60 posts tagged with "releases"

Version 9 of Expanders introduces support for Jakarta EE as part of an effort to support this across our entire ecosystem. This also marks the completion of the first phase of this migration, where the entire JEE base application stack is supported for both Java EE and Jakarta EE, including process automation.

Breaking change for Struts2​

With this release of Expanders, we support both Struts2 6.x and 7.x to match the different versions of JEE. Since Struts2 completely removed support for the fileUpload interceptor in version 7, we've now also removed it from our application stack. The reasoning behind this decision is that this interceptor was responsible for CVE-2024-53677, which has a score of 9.5 on the CVSS 4 scale. The alternative implementation using the actionFileUpload interceptor has been implemented across all of our expanders for several months now, but custom upload actions will also have to be refactored to switch to the new system. Regrettably, the impact of this change will not be visible at compile time, so care must be taking when upgrading to version 9 of Expanders.

• NIST listing: https://nvd.nist.gov/vuln/detail/CVE-2024-53677
• Sonatype article: https://www.sonatype.com/blog/cve-2024-53677-a-critical-file-upload-vulnerability-in-apache-struts2

Migration​

The migration is fairly straight-forward and is described in this migration guide from Struts2: https://struts.apache.org/core-developers/action-file-upload-interceptor

An action that handles uploads should be modified by implementing the UploadedFilesAware interface. With this interface comes a method withUploadedFiles() that should be implemented. To retain backwards compatibility with existing implementations, it is possible to set the values of existing fields in the class from this method, which were previously set dynamically by the old interceptor using reflection.

public class AssetUploader extends ActionSupport {

  private File uploadData; // the actual file
  private String uploadDataContentType; // the content type of the file
  private String uploadDataFileName; // the uploaded file name

public class AssetUploader extends ActionSupport implements UploadedFilesAware {

  private File uploadData; // the actual file
  private String uploadDataContentType; // the content type of the file
  private String uploadDataFileName; // the uploaded file name

  @Override
  public void withUploadedFiles(List<UploadedFile> uploadedFiles) {
    if (!uploadedFiles.isEmpty()) {
      final UploadedFile uploadedFile = uploadedFiles.get(0);
      this.uploadData = new File(uploadedFile.getAbsolutePath());
      this.uploadDataContentType = uploadedFile.getContentType();
      this.uploadDataFileName = uploadedFile.getOriginalName();
    }
  }

This version introduces changes to how the javascript runtime libraries are loaded. It allows us to update the glint libraries without having to release a new micro-radiant version and removes a bottleneck that prevented us from introducing new components for the plugins.

There are also various improvements to better handle errors and reduce the number of synchronization issues.

Changes and improvements​

Ln0x support​

Previously only Ln02 link fields were supported, this has been extended to the full range of Ln0x that is implemented by the chosen control layer (std-api or svc-api). This behaviour is locked behind a profile for backwards compatibility reasons:

• Std API Ln0x
• Std API yarn Ln0x
• Svc API Ln0x
• Svc API yarn Ln0x

New number field component​

A new number field component has been introduced that handles text input in the fields more gracefully. The component also implements some fraction digits validators, adding more functionality. The component is powered by an I18N number formatter that handles fraction separators and number bounds correctly. Default this is set to the locale en-GB. For Dutch formatting use nl-BE in the app.config.ts.

Changes and improvements​

• String interpolation
• Strict mode to catch errors in mapping.xml
• New list mapping syntax
• Improved stack-traces
• Support for extending the context of artifact paths, mapping files etc.

Changes and improvements​

• Artifact id has changed to mr-plugin-expanders (see migration guide below).
• Makes use of new descriptions fields on ElementClass and References to add these descriptions as hints in the plugin.

See Changelog for the full list of changes.

Changes and improvements​

Upgrade to Angular 19 and Angular Material 19​

For this release we updated all the code to Angular 19, in order to stay up to date with the releases and best practices.

Separation of QuerySearch​

QuerySearch is now an addon, instead of the default filtering implementation. Everything related to filtering in the code has been moved to separate expansionResources, namely angular-querysearch-expanders, angular-svcapi-querysearch-expanders and angular-stdapi-querysearch-expanders. When these expansionResources are not added the application will still function, however the filtering capabilities will not be present. From now on you can also add filtering implementations, e.g. finders, or provide a custom one.

Yarn support​

We provide a solution to substitute npm with yarn if wanted. This drastically improves dependencies install times. Substitute the Std API profile with Std API yarn (or Svc) in your expansionSettings.xml.

Harvest expanders​

The angular-expanders now depend on the harvest-expanders:1.0.0, this is an example of one of the first expansionResources that contains reusable expanders. These expanders and expansion steps define the gen/ext less harvesting.

New design implementation​

This version contains the new designs made for the list and details page.

Symbiotic Dependencies​

With prime-core 2025.0.0, expansion-resources can define symbiotic dependencies. These dependencies are not included automatically, but only in case a number of other expansion-resources are present. This allows expander developers to create resources that provide integration with other expander beams.

Migration guide​

Program folder refactor​

In order to accommodate multiple AngularApp instances, a folder structure similar to Application has been adopted. This means that in the angular folder you should relocate the ext, harvest and model folder present to a subpath /angularApps/{angularAppName}. You should not move the featureModules folder.

angular
├── ext
├── harvest
├── model
.   └── space-app.xml

angular
├── angularApps
.   ├── space-app
    .   ├── ext
        ├── harvest
        ├── model
        .   └── space-app.xml

Changed allowed value of option angular.isLinkFilterField​

The expanders were refactored to correctly find the required DataConnector in the available dataConnectors of the AngularApp. A new find algorithm has been put in place to do this, this algorithm does not rely on the DataRef anymore. This is why the value of the option has been changed to only the name of the DataConnector.

featureModuleName::dataConnectorName

dataConnectorName

Branding​

Login component​

Due to popular request the generated login component can be fully customised when using the option angular.hasCustomBranding. This will now give you custom anchors in the login.component.html and login.component.scss files, instead of only the option to change the images.

Title tag in index.html​

When using the option angular.hasCustomBranding, custom anchors will appear to set the title tag of your index.html. This is used in the browser tabs, when no other title is set via the angular router. When not filled in, it will put the url in the browser tab. Before the title was always angularAppName.

Version 3 of the nsx-tomee-base Docker image is now available. This version introduces (experimental) support for rootless containers, as well as some minor breaking changes.

Rootless​

New images have been added that can be used to run rootless containers. They add a new tomee user, which is used to execute the TomEE application server instead of the root user. Not running containers with a root user reduces security risks for the host system. All existing images are available as rootless as well under labels with the suffix -rootless appended to it.

Data volume​

The image now pre-defines a volume at the /data path for applications to write files to. The volume is pre-defined so it will be created even if it is not explicitly defined in the deployment of the container, so any files stored there will always be put into a persistent volume.

Scripts moved​

Previously all fixed scripts were stored in the /tmp folder. Though this is not ideal, we kept this for consistency and backwards compatibility. With this major version we've now moved those scripts to a new location in /scripts. There are still symlinks to the existing scripts in case they were called.

A brand-new release of the process-automation component is now available! There have been quite a few changes, mostly targeting stability, compatability and bug fixes. Some of the default configuration has changed, which may impact applications using a custom configuration. Read the migration guide below to verify if this applies to you!

Changes and improvements​

• (Stability) {DataElement}Cruds will now return an error when trying to modify an element into an interim state outside a Task.
• (Stability) Added error and recovery policies, allowing applications to configure how to deal with internal errors.
• (Stability) Fixed some issues which would occur when transactions went into timeout.
• (Compatability) Added support for applications using the ejb.interfaces.localOnly option.
• (Compatability) Replace usage of TransactionManager with TransactionSynchronizationRegistry. This should be available in more JavaEE runtimes.
• (Traceability) Added new monitoring anchors, to allow for more insight into applications running in production (more on this soon).
• (Performance) ApplicationPersistent queue will now fetch the queue much sooner if the last fetch received the requested number of tasks.