Bug Fixes (2.2)

Description

When an ECD is disabled, it results in extensive error logging showing that the operator is trying to configure the workflow group.

Resolution

This issue has now been fixed and the operator will not try to configure the workflow group if the ECD is disabled.

Description

The timeout handler for the Couchbase aggregation service does not set the package context for workflow packages at creation, resulting in serialization error when running.

Resolution

This issue has now been fixed by ensuring that the package context is set in the timeout threads when they are created.

Description

When deploying the latest version, a performance issue was detected causing very long restart times for the pods.

Resolution

This issue has now been fixed and the restart time has been reduced to a reasonable size.

Description

The xmx and xms values in the webdesktop-configmap.yaml file cannot be edited without changing the template.

Resolution

The possibility to configure xmx and xms values has now been added to the Helm chart.

Description

There are a number of tables where we store workflow name in VARCHAR(128) columns. If we have very long workflow names, it is possible to exceed the limit of 128 characters. This can cause problems for ECS, Workflow Statistics, and System Log.

Resolution

The database schema has been updated and max workflow name size has been increased.

Description

When a workflow in a workflow package references a configuration that is not included in the package, it may cause several issues such as duplicate class exceptions, import problems, etc, depending on various conditions.

Resolution

This problem has now been solved by redesigning the reference handling between configurations.

Description

When authenticating the user during a REST API call, there are too many database operations. This can cause performance problems when there are many operations per second.

Resolution

The code has now been optimized so that the number of database operations has been greatly reduced.

Description

If the platform pod goes down, a rolling upgrade of the ECD is triggered.

Resolution

This problem has now been fixed and the ECD pod will keep running without any triggered rolling update if the platform pod goes down.

Description

User without execute permission in Workflow still able to view and execute the workflow on MZOnline.

Resolution

Permissions have now been added in MZOnline for configuring that a user without execution permission in Workflow would not able to access workflow.

Description

When configuring the pool size of a database used in a workflow, the execution context creates additional temporary connections even if a maximum limit is specified.

Resolution

A new system property connectionpool.strict.pool.size has been added which will turn the database connection pool into a Blocking Queue implementation with a strict maximum limit.

Description

The {{udrDecode}} and {{udrEncode}} commands have a number of problems introduced in Usage Engine PE 2.1.0 due to thread model changes. {{udrDecode}} can cause memory leaks when used in the {{initialize}} block and {{udrEncode}} can somtimes cause workflow aborts when used in standalone workflows.

Resolution

The implementation of the udrDecode and {{udrEncode}} commands has now been revised and the detected problems fixed.

Description

In the class ConnectionFactoryHelper, changing the logging level does not stop you from getting a specific log message even when the logging level is not critical.

Resolution

Logger in ConnectionFactoryHelper is fixed.

Description

A vulnerability was detected in the nginx version.

Resolution

The nginx version has now bee upgraded and the vulnerability removed.

Description

A vulnerability was detected in the Golang version.

Resolution

The Golang version has now bee upgraded and the vulnerability removed.

Description

If an aggregation profile has storage path configured with external reference, then session inspector is not showing contents of that aggregation storage.

Resolution

Function reading aggregation profile configuration for session inspector was changed to the one handling external references properly.

Description

When clicking on the *Kubernetes Dashboard* in MZOnline, you are redirected back to the login page, even though when entering the URL to the dashboard directly, you are directed to the right location.

Resolution

This problem has now been fixed, and clicking on *Kubernetes Dashboard* will take you to the right location.

Description

If the Platform and ECs do not share the storage, then the session count will be incorrect after changing the ec for the profile.

Resolution

Property {{mz.aggregation.storage.file.shared}} for every EC needs to be set to false . Also aggregation session lock mechanism is fixed for profile with separate storage per workflow settings.

Description

When working in MZOnline, users that are in groups without read or write permission are still able to edit and save External Reference profiles, while in Desktop this is not possible.

Resolution

This has now been fixed and users without read or write permission cannot edit and save External Reference profiles in MZOnline or Desktop.

Description

When using the auto unlock feature for users, a locked user account is still not unlocked after the stated number of minutes.

Resolution

This problem has not been fixed and a locked user account is automatically unlocked after the stated number of minutes.

Description

A number of vulnerabilities were detected.

Resolution

The following fixes have now been made:

• * X-Frame-Options header included in the HTTP response to prevent ClickJacking attacks

• * Anti-MIME-Sniffing header X-Content-Type-Options set to 'nosniff' to prevent older versions of Explorer and Chrome to sniff MIME sniffing on the response body

• * Signing of Desktop Launcher

• * Upgrading of 3pps

Description

When using data masking with data veracity it is not possible to export the configured masked fields when performing a configuration export.

Resolution

This has now been fixed, and it is possible to export and import the Dataveracity masked fields.

Description

A vulnerability was detected in the OS in the Docker images.

Resolution

This issue has now been fixed and the vulnerability removed.

Description

When using log forwarding, group messages are not forwarded.

Resolution

This problem has now been fixed and group messages are forwarded.

Description

When you click *Open* to select UDR file, the button shows as *Save* instead of *Open*.

Resolution

This issue is fixed, and the button shows the text *Open*.

Description

5G profiles containing null nested values, encoded and sent in HTTP2 requests will result in bad requests being returned as response.

Resolution

Null nested values in the 5G profile are no longer included in the encoded value that is sent in HTTP2 requests.

Description

Setting the fields host and port in the MQQueueManagerInfo UDR does not work as expected.

Resolution

This has now been fixed, and configuration  of the host and port fields will work as intended.

Description

During the TLS certificate provision, when the keystore is stored in a Kubernetes Secret, it is a common misconception that the platform.tls.key and platform.tls.key.alias in the values.yaml are to be removed/commented considering they might be used for the disk based keystore.

Resolution

Do not remove/comment the platform.tls.key and platform.tls.key.alias fields in the values.yaml file. This issue is fixed by providing a note on InfoZone to inform the user about the same.

Description

When there is a nested UDR, the masking fields will not work and will display the nested UDR value.

Resolution

To properly mask the nested UDR, a refactor will be required on the backend code. As of now a workaround is provided where you will have to declare the nested UDR fields in the parent UDR itself when choosing the fields to data mask.

Description

Workflow package sometimes aborts trying to find decoder outside the package.

Resolution

This has now been fixed, so workflow packaged supports both batch and realtime workflows.

Description

The two APL functions udrDecode and udrEncode are single threaded which can cause performance issues.

Resolution

The implementation has been updated to use thread local decoders and encoders to avoid this problem.*Note* This fix takes effect when the workflow is saved or configuration implementations are regenerated by using the "regenerateconfigs" mzsh command.

Description

The two APL functions udrDecode and udrEncode are single threaded which can cause performance issues.

Resolution

The Group information from mzcli has changed its format so the output says Enabled/Disabled instead. You can also see a list with all the members of a group.

Description

A vulnerability was detected in the Postgres version used.

Resolution

Postgres has now been updated and the vulnerability removed.

Description

The entrypoint for the platform pod has no sigterm handling which means the platform will not gracefully terminate when the pod is deleted. This could lead to resources not being released properly, files not being synced and other non-deterministic effects.

Resolution

This problem has now been fixed, and a sigterm handler has been added in the entrypoint.sh.

Description

A prompt with a warning that the Aggregation Profile is locked will occur when you try to delete a single aggregation session or when using the Delete All function.

Resolution

The issue is due to an incorrect handling on the backend code for the aggregation session storage. With a better handling now in place, you can delete the aggregation session once more.

Description

When the HTTP/2 Server agent is included in a workflow that also contains the HTTP/2 Client agent, the HTTP/2 Server agent produces incorrect decoding issues which do not appear if the same payload is run in the workflow after the HTTP/2 Client agent has been removed. 

Resolution

This problem has now been fixed and the HTTP/2 Server agent decoding provides the same result regardless of the presence of the HTTP/2 Client agent.

Description

The Web Desktop is still running on Java 11 while other images use Java 17.

Resolution

OpenJDK has now been upgraded to support Java 17 in Web Desktop.

Description

A vulnerability was detected in the OpenJDK version.

Resolution

The OpenJDK version has now bee upgraded and the vulnerability removed.

Description

A vulnerability was detected in the esapi version.

Resolution

The esapi version has now bee upgraded and the vulnerability removed.

Description

The Syslog Collection Agent does not handle character encodings as described in RFC5424 correctly.

Resolution

The agent now decodes UTF-8 encoded messages correctly.

Description

New couchbase properties cause Aggregation agent to fail if using an older Couchbase profile.

Resolution

This problem has now been fixed, a warning is written in the execution context log, and default values will be used during execution.

Description

A vulnerability was detected in the Go version.

Resolution

The Go version has now bee upgraded and the vulnerability removed.

Description

A vulnerability was detected in the Liquibase version.

Resolution

The Liquibase version has now bee upgraded and the vulnerability removed.

Description

When using parametrized in a Couchbase profile, passwords need to be written in clear text, and it is not possible to use External References and parametrization at the same time in a Couchbase profile.

Resolution

These issues have now been solved, and passwords need to be encrypted, and it is possible to use external references and parametrization in combination in a Couchbase profile.

Description

When using log forwarding, group messages are not forwarded.

Resolution

This problem has now been fixed and group messages are forwarded.

Description

When using the Couchbase profile it was not possible to set parameters for values in the Connectivity and Management tabs.

Resolution

This has been fixed and parametrization can be used in the Couchbase profile.

Description

It is not possible to configure limits and requests for CPU and Memory resources in the values. yaml file for the initial container.

Resolution

This has now been fixed and Kubernetes resources can be configured for the platform and mzonline init containers. Please refer to the platform.init.resources and mzonline.initMyservice.resources values in the Usage Engine Private Edition helm chart for details.This has been fixed and parametrization can be used in the Couchbase profile.

Description

The ECD wizard breaks when adding custom metrics.

Resolution

This issue has now been fixed and custom metrics can be added without breaking the UI.

Description

When using the Web Desktop, HTTP is still allowed after TLS has been enabled.

Resolution

This problem has now been fixed, and when TLS is enabled only HTTPS traffic is allowed when using the Web Desktop.

Description

When the http2 server agent is used without OpenAPI profile enabled, the RequestCycleUDR returned will contain schema not found error message and the isError flag set to true.

Resolution

Fix the backend logic for the server to handle requests properly when OpenAPI profile is disabled. Also fixed the error messages wording to be more clear.

Description

A vulnerability was detected in the Jackson version.

Resolution

The Jackson version has now bee upgraded and the vulnerability removed.

Description

A vulnerability was detected in the Postgres version used.

Resolution

Postgres has now been updated and the vulnerability removed.

Description

Some configurations were not possible to make in the helm charts.

Resolution

The following enhancements have been made to the helm chart:

• * It is now possible to configure the region that the Kubernetes cluster belongs to. Meaning that the url:s used by the Usage Engine specific Kubernetes resources will automatically contain the correct region. This is done via the global.region value.

• * It is now possible to configure the annotations applied to the ingress-alb Ingress and and the platform Service resources. This is done via the aws.ingress.metadata.annotations and the aws.platform.service.metadata.annotations values respectively. If there is a need to exclude a default annotation for one reason or another, this can be done via the aws.excludeDefaultAnnotations value. See the values file for further details.

Description

When using log forwarding to the Syslog collection agent, the full information visible in the System Log is not included.

Resolution

This problem has now been fixed, and the information sent to the Syslog agent is the same as in the System Log.

Description

A vulnerability was detected in the OS in the Docker images.

Resolution

This issue has now been fixed and the vulnerability removed.

Description

When updating a WFG in an ECD, the ECD is unnecessarily restarted.

Resolution

This problem has now been fixed and the ECD will only be restarted when attributes that affect the ECD have been changed.

Description

It was not been possible to set the encryption port in the Couchbase profile.

Resolution

There is now support to set port numbers and to enable security in the Couchbase profile.

Description

For IBM MQ Server and IBM MQ Client, you need only one jar file and that must be installed from the mvn repository.

Resolution

The documentation now includes the updated jar file and the link from where the jar file can be downloaded from. It is recommended to use the jar version relevant to the MQ service that is being used.

Description

When mixing new and and existing workflow members in a workflow group in an ECD, the operator goes into an error loop.

Resolution

This problem has now been fixed.

Description

The HTTP/2 Client is missing the ability to monitor connection status.

Resolution

Monitoring connection status is now possible, and two new MIM parameters called Available Servers and Unreachable Servers have been added.

Description

When a user pastes the SFTP private key directly into the workflow table, the value is not readable by the system and the private key is shown as plain text.

Resolution

This problem has now been fixed. The private key  can be entered by clicking on the button with the three dots in the Private Key field in the workflow table and pasting the key  into the text area.

Description

Some classes related to Security Profile, HTTP/2 Client, and Server have the wrong version ID. Because of that, importing exported workflows and configurations prepared in the MediationZone 8-track can lead to a faulty import.

Resolution

Version IDs are now correct and the import logic is improved to handle MediationZone 8 imports properly.

Description

While using the APL function httpRequest, the body of PATCH request is not supported.

Resolution

Support for PATCH request with body is now added.

Description

When using mzcli it is possible to disable/enable the system admin users mzadmin and mzk8soperator.

Resolution

This problem has now been fixed.

Description

When configuring External References with a blank Properties File, and adding keys, you get an infinite exception.

Resolution

This  problem has now been fixed, and you will not get an infinite exception.

Description

Instructions for how to handle Diameter in Kubernetes clusters is missing from the user documentation.

Resolution

This problem has now been fixed and this has been described.

Description

A vulnerability was discovered in the PostgreSQL JDBC Driver.

Resolution

The driver has now been upgraded and the vulnerbility removed.

Description

A vulnerability was detected in the CXF version.

Resolution

CXF has now been upgraded and the vulnerability  removed.

Description

A vulnerability was detected in the xmlsec version.

Resolution

xmlsec has now been upgraded and the vulnerability  removed.

Description

The recently added insert_time parameter order messes with the errorudr parameter.

Resolution

The order has been corrected.

Description

When using SAPCC cluster if the first node in the profile gets a connection error then the rest of the clusters nodes fail to connect. This was due to an error a connection being cached and then checked if we had a connection. This lead to the application beveling it had a connection when it did not.

Resolution

Rebuild the connection logic to handle this case.

Description

Details logging is missing for user groups add/remove.

Resolution

It is now have the details logging add/remove user group.

Description

The username in the header of a request to the HTTP/2 server could not be retrieved by the server.

Resolution

This problem is now fixed.

Description

Workflow bridge in batch workflows can not terminate due to deadlock, since disconnect is invoked twice.

Resolution

The extra disconnect is now removed.

Description

When apply a service patch, the patch node port overrides the existing entries node port result in wrong behavior.

Resolution

This issue is fixed, the patch should only apply to the corresponding entry based on port number.