SOOTHSAYER 1.10 released

Our latest feature release for our self-hosted server is out now and majors on offline data and security hardening. It’s a release aimed at administrators with six months of CloudRF fixes and features including the noise layer.

Offline data packs

Since we released pre-built images with 1.9, the setup effort moved from the software installation to the data. SOOTHSAYER uses elevation, landcover and buildings data on the backend and map tiles for the web interface.

Some customers have the luxury of local GIS teams and tile servers and are able to provide their own data but for many, they need help with sourcing and preparing this data. This where our datapacks comes in.

A SOOTHSAYER data pack is a compressed archive available on our support portal which unpacks to the /data/ folder allowing users to easily install pre-prepared multi-layer data from CloudRF.

Ibiza is back

Long time CloudRF users will recall we used to use the island of Ibiza as a start point and sandbox where users could evaluate the software at no cost. Now, data for the island is included to allow quality commissioning tests to take place. The data includes elevation, landcover, buildings and limited map tiles.

Enterprise authentication

When we implemented Active Directory previously, we hoped that the magic of standards, in this case Lightweight Directory Access Protocol (LDAP), would mean that this works with different servers. As it turned out, it only worked with Microsoft’s AD server and didn’t support groups. Some customers are using the open source alternative, FreeIPA, and all were making use of groups for Role Based Access Control (RBAC).

We’ve added support for FreeIPA, groups and Secure LDAP (ldaps) and provide verbose information in the web interface now to help admins quickly resolve issues which may arise with servers and permissions.

Security hardening

SOOTHSAYER is a cut of the CloudRF software, minus commercial restrictions, which receives security testing from the internet every single day, and has done for over 12 years. This public testing gives us a significant level of data and stress testing to improve our API.

One such area is login security which we’ve improved using NIST-800-53 guidance at the application layer to automatically block brute force attacks and lockout accounts. This functionality can also be implemented at the protocol layer with the web server along with rate limiting as we do on CloudRF.

We’ve taken the decision to remove unused third party features to reduce the attack surface, in this case the PGadmin web dashboard for administering the postgres database. This web app presented additional risk, confirmed by a CVE which appeared recently. Users who activated this optional component are advised to disable or upgrade it.

The postgres database can still be administered using third party clients by exposing its port within the docker compose file which should be protected with a firewall. By design, the database can not be accessed remotely.

SBOM

We’ve never been shy about showing off our software and it’s components. We ship a full manifest in an open SPDX JSON format to support risk assessments by smarter customers who make decisions with data not emotions. These tools are good but lack context and will report false positives for development libraries like Browserify and Cypress which are not used in production. If you have a query about a library in SOOTHSAYER, feel free to ask us.

Authentication endpoint

The user interface authentication endpoint has moved from the user interface into the API following a refactor so what used to be /ui/auth? is now just /auth? with the same parameters. This trivial but significant change will affect users of the ATAK plugin who will need at least version 2.1 with this release which is detailed on the plugin release. The endpoint accepts a username and password and returns a UID and API key.

Noise layer

Building upon the noise API we published, the user interface now has a noise layer which can be added to visualise the noise data from the database. The noise floor is visible within the tooltip and noise can be provided direct from cognitive radios, SDRs or spectrum monitoring systems. Several noise API clients are available on our Github page.

The reason for adding all these noise features will become apparent in time when RF heat-maps come alive instead of being frozen in time with an optimistic and common noise value across a city.

Noise is the biggest problem in spectrum management and if you ever find a hardware vendor who will admit this rather than sell you more radios (to compound the problem) stick with them.

Compatibility Matrix

Operating System	Architecture	Tested Docker Version	Tested Podman Version	Nvidia Driver
JetPack 6 (Ubuntu 24.04)	`arm64` (`aarch64`)	Docker `28.3.0` Docker Compose `2.37.3`	–	`540` (CUDA `12.6`)
RHEL 9.6	`amd64` (`x86_64`)	–	Podman `5.4.0` Podman-Compose `1.5.0`	`580` (CUDA `13.0`)
Rocky 9.6	`amd64` (`x86_64`)	Docker `28.3.3` Docker Compose `2.39.1`	Podman `5.4.0` Podman-Compose `1.5.0`	`580` (CUDA `13.0`)
Ubuntu 24.04	`amd64` (`x86_64`)	Docker `28.3.3` Docker Compose `2.39.1`	–	`575` (CUDA `12.9`)

Change log

Deprecation: Removed pgAdmin (/dbadmin).
Deprecation: Removed cniVersion host change for Podman versions no longer supported.
Deprecation: Removed Cesium ion (3D terrain and buildings & Bing map layer) from the UI due to change in TOS.
Feature: Official support for ARM-64 architecture.
Feature: Added install-data-pack.sh script to allow installation of provided data packages.
Feature: Added LDAP FreeIPA support.
Feature: Added LDAP groups support.
Feature: Added LDAP TLS option.
Feature: Brute force protection for user and admin accounts
Feature: Tile cache for the world to zoom 6 and Ibiza to zoom 14 with local DEM for offline tests/demos.
Feature: Added PHASE_TRACING_ENABLED option to enable/disable the Phase Tracing engine and interface.
Feature: Added USER_INTERFACES_ENABLED option to enable/disable user interfaces.
Feature: Added conf.d directory within config/nginx-frontend to allow extensions of the frontend Nginx container.
Feature: Added minimum version checking of podman and podman-compose during install.sh and update.sh.
Feature: Prompt to allow host vm.overcommit_memory when using RHEL with Docker to allow GPU pass-through.
Feature: Admin dashboard login uses same interface as user login.
Feature: Throw warning in the UI when accessing from address different to SERVICE_FQDN value.
Feature: Added maps.cloudrf.com contours cache to mapproxy.yaml.
Feature: Running SOOTHSAYER update.sh will populate manual_update_steps.txt with any manual stages necessary after an update.
Feature: Added system-details.sh script.
Feature: Added MAP_PROXY_CONFIG value to .env to allow override of MapProxy in online and offline modes.
Feature: SSL certificate is now automatically respun when the SERVICE_FQDN value is updated and contains a SubjectAltName
Feature: UI uses MapProxy cache by default to address the blue map FAQ
Feature: Automatic configuration of online and offline mode during install.sh.
Fix: Get true users IP address in the logs of nginx-frontend container.
Fix: Build failures when using Podman with some RHEL-based operating systems.
Fix: UPLOAD_MAX_FILESIZE_MB is not persistent in some long-running environments.
Fix: Some scripts contain unsupported Podman flags such as project directory
Fix: Upstream MapProxy tile server fails occassionally when requesting via HTTPS.
Fix: GPU containers are not starting on some versions of Podman due to lack of support for compose profiles
Fix: watch.sh script is not working on Podman.
Fix: GPU containers incorrectly showing as offline on Podman.
Fix: Password validation during install.sh was incorrectly checking minimum length
Update: API 3.28.0, UI 3.20.0, 3D UI 1.1.1, CPU Engine 1.17.1, GPU Engine 1.13.1, 3D Engine 0.2.3, AntennaWizard 2.1.0, Analysis Utilities (QRM2, SuperTool & NoiseGen) 1.1.0, Copy Protection 2.0.0, Documentation 2.10.0.
Update: CUDA 12.1.0 container image deprecated.
Update: MapProxy container updated to debian:13.0.

API

3.28.0 (2025-09-04)

Feature: Improved documentation on SOOTHSAYER DEM Manager.
Feature: Added support for frequency filter on /noise endpoint.
Feature: Default location updated to Ibiza.
Feature: SOOTHSAYER system status page now shows services which are online but require a license.
Fix: Public link export is returning a HTTP 500.
Fix: SOOTHSAYER system status page is slow to load in offline environments.
Fix: Increased maximum timeout for /merge and /mesh to be able to handle larger requests.
Fix: Refreshed the warning message when clicking “Reset Database” in the administrator dashboard for SOOTHSAYER.
Fix: Antenna favourite button is not obvious in the antenna manager.

3.27.0 (2025-07-31)

Feature: Terrain map changed to use OSM in dark mode.
Feature: More LDAP configuration options for SOOTHSAYER, including support for Free IPA.
Feature: SOOTHSAYER administration dashboard no login uses HTTP basic authentication.
Feature: added /noise endpoint to allow querying noise in its raw format.
Feature: Added name and group_name arguments when using /noise/create.
Feature: Added group_name argument support when using /noise/get and /noise/clear.
Fix: Noise data no longer expires. Instead it should be deleted if it is outdated.
Fix: Added maximum limit of 1000 entries when submitting with /noise/create.
Fix: Improved file efficiencies when deleting entire archive.
Fix: Best Server with multi-azimuth antenna results in HTTP 500.
Fix: Incorrect mp value being returned from preferences.php when used against SOOTHSAYER.
Fix: /points request with a point too close to a receiver results in a HTTP 500.
Fix: Return error if using bounds with a radius which does not cover the bounds area.
Fix: Exporting public link for a MANET network has a single transmitter in the wrong location.

3.26.0 (2025-07-03)

Feature: Added output-bounded CPU calculations.
Improvement: Engine attenuation/diffraction logic optimised for higher accuracy & GPU speed
Fix: Saving a MANET network fails with multi-azimuth.
Fix: Antenna search is case-sensitive.
Fix: Clutter profiles with spaces and underscores not used in calculations.
Fix: Saving a colour schema with a name of an integer breaks the colour palette manager.
Fix: 3D calculations incorrectly proceeding when model metadata is missing from the database.
Fix: Deleting all data results in a failed rate limit check.

3.25.0 (2025-05-22)

Feature: Noise maps for Area, path, points, multisite APIs. Use noise:database to activate
Fix: Retrieving preferences not honouring values which are more recent.

3.24.0 (2025-05-20)

Improvement: Landcover can be used out to 100km
Improvement: Landcover can be used up to 60m resolution
Improvement: SHP file max size doubled to support high resolution calcs

UI

3.20.0 (2025-09-04)

Feature: Restyle login page.
Feature: Import noise data.
Feature: Added an error page for SOOTHSAYER when request host and configured FQDN do not match.
Feature: Default location updated to Ibiza.
Feature: Local mapping server added automatically to SOOTHSAYER UI.
Fix: Coverage analysis not importing data.
Fix: Saving template fails for environments without a GPU.
Fix: Imported MANET nodes not rendering immediately.
Fix: API requests to progress failing authentication.
Fix: “Stop Processing” button for “Automatic Processing” gets disabled for all instances after pressing one time.

3.19.0 (2025-07-15)

Enhancement: Rotate antenna template plots to match custom plot behaviour

3.18.0 (2025-07-07)

Feature: Non-custom antenna plots are updated to show tilt/azimuth.
Feature: Polygon bounds for area, MANET and BSA calculations.
Fix: Clutter profile reset after using the custom clutter menu.
Fix: Importing MANET results in immediate evalution, rather at the point of confirmation.

3.17.0 (2025-06-19)

Feature: Live noise layer using the noise API
Feature: Live noise reported on tooltip when data available
Enhancement: Updating map selection. Default is contours from Thunderforest via maps.cloudrf.com
Enhancement: Default thresholds when changing bandwidth updated to 5dBuv, 5dB SNR or noise +20 dBm
Enhancement: Local tile server available as a custom layer vs a separate layer
Fix: Loading preferences not adjusting receiver sensitivity slider, causing it to sometimes become out of sync with the true sensitivity value.
Fix: Popup title during validation failure is not set, causing stale title to be used.

3.16.4 (2025-05-21)

Fix: Adjusting bandwidth changed the noise floor in database mode.
Fix: Hidden MANET markers can be moved without triggering API calls
Fix: Marker is changed to Tx when clearing layers in route analysis or multi-point links mode.
Fix: MANET tool SNR links are wrong way around.

3.16.3 (2025-04-16)

Fix: HF Skywave endpoint used for other propagation models after switching back.

3D UI

1.1.1 (2025-07-30)

Fix: Update authentication mechanism to make use of API /auth endpoint.

CPU Engine

1.17.1 – 2025-08-08

Feature: Added output-bounded calculations.
Feature: Antenna logic moved into shared library.
Fix: Improved accuracy of downtilt angle for path calls where the receiver is above the transmitter.

1.17.0 – 2025-06-12

Feature: Added new clutter diffraction/attenuation logic.
Improvement: added support for noise geotiffs.

GPU Engine

1.13.1 (2025-08-08)

Feature: Antenna logic moved into shared library.
Fix: Improved accuracy of downtilt angle for path calls where the receiver is above the transmitter.

1.13.0 (2025-06-12)

Feature: Added new clutter diffraction/attenuation logic.
Improvement: Increased performance.
Improvement: added support for noise geotiffs.

3D Engine

0.2.3 (2025-09-03)

Change: Antenna logic moved into shared library.

0.2.2 (2025-04-16)

Fix: Stability improvement to core algorithm