Disclosure: security vulnerabilities in custom integrations HACS, Dwains Dashboard, Font Awesome and others

four minutes reading time

Attention please read

This is a disclosure about security vulnerabilities found in 3rd party custom integrations. Custom integrations are not created and/or maintained by Home Assistant. Users install them at their own risk. We want to inform you about these because the found vulnerabilities impact the security of your Home Assistant instance.

If you do not use custom integrations, your Home Assistant is not vulnerable. If you do use custom integrations, your instance might be vulnerable if you use one of the impacted integrations.

TL;DR:

  • Multiple custom integrations were found that allowed an attacker to steal any file without logging in.
  • Upgrade Home Assistant as soon as possible. Home Assistant Core 2021.1.3 added extra protections that stops attackers from reaching the vulnerable code in custom integrations.
  • Upgrade the custom integrations to a fixed version or remove them from your installation.
  • If you have used any of the custom integrations with a known vulnerability, we recommend that you update your credentials.

On the morning of Thursday, January 14 2021, the custom integration Home Assistant Community Store (HACS) project was informed by security researcher Oriel Goel about a security vulnerability. It was vulnerable to a directory traversal attack via an unauthenticated webview, allowing an attacker to access any file that is accessible by the Home Assistant process. This access includes any credential that you might have stored to allow Home Assistant to access other services.

We started to research what other custom integrations could be impacted and found several more. We have responsibly disclosed these issues to the authors of those custom integrations and worked with them on fixing their integrations.

The following have been found:

We haven’t been able to get in touch with the authors of the following integration. You should remove this custom integration as soon as possible:

The following integration was discovered to be vulnerable to a variant of the above security vulnerability. It allows for a directory traversal attack but requires the attacker to be authenticated. We have been unable to reach the author:

If you have used any of these custom integrations, we recommend that you update your credentials.

Besides working with the custom integration authors, the following actions have been taken to help protect users:

  • Home Assistant released Home Assistant Core 2021.1.3 with extra protection to stop directory traversal attacks before reaching the vulnerable code. This prevents the abuse of all found vulnerabilities.
  • Home Assistant published a security bulletin strongly urging people to upgrade their Home Assistant instance. This bulletin has been shared widely and linked from banners on the Home Assistant website and forums.
  • The Home Assistant Supervisor will notify the user when a possible insecure installation is found that uses custom integrations.
  • The Home Assistant Companion apps for Android and iOS have been updated to notify the user if their Home Assistant instance is potentially insecure.
  • Nabu Casa emailed the security bulletin to all Home Assistant Cloud subscribers and users on trial.
  • Nabu Casa activated their feature to limit remote access via Home Assistant Cloud and block instances that run an insecure version of Home Assistant.

Look. It sucks that this happened. The custom integrations we have listed are all open source, maintained by volunteers in their spare time. They often work alone on this and that’s why it’s more likely for a bug to go undetected. But more eyes doesn’t guarantee bug-free software either. From time to time, such things will happen to every piece of software.

I want to emphasize that it’s not allowed to personally harass/attack/insult the developers of these custom integrations. That would be a violation of our Code of Conduct and we will enforce this.

As Home Assistant, we could have done more to prepare for this scenario. We are currently exploring adding new opt-in features for users to be notified and allow Home Assistant to take action preemptively to patch vulnerabilities.

Paulus

Edit: 23 January 2021: Additional security vulnerabilities disclosed in this second disclosure post.

FAQ


Why didn’t you release the names of the custom integrations in the first security bulletin?

When we discovered the issues, we disclosed them to the authors of the affected custom integrations and gave them time to fix the problem and release a new version. This is a good and common practice when disclosing security vulnerabilities.

Since some of these custom integrations are quite popular, we also decided to publish a security bulletin to urge Home Assistant users to upgrade their instances. We made sure to include enough information for users to resolve the vulnerability.

Has this vulnerability been abused?

We don’t know.


Security Bulletin

1 minute reading time

Attention please read

It has come to our attention that certain custom integrations have security issues and could potentially leak sensitive information. Home Assistant is not responsible for custom integrations and you use custom integrations at your own risk.

The latest version of Home Assistant Core has extra protection to help secure your instance.

Update your Home Assistant instance as soon as possible.

To update Home Assistant, click on the Supervisor menu item to see if an update to 2021.1.3 (or newer) is available. If you don’t have the Supervisor menu item, follow the update instructions. Home Assistant 2021.1.3 is still compatible with Python 3.7 and an upgrade is possible.

If you cannot update Home Assistant at this time, we strongly advise you to disable all custom integrations. You can disable your custom integrations by renaming the custom_components folder inside your Home Assistant configuration folder to something else. Please be sure to restart Home Assistant after you’ve renamed it.

If you need additional help with upgrading, we are happy to help you out on our Discord chat server.

We will provide more details about impacted custom integrations in the future.

Paulus

Edit: 15 January 2021: Blog post updated to state 2021.1.3, which added some additional checks.

Edit: 16 January 2021: Blog post updated to remove supervisor reload instructions, as latest version is now generally available. Added note that Python 3.7 is still supported.

Edit: 22 January 2021: More details are now available in the disclosure post.

Edit: 23 January 2021: Additional security vulnerabilities disclosed in this second disclosure post.


2021.1: Happy New Year!

26 minutes reading time

We said goodbye to 2020, which was a weird and wild year. 2020 will be remembered because of the awful pandemic, that hopefully will get under control in 2021.

We wish you, your family, friends and everyone around you, safety, health, happiness and countless blessings for 2021!

Happy New Year!

Kicking off the year with Home Assistant Core 2021.1!

Now don’t get too excited. The 2020.12 release was jam-packed, and most of us enjoyed the holidays with our loved ones. Furthermore, we didn’t have a full release cycle, this one was shorter than usual. This is due to the delaying of the previous release cycle (for the conference) and the introduction of the new release cycle (monthly now).

As a result of that, this release starts 2021 slowly, with a light release. No big new features, no new integrations. Just fixes, tweaking and tuning.

Besides, I’m curious, what is your smart home new years resolution? Let me know in the comments!

Enjoy the release!

../Frenck

In memoriam of Villhellm

It is with sadness that we announce that one of the Jedis in our Discord Server, @Villhellm (William), who had been actively involved with the Home Assistant community for a number of years, had passed away right before Christmas of 2020 at the age of 27.

He had been an active member in forums, and other discord servers related to Home Automation (Dr. Zzs, DigiblurDIY, and many more.)

We want to take a moment to recognize his efforts and the support he had provided to the HA community, and may he rest in peace.

Some of his friends have set up a GoFundMe account to help his surviving wife and family members. We now have an opportunity to help his family get through these difficult times.

We thank you for your support!

Home Assistant Conference Videos

A couple of weeks ago, the Home Assistant Conference of 2020 took place. We had quite a few messages and requests for making all talks held at the conference available for viewing.

We have started the process of making those available on our YouTube Channel. So, if you haven’t done it already, go to our channel and subscribe and you’ll be notified when we make another talk available.

All videos of the conference will be added to the Home Assistant Conference 2020 playlist on YouTube as well.

Other noteworthy changes

This release has no big new features, but we do have quite a bit of tweaks that are definitely noteworthy to mention.

  • @spacegaier removed the “No Area” from the device tables, reducing the clutter in those lists.
  • Since 2020.12, entities can be assigned to areas. Thanks to @elupus, these areas are now sent to Google Assistant as room hints.
  • Rachio now has pause and resume services, thanks to @brg468.
  • A bunch of new sensors are added to Météo-France. Additional weather conditions, UV, and wind gust, done by @mbo18!
  • @alengwenus has been refactoring the LCN integration. While it does not bring new things to the surface, it does improve in quality and prepares for future improvements. Keep up the good work!
  • Homeatic IP Cloud now supports HmIP-HDM1 and HmIPW-DRD3, thanks to contributions by @SukramJ.
  • Accuweather now has Wind information, thanks @abmantis!
  • ReCollect Waste now has integration options, starting by giving the option to display pickup types by their human-friendly names. Thanks, @bachya!
  • @postlund rewrote the Apple TV integration for 2020.12, but he is not stopping! Besides some fixes, he extended the device information and added some attributes.
  • The SQL Sensor now supports MSSQL, thanks to @dgomes!
  • Support for climate devices with a temperature range, has been added to the HomeKit controller integration. Thanks, @thevoltagesource!
  • The MQTT integration discovery feature, now has support for device trackers, which has been added by @PeteBa.
  • Sending animations using the Telegram Bot is now possible with the new animation service added by @tofuSCHNITZEL.
  • If you have a Xiaomi Miio vacuum cleaner with a mop function, this release added status for the water box and the mop itself. Thanks, @JJdeVries!
  • WeMo now supports the outdoor plug, thanks @mattbilodeau!
  • The Music Player Daemon integration now shows album art in the media player. Looks good @mweinelt!
  • Amazon Polly has a new voice: Olivia. A female, Australian and neural voice. Thanks @aque0us!
  • Google Cloud TTS now has support for SSML (Speech Synthesis Markup Language). Thanks, @lufton!

New Integrations

This release has not introduced new integrations.

New Platforms

The following integration got support for a new platform:

Integrations now available to set up from the UI

The following integrations are now available via the Home Assistant UI:

Release 2021.1.1 - January 9

Release 2021.1.2 - January 14

Release 2021.1.3 - January 15

Release 2021.1.4 - January 16

Release 2021.1.5 - January 23

If you need help…

…don’t hesitate to use our very active forums or join us for a little chat.

Experiencing issues introduced by this release? Please report them in our issue tracker. Make sure to fill in all fields of the issue template.

Read on →

2020.12: Automate with Blueprints!

39 minutes reading time

Welcome to Home Assistant Core 2020.12!

You are looking at our new versioning schema. From now on, the Home Assistant Core will be using calendar versioning, consisting of the year, month and a patch number to indicate a bug-fix release. This also means our release schedule is changing. Home Assistant Core will now be released every first Wednesday of the month!

As most things are announced at the Home Assistant Conference; more things will be added/tweaked in these release notes the next couple of days.

For me, this has been an exciting year! And thanks everybody for contributing to this amazing project, no matter what and how you contributed. You are all amazing! ❤️

With the Holiday season coming, it is time to slow down a bit, enjoy time with our family. And in a couple of weeks, a new year will start; Let’s make it a good one!

Happy holidays, stay safe and for the last time this year: Enjoy the release!

../Frenck

Blueprints

Say hello; to the major new feature of Home Assistant 2020.12: Blueprints!

Screenshot of the blueprints configuration panel Screenshot of the blueprints configuration panel.

An automation blueprint is a pre-created automation with user-settable options. This allows for a separation of the logic and inputs of an automation. It sounds a bit complicated, but as a matter of fact, it will make things re-usable and easier.

Imagine a blueprint that controls a light based on motion, that allows you to configure the motion sensor to trigger on, and the light to control.

It is now possible to create two automations that each have their own configuration for this blueprint and act completely independently, yet are based on the same automation configuration.

Sharing blueprints

Blueprints are great for sharing your automations and ideas with the community.

We created a Blueprint Exchange forum category where you can post your created blueprints. For others to use!

We believe that the power of blueprint relies in sharing. You can now share complex automations that others can use, even if they are using the UI editors.

For example, a blueprint can be shared for a specific Zigbee remote control that maps all buttons to a light. A blueprint that sends a notification when it found empty batteries. A blueprint for muting music when you pick up your Android phone.

The sky is the limit in the ideas and automations blueprints we can share!

Using blueprints

Let’s cut a long story short, it sounds exciting, but what does it mean?

You can import blueprints by copying the URL of the forum topic or from GitHub into the UI. Then you can create automations from these blueprints by filling out the required inputs.

Screenshot of a blueprint Screenshot of a blueprint.

It is really easy to deploy a blueprint, even multiple times! Blueprints are fully functional in both the UI and for YAML.

Creating blueprints

We created a really nice tutorial on how to make blueprints.

Essentially, a blueprint is just like an automation, with some added blueprint metadata. You can convert any existing automation into a blueprint!

As the last step, be sure to share your freshly created blueprint on the community on the Blueprint Exchange, helping and and inspiring others.

New neural voices for Nabu Casa Cloud TTS

If you have a Nabu Casa Home Assistant Cloud subscription, this release brings in some really nice goodness for you. The Text-to-Speech service offered by Nabu Casa has been extended and now supports a lot of new voices in many different languages.

This is a great alternative to, for example, the Google TTS integration. The resulting audio is absolutely stunning and the neural voices sound supernatural.

This service is automatically enabled when you are signed in to your Nabu Casa cloud account and can be called using the tts.cloud_say service in your automations.

For example:

action:
  service: tts.cloud_say
  target:
    entity_id: media_player.family_room_speaker
  data:
    message: These new voices sound absolutely stunning!
    options:
      gender: female
    language: en-US

Assign areas to entities and readable area IDs

Areas have been around for a bit already. But, not everything supports areas yet. And using it in for example YAML-based automations, is not really an easy task to do.

Today that changes, as this release works towards making areas more useful by making them more accessible and more universal.

The first change: individual entities can now be assigned to areas.

Previously this was limited to devices only. This also works for entities without a device (for example, entities provided by Helpers). Devices provide entities, and thus it is now possible to override the area with a single entity for a device as well. For example, your in-wall mounted switch controls a light in another room.

Screenshot of assigning a entity to an area Screenshot of assigning a entity to an area.

Second improvement: The ID of a newly created area will now be based on the name of the area instead of a random string.

This makes it easier to use areas in service calls, as you can now use area identifiers that actually make sense for a human! In a YAML automation or script it will look like this:

action:
  - service: light.turn_on
    target:
      area_id: living_room

To find the area ID for the area you want to target, go to the Configuration Panel, and edit the area you want to target. In area edit dialog, the ID is shown.

Temporarily disable devices

Do you have your Christmas tree set up in Home Assistant? After the Holidays are over, you store all those decorations for the next season. But what about those devices in Home Assistant?

Thanks to @emontnemery, you can now disable devices in Home Assistant. So, next year, when you unpack all decorations, enable them again and you’re ready to go for another Holiday season!

Screenshot of disabling a device Screenshot of disabling a device.

Of course, besides seasonal things, it can also be helpful if you have a broken device or temporarily taking down any other device.

Other noteworthy changes

  • The Apple TV integration now supports tvOS version 13 and above and can be setup from the UI, thanks @postlund!
  • @thecode has been busy with the Shelly integration and added support for inputs, so you can now use the Shelly i3 and Shelly’s in detached state.
  • Thanks to @adrum, the HomeKit controller integration now has support for (de)humidifiers.
  • deCONZ now supports tilt on covers, and preset and fan for climate devices, thanks @Kane610!
  • @frenck added support for setting the repeat mode to the Spotify integration.
  • The Nest integration now supports camera and doorbell events, thanks @allenporter!
  • Changes made to your KNX integration’s YAML configuration, can now be reloaded without restarting Home Assistant. Thanks @spacegaier!
  • The number formatting in the frontend is more consistent, thanks to @joshmcrty!
  • @dmulcahey has been improving the user experience of ZHA. The feedback when pairing a new Zigbee device in the frontend is improved, discovered devices are shown earlier with their progress, and the ZHA configuration panel now has a Zigbee network visualization tab! This allows you to see your network and find connection issues.
  • The rest integration can now handle request parameters, nicely done @boxcee!
  • Learn new RF commands using a Broadlink remote! Thanks, @felipediel!
  • @mLupine extended templated binary sensors and these now support templating the delay_on and delay_off!

New Integrations

We welcome the following new integrations this release:

New Platforms

The following integration got support for a new platform:

Integrations now available to set up from the UI

The following integrations are now available via the Home Assistant UI:

Release 2020.12.1 - December 16

Release 2020.12.2 - December 30

If you need help…

…don’t hesitate to use our very active forums or join us for a little chat.

Experiencing issues introduced by this release? Please report them in our issue tracker. Make sure to fill in all fields of the issue template.

Read on →

Home Assistant OS Release 5

three minutes reading time

Today we also release Home Assistant OS 5.8, the first stable version of the 5.x release series.

Highlights:

  • Improved Multicast Name Resolution on OS level

  • External Data Disk Feature

  • Improved Reliability against Container corruption

  • New support: Raspberry Pi 4 – 8GB

  • New support: ASUS Tinker Board S

  • New support: ODROID-C4

  • Improved: OVA Virtual image includes more drivers

Table of contents

Operating System Changes

Multicast Name Resolution

Release 5 uses systemd-resolved to provide DNS services on the operating system level and acts as a multicast name resolution responder. Besides, mDNS systemd-resolved also supports the LLMNR hostname resolution protocol. In practice, this makes discovering a new installation of Home Assistant OS working in most situations, either using http://homeassistant.local:8123 or http://homeassistant:8123.

External Data Disk

In release 4 we introduced external data disk support. The command datactl allows moving the main data partition to any disk connected to the system. The boot partition and main operating system partitions stay on the boot medium (typically the SD card). Using this approach is more reliable than booting the system from USB. Booting from USB requires several parts of the software stack to rediscover the external storage. In release 5 we made the external data disk feature more robust and the initial moving process much faster. We plan to improve that feature even more and are happy to get your feedback!

Improved Reliability

The main system service to start Home Assistant Supervisor is now more reliable. Home Assistant OS is now able to detect a corrupted supervisor container in most situations and automatically downloads a new version of it. File system checks have also been expanded to the boot partition, which makes sure that all file systems are being checked now.

Under the Hood

Under the hood, we updated to Buildroot 2020.11, which brings tons of new software versions along with bug and security fixes. Some key components which received an update were systemd 246 and AppArmor version 3.0.

Board Support

Raspberry Pi

All Raspberry Pi versions now use Linux Kernel 5.4, just like Raspberry Pi OS. With the move to U-Boot 2020.10, we are now also supporting Raspberry Pi with 8GB of memory. With the new kernel and U-Boot Home Assistant OS can now also run on the Compute Module 4 as well as the Pi 400 (the keyboard). A keyboard is probably not the ideal form factor for a headless system such as Home Assistant OS, but it comes with good cooling, which makes it not the worst choice :-). We recently tested the 64-bit variant of Home Assistant OS much more and feel comfortable to recommend the 64-bit version for Raspberry Pi 4.

ODROID

The ODROID platforms now use Linux 5.9, which brings improved support for all ODROID platforms such as the ODROID N2(+). For the N2(+) the Real-Time Clock is now supported as well.

Open Virtualization Appliance/Intel NUC

The x86 platforms (Intel NUC, OVA - Open Virtualization Appliance) now use Linux 5.9. The kernel for OVA images has new drivers enabled for Intel Network devices with Virtual Function, PCIe passthrough for Hyper-V, or support for Audio (HDA audio devices).

New Board Support

Besides the ASUS Tinker Board, we now also support the Tinker Board S, a variant with fast on-board eMMC storage. Thanks to [@ubergeek801] we now also have support for ODROID-C4, a cost-effective alternative to Raspberry Pi in a similar form factor.

Other Changes

The build pipeline is now using GitHub Actions and we compress the images using the xz compression algorithm instead of gz. The flashing process will stay the same: Etcher supports flashing from gz as well as xz.

This is all I can think of for now. The release 5.8 will be on the stable channel today, so watch out for the update notification in the Supervisor section. Images are available in the release section over on GitHub.


Community Highlights: 7th edition

three minutes reading time

The 7th edition of the Home Assistant Community Highlights! Some interesting things popped up around our community, we thought was worth sharing.

Troy Hunt has jumped into our wonderful world and shared his journey in a blog post series. Some nice examples on a DIY solution for mounting a wall tablet and how to arm your alarm with a toothbrush!

Troy Hunt is unraveling IoT using Home Assistant

If you have never heard of Troy Hunt before, he is a web security specialist and mostly known for creating “Have I Been Pwned” (Home Assistant integration).

Troy has been diving into the world of IoT and started automating his home, using… Home Assistant!

I'm massively impressed with HA and nothing else I've seen along my IoT journey comes even close to comparing. If you're going to do IoT in any meaningful way, you start with HA.

Troy Hunt

In 5 blogs, he writes about his journey in the big world of IoT:

The 5th part Troy made 11! short and quick videos, showing actual use cases in his home. Really cool and inspiring!

Framing a wall-mounted tablet

If you are a bit like me, you probably want to wall mount a tablet someday (or you already have it of course 🥴). Doing that in a nice, elegant and pretty way is often the hard part. Especially if you only have brick walls (like me), which makes it hard to hide cable or recess the tablet.

Next I came across 2 posts on on the Home Assistant subreddit, which, if you haven’t done already, should totally join.

This one popped up, made by ialex87, which uses a 3D printed frame from Thingiverse to which he glued a wooden frame to make it look like a photo frame.

Nothing much, but my honest work! from r/homeassistant

Next, Invinciberry shared his version:

Now let's wall mount this thing. from r/homeassistant

Both look very slick! Thanks for sharing!

Arm your alarm by brushing your teeth…

Automatically arm your alarm, when Home Assistant detects you are using your toothbrush… Why? Because we can! 😎

Home Assistant Conference

This isn’t a highlight yet, but without a doubt, it is definitely is going to become one of the highlights of this year: The Home Assistant Conference.

Sunday, 13 December, we’ll be looking back at last year; but more importantly, lots of great talks are planned by speakers from our community about all different kinds of subjects:

Home Assistant Conference Schedule

Above all, some new and exciting stuff is going to be announced as well! So, ensure you don’t miss it.

Get your $1 ticket

Or, check the Home Assistant Conference page for other ways on how to watch.

Got a tip for the next edition?

Have you seen (or made) something awesome, interesting, unique, amazing, inspirational, unusual or funny, using Home Assistant?

Click here to send us your Community Highlight suggestion.

Also, don’t forget to share your creations with us via Social Media:

See you next edition!


[Better solution!] TP-Link offers way to add local API back

two minutes reading time

Update Nov 26: TP-Link has now announced that they are working on a new firmware that should solve it. DM them on Twitter for info.


Last week TP-Link released an update for their HS100 and HS110 plugs that removed the local API. This was done because of a “security concern”. I put this in quotes because it has not been verified and this reason has been given before when removing interoperability. TP-Link communicated this via Twitter in response to a user voicing their concern.

Lots of users, rightfully so, got angry. They bought the plugs assuming the local API was a feature. Removing this feature and forcing users through the TP-Link cloud sucks. It removes the one feature why TP-Link stood out among many smart plugs.

After a week of angry users, it looks like TP-Link has listened… somewhat. They are offering a temporary solution to roll back the firmware. We haven’t found any public documentation, but there are forum posts by their employees here and here about it.

TP-Link employee on the forums explaining how to downgrade the firmware Forum post by a TP-Link employee to send in a ticket.

We are hoping for a better solution, but for now this is what you should do:

  1. Submit a ticket to technical support. Make sure to include the MAC address of your plug. We got an update from TP-Link that this step is no longer necessary.
  2. Go to the forums and send this user a message with your TP-Link ID, model number, hardware version and MAC address.

TP-Link, if you’re reading along, please reach out to us at [email protected] so we can discuss a better long term solution for local control. Happy to talk!


0.118: Grid and logbook cards, quick navigation, native template types

45 minutes reading time

Home Assistant Core 0.118!

The second last release of 2020, while the end of the year is slowly closing in.

This also means we have only one more release left this year… And we plan to finish the year with a big bang! Also announced: the Home Assistant Conference. I am really excited about that one! The last major release of this year will be during the conference on December 13.

Back to 0.118! Some nice additions this release: Navigating around with the Quick bar (oh, I just love that feature), some new Lovelace cards, native types in templates is now the default and the Nest thermostat is back! 🎉

All in all, a fine release, with an exciting one ahead of us.

../Frenck

Table of contents

Home Assistant Conference

Exciting news! Home Assistant is hosting an online conference this year!

An event to celebrate our community, share ideas, history, creations and celebrate major milestones! The event will take place on Sunday, December 13.

Paulus Schoutsen, the founder of Home Assistant, will give the opening and closing keynote, aided by other Home Assistant developers. In between, we have three different tracks of talks (for everyone, advanced users and developers) with a total of 16 different talks.

Check out the conference schedule to see the subjects of the talks and the list of speakers.

The Home Assistant Conference will be hosted on Hopin, an online conference platform. Tickets to attend will cost $1, which will cover the cost of the platform.

Get your ticket

The conference will also be available as a free YouTube live stream. The live stream will be limited to the keynotes and the “everyone” track. You won’t have access to the chat and have that online conference feeling, so we recommend getting a ticket!

For the latest information, check our dedicated Home Assistant Conference page.

Home Assistant Conference header

Edit: We all hate ads! But we do like to show off our users!

For those who don’t keep up with the release notes, we added an announcement about the conference in the Configuration panel. It was always set to disappear automatically when the conference is over, but when you are ready to be rid of it, just press the x!

We realize it is invoking concern of future ads and that it could have had a better execution. In fact, within some of the (yes, sometimes heated) discussions about it during the beta, there were some good thoughts and examples shared for working toward a truer “community news” integration. Such an integration could pull in future and ongoing community events, news, and project highlights, which could be enabled or disabled like any other integration. For now, it is this banner which will be removed on the next release.

Grid Card

Ever since the start of Lovelace, users have been making grids. However, this was not easy as it involved fiddling by combining horizontal and vertical stacks — a confusing and frustrating experience.

@balloob to the rescue! This release adds a new Grid Card. You won’t have to write a complicated YAML soup combining both horizontal and vertical stacks.

The Grid Card offers straight forward options to mimic these setups and adds an option to force each card to be square to boot.

Screenshot of the Grid Card Screenshot of Grid Card.

*Note that the square option won’t work with all cards.

Quick Bar navigation

The Quickbar, which was introduced in Home Assistant 0.117, really took off! We are happy to see you like it.

If you haven’t tried the new Quick Bar yet… you should! It is a quick and easy way to get to entities or run commands. From anywhere in Home Assistant; press e for entities or c for commands.

This release, support for navigating Home Assistant via the Quick Bar was added. You can now jump to any place, from any place. Amazing job @donkawechico

Screenshot of navigating around using the Quick Bar Screenshot of navigating around using the Quick Bar.

Native types support for templates

Announced in 0.117, but now by default enabled. Native template types allow templates to result in not just strings (text), but also other types.

Ever tried to make a list of entities or set an RGB color via a template? If so, you probably would have learned, that it is not that simple. In Home Assistant, the result of a template always has been a piece of text (a string), even if you made a list.

script:
  my_script:
    alias: "Example"
    description: Example script with native lists in templates
    variables:
      entities:
        - light.living_room_window
        - light.living_room_table
      color: [255, 0, 0]
    sequence:
      service: light.turn_on
      target:
        entity_id: "{{ entities }}"
      data:
        rgb_color: "{{ color }}"

This is an extremely powerful change to our template engine, that allows for more advanced future additions and can significantly reduce the complexity of existing templates in your set up.

It should be mostly compatible with your existing templates; However, be sure to check the breaking changes section for known possible breaking scenarios.

Logbook Card

Another new Lovelace card this release. @zsarnett added the Logbook Card.

This card allows you to show the logs of one (or more) entities on a Lovelace Dashboard. This can be really helpful if you want to monitor, for example, the motion events of a sensor or a camera.

Screenshot of the new Logbook Card Screenshot of the new Logbook Card.

Header & Footer Editor

Entity cards in Lovelace have support for customizing the header and footer of that card. This is really useful for adding a nice image, a couple of buttons or a graph to the card.

Up until now, you needed some YAML magic to achieve that. Thanks to @zsarnett we now have a Header & Footer editor available in the UI making this feature much easier to use.

Screenshot of the new Header/Footer editor. Screenshot of the new Header/Footer editor.

Supervisor Network Configuration

Expected to be available soon, a new Supervisor version which includes a new network layer with added support for wireless networks, multiple network interfaces and even VLANs.

This should cover most of the feature requests we had around networking.

New Supervisor Network configuration UI New Supervisor Network configuration UI

The next step is that we use all the information from our new network backend to simplify some add-ons. Also, updates for Snapshot/Restore of these network settings are planned.

Home Assistant OS

The last few days, two new Home Assistant OS releases have been published.

While 4.17 continues to make small improvements in the 4.x release series, the latest pre-release 5.5 comes closer to our goals to declare 5.x release series stable. In particular, this pre-release includes the Linux 5.4 kernel for all Raspberry Pis! We also intend to declare 64-bit the recommended installation method for Raspberry Pi 4.

Release 5.5 is also the first release to support Hardkernel’s ODROID-C4, a very cost-effective single board computer featuring the Amlogic S905X3 SoC and 4GB of DDR4 memory (thanks @ubergeek801). Testers welcome!

Other noteworthy changes

  • The new Nest SDM integration now supports thermostats! Thanks, @allenporter!
  • Entity pickers in the UI will now show the full name of the entities. Thanks, @spacegaier!
  • The Roon media player now supports media browsing but also has support for grouping and transferring between different players. Thanks @pavoni
  • @cnorick added a button to duplicate Scripts from the UI.
  • The Shelly integration now has real-time status updates, which has been implemented by @thecode!
  • @apop880 prepared the WLED integration for Christmas by adding a service for loading WLED presets.
  • Date pickers in entity cards have been replaced with a modern, good looking version. Thanks, @thomasloven!
  • @joshmcrty Made numbers shown in the frontend formatted in a way that matches your language settings.
  • @spacegaier has been busy improving the frontend, making it more accessible to people with disabilities. In this case, ARIA (Accessible Rich Internet Applications) labels have been added, so screen readers can use our + buttons. Thanks!

New Integrations

We welcome the following new integration this release:

New Platforms

The following integration got support for a new platform:

  • 1-Wire now supports binary sensors and switches, added by @epenet

Integrations now available to set up from the UI

The following integrations are now available via the Home Assistant UI:

Release 0.118.1 - November 19

Release 0.118.2 - November 20

Release 0.118.3 - November 23

Release 0.118.4 - November 26

Release 0.118.5 - December 5

If you need help…

…don’t hesitate to use our very active forums or join us for a little chat.

Experiencing issues introduced by this release? Please report them in our issue tracker. Make sure to fill in all fields of the issue template.

Read on →

Home Assistant Companion Android App Release 3.0.0

nine minutes reading time

Hey everyone its been a little while since we last spoke. We have a brand new Home Assistant Companion for Android release that we are excited to get into your hands and will roll out over the next day or so in the Google Play store.

Before we get into the release details I’d like to mention that this month marks the 1 year anniversary of the Home Assistant Companion app being offered in the Google Play Store! Just to think how far along the entire app has come from its initial alpha state to what is currently being offered in today’s release. Can you believe its already been a year?

It has been pretty busy over on the Android side of things during Hacktoberfest! We have seen a total of 84 pull requests from a wide range of contributors that we are thankful for, so thank you for all of your efforts! In case you missed it we actually had a release shortly after version 2.4.0 but as we did not have an accompanying blog post, we’ll cover whats new since we last spoke in this post. All of the features listed below are already documented on the Companion site, please be sure to check in there for greater details. Before we continue with what’s new lets go over the breaking changes for this release.

Breaking Changes

In our last blog post we mentioned that we were going to be breaking up some sensors and their attributes. As of 3.0.0 we have completed this task and no longer have non-static attributes as part of any sensor. If you are missing any data please check the Manage Sensors screen under App Configuration and enable the sensor you were previously using as an attribute.

Another major breaking change in this release is that the widgets were refactored to align with the application architecture. Unfortunately this means that some existing widgets may disappear from your home screen and will need to be recreated. We apologize for this and are unable to bring back the existing widgets that were lost. If you forgot what data was there we do have that saved, more on that down below.

Onboarding Improvements

The first big change is that our onboarding screen has changed, we now ask the user to enter their preferred device name that gets attached to all entities that are created by the app. This was a source of frustration for some users as this meant that anytime they logged into the app they would then need to rename their entities to the name that they actually want. By default the device name is the device model but that is not meaningful to some users, especially if they have more than one device of the same model.

Screenshot of the new onboarding flow Screenshot of the new onboarding flow.

New Sensors

We have several new sensors to welcome to the app, all of which are disabled by default. The first set of sensors were actually introduced in 2.5.0:

  • Traffic Stat sensors - Sensors whose state represent the amount of data sent and received by the device. Mobile data may not be accurate, it depends on the data that we get from the API.

The following sensors are new in 3.0.0:

  • Keyguard sensors - Sensors that represent various states from the Keyguard API, such as if a device is currently locked or has a password setup. These sensors will update during the periodic 15 minute interval.
  • Last Notification sensor - A very powerful sensor that requires a special permission you must grant to read all notifications posted on the device. All attributes of the notification are provided as attributes for the sensor. You can think of this sensor as a great way to integrate any app that posts a notification to your device allowing you to automate around it. Personally I have been using it to integrate a food delivery app, to detect when my order will be delivered and automate around it. This sensor will update as soon as a notification is posted.
  • Last Update Trigger - A sensor whose state will represent the reason for the last update that was sent to your Home Assistant instance. This sensor will update anytime an update is sent to your Home Assistant instance.

Sensor Settings

We didn’t stop at just adding new sensors, we also made enhancements to the overall sensor experience. Starting from version 2.5.0 certain sensors have custom settings that can help with what updates actually get sent to your Home Assistant instance.

Screenshot of location settings Screenshot of location settings.

  • Next Alarm - This sensor has a setting for an allow list. This means that if you have an app that reports really odd timestamps as an actual alarm, you can now ignore them by telling the app which packages to send reports from. By default the list is blank. Tasker users are recommended to make use of this setting.
  • Last Notification - This sensor also has an allow list to let the user create a list of apps from which they want notification data from. By default all notifications are sent to your Home Assistant instance. We highly recommend that you set up an allow list as soon as you can think of one to prevent a high amount of updates. You will be surprised by the amount of data that will show up in a short time period.
  • Last Reboot - A bug was discovered where sometimes the timing in the calculation of the device’s last reboot could be off causing an unnecessary update. There is now a deadband setting to allow you to adjust the timing to ignore updates. By default this is set to 1 minute, you most likely won’t need to change this.
  • Location Sensors - All 3 location sensors now have settings to allow you to adjust the minimum accuracy required to send a update to your Home Assistant instance. There is also a setting to adjust the minimum amount of time between updates. This should help a lot of users out who don’t get the location results they expect. We recommend changing this setting after you evaluate all of the location fixes in 3.0.0 as location tracking may already be improved without needing to adjust these.
  • WiFi BSSID - This sensor has a setting that will allow the user to provide an alias for the currently connected BSSID. Not everyone can remember a MAC address let alone dozens of them. This setting is designed to help out those who use this sensor to make better sense of things without the need for secrets or templates. If you live in a household with multiple access points you may find it useful to set up an alias to help with things like room presence. By default this sensor reports the connected MAC address.

Android 11 Power Menu

We now integrate with Android 11’s power menu device control feature. The following domains are currently supported:

  • automation On/Off
  • climate Temperature slider
  • cover Open/Close
  • fan On/Off, speed slider
  • input_boolean On/Off
  • input_number Number control slider
  • light On/Off, Brightness control slider
  • lock Lock/Unlock
  • scene Turn on scene
  • script Turn on script
  • switch On/Off

Screenshot of power menu Screenshot of power menu.

Notification Improvements

There have been several improvements to notifications as well.

  • An event gets sent upon a notification being cleared along with all notification data.
  • Notifications can make use of the alarm stream to bypass a device’s ringer mode setting. This can be useful if there is an important event such as an alarm being triggered. Make sure to check the updated Android examples on the companion site.
  • Text To Speech notifications, with the ability to use the alarm stream if desired. By default it will use the device’s music stream. There is also an additional option to temporarily change the volume level to the maximum level while speaking, the level would then restored to what it was previously.
  • New device commands to control your phone: broadcasting an intent to another app, controlling Do Not Disturb and ringer mode.
  • Opening another app with an actionable notification, make sure to follow the Android examples.

Other Enhancements

We have also spent time making improvements to all other areas most notably inside App Configuration:

Screenshot of settings Screenshot of settings.

  • App language can now be overridden to match a user’s profile, this will impact the name of entities that get added as well as the App Configuration appearance. By default your device will use your phones language however, we noticed some users actually prefer Home Assistant to always be in a different language on their device. With this feature you can now set the language to be one of any that are supported by the app. You can also help us translate the app on Lokalise.
  • History of recently received notifications, along with all data that was sent
  • Notification rate limit information to help you understand if you are about to go over the daily limit.
  • Editable widgets, with the ability to delete missing widgets as mentioned in the breaking changes. This is really helpful if you ever created a widget and realized you needed to make one more adjustment.
  • Widgets now update when the screen turns on to provide faster updates
  • A new widget to control any media player

Screenshot of media player widget Screenshot of media player widget.

  • Enable/Disable all sensors
  • Events for entering or exiting a zone along with all location data
  • Link to the current release changelog on GitHub
  • File upload support for add-ons or person image upload
  • The ability to opt out of sending crash reports to help the team investigate crashes. If you decide to opt out please make sure to report issues on GitHub otherwise we may not know the issue exists.
  • Lots of location fixes for more accurate reporting
  • Lots of bug fixes and other miscellaneous enhancements

Big thank you to everyone involved. Hope you take the time to digest all the new features. Looking forward to all the new use cases and feature requests everyone has been having.

The full changelog can be found on GitHub.


0.117: Quick Bar, compact header, a YAML editor, XBox and Template types

80 minutes reading time

And the train just keeps on rolling… Home Assistant Core 0.117!

Some big releases lately, and this is a big one for sure. However, interesting this release is the amount of little improvements! I guess that is the result of Hacktoberfest!

We have seen a crazy and absurd amount of contributions this October, lots of new faces too! 500+ pull requests on the documentation, 700+ on the core and 150+ on the frontend processed up until now! Amazing! You guys rock!

Also, the Home Assistant Conference has been announced! If you want to speak at the very first, online, Home Assistant Conference, be sure to submit your talk before 31 October.

And finally, while writing this, I’m enjoying Home Assistant Podcast, as they have released their episode for 0.117 already. 🎙 Thanks for all you do guys, always a pleasure to listen to.

Darn, we do have an amazing community, don’t we? 😍

../Frenck

PS: Oh, later today might be fun! We are looking into trying to do a Home Assistant live stream / mini-release party / Q&A on the Home Assistant YouTube channel. So, keep an eye on our social media for the announcement.

Stefan Agner joins Nabu Casa!

Today we are pleased to announce that Nabu Casa hired Stefan Agner to work on the Home Assistant project.

Stefan is specialized in embedded systems and the Linux kernel, and he will be mainly working on improving and extending the Home Assistant Operating System.

In his spare time, he loves to hack on all things embedded. From making the ARM Linux kernel getting built by Clang to building sensor nodes using MicroPython.

If not hacking, he’s probably out and about for a hike or a good beer with friends.

Welcome Stefan! We are excited to have you!

Quick Bar

Let me quickly find that entity that is not on my Lovelace Dashboard… hold on… Configuration -> Entities, search for it… click the right one… Got it!

That isn’t efficient, right? @donkawechico to the rescue! He added an exciting new feature to our frontend: the Quick Bar.

This new dialog allows you to quickly open an entity or run a command.

It can be launched anywhere in Home Assistant; with the keyboard shortcuts e for entities and c for commands. You can switch between the entities and command modes by removing or adding the > at the start of the search input.

The Quick Bar is similar to the Command Pallet you might know from Visual Studio Code. He even copied the filter algorithm from Visual Studio Code, so you can search what you need even faster.

Screencapture of the Quick Bar. Screencapture of the Quick Bar.

The commands are currently limited to reloading YAML configuration and restarting Home Assistant, but expect this to grow rapidly! The same goes for the keyboard shortcuts; the plan is to add more so you can quickly perform actions and navigate Home Assistant from anywhere with a couple of key presses!

Check the documentation for more information and usage tips.

Compact header

@maykar recently archived his immensely popular custom header repository, promising to bring parts of it to the core of Home Assistant.

Well, he did; this release, our Lovelace header is compact! 🤩

He combined the two bars we had in 1 by replacing the dashboard title with the tabs that used to be shown below it. He did a lot of work to make the tabs take up the least amount of space, while still being user friendly.

We think it looks great! And, finally, welcome to core @maykar!

Screenshot of the compact header. Screenshot of the compact header.

Script and automation YAML editor

@thomasloven added the ability to edit an entire automation or script in the UI with YAML.

This is the perfect blend for people that want the best of both worlds, editing in the UI with the normal UI editor and for some more complicated automations, maybe edit it directly in YAML, all from the UI.

Screenshot of the new YAML automation editor. Screenshot of the new YAML automation editor.

He also added a very useful copy button to make it easy to share your automation with the community. You can then easily paste it back in the YAML editor and continue editing after switching to the UI mode.

Xbox integration

Xbox now has a full blown integration in Home Assistant, which delivers remote control and tons of other features.

This awesome addition is created by @hunterjm and he made this nice little video demonstrating his creation:

Counters & Timers available as helpers in the UI

A nice addition to the helpers you can create and manage in the UI: Counters & Timers are now available! Thanks, @danimart1991!

Screenshot of the new Counter & Timer helpers. Screenshot of the new Counter & Timer helpers.

Native types support for templates (Beta)

Ever tried to make a list of entities or set a RGB color via an template? If so, you probably would have learned, that it is not that simple. In Home Assistant, the result of a template always have been a piece of text (a string), even if you made a list.

This release adds support for native Python types in templates. This means that templates now actually can create lists, or return a number!

For 0.117, native template types will be a opt-in beta feature, that will become the default in the next release.

You can enable it, by disabling the legacy_template rendering in your configuration.yaml:

homeassistant:
  legacy_templates: false

After that, you can do things like this:

script:
  my_script:
    alias: "Example"
    description: Example script with native lists in templates
    variables:
      entities:
        - light.living_room_window
        - light.living_room_table
      color: [255, 0, 0]
    sequence:
      service: light.turn_on
      target:
        entity_id: "{{ entities }}"
      data:
        rgb_color: "{{ color }}"

This is an extremely powerful change to our template engine, that allow for more advanced future additions and can significantly reduce the complexity of existing templates in your set up.

It should be mostly compatible with your existing templates, however, if you enable this feature, please be sure to check the breaking changes section.

We’d love to hear you experience with using this feature! And, if you run into, problems, please let us know.

Other noteworthy changes

It is Hacktoberfest, and a lot smaller, but noteworthy changes this release!

First a shout out to @spacegaier, he did a LOT of improvements (29!) this release. Visual tweaks, quality of life improvements and random fixes, like:

  • Colors in the log for errors and warnings
  • Automatically fill the Lovelace resource type based on the extension of the URL
  • Make more text translateable
  • Make attributes more user friendly
  • Show the number of hidden entities in the entities configuration page
  • And a lot more!

But wait, there is more!

  • @allenporter started working on adding Google Nest Device Access to the Nest integration. It is a base to extend on, for example, there is no thermostat yet. Looking forward to the upcoming releases!
  • You can now save automations, scripts and scenes with ctrl/cmd + s. Thanks, @gilsonmandalogo!
  • @mattmattmatt added the ability to dismiss all notifications at once, and the notifications pane will close when the last notification was dismissed.
  • We improved compatibility and Home Assistant is now usable on more, mostly older, devices.
  • You can now search for the entity name in the entity picker besides the entity id, thanks @zsarnett!
  • Thanks to @cgarwood, you can see the configuration of OZW nodes straight from the UI!
  • @bieniu added voltage, power factor and energy sensors to Shelly integration.
  • The Media Player platform now has a repeat_set service that allows for changing the repeat mode. Sonos is the first integration that supports this service. Thanks @amelchio!
  • @amelchio also added support for playing Spotify URIs with the Sonos integration.
  • Thanks to @timmo001, the WLED integration now supports color palettes.
  • You can now monitor the battery state for your devolo Home Control devices, thanks, @Shutgun!
  • The Netatmo integration got some nice weather trend sensors, thanks @cgtobi!
  • Chromecast devices can now play Plex media using the standard play_media service. Nice work @jjlawren!
  • The media browser now supports the Squeezebox and Volumio integrations, thanks to @rajlaud and @OnFreund.

New Integrations

We welcome the following new integration this release:

New Platforms

The following integration got support for a new platform:

Integrations now available to set up from the UI

The following integrations are now available via the Home Assistant UI:

Release 0.117.1 - October 30

Release 0.117.2 - November 1

Release 0.117.3 - November 4

Release 0.117.4 - November 4

Release 0.117.5 - November 5

Release 0.117.6 - November 11

If you need help…

…don’t hesitate to use our very active forums or join us for a little chat.

Experiencing issues introduced by this release? Please report them in our issue tracker. Make sure to fill in all fields of the issue template.

Read on →