Description

If you are using the option “Enable Separate Storage For Workflow” in the Duplicate UDR Profile, there are scenarios where a workflow becoming unreachable due to an EC crash that can cause that workflow to become blocked. The Duplicate UDR Detection Agent will fail to take the profile lock during startup and will abort the workflow immediately at startup. This problem will then persist until the platform is restarted.

Resolution

The handling of unreachable profile storages has been fixed so that the lock is released allowing the workflow to start.

Description

A vulnerability was detected in Netty.

Resolution

Netty has now been upgraded and the vulnerability removed.

Description

A vulnerability was detected in the Azure library.

Resolution

The Azure library has now been updated and the vulnerability removed.

Description

A vulnerability was detected in the Azure Identity libraries used for Azure Profile authentication.

Resolution

Azure Identity has now been upgraded and the vulnerability removed.

Description

CVEs detected in multiple Netty and JSON libraries used by Google Cloud components.

Resolution

The Netty and JSON libraries have now been upgraded and the vulnerability is mitigated.

Description

When using the Shared Table profile, it is not possible to add a CSV Database profile, only PostreSQL.

Resolution

This problem has now been fixed and CSV can be selected in the Shared Table profile.

Description

The field for entering the SQL Query is missing in the Shared Table profile in Desktop Online.

Resolution

This problem has now been fixed and the SQL Query field is present.

Description

Error when running aggregation in “memory only” storage with real-time workflows.

Resolution

This has been fixed by including the required Hashed Wheel Timer jar file.

Description

If the Open API profile has an invalid yaml file, it becomes invalid when saved because some inner schema name under Properties contain invalid characters.

Resolution

This problem has now been fixed by adding a validation step for inner schema name under Properties. The Validation dialog will be displayed to inform the user whenever invalid characters are detected.

Description

Ultra does not support declaring bit_blocks in the prefix of a switched_set.

Resolution

Ultra has been updated to support bit_blocks in the prefix of a switched_set. The fields inside the bit_block can be used as any other field in the prefix.

Description

The HTTP2 RequestCycle UDR only allows single value parameters even though the OpenAPI 3.0 spec allows multi-value parameters.

Resolution

A new field named multiValuedParameters which is supports adding a map with a string and a list of strings has now been added to the HTTP2 Client RequestCycleUDR to support the addition of multi-value parameters. For backward compatibility and usage of the new field, see the user documentation of the HTTP2 Client RequestCycleUDR.

Description

The JMS Request and Collector agents contain fields without the Aria-Labelledby tag. The tag is used for accessibility purposes to read out the field name or label.

Resolution

The Aria-Labbeledby tag has now been added for the fields previously missing it.

Description

The Ultra Format Converter does not inform the user when trying to add a duplicate key in the default value list of a UDR.

Resolution

This has been fixed by displaying a validation error pop-up with an appropriate message in case the user tries to add a duplicate key in the default value list of a UDR.

Description

Deadlock occurs in the SAP JCO RFC agent when the user stops the workflow whenever the UDR queue is full of UDRs.

Resolution

Removed lengthy loop logic waiting for the UDR queue to become empty when the user stops the workflow. Removed lengthy loop logic waiting for the RFCExecutor Thread to complete when the user stops the workflow. Added a try-catch handler for InteruptedException to exit the RFCExecutor Thread when the user stops the workflow.

Description

When using the 5G profile with http2 agents, there were some inconsistent behaviors relating to the heartbeat timer, custom specification, and response handling.

Resolution

We enhanced the 5G Profile and its response handling behavior when used with the http2 agents to be more in line with the details stated in the 3GPP documentation.

Description

When configuring a Data Hub Task workflow in the Workflow Table, the default Data Hub profile configured in the agent is selected by default and when clicking Browse, no other Data Hub profiles available in the system are displayed making it impossible to select another profile.

Resolution

This problem has now been fixed, and all available Data Hub profiles are displayed and selectable in the Workflow Table.

Description

When using PostgreSQL as platform database and configuring another port than the default port, the platform will fail to start.

Resolution

This problem has now been fixed and you can select to use another port than default for PostgreSQL.

Description

When saving an invalid Vaadin OpenAPI profile it will be displayed as valid.

Resolution

This problem has now been fixed, and the correct status will be displayed when saving an OpenAPI profile.

Description

When the SAP JCO Agent trace level is set to 8 or above, it will try to retrieve the session attributes to be output. This will cause a runtime exception if the session has not been initialized.

Resolution

A check to initialize a session if not already initialized has been added in the event the session attributes need to be read.

Description

The Apache Commons library contains a vulnerability (CVE-2023-34411).

Resolution

Apache Commons has been upgraded to a version where this vulnerability does not exist.

Description

When restarting the platform during heavy execution, it is possible to end up in a scenario with several workflow server state threads spawning. This is not intended and may, in some cases, lead to resource starvation on the platform making the system unresponsive.

Resolution

The underlying issue has been fixed by introducing thread synchronization measures to critical parts of the workflow server startup code.

Description

The schema name's first character must be capitalized for the OpenAPI profile to work on the HTTP2 Client Agent.

Resolution

Using lowercase for the schema name's first character is now allowed.

Description

The DetermineDbType.java library contains a vulnerability.

Resolution

DetermineDbType.java has been upgraded to a version where this vulnerability does not exist.

Description

The values in mz-oidc-secret.yaml are missing “ip”.

Resolution

This has now been fixed and the values in mz-oidc-secret.yaml are correct..

Description

Ingress is missing in the nginx-service.yaml.

Resolution

This problem has now been fixed and ingress is now included in nginx-service.yaml.

Description

When trying to add a new dynamic workflow to an encrypted template, an error stating “Nested exception” appears.

Resolution

This has now been fixed and new workflows can be added to encrypted templates.

Description

A number of vulnerabilities have been found in the Couchbase version used.

Resolution

TCouchbase SDK has now been upgraded and these vulnerabilities removed.

Description

When adding 3pp apps to the system, it is not possible to select the Provisioned checkboxes in Access Controller since they are read-only.

Resolution

This problem has now been fixed and 3pp apps can be provisioned as expected in Access Controller.

Description

When using the Amazon profile with IAM Role Selection it is not possible to access the AWS Bucket.

Resolution

This problem has now been fixed and AWS Buckets can be accessed when using IAM Role Selection.

Description

Open API Schema objects using the discriminator keyword are not validated correctly during processing.

Resolution

Support for schemas containing the discriminator keyword has now been added.

Description

The list of registered files that are used to check for duplication never gets updated. As the number of files to be collected is greater than the file list size, the Duplicate Filter fails to detect the files that have been collected in the previous workflow runs.

Resolution

Whenever new files are collected, the list of registered files must be updated to the most recent set of files dynamically. Hence the Duplicate Filter will be able to work correctly even if the number of files to be collected is greater than the file list size.

Description

UDRs with property fields containing the allOf schema will have their type shown as "any" in the UDR Assistant.

Resolution

The UDR generation has been fixed to link the correct type to the property fields.

Description

A ClassNotFoundException is seen in the EC log when an HTTP2 server/client workflow run with OpenAPI Profile contains schema type Array.

Resolution

A checking mechanism for any OpenAPI scheme type before trying to retrieve its runtime class has been added to avoid retrieving runtime class of schema type Array.

Description

The spring-core library contains a vulnerability (CVE-2023-20860).

Resolution

spring-core has been upgraded to a version where this vulnerability does not exist.

Description

If you exit an Explore Session with the ESC key in Aggregation Session Inspector, the profile lock is not released.

Resolution

A profile lock release procedure has now been added to solve this issue.

Description

In the System Exporter UI, select a config that has circular reference by another config, StackOverflowError exception was thrown.

Resolution

This issue is fixed. Circular dependencies can now selected.

Description

The example configurations documented related to Prometheus metrics did not produce a configuration that could be used to scale ECDs based on custom metrics.

Resolution

This has been corrected now.

Description

When UDRs are generated from the Open API schema specification file, certain UDR fields used in the response body are marked as read-only. In some cases, the HTTP2 Server agent needs to initialize and set those fields to generate a proper response.

Resolution

Added a checkbox in the Open API profile to allow users to have the option to ignore the read-only tag for the selected schema specification file.

Description

When running really large UDR through a workflow, the Encoder may not have capacity enough and throw an error.

Resolution

The Encoder has now been redesigned to allow larger UDRs and the the problem with processing large amounts of data is fixed.

Description

If you have multiple versions of the same batch workflow from different workflow packages trying to run at the same time, it can lead to deadlocks causing none of the versions to be started.

Resolution

This has now been fixed so that those workflows will as expected run sequentially in random order.

Description

When trying to open the Salesforce agent in a workflow that was created in an earlier version, you get a Null Pointer Exception.

Resolution

This problem has now been fixed and workflows with Salesforce agents created in earlier versions can be opened without errors.

Description

When creating an ECD after having made an installation with global.serviceAccountName set to a custom service account in the helm chart, the ECD will fail to start.

Resolution

This issue is fixed. An ECD can be created and started as expected when using custom service accounts.

Description

When removing a service account from the common ECD configuration, the value in the EC pod is not reset.

Resolution

This issue has now been fixed, and if a service account is removed, the EC pod is updated accordingly.

Description

The database forwarding agent was using two obsolete methods for Oracle's batch update functions. This causes performance issues when running toward Oracle 19c.

Resolution

The function calls have now been updated to no longer use deprecated implementations of the JDBC driver.

Description

When the Reauthenticate Users After Inactivity field in mzdesktop is set, sessions in Web UI are not terminated after a period of inactivity.

Resolution

Sessions are revoked after set period of time in the "Reauthenticate Users After Inactivity" field in access control.

Description

Profile and workflow exported from MediationZone 8 not compatible with Usage Engine. Some fields in 5G Profile and workflow instance table column gone missing when imported into Usage Engine.

Resolution

Some fields in 5G Profile and some fields in workflow instance table column exported from MediationZone 8 are given special handling when imported into Usage Engine.

Description

The view.timeout property in the Advanced tab of the Couchbase profile has a description that needs to be updated with the latest information about supporting N1QL queries.

Resolution

The description of the view.timeout property has been updated to indicate the support for N1QL queries.

Description

Sometimes workflow packages with long names would exceed the DB column limit of 64 characters for the workflow key. This would break the workflow handling.

Resolution

Validation has been added to the export of workflow packages to prevent this from happening. A (dynamic) limit has been added to the workflow package name. This limit is dynamic and not a “hard” limit because the key itself is comprised of other dynamic parts besides the wf package name, such as version, system name and instance ID.

Description

The workflow group “SystemTask.Statistics_Cleaner_grp” is cannot be imported.

Resolution

The issue is resolved and the workflow group can now be imported.

Description

When trying to delete configurations that other configurations depend on, you get the option to force delete and just let the other configurations become invalid. This is broken and the delete operation always fails.

Resolution

It is now possible to force delete configurations.

Description

Google library are crashing due to incorrect configuration of OSGi file causing it to expose the google protobuf library.

Resolution

It is now configured correctly and working.

Description

When setting the auth.oidc.ip.enabled parameter to true in the helm chart, the Platform pod fails to start and ends upp in CrashLoopBackOff status.

Resolution

This problem has now been fixed and the the Platform pod should start as expected when using the OIDC IP parameter.

Description

If a workflow package contains invalid references, you will get an exception in the platform log when creating an ECD for the package.

Resolution

This problem has now been fixed, and no errors will be displayed in the platform log if the workflow package contains invalid references.

Description

When clicking on encrypted workflows in the web interface, you will get an error message saying “Wrong Passphrase Entered”.

Resolution

This problem has now been fixed and encrypted workflows can be viewed as expected in the web interface.

Description

When running the SFTP server with the default Maximum Asynchronous Requests from the SFTP collection agent, performance drops.

Resolution

It is now possible to configure Maximum Asynchronous Requests for SFT and SCP collection agents, which makes it possible to tune the workflow for maximum performance.

Description

EC Groups can be created in the web interface even though write permission has not been granted to the user.

Resolution

Write permission validation has now been added for creating, editing and deleting EC Groups.

Description

If a workflow group within another workflow group is configured with a prerequisite, it does not wait for the prerequisite workflow to finish.

Resolution

This problem has now been fixed.

Description

When collecting files with the SFTP collection agent, the workflow hangs if the client sends hundreds of requests which the server cannot handle.

Resolution

The 3pp used by the SFTP agents have been upgraded and the maximum number of requests to the server has been limited to 16.

Description

A NullPointerException is thrown when attempting to assign a null value to a primitive type of integer when trying to store the value to database.

Resolution

This problem has now been fixed, and a NullPointerException will not be thrown when assigning null values.

Description

An external reference value with escape characters, such as a new line, was literally taken, i.e. converted to a string as is when using External Reference Database or Kubernetes.

Resolution

Now the value field can contain a multi lined value. If escape characters are added these will be handled correct.

Description

The current limit of 1000 characters for an External Reference value is not enough to store values like private key.

Resolution

The limit has now been increased to 4000 characters.

Description

When a user that does not have a license for Data Veracity tries to open Workflow Properties, an error will be displayed.

Resolution

This issue has now bee fixed and users without Data Veracity licenses can open Workflow Properties.

Description

When trying to open the Salesforce agent in a workflow that was created in an earlier version, you get a Null Pointer Exception.

Resolution

This problem has now been fixed and workflows with Salesforce agents created in earlier versions of MediationZone can be opened without errors.

Description

When stored UDRs from earlier versions of MediationZone are deserialized, you may get a ClassCast Exception.

Resolution

This problem has now been fixed and deserialization should work as intended.

Description

The Apache Commons library contains a vulnerability (CVE-2023-24998).

Resolution

Apache Commons has been upgraded to a non-vulnerable version.

Description

The current default JVM args for the Platform: - XX:MaxDirectMemorySize=4096m 3 - XX:MaxMetaspaceSize=256m 4 - Xms256m 5 - Xmx512m is limiting and should be updated.

Resolution

The default values have now been updated to: - XX:MaxDirectMemorySize=4096m - XX:MaxMetaspaceSize=256m - Xms256m - Xmx512m

Description

The documentation regarding write locks for Aggregation is misleading regarding possible number of simultaneous locks.

Resolution

The documentation has now been updated to say that only one lock can exist in all bullet points in the Aggregation profile configuration description.

Description

Due to a previous bug fix, an exception is caused due to accessing an uninitialized list.

Resolution

This problem has now be sovled and a check for an empty null value of the list has been added.

Description

A CVE regarding goyaml, CVE-2022-28948, was detected in the operator.

Resolution

goyaml has now been upgraded and this vulnerability removed.

Description

Python vulnerabilities was detected in the Docker images.

Resolution

Python vulnerabilities was detected in the Docker images.

Description

A vulnerability was detected in the OS in the Docker images.

Resolution

This issue has now been fixed and the vulnerability removed.

Description

SCIM rest api does not handle Default Group. Incorrect information could be showed when get a user or group.

Resolution

Default group can now be added on POST, PUT, PATCH commands. Users and groups are always showing the correct information.

Description

SCIM rest api can not be used when parameter mz.security.user.restricted.login is set.

Resolution

SCIM can now be used with mz.security.user.restricted.login.

Description

It is not possible to use the PCC Proxy to access PCC REST APIs via the platform without setting up NodePort services for the EC web server, since you have to explicitly point out the EC host in the mz.pcc.restful.host property.

Resolution

The PCC proxy now dynamically detects registered clients. As long as you have any running ECD with PCC enabled no explicit configuration is needed.

Description

When encoding UDRs with the JsonEncodeUdr APL function, the UDRs containing field names starting with numbers or symbols are modified to satisfy Java class naming rules.

Resolution

Fix the encoding function to retain the original field name.

Description

When having a package image defined for an ECD, the check for existing workflows is done before docker init, and since it is the docker init that does the import in the CI/CD pipeline, the workflows will not be present when the check is done and the ECD will never startup and return a 404 error.

Resolution

This problem has now been fixed, and ECDs with package images start up as expected.

Description

Documentation for many System Tasks is missing.

Resolution

The documentation has now been updated to describe System Tasks.

Description

When updating the cache, the system tries to update all the classes referred in the Workflow package import irrespective of whether the referred classes may or may not be present/used in the packages.

Resolution

Skip unused/unavailable classes and type info during cache update.

Description

A CVE regarding Netty, CVE-2022-41881, was detected.

Resolution

Netty has now been upgraded and this vulnerability is removed.

Description

Apache CXF contains vulnerabilities (CVE-2022-46364 and CVE-2022-46363).

Resolution

Apache CXF have been upgraded to a non-vulnerable version.

Description

The Debian version used by the operator has now reached end of support and needs to be upgraded.

Resolution

The Debian version has now been upgraded to Debian 11.

Description

Some mzsh commands failures are not reported by the mzsh command line tool. Instead mzsh just silently fails, giving no feedback or error message.

Resolution

This problem has now been fixed and for any exceptions, an explicit message will be displayed.

Description

When using Data Veracity Masking, UDR List type fields can be selected for masking but the values are not masked in view UDR.

Resolution

This problem has now been fixed, and the selected UDR List fields are now masked.

Description

Commons-Net contain a vulnerability (CVE-2021-37533).

Resolution

Commons-net have been upgraded to a non-vulnerable version.

Description

When using the Http agents with Open API Profile, the agent does not handle requests that contains array schema properly and throws null pointer exception.

Resolution

This issue has now been fixed and the agent can handle requests with array schemas. Array schemas will be added to the open api class but will be skipped during decoding.

Description

A security vulnerability has been found in Netty versions 3.10.6.Final and 4.1.15.Final.

Resolution

Netty version is now upgraded to 4.1.73.Final to mitigate the reported vulnerability.

Description

Ultra doesn't support declaring bit_blocks in the prefix of a switched_set.

Resolution

Ultra has been updated to support bit_blocks in the prefix of a switched_set. The fields inside the bit_block can be used as any other field in the prefix.

Description

The "mzsh mzadmin/dr help user" command returns an output that does not corroborate with the information specified in the documentation. It describes that the "command" and "command options" are optional. Also, when running the command without any argument like "help", a long java.lang.IndexOutOfBoundsException error is displayed.

Resolution

The issue is fixed by specifying the format of the command to be used on the console. When entering the command without any arguments like help, an "Invalid command was entered" error is displayed along with information on how to use the command.

Description

Unable to decode Avro if boolean data types exist in the middle of field definition.

Resolution

Fixed the boolean decode with the correct offset reading.

Description

If session files are corrupted in file storage aggregation then validate storage should fix corrupted files. In some cases it does not work.

Resolution

Full (raw and decoded) file reading is implemented for validate storage to identify invalid sessions and remove it make the file valid.

Description

When LDAP is configured for an MZ instance, the mzsh command does not work for users belonging to multiple non-MZ groups.

Resolution

A filter has been added to check only for users from MZ groups.

Description

The Azure Libraries package contain a vulnerability (CVE-2022-31684).

Resolution

The Azure Libraries package have been upgraded to a non-vulnerable version.

Description

The version of Golang used within the Operator is vulnerable to multiple CVEs.

Resolution

The Operator have been patched to use Golang 1.19.3.

Description

When using Usage Engine Private Edition 2.3, it is not possible to use Redis as storage for PCC as described.

Resolution

This problem has now been fixed and Redis can be used as storage for PCC.

Description

The Postgres driver contain a vulnerability (CVE-2022-41946).

Resolution

The Postgres driver has been upgraded to a non-vulnerable version.

Description

We do not support List and Map types for Data Veracity filter, repair and data masking. The documentation only mentions this fact in the Data Veracity search page.

Resolution

The note for unsupported data types for Data Veracity has now been added into the other parts of the documentation for Data Veracity. Namely in the filter, repair and data masking pages.

Description

The startup time for the Platform and ECDs have increased gradually between the last three releases.

Resolution

This problem has now been addressed and the startup time reduced considerably.

Description

If there is a issue when fetching information about which EC group has been used with an Aggregation profile, the Aggregation Inspector returns an error instead of displaying information about any aggregation profiles that can be procured. This was caused by incorrect checking of EC group names by the Aggregation Inspector.

Resolution

The Aggregation Inspector code has been fixed to perform a proper search for EC groups that an Aggregation profile uses.

Description

JMX-exporter contains vulnerabilities (CVE-2022-38752).

Resolution

JMX-exporter have been upgraded to a non-vulnerable version.

Description

When using the SFTP Collection Agent, the configured Sort Order criteria is not applied to subfolders when the SFTP collection agent setting is as follow:Include Subfolder option under Source tab is selected andEnable Sort Order option under Sort Order tab is selected andthe specified Directory contains only 1 subfolder (the said subfolder)The SFTP collection workflow run is expected to abort when the said subfolder does not meet the Sort Order criteria but instead the workflow runs successfully without error.

Resolution

This is fixed so that Sort Order criteria is applied when there is only 1 subfolder within the specified Directory.

Description

Newer versions of bndlib has been released that we should upgrade to.

Resolution

bndlib has now been updated to 6.3.1.

Description

Postgres schema name may be something else other than username. When using Postgres DB with Data Veracity, it was not possible to edit table names in Data Veracity Profile to include schema name with a dot '.', e.g.: schemaName.dvTableName. Any dots in the specified table name simply gets replaced with underscores "_".

Resolution

This fix allows schema name to be specified for Data Veracity table names. Data Veracity interprets the portion of name before the 1st dot '.' as schema name.

Description

SAP CC Online agent ignored the timeout value.

Resolution

Revert the refactor implementation code, SAP CC Online agent timeout function is working as before.

Description

SFTP Collection agent displays an ugly path containing extra dot and slash in exception message.

Resolution

Before the program throws out an exception which displays an ugly path, it requires normalization to get rid of the unwanted dot and slash.

Description

Using relative paths on the Directory field in SFTP collection agent causes workflows to abort because the absolute path is constructed incorrectly.

Resolution

Avoid changing the the working directory as the program traverses into different folders and subfolders. Instead, construct the absolute path dynamically each time as it tries to find the list of files and folders available in the current folder.

Description

Despite Couchbase storage not being supported by batch workflows, the Couchbase properties were still displayed when configuring the Aggregation profile.

Resolution

Couchbase properties will not be displayed during configuration unless it is a real-time workflow.

Description

If a workflow stop fails, the workflow state may get into an unrecoverable state. It will then be Running and can not be stopped unless the Execution Context is restarted.

Resolution

A workflow stop command will now always attempt to stop the workflow, even if the stop signal has already been sent.

Description

WebSwing contains vulnerabilities (CVE-2022-42920, CVE-2022-3171, CVE-2022-42003 and CVE-2022-42004).

Resolution

WebSwing have been upgraded to a non-vulnerable version.

Description

The Jackson libraries contain vulnerabilities (CVE-2022-42003 and CVE-2022-42004).

Resolution

Jackson and Jackson-databind have been upgraded to a non-vulnerable version.

Description

The documentation for EC Properties was missing a database property, connectionpool.strict.pool.size.

Resolution

The missing parameter is now added to the Infozone under the section of EC properties.

Description

The CometD Library contain a vulnerability (CVE-2022-24721).

Resolution

The CometD library have been upgraded to a non-vulnerable version.

Description

Sometimes the ResponseBody of an kubernetes ApiException can be null, which results in a null pointer exception in the EC Deployment API.

Resolution

This problem has now been fixed and if the ResponseBody is null, an error message will be displayed.

Description

When user insert a wrong SAP CC login password, workflow can be start without abort, no authentication failed message at debug mode.

Resolution

When authentication failed it will immediately showing error and abort the workflow.

Description

The mzcli script is unable to substitute environment variables in a command.

Resolution

This issue has now been fixed and the environment variables are substituted successfully.