Version |
Case ID |
Internal ID |
Components |
Summary |
9.0.0.0 |
|
XE-8444 |
Vaadin
Web Desktop
|
Unable to Terminate Sessions in Web UI After a Period of Inactivity
Description When the "Reauthenticate Users After Inactivity" field in mzdesktop is set, sessions
in Web UI are not terminated after a period of inactivity.
Resolution Sessions are revoked after set period of time in "Reauthenticate Users After Inactivity"
field in access control.
|
9.0.0.0 |
|
XE-8443 |
Core
System Log
|
Pico Management Not Updating System Log
Description If Pico config is updated form Web Pico Management UI then system log is not updated.
Resolution System log is added with proper details for updates.
|
9.0.0.0 |
34957
|
XE-8181 |
Data Veracity
|
Nullpointer Exception Introduced by a Previous Fix
Description Due to a previous bug fix, an exception is caused due to accessing an uninitialized
list.
Resolution This problem has now be sovled and a check for an empty null value of the list has
been added.
|
9.0.0.0 |
35090
|
XE-7962 |
OpenAPI Profile
|
JsonEncodeUdr APL Function Does Not Retain Original Field Name
Description When encoding UDRs with the JsonEncodeUdr APL function, the UDRs containing field
names starting with numbers or symbols are modified to satisfy Java class naming rules.
Resolution Fix the encoding function to retain the original field name.
|
9.0.0.0 |
|
XE-7923 |
Documentation
|
Missing Documentation for System Tasks
Description Documentation for many System Tasks is missing.
Resolution The documentation has now been updated to describe System Tasks.
|
9.0.0.0 |
|
XE-7783 |
SAP CC
|
Wrong Password May Allow SAP CC Workflow to Start
Description When user insert a wrong SAP CC login password, workflow can be start without abort,
no authentication failed message at debug mode.
Resolution When authentication failed it will immediately showing error and abort the workflow.
|
9.0.0.0 |
|
XE-7763 |
Netty
|
Vulnerability in Netty
Description A CVE regarding Netty, CVE-2022-41881, was detected.
Resolution Netty has now been upgraded and this vulnerability is removed.
|
9.0.0.0 |
|
XE-7750 |
Web Services
|
Vulnerability in Apache CXF
Description
Apache CXF contains vulnerabilities ( CVE-2022-46364
and CVE-2022-46363
).
Resolution Apache CXF have been upgraded to a non-vulnerable version.
|
9.0.0.0 |
|
XE-7712 |
MZSH
|
Incorrect Handling of Some MZSH Command Failures
Description Some mzsh commands failures are not reported by the mzsh command line tool. Instead
mzsh just silently fails, giving no feedback or error message.
Resolution This problem has now been fixed and for any exceptions, an explicit message will
be displayed.
|
9.0.0.0 |
|
XE-7677 |
Apache Commons
CVE
|
Vulnerability in Commons-Net
Description
Commons-Net contain a vulnerability ( CVE-2021-37533
).
Resolution Commons-net have been upgraded to a non-vulnerable version.
|
9.0.0.0 |
35051,35291
|
XE-7663 |
OpenAPI Profile
|
OpenAPI Throws Error When Decoding Array Schema
Description When using the Http agents with Open API Profile, the agent does not handle requests
that contains array schema properly and throws null pointer exception.
Resolution Fix the agent code to allow handling of array schema. Array schemas will be added
to the open api class but will be skipped during decoding.
|
9.0.0.0 |
|
XE-7658 |
HTTP/2
|
Netty Version Upgraded
Description A security vulnerability has been found in Netty versions 3.10.6.Final and 4.1.15.Final.
Resolution Netty version is now upgraded to 4.1.73.Final to mitigate the reported vulnerability.
|
9.0.0.0 |
|
XE-7657 |
Ultra
|
bit_block Constructs Not Supported in Switch Statement Prefix
Description Ultra doesn't support declaring bit_blocks in the prefix of a switched_set.
Resolution Ultra has been updated to support bit_blocks in the prefix of a switched_set. The
fields inside the bit_block can be used as any other field in the prefix.
|
9.0.0.0 |
|
XE-7646 |
Azure 3pp
|
Vulnerability in Azure Libraries
Description
The Azure Libraries package contain a vulnerability ( CVE-2022-31684
).
Resolution The Azure Libraries package have been upgraded to a non-vulnerable version.
|
9.0.0.0 |
|
XE-7623 |
CVE
Postgres
|
Vulnerability in Postgres driver
Description
The Postgres driver contain a vulnerability ( CVE-2022-41946
).
Resolution The Postgres driver has been upgraded to a non-vulnerable version.
|
9.0.0.0 |
34957
|
XE-7618 |
Documentation
|
Unsupported Data Type for Data Veracity Only Mentioned in the Data Veracity Search
Page
Description We do not support List and Map types for Data Veracity filter, repair and data masking.
The documentation only mentions this fact in the Data Veracity search page.
Resolution The note for unsupported data types for Data Veracity has now been added into the
other parts of the documentation for Data Veracity. Namely in the filter, repair and
data masking pages.
|
9.0.0.0 |
|
XE-7529 |
SFTP
|
Sort Order Criteria not Always Applied to SFTP Collection Agent
Description When using the SFTP Collection Agent, the configured Sort Order criteria is not applied
to subfolders when the SFTP collection agent setting is as follows: The Include Subfolder
option under the Source tab is selected and the Enable Sort Order option under the
Sort Order tab is selected and the specified Directory contains only the specified
subfolder. The SFTP collection workflow run is expected to abort when the subfolder
does not meet the Sort Order criteri. Instead, the workflow runs successfully without
any error.
Resolution This is fixed so that Sort Order criteria is applied when there is only 1 subfolder
within the specified directory.
|
9.0.0.0 |
|
XE-7521 |
CVE
OSGI
|
Outdated bndlib Version
Description Newer versions of bndlib has been released that we should upgrade to.
Resolution bndlib has now been updated to 6.3.1.
|
9.0.0.0 |
34424
|
XE-7353 |
Aggregation
Couchbase
|
Properties for Couchbase Incorrectly Displayed in Aggregation Agent for Batch Workflows
Description Despite Couchbase storage not being supported by batch workflows, Couchbase properties
are still being displayed when configuring the Aggregation profile.
Resolution Couchbase properties will not be displayed during configuration unless it is a real-time
workflow.
|
9.0.0.0 |
30923
|
XE-7347 |
Workflow Engine
|
Failing to Stop Workflow May Cause the Workflow to Hang in Stopping State
Description If a workflow stop fails, the workflow state may get into an unrecoverable state.
It will then be running and can not be stopped unless the Execution Context is restarted.
Resolution A workflow stop command will now always attempt to stop the workflow, even if the
stop signal has already been sent.
|
9.0.0.0 |
|
XE-7315 |
Web Desktop
|
Vulnerability in WebSwing
Description
WebSwing contains vulnerabilities ( CVE-2022-42920
, CVE-2022-3171
, CVE-2022-42003
and CVE-2022-42004
).
Resolution WebSwing has been upgraded to a non-vulnerable version.
|
9.0.0.0 |
|
XE-7228 |
CVE
Jackson
|
Vulnerability in Jackson libraries
Description
The Jackson libraries contain vulnerabilities ( CVE-2022-42003
and CVE-2022-42004
).
Resolution Jackson and Jackson-databind have been upgraded to a non-vulnerable version.{color}
|
9.0.0.0 |
|
XE-7100 |
CVE
Salesforce
|
Vulnerability in CometD
Description
The CometD Library contain a vulnerability ( CVE-2022-24721
).
Resolution The CometD library have been upgraded to a non-vulnerable version.
|
9.0.0.0 |
32937, 488087
|
XE-6676 |
Core
Ultra
|
udrDecode Leaking Memory Due to ThreadLocal Implementation
Description When udrDecode or udrEncode is called from the initialize block, certain references
held as ThreadLocal values are not be released properly which can cause the system
to run out of memory.
Resolution The references stored as ThreadLocal values are now cleared properly and the system
will release memory when the garbage collector is called by the jvm.
|
9.0.0.0 |
|
XE-5976 |
Documentation
|
Missing Explanation on APL and Java Numeric Value Handling
Description APL and Java handle numeric values in a different manner. Inappropriate value operation
can result in an overflow.
Resolution The relevant documentation has been updated to reflect the differences between Java
and APL.
|
9.0.0.0 |
|
XE-5162 |
System Export/Import
|
Unable to import the Statistics Cleaner Workflow Group
Description The SystemTask.Statistics_Cleaner_grp workflow group is not possible to import.
Resolution The issue is resolved and the workflow group can now be imported.
|
9.0.1.0 |
40753
|
XE-9652 |
Documentation
SAP RFC
|
Error in SAP RFC Agent Documentation
Description Incorrect SAP RFC Agent Preparation Documentation
Resolution The correct information has been added to the Container section of the documentation
with the common.java.library.path property.
|
9.0.1.0 |
40750
|
XE-9646 |
Documentation
|
SAP CC Online Agent Documentation Incorrectly Placed and Missing Library
Description The SAP CC Online Agent Preparations documentation is incorrectly placed in the documentation
and the list of libraries is missing _core_admin.jar_.
Resolution This issue has now been fixed.
|
9.0.1.0 |
|
XE-9640 |
System Export/Import
|
Exception Thrown When Selected Config Has Circular Dependencies in Vaadin System Exporter
Description In the System Exporter UI, select a config that has circular reference by another
config, StackOverflowError exception was thrown.
Resolution This issue is fixed. Circular dependencies can now selected.
|
9.0.1.0 |
40731
|
XE-9634 |
Installation
|
Incorrect value populate in cell.conf from what had been set in install.xml file
Description Despite configuring _mz.name_ in the _install.xml_ file, the value doesn’t reflect
in the _cell.conf_ file post installation.
Resolution This issue is fixed. _mz.name_ value should now be populated correctly in _cell.conf_.
|
9.0.1.0 |
40176
|
XE-9596 |
Pico
Upgrade
|
Erroneous Start for EC After Upgrade from MZ8 to MZ9
Description When upgrading from MZ8 to MZ9, the ECs would start with errors.
Resolution The issue has been fixed and the ECs start without any error.
|
9.0.1.0 |
|
XE-9575 |
Data Veracity
Vaadin
|
Data Veracity Web UI Filters Failed to Delete and No Helpful Error Message
Description When user has failed to delete Data Veracity filter, there was error notification,
however the error message did not contain any helpful information.
Resolution When user fail to delete a Data Veracity filter, error notification will now contain
useful information for user to troubleshoot further.
|
9.0.1.0 |
40176
|
XE-9557 |
Documentation
|
Upgrade Instructions Not Fully Documented
Description The upgrade instructions for the Platform Container were not complete.
Resolution The documentation is now updated under section [https://infozone.atlassian.net/wiki/spaces/MD9/pages/4849779/Upgrade+Platform+Container|https://infozone.atlassian.net/wiki/spaces/MD9/pages/4849779/Upgrade+Platform+Container|smart-link]
.
|
9.0.1.0 |
40176 40492
|
XE-9540 |
Upgrade
|
Failed to upgrade to MZ9 when mz.security.user.password.reset.enabled is set
Description If MZ8.x platform has enabled property mz.security.user.password.reset.enabled, during
MZ9 upgrade it failed due to incorrect password state was migrated.
Resolution This issue is fixed. Platform should be upgraded successfully when mz.security.user.password.reset.enabled
is set.
|
9.0.1.0 |
40495
|
XE-9530 |
Documentation
SAP Hana
|
Support for Multi-Version Released 3pp Libraries
Description 3pp libraries using multi-version packaged jars could not be used. This was with
the SAP HANA JDBC driver, which made it impossible to use the _Try connection_ button
in the Database profile.
Resolution Multi-version jars, including the SAP HAN JDBC driver, can now be used.
|
9.0.1.0 |
40415
|
XE-9521 |
REST Agents
|
Cannot Save Workflow When REST Client Enables External References
Description When enabled external reference on REST Client, validation error was thrown even
though the reference value are set correctly.
Resolution This issue is fixed. External reference should now work on REST Client.
|
9.0.1.0 |
|
XE-9447 |
5G Profile
|
5G Profile NRF Behaviour Inconsistent with 3GPP Documentation
Description When using the 5G profile with http2 agents, there were some inconsistent behaviour
relating to the heartbeat timer, custom specification and response handling.
Resolution We enhanced the 5G Profile and its response handling behaviour when used with the
http2 agents to be more in line with details stated in the 3GPP documentation.
|
9.0.1.0 |
|
XE-9433 |
Conditional Trace
|
Disabled UI Buttons in Conditional Trace
Description Sometimes in the Conditional Trace UI, both the _Start_ and _Stop_ buttons may be
disabled.
Resolution The issue has now been corrected so that the _Start_ and _Stop_ buttons are always
enabled depending on whether a trace is running.
|
9.0.1.0 |
|
XE-9432 |
Conditional Trace
|
Conditional Trace UI Parameters Not Displayed
Description Conditional Trace UI may not correctly update the displayed parameters for the selected
Trace Template.
Resolution The issue has been fixed.
|
9.0.1.0 |
|
XE-9431 |
Core
|
Deserialization of UDRs May Result in a ClassCastException
Description When stored UDRs from earlier versions of MediationZone are deserialized, you may
get a ClassCast Exception.
Resolution This problem has now been fixed and deserialization should work as intended.
|
9.0.1.0 |
40176
|
XE-9419 |
Access control
Upgrade
|
Upgrade Failed Due To Platform Failing to Move auth.properties File Into mzdb
Description During the upgrade from mz8.3 to mz9.0.0.0, _auth.properties_ failed to update into
_mzdb_ if the table is empty.
Resolution Add a checking if the table is empty skip the update, and proceed to insert into
_mzdb_.
|
9.0.1.0 |
40176
|
XE-9417 |
Documentation
Installation
|
Missing Information About Desktop In Post Upgrade Instructions
Description The information about how to install the desktop or legacy desktop once the upgrade
is done was missing from the documentation.
Resolution The Post Upgrade section of the documentation is now updated with the relevant links.
|
9.0.1.0 |
|
XE-9400 |
Desktop Launcher
|
Legacy Desktop Launcher Issue with OpenJDK 17
Description Legacy desktop launcher will not work with OpenJDK 17.
Resolution This issue is fixed. Legacy desktop launcher is now compatible with the most recent
JDK version.
|
9.0.1.0 |
40176
|
XE-9385 |
Upgrade
|
Upgrade MZ8 to MZ9 fails when system insight is enabled
Description If system insight is enabled in the MZ 8.x installation by the property “mz.system.insight”
being set, then upgrade to MZ 9.0 will fail. The system will not start up since the
system insight packages are no longer available.
Resolution The issue has now been fixed and the property will have no effect in the MZ 9 system
after upgrade.
|
9.0.1.0 |
|
XE-9368 |
SAP RFC
|
Deadlock in SAP JCO RFC Agent When Stopping the Workflow
Description Deadlock occurs in the SAP JCO RFC agent when the user stops the workflow whenever
the UDR queue is full of UDRs.
Resolution Removed lengthy loop logic waiting for the UDR queue to become empty when the user
stops the workflow. Removed lengthy loop logic waiting for the RFCExecutor Thread
to complete when the user stops the workflow. Added a try-catch handler for InteruptedException
to exit the RFCExecutor Thread when the user stops the workflow
|
9.0.1.0 |
|
XE-9332 |
Documentation
Upgrade
|
Updating Upgrades Document on Database Properties Settings
Description Missing information on database related settings in the Upgrade Preparations document.
Resolution The missing information is now updated in the document.
|
9.0.1.0 |
|
XE-9328 |
MZSH
|
MZSH Commands Accessible Without Login
Description In previous versions of MediationZone, some administrative commands were exposed
to all users. This could potentially lead an unauthorized user to obtain information
about the system.
Resolution The verification of access rights has been fixed and sensitive commands are exposed
only to authorized users as per design. Additionally, the interactive mode has been
removed from mzsh.
|
9.0.1.0 |
|
XE-9325 |
Diameter
|
Excessive logging from Diameter
Description When receiving answers of timed out requests, the Diameter stack log one line for
ever message. This can cause very excessive logging in some situations which can impact
performance.
Resolution When there many log messages like this, the logging is now throttled to a reasonable
level
|
9.0.1.0 |
|
XE-9279 |
OpenAPI Profile
|
HTTP2 Server Agent Unable to Set UDRs with Read-Only Fields
Description When UDRs are generated from the Open API schema specification file, certain UDR
fields used in the response body are marked as read-only. In some cases, the HTTP2
Server agent needs to initialize and set those fields to generate a proper response.
Resolution Added a checkbox in the Open API profile to allow users to have the option to ignore
the read-only tag for the selected schema specification file.
|
9.0.1.0 |
|
XE-9259 |
System Export/Import
|
Vaadin System Exporter Memory Leak Issue
Description Navigating system exporter back and forth cause UI pico out of memory when the system
has a lot of configurations.
Resolution System exporter memory leak issue has been fixed.
|
9.0.1.0 |
|
XE-9250 |
Core
|
Encoder Cannot Handle Large Amounts of Data
Description When running really large UDR through a workflow, the Encoder may not have capacity
enough and throw an error.
Resolution The Encoder has now been redesigned to allow larger UDRs and the the problem with
processing large amounts of data is fixed.
|
9.0.1.0 |
|
XE-9186 |
JMS
|
JMS Collector Agent Optional Field Issue
Description The Subscription Client ID for the JMS Collector agent will fail the workflow validation
although the field is optional as mentioned in the documentation.
Resolution The Subscription Client ID Field is removed from the validation list.
|
9.0.1.0 |
|
XE-9116 |
SQL agents
|
SQL Forwarder Configuration Import Issues
Description Specific fields or configuration save states are lost when importing the SQL forwarder
from MediationZone 8.x to MediationZone 9.x.
Resolution Added logic to handle imports from MZ 8.x to MZ 9.x.
|
9.0.1.0 |
|
XE-8979 |
5G Profile
|
Open API Profile Config Import Issues
Description Certain fields or config save state is lost when importing the Open API Profile from
MZ 8.x to MZ 9.x
Resolution Add logic to handle imports from MZ 8.x to MZ 9.x
|
9.0.1.0 |
|
XE-8794 |
DynamicWorkflow
|
Exception Thrown When Editing Workflows
Description When editing a workflow using Workflow Editor, an exception can be thrown.
Resolution The issue has been fixed.
|
9.0.1.0 |
40160
|
XE-8495 |
Database Agents
|
Upgrade Oracle Deprecated Methods
Description The database forwarding agent was using two obsolete methods for Oracle's batch update
functions. This causes performance issues when running toward Oracle 19c.
Resolution The function calls have now been updated to no longer use deprecated implementations
of the JDBC driver.
|
9.0.1.0 |
|
XE-8276 |
Data Veracity
Vaadin
|
Unsupported Data Types are Selectable in Data Veracity UDR Browser
Description Unsupported data types like Map and List are selectable in Data Veracity Restricted
Field Edit/New dialog.
Resolution Unsupported data types are hidden from a user in Data Veracity Restricted Field Edit/New
dialog.
|
9.0.1.0 |
|
XE-8269 |
Data Veracity
Vaadin
|
Unable to Use Save or Save As on Data Veracity Search UI
Description The existing Data Veracity Search page has no option for Save New and Update. Users
can only load a saved filter and modify the queries.
Resolution This has been fixed by adding two new options added to Save, namely Save New and
Update, allowing the user to save as new or update existing.
|
9.0.1.0 |
|
XE-8211 |
5G Profile
|
Incompatible 5G Profile and Workflow Instance Table Exported from MZ8
Description 5G Profile and workflows exported from MediationZone 8 not compatible with Private
Edition and MediationZone 9. Some fields in the 5G Profile and workflow instance table
columns have gone missing when imported into PE and MZ9.
Resolution Some fields in the 5G Profile and some fields in the workflow instance table column
exported from MZ8 are given special handling when being imported into PE and MZ9.
|
9.0.1.0 |
33327
|
XE-6862 |
Core
|
Issue With Long Workflow Package Names
Description Sometimes workflow packages with long names would exceed the DB column limit of 64
characters for the workflow key. This would break the workflow handling.
Resolution This issue has been fixed by adding a character limit check to workflow packages.
Validation has been added to the export of workflow packages to prevent this from
happening. A (dynamic) limit has been added to the workflow package name. This limit
is dynamic and not a “hard” limit because the key itself is comprised of other dynamic
parts besides the workflow package name, such as version, system name, and instance
ID.
|
9.0.1.0 |
40036
|
XE-8829 |
Documentation
|
Documentation Update on Keystore Creation
Description The references to “mzsh keytool” are no longer valid.
Resolution Documentation has been updated to replace these references with valid information
on creating Keystore.
|
9.0.1.0 |
40731
|
XE-9633 |
Installation
|
Broken Link to Legacy Desktop Documentation
Description The link to the Legacy Desktop section in the user documentation is broken.
Resolution The link has now been fixed and points to the right place.
|
9.0.1.0 |
|
XE-9296 |
Documentation
|
Web Desktop Installation Documentation Incomplete
Description Web Desktop installation documentation had instances of service context and some
extraneous information.
Resolution The documentation is now updated accordingly.
|
9.0.2.0 |
|
XE-11110 |
Google Cloud Storage
|
Vulnerability Detected in Netty and JSON Libraries used by Google Cloud Components
Description CVEs detected in multiple Netty and JSON libraries used by Google Cloud components.
Resolution The Netty and JSON libraries have now been upgraded and the vulnerability is mitigated.
|
9.0.2.0 |
00042587
|
XE-11094 |
System Export/Import
Vaadin
|
Configuration not exported although in UI was selected
Description When a configuration with multiple dependencies is selected, unchecking one of the
dependencies will still show the correct result. However, after an export is performed,
some configurations that are selected are missing from the export file.
Resolution This issue is fixed, the configuration dependencies are now exported as expected.
|
9.0.2.0 |
|
XE-10875 |
Installation
Liquibase
|
Unable to Change Default JDBC Username and Owner of Postgres
Description It was not possible to install and run MZ with other username on JDBC user or pg.owner
than the default ones.
Resolution It is now possible to have other names for Postgres users.
|
9.0.2.0 |
00040716
|
XE-10798 |
Documentation
|
Insufficient Information on Operating System Requirements
Description The current documentation does not mention Linux distributions required for Java
installation.
Resolution The ‘Operating Systems’ documentation in Infozone is now updated with the Linux versions
supported for different Java versions.
|
9.0.2.0 |
40741
|
XE-10777 |
Documentation
|
Unclear Information of Properties in install.xml
Description The install and upgrade notes contain unclear information of all properties in the
install.xml.
Resolution The documentation is updated with the information for all properties, including database
related properties.
|
9.0.2.0 |
|
XE-10747 |
Postgres
|
Callable Statements with PostgreSQL
Description MediationZone only calls the JDBC driver’s getErrorCode() method to retrieve the
error code. It works for other databases except for PostgreSQL because the JDBC driver
of PostgreSQL returns error codes in getSQLState(), not getErrorCode().
Resolution If MediationZone is connected to a PostgreSQL database, the error code is retrieved
via the JDBC driver’s getSQLState() method. The value is then set to the newly introduced
“sqlState” property of DBErrorUDR which can be accessed from the APL code by calling
DBErrorUDR.SqlState.
|
9.0.2.0 |
00042083
|
XE-10730 |
Events
|
Group Is Not Set For 'Waiting' Workflow State Events
Description Event notification for workflow state provides workflow group name ‘null’ for WF
state ‘Waiting’ instead of the correct Workflow Group name.
Resolution The group field is now set in the event when the workflow has been scheduled by a
Workflow Group.
|
9.0.2.0 |
00041983
|
XE-10605 |
Workflow Engine
|
Order Service Does Not Work With Bytearray Data
Description When you have a realtime workflow with the Order Service configured as a workflow
service, then no routing of bytearray data will work. This means for example that
some agents such as the Encoder Agent are unusable.
Resolution Now bytearray data is routed normally, even if the Order Service is enabled.
|
9.0.2.0 |
|
XE-10432 |
OpenAPI Profile
|
ClassNotFoundException Is Thrown When Running Workflows with HTTP/2 Using OpenAPI
Profile
Description A ClassNotFoundException is seen in the EC log when an HTTP2 server/client workflow
run with OpenAPI Profile contains schema type Array.
Resolution A checking mechanism for any OpenAPI scheme type before trying to retrieve its runtime
class has been added to avoid retrieving runtime class of schema type Array.
|
9.0.2.0 |
41536
|
XE-10417 |
HTTP
|
HTTPS APL Plugin Fails Unless https.apl.keystore_location Property Is Set
Description When using HTTPS, the APL plugin fails if the “https.apl.keystore_location” property
has not been set. This property is not required unless the server requires 2-way authentication.
Resolution If the properties are provided, they will be used. Otherwise, it will be ignored.
|
9.0.2.0 |
|
XE-10303 |
Disk Collection
FTP
SCP
SFTP
|
Duplicate Filter Collection Strategy Stops Working After a While
Description The list of registered files that are used to check for duplication never gets updated.
As the number of files to be collected is greater than the file list size, the Duplicate
Filter fails to detect the files that have been collected in the previous workflow
runs.
Resolution Whenever new files are collected, the list of registered files must be updated to
the most recent set of files dynamically. Hence the Duplicate Filter will be able
to work correctly even if the number of files to be collected is greater than the
file list size.
|
9.0.2.0 |
|
XE-10269 |
OpenAPI Profile
|
Discriminator Keyword in Open API Schemas Not Supported
Description Open API Schema objects using the discriminator keyword are not validated correctly
during processing.
Resolution Support for schemas containing the discriminator keyword has now been added.
|
9.0.2.0 |
|
XE-10179 |
Installation
|
No validation on container name format during installation.
Description No validation done on container name during installation which will cause issues
in retrieving the state of its picos.
Resolution Add missing container name validation.
|
9.0.2.0 |
SF41368
|
XE-10176 |
Execution Manager
Upgrade
|
Several incorrect information on Execution Container Upgrade documentation
Description In the documentation, there are several incorrect information on the Execution Container
upgrade section.
Resolution The issues have now been corrected in the documentation.
|
9.0.2.0 |
|
XE-10163 |
Amazon S3
|
Amazon Profile Using IAM Role Unable to Access Bucket
Description When using the Amazon profile with IAM Role Selection it is not possible to access
the AWS Bucket.
Resolution This problem has now been fixed and AWS Buckets can be accessed when using IAM Role
Selection.
|
9.0.2.0 |
|
XE-10150 |
System Export/Import
|
System Exporter Page Failed to Load When Login User Does Not Belong to the Administrator
Group
Description When the login user does not belong to the Administrator group, Vaadin System Exporter
fails to load the page.
Resolution This issue is resolved. The System Exporter page should now load properly.
|
9.0.2.0 |
00041159
|
XE-10126 |
Access control
|
Access Group Permissions not Persisted When Upgrading from MZ8
Description After upgrading from mz8.x to mz9.x in the Swing Desktop, the access groups created
in mz8 are present but lack the execute/write permissions that were originally assigned.
Resolution To optimize the time and technical effort, we have implemented a workaround by updating
the documentation. It is now imperative to export users and access groups in the access
controller before the upgrade and re-import them afterward.
|
9.0.2.0 |
|
XE-10014 |
OpenAPI Profile
|
OpenAPI Profile Does Not Work in HTTP2 Client
Description
Description:
The schema name's first character must be capitalized for the OpenAPI profile to work
on the HTTP2 Client Agent. Resolution
: Using lowercase for the schema name's first character is now allowed.
Resolution
|
9.0.2.0 |
|
XE-9950 |
Core
|
Synchronizing WorkflowServer State Causes Resource Starvation
Description When restarting the platform during heavy execution, it is possible to end up in
a scenario with several workflow server state threads spawning. This is not intended
and may, in some cases, lead to resource starvation on the platform making the system
unresponsive.
Resolution The underlying issue has been fixed by introducing thread synchronization measures
to critical parts of the workflow server startup code.
|
9.0.2.0 |
|
XE-9918 |
Apache Commons
|
Vulnerabilith in Apache Commons
Description The Apache Commons library contains a vulnerability (CVE-2023-34411).
Resolution Apache Commons has been upgraded to a version where this vulnerability does not exist.
|
9.0.2.0 |
|
XE-9836 |
SAP RFC
|
JCO Agent Throws Unexpected Error at Trace Level 8
Description When the SAP JCO Agent trace level is set to 8 or above, it will try to retrieve
the session attributes to be output. This will cause a runtime exception if the session
has not been initialized.
Resolution A check to initialize a session, if it is not already initialized has been added
in situation where the session attributes need to be read.
|
9.0.2.0 |
|
XE-9831 |
OpenAPI Profile
|
HTTP2 Server Agent Unable to Set UDRs with Read-Only Fields
Description When UDRs are generated from the Open API schema specification file, certain UDR
fields used in the response body are marked as read-only. In some cases, the HTTP2
Server agent needs to initialize and set those fields to generate a proper response.
Resolution Added a checkbox in the Open API profile to allow users to have the option to ignore
the read-only tag for the selected schema specification file.
|
9.0.2.0 |
|
XE-9830 |
OpenAPI Profile
|
Invalid Vaadin OpenAPI Profile Shows Valid Status
Description When saving an invalid Vaadin OpenAPI profile it will be displayed as valid.
Resolution This problem has now been fixed, and the correct status will be displayed when saving
an OpenAPI profile.
|
9.0.2.0 |
40176
|
XE-9554 |
Upgrade
|
Install.xml Not Automatically Updated for SAP HANA Database
Description When upgrading to MediationZone 9 and the system database is SAP Hana, the install.xml
generates some incorrect values.
Resolution The values, install.admin.password, mz.jdbc.user, mz.jdbc.password, mz.jdbc.url,
install.db.jdbc.user, install.db.jdbc.password, install.sap.ssl.encrypt, are now correctly
updated from the old installation.
|
9.0.2.0 |
|
XE-9234 |
Ultra
|
Poor User Experience When Adding Duplicate Key in UDR Default Value List
Description The Ultra Format Converter does not inform the user when trying to add a duplicate
key in the default value list of a UDR.
Resolution This has been fixed by displaying a validation error pop-up with an appropriate message
in case the user tries to add a duplicate key in the default value list of a UDR.
|
9.0.2.0 |
|
XE-7994 |
HTTP/2
|
HTTP2 Client Requests Only Allow Single Value Parameters
Description The HTTP2 RequestCycle UDR only allows single value parameters even though the OpenAPI
3.0 spec allows multi-value parameters.
Resolution A new field named “multiValuedParameters” which is of type Map<String, List<String>>
has now been added to the HTTP2 Client RequestCycleUDR to support the addition of
multi-value parameters. For backward compatibility and usage of the new field, see
the user documentation of the HTTP2 Client RequestCycleUDR.
|
9.0.2.0 |
|
XE-7679 |
Installation
|
Platform Installation Does Not Prompt for New Admin Password When install.security
is Set to True
Description When running a new platform installation, the installation process does not prompt
for new admin password although the install.security was set to true in the install.xml.
Resolution This issue is fixed, the installation process will now prompt for new admin password
when install.security is set to true.
|
9.0.2.0 |
|
XE-7093 |
OpenAPI Profile
|
Open API Profile Becomes Invalid When Saved
Description If the Open API profile has an invalid yaml file, it becomes invalid when saved because
some inner schema name under Properties contain invalid characters.
Resolution This problem has now been fixed by adding a validation step for inner schema name
under Properties. The validation dialog will be displayed to inform the user whenever
invalid characters are detected.
|
9.0.2.1 |
|
XE-12085 |
Rebranding
|
Desktop Shows Wrong Name and Version After Removal of 'Branding' Entry From SDR
Description Removal of the ‘Branding’ entry from SDR caused the display of the wrong name and
version on the Desktop.
Resolution This is fixed now by adding a logic to check the product name and rebrand it accordingly.
|
9.0.2.1 |
|
XE-12143 |
Core
Ultra
|
Vulnerability Detected in Clojure
Description A vulnerability was detected in the version of clojure used.
Resolution This is fixed now by upgrading Clojure.
|
9.0.2.1 |
|
XE-11585 |
Avro
|
Vulnerability Detected in Avro
Description The Avro library included with the Ultra Avro support package is impacted by the vulnerability
CVE-2023-39410. This could allow for Denial of Service attacks by manipulating the
input data.
Resolution Avro has been upgraded.
|