|
|
|
|
|||
| 29190 | Removal of certain user records required by the system is not possible anymore | The users with the logins: "admin", "guest", and "ewsystem" can no longer be deleted. This prevents the inadvertent deletion of logins that are necessary for system use and/or troubleshooting. | |||
| 36958 | Relabeling 'Edit' button on text and append-only fields | Added the ability to re-label the 'Edit' button on text and append-only fields. To re-label the 'Edit' button: 1. Make a backup copy of <Agiloft_directory>/jboss/server/sw/lib/sw/SW2interfaces.jar in a different folder 2. Copy <Agiloft_directory>/jboss/server/sw/lib/sw/SW2interfaces.jar into an empty temp directory 3. Run following command to expand the jar file: jar -xvf SW2interfaces.jar. After expanding, remove the jar file. 4. Make changes to GUI2_en.properties file located in folder com/supportwizard/gui2. The property is control.edithtmlbutton=html 5. Modify the revision.properties file and increment the 'build.date' by 1 minute. 6. Zip the jar file using following command: jar -cvf SW2interfaces.jar * 7. Stop jboss, replace jar file, and restart jboss stop jboss: sudo /etc/init.d/ew-server stop restart jboss: sudo /etc/iinit.d/ew-server start 8 Clear cache from browser. Users may clear their browser cache to see the effect of this change immediately or wait a few hours for cached items to expire. |
|||
| 37653 | Security: put limits on access to REST/SOAP commands based on group membership | Additional controls were added to enhance REST/SOAP security via Setup/System/Manage Web Services. This allows SOAP/REST access to be limited to particular groups. For backwards compatibility, all groups have access to both SOAP and REST by default. | |||
| 37654 | URLs for the REST "redirect" option may now be resticted to whitelisted ones | Only URLs listed in the 'Allowable_Redirection_Hosts' variable are allowed in REST redirects now. | |||
| 37712 | Backup process improved to address DDL table locking | The backup process previously failed if tables were locked by DDL operations. A warning
about potential issues has been added: 'Timeout waiting for DDL lock on table 'Sales Issues',
please try again later. Lock(s) held by...'. Now, when a table is locked, the export process will wait until it can safely begin. |
|||
| 37822 | Limited access to REST and SOAP by IP address | Implemented the ability to limit REST and SOAP by IP address. The following variables were added: Security:REST IP Blacklist Security:REST IP Whitelist Security:SOAP IP Blacklist Security:SOAP IP Whitelist These allow individual IP addresses, separated by comma, as well as ranges, separated by dash. IPv4 and IPv6 are allowed. Blacklist defines those IP addresses that are forbidden from access. Whitelist defines those IP addresses that are allowed for access. Admin console blacklist takes precedence over KB-specific blacklist. KB-specific whitelist takes precedence over Admin KB whitelist. Admin console Blacklist takes precedence over Admin console whitelist KB specific Blacklist takes precedence over KB specific whitelist Normally, KB-specific values will be used. Admin KB settings can be used by a server admin to temporarily blacklist any suspicious IP addresses until an investigation has been carried out or pre-emptively whitelist some IP addresses (but let KB admins override this). |
|||
| 37860 | Added button 'Analyze table' | New functionality has been added to the admin console that allows an admin to force the DB to
analyze and collect index statistics. This can improve performance by helping the database find
the optimum index to use for queries. The Setup/Repair page now has a section titled 'DB maintain' with the button 'Analyze Tables'. After selecting a KB, the system checks if there is any import processes running, and if not, will start the analysis process. The new Status report message is 'Analysis is being run. You can find results in server logs.' The server log now contains the analysis output. If a project is in the process of importing, a confirmation pop-up will appear stating: "It is not recommended to run analyze table at the same time when any project is in importing state. Continue?". It is recommended the user cancels the analysis process and waits until any import is finished in such cases. |
|||
| 38061 | Added global variable to control the output of error messages in SOAP and REST | Added a new admin console global variable Security:Web Services Verbose Errors with the
values Yes or No and a default value of No. If set to No and a SOAP or REST EWSelect call returns an error message, the message in truncated to a generic message: Wrong query see details in the logs. If set to Yes, the full error message is returned. |
|||
| 38062 | Added global variable to disable Anti-SQL injection | Implemented a new global variable "Security:Web Services Anti SQL Injection" of type choice
Yes/No with default value 'Yes'. The default value of Yes enables an advanced Anti SQL-injection feature that limits the "where" clause in SOAP/REST EWSearch calls to a single table and disables the following functions: "DATABASE", "USER", "VERSION", "CURRENT_USER", "BENCHMARK", "SLEEP", "HEX", "UNHEX", "BIN", "ASCII", "HOST_NAME", "HOSTNAME", "SERVERNAME", "SERVERPROPERTY", "DATADIR", "IS_SRVROLEMEMBER", "SESSION_USER", "LOAD_FILE", "GROUP_CONCAT", "GLOBAL.VERSION", "SYSTEM_USER", "SCHEMA", "UUID", "CONCAT_WS", "PASSWORD" This variable can be set in the admin console to apply a default value to all KB's, or may be set in an individual KB, in which case the value set in the individual KB takes precedence. It may be set to Yes if it is necessary for REST or WS programs to use the above functions or access more than one table in a select statement. |
|||
| 38319 | Fixed an issue with related table action bars | Previously, when a user opened a record for viewing (not editing) that contained a related
table, the action bars for the related table were missing the buttons New, Mass Edit, etc. Now, if a user has the proper permissions for the related table, the buttons will appear when viewing or editing the record and the action bar will contain the same buttons in both cases. For security reasons a new setting has been added to the related table data type. On the Display tab it says: (x) Allow all actions in Action Bar only when editing the main record ( ) Allow all actions in Action Bar when viewing or editing the main record The first setting is selected by default. Also, the new setting is greyed-out if the user chooses not to display an action bar. |
|||
| 38720 | Added support for MySQL 5.6.14 | The default version of MySQL has been upgraded to 5.6.14 to address performance bugs in earlier releases of MySQL |
|
|
|
|
|||
| 29828 | Fixed minor problems with styles in look and feel wizard | There were some places in the interface where incompatible styles were combined, creating the potential for white on white fonts. This has been fixed. | |||
| 32452 | Improved display of Timezones | Added the ability to edit and manage short Timezone abbreviations using: Setup -> System ->
Set Knowledgebase Time -> Edit TZ Abbreviation. Default Timezone abbreviations are provided and may be edited if desired. |
|||
| 34992 | Print rules from a table | The ability to print a full description of all the rules in a particular table, or the entire KB, has been restored. This can be accessed via the Print icon in a table's Action bar. | |||
| 36096 | "New Note" option in 'All Communication' table toolbar bug | An issue with the 'New Note' option in the 'All Communication' table toolbar has been fixed. | |||
| 36880 | Fixed incorrect record save confirmation message when viewing a record from Last Opened menu | Previously, if a user viewed a record by clicking on an item in the left hand pane section 'Last Opened' and then clicked on another item in the last-opened section, the user got a warning message stating "All changes will be lost" and asking the user to confirm. This message was unnecessary and has been removed. | |||
| 37021 | Fixed a bug that could cause duplication of attachments created via the REST/SOAP interface | A bug in the REST/SOAP interface that was causing attachment files to be duplicated has been
fixed. A check/repair mode has been added to the Admin Console's Repair Tab to remove duplicates that had been created due to the bug. |
|||
| 37535 | Fixed an IE-specific bug that sometimes caused an SoD when saving related records | This addresses a bug in IE that sometimes caused an exception when saving a record that was opened via a related table. | |||
| 37572 | Fixed a bug that could cause an SoD when entering table setup | Fixed a bug that caused an exception when attempting to enter a table's setup wizard if "comment" text entered using the layout facility contained a hotlink to an external website. | |||
| 37652 | Security: placed limitations on the "where" parameter for EWSearch in SOAP/REST to prevent SQL injection attacks | Added an SQL parser and limited the 'where' parameter to a single table (i.e. the system
shouldn't allow a UNION or sub-selects with a different table using the 'where' parameter). Made error messages non-verbose by default. Added a blacklist of functions: "DATABASE", "USER", "VERSION", "CURRENT_USER", "BENCHMARK", "SLEEP", "HEX", "UNHEX", "BIN", "ASCII", "HOST_NAME", "HOSTNAME", "SERVERNAME", "SERVERPROPERTY", "DATADIR", "IS_SRVROLEMEMBER", "SESSION_USER", "LOAD_FILE", "GROUP_CONCAT", "GLOBAL.VERSION", "SYSTEM_USER", "SCHEMA", "UUID", "CONCAT_WS", "PASSWORD" |
|||
| 37695 | Fixed an issue regarding API $genhotlink expiration after a month | Fixed an issue with the expiration date in the hotlink generator and API HTML form generator. Previously, they expired after a month. This problem has been fixed. | |||
| 37717 | FTS Search for text with apostrophe fixed | Previously, full-text search treated the apostrophe character ' as a letter, so a search for Kohl would not find the word Kohl's. This has been fixed, so it is now possible to find this word by searching for Kohl or Kohl's | |||
| 37836 | Fixed an error on configuring external sync | A bug was fixed that caused an exception when external sync was set in certain configurations. | |||
| 38341 | Fixed an issue with updating Email Campaign results | Previously, in some cases, Email Campaign results couldn't be updated. This problem has been fixed. | |||
| 38440 | Fixed issue with displaying the list of recipients in the Send Email dialog box | Fixed an issue with the display of the list of recipients Users field in the email editor when
adding or removing users from the recipients list. Now the display of the recipient list is properly
updated if the "Users" field is deselected. Note: The system always sent the email to the right set of individuals, this was just a display error in the interactive feedback provided to the user when composing the email |
|||
| 38681 | Various minor bug fixes to Sync functionality | Several issues with Sync functionality were fixed, improving overall performance and reliability. |