we have observed that most gateways actually send a PULL_DATA message every 30 seconds instead in order to preserve data transfer costs.
  • The default duration for storing (sparse) entity events has been increased to 24 hours.


  • Option to select targeted stack components during end device import in the Console.


  • LoRaWAN Backend Interfaces 1.1 fields that were used in 1.0 (most notably SenderNSID and ReceiverNSID). Usage of NSID is now only supported with LoRaWAN Backend Interfaces 1.1 as specified.
  • Registering and logging in users with 2 character user IDs in the Account App.
  • Frequency plan display for the gateway overview page in the Console.
  • Frequency plan showing as n/a in the Console after creating a new gateway with assigned frequency plan.
  • Header logo flickering in the Console when using Safari browser.
  • Profile settings link not being present in the mobile menu in the Console.
  • Calculation of "Last activity" values not using all available data in the Console.
  • Layout jumps due to length of "Last activity" text.
  • Invalid session handling in Network Layer settings form in the Console.


  • Network Servers using LoRaWAN Backend Interfaces to interact with the Join Server can now provide a single Network Server address in the X.509 Common Name of the TLS client certificate (the old behavior) or multiple Network Server addresses in the X.509 DNS Subject Alternative Names (SANs). DNS names have precedence over an address in the Common Name.

In Progress

Posted: Mon, 25 Oct 2021 09:30:37 +0200

Scheduled maintenance is currently in progress. We will provide updates as necessary.


Posted: Mon, 25 Oct 2021 11:30:30 +0200

The scheduled maintenance has been completed.

The incident on our status page was just updated with new information. The first post in this topic has been updated accordingly.

The incident on our status page was just updated with new information. The first post in this topic has been updated accordingly.