Platform Server - 11.13.1

Published on 2021-09-27 11:34:37
File
PlatformServer-11.13.1 (Build 31652).exe
Size
222.52 MB
Assets
Installation Checklist EN
InstallationChecklist-EN-11.13.1.html
 MB
Installation Checklist JP
InstallationChecklist-JP-11.13.1.html
 MB
Information

Compatibility
  • Compatible with Development Environment 11, versions 11.0.109.0 or later.
  • Can be managed by LifeTime 11, Release Sep.2019 or later
Additional Resources For further information on any issues, use the Support Portal.

NOTICE: OutSystems does not give support to any undesirable behavior you may experience due to the use or manipulation of undocumented components of the OutSystems platform, such as, internal JavaScript, RuntimePlatform library, database system meta-model, components in installation directories, etc.
Release Notes

New in Platform Server 11.13.1

  • We improved the UI and overall user experience of the Preview in Devices. We also added support for a modern variety of devices. (ROU-2177)

Bug Fixing

  • Fixed a server-side request forgery (SSRF) vulnerability on custom handlers. CVSSv3.1 score 6.5 (Medium). (RPM-1098)
  • Fixed a vulnerability in OutSystem Cloud environments. CVSSv3.1 score 5.5 (Medium). (RPM-728)
  • Fixed multiple security risks on the documentation of a REST API by raising the handlebars.js used in the swagger UI. CVSSv3.1 score 6.5 (Medium). (RPM-997)
  • More details

    RPM-1098
    Fixed a server-side request forgery (SSRF) vulnerability on custom handlers. CVSSv3.1 score 6.5 (Medium).
    Application Runtime Data Access and Manipulation

    Fix Details:
    To protect our customers we're not providing further details on the issue.

    RPM-1172
    Fixed an issue that caused the logs of mobile apps to have an incorrect timestamp.
    Application Runtime Logging

    Fix Details:
    The logs related to mobile apps, as shown in Service Center, were sometimes presenting a timestamp that was deviated from the actual time the event occurred. This could cause the events on the logs not to reflect the order in which they actually occurred, making it harder to understand the logs and troubleshoot a mobile app. The behavior was fixed and the timestamp of the logs now reflects the exact time of the event.

    RPM-1265
    Fixed an issue that sometimes caused the Environment Information not to be filled in the Service Center error logs.
    Application Runtime Logging

    Fix Details:
    The issue would sometimes manifest when the device running the mobile app was offline and an error occurred. When the device comes online, the information is sent to the server to log. The log was written, however, the Environment Information field as seen in the error log detail didn't contain any data. Such information is useful to provide the runtime context in which the error occurred. This issue didn't cause any impact on the mobile app's normal usage nor on the end-user experience.

    RPM-1308
    Fixed an issue in PWA applications where splash screens would hang on iOS 14.6 devices.
    Application Runtime Application Distribution

    Fix Details:
    According to https://www.theregister.com/2021/06/16/apple_safari_indexeddb_bug/ Apple's WebKit team has managed to break the popular IndexedDB JavaScript API in the latest version of Safari (14.1.1) on macOS 11.4 and iOS 14.6.

    RPM-1352
    Fixed broken references errors to indirect producers after an upgrade to Platform Server 11.12.1 or higher.
    Publish Operation

    Fix Details:
    After upgrading to 11.12.1 and publishing a module, runtime errors due to incompatible definitions might occur. The issue would occur when a consumer module A is using a producer module B and that producer, in turn, has a producer C that references an extension E. In that case, module A would have errors about incompatibility with an Action from extension E.

    RPM-1371
    Fixed an issue that caused navigations to the previous screen to go back more screens than it should.
    Application Runtime

    Fix Details:
    On a Mobile or Reactive Web app, a screen that has a link that navigates to the previous screen would go instead to the screen before that. Effectively the navigation would send users to 2 screens before the screen they were on. More specifically, the wrong previous screen navigation occurs only after a navigation is performed on an OnInitialize event of a screen. The issue happens only with applications compiled on Platform Server version 11.12.0 or higher. It may happen on previous Platform Server versions, if the environment had the React 16 Technical Preview feature activated. The issue was fixed in this version and the wrong redirect will no longer occur.

    RPM-599
    Fixed an issue that caused disabled Scheduler services to pick up events and email tasks that they would not process. This also caused a permanent warning displayed on the monitoring pages.
    Application Lifecycle Service Center

    Fix Details:
    When configuring the servers it is possible to disable BPT processing for specific servers. This issue caused some events to be picked up during the disabled schedulers startup but never processed. The issue does not exist if all servers are allowed to execute BPT.

    RPM-728
    Fixed a vulnerability in OutSystem Cloud environments. CVSSv3.1 score 5.5 (Medium).
    Cloud Paas

    Fix Details:
    Fixed a vulnerability that would allow, in the OutSystems Cloud, users with access to the underlying infrastructure to be able to access applications developed in the environment. The vulnerability was fixed so that it no longer allows privileged users with infrastructure access to log in to applications.

    RPM-921
    Fixed an issue that was preventing developers from using the Distribute tab in Service Studio. The issue would only manifest when Active Directory authentication was enabled for IT users.
    Service Studio Distribute

    Fix Details:
    For Mobile apps, accessing Distribute tab in Service Studio in an environment with Active Directory enabled for IT users, would result in an "Invalid user credentials" error, even if the credentials were correct. The issue would occur with a combination of a Platform Server version higher than 11.10.2 and Service Studio version 11.10.06 or higher.

    RPM-997
    Fixed multiple security risks on the documentation of a REST API by raising the handlebars.js used in the swagger UI. CVSSv3.1 score 6.5 (Medium).
    Application Runtime Logic Execution

    Fix Details:
    The auto-generated documentation of a REST API was using an outdated version of handlebars.js that has known vulnerabilities. Security tests would flag this. The handlebars.js version was raised to an updated version.