- Packet Broker mutual TLS authentication: use OAuth 2.0 client credentials instead; set `pba.authentication-mode` to `oauth2` and configure `pba.oauth2`.

- Packet Broker forwarder blacklist setting `pba.home-network.blacklist-forwarder` has become ineffective.

title: "3.10.7"

- The inability to see individual end devices in the Console due to field mask errors.

title: "3.10.8"

- Packet Broker multi-tenancy with a single tenant The Things Stack configuration.

- Authentication Providers and External Users are now hard deleted by default.

- This requires a database migration (`ttn-lw-stack is-db migrate`).

- Application Server linking. The Network Server now pushes data to the cluster Application Server instead.

- Login after user registration leading to dead-end when originally coming from the Console.

- Frame counter display of end devices on initial page load in the Console.

- AU915-928 data rate indexes in Regional Parameter specification versions below 1.0.2b.

- This only affects The Things Stack AWS Launcher customers that use the AWS Marketplace AMI listing.

- All deployments are now advised to use the AWS IoT Core package that can be configured per application in Application Server.

- Synchronization in Gateway Server scheduler that caused race conditions in scheduling downlink traffic.

- End device claiming when the source device uses derived root keys.

- Console link in Account App for multi-tenant deployments.

- When multiple base domains are configured, the middleware uses the longest match to extract the Tenant ID.

- `temp` field of the UDP stats message is now type `float32` (pointer).

- Ocassional race condition in uplink matching with replicated Network Server instances.

- Application uplink queue handling in Network Server.

- Application Server session desynchronization with the Network Server. The Application Server will now attempt to synchronize the end device session view on downlink queue operational errors. This fixes the `f_cnt_too_low` and `unknown_session` errors reported on downlink queue push and replace.

- Panic while generating SX1301 config for frequency plans without radio configuration.

- TR005 Draft 2 and 3 QR code formats. Use the final version of the technical recommendation, with ID `tr005`.

- Downlink queue operations on ABP devices not working under specific circumstances.

- NwkKey handling for end devices in the Console.

- Backend validation messages for some forms.

- Gateway downlink message previews not displaying correctly in the event view of the Console.

- Importing end devices from the Console would occasionally ignore some device MAC settings fields.

- A maximum cap of 16KB per script is set at the API level.

- This only prevents setting large payload formatter scripts for new devices and applications; it does not remove payload formatters from existing applications and devices. Scripts sourced from the Device Repository are not affected. See [issue #4053](https://github.com/TheThingsNetwork/lorawan-stack/issues/4053) for more context on this change.

- The `gs.status.forward` event.

- The CLI now properly returns a non-zero exit status code on invalid commands.

- Gateway connection requests with zero EUI are rejected.

- End device payload formatter reset to `FORMATTER_NONE` in the Console.