3.11.0 Release Notes
edgeCore Security Updates
ES-362 – Upgraded to Bootstrap 4 to address a reported XSS Vulnerability in the Bootstrap v3.3.5 library. Eliminated references to Bootstrap 3 classes (such as using .navbar-inverse to change background color).
ES-598 – Upgraded commons-beanutils library to v1.9.4 to address the following reported vulnerability: CVE-2019-10086.
ES-626 – Upgraded Jackson Databind Libraries to address the following reported vulnerabilities: CVE-2019-16335 and CVE-2019-14540.
edgeRPA Resolved Issues
ES-552 – Improved reliability of the recorded jQuery script commands so that the proper element is selected.
edgeCore New Features
ES-644 – Added the ability to restrict admin access to a particular HTTP endpoint. Users that access the non-admin endpoint will have any admin roles temporarily disabled for that session.
ES-646 – Added option to Enable Page Search (this default page search was removed in edgeCore v3.8.4; update now allows it to be re-enabled).
Updates to edge.sh Command Line Interface
ES-581 – Added CLI Invoke Server Action command, similar to the existing command for fetching data from tabular sources.
edgeCore Resolved Issues
ES-235 – Improved Partial Backups to not include required static assets for HTML Template Visualizations. These Visualizations can configure the assets that should be included.
ES-409 – Improved Custom Auth configuration to support 0..n customAuth<Name>.js implementations and provide a means to mark authentications as completed. Solutions that supported more than one type of authentication will be able to reduce the conditional checks. This allows more modular customAuth files and builds upon the additions made in v3.10.0.
ES-466 – Expanded edgeWeb’s default content rules to rewrite HTML entity-encoded URLs (normally only unencoded URLs were being rewritten).
ES-473 – Addressed issue with voluminous log entries caused by failure to parse null values in numeric columns. Addressed by better handling of null entries (see also ES-529), and improved logging of such cases.
ES-589 – Resolved issue where a misleading error was presented when a DB driver required by an existing connection was not available. Instead of hiding the existing connection, it is visible in the pipeline and an error about the missing driver is now visible. This also will show additional DB connection types when creating a new connection, regardless of whether the DB driver is present.
ES-590 – Resolved issue introduced in v3.10.0 that broke the HAR Download option. Also enabled edgeWeb feeds to support the HAR Download option regardless of whether the request was successful, to improve resolving Single Sign-on (SSO), and other web content retrieval errors.
ES-595 – Resolved issue where administrators were unable to set an authDb password override in local.properties.
ES-604 – Resolved a regression, introduced in v3.10.0, where click actions were broken in the Vector Map Visualization.
ES-624 – Resolved a regression where Metrics were not getting cleaned up properly by the scheduled cron tasks.
ES-628 – Resolved a regression, introduced in 3.10.0, where the client would be presented with an error: ‘Content has not been provisioned for this user. Please contact your administrator.’ The client was generating a URL fragment that contained a mix of old and new styles, leading to an invalid menu reference.
ES-629 – Resolved issue where hover Tooltip text was wrapping outside of the tooltip boundary, making it unreadable on the underlying Table Visualization.
ES-630 – Resolved issue where a user could see a Page that is configured as hidden as their home page. Note: This only occurred if the Page was the first item in the user’s content menu. The User has access to the page, but it should not be the default page, and it should only be accessible via a ‘Switch to Page’ Action.
ES-631 – Resolved issue where non-admin users could navigate to admin-only routes (no information was available, only the route could be accessed).
ES-632 – Resolved issue where a Chart Series Renderer dialog could not be closed when a Custom Marker was selected.
ES-635 – Enhanced and upgraded Light Theme backed by Bootstrap 4 upgrade.
ES-636 – Enhanced and upgraded Dark Theme backed by Bootstrap 4 upgrade.
edgeCore Known Issue
Due to the significant upgrade to Bootstrap 4, systems with customizations in the following areas should be tested to determine if they will require updates:
- HTML Template Visualizations
- Example: Glyphicons are no longer included. If you have custom HTML Templates that used them, in v3.11 they will all be empty.
- Login Pages
Tooltips may appear narrower in some cases, and more text may wrap than in the previous version. Tooltip Actions should be reviewed to identify if any updates may be needed.
The Bullet Chart Visualization may include red outlines around bars in the chart, where they did not appear in previous versions.
If upgrading from versions prior to v3.8, user-level Secured Variable values may be lost. Remediation is to re-enter the Secured Variable values.
edgeCore uses the H2 database in support of the SQL Transforms. SQL that uses Common Table Expression (CTE) ‘WITH’ clauses have been identified as causing two issues.
- Lock Timeouts: Transforms fail to run; as temporary tables fail to be cleaned up.
- Memory Leaks: The temporary table results are not being cleaned up properly in all instances; and it will trigger Out Of Memory on the JVM.
For questions or assistance with this release, please see the support page for contact information.