Issue

Encrypt built-in-function was removed

Stack

.NET, JAVA

Rationale

This isn’t an encryption function, it’s just a function to generate an hash. We isolated hashing functions in a new System Components’ extension named PlatformPasswordUtils.

Workaround

Old eSpaces will be automatically upgraded by SS to use the new equivalent method.

Issue

Comparing passwords stored in ossys_User with the result of the Encrypt built-in-function will return false

Stack

.NET, JAVA

Rationale

Until Berlin, passwords were stored using MD5 which is considered an insecure hashing algorithm. To make those passwords secure, after Berlin we use SHA512 with a dynamic salt to generate password hashes. Passwords are automatically upgraded when the user logs in the platform via SC, LT, DevTools, and via direct calls to LoginPassword system action.

Workaround

Applications that are validating passwords by comparing the result of the Encrypt built-in-function with the password stored in the database need to be changed to use the action ValidatePassword provided by the PlatformPasswordUtils extension.

Issue

Extensions using Settings.Encrypt and Settings.Decrypt methods of the RuntimePlatform may stop working as expected

Stack

.NET, JAVA

Rationale

Until Berlin settings were stored using RC4 with fixed IV, which is considered an insecure hashing algorithm. To make those settings secure, after Berlin we use AES128 with a dynamic IV to encrypt settings.

Workaround

Extensions that use this (non) public APIs should be validated by the customers

Issue

Extensions that compile in Java 6 may not compile as they are in Java 8

Stack

JAVA

Rationale

Java 8 introduces several changes to the language and to the structure of classes and interfaces which produces compilation errors in extension code.

Some of the errors that were identified are use of deprecated APIs, changes in Java internal packages and changes in system interfaces.

Workaround

Extension code should be manually changed to overcome errors in the following scenarios:

1. Usage of deprecated APIs - Java documentation should be checked to identify which APIs have been created to replace deprecated ones, changing extension code to stop calling deprecated ones. Ex.: Thread.stop(Throwable) method that was deprecated for some time was now removed.

2. Changes in Java internal packages - Upgrading Java runtime forced the upgrade of libraries that are shipped with the Platform. These libraries are not intended to be used therefore, code that references them must be changed. Ex.: Apache Http Components (httpcore.jar and httpclient.jar) were updated and extension that were using them must be updated.

3. Changes in system interfaces - When extension code extends or implements Java types that changed, compilation errors may occur because of new members not being implemented, forcing extension code to also implement these new members. Other errors related with name clashing may also occur forcing renames in members of derived types that are defined in the extension code. Ex.:  java.sql.Statement interfaces changed from Java 6 to Java 7. Because all methods of an interface must be implemented, previous code that uses these interfaces will not compile on Java SE 7 unless you add the new methods

Oracle compatibility documentation for Java 7 and Java 8.

Issue

Platform APIs accepting/returning Lambdas instead of Actions

Stack

JAVA

Rationale

Improve generated code readability and decrease computational overhead caused by anonymous classes.

Workaround

Code that references Platform APIs must be:

1. Recompiled - Code uses an Action class as argument to a new API that expects a Lambda class; or

2. Recompiled - Code expects a Lambda class as return from an old API call that returns an Action class; or

3. Changed - Code expects an Action class when calling a new API call that returns a Lambda class; or

4. Changed - Code overrides a class or interface member that has a Lambda class in its signature instead of an Action class

Example of code that needs change:

was: Action0 action = ...;

now should be: Action0_Lambda action = …;

was: void method(Action0 action)

now should be: void method(Action0_Lambda action)

Issue

Sum() and Count() functions in aggregates return Long Integer instead of Integer

Stack

.NET, JAVA

Rationale

Adding support for Long Integer values in the platform requires that aggregates behave properly when adding or counting Long Integer values.

Workaround

After upgrade most code should work out-of-the-box as you can use long integers as integers in most expressions, but in rare scenarios the upgrade will leave service studio errors when using different structures. For those scenarios, developers must manually correct any espaces that use the Sum() and Count() functions in an aggregate and assign the resulting value to Integer variables or structure attributes. These (old) Integer variables and structure attributes must be replaced with Long Integer ones.

Issue

LifetimeMonitoring API becomes deprecated

Stack

.NET, JAVA

Rationale

The RequestData table is being replaced by the the new system RequestEvent tables, adding more comprehensive data collected for requests to the platform.

Workaround

RequestData will retain all the data already collected in the platform prior to 9.1. For new data, users should use the new RequestEvent REST API exposed by the PerformanceProbe eSpace (System Components).

Issue

Added RequestKey to certain platform Logs.

Stack

.NET, JAVA

Rationale

RequestKey has been added in General, Error, Screen, Integration, Extension and Cyclic_Job (a.k.a. Timer) logs. This key is used to correlate these logs with data from the new RequestEvent tables.

Entrypoint_Name has been added to the General and Error logs. This attribute contains, when available, the entry point that is handling the request, e.g., a Web Screen.

Action_Name has been added to the General and Error logs. This attribute contains, when available, the action that is handling the request, e.g., the Preparation action.

Workaround

Take into account the presence of the RequestKey and  in queries to these log tables.

Issue

Upgraded usages of NotifyWidget (JSNotifyWidget calls) may cause the web block to be rendered with an extra <span /> around it, if the screen action wasn’t already using the block’s RuntimeId property.

Stack

.NET, JAVA

Rationale

The extra <span /> contains an “id” for the block and is an existing side-effect of using the block’s RuntimeId (or Id in the instance). It is required to call the Notify Widget JavaScript API, which is used in the upgrade to ensure the old behavior.

Workaround

In most scenarios, the new server-side Notify behavior can be used safely, so the undesired <span /> can be removed by replacing the upgraded calls (JSNotifyWidget) by the new Notify system action.
 

In particular, these scenarios are safe to replace:

• usages in screen actions called by an Ajax Submit

• usages in screen actions for which there are no On Notify handlers need to be executed in AJAX context (e.g. contain Ajax Refreshs)

The remaining scenarios may need changes to CSS or JavaScript code to account for the <span /> element being there.

Issue

Calls to non supported platform web services (e.g. available in SC) that requires authentication will fail with an invalid login error

Stack

.NET, JAVA

Rationale

Due to security constraints, passwords stored with MD5 will be automatically upgraded on login to be stored using SHA512 with dynamic SALT. After the password upgrade, calls to non supported platform web services that are using Encrypt built in to generate the password hash will fail with invalid login.

Workaround

If the application calling those web services have access to the platform database they can read the hashed password from the ossys_user and use it to login. Otherwise login will fail.

Issue

Libraries shipped by the Platform were updated which may cause extension code that references them to break

Stack

JAVA

Rationale

With the update of the Java runtime, several libraries needed an upgrade. Also, there were cases where we were using very old versions of some libraries and the upgrade of the Java runtime allowed us to upgrade them.

Workaround

Change code that references libraries.

Issue

The action NotifyWidget behavior changed and was renamed to Notify. To keep the old behavior, all usages of the NotifyWidget were replaced by the JSNotifyWidget.

Stack

.NET, JAVA

Rationale

To improve the performance of the NotifyWidget, the OnNotify handler is executed synchronously in the same request and same transaction.

Workaround

To keep the same behavior continue using the JSNotifyWidget. To start start using server-side notifications change the JSNotifyWidget usages to Notify.

Issue

The NotifyWidget Javascript API was renamed from OsNotifyWidget to OsNotify. The previous version is deprecated but it is still available for compatibility reasons.

Stack

.NET, JAVA

Rationale

Make the API more developer friendly.

Issue

The built-in functions TextToEntityRefText(), IntegerToEntityRefInteger(), EntityRefIntegerToInteger(), EntityRefTextToText have been renamed to: TextToIdentifier(), IntegerToIdentifier(), IdentifierToInteger() and IdentifierToText() respectively.

Stack

.NET, JAVA

Rationale

Adding support for Long Integer values in the platform required to add new built-in functions to convert to and from this new data type. These new functions would have complex names considering the old naming convention. Also, these new names are shorter and easier to understand.

Workaround

After upgrade, the old built-in functions will be replaced by the new ones without any manual work.

Issue

When backing up the information needed to recover a machine, we should now also include the private.key that resides inside the installation directory.

Stack

.NET, JAVA

Rationale

Due to security constraints, all sensible data (e.g.: passwords) stored in the database is now encrypted with a private key (private for each environment, generated automatically) that is stored in the filesystem (so it isn’t next to the data that it protects). So when backing up data that is needed to recover a machine we not only need to backup the database configuration (server.hsconf), like before, but also the private.key file. Both files reside in the platform installation directory.

Workaround

If we don’t backup the private.key we need to re-enter all credentials for various configurations like External Database Connections, Multiple Database Catalogs, etc. The environment will also need to be re-registered in the LifeTime.

Issue

PerformanceMonitoring dashboard becomes deprecated

Stack

.NET, JAVA

Rationale

The PerformanceMonitoring dashboard in lifetime is being replaced by the new Performance dashboard with more comprehensive data regarding web screen requests to the platform.

Workaround

Historic data for pre-9.1 requests can still be viewed in the old PerformanceMonitoring, as the data is maintained and the eSpace remains published. New data should be analyzed using the new Performance dashboard.

Issue

When upgrading an environment with multiple front-ends, performanceprobe.js might generate 404 errors on the client’s javascript console when contacting PerformanceProbe REST API or Beacon WebScreen.

Stack

.NET, JAVA

Rationale

The previous collection method was replaced by a REST API in PerformanceProbe to allow a developer to easily register custom RequestEvents in a more standardized way. We took advantage of this by changing the endpoint to where performanceprobe.js reports the collected data and removed the old WebScreen working as a beacon.

Workaround

Follow a balanced upgrade approach to minimise simultaneous availability of front-ends with different Platform versions. Worst-case scenario, some metrics related to client-side execution will be lost during this upgrade phase. The issue will disappear after upgrading all front-ends and republishing all applications.

Issue

RichWidgets' Feedback Message is now escaped by default

Stack

.NET, JAVA

Rationale

new non-mandatory boolean to control the action behavior per action call and adapting the action logic to consider both this parameter and the already existing site property to avoid double encoding.

Workaround

A non-mandatory input was added to control the behavior (to escape or not). Old eSpaces are automatically upgraded to not break the previous behavior. The default value for the input is now “True”.

Issue

Updated the FontAwsome library in RichWidgets to version 4.3.0

Stack

.NET, JAVA

Rationale

new icons

Workaround

For an existing application to use the new icons, the reference to RichWidgets needs to be refreshed.