This document contains release notes for Prosys OPC UA SDK for Java Version 4. The versioning scheme is x.y.z-b, with the following meanings:

  • x: Incremented when we start adding support for a newer version of the OPC UA Specification (in which case y and z will reset back to 0). SDK versions 4.y.z are tied to OPC UA 1.04, SDK 5.y.z will be for 1.05, etc. (it is possible that in the future we decide to break this link). Largest changes are preferably done here.

  • y: Incremented on a bit larger updates (z is reset back to 0), that do not add support for a newer version of the OPC UA Specification.

  • z: Incremented on not so large updates. Even number of z indicate releases, while odd ones are betas. In general only releases have release notes and are public. We may give beta versions as part of support cases.

  • b: Incremented internally when we make builds. Sometimes we reset this number.

The "OPC UA Specification version" above refers to the versions such as '1.04' and '1.05'. In 1.04 there has been erratas and amendments. In 1.05 there is a sub-version number such as 1.05.01 and 1.05.02 and so on. SDK 5.y.z would target all 1.05.** versions.

The Code Generator tool that comes with the SDK uses similarly named version number. It is tied to the SDK version, except the build number is different. Also, if there are no changes, then SDK ships with the one from previous releases.

Version 4.11.0

Build: 4.11.0-41

Release date: 16.08.2023

This is a new minor release of the SDK that also contains security fixes. We recommend everyone to update to this version.

Now also the UaClient version of PubSubSystem supports Event-DataSets. It can now use Subscription-based data sampling, which is the new default.

This release contains 2 security fixes related to Diagnostics and extra information on a failure.

The first security fix now limits reading SessionSecurityDiagnosticsArray node (i=3708) of the Server to only Sessions for which UaServerListener.onAllowReadSecurityDiagnostics(ServiceContext) returns true (or none if no listener set). Previously any activated Session could read the SessionSecurityDiagnosticsArray (i=3708). This can be mitigated in earlier SDK versions by adding an IoManagerListener to UaServer.getNodeManagerRoot() and preventing access in IoManager.onGetUserAccessLevel for Identifiers.Server_ServerDiagnostics_SessionsDiagnosticsSummary_SessionSecurityDiagnosticsArray. Note that any Client can enable the Dianostics, thus this still applies even if they were initially off. The SessionSecurityDiagnostics does contain the current (and previous, if changed while the session is active) username of the Session.

The second security fix limits extra info in OPC UA TCP ErrorMessage and in the ResponseHeader(s) returned with any ServiceResponse. Now by default they do not anymore contain any additional info nor stacktraces of any Exceptions that would occured within the processing of the ServiceRequest. We are not aware of any attack scenarios where this information could be used, but it could potentially be useful for an attacker. The fix disables the functionality of ErrorMessage.setReason(String) and DiagnosticInfo.setAdditionalInfo(String) unless flags ErrorMessage.disableReasonField and/or DiagnosticInfo.disableAdditionalInfo are set to false (default true). The disableAdditionalInfo also omits the StringTable of the ResponseHeader when built from an Exception. Future SDK versions might offer more granular control.

This release changes default behavior on connection limits introduced in Version 4.10.4. Now if maximum number of connections is not set in UaServer, by default 10% more (at least +1) connections than maximum number of Sessions are allowed (previously the limit was the number of Sessions). This allows Clients to get a "maximum sessions reached" error message. Also, opc.tcp connections that have had an Activated Session, but no longer do, are now also eligible to be removed if connection limit is reached. In addition, now opc.tcp connections can only have a single SecureChannel and the Server closes the socket when CloseSecureChannelRequest is received (per Closing a connection). As a result also getter and setter for maxOpcTcpSecureChannelsPerConnection of UaServer are now removed.

Changes to Common parts

  • Fixed: PrivKey.load(byte[], password) didn’t work for encrypted keys.

  • Fixed: JsonDecoder didn’t properly decode SByte (UnsignedByte) for single-digit values.

Changes to Client SDK

  • New: AddressSpace.browse overload that takes ResultMask as parameter.

  • Fixed: java.lang.Error: Maximum permit count exceeded due to multithreading race condition when the secure channel was closing.

Changes to Server SDK

  • Security: SessionSecurityDiagnosticsArray was visible to all Sessions.

  • Security: By default remove stacktraces/AdditionalInfo of returned Diagnostics and UA TCP ErrorMessage.

  • Fixed: OpenSecureChannelResponse could get wrong SequenceNumber in a rare multithreading race condition.

  • Fixed: "Structure synchronization system" (that passes parts of Structures up/down the node-hierarchy) didn’t validate sub-component names when writing null.

  • Fixed: Load ArrayDimension info for Structure FieldSpecifications and properly return them for the DataTypeDefinition OPC UA 1.04 Attribute.

  • Fixed: When MonitoringMode for a MonitoredItem was changed from Sampling to Reporting, if the QueueSize was 1 there was no notification.

  • Changed: By default allow 10% more connections than maximum number of configured Sessions.

  • Changed: When at connection limit, allow opc.tcp connections that have had previously an activated Session, but no longer have one to be removed.

  • Changed: Enforce 1 SecureChannel per opc.tcp connection and do not send CloseSecureChannelResponse for CloseSecureChannelRequest.

  • Changed: NodeManagerRoot is no longer final.

  • Changed: UaServer.NodeManagerUaServer is now static.

  • Changed: UaServer added protected createNodeManagerRoot and createNodeManagerUaServer for overridding purposes.

Changes to PubSub SDK

  • New: Support (and is the default) Subscription-based data sampling for UaClient- based PubSubSystem.

  • New: Support Event-DataSets for UaClient- based PubSubSystem.

  • New: Added Events PubSubSystemStartedEvent and PubSubSystemShutdownEvent.

Changes to Code Generator

  • Fixed: Generate ArrayDimension info for Structure FieldSpecification(s). Code must be re-generated using this version of Codegen.

Changes to SampleConsoleClient

  • No changes.

Changes to SampleConsoleServer

  • No changes.

Changes to PubSub samples

  • No changes.


  • Plus a number of other small changes.

Version 4.10.6

Build: 4.10.6-24

Release date: 25.04.2023

This release is a bug fix release. Fixed connection issues to Servers made with the SDK that are run behind NATs (Network Address Translation) where the port-forwarding changed the port number from the internal one.

Changes to Common parts

  • Fixed: JsonDecoder didn’t handle BaseDataType (mapped to Object.class) properly.

  • Fixed: NPE in MultiDimensionArrayUtils.getDimension(…​) when given null (now returns 0).

  • Fixed: NPE in Variant.getArrayDimensions(), returns 0 if the Variant has a null value.

Changes to Client SDK

  • Fixed: A race-condition in AddressSpace.getNode(…​) causing a deadlock, if multiple threads tried to get the same node concurrently.

  • Fixed: A race-condition causing NPE internally in re-create failed MonitoredItems feature that could happen if a Subscription is added after UaClient.connect().

Changes to Server SDK

  • Fixed: NAT connection issues where port-forwarding changed the port number.

  • Fixed: Cosmetic ERROR log when loading NodeSets containing <Extensions> tag(s) that contained <Value> tag(s).

Changes to PubSub SDK

  • No changes.

Changes to Code Generator

  • No changes, uses the same as in 4.10.0.

Changes to SampleConsoleClient

  • No changes.

Changes to SampleConsoleServer

  • No changes.

Changes to PubSub samples

  • No changes.


  • Plus a number of other small changes.

Version 4.10.4

Build: 4.10.4-14

Release date: 22.02.2023

This release is a bug fix release that also contains security fixes. See our blog (OPC UA Pwn2Own 2023 Resource Exhaustion Exploit) for more information.

Changes to Common parts

  • No changes.

Changes to Client SDK

  • No changes.

Changes to Server SDK

  • Security/New: UaServer methods setMaxOpcHttpsConnections(Integer) and setMaxOpcTcpConnections(Integer) for limiting the number of connections. By default 'null', which means the max number of Sessions is used instead.

  • New: UaServer.setMaxOpcTcpSecureChannelsPerConnection(int) for limiting number of secure channels per opc.tcp connection (in opc.https this is always 1 as it technically doesn’t per se have a secure channel, but the TLS instead). Default value is 1 and it is not recommended to change this (change number of opc.tcp connections instead).

  • Security/Fixed: Prevent clients from sending too large chunks and infinitely many chunks.

  • Fixed: The Value Attribute of VariableTypes contained a Variant with a Variant when loaded from NodeSets.

  • Fixed: NPE when a client sent a non-null-certificate and null as the nonce when SecurityMode NONE was used.

Changes to PubSub SDK

  • No changes.

Changes to Code Generator

  • No changes, uses the same as in 4.10.0.

Changes to SampleConsoleClient

  • No changes.

Changes to SampleConsoleServer

  • No functional changes, but added commented-out examples of using the UaServer new methods.

Changes to PubSub samples

  • No changes.


  • Plus a number of other small changes.

Version 4.10.2

Build: 4.10.2-62

Release date: 12.12.2022

This release is a bug fix release. HistoryContinuationPoint generation in the server side due to an error caused a memory leak, which is fixed in this release. Effectively each point was created twice, thus each Session would eventually hold the maximum number of continuationpoints (per configured limits) until closed.

Changes to Common parts

  • Fixed: Prevent rare ConcurrentModificationException while DEBUG log is enabled for UaApplication.

Changes to Client SDK

  • New: MonitoredItemErrorListener, can be set on MonitoredItem.

  • Fixed: Empty array in RolePermissions and UserRolePermissions Attribute caused problems.

  • Fixed: Notifications from received PublishResponses are now acknowledged once they have been processed. Previously they were once they had been received, but due to multithreading related issues this could cause problems.

Changes to Server SDK

  • Fixed: HistoryContinuationPoints leaked memory.

Changes to PubSub SDK

  • No changes.

Changes to Code Generator

  • No changes, uses the same as in 4.10.0.

Changes to SampleConsoleClient

  • No changes.

Changes to SampleConsoleServer

  • No changes.

Changes to PubSub samples

  • No changes.


  • New: Added a link to these release notes to the download page.

  • Plus a number of other small changes.

Version 4.10.0

Build: 4.10.0-58

Release date: 16.11.2022

This is a new minor release of the SDK. It contains new features, bug fixes, improvements and few security-related fixes. In addition the SDK and Codegen uses now the latest base Nodeset version 1.04.11.

UaClient.reconnect() now throws, if called while UaClient.isAutoReconnect() is true, which is the default. Previous releases added a WARN-level log, but it was an inadequate measure. Manual calling while AutoReconnect is true was the root cause in many support cases, with this they hopefully can be avoided(i.e. only the SDK OR SDK user should handle the reconnects, not both).

The 1.04.11 NodeSet should be backwards-compatible in a practical sense. However, it should be noted that the mandatory Property 'NamingRule' was removed from the ModellingRuleType in the 1.04.11 errata and ModellingRule-instances now themselves (Mandatory, Optional, etc.) now define the meaning (i.e. there was a similar set of NamingRules previously).

Additionally, it was noticed that the host.docker.internal fix in 4.9.0 was incomplete, this release should be treated as the proper fix for the issue.

This release changes the PubSubSystemConf in a way that the so called PubSubDataSetMetaDataConf is no longer part of Reader level configuration. Instead it can be defined directly in the PubSubSystemConf, if needed. In addition, by default now the SDK doesn’t modify the configuration when it receives new metadatas. They are only kept internally in memory, as it is expected that the same way they were received will work again when needed. This can be changed via PubSubSystemOverrides.getStoreReceivedDataSetMetaDatasInConf(). By default PubSubSystem will hold 1000 metadatas, but the limit can also be changed within PubSubSystemOverrides.

Changes to Common parts

  • New: UaNodeId static factory methods: guid(…​), numeric(…​), opaque(…​), string(…​).

  • New: UaNodeId.from(…​) overload taking UaNamespace instead of the namespace uri as String.

  • New: for storing UTF_8 Charset (on Java 7+ just use java.nio.charset.StandardCharsets instead)

  • New: SecurityPolicy.getDisplayName().

  • New: More constants in UserTokenPolicies related to the newer security policies.

  • Changed: Using standard base information model version 1.04.11.

  • Fixed: XmlElement.equals did throw NPE if given null.

  • Fixed: DynamicStructure.set didn’t clear other fields if StructureType was StructureType.UNION_SUBTYPES.

  • Fixed: JsonEncoder, some error situations were not properly thrown.

  • Fixed: JsonEncoder, all Good StatusCodes were not put to the JSON (only the literal StatusCode.GOOD should be ignored).

  • Fixed: Additional fixes for host.docker.internal issue.

Changes to Client SDK

  • Security: UaClient.setEndpoint(EndpointDescription) didn’t use the security mode from the given description.

  • Changed: Constructors of FileTypeImpl, BaseVariableTypeImpl, BaseObjectTypeImpl are now protected (as they are only intended to be used by the SDK instantiation similar to other generated types).

  • Changed: UaClient.reconnect() will now throw IllegalStateException if called while UaClient.isAutoReconnect() is true (the default).

  • Fixed: During UaClient.connect Subscriptions are now added as the last step, and TypeDictionary is initialized first (long init could cause subscription timeouts).

  • Fixed: UaViewImpl protected writeAttributeValue didn’t handle Attributes.ContainsNoLoops.

  • Fixed: The opc.tcp socket is now read using BufferedInputStream (may increase performance).

Changes to Server SDK

  • Changed: The SDK logic that automatically creates sub-nodes below Structure VariableType instances now ignores optional Structure fields having Structure datatypes. Such fields could refer to the same type (or indirectly via a circular reference), which would cause an infinite loop of subnodes to be created. Also, fixed the ValueRanks of created nodes (they will now match the fields ValueRank).

  • Fixed: UaViewNode protected readAttributeValue didn’t handle Attributes.ContainsNoLoops.

  • Fixed: NodeManagerUaNode.createInstance, some situations where an overridden InstanceDeclaration had the wrong HasTypeDefinition reference.

Changes to PubSub SDK

  • New: Enable decoding of UADP messages without metadata in some cases.

  • New: PubSubSystem.addEventListener overload taking in Executor (on which the event is notified).

  • New: Common PubSubFailureEvent interface and PubSubEvents.PUB_SUB_ALL_ERRORS marker to be used with PubSubSystem.addEventListener.

  • New: PubSubEvents.PUB_SUB_ALL marker to be used with PubSubSystem.addEventListener. This will listen to all PubSubSystem internal events.

  • New: Created common interfaces for dataset events (PubSubEvents.PUB_SUB_DATASET_MESSAGE_RECEIVED), thus only one PubSubSystem.addEventListener is needed (to be notified of UADP/JSON messages).

  • New: PubSubVariableDataSetConfFactory.

  • New: Support JsonDataSetMessageContentMask.Status (though note that StatusCode is transferred only if it was different than StatusCode.GOOD).

  • New: Support message level "MessageType" field in JSON messages (via JsonDataSetMessageContentMask.MessageType).

  • New: PubSubSystem.commands(), allow forcing sending of a KeyFrame (or selected fields of the DataSet), even when it would not be needed (if the nodes in question didn’t have value changes). These only work in the Publisher side i.e. the "command" is SDK-specific functionality and will not be transferred from the Subscriber side.

  • Changed: Some WARN logs were moved to be PubSubFailureEvent implementations.

  • Changed: DataSetMetaData is no longer stored in the Reader configuration, but instead it can be specified in the PubSubSystemConf level (if needed).

  • Changed: Renamed PubSubDataSetMetaDataMessageReceivedEvent to PubSubUadpDataSetMetaDataMessageReceivedEvent and (re)created PubSubDataSetMetaDataMessageReceivedEvent as a common interface for metadata receiving event.

  • Improvement: JsonEncoder, encoding Enumeration(s) can now use "String-form" in non-reversible encoding, assuming the type is known via EncoderContext.

  • Improvement: Sampling of Variable DataSets is now done in bulk.

  • Improvement: Support SubstituteValue logic.

  • Fixed: Changing Enabled from true to false didn’t stop connections.

  • Fixed: DataSetWriterId in JSON messages is now a JSON-number (and not a String)

  • Fixed: DataSetMetaData calculation assumed Value Attribute always.

Changes to Code Generator

  • Security: Updated internal commons-text dependency (on the standalone version)to version 1.10.0 due to CVE-2022-42889. The internal logic only relies on allowing system properties (via StringSubstitutor.replaceSystemProperties(…​)) to be replaced (so that values such as "${app.home}/sampletypes/output_code" will work in the configuration). Thus the Code Generator should be unaffected by the CVE (but the update was done just in case). The Maven plugin uses Maven’s own property-replacing logic.

  • New: Tolerate ValueRank -3 (and -2 when not used with BaseDataType). These will be generated as Object (i.e. the same as -2 with BaseDataType) as they cannot be properly be represented in Java code. A WARN log is still logged in these cases.

Changes to SampleConsoleClient

  • No changes.

Changes to SampleConsoleServer

  • New: Added a folder with different ValueRank nodes.

  • Changed: Call loadInformationModels only after other namespaces have been loaded (so that adding new ones here wont change the namespaceindexes of the others).

  • Changed: Instances are now done more using NodeManagerUaNode.createInstance (which is the current recommended way).

  • Fixed: Set DataTypeId in ComplianceNodeManager.createMultiStateDiscreteItem.

Changes to PubSub samples

  • Changed: The message listeners are now configured in SampleUtils.addPubSubSystemListeners(PubSubSystem).


  • Clarified SDK versioning logic (added at the start of this document).

  • Improved Starting Guide

  • Plus a number of other small changes.

Version 4.9.0

Build: 4.9.0-43

Release date: 30.08.2022

This is a new minor release of the SDK. It contains new features, bug fixes and improvements.

This release now contains a workaround to the host.docker.internal hostname problem. The added OSUtil contains helpers for resolving hostnames in operating system dependent way, e.g. calling the hostname command via Runtime.getRuntime().exec(…​). ApplicationIdentity.getBannedHostnames() now controls for which unsuitable hostnames the OSUtil is used as a fallback option. The set currently contains a single entry, the host.docker.internal, but the set can be used if equivalent cases happen in the future. Also in some future version it is possible that the OSUtil hostname resolution becomes the default. If you have a case where host.docker.internal would be a valid hostname, this workaround can be disabled by clearing the set of banned hostnames.

This release contains fixes for information model loading. Now Structure types that use simpletypes will also work without code generating the model first.

As part of the fix UaType.getJavaClass() was changed. It will now internally search supertypes and cache the results. The Java classes returned by the method have changed in a few cases that are listed below. Verify how the outputs of this method are used in your application code when updating to this version of the SDK.
  • For the UaType representing BaseDataType the getJavaClass() will now return Object.class.

    This is a special mapping only valid for exactly BaseDataType and thus is not returned by subtypes (via the new check supertypes logic).
  • For the UaTypes representing Enumeration types the getJavaClass() will now return the proper class, e.g. ServerState.class, or DynamicEnumeration.class for custom enumerations.

  • For the UaType representing Structure type the getJavaClass() will now return ExtensionObject.class instead of Structure.class. Subtypes will return the correct generated class or DynamicStructure.class.

Thus, the following code is no longer valid (as this could always incorrectly find Object.class from the BaseDataType as it is super type for all DataTypes):

Class<?> javaClass = dataType.getJavaClass();
UaType dt = dataType;
while (javaClass == null) {
  dt = dt.getSuperType();
  if (dt == null) {
  javaClass = dt.getJavaClass();

and must be replaced just with

Class<?> javaClass = dataType.getJavaClass();

If the getJavaClass() returns null, it means that type doesn’t have a valid mapping to Java.

Changes to Common parts

  • New: OSUtil, provides OS-related ways to search hostnames.

  • New: ApplicationIdentity.getBannedHostnames(), controls a set of "incorrect" hostnames, IF a hostname is in the set, the new OSUtil is tried to resolve the hostname in an operating system dependent way. Currently the set contains "host.docker.internal".

  • New: Generalized DynamicStructure.clear() as Structure.clear(). This can also be used to reset an Union back to the 'no fields set' state.

  • New: AbstractUaNodeFactory, mostly to serve as an internal base for UaClientNodeFactory and UaServerNodeFactory. Impl note: holds currently the type-mappings for UA and Java types and injects them when UaDataType nodes are created.

  • Changed: UaType.getJavaClass() implementation now automatically search supertypes + cache results.

  • Changed: UaType.getJavaClass() for raw Structure i.e. i=22 type now returns ExtensionObject.class instead of Structure.class.

  • Changed: UaType.getJavaClass() now returns Enumeration classes (or DynamicEnumeration.class).

  • Changed: UaType.getJavaClass() for exactly BaseDataType returns Object.class.

  • Changed: Some previously protected abstract methods of ModelParserBase are now directly implemented by ModelParserBase.

  • Improvement: DataTypeConverter.convert(…​) no longer throws if given Integer values and Enumeration type. The given value is returned as-is, as Variant automatically converts Enumerations to Integers.

  • Improvement: DataTypeConverter.convert(…​) can now convert Structures to ExtensionObjects.

  • Improvement: JsonDecoder support RawData.

  • Fixed: The host.docker.internal problem as explained above.

  • Fixed: FieldSpecification.toBuilder didn’t copy AllowSubTypes to the Builder.

Changes to Client SDK

  • Deprecated: Client-side methods related to model loading are now deprecated (+ as well). The concept doesn’t work due to (not recent) a change in the specification that the server shall create full instances on AddNodes call (compared to models which define each node individually). There is no direct replacement, contact support if you depend on this.

  • Fixed: The new 1.04.10 StructureWithSubtypedValues+UnionWithSubtypedValues behaved incorrectly in TypeDictionary.

Changes to Server SDK

  • Fixed: SimpleTypes in Structure fields now work even if the model is not code generated before loading.

  • Fixed: BaseDataType in Structure fields now gets proper java class (Object.class).

Changes to PubSub SDK


  • Improvement: Some previously unparsed JSON messages are now parsed. In some cases the value is a String with the JSON representation of e.g. a custom Structure that could not be parsed.

  • Fixed: Possible deadlock when receiving metadata.

  • Fixed: NPE if PublisherId was missing in JSON messages.

  • Changed: Some situations are now logged on WARN instead of ERROR level.

Changes to Code Generator

  • New: Support InstanceDeclarations of ValueRank -2 'Any' if the DataType is exactly BaseDataType.

  • Fixed: The AllowSubTypes was not set for the generated FieldSpecifications for Structures.

You must regenerate your models with this version.

Changes to SampleConsoleClient

  • No changes.

Changes to SampleConsoleServer

  • No changes.

Changes to PubSub samples

  • New: SDK can internally share MQTT connections between multiple PubSub connections, assuming equal authentication etc. configuration.

  • Changed: SampleBroker, disabled advisory messages so subscribing to root-wildcard ('#') works.


  • Plus a number of other small changes.

As an extra note, for 1.04.10 "AllowSubTypes" Structures the UaType.getJavaClass() cannot be used. There the field is either either ExtensionObject for Structure-fields and Object for others due to encoding needs. The FieldSpecification.getDataTypeId() will tell valid subtypes (and for these UaType.getJavaClass() is valid, though Structures must be wrapped in new ExtensionObject(structure).

Version 4.8.2

Build: 4.8.2-35

Release date: 03.08.2022

This release is a bug fix release. Also includes some new features.

Changes to Common parts

  • Improvement: AggregateCalculator now supports processing interval of 0.

  • Fixed: JsonDecoder.setReadable, now uses UTF-8 instead of the platform default encoding.

  • Fixed: ExpandedNodeId.parseExpandedNodeId now properly parses if passed the output of ExpandedNodeId.toString.

Changes to Client SDK

  • Fixed: Handle situations where MonitoredItem targets namespace no longer exist in the server.

  • Fixed: Refresh NamespaceArray before recreating MonitoredItems after a reconnect.

Changes to Server SDK

  • Fixed: UaViewNode didn’t handle ContainsNoLoops Attribute via setAttribute.

  • Fixed: Prevent StackOverflowError related to incorrectly modeled Conditions.

  • Changed: The Value of nodes loaded from NodeSets have now timestamps from when the model was loaded (instead of null/min timestamp), fixes issues with the Compliance Test Tool.

Changes to PubSub SDK

  • Fixed: If using 'mqtts' (instead of 'ssl') in the connection address is now properly replaced internally to 'ssl'.

  • New: Added support for the SingleDataSetMessage bit in the NetworkMessageContentMask in JSON encoding.

  • New: PubSubJsonDataSetReaderConf.isIgnoreMissingMetaData, allows ignoring needing to know the DataSetMetaData when decoding PubSub MQTT-JSON messages, the fields from the message are used as-is.

  • New: PubSub(Mqtt)Events.PUB_SUB_MQTT_CONNECTION_STATE_CHANGED, fires PubSubMqttConnectionStateChangedEvent whenever the state of the MQTT connection changes.

  • New: PubSub(Mqtt)Events.PUB_SUB_MQTT_RAW_MESSAGE_RECEIVED, fires PubSubMqttRawMessageReceivedEvent whenever an MQTT message is received by the Subscriber in any of the configured topics/queues. Note that this can include non OPC UA messages.

  • Fixed: DataSets can now work properly when used by multiple Writers.

  • Fixed: JsonDataSetMessageContentMask DataSetWriterId field was being ignored.

  • Changed: The default publishing interval (if not set via PubSubXXXWriterGroupConf.Builder) is now 1 second (instead of 4).

Changes to Code Generator

  • No functional changes, but internals use now slf4j-simple when logging in the commandline mode.

Changes to SampleConsoleClient

  • New: Added example (menu-option) to calling AddNodes service call on the server. Note that the server needs to support NodeManagement in order to use this (in our SDK’s server side that is by default off, as NodeManagerListeners should be also made to only allow authorized users to do that).

  • Fixed: The new 1.04 attributes were not shown as an option in the menus.

Changes to SampleConsoleServer

  • New: Added example (menu-option) to toggle NodeManagement state (by default it is disabled).

Changes to PubSub samples

  • Fixed: NPE when parsing some JSON messages.

  • Changed: Using 5 second publishing intervals in sample configurations.

  • Changed: SamplePubSubConfiguration, setting DataSetWriterId field in the JsonDataSetMessageContentMask.


  • Fixed: samples sh start-scripts couldn’t handle spaces in arguments.

  • Updated dependencies. It should be noted for the BouncyCastle dependency that is now a 3rd jar, bcutil-jdk15to18-1.71.jar, see (search 'bcutil').

  • Plus a number of other small changes.

Version 4.8.0

Build: 4.8.0-25

Release date: 10.05.2022

This is a new minor release of the SDK. It contains bug fixes and improvements. It also includes one security fix.

The security update fixes a scenario where an attacker could cause the server to starve an internal thread pool, causing a Denial of Service (DoS). The exploit enables an unauthorized attacker to block the server applications so that they will no longer be able to serve client applications. Thus, we recommend everyone to update to this version. For more details see Pwn2Own resource exhaustion exploit. Edit (23.05.2022): This issue is the same as CVE-2022-30551 (published at

PubSub configurations can now be handled in a generic way (similar to Structure via its StructureSpecification). The samples also contain code which enables persisting and loading it.

Changes to Common parts

  • New: EnumerationSpecification.getAllEnumValues(), EnumerationSpecification.getByName(…​), EnumerationSpecification.getByValue(…​)

  • Deprecated: EnumerationSpecification.createEnumerationFromInteger and EnumerationSpecification.createEnumerationFromString, use getByName or getByValue instead.

  • Fixed: Prevent NPE if JsonEncoder is given null ByteString.

  • Improvement: EnumerationSpecification now implements equals and hashCode.

Changes to Client SDK

  • Fixed: MonitoredItem.toString showed null for the NodeId if made with an ExpandedNodeId.

  • Changed: Subscription.isRecreateFailedItems() is now true by default.

  • Changed: UaClient, allow continuing of reading history even if Good_NoData is received (assuming data was received), allows interop with some incorrectly built servers.

Changes to Server SDK

  • Security fix: Avoid starvation of internal thread pools in some scenarios.

  • Fixed: Using BaseDataVariableType instead of BaseVariableType for Structure components in Variable nodes.

  • Fixed: HistoryRead with ReleaseContinuationPoints=True caused NPE in some cases.

  • Fixed: AddReferences and DeleteReferences service calls always sent diagnostics, even when not requested by the Client.

  • Fixed: The maximum supported message size in OPC UA TCP was not set (Acknowledge MaxMessageSize was was 0).

Changes to PubSub SDK

  • New: Added support for generic processing of PubSubXXXConf objects:

    • PubSubConf, a super-interface for all PubSub configuration objects, similar to how Structure is for all Structures.

    • PubSubConfSpecification (via PubSubConf.specification()), PubSubConfFieldSpecification (via PubSubConfSpecification.getFields()).

    • PubSubConf.get(…​), PubSubConf.Builder.set(…​) with String or PubSubConfFieldSpecification.

    • PubSubConf.toMap(…​) to split the configuration to components and PubSubConf.Builder.setAll(…​) to combine.

      • Different kinds of Map returns via passing PubSubConf.MapKind.

  • New: Added getters in PubSubXXXConf.Builder objects.

  • New: PubSubTransportProfile serves as a factory for PubSubXXXConf.Builder(s) of that profile. New methods:

    • PubSubTransportProfile.createConnectionConfBuilder().

    • PubSubTransportProfile.createReaderGroupConfBuilder().

    • PubSubTransportProfile.createWriterGroupConfBuilder().

    • PubSubTransportProfile.createDataSetReaderConfBuilder().

    • PubSubTransportProfile.createDataSetWriterConfBuilder().


  • New: Added option to add extra (static) fields to JSON messages in PubSubMqttJsonWriterGroupConf and PubSubMqttJsonDataSetWriterConf.

  • New: PublisherId class, used instead of using Object for defining PublisherId value in PubSubXXXConf objects.

  • New/Fixed: More support for MQTT topic wildcards.

  • Fixed: PublisherId was not sent in DataSetMetaData UADP messages.

  • Fixed: Event DataSet only supported Properties and 1-level deep nodes.

  • Fixed: MQTT Publishers used wrong topic if more than one writer/topic was configured.

  • Fixed: MQTT Subscribers didn’t filter properly based on configured queuenames.

  • Changed: Moved classes from package to

  • Changed: Renamed PubSubSystemConf.getAllConnections() to PubSubSystemConf.getConnections().

  • Improvement: Added topic information to MQTT PubSubEvents.

  • Removed: "Extension properties" maps, from PubSub configuration objects for connections, groups, readers and writers, as they didn’t do anything.

Changes to Code Generator

  • New: The Code Generator can now be run with Java 17.

  • Fixed/Changed: Field and parameter names now have a prefix to avoid conflicts with Java keywords.

  • Plus other internal changes.

You must regenerate your models with this version.

Changes to SampleConsoleClient

  • No changes.

Changes to SampleConsoleServer

  • No changes.

Changes to PubSub samples

  • New: Added s (--save) and l (--load) command line arguments to save and load the configuration from a file.

  • New: and `SamplePubSubConfiguration.load, experimental support for persisting and loading the configuration to/from a file.

  • Changed: The Event DataSet now uses the 'Server' node as the source of Events.

  • Changed: Rewrote the sample to use the new PubSubTransportProfile factory methods.


  • Plus a number of other small changes.

Version 4.7.2

Build: 4.7.2-13

Release date: 08.02.2022

This release is a bug fix release. The main fix is that the SDK now works in environments where native ByteOrder is ByteOrder.BIG_ENDIAN.

Changes to Common parts

  • Fixed: The following classes now default to ByteOrder.LITTLE_ENDIAN (instead of ByteOrder.nativeOrder()): ByteQueue, InputStreamReadable and OutputStreamWriteable.

  • Deprecated: ByteBufferFactory.DEFAULT_ENDIAN_HEAP_BYTEBUFFER_FACTORY, as the order should always be defined.

Changes to Client SDK

  • Fixed: TypeDictionary didn’t handle Structure fields of BaseDataType DataType properly.

  • Fixed: TypeDictionary didn’t handle the new "1.04.10 Structure types" StructureWithSubtypedValues and UnionWithSubtypedValues.

Changes to Server SDK

  • Fixed: Properly return StatusCodes.Bad_NoContinuationPoints when at limit (instead of allowing one above limit).

  • Fixed: Sessions could not access their own SessionSecurityDiagnosticsType data.

Changes to PubSub SDK

  • No changes.

Changes to Code Generator

  • No changes, uses the same as in 4.7.0.

Changes to SampleConsoleClient

  • No changes.

Changes to SampleConsoleServer

  • Improvement: MyEnumObject sample node now has timestamps set for the value.

Changes to PubSub samples

  • No changes.


  • Plus a number of other small changes.

Version 4.7.0

Build: 4.7.0-7

Release date: 25.01.2022

This is a new minor release of the SDK. It also includes one security fix. In addition the SDK and Codegen uses now the latest base Nodeset version 1.04.10. Samples now use logback instead of log4j1 for logging purposes. Also, the tar.gz distribution flavour is removed as there was no need for it anymore.

The security fix is in the server side. MonitoredDataItem didn’t properly calculate AccessLevels if the item used an AggregateFilter, thus users could access nodes they should not have the access rights to. Thus everyone is recommended to update to this version. Alternatively SubscriptionManagerListener.onCreateMonitoredDataItem can be used to prevent creation of such items.

In addition, the samples of the SDK now use Logback as the logging library. Previously we used log4j1. While log4j1 is not directly (i.e. unless they can modify the logging configuration itself) affected by the log4shell attack (see also our blog post), it is recommended to move away from it because of other issues (it is also at it’s end of life phase and wont receive updates). It should be note however here, that the selection of a logging library is the SDK’s users responsibility, as the SDK only relies on the SLF4J API and any compatible implementation can be selected.

Logback has a different license than log4j1 had. Another alternative (that appeared very recently; after we had migrated to logback) is reload4j. That should be a drop-in replacement for log4j1 fixing it’s issues (and it has the same apache 2.0 license log4j1 had). If you are in Java 8+ you can also consider the log4j2 (that originally had the log4shell problem, but has been fixed).

Also, we have tested and found out our server side works in Android, starting from API level 22, thus this release no longer skips <Value> tags when loading NodeSet files.

The contents of tar.gz distributions had identical content of the .zip distributions and per our tests normal unix unzip tools seem to retain the 'exec bits' for .sh files from the .zip distributions, thus the tar.gz variant is no longer needed.

Changes to Common parts

  • New: ByteString.append(…​).

  • Changed: ModelParserBase skipValuesOnAndroid is now false by default, server side works in Android API level 22+.

  • Fixed: DynamicStructureSerializer.getNodeId(…​) didn’t work for JSON encodings.

  • Fixed: MethodCallStatusException, avoid ArrayIndexOutOfBoundsException if empty or too few inputArgumentDiagnosticInfos given.

  • Fixed: StructureUtils.fixEmptyStructureArrayType now also works if given BigDecimal[0].

  • Deprecated: DynamicStructure.getSpecification(), use DynamicStructure.specification() instead defined in Structure.specification().

  • Deprecated: DynamicStructureSerializer.calcEncodeable(…​) (IEncodeableSerializer.calcEncodeable was already deprecated previously).

Changes to Client SDK

  • New: Subscription.resendData().

Changes to Server SDK

  • Security fix: MonitoredItems with AggregateFilter didn’t check AccessLevel permissions.

  • Changed: Using the latest 1.04.10 NodeSet.

  • Changed: Using 1000 as the new default for MaxBrowseContinuationPoints, MaxQueryContinuationPoints and MaxHistoryContinuationPoints (instead of 65535).

  • Changed: Protected Session.activate() no longer throws StatusException.

  • Changed: The Session.isActive of ServiceContext.INTERNAL_OPERATION_CONTEXT now returns true.

  • Fixed: ActivateSession failures for existing Session do not deactivate the Session anymore.

  • Fixed: IndexRange processing didn’t work for AggregateFilter MonitoredItems.

  • Fixed: Some race-conditions in protected MonitoredDataItem.isAccessible().

Changes to PubSub SDK

  • Changed: PubSub internals no longer rely on java.util.ServiceLoader (caused issues in some environments).

  • Changed: PubSubSystemOverrides, combined JSON and UADP MqttProviderConfProvider methods.

  • Changed: Removed some internal interfaces (implementations were package-private) that were public.

  • Changed: UADP and JSON specific configuration objects for ReaderGroups, WriterGroups, DataSetWriters, DataSetReaders. They are now split on transport protocol. The old classes are now interfaces with the common encoding parameters. The XXXTransportSettings interfaces as they were are removed and the parameters moved to PubSubBrokerTransportSettingsConf interface, which the MQTT variants implement.

    • PubSubUadpReaderGroupConfPubSubUdpUadpReaderGroupConf + PubSubMqttUadpReaderGroupConf (both implement PubSubUadpReaderGroupConf)

    • PubSubUadpWriterGroupConfPubSubUdpUadpWriterGroupConf + PubSubMqttUadpWriterGroupConf (both implement PubSubUadpWriterGroupConf, mqtt version also PubSubBrokerTransportSettingsConf)

    • PubSubUadpDataSetWriterConfPubSubUdpUadpDataSetWriterConf + PubSubMqttUadpDataSetWriterConf (both implement PubSubUadpDataSetWriterConf, mqtt version also PubSubBrokerTransportSettingsConf)

    • PubSubUadpDataSetReaderConfPubSubUdpUadpDataSetReaderConf + PubSubMqttUadpDataSetReaderConf (both implement PubSubUadpDataSetReaderConf, mqtt version also PubSubBrokerTransportSettingsConf)

    • PubSubJsonWriterGroupConfPubSubMqttJsonWriterGroupConf (implements PubSubJsonWriterGroupConf, PubSubBrokerTransportSettingsConf)

    • PubSubJsonReaderGroupConfPubSubMqttJsonReaderGroupConf (implements PubSubJsonReaderGroupConf)

    • PubSubJsonDataSetWriterConfPubSubMqttJsonDataSetWriterConf (implements PubSubJsonDataSetWriterConf, PubSubBrokerTransportSettingsConf)

    • PubSubJsonDataSetReaderConfPubSubMqttJsonDataSetReaderConf (implements PubSubJsonDataSetReaderConf, PubSubBrokerTransportSettingsConf)

  • Changed: renamed XXXNetworkMessageReceivedEvent classes to have consistent names: PubSubUdpUadpConnectionNetworkMessageReceivedEvent, PubSubMqttUadpConnectionNetworkMessageReceivedEvent and PubSubMqttJsonConnectionNetworkMessageReceivedEvent

Changes to Code Generator

  • New: Added support for the "AllowSubtypes=true" new Structure types introduced in OPC UA base information model version 1.04.10.

    Only "1.04.10+ Clients" are able to understand these new types. A warning is printed if they are used in any other than the standard model (as their original intention is for PubSub specifics, but could potentially be used by other models as well).
  • Changed: Using the latest 1.04.10 NodeSet.

You must regenerate your models with this version.

Changes to SampleConsoleClient

  • Changed: Samples now use logback instead of log4j1.

Changes to SampleConsoleServer

  • Changed: Samples now use logback instead of log4j1.

  • Changed: Using 1000 (the same as the new defaults) for MaxBrowseContinuationPoints, MaxQueryContinuationPoints and MaxHistoryContinuationPoints.

Changes to PubSub samples

  • New: SampleBroker, added option for SSL (see PubSub Tutorial for certificate generation).

  • Changed: SamplePubSubConfiguration, reorganized different types of connection+encodings to nested classes.

  • Changed: Samples now use logback instead of log4j1.

  • Fixed: pom.xml of the samples used incorrect (older) names.


  • Removed tar.gz distribution flavor.

  • PubSub Tutorial updated to include certificate generation for Broker+SSL purposes.

  • Plus a number of other small changes.

Version 4.6.2

Build: 4.6.2-1636

Release date: 04.11.2021

This release is a bug fix release. The fixes are mainly related to PubSub and NodeSet2 XML loading.

The fixes in PubSub UDP-UADP DataSetMetaData request message and response handling are not compatible with older version of the SDK. Thus it is recommended that you update both publisher and subscriber sides at the same time.

Changes to Common parts

  • New: TypeDictionary.getEnumerationSpecification(UaNodeId id), which EncoderContext.getEnumerationSpecification(UaNodeId id) will call on the client side automatically if UaClient.isInitTypeDictionaryAutoUsage() is true (the default).

  • Fixed: UserTokenPolicy having SecurityPolicy.AES256_SHA256_RSAPSS as their security policy failed due to SecurityAlgorithm.RsaOaep256 having incorrect URI.

  • Fixed: BinaryDecoder was incorrectly throwing DecodingException in Variant decoding if ArrayDimensions were defined, but the dimensions array had empty or null value when the Variant value part was empty or null.

  • Fixed: BinaryDecoder NPE if an ExtensionObject array had a null-form of ExtensionObject as first element after 0 or more non-Decimal-forms of ExtensionObject.

  • Fixed: ModelParserBase.parseFile was incorrectly using platform default encoding if the file didn’t contain a UTF-8 Byte Order Mark character.

  • Fixed: ModelParserBase.parseFile NPE if a non-generated-Structure type had an array field who’s DataType node exists in the address space, but for which UaDataType.getJavaClass() returned null.

Changes to Client SDK

  • Fixed: Ignoring RevisedQueueSize and RevisedSamplingInterval of CreateMonitoredItems (or ModifyMonitoredItems) if the result StatusCode is not Good.

Changes to Server SDK

  • Changed: If sending a non-Good StatusCode in CreateMonitoredItems or ModifyMonitoredItems, setting the revised QueueSize and SamplingInterval to the current values of the item (instead of 0).

Changes to PubSub SDK

  • New: Added experimental support for SSL based MQTT connections in the form of PubSubMqttProviderConf.Builder.setSocketFactory + PubSubMqttProviderConf.Builder.setSSLHostnameVerifier.

  • New: PubSubPublishedVariableConf.Builder.setName(), can be used to override the Name of the published variable (by default the BrowseName’s name part is used).

  • New: Made possible to set the Description in PubSubVariableDataSetConf and PubSubEventDataSetConf and PubSubPublishedVariableConf Builders.

  • Fixed: DataSetMeta request message was missing a byte in the encoded form.

  • Fixed: DataSetMeta request message was missing PublisherId.

  • Fixed: UDP-UADP connections ignored PublisherId part of the DataSetMetaData request.

  • Fixed: Some Builder methods incorrectly returned an internal BuilderBase implementation.

  • Fixed: MQTT Retain flag is set for DataSetMetaData messages.

  • Fixed: MQTT-UADP connection was not terminated properly in PubSubSystem.shutdown().

  • Fixed: MQTT connections were not re-subscribing to topics on reconnect.

  • Fixed: MQTT was re-subscribing to topics on every DataSetMetaData message.

Changes to Code Generator

  • No functional changes, but the bundled SampleTypes no longer uses the non-existing 'Date' type (that was for years in the base nodeset as a subtype of DateTime). It is removed in the 1.04.9 errata and thus generation of the SampleTypes model failed in 4.6.0.

Changes to SampleConsoleClient

  • Changed: Using ConditionType Identifiers.ConditionType instead of Identifiers.BaseEventType when selecting the so called ConditionId in the SampleConsoleClient.createEventFilter.

  • Changed: Using a RollingFileAppender in

Changes to SampleConsoleServer

  • Changed: Using a RollingFileAppender in

Changes to PubSub samples

  • Fixed: The publisher-id CLI arg was not working.

  • Changed: The second field in the published variable set is now named "MySecondPublishedField" to show-case setting a custom name for the field.

  • Changed: Using a RollingFileAppender in


  • Plus a number of other small changes.

Version 4.6.0

Build: 4.6.0-1594

Release date: 08.09.2021

This is a new minor release of the SDK. It includes improvements to client side reconnection mechanisms and improvements to the PubSub functionality. This release also features some changes to default behavior of Client and Server applications.

The Server SDK and the Code Generator now use the Base OPC UA Information Model NodeSet file version 1.04.9. If you have generated code for information models, they should be regenerated as well to accommodate these changes.

UaClient now treats all Bad (and Uncertain) StatusCodes for ServerStatus as indications of communication errors that trigger reconnecting to the Server. Previously a prefixed set of codes was only used, leading to situations where reconnection was not functioning as expected. Reverting back to previous behavior is possible by calling static UaClient.setUseCommErrorCodes(true).

UaServer now binds to wildcard IP addresses ([::] or by default. It also sends ServiceFault messages instead of normal ServiceResponse messages in case of errors, to conform with the OPC UA specification.

PubSubSystem can now be used in Client applications in addition to Server applications. Also, MQTT JSON is now supported for Subscribers, completing the base support for all UDP-UADP, MQTT-UADP and MQTT-JSON transport profiles as defined in the OPC UA Specifications.

Changes to Common parts

  • Deprecated: CertificateUtils.getKeySize(), CertificateUtils.setKeySize(int) and methods in CertificateUtils and ApplicationIdentity that relied on those methods internally. New methods that take the key size as an input parameter have been added to replace the deprecated methods.

  • New: UaExpandedNodeId as an alternative to ExpandedNodeId. Instead of identifying a Server by its ServerIndex, a UaExpandedNodeId identifies the Server by its ServerUri. A UaExpandedNodeId also only identifies the Namespace only by its NamespaceUri.

  • New: JsonDecoder, used to enable Subscriber functionality with MQTT-JSON.

  • New: StructureSpecification.getJavaClass().

  • New: EnumerationSpecification.getJavaClass().

  • New: UaApplication.getServerTable() and UaApplication.getApplicationIdentity(), both of which were already implemented by UaClient and UaServer.

  • New: MultiDimensionArrayUtils.deepGet(…​) and MultiDimensionArrayUtils.deepSet(…​).

  • New: ByteString.fromHex(String) and ByteString.toHex().

  • New: Structure.set(String, Object), Structure.get(String), Structure.Builder.set(String, Object) and Structure.Builder.specification().

  • Improved: ApplicationIdentity.loadOrCreateHttpsCertificate(…​) will append the key size to the opc.https certificate file name.

    Applications that use this method to load or create their opc.https certificate will recreate that certificate after updating to this version of the SDK. If you need to use your original opc.https certificate, use KeyPair.load() instead.
  • Improved: Various improvements to UaNodeId and UaQualifiedName.

  • Improved: Instances of UaNamespace and subtypes of OptionSet DataType, e.g. AccessLevelType are now weak-interned and static factory methods are used to return cached instances.

  • Fixed: JsonEncoder.putDateTime(String, DateTime) now uses the UTC time zone instead of the local time zone.

  • Fixed: MultiDimensionArrayUtils.printArrayDeep(Object, PrintStream) now correctly uses the given PrintStream instead of System.out.

  • Fixed: Alias values are now correctly used for Reference target NodeIds when loading NodeSet2 XML models.

  • Fixed: ArrayIterator.getIndices() now returns a copy of the internal array.

  • Fixed: SecurityPolicy.getSecurityPolicy(String) now returns Security Policy None for an empty String.

Changes to Client SDK

  • New UaClient.getCommErrorCodes() returns a Set of StatusCodes that indicate communication errors when reading Server status or handling PublishResponses. This set of StatusCodes can be modified to add or remove StatusCodes.

  • Improved: Subscription.setRecreateFailedItems(boolean) can be called to enable a Subscription to automatically attempt to recreate MonitoredItems with error code Bad_NodeIdUnknown since this StatusCode can imply in some cases that the Server hasn’t added that Node to its AddressSpace yet.

  • Improved: Logging related to Subscriptions.

  • Changed: Undeprecated TypeDictionary.binaryEncode(DynamicStructure) and TypeDictionary.decode(ExtensionObject). They were deprecated in 4.5.8, but are needed if SDK is set to not automatically initialize or use TypeDictionary.

  • Changed: When reading Server status, all Bad and Uncertain StatusCodes received will be treated as indications of communication errors and thus triggering a reconnect. Use static UaClient.setUseCommErrorCodes(boolean) to enable filtering of StatusCodes such that only the StatusCodes that belong to the Set of StatusCodes returned by static UaClient.getCommErrorCodes() will indicate communication errors.

  • Fixed: UserIdentity with IssuedIdentityToken now has PolicyId correctly set.

Changes to Server SDK

  • New: Support for letting the Server have the operating system choose an available port for opc.tcp and opc.https Endpoints by setting the port to -1 with UaServer.setPort.

  • New: EndpointServiceRequest.sendServiceFaultsForBadServiceLevelOpcHttpsResponses flag that is same as EndpointServiceRequest.sendServiceFaultsForBadServiceLevelResponses but only affects opc.https connections. The default value of the flag is false.

  • Changed: Using the latest Base OPC UA Information Model NodeSet file version 1.04.9

  • Changed: The default maximum MonitoredItems per Subscription has been increased from 1000 to 10000. Another value can be set by calling SubscriptionManager.setMaxMonitoredItemsPerSubscription(…​).

  • Changed: The default value of UaServer.getBindAddresses() is now the IPv6 wildcard ([::]) when IPv6 is enabled and the IPv4 wildcard ( otherwise.

  • Changed: send ServiceFault messages instead of normal ServiceResponse messages in case of errors. EndpointServiceRequest.sendServiceFaultsForBadServiceLevelResponses = false can be used to revert back to the old functionality. This only affects opc.tcp connections.

  • Fixed: Added missing values to the fields of Events of EventQueueOverflowEventType that are generated when the Event buffer of a MonitoredEventItem overflows. The Severity of these Events is set to 1.

  • Fixed: Server.getEndpointDescriptions(SocketAddress) will now return the correct EndpointDescriptions for a Server that has been bound to a wildcard address.

Changes to PubSub SDK

  • New: Added support for subscribing to JSON messages over MQTT.

  • New: Enable UaNode as an alternative to UaNodeId in all parameters of that type in PubSub configuration objects.

  • New: Added static builder interfaces to common configuration interfaces, e.g. PubSubConnectionConf.Builder and PubSubDataSetReaderConf.Builder.

  • New: PubSubTransportProfile Enumeration and PubSubUdpUadpConnectionConf.getTransportProfile(), PubSubMqttJsonConnectionConf.getTransportProfile() and PubSubMqttUadpConnectionConf.getTransportProfile() methods.

  • New: PubSubUdpUadpConnectionConf.Builder.setNetworkInterface(NetworkInterface) and PubSubUdpUadpConnectionConf.Builder.setNetworkInterface(String).

  • New: Sending meta data can be disabled by setting MetaDataQueueName to null or empty String for a PubSubBrokerDataSetWriterTransportSettingsConf.

  • New: PubSubSystemConf.Builder.addOrReplaceConnection(PubSubConnectionConf<?, ?>).

  • New: PubSubUdpUadpConnectionConf.getDiscoveryNetworkAddress() (moved from nested conf object).

  • Improved: Configuring a discovery network address is no longer mandatory. If discovery network address hasn’t been configured, the normal network address will be used.

  • Changed: Renamed PubSubSystem.getConfigurationSnapshot() to PubSubSystem.getConfiguration().

  • Changed: Some nested PubSub configuration interfaces are removed, e.g. PubSubConnectionTransportSettings, PubSubReaderGroupMessageSettings, PubSubReaderGroupTransportSettings, the configuration parameters are moved to the top level configuration object under which they were used.

  • Changed: The following PubSub configuration objects are now enabled by default: PubSubConnectionConf, PubSubDataSetReaderConf, PubSubDataSetWriterConf, PubSubGroupConf, PubSubJsonDataSetReaderConf and PubSubUadpDataSetReaderConf.

  • Changed: PubSubUadpWriterGroupConf.getPublishingOffset() now returns an instance of PubSubPublishingOffsets instead of List<Duration>.

  • Changed: PubSubSystem.createFor now takes UaApplication instead of just UaServer and works in the context of an UaClient. Publishing event datasets (or adding event dataset in the configuration) does not yet work and will be added in a future version.

  • Removed: PubSubBrokerUadpConnectionConf (it was a leftover from the early prototyping era).

Changes to Code Generator

  • Changed: Using the latest Base OPC UA Information Model NodeSet file version 1.04.9

  • Fixed: Characters that would be illegal in Javadoc are now replaced with escape characters correctly when they are used in descriptions in NodeSet2 XML models.

Changes to SampleConsoleClient

  • Improved: MyCertificateValidationListener will now check DNS Names and/or IP Addresses specified in the certificate and compare them to the hostname in the Endpoint URL. If they don’t match, the user will be warned.

Changes to SampleConsoleServer

  • Changed: Binds to the IPv6 wildcard ([::]) when IPv6 is enabled and the IPv4 wildcard ( otherwise.

  • Changed: The name of the sample CA certificate now includes hostname, "https" and certificate size.

  • Changed: The filename of https cert now includes size of the certificate.

  • Fixed: Corrected ValueRanks of some nodes in Root/Objects/StaticData.

Changes to PubSub samples

  • New: SamplePublisherClient and SampleSubscriberClient sample applications.

  • New: Command line argument -I/--publishing-interval for setting the PublishingInterval in Publisher samples.

  • New: Command line argument --no-metadata for disabling meta data sending to MQTT (sets metaDataQueueName=null)

  • New: Command line argument --publisher-id for defining the PublisherId.

  • New: SamplePubSubConfiguration and SampleUtils classes that contain common methods used to create the PubSub configurations and other utility functions used by all PubSub sample applications.

  • Changed: Renamed SamplePubSubPublisherServerSamplePublisherServer, SamplePubSubSubscriberServerSampleSubscriberServer and SamplePubSubBrokerSampleBroker .

  • Changed: The Server samples bind to the IPv6 wildcard ([::]) when IPv6 is enabled and the IPv4 wildcard ( otherwise.

  • Changed: Command line argument n/non-reversible-json is now used for disabling including any headers in network messages and enabling using non-reversible JSON encoding.

  • Fixed: The PubSub Server samples now correctly use the command line argument -P/--port for setting the Server port number.


  • Plus a number of other small changes.

Version 4.5.8

Build: 4.5.8-1468

Release date: 14.07.2021

This release is a bug fix release. Most of the fixes are related to PubSub and JSON encoding. Also the PubSub Tutorial and the samples have been updated.

Changes to Common parts

  • Deprecated: TypeDictionary.binaryEncode, use ExtensionObject.binaryEncode(Structure, EncoderContext) with UaClient.getEncoderContext() instead.

  • Deprecated: TypeDictionary.decode, use ExtensionObject.decode(EncoderContext) with UaClient.getEncoderContext() instead.

  • Fixed: TypeDictionary.binaryEncode didn’t work for custom Structures that had custom Structure fields.

  • Fixed: EncoderContext.shallowCopy didn’t copy EnumerationSpecifications.

Changes to Client SDK

  • No changes.

Changes to Server SDK

  • New: Added flag EndpointServiceRequest.sendServiceFaultsForBadServiceLevelResponses, if true ServiceFaults are returned instead of full responses if service level status is bad. Per UA Specification 1.04 part 4 section 7.30 ServiceFaults should be used in this case. By default the flag is false (keeps existing behaviour), but future SDK version will change it to be by default true (and some future version will remove the flag).

Changes to PubSub SDK

  • New: Added support for encoding array data.

  • New: Added support for RawData option in JSON encoding.

  • New: Added DataSetClassId parameter to PublishedVariableDataSetConf and PubSubEventDataSetConf.

  • Fixed: JSON Payload value is now a JSON object.

  • Fixed: DataSetClassId and PublisherId are now set correctly in JSON encoding.

  • Fixed: MQTT handles now reconnections to the broker

  • Fixed: MQTT closes connections gracefully

  • Fixed: JSON encoding of Network and DataSet Messages is now following the defined JsonNetworkMessageContentMask and DataSetFieldContentMask.

Changes to Code Generator

  • No changes, uses the same as in 4.4.2.

Changes to SampleConsoleClient

  • No changes.

Changes to SampleConsoleServer

  • No changes.

Changes to PubSub samples

  • New: Added command line option to select network interface by name.

  • New: Added command line option to configure server’s port.

  • New: Added command line options for MQTT related settings.

  • Fixed: Samples .bat start script now support arbitrary number of command line parameters.

  • Improved: SamplePubSubPublisherServer and SamplePubSubSubscriberServer refactored to clarify the principles of PubSub configuration


  • Updated httpcore library to version 4.4.13

  • Updated httpclient library to version 4.5.13

  • Updated PubSub tutorial

  • Plus a number of other small changes.

Version 4.5.6

Build: 4.5.6-1429

Release date: 26.05.2021

This release is a bug fix release that also contains performance and security fixes.

As a security fix, this release changes the defaults of Root/Objects/Server/ServerCapabilities/MaxXXXContinuationPoint from 0 (unlimited) to UnsignedShort.MAX_VALUE (65535). Using value of 0 could allow Clients to allocate infinite amount of them resulting in OutOfMemoryError. Earlier releases can mitigate this by changing the limit to a non-0 value via code shown below:

ServerCapabilitiesTypeNode serverCapabilities = server.getAddressSpace().getNodeManagerRoot().getServerData().getServerCapabilitiesNode();

Future SDK versions will investigate the option to use implementations that do not allocate any server-side memory.

In addition, the server side now handles Read service calls a lot faster under certain conditions. As long as no UaTypeIoListener(s) are attached to any TypeIoManagerListener(s) the UaNodes’ references are no longer checked for the HasTypeDefinition reference. This affects all `UaNode-based NodeManagers.

The server side now handles IndexRanges for Read calls as specified in "When reading a value and any of the lower bounds of the indexes is out of range the Server shall return a Bad_IndexRangeNoData. If any of the upper bounds of the indexes is out of range, the Server shall return partial results.". Previously Bad_IndexRangeNoData was incorrectly returned if the end index was out of range.

Changes to Common parts

  • New: Variant.asEnum(EnumerationSpecification).

  • Fixed: JsonEncoder output was wrong in certain conditions.

Changes to Client SDK

  • Fixed: UaClient will now read the MaxNodesPerRead OperationLimit first with a single-operation Read call when connecting.

  • Fixed: UaClient Subscriptions having SubscriptionId of 0 are no longer put to TransferSubscriptions calls.

Changes to Server SDK

  • Security fix: Changed the defaults from 0 for Server/ServerCapabilities/MaxXXXContinuationPoint to UnsignedShort.MAX_VALUE (65535).

  • Fixed: TypeIoManagerListener no longer checks references if there are no UaTypeIoListener attached to it.

  • Fixed: IndexRange for Reads now work per the OPC UA Specification, returning partial data for out of bounds end index.

Changes to PubSub SDK

  • New: PubSubUadpDataSetMessageReceivedEvent.getPublisherId().

Changes to Code Generator

  • No changes, uses the same as in 4.4.2.

Changes to SampleConsoleClient

  • Changed: Using empty array QualifiedName[0] instead of null array for the SimpleAttributeOperand of the EventFilter for the "select the node itself" operation. Empty should be used instead of null and is more interoperable.

Changes to SampleConsoleServer

  • No changes.

Changes to PubSub samples

  • New: SamplePubSubSubscriber also logs the PublisherId when a dataset message is received.


  • Plus a number of other small changes.

Version 4.5.4

Build: 4.5.4-1405

Release date: 18.03.2021

This release is a bug fix release that also contains memory leak fixes and security fixes.

This release now supports IPv6 addresses that have a scope id that has the hyphen ('-') character. Previous releases had several issues (e.g. UaClient could not connect to such address nor UaServer would start). The support is done as a workaround to (i.e. simply we need to avoid using Unless you run in an environment where that is not an issue, we recommend to parse OPC UA addresses with UaAddress instead of However, there is a known issue, that UaAddress.parse wont support non-guarded IPv6 addresses (i.e. that are not using bracket characters '[' and ']' to isolate the host portion of the url). That will be fixed in a future update.

Changes to Common parts

  • Deprecated: SpongyCastleUtils, the BouncyCastle equivalent BouncyCastleUtils class was already deprecated.

  • Deprecated: EventData constructors, call static factory methods instead.

  • New: EventData.raw, EventData.fromNodeHierarchy static factory methods.

  • New: ByteString.from(ByteArrayOutputStream stream) static factory method.

  • New: ByteString.copyTo(OutputStream) and a ByteArrayOutputStream overload of that without the need for exception handling.

  • Fixed: ApplicationIdentity in Android detection was incorrectly using '' system property when using 'java.vendor' was used in other places.

  • Fixed: Support IPv6 addresses that have a scope id that has the hyphen ('-') character.

  • Fixed: Support loading NodeSets that use the Category element (but the data is discarded, as it is modeling-only data).

  • Fixed: When loading a non-codegenerated model, Custom Structure inheriting custom Structure type of the same model missed parent fields sometimes.

  • Fixed: DataTypeConverter could not handle values larger than Long max value when converting String→UInt64 (i.e. to UnsignedLong).

  • Fixed: Privkey constructor that takes in the encoded form (via byte[]) depended on platform Security Provider ordering.

Changes to Client SDK

  • No changes specific to (only) Client side of the SDK.

Changes to Server SDK

  • Security fix: ModifyMonitoredItem didn’t validate that the Session did own that MonitoredItem, now does.

  • Memory Leak fix: SessionManagerListener.onCloseSession was not called for "new Sessions", for which ActivateSession was never called before timeout, could cause a memory leak if SDK users were relying on that call to clean up some session-specific resources.

  • New: Support sendInitialValues FALSE option in TransferSubscription service calls.

  • Fixed: A rare situation, where a earlier KeepAlive message for a Subscription could override a later received Notification.

  • Changed: For performance reasons, the EventData send in Events now by default only checks reference chains of Objects and Variables when determining which event fields are sent, all other NodeClasses are excluded. This can be configured currently via static BaseEventTypeNode.getExcludedsubnodeclasses() method and clearing the set returns previous behavior. In practice the only impact of this is that it is not possible to select Variables below a Method node of an event type, which in normal conditions is not needed. Method nodes are typically shared and thus processing their references can be time consuming.

Changes to PubSub SDK

  • Memory leak Fixed: UDP-UADP chunks were not cleared if message was never completed. Now they are once the last chunk is more than 10s old. This is currently hard-coded, future release may allow configuring this.

  • New: Allow configuring of socket options in PubSubUdpUadpConnectionConf.Builder.putSocketOptions and PubSubUdpUadpConnectionConf.Builder.putDiscoverySocketOptions.

  • Changed: The NetworkInterface parameter in PubSubUdpUadpConnectionConf is now configured instead with StandardSocketOptions.IP_MULTICAST_IF option. Also it must now always be set, if the NetworkAddress parameter is a multicast address.

  • Fixed: UDP-UADP message sending could fail if it consisted of multiple chunks.

  • Fixed: It was not possible to send/receive custom Structures.

  • Fixed: Larger than 1024 bytes UDP messages could fail in Subscriber part.

  • Fixed: Do not listen to discovery messages separately if discovery port equals normal port.

Changes to Code Generator

  • No changes, uses the same as in 4.4.2.

Changes to SampleConsoleClient

  • No changes.

Changes to SampleConsoleServer

  • No changes.

Changes to PubSub samples

  • The NetworkInterface parameter was changed to use the StandardSocketOptions.IP_MULTICAST_IF option.

  • A workaround for selecting a "null" interface was added, though, for multicast addresses you should always select one real interface, otherwise it might not work.


  • Plus a number of other small changes.

Version 4.5.2

Build: 4.5.2-1343

Release date: 25.01.2021

This release is a bug fix release that also contains memory leak fixes. In addition this release adds optional support for SamplingInterval of 0 for MonitoredItems.

Changes to Common parts

  • New: StackUtils, added methods setNonBlockingWorkExecutorThreadPriority, setBlockingWorkExecutorThreadPriority, setAsyncSelectorThreadPriority. Allows changing Thread priorities of the stack layer common pools.

    Should not be called under normal conditions, but might be useful in some more exotic environments. Must be called before other interactions with the SDK.
  • Fixed: Undefined Enumeration values in Structure decoding will now throw DecodingException.

  • Fixed: PkiDirectoryCertificateStore, Cert that were deleted directly via filesystem were not reflected in the returned Sets.

Changes to Client SDK

  • Fixed: EnumerationSpecification.Builder is now reusable.

Changes to Server SDK

  • New: Added support for SamplingInterval of 0 for MonitoredItems. Must be enabled by calling SubscriptionManager.setMinSamplingInterval(0) for UaServer.getSubscriptionManager().

    No filtering is performed when the interval is 0 (e.g. it is possible to receive values from the past if multiple clients are writing to the node at the same time). Clients that previously used 0 will now see different behavior if enabled, since previously the server would have revised the value.
  • Fixed: NPE fix, UaServer can no longer be started with an UserTokenPolicy that has a null UserTokenType (use UserTokenType.Anonymous instead). Preferably only constants from the class UserTokenPolicies should be used.

  • Fixed: ConditionRefresh Method Call related events, RefreshStartEventType and RefreshEndEventType, now contain values for all Mandatory Properties.

  • Fixed: Memory leak that happened each time ConditionRefresh related events were created.

  • Fixed: Memory leak that could have happened on EventQueueOverflowEvent of a MonitoredEventItem.

  • Fixed: Memory leak if a Session, for which no ActivateSession had been called, timed out while Diagnostics were enabled.

Changes to PubSub SDK

  • No changes.

Changes to Code Generator

  • No changes, uses the same as in 4.4.2.

Changes to SampleConsoleClient

  • Changed: .bat scripts for samples now use java+javac directly from PATH (vs. JAVA_HOME previously).

Changes to SampleConsoleServer

  • Changed: .bat scripts for samples now use java+javac directly from PATH (vs. JAVA_HOME previously).

Changes to PubSub samples

  • Changed: .bat scripts for samples now use java+javac directly from PATH (vs. JAVA_HOME previously).


  • Plus a number of other small changes.

Version 4.5.0

Build: 4.5.0-1291

Release date: 02.12.2020

This is a PubSub release of the SDK. In addition, this release contains some security and bug fixes.

It should be noted that this release won’t support address space based configuring of PubSub nor persisting the PubSub configuration. They will be added in a future release. In addition, the UDP-UADP connections won’t support security, that too will be added in a future update.

Changes to Common parts

  • New: ApplicationIdentity.setActualHostName(String) static method, which enables some workarounds that can be used to override SDK’s internal hostname resolution. This should be the fully qualified hostname, if applicable.

  • New: TcpConnection.setExecutorProvider(…​) static method, which enables some workarounds.

  • Fixed: Changed some stderr outputs to be ERROR level logs instead.

  • Changed: The default StackUtils uncaughtExceptionHandler no longer outputs to stderr, now they are only logged on ERROR level.

Changes to Client SDK

  • Security fix: SignatureData was not verified, if incorrect algorithm was specified. Now incorrect algorithm will be logged as an ERROR, but the correct algorithm is tried, since this can be determined from the channel security policy.

  • New: UaClient.validateServiceRequest protected method, which enables some workarounds. It is called before sending any servicerequest related to a Session or done in a context of a Session.

Changes to Server SDK

  • Security fix: SignatureData was not created if using Sign mode for opc.https.

  • Fixed: Incorrect SignatureData algortihm is logged as an ERROR. Note that this is different compared to the client side, as on the server side the correct algorithm from the channel was always used.

Changes to PubSub SDK

  • New: Discovery messages can be sent to the separate Discovery Address in UDP-UADP.

  • New: Added an option to set maximum message sizes for UDP-UADP.

  • Fixed: Some classes were missing from javadocs entirely.

  • Fixed: UDP-UADP sockets were not properly closed during PubSubSystem shutdown.

Changes to Code Generator

  • No changes, uses the same as in 4.4.2.

Changes to SampleConsoleClient

  • Fixed: The helper .sh script uses now ":" instead of ";" for the classpath separator (affected 4.4.0+).

  • Changed: At least for now, accept CA Certificates that do not have a CRL.

Changes to SampleConsoleServer

  • Fixed: The helper .sh script uses now ":" instead of ";" for the classpath separator (affected 4.4.0+).

Changes to PubSub samples

  • Changed: Using separate queue names for UADP/JSON data.

  • Fixed: The helper .sh scripts uses now ":" instead of ";" for the classpath separator (affected 4.4.0+).


  • Plus a number of other small changes.

Version 4.4.2

Build: 4.4.2-1266

Release date: 08.10.2020

This release is a minor release. The base information model NodeSet file has been updated to version 1.04.7, thus models depending on that version should now work. In addition the SDK now contains a workaround for one interoperability problem relating to the AccessRestrictions Attribute added in OPC UA 1.04, where the specification text has a different DataType compared to what the NodeSet file has. As SDK functionality is derived from the NodeSet via our codegen, it uses the wrong type UInt32 instead of UInt16, but now it will also accept UInt16 based data by converting it to UInt32 for the time being.

We did the same edits to the model as in Version 4.2.0, as that issue is not yet fixed by the OPC Foundation. Additionally, any new Method added in this version is not yet implemented out-of-the-box in the server side.

Changes to Common parts

  • New: DefaultCertificateValidator.IgnoredChecks and DefaultCertificateValidator.getIgnoredChecks(), a more robust system for ignoring certain checks.

  • New: DefaultCertificateValidator.IgnoredChecks.IGNORE_KEYUSAGE_CHECKS, option to disable checking X.509 keyUsage field.

  • New: DefaultCertificateValidator validation process checks more keyUsage fields.

  • Deprecated: DefaultCertificateValidator isRevocationListsRequired and setRevocationListsRequired are now deprecated and delegated to the new system as DefaultCertificateValidator.IgnoredChecks.IGNORE_CA_MISSING_CRL.

Changes to Client SDK

  • Fixed: Added a workaround to allow receiving (at least temporarily) both UInt16 and UInt32 values for AccessRestriction Attribute values. Will log on WARN if UInt32 received.

  • Fixed: Setting RequestHeader.Timestamps of GetEndpointRequest and FindServersOnNetworkRequest.

Changes to Server SDK

  • Changed: Using the latest NodeSet2 for the Base OPC UA Information Model 1.04.7.

Changes to PubSub SDK

PubSub parts are still to be considered as beta.
  • Fixed: Usage of KeyFrameCount parameter, added default value of 10.

  • Fixed: Publisher ID type reading when decoding an UADP NetworkMessage.

  • Fixed: Indexing of data was incorrect in sent messages.

Changes to Code Generator

  • New: 1.04.7 standard model support.

  • New: Updated DI + GDS bundled models to latest versions.

Changes to SampleConsoleClient

  • No changes

Changes to SampleConsoleServer

  • New: MyNodeManager, added example of making a custom Structure type in code. Note! We do not (yet) generate a DataTypeDictionary for it, thus only OPC UA 1.04 clients that can handle the new DataTypeDefinition Attribute are able to process the data.


  • Added some additional logging.

Version 4.4.0

Build: 4.4.0-1240

Release date: 06.08.2020

This release is a minor release with some bugfixes, most of which are based on the latest Compliance Test Tool (CTT). In addition we do now build 3 new editions that include our initial (beta) PubSub support.

Changes to Common parts

  • New: Added support for BouncyCastle FIPS edition with some limitations, works by replacing the BC jars with BC fips jars (not bundled). See for more details.

  • Fixed: The "invalid_namepace_index/uri" syntax added in 4.3.0 now works also for UaQualifiedName. The syntax is used if there is no unique mapping for a namespace index to uri. Note that this is still an error by itself, this just mostly allows our client side to deal with servers that have such invalid mapping.

Changes to Client SDK

  • New: Subscription.conditionRefresh(), will call ConditionRefresh standard Method for the Subscription.

  • New: MonitoredEventItem.conditionRefresh(), will call ConditionRefresh2 standard Method for that monitored item.

  • New: Made possible to use custom Sockets (or anything that can be abstracted with InputStream + OutputStream) for opc.tcp via static TcpConnection.setSocketFactory(…​).

  • Changed: Calls to UaClient.connect() after obtaining the initial connection once will now log WARN logs. While the call does nothing if the client is connected, it will interfere with SDK’s automatic reconnecting if the client doesn’t have connection (and if AutoReconnect is false, UaClient.reconnect() should be used instead for manual reconnecting). Note that this only applies until calling UaClient.disconnect(), after which it is fine to call UaClient.connect() to obtain the initial connection again. Will try to fix this better in a future version.

  • Fixed: Client-side OperationLimits were not used if server-side limit reading failed (the OperationLimits.defaults() was used incorrectly).

  • Improvement: Server-side OperationLimits reading will fail now on individual limit level (previously any failures would ignore all server-side limits).

  • Improvement: Added the operation level StatusCode result in DEBUG logs when creating monitored items.

Changes to Server SDK

  • Fixed: Loading custom Structure values that contain custom Enumeration field from a NodeSet2 XML now works (custom Structure fields that are custom Structures still not yet).

  • Fixed: Loading NodeSet2 XML models that had custom Structures that had fields of type BaseDataType and did not specify it (schema default) can now be loaded.

  • Fixed: RejectedSessionCount and SecurityRejectedSessionCount in diagnostics are now incremented when Session is rejected (i.e. when CreateSession or ActivateSession returns a bad StatusCode).

  • Fixed: Generating DataChangeNotifications if a value changed from NaN → NaN (per CTT that is a value change).

  • Fixed: Writes to multidimensional arrays with IndexRange works properly.

  • Fixed: Fixed scenarios where setting an AggregateFilter for monitored items would not work.

  • Fixed: Some standard namespace nodes did missed SourceTimestamp and caused CTT errors.

  • Fixed: FileTypeNode size is now only updated when the WriteHandle to it is closed.

  • Fixed: FileTypeNode handles that are not closed by Session are now closed automatically when the Session is removed.

  • Changed: Made a modification to the 4.3.0 change of not allowing instantiation of MandatoryPlaceholder/OptionalPlaceholder, now they can be instantiated by custom InstantiationStrategies or configuration, but not by default.

  • Changed: Per CTT, returning now Bad_IdentityTokenInvalid instead of Bad_IdentityTokenRejected if a valid and trusted certificate is used together with an empty UserIdentitySignature.

Changes to PubSub SDK

Made 3 new editions that have initial (beta) support for PubSub:

  • prosys-opc-ua-sdk-for-java-VERSION-evaluation

  • prosys-opc-ua-sdk-for-java-VERSION-client-server-pubsub-binary

  • prosys-opc-ua-sdk-for-java-VERSION-client-server-pubsub-source

If you wish to try, for more info.

These editions require Java 8 to run and are still to be considered as beta and have a limited implemented feature set regarding PubSub.

Changes to Code Generator

  • No changes (i.e. bundling same version as 4.3.0 did).

Changes to SampleConsoleClient

  • No changes.

Changes to SampleConsoleServer

  • New: ValueHistory now supports reverse (end-to-start) history reading.

  • Changed: CTT related changes and additions to the StaticData nodes.


  • The maven-integration maven-install-helper converts the javadoc zip to jar (no longer bundled twice) thus the distribution zips are now smaller.

  • The 'lib' folder of the distribution zips now has a folder structure that shows where the dependencies are needed and used.

  • The SDK download page no longer displays dependencies that are only needed by samples.

Version 4.3.0

Build: 4.3.0-1075

Release date: 25.03.2020

This release is a minor release of the SDK. Changes are related to the performance, bugs and security fixes.


  • Security fix: validate CreateSession and ActivateSession Nonces (CVE-2019-19153)

  • Security fix: verify ActivateSession signatures

  • Performance improvements related to the connection speed on the client-side

  • Support to the 'Issuers' certificate store

To detect misbehaving servers the Nonces sent by the server in CreateSession and ActivateSession are now checked for uniqueness and length, which minimum is 32 bytes.

This release contains a fix for a security vulnerability within the UaServer. The signatures related to ActivateSession were not properly checked. See Changes to Server SDK section for more details.

If updating to this SDK version is not an option, we recommend disabling opc.https and user certificate-based authentication.

This version of the SDK significantly reduces the number of service calls needed for connecting and initializing the TypeDictionary. The initialization now packs as many requests to the service calls, as possible reaching the number allowed by the server’s OperationLimits.

The DefaultCertificateValidator now supports a secondary 'issuers' CertificateStore. This feature is needed for cases where a CA certificate cannot directly be trusted, which would mean trusting all certificates that it has signed, but it is still desired to trust an individual certificate signed by the CA. To calculate the chain to the root issuer certificate, those issuer certificates need to be present, but they cannot be placed in the trusted store. The Compliance Test Tool (CTT) also tests certificate chain handling in it’s newest versions.

Changes to Common parts

  • New: UnsignedByte, UnsignedShort, UnsignedInteger and UnsignedLong now have arrayOf static factory methods.

  • New: DefaultCertificateValidator now supports a secondary "issuers" CertificateStore.

  • Changed: NamespaceTable conversion from indexes, that are not in the table, now results in a special "invalid uri" syntax, which will be converted back to the original index when needed. Thus conversion from NodeId to ExpandedNodeId will no longer break if the index is not known. This change also applies to UaNodeId.

  • Changed: DefaultCertificateValidator no longer moves certificates placed in the folder for trusted certificates ('CA/certs') to the folder for rejected certificates ('CA/rejected') when one or more certificate validation tests fail. This type of certificate handling is necessary for passing the compliance tests. Note, that this change has no effect on the error code returned to the client when certificate validation fails.

  • Fixed: A previously missing StructureSpecification Union.SPECIFICATION has been added to EncoderContext set of known StructureSpecifications.

  • Fixed: UaAddress.formatUri now does guard IPv6 addresses with [ ].

Changes to Client SDK

  • New: UaClient.setInitTypeDictionaryAutoUsage(boolean initTypeDictionaryAutoUsage), defaults to false.

  • New: AddressSpace.setRead104Attributes(boolean read104Attributes), defaults to true. This change will be a temporary flag for use-cases where a server fails due to reading new OPC UA 1.04 defined Attributes. It will be deprecated and removed later.

  • Changed: Some PublishRequest sending logic is now logged on TRACE level instead of DEBUG level.

  • Changed: NamespaceTable is refreshed on every UaClient connect and reconnect.

  • Fixed: UaDataTypeImpl no longer throws Bad_AttributeIdInvalid on DataTypeDefinition. Previously, the data was still set, but it did also throw the exception afterwards.

  • Fixed: AddressSpace.getNodes returns timestamps for Value Attributes.

  • Fixed: The "Warning: More than one GeneratedDataTypeDictionary contains the same dictionary" no longer happens on every subsequent UaClient.connect.

  • Improvement: TypeDictionary initializes now with fewer service calls.

  • Improvement: WARN log if UaClient.reconnect is called manually while UaClient.isAutoReconnect is true, as this should not be done and will cause problems.

  • Improvement: Initialization of OperationLimits is now internally done via Read. This initialization was previously done using UaNodes, which also required fetching types for them.

  • Improvement: UaNodeImpl.getComponents now uses less Read and Browse calls.

Changes to Server SDK

  • Fixed: InstanceDeclaration nodes with ModellingRule OptionalPlaceholder and MandatoryPlaceholder are no longer instantiated.

  • Fixed: NPE for 1-namespace nodes that do not have a HasComponent parent node.

  • Fixed: SubscriptionManagerListener.onAfterDeleteMonitoredItem is now properly called when the items were deleted as a part of a Session closing with DeleteSubscriptions set to True.

  • Fixed: Structure values loaded from NodeSet2 models that have a String field with empty value now work.

  • Fixed: Starting a UaServer without a hostname where Java would give localhost as IPv6 address no longer gives "invalid uri" error.

  • Fixed: Server Diagnostics cumulative session counting no longer increases when the diagnostics are toggled off and on.

  • Fixed: Server now checks signatures properly in SessionManager. The lack of proper signature checking affected opc.https using Sign mode for application authentication and both opc.tcp and opc.https using certificate-based user authentication.

  • Improvement: TypeDefinitionBasedNodeBuilderConfiguration.Builder methods now return the builder.

Changes to Code Generator

  • New: Added an option timestampOutputs to the generate configuration XML element, defaults to true. On false disables, the timestamp generation for output files to make better reproducible builds.

  • New: Multidimensional arrays are now supported for Method arguments, as long as they have a fixed ValueRank.

  • Fixed: The names of nodes are now Capitalized for the set/get generation. This fix only affects the models with nodes that do not start with a capital letter, which is the de-facto standard.

  • Fixed: Fallback SymbolicName generation now logs errors if the resulted name is an empty string.

  • Fixed: Incorrect convenience methods for 1-dim array nodes of type UInteger are no longer generated.

  • Fixed: Generated method call logic was incorrect for OptionSetValues UIntegers 1-dim Arguments.

We recommend to regenerate with this version, but it is not required unless you had models that could be affected by the above changes.

Changes to SampleConsoleClient

  • Changed: MyUaClientListener no longer checks nonces, since the connection is already prevented internally earlier.

Changes to SampleConsoleServer

  • New: Added a separate 'issuers' certificate store "PKI/CA/issuers" for application certificates and trusted 'users' certificate store "USERS_PKI/CA" and its 'issuers' certificate store "USERS_PKI/CA/issuers".

  • Fixed: UserAccessLevel, UserExcutable and UserWriteMask Attribute values for some ComplianceNodeManager nodes.

  • Changed: MyUserValidator now does proper user certificate validation with a separate trusted 'users' certificate store and its 'issuers' certificate store.


  • The SimpleServer example now uses all non-deprecated security modes as well.

  • There are now some classes that begin with Internal, e.g. InternalBrowseResults that are designed only for the SDK internal usage. Most of them are not public, but some had to be due to them being needed in cross package calls. The equivalent APIs will eventually be added to the SDK once we know the best way to do so, but for the time being, the APIs of those InternalXXX classes can change at will.

  • Plus many other small changes.

Version 4.2.0

Build: 4.2.0-955

Release date: 11.12.19

This is a minor release of the SDK. Most of the changes are bug fixes and relatively small changes.

This release uses the latest resource files for 1.04 available from the OPC Foundation, thus models relying on Amendments 5,7,11 should now work.

The NodeSet2 file for the Base OPC UA Information Model contains fixes to inconsistencies (NodeSet vs. specification text). Therefore some interfaces we have generated to the SDK from the model have changed. If your model or code depends on these updated types, you will need to update them as well.
The NodeSet2 file included with the SDK is slightly edited to fix a known issue of one Property having incorrect TypeDefinition. For more info see (requires credentials).

Changes to Common parts

  • Security Fix: SecureIdentity.decrypt, added sanity checks for secret length to avoid potential DOS attacks.

  • New: AttributesUtil.getSupportedAttributes(NodeClass).

  • Fixed: AttributesUtil.isValid now works for 1.04 Attributes, additionally fixed some incorrect results.

  • Fixed: The toString of Unions now look similar to other Structures.

  • Changed: Using the latest NodeSet2 for the Base OPC UA Information Model.

  • Changed: Identifiers (and more specific variants e.g. DataTypeIdentifiers) now only contain constants that are part of the current version of the Base OPC UA Information Model (or are needed for the service calls).

  • Removed: ModellingRule.MandatoryShared per Errata 1.04.3 as it didn’t exist.

Changes to Client SDK

  • New: AddressSpace.getNode(…​) also fetches new Attributes that were defined in OPC UA version 1.04. They are currently accessible via UaNode.readAttribute method.

  • Fixed: A potential deadlock if an unknown custom Structure is encountered while decoding ReadResponses.

  • Changed: TypeDictionary now prefers 1.04 DataTypeDefinition Attribute over DataTypeDictionaries where available.

  • Changed: AddressSpace methods getNode and getNodes are no longer synchronized on class level, but instead will lock per node when needed.

Changes to Server SDK

  • Fixed: Bad_TypeMismatch scenario when an empty Structure or Decimal array was written to the server.

  • Deprecated: PredefinedIdPair and ModelParserForUaDefinedTypes. All usages of them were already deprecated (they were used to load the pre-NodeSet era models).

Changes to Code Generator

  • Changed: Updated bundled models to their latest versions.

Changes to SampleConsoleClient

  • No changes.

Changes to SampleConsoleServer

  • No changes.


  • Plus a number of other small changes.

Version 4.1.4

Build: 4.1.4-902

Release date: 28.10.19

This is a bug fix release of the SDK. Also the BouncyCastle dependency is updated to a version which contains a security fix for Additionally there is a new sample, SimpleServer, which is a counterpart for the SimpleClient example.

Changes to Common parts

  • New: ExtensionObject.decode(EncoderContext ctx, Class<T> expectedClass, UnsignedInteger statusCodeOnFailure) throws StatusException overload.

  • Fixed: NodeId.parseNodeId now works for Numeric ids over Integer.MAX_VALUE.

  • Changed: Updated SLF4J dependency to version 1.7.28

  • Changed: Updated BouncyCastle dependency to version 1.64. NOTE! artifactId changed to bcpkix-jdk15to18, please read

  • Changed: Updated Apache HttpComponents and related dependencies versions (httpclient → 4.5.10, httpcore-nio → 4.4.12, httpcore → 4.4.12, commons-codec → 1.11)

  • Deprecated: public static NodeId ID field in the following classes: DataValue, DateTime, DiagnosticsInfo, ExpandedNodeId, LocalizedText, NodeId, QualifiedName, StatusCode, UnsignedByte, UnsignedShort, UnsignedLong, XmlElement. The equivalent constant (noted in the javadocs of the field) in Identifiers (or DataTypeIdentifiers) should be used instead.

  • Deprecated: Static constant NodeId.ZERO, NodeId.NULL should be used instead.

  • Deprecated: Static method NodeId.equals(NodeId, NodeId). ObjectUtils.equals(Object, Object) should be used instead (or on Java 7+ the java.util.Objects.equals can be used). Additionally fixed NPE if the first argument was null.

Changes to Client SDK

  • Fixed: The fallback logic for reading ServerStatus via each individual nodes (Server/ServerStatus/*) now also works if Read returns Bad StatusCode for the Server/ServerStatus node.

Changes to Server SDK

  • Few internal changes, which allows us to do PubSub support in the future.

Changes to Code Generator

  • New: JSON encodings are set for the static field SPECIFICATION (of type StructureSpecification) of each generated Structure (assuming it has JSON encodings defined in the model).

  • Fixed: Possible NPE if a model didn’t contain XML Encodings for Structures.

Changes to SampleConsoleClient

  • Changed: Updated slf4j-log4j12 dependency to version 1.7.28

Changes to SampleConsoleServer

  • Changed: Updated slf4j-log4j12 dependency to version 1.7.28


  • Added new sample: SimpleServer, a counterpart for SimpleClient.

Plus a number of other small changes.

Version 4.1.2

Build: 4.1.2-876

Release date: 09.09.19

This is a bug fix release of the SDK. This release fixes a regression issue of 4.1.0 where a client connection without a certificate was not possible.

Changes to Common parts

  • New: UaNodeId.fromStandard(NodeId nodeId) static factory method, allows easier conversion from 0-NamespaceIndexed NodeIds.

  • Fixed: LocalizedText.toString() returns now empty String instead of null if both Locale and Text parts are null.

Changes to Client SDK

  • Fixed: UaClient connections on SecurityMode.NONE works again without a certificate.

Changes to Server SDK

  • No changes.

Changes to Code Generator

  • No changes.

Changes to SampleConsoleClient

  • No changes.

Changes to SampleConsoleServer

  • No changes.

Version 4.1.0

Build: 4.1.0-868

Release date: 21.08.19

This is a minor release of the SDK. Most of the changes are bugfixes and relatively small changes. Additionally the Codegen can now be run with Java 11.

Changes to Common parts

  • New: TypeDictionary.refresh(), easier refreshing DataTypeDictionaries from the server.

  • New: More helpers for EnumerationSpecification and StructureSpecification generic handling:

    • EnumerationSpecification.toEnumerationBuilder().

    • StructureSpecification.toStructureBuilder().

    • StructureSpecification.getField(String name).

    • StructureSpecification.toBuilder().

  • Improvement: Implemented UaBrowsePath.toString() and UaRelativePath.toString().

  • Improvement: AbstractStructure now contains a generic toString implementation.

  • Fixed: StatusCodes descriptions were cut when ',' was part of the description.

  • Fixed: DataTypeConverter NPEs and erroneous null returns in some cases.

  • Fixed: DataTypeConverter now throws on value overflows and underflows when converting to Int64.

  • Fixed: AccessLevelType.contains(Iterable<AccessLevelType.Fields>) was always returning false. Affected all other option-set types e.g. EventNotifierType and AttributeWriteMask as well.

  • Fixed: PkiDirectoryCertificateStore wont anymore create secondary thumbprint-named file for certs already in the folders.

  • Fixed: PkiDirectoryCertificateStore didn’t initialize revocation lists correctly.

  • Fixed: Saving Cert and PrivKey in PEM format resulted files with incorrect line lengths in some cases.

  • Fixed: IdentifiersDescriptions now works again.

  • Fixed: TypeDictionary initializing now ignores null and empty DataTypeDictionary nodes.

  • Fixed: XmlDecoder.getEnumerationArray now works.

  • Fixed: DynamicStructure encoding problems when it contained DynamicEnumeration arrays.

Changes to Client SDK

  • Improved: UaClient.getEncoderContext() can now be called before UaClient.connect() is called.

  • Fixed: AddressSpace.getNodes(…​) didn’t read 1.04 new Attributes.

Changes to Server SDK

  • Interface Change: Added EventManagerListener.onConditionRefresh2, used to notify calls for the standard method ConditionRefresh2.

  • New: EventManagerRoot, used in NodeManagerRoot. Moved protected refreshXXX methods other than refreshItem and refreshItems to EventManagerRoot.

  • New: EventManagerAdapter, adapter for EventManagerListener.

  • Improved: IoManagerListener.onGetUserExecutable is now checked also before user can execute the Method instead of just providing Attribute value.

  • Fixed: NodeSet2s having larger AccessLevels used for AccessLevelEx now load (but the extra information is discarded).

  • Fixed: Server/ServerStatus/BuildInfo incorrectly had StatusCode 0x00004000 instead of raw Good `StatusCode.

  • Fixed: EventManagerListener onConditionRefresh methods are now called for every EventManager.

  • Deprecated: StructureInfo and StructureInfoCache. StructureSpecification and generic get/set methods of Structure should be used instead.

Changes to Code Generator

  • New: Commandline version outputs the app.home System Property at the start.

  • New: Commandline version, added option to pass and override System Properties via -Dproperty=value flags.

  • New: Generating contains helper methods for "OptionSetValues"-types, e.g. AccessLevelType.contains(AccessLevelType value) and AccessLevelType.contains(AccessLevelType…​ values)

  • Improved: Codegen now works with Java 11+ in addition of Java 8.

  • Changed: Generated toString for Structures uses the implementation via AbstractStructure.

Changes to SampleConsoleClient

  • No changes.

Changes to SampleConsoleServer

  • Fixed: Objects/StaticData/StaticArrayVariables nodes had incorrect TypeDefinition references.


Plus a number of other small changes.

Version 4.0.2

Build: 4.0.2-808

Release date: 02.05.19

This is a bug fix release of the SDK. It additionally contains some new features.

Changes to Common parts

  • New: NodeClass-based Identifiers and Ids-interfaces (e.g. DataTypeIdentifiers, DataTypeIds).

    Identifiers and generated Ids are now interfaces extending these. The changes are source-compatible with 4.0.0, as static constants are inherited. Allows overcoming Java limitations for maximum number of constants as the OPC UA Standard Information Model keeps growing.
  • New: UaRelativePath.from(NamespaceTable namespaceTable, QualifiedName…​ elements) static factory method.

  • New: UaRelativePath.from(UaNamespace namespace, String…​ elementNames) static factory method.

  • New: UaRelativePath.standard(String…​ elementNames) static factory method.

  • New: UaRelativePath.getElements(), can be used to obtain elements of the path.

  • New: UaQualifiedName.from(UaNamespace namespace, String name) static factory method.

  • New: UaQualifiedName.getNamespace(), which will return the namespace as UaNamespace

  • Fixed: Encoding order of DiagnosticInfo fields fixed, order of Locale and LocalizedText fields are swapped. Both are Int32 fields in this case, so binary format itself is unaffected.

  • Fixed: Renamed UnsignedLong.valueof(BigInteger) to valueOf.

  • Fixed: Bad_EncodingError when encoding a DynamicStructure that was inside a Variant.

Changes to Client SDK

  • Fixed: Connections to servers, that do not use an Application Instance Certificate and support only a combination of SecurityMode NONE, UserTokenPolicy Anonymous should now work again.

Changes to Server SDK

  • New: Creating StructureSpecification and EnumerationSpecification dynamically when loading NodeSets.

  • New: Loading custom Structure Values as DynamicStructures where possible when loading NodeSets (if the model is not code-generated).

    Currently only Structures made of known DataTypes work like this. A custom Structure having a custom Structure field does not work yet. We will improve this in the future.
  • Improvement: Avoiding extra encode&decode step when loading the model.

  • Fixed: MonitoredDataItems whose MonitoringMode is changed from Sampling to Reporting should not try to fetch the initial value again.

  • Changed: Loading NodeSets that incorrectly define HasTypeDefinition Reference for VariableType and ObjectType logs a warning instead of failing the loading completely.

  • Changed: Values that cannot be decoded during the NodeSet loading are kept as encoded ExtensionObjects instead of causing the loading to fail completely.

Changes to Code Generator

  • New: Generating NodeClass-based Ids-interfaces, e.g. DataTypeIds.

  • Changed: Generated Ids is now an interface instead of a class and extends all NodeClass-based Ids-interfaces.

Changes to SampleConsoleClient

  • New: -w Command line switch to wait at start until enter is pressed.

    Can be used for attaching a Profiler software before initial SDK classloading takes place.
  • Improved: Avoiding calling deprecated API.

Changes to SampleConsoleServer

  • New: -w Command line switch to wait at start until enter is pressed, same as with SampleConsoleClient.

  • Improved: Avoiding calling deprecated API.

  • Improved: Logging of the simulated alarms.


  • Maven integration project maven-install-helper will also install javadocs in addition of the SDK jar to your local .m2 Maven cache.

Plus a number of other small changes.

Version 4.0.0

Build: 4.0.0-774

Release date: 25.03.19

This is a new major release of the Prosys OPC UA SDK for Java.

The SDK version 4 is based on the OPC UA specification version 1.04. The 4.0.0 release adds support for the most important features, such as new security policies, information models and reverse connections. Other functionality specified in OPC UA 1.04 will be added later on.

Another major change is that the OPC UA Stack is now integrated as part of the SDK.

All users are encouraged to migrate to this new release, although the projects that depend on the OPC UA SDK need to be modified slightly according to the changes. To help you with the transition, we have prepared a Migration Guide that lists the required changes to your applications in detail.

We are proud to be able to provide this big release that will pave the way to reliable OPC UA applications for future needs.

Prosys OPC UA SDK Development Team

Feature Highlights

  • The official name of the product was changed to "Prosys OPC UA SDK for Java" and the names of the SDK jars have changed slightly as well.

  • OPC Foundation Java Stack is integrated as part of the SDK. It includes the OPC Foundation updates to 1.04 plus additional updates to improve the integration.

  • Support for OPC UA 1.04 Information Models.

  • Support for the new 1.04 Attributes in the client side.

  • Support for the new 1.04 DataTypeDefinition Attribute in the server side (support for other new 1.04 Attributes will be added later).

  • Support for the new 1.04 Security Policies: Aes128-Sha256-RsaOaep, Aes256-Sha256-RsaPss.

  • Support for Reverse Connections (using the new 'ReverseHello' message defined in OPC UA 1.04.).

  • Improved support for handling Structure data types in a generic way.

  • Support for Automatic-Module-Name for Java 9+.

  • Support Maven for installation of SDK and samples.

  • Fixed detection of Spongy Castle on Android.

  • Fixed HTTPS communications.

    The OPC UA Servers no longer validate the HTTPS certificates of clients. Therefore, if you have HTTPS enabled on the server, any client application may connect by default. The clients must use MessageSecurityMode Sign to enable authentication using Application Instance Certificates, similar to UA TCP. This behavior is defined in OPC UA Specification Part 6. OPC UA 1.04 also changed the format of HTTPS EndpointUrl to us 'opc.https' instead of 'https'. SDK 4.0 only supports the new format.

Changes to OPC UA Stack

The OPC UA Stack is now integrated as part of the Prosys OPC UA SDK. It is based on the open source OPC Foundation Java Stack, but based on our agreement with the OPC Foundation we can provide it under the Prosys OPC UA SDK license.

As a consequence, there is a new package that includes all classes that were in The OPC Foundation stack has been updated to support OPC UA 1.04 and on top of that we have added some of our own improvements.

Migration to the new stack should in principle only require renaming the package declarations in project source files. See the Migration Guide for more details.

  • New: Support for (most) new types defined in OPC UA 1.04.

  • New: Support for the new ReverseHello message defined in OPC UA 1.04.

  • New: Support for new security policies defined in 1.04

  • New: ReverseConnectionListener.

  • New: SecurityPolicy enum. Includes the new security policies defined in OPC UA 1.04. NOTE that Basic128Rsa15 and Basic256 are now deprecated and they are no longer recommended, except for backwards compatibility.

  • New: SecurityMode.combinations()

  • Removed: SecurityMode constants. Use the new constants in SecurityPolicy instead. ALL is no longer available: use the version specific constants instead.

  • Removed: SunJceCryptoProvider and SunJceCertificateProvider. They were not Java 9+ ready and also not 100% compatible. As a result BouncyCastle (or SpongyCastle in Android) is a mandatory dependency.

  • New: Support multidimensional arrays in Structure types

  • Removed: EncoderCalc.

  • New: LimitedByteArrayOutputStream and SizeCalculationOutputStream. Can be used with BinaryEncoder in situations where EncoderCalc was previously used.

  • New: Added static valueOf(String) method to the unsigned types to match jdk ones.

  • New: Support new 1.04 type Decimal by enable usage of Java BigDecimal in Variant and fields of Structure, for example.

  • New: A Builder class for each Structure.

  • New: EncoderContext.addEnumerationSpecification() and addStructureSpecification()

  • New: Static methods Variant.asObjectArray(Variant…​ variants) and Variant.asVariantArray(Object…​ objects).

  • Fixed: Use NamespaceIndex=0 instead of the UA Standard NamespaceUri for ExpandedNodeIds.

  • Fixed: Names of threads are more descriptive, and they can be configured. See StackUtils class.

  • Fixed: Handling of unknown built-in type IDs.

  • Fixed: Always use SpongyCastle in Android automatically.

  • Fixed: No more warnings from usage of reflection in Java 9+

  • Fixed: Possible memory leak after calling StackUtils.shutdown() and "restarting" the stack.

  • Removed ThreadGroups.

  • Changed: ExtensionObject now uses ByteString instead of byte[].

  • Changed: MultidimensionArrayUtils.toString() does not decode `ExtensionObjects by default.

  • Removed: XXXServiceSetHandler helper interfaces.

  • Deprecated: Constructors of UnsignedXXX types. Use static factory methods (valueOf) instead.

  • Deprecated: Constructor of StatusCode. Use static factory method StatusCode.valueOf instead.

  • Deprecated: Structure.getBinaryEncodeId, getJsonEncodeId, getTypeId & getXmlEncodeId. Use values available from the new Structure.specification() instead.

Changes to SDK common classes

  • New: Support for OPC UA 1.04 types.

  • Removed: Generated code and models for companion specifications (DI, ADI, PLCOpen).

  • Removed: PkiFileBasedCertificateValidator, PkiFileBasedCertificateListener, CertificateValidationListener, DefaultUaCertificateValidator, UaCertificateValidator. These were deprecated in version 3.x.

  • New: AccessLevelType replaces EnumSet<AccessLevel> in UaVariable.getAccessLevel(), etc.

  • New: EventNotifierType replaces EnumSet<EventNotifiedClass> in UaObject.getEventNotifier(), etc.

  • New: AttributeWriteMask replaces EnumSet<WriteAccess> in UaNode.getWriteMask(), etc.

  • Deprecated: Constructors of the UaAddress. Use static factory methods instead.

  • Deprecated: DataTypeConverter.getDataTypeForJavaClass(Class<?> clazz). Use getDataTypesForJavaClass() instead.

  • Deprecated: UaAddressSpace.findNode(). Use getNode() instead.

  • Changed: Append the certificate size to the file name of application instance certificates.

  • Changed: DataTypeConverter throws DataTypeConversionException instead of ServiceResultException.

  • Changed: UaValueNode.getDataType() returns UaDataType instead of UaType

  • Changed: StructureSpecification, FieldSpecification and EnumerationSpecification are now constructed via builders instead of constructors.

  • Fixed: Event types which had Object InstanceDeclarations with Properties now work properly.

  • New: UaNamespace. Used to model an OPC UA Namespace(URI).

  • New overload: UaNodeId.fromLocal(ExpandedNodeId expandedNodeId, NamespaceTable namespaceTable).

  • New: UaNodeId.getValueAsParseForm() and UaNodeId.parse(String namespaceUri, String valueAsParseForm). Can be used to store UaNodeId in files.

  • New: Automatically call registerModel() for generated information models by default.

  • New interface: BitField. All UnsignedXXX types implement this.

  • New: UaDataType.getDataTypeDefinition().

Changes to Client SDK

  • Fixed: Forward references of the Enumeration type.

  • Fixed: BrowseName of Guid type (was GUID)

  • Removed: Methods addChangeListener(), getDataChangeListeners(), hasChangeListener() and removeChangeListener() from MonitoredDataItem. These have been deprecated from 2.x.

  • Removed: UaFolder class. This was already deprecated in version 2.x. FolderType should be used instead.

  • Deprecated: UaClient methods: getHost(), getPort(), getProtocol(), getServerName() and getUri(). Use the respective methods of UaAddress instead.

  • Deprecated: UaClient.setUri(). Use UaClient.setAddress() instead.

  • Deprecated: AddressSpace.findNode(). Use getNode() instead.

  • Changed: Added missing Subscription parameter to SubscriptionNotificationListener.onMissingData

  • Changed: Added errorCode parameter to ServerStatusListener.onStatusChange(). Used, when status is null.

  • Changed: Async methods in AddressSpace and UaClient return the AsyncResult with a generics parameter matching the response type.

  • Changed: TypeDictionary now reads by default the dictionaries when connecting to the server. This can be toggled via Uaclient.setInitTypeDictionaryOnConnect(boolean).

  • New: TypeDictionary.getStructureSpecification(UaNodeId id), which can be used to obtain the StructureSpecification of the given id (type or encoding id).

  • New: TypeDictionary reads the new 1.04 DataTypeDefinition Attributes, if the server provides them.

  • New: UaClient.getAddress().

  • New: UaClient.setConnectTimeout(), can be used to set how long the initial connection (normal or reverse) is waited.

Changes to Server SDK

  • New: UaServer.addReverseConnection(String clientServerEndpointUrl, String endpointUrlForClientConnection). Enables support for Reverse Connections as mentioned in Feature Highlights.

  • New: NodeManagerUaNode.getDataType(NodeId dataTypeId).

  • New: Added support for SecurityMode for HTTPS connections. Note that only MessageSecurityModes None or Sign can be used.

  • New: SubscriptionManager.setMaxMonitoredItemsPerSubscription(int). Default is 1000.

  • Deprecated: UaServer.setSecurityModes(). Use UaServer.getSecurityModes().add() or UaServer.getSecurityModes().addAll() instead.

  • Deprecated: NodeManagerTable.findNode(), use getNode() instead.

  • Deprecated: NodeManager.findNode, use getNode() instead.

  • Changed: UaServer.getSecurityModes() returns a Set instead of an array of SecurityMode.

  • Changed: UaServer.getSecurityModes() is empty by default (used to initialize to `SecurityModes.ALL, which does not exist any more).

  • Changed: Added Boolean useSimpleBounds parameter to HistoryManagerListener.onReadAtTimes call.

  • Changed: InstanceDeclaration interface, methods returning Set<InstanceDeclaration> now return Set<? extends InstanceDeclaration>

  • Removed: InstanceDeclaration.getExternalReferences() and getInstanceReferences()

  • Changed: NodeManagerTable.addNode() now throws IllegalStateException if the the add operation fails.

  • Changed: Using 32 byte authentication tokens for Sessions.

  • Fixed: Symmetric ReferenceTypes now work properly.

  • Fixed: Possible multithreading issue in protected method SubscriptionManager.nextSubscriptionId()

  • Fixed: An issue where Diagnostics didn’t work if they were enabled before UaServer.start was called.

Changes to Code Generator

Running the code generator requires now (exactly) Java 8. A future version will also run on Java 11. The generated code will however compile on Java 6+.

  • Changed: Configuration file format. Please see the Codegen Manual and Migration Guide for details.

  • Changed: Namespace prefix is now applied also to the names of the generated DataTypeDictionaryHelper and Serializer output classes.

  • New: Support OPC UA 1.04 information models.

    OPC Foundation is releasing new amendments to the 1.04 specification. Specific companion specifications may rely on these amendments, so if you experience problems, please contact our support for assistance.
  • New: A static SPECIFICATION field is generated for each Structure. It contains the respective StructureSpecification.

  • New: A static SPECIFICATION field is generated for each Enumeration. It contains the respective EnumerationSpecification.

  • New: Generate code for subtypes of unsigned integer types that have OptionSetValues Property.

  • New: Support for multidimensional array fields for Structures (added in 1.04).

  • New: Support abstract Enumeration in InstanceDeclaration DataTypes (will return Enumeration in generated code).

  • New Generation Targets: client_model_provider and server_model_provider. UaClient and UaServer will be able to call registerModel automatically for these models (assuming the generated files are accessible via the classpath).

  • New: Detecting if an information model is used improperly as configuration file and reporting better error message.

Changes to SampleConsoleClient

  • New: Command line switch '-r' to open a port for reverse connection.

  • New: Added pom.xml for Maven integration.

  • Changed: Project layout to Maven Standard Directory Layout.

  • Changed: Removed generation of HTTPS certificate (not required).

Changes to SampleConsoleServer

  • New: Support new security policies defined in 1.04.

  • New: Support reverse connection.

  • New: Added pom.xml for Maven integration.

  • Changed: Project layout to Maven Standard Directory Layout.

  • Removed MyEnumType enum, converted the functionality to use EnumerationSpecification.

  • Fixed: Avoids NPE for the first read of NonUaNodeComplianceNodeManager.


  • For Maven users, A pom.xml for maven integration is now provided for the SDK jar. Addtionally the samples have their own pom.xml which should allow easier importing to IDEs. Note that you must first install the SDK pom file (with the jar) to your local .m2 repo, otherwise the pom.xml of the samples do not work.

  • For Java 9+ support, the SDK jar now includes Automatic-Module-Name in the MANIFEST.MF with value ''

  • Fixed DataTypeDictionary related Description node names for the SampleTypes model, which is bundled with the SDK Codegen.

  • Android detection should work better, for the purpose of automatically detecting if SpongyCastle based Crypto/Certificate providers should be used.

  • HTML manuals included in the distribution in addition to PDFs.

Plus a number of other small changes.