Skip to content

What is new in version 3.1.0 🚀?

This is an overview of the features and changes added in the latest version of Nerve. For an extensive list of all changes, refer to the release notes.

Nerve 3.1 is a major step forward in security, operational control, and node governance.
This release introduces production‑grade hardening features, stronger identity and access controls, and new mechanisms to ensure integrity and traceability of both nodes and workloads—all while improving day‑to‑day operability for administrators, security teams, and CI/CD pipelines.

Below are the highlights.

🔐 A New Level of Security & Compliance

Production Mode for Nodes

Run nodes in true production conditions — safely.

Nerve 3.1 introduces a Production Mode that significantly reduces the attack surface of deployed nodes:

  • SSH access is restricted to internal networks or disabled entirely
  • CODESYS runtime is fully air‑gapped
  • Production Mode can be activated via Local UI, Management System, or API
  • Prevents accidental or unauthorized access in live environments
  • Aligns perfectly with IEC 62443 security expectations
  • Creates a clear distinction between engineering and production phases

Production Mode is will be extended. Future releases will build on it with alarms and security workflows.

Secure Boot & Disk Encryption Visibility

Know instantly whether a node is secure.

The node list and local UI now clearly show:

  • Secure Boot status & Disk encryption status
  • Instant trust check without digging into logs or documentation
  • Clear signal that node integrity is intact

Signed Workload DNA & Integrity Verification

Trust what is running — and prove it.

Workload DNA files are now signed by the Management System and verified by the node:

  • Hashes of all workloads are included
  • Signatures are verified at deployment and periodically during runtime
  • Guarantees workloads were not tampered with
  • Detects unexpected changes automatically

Configuration Integrity Monitoring

Integrity check of system variables when production mode is active

Nerve Node checks when production mode is activated the integrity of:

  • Critical system configuration
  • DNA‑based configuration
  • Relevant workload configuration data

Any violation is:

  • Detected automatically
  • Logged and auditable
  • Ready to trigger alerts in monitoring systems

Benefit

  • Immediate detection of unauthorized or accidental changes
  • Strong safeguard for regulated environments

👤 Identity, Access & User Protection

Forced Password Change for Default Admin

No more forgotten default passwords.

If the default admin logs in with the default password:

  • A password change is enforced
  • Skipping is an explicit decision, not an accident
  • Eliminates one of the most common security risks at installation time

Configurable Password Policy

Security rules that match your organization.

You can now configure:

  • Password complexity
  • Password lifetime and expiration
  • Expiration warnings before lockout

Session & Connection Limits

Stop resource abuse before it happens.

Nerve 3.1 introduces configurable limits for:

  • Concurrent user sessions
  • SSH connections
  • Remote connections per user
  • Automatic session logout after inactivity
  • Prevents accidental lockouts
  • Protects shared systems from misuse
  • Improves overall stability in multi-user setups

🧬 Node DNA: More Control, Less Manual Work

Node DNA with system configuration as addition to Workload DNA

Everything automated — finally.

  • Fully reproducible node setups
  • Perfect for large-scale or automated deployments
  • Fewer manual steps, fewer errors

First release of Node DNA includes most of common system parameters and will be extended in future release.

You can now configure via DNA:

  • Network interfaces (DHCP / static)
  • Proxy settings
  • Timezone
  • Security parameters like brute‑force protection
  • Session timeouts

Please find more details on Node DNA here.

Flexible System Logging

Log what you need — nothing more.

Operators can now:

  • Disable syslog entirely
  • Limit logging to Nerve-only messages
  • Enable full logging for debugging
  • Save bandwidth on costly networks
  • Reduce noise in normal operation
  • Turn up visibility when troubleshooting

♻️ Secure Factory Reset & Decommissioning

End-of-life done properly.

A new secure factory reset allows:

  • Complete removal of customer data
  • Destruction of encryption keys
  • Safe reuse or decommissioning of hardware

Triggered directly from the Local UI.

🚦 Summary

Nerve 3.1 is a security‑first release that:

  • Is certified according to IEC 62443-4-2
  • Hardens nodes for real production use
  • Improves trust, integrity, and auditability
  • Gives operators more control with less complexity
  • Lays the groundwork for future security‑driven features

If you manage critical edge infrastructure, Nerve 3.1 gives you the confidence to deploy at scale — and sleep well at night.