Replace OTOPCUA_HISTORIAN_PIPE/OTOPCUA_ALLOWED_SID with TCP transport
env (OTOPCUA_HISTORIAN_TCP_PORT, OTOPCUA_HISTORIAN_BIND,
OTOPCUA_HISTORIAN_TLS_ENABLED, OTOPCUA_HISTORIAN_TLS_CERT/PASSWORD)
in Install-Services.ps1; add idempotent Windows Firewall inbound rule
for the TCP port. Add new params for all TCP/TLS options with cert
provisioning guidance. Update Refresh-Services.ps1 Step 4b comment
(PipeServer → TcpFrameServer) and add a Step 5 note clarifying that
TCP/TLS env is set at install time, not on refresh.
Add a post-publish Step 4b that fails the refresh if the sidecar deploy
folder is missing any load-bearing file (System.Memory.dll, MessagePack.dll,
the .exe, or the net48 binding-redirect .exe.config). A partial/stale deploy
that bypasses `dotnet publish` drops System.Memory.dll, so the sidecar
JIT-load-faults in PipeServer.RunOneConnectionAsync (FileNotFoundException
'System.Memory, Version=4.0.1.2') and NSSM crash-loops it (exit 2 every
~2 min). Catching this at publish time beats discovering it as a production
crash-loop. Guarded by -WhatIf; throws before any service is started.
All five suppressed advisories are now resolved at baseline/resolved versions,
so every NuGetAuditSuppress is removed repo-wide:
- System.Security.Cryptography.Xml (GHSA-37gx-xxp4-5rgx / GHSA-w3x6-4m5h-cxqf)
-> fixed by the .NET 10 baseline (10.0.6)
- OPCFoundation Opc.Ua.Core (GHSA-h958-fxgg-g7w3) -> fixed at resolved 1.5.378.106
Two were still live and are now patched via direct security pins:
- OpenTelemetry.Api 1.9.0 -> 1.15.3 (GHSA-g94r-2vxg-569j) pinned in Cluster;
Runtime/ControlPlane/AdminUI + tests inherit via project reference
- Tmds.DBus.Protocol 0.20.0 -> 0.21.3 (GHSA-xrw6-gwf8-vvr9) pinned in Client.UI
Also correct the Historian sidecar runtime comments (x86 -> x64, matching the
csproj PlatformTarget). Solution audit: 0 vulnerable packages; full build clean.
LZ4-decompression out-of-bounds read in MessagePack < 2.5.301 (transitive
via the Historian.Wonderware driver). 2.5.301 is the patched v2-series
release; stays on v2 (no v3 major bump). Restore no longer fails NU1903.
11-task TDD plan from the approved alias-tag design. Approach A (reuse
Tag entity, broaden composer/artifact equipment-tag filter); converter
rewrites relay VirtualTags as alias Tags. No entity/EF migration.
Equipment exposes a Galaxy attribute under a friendly UNS name as a
first-class driver-bound Tag (alias) instead of a relay VirtualTag.
Approach A: reuse the Tag entity, broaden the equipment-tag filter to
admit GalaxyMxGateway-backed equipment tags; no entity/EF migration.
Includes a relay->alias converter (per-equipment + fleet-wide).
Update Uns.md to show Equipment as a leaf in the browse tree (Area → Line →
Equipment), add the /uns/equipment/{id} page with its Details/Tags/Virtual
Tags/Alarms tabs, and adjust the actions table and sub-sections accordingly.
ScriptedAlarms.md and AlarmTracking.md required no changes — neither
referenced the standalone /scripted-alarms editing page.
Joseph Doherty