Bug Fixes

Description

Restrictions for xml attributes no longer work and the UDR field will get any type.

Resolution

The issue has been fixed.

Description

During the MZ9 installation, a fully automated process is not possible because the system prompts the user to provide a keystore and update the admin password .

Resolution

Support has been added to specify the keystore in install.xml and automate the password change, eliminating the need for manual intervention during installation.

Description

When running ./setup.sh prepare a number of warning messagages related to the SecurityManager API are displayed, which are not relevant to the user.

Resolution

These warning messages have now been suppressed and will not be displayed when running ./setup.sh prepare.

Description

Documentation created for DTK plugins is not reachable in the Desktop, only in the Legacy Desktop.

Resolution

Functionality for opening documentation created for DTK plugins in the Desktop has now been implemented.

Description

The default path for the syslog-debug log file was set to /tmp/syslog/, which caused installation failures on the same machine due to permission issues when different users were involved. Additionally, the syslog-debug file was being created even when the property mz.syslog.debuglogfile.enable was set to false.

Resolution

The default path for the syslog-debug log file has been updated to $MZ_HOME/tmp/syslog, and the syslog-debug file will no longer be created when the property mz.syslog.debuglogfile.enable is set to false.

Description

For Operations REST APIs 404 and 405, the returned error statuses are incorrect.

Resolution

This problem has now been fixed and the returned error statuses are correct.

Description

Documentation for the Workflow Services, Ordered Service, and Supervision Service was missing from the MZ and PE documentation sets.

Resolution

Documentation for these services has now been created and added to both the MZ and PE documentation sets.

Description

Aggregation using the SQL Storage has problems with aggregation lock handling when connection with the EC is lost. If the workflow does not manage to clean up the lock, then it is not as expected automatically released when the EC has been unregistered or restarted.

Resolution

The lock handling has now been fixed so that the SQL Storage follows the same semantics as the File Storage.

Description

Inconsistent and incorrect workflow route drawing behavior in Desktop.

Resolution

Updated the route drawing to provide a smoother route render when agent nodes or control points are moved.

Description

Workflow routes saved in Desktop with customized routes are rendered incorrectly.

Resolution

This problem has been fixed by adding a start and end point to the routes when the are opened in Desktop for the full route to be drawn properly.

Description

When upgrading, the pico cache folder size becomes larger.

Resolution

This problem has been fixed by adding two new properties; mz.picocache.link.use and mz.picocache.link.target.dir, which can be used to control the size of the pico cache folder.

Description

Installing MZ with PostgreSQL would fail if custom (non-default) values were set for tablespaces in the install.xml properties install.pg.tb.space.tab and install.pg.tb.space.idx.

Resolution

This issue has been resolved. The installer now correctly supports custom tablespace configurations. Users can specify both the tablespace name and storage location using the properties install.pg.tb.space.tab, install.pg.tb.space.tab.location, install.pg.tb.space.idx, install.pg.tb.space.idx.location.

Description

If there are unexpected files and corrupt storage under MZ_HOME/data/access-control, then this may work fine in MZ8 and be ignored there. However, this information can still break upgrade to MZ9.

Resolution

The error handling and robustness of the migration of users and groups have been improved.

Description

Audit Profile's Add/Edit Table field list is not shown due to the window being too small.

Resolution

Corrected the window size to take up more screen space.

Description

A working MZ8 database profile export when imported to MZ9 causes error.

Resolution

Fixed the issue to include the extra properties added in the connection string.

Description

There is no warning message when an untrusted/self-signed certificate is used in the Desktop Launcher.

Resolution

There is now a warning icon with a hovering message visible when untrusted/self-signed certificate is used in Desktop Launcher.

Description

A vulnerability has been identified in the current version of reactor-netty-http used.

Resolution

To mitigate this vulnerability, reactor-netty-http has been upgraded to 1.1.25.

Description

Existing documentation has wrong description for property install.pg.db.name and install.pg.owner.

Resolution

Correct documentation for property install.pg.db.name as database name, and install.pg.owner as database schema name.

Description

In DRDataInputStream , an error may occur if the list type is instantiated without a constructor.

Resolution

This is resolved by replacing Arrays.asList() with new ArrayList() to ensure the list is modifiable and avoid potential errors related to immutability.

Description

Information regarding enabling and configuration of the authorization server for Authorization Server are contained within two different pages, the Authorization Server Properties page and the Enabling Authorization Server page.

Resolution

The two pages are now linked and information populated across either pages are now easily found.

Description

Old encrypted configuration that were originally encrypted with the old encryption scheme of MediationZone 8.0 or earlier are not possible to decrypt and view

Resolution

It is now possible to decrypt such configuration in the desktop or by using the command line configuration command

Description

Built-in UDR types cannot be used in Ultra definitions files, and the error messages displayed when a user attempts to add them are not very clear.

Resolution

Two error messages have been rewritten to be clearer, and relevant documentation has been updated to elaborate on this.

Description

Built-in UDR types cannot be used in Ultra definitions files, and the error messages displayed when a user attempts to add them are not very clear.

Resolution

Two error messages have been rewritten to be clearer, and relevant documentation has been updated to elaborate on this.

Description

While executing the Postgres MZDB creation script (postgre_create_instance.sh), the script completes successfully. However, an error appears in the mz_db.log “LINE 1: GRANT mzowner TO ${install.pg.admin};”.

Resolution

The issue has been resolved. The install.pg.admin property has now been added to the install.xml file.

Description

If either of the two UDR types json.JsonObject or json.JsonArray are serialized in MZ8, they cannot be read after upgrading to MediationZone 9. This limitation may disrupt the reading of MZTagged data or old aggregation sessions containing UDRs of these types.

Resolution

This issue has been resolved by restoring the support for reading these UDR types in MediationZone 9, ensuring proper conversion of old MediationZone 8 data.

Description

In contrast to all our other jars, the Desktop Launcher jar is not signed.

Resolution

The Desktop Launcher has been updated and is now signed.

Description

The descriptions of the osgi and exportpackages options are incorrect in the DTK documentation.

Resolution

The documentation has now been updated.

Description

The JSON UDR types json.JsonObject and json.JsonArray may be mapped to the incorrect classes in validation or generation, causing workflows to become invalid or abort in runtime with ClassCastException . This was caused by the fix for XE-15008 introducing alternative incorrect mappings, making the actual class chosen indeterminate.

Resolution

The issue has been fixed so that those UDR types now are always mapped to the correct classes.

Description

When you have a list field with a terminated_by specification, this is encoded incorrectly for empty lists and the terminator is missing in the output. There are other situations where the specified terminator for a UDR type field can instead be duplicated in the output.

Resolution

Encoding of Ultra formats with terminated_by specifications have been fixed. There is an optional property mz.ultra.terminator.backcomp that can be used to recreate the old behavior for backwards compatibility reasons.

Description

Running Diameter over SCTP does not work anymore.

Resolution

This problem has now been fixed and you can run Diameter over SCTP.

Description

The installation readme.txt file contains links that direct users to the outdated installation guide.

Resolution

Update the installation readme.txt file with the correct links

Description

A high-severity vulnerability (CVE-2024-47554) was identified in the velocity-engine-core library.

Resolution

We have upgraded velocity-engine-core from version 2.3 to 2.4 to address the vulnerability.

Description

The project has updated its dependency on Apache Commons IO from version 2.11.0 to 2.16.1. This update addresses a critical Uncontrolled Resource Consumption vulnerability (CVE-2024-47554) in Apache Commons IO. The vulnerability was found in the org.apache.commons.io.input.XmlStreamReader class, where maliciously crafted input could lead to excessive CPU consumption, causing potential performance degradation or denial of service. The affected versions of Apache Commons IO are from 2.0 to before 2.14.0.

Resolution

Upgrading to Apache Commons IO 2.16.1 resolves the vulnerability (CVE-2024-47554) by fixing the issue in the XmlStreamReader class. Users are now protected from the uncontrolled resource consumption problem, and the project benefits from additional security and performance improvements introduced in later versions of the library.

Description

There was a security vulnerability (CVE-2024-47561) in Apache Avro where schema parsing in the Java SDK of versions 1.11.3 and earlier allowed for the possibility of arbitrary code execution by malicious actors.

Resolution

This vulnerability has now been removed by upgrading Apache Avro from version 1.11.3 to 1.11.4 and Apache Commons Compress from version 1.25.0 to 1.26.1, which also brings the library up-to-date with the latest bug fixes and performance improvements, ensuring better stability.

Description

In the Event Notification and Alarm Detection profiles, it was not possible to enter custom values in the Match Value dialogs, and the contents of the dialogs did not resize properly when the dialog was resized.

Resolution

The Edit Match Value dialog in the Event Notification profile and the Edit Alarm Condition dialog in the Alarm Detection profile have been enhanced to dynamically resize their contents when the dialog is resized. Additionally, the Edit Match Value dialogs in both profiles now support custom values.

Description

Responses from the REST Client and SAP CC Clients are not included in the traces from Conditional Trace.

Resolution

Those agents now support Conditional Trace and both request and response will be included in any produced traces.

Description

The regenerationconfigs command does not regenerate Ultra encoder classes. This can cause bug fixes and generation related configuration not to take effect during upgrade or manual calls of regenerateconfigs .

Resolution

The issue has been fixed and Ultra regeneration is now handled correctly.

Description

When creating a workflow package containing an Ultra encoder, it is possible for the workflow package to be incomplete and be missing some generated Ultra classes. In such cases, if you import that package to a clean system and run it there, the encoder may fail with a ClassNotFoundException .

Resolution

The issue has been fixed so that workflow package creation will include all necessary Ultra classes.

Description

If the pid file under MZ_HOME/log directory is removed during the mzsh startup command, then the startup will be reported as failed by mzsh

Resolution

The startup handling no longer depends on this file being available while waiting for process startup to complete

Description

The jsonDecodeUdr APL function does not handle invalid date strings correctly for optional date fields. Those optional fields are just set as absent, which should only be done if the field is the JSON null value.

Resolution

Now if the date value in JSON is not a valid date, it will get the actual value null, but it is still marked as present.

Description

There was a error running a mzsh command with credentials when platform was not running.

Resolution