Platform Server 11 - Release Apr.2019

Published on 2019-05-06 11:21:57
PlatformServer-11-Release Apr.2019.exe
170.89 MB

Installation Checklist
11.0 Install Checklist.htm
217.1 KB

  • Compatible with Development Environment 11, versions or later.
  • Can be managed by LifeTime 11, Release Sep.2018 or later
Additional Resources For further information on any issues, use the Support Portal.

NOTICE: OutSystems does not give support to any undesirable behavior you may experience due to the use or manipulation of undocumented components of the OutSystems platform, such as, internal JavaScript, RuntimePlatform library, database system meta-model, components in installation directories, etc.
Release Notes

New in Platform Server Release Apr.2019

  • Clicking Environment/Module Management in the toolbar now opens Service Center in the default browser instead of render it directly inside Service Studio. (RICT-825)
  • We changed the SQL Injection warning message to advise you not to set the use of Expand Inline option to "Yes". The warning helps to follow solid SQL security practices. (RRCT-2128)
  • Improved the experience of the Users application. We gave it a new look and feel and made the following usability improvements:
    — Page-specific links/actions were moved to inside the pages; the sidebar will now only display fixed links and recent items
    — Added breadcrumbs to pages and pagination and records counter to all pages showing lists
    — Added text filter in users sub-lists
    — When a user does not have a username defined it appears as "Not Defined" in the lists so that you can click it
    — Roles, Groups and Users dropdowns don't show the records already added to the lists; however, roles still show when they were inherited by group to allow overriding
    — When a role is inherited by a group, it does not show the option to remove the role, since this operation is not possible
    — Added the list of users able to access the application to the Application_List page – inspired by Rebecca Hall's idea (RLIT-2343)
  • Added a new action Session_GetWebAppLoginInfo to the PlatformRuntime API that allows you to get user information in advanced REST authentication scenarios. (RRCT-2274)
  • The VerifySqlLiteral action from Sanitization API was deprecated in favor of BuildSafe_InClauseIntegerList and BuildSafe_InClauseTextList. These new actions are available in Platform Server 10.0.1005.0 and in Platform Server 11.0.422.0. (RRCT-2108)
  • Added instructions on importing the server configuration file (exported from the Deployment Controller) in the Front-end servers when upgrading to a new release. Inspired by Kurt Vandevelde's idea. (RSAT-1314)
  • The Platform Installer will now automate most of the prerequisites and performance tuning setup. The GUI has screens that guide you through this new step. Also, a new flag (/InstallPrerequisites=True) was added to unattended installation that is needed to signal explicitly that the installer should try to automate the prerequisites and performance tuning setup. (RSAT-1308)
  • Platform Server now requires Microsoft .NET Framework version 4.7.2. Installing this version will require you to reboot your server. (RSAT-1396)
  • The base image required for OutSystems applications running on Docker Containers Deployment Technology is now "microsoft/dotnet-framework:4.7.2-runtime". (RSAT-1397)
  • Upgraded RabbitMQ Client library to version 5.1.0. (RRCT-2142)
  • Upgraded Microsoft.AspNet.WebApi libraries to version 5.2.7. (RRCT-2143)
  • Replaced the OWASP HTML Sanitizer in Sanitization.xif by the HtmlSanitizer NuGet package.
    The SanitizeHtml action has the following differences when compared with the previous version:
    — The <noscript> HTML tag is no longer allowed
    — Some HTML attributes are no longer allowed: onfocus, onblur, onclick, onmousedown, onmouseup, noresize, background
    — The style attribute is now accepted (check the list of CSS attributes allowed by default)
    — The sanitization of attribute values is less restrictive, with no security implications (e.g. the color attribute now accepts a wider range of different values)
    — There might be some slight differences in the sanitized output, with no security implications (e.g. the new sanitizer replaces <br/> elements with <br>)
    — The new sanitizer does not add a nofollow attribute to anchor elements (RRCT-2161)
  • Updated the following JavaScript libraries used by the mobile application runtime: 'decimal.js' to version 10.0.1, 'toformat' to version 2.0.0. (RTAF-91)
  • Implemented several optimizations that reduced the load time of "List Modules" and "Solution Details" pages in Service Center. (RSCT-1852)
  • On a first install, ServiceCenter will now be deployed into a dedicated application pool in IIS named "ServiceCenterAppPool". On upgrade, if ServiceCenter exists in "OutSystemsApplications" application pool in IIS, ServiceCenter will be moved to a dedicated application pool named "ServiceCenterAppPool". If ServiceCenter is already in some other application pool, it will not be moved. (RSAT-1338)
  • Added to FactoryConfiguration the option to include X-Content-Type-Options header with nosniff as a method of preventing MIME sniffing from older browser versions. (RRCT-2270)
  • Service Center now links to the detach process documentation instead of launching the No Lock-in tutorial. (RICT-1199)
  • Header 'X-Content-Type-Options' with value 'nosniff' is now added by default to all server responses. Applications with custom solutions to achieve the same outcome should be reviewed to ensure compatibility with the new solution, or disable it using Factory Configuration (not recommended). (RRCT-2082)

Bug Fixing

  • Fixed incorrect character encoding in packaging of mobile applications. (RRCT-2216)
  • Fixed runtime error in client-side Aggregates with dynamic Order By's containing more than one attribute. (RSBO-54)
  • Fixed an issue that caused the Application 1-Click Publish to fail consistently when a previous 1-Click Publish aborted with an error. (RSCT-1693)
  • Fixed NullBinary() comparisons in client side with binaries being returned from server side aggregates. Previously it always returned "false" even when the binaries had no content. (RRCT-2279)
  • Fixed SOAP introspection not detecting some unsupported features. (RSBO-246)
  • Fixed the creation of Blank and Service modules to have the correct user provider set, instead of having the Template marked as user provider. (RRCT-2296)
  • Fixed an issue that prevented some OutSystems services from stopping when the Deployment Controller service was not running. (RRCT-2295)
  • Fixed an issue that caused Service Center to crash when changing the configuration of a mobile application. (RLIT-2490)
  • Fixed the errors related to retrieving mobile app authentication configuration that happened in some environments after upgrading to OutSystems 11 or after regenerating the authentication and encryption keys in Service Center. The error prevented mobile applications from working. (RPD-3794)
  • The User_Login action of the Users API no longer logs errors when the authentication is set to Active Directory or LDAP and the login is successful. (RLIT-2387)
  • Fixed the default action on the Create / Edit solution page on Service Center. Now the default action is to save the solution instead of searching. (RPD-3953)
  • Fixed query errors in some Users screens. (RPD-4015)
  • Fixed a problem when using ListAppend and ListInsert functions containing an If expression in the List input parameter. (RPD-3984)
  • The User_Login action of the Users API no longer aborts database transactions when an exception occurs. (RRCT-2189)
  • Fixed a rare problem that prevented custom Application and Screen Templates from being registered. (RSCT-1753)
  • Fixed an issue that was causing the error "Duplicate is not a valid operation inside a StartIteration/EndIteration block" when using cached actions. (RPD-3698)
  • Fixed a security issue that could cause session ids to be leaked with access to the Platform logs. CVSSv3.0 score 4.9 (Medium). (RRCT-2277)
  • Fixed a rare runtime error while running Aggregates when the Entity internal name was a reserved keyword. (RSBO-29)
  • Fixed SOAP introspection and compilation of WSDLs with enumerations inside <list> elements. (RSBO-272)
  • Changed how the machine memory is calculated in installation tuning scripts (when configuring worker process optimizations). Previous method could fail in some scenarios. (RPD-3685)
  • Fixed a runtime error while filtering booleans and date type in BPT tables. (RSBO-299)
  • Fixed a problem with Single Sign On on some scenarios with multiple frontends or containers. This could also lead to "Session fixation mismatch" errors. All existing sessions from applications in containers will be lost in the upgrade process. (RRCT-2214)
  • Fixed an issue with SanitizeHTML when sanitizing URLs with = characters. (RPD-3978)
  • Fixed Configuration Tool error 'The device is not ready' during upgrades from previous versions. (RPD-3880)
  • Fixed an error during publish caused by using SOAP Web Services with enumerations in Mobile modules. (RSBO-219)
  • Japanese characters are now correctly saved to the database when used in the default value of site properties. (RPD-3775)
  • Fixed an issue where added or updated fields in an editable table were not being enabled after an Ajax refresh of a row. (RPD-3879)
  • Fixed an issue in the JSON Serialize widget that affected the serialization of Date and Time values. This was causing the JSON Deserialize widget to return empty values. (RPD-3970)
  • Fixed an issue while generating service code when a SOAP operation contained headers in its input/output parameters. (RPD-4030)
  • Fixed Invalid numeric precision/scale error when reading -2^96 Decimal value in SQL Server. (RPD-4059)
  • Fixed issue farm environments when the platform is installed on different disk locations. (RPD-3896)
  • Fixed bug that occurred when consuming SOAP Web Services that use the same schema type as request/response and fault. (RSBO-306)
  • Improved the warning message in wizard "Create Action to Bootstrap Data from Excel" when the attributes are not going to be included in the bootstrap. (RSBO-53)
  • Fixed an issue when bulk changing the Test Values of several attributes in an Aggregate that were reverting to their original value. This was only happening when the original value was not null. (RSBO-71)
  • Fixed compilation error caused by a missing validation for the Combo Box variable type. (RICT-1320)
  • Removed unused CSS code that could cause browsers to generate a 404 error when retrieving some resources used in the configuration console of AD and LDAP providers. Embedded a font that was previously being downloaded at execution time. (RSAT-1328)
  • Removed incorrect warnings that were shown in Configuration Tool when clicking on 'Test Connection' for database users. (RPD-3691)
  • Using the List_SortColumn_GetOrderBy function from RichWidgets in a SQL Query Parameter with the Expand Inline property enabled will no longer trigger a SQL Injection Warning. (RRCT-2106)
  • Fixed a visual glitch in the Native Platforms Tab of Service Studio. (RNMT-2430)
  • Fixed occasional crash when merging Web Screens. (RICT-1237)
  • Fixed an error that prevented you from upgrading a module with the dynamic join logic to OutSystems 11. (RPD-3674)
  • Fixed a problem which caused SOAP Web Services imported in version 11 to have incorrect information. This happened when the WSDL had an enumeration defined in a top-level element that is used directly in an input part. (RSBO-360)
  • Fixed occasional crash using the Search in several tabs at the same time. (RTAF-108)