Platform Server - 11.16.0

Published on 2022-06-20 11:05:03
PlatformServer-11.16.0 (Build 35766).exe
265.52 MB

Installation Checklist EN
Installation Checklist JP

  • Compatible with Platform Server release 10, versions or later
Additional Resources For further information on any issues, please contact Product Support.

NOTICE: OutSystems does not give support to any undesirable behavior you may experience due to the use or manipulation of undocumented components of the OutSystems platform, such as, internal JavaScript, RuntimePlatform library, database system meta-model, components in installation directories, etc.
Release Notes

New in Platform Server 11.16.0

  • Improved the performance and resilience of the mechanism that automatically cleans up inconsistencies in the BPT model. (R11PBT-570)
  • Improved the runtime performance of parsing SQL element query text when using Expand Inline parameters. (R11PBT-588)
  • Improved the performance of solution publishing. These improvements will be gradually rolled out to OutSystems customers and won’t be enabled by default when upgrading to this version. (R11PBT-613)
  • Upgraded the Oracle Managed Driver to version 19.14.0. For more information on related fixes, see the Oracle release notes. (R11PBT-667)
  • Updated the platform's NLog library from version 4.7.8 to version 4.7.14. (R11PBT-682)
  • Improved how Oracle connections are handled so that thread hangs during AWS failover operations are prevented. (RPM-1995)

Bug Fixing

More details

Fixed an issue that can cause network failures in Oracle environments.
Infrastructure Management OutSystems Services

Fix Details:
When Oracle's Out Of Band Breaks feature is enabled, it can cause network failures, lead to query timeouts not being complied with, and prevent processes from running properly.

Fixed an issue that caused the writing direction to not be updated in iOS when changing from a right-to-left multilingual locale.
Application Runtime Interface

Fix Details:
*Symptoms* The integrated Multilingual functionality is not aligning the text to the right when text is changed from Arabic (aligned Right to Left) to English on iOS devices. *How to reproduce* Create an application that changes the CurrentLocale from Arabic (ar-AE) to English (en-US) on iOS.

Updated installation checklist to clarify in what situations the "Upgrade Session database" step is need and when it can be safely skipped.
Infrastructure Management Platform Installation Checklist

Fix Details:
*Symptoms* Further clarification that the step "Upgrade Session database" from the checklist is optional. *How to reproduce* NA

The server information is removed from the HTTP response header in some situations (e.g. the header will still appear in redirects).
Infrastructure Management Application Server

Fix Details:
The default behavior of IIS is to send its version in the response header, which could be considered exposure of system information. We have removed this information from the response header.

Fixed an issue that prevented emails being sent when Office 365 returned a 550 error (recipient address rejected).
Application Runtime Interface

Fix Details:
When sending an email to multiple recipients using a Microsoft Office 365 SMTP provider, if there is an invalid email address, the process is aborted and the email isn't sent to any of the recipients.

Fixed an issue that prevented staging Mobile applications when using the Configure Mobile application updates distribution setting in Technical Preview.
Application Runtime Application Distribution

Fix Details:
While using the 'Configure Mobile application updates distribution' setting in Technical Preview, a deployment that contains a moved module to an application that doesn't exist in the target environment raises an error and the deployment is aborted. The new application is not created in the target environment because application details are retrieved based on the module key. Since the application associated to the module in the target environment already exists, a new one is not created, and the deployment process fails.

Fixed an issue that can cause IIS requests to hang in Oracle environments.
Application Runtime Network Access

Fix Details:
In some environments, mostly due to firewall installations, the query timeout might not be complied with by the Oracle ODP.NET driver. This can be caused by the Out of Band Break feature being enabled (the Oracle driver default behavior). When queries are executed, the IIS time-out mechanisms are turned off and the Oracle driver timeout mechanism is completely relied on, which can result in connections hanging forever.

Fixed an issue that caused Reactive Web and Mobile apps to hang when running inside an Iframe on a native build.
Application Runtime Interface

Fix Details:
Reactive Web Apps and Mobile apps can cause issues when embedded inside an Iframe on a native build. This occurs because the Iframe application loads resources that should only be available within the context of a Native Mobile App.

The Platform Server installer now checks if the Platform Server is being installed in a Lifetime environment.
Infrastructure Management Platform Installer

Fix Details:
When installing a Platform Server version that doesn't match the Platform Server version shipped with the Lifetime version installed, the installation fails and you cannot access Lifetime.

Improved how Oracle connections are handled so that thread hangs during AWS failover operations are prevented.
Application Runtime Data Access and Manipulation

Fix Details:
In OutSystems Cloud environments using an Oracle database, an Oracle RDS instance restart with failover could cause threads to hang unexpectedly in the Oracle ODP.NET driver code, possibly causing a loss of service.

Fixed a user privilege vulnerability in Service Center where AD groups were not taking precedence over native users. CVSSv3.0 score 4.2 (Medium).
Application Lifecycle Users

Fix Details:
When IT Users authentication was configured to use AD authentication provider (ADAuthProvider), the Service Center console was incorrectly allowing the login of registered users that don’t belong to any of the defined AD groups.

Fixed a compilation error when consuming SOAP Web Services containing nested elements with the same name.
Application Runtime Logic Execution

Fix Details:
This error occurred when publishing, through Service Studio, a module that consumed a WSDL definition having an element named X containing one element that references another element named X, which is not a simple type (int, string), from a different namespace. When mapping the XML elements of the WSDL to the OutSystems model, the two elements with the same name were not correctly differentiated, causing a compilation error.

Fixed a compilation error during LifeTime deployments when handling references to producer's non-basic data types which don't exist in the target environment.
Publish Operation Compilation

Fix Details:
This issue occurred when deploying a module with references to a producer's element of non-basic data type, for example, a Structure. In the scenario where the producer's element didn't exist in the target environment, the platform's dependency analysis failed to detect the missing dependency to the producer module. Thus, the producer module was not added to LifeTime's deployment plan, resulting in a compilation error.

Fixed an issue that caused sensitive values to be captured by the App Feedback's feedback on Reactive applications. CVSSv3.1 score 4.2 (Medium).
Application Runtime System Components

Fix Details:
The feedback submitted for Reactive Web Apps through the App Feedback could be used to access sensitive values typed on the screen.

Fixed a security issue that was causing Configuration Tool to log credentials in its log file. CVSSv3.1 score 5.5 (Medium).
Infrastructure Management Platform Configuration

Fix Details:
The Configuration Tool was incorrectly logging credentials in plaintext in the log file. To protect our customers, we're not providing further details on this fix.

Fixed a runtime error when uploading an image file containing unexpected EXIF properties.
Application Runtime

Fix Details:
This issue caused the error "Request failed with status 400" during the application runtime when uploading specific image files. The EXIFExtractor library used by the platform was not accounting for unexpected metadata properties, such as "Color representation", and returned a Null exception.

The Modules screen in Service Center now displays the correct list of modules when filtering by “with errors and warnings” status.
Application Lifecycle Service Center

Fix Details:
If there were more than 20 modules with warnings or errors, the Modules screen in Service Center was not displaying the correct result when applying the Status filter “with errors and warnings”. The second page of the list would always show the message "No modules to show".

Fixed an issue causing modules to be incorrectly marked as having an outdated User Provider in the Service Center console.
Application Lifecycle Service Center

Fix Details:
The issue was preventing the information about the module's User Provider to be correctly updated in the platform metamodel. This caused the Service Center console to incorrectly show the warning “This Module has an outdated/missing User Provider” in the module's Status.

Fixed a timeout issue when generating a mobile app through the Service Center console.
Application Lifecycle Service Center

Fix Details:
When generating a mobile app package through the Service Center console, you would get the message "Error: There was a timeout while building the app" in Mobile Apps Generation logs. Although the mobile app was correctly generated on the MABS side, this issue prevented the application package download.

Fixed an Oracle semaphore-related exception occurring in high concurrency scenarios.
Application Runtime

Fix Details:
In environments using an Oracle database under high concurrency scenarios, the connection opening/closing could throw a SemaphoreFullException with the message "Adding the specified count to the semaphore would cause it to exceed its maximum count". This was an issue in the Oracle Managed Driver 19.10.1, which was bundled with Platform Server's previous versions. Platform Server 11.16.0 upgrades the Oracle Managed Driver to version 19.14.0, where this issue is fixed.

Granting a Security Level to a user on a Database Connection no longer adds that level to all available connections.
Application Lifecycle

Fix Details:
When granting a Security Level on a specific Database Connection to a user through the Service Center management console, that user would incorrectly be granted with the same Security Level on all the existing Database Connections.

Fixed an issue causing suspended Process instances to incorrectly resume after the module is deployed with no changes to the Process definition.
Application Runtime Processes

Fix Details:
When you change the definition of a Process, OutSystems suspends all active instances of that Process on the deployment of the updated module. This issue caused suspended Process instances to incorrectly resume after the deployment of a new version of the module with no changes to the Process, which could cause an unexpected application behavior.

Fixed a concurrency issue in the DatabaseConnection_SetConnectionStringForSession method of the PlatformRuntime API that could lead to the usage of the incorrect connection.
Application Runtime Data Access and Manipulation

Fix Details:
This issue occurs when executing the DatabaseConnection_SetConnectionStringForSession method in concurrency situations, for example, multi-thread Timers or two requests from different users that attempt to set a different connecting string at the same time. This scenario may cause data corruption as queries may run in the incorrect database.

Fixed an issue that could cause protocol errors when handling requests to the Service Center console using the HTTP/2 protocol.
Application Lifecycle Service Center

Fix Details:
This issue was caused by a new default Content Security Policy for the platform consoles that was introduced in Platform Server 11.15.0. It would occur when the requests to the Service Center console were handled using the HTTP/2 protocol, for example, by a load balancer with HTTP/2 protocol enabled. In this scenario, the load balancer would close the connection unexpectedly.

Fixed a preview issue in the Upload widget when selecting the same image file twice using the Chrome browser.
Application Runtime Interface

Fix Details:
On the Chrome browser, selecting the same file image in the Upload widget would not load the image preview. This problem occurred in a specific scenario where the upload action would clear the local variables associated with the Upload widget.

The application's logic can now read the end user's external identifier retrieved during SAML authentication.
Application Lifecycle Users

Fix Details:
By design, the SamlUser entity of the Users module was not Public, preventing the applications' logic to read the end user's external identifier when authentication was configured to use SAML. We changed this behavior and now the Users module exposes the SamlUser entity as read-only.

Fixed a rendering issue in Mobile and Reactive Web Apps when using the browser back button or the Previous Screen event to navigate back to a screen with widgets containing data from Client/Local variables.
Application Runtime

Fix Details:
In Mobile and Reactive Web Apps, there was an issue preventing widgets containing data from Client/Local variables to render correctly when using the browser back button or the Previous Screen event to navigate back to the screen with that widgets. This behavior would cause the application to show outdated data.

Improved the brute force protection log messages in Service Center when authenticating against the Server.Identity service.
Application Runtime Authentication and Authorization

Fix Details:
When authenticating against the Server.Identity service, Service Center ignored the messages returned by that service in case of an authentication error, and always returned the message "Invalid username or password.". This would happen for example when using Service Center's SOAP web service "/ServiceCenter/Monitor.asmx". This way, the messages sent by the Server.Identity service related to the brute force protection mechanism were not visible in Service Center logs.

Fixed an issue that caused a pending republish warning to be displayed for all environment modules after adding a new front-end server in a farm scenario.
Infrastructure Management Platform Configuration

Fix Details:
In a farm environment scenario, after adding a new front-end server, the Service Center console incorrectly showed all modules with the warning message "This Module has pending configuration changes. Republish the Module to apply them". This situation causes no runtime impact, as there are no pending configurations to apply. Republishing the modules will dismiss the warnings.