January 2014 Release Notes. Version 6 R5

Category :
Enhancement
ID
Summary
Resolution
29190 Removal of certain user records required by the system is not possible anymore The users with the logins: "admin", "guest", and "ewsystem" can no longer be deleted. This prevents the inadvertent deletion of logins that are necessary for system use and/or troubleshooting.
36958 Relabeling 'Edit' button on text and append-only fields Added the ability to re-label the 'Edit' button on text and append-only fields.

To re-label the 'Edit' button:

1. Make a backup copy of <Agiloft_directory>/jboss/server/sw/lib/sw/SW2interfaces.jar in a different folder
2. Copy <Agiloft_directory>/jboss/server/sw/lib/sw/SW2interfaces.jar into an empty temp directory
3. Run following command to expand the jar file: jar -xvf SW2interfaces.jar. After expanding, remove the jar file.
4. Make changes to GUI2_en.properties file located in folder com/supportwizard/gui2. The property is control.edithtmlbutton=html
5. Modify the revision.properties file and increment the 'build.date' by 1 minute.
6. Zip the jar file using following command: jar -cvf SW2interfaces.jar *
7. Stop jboss, replace jar file, and restart jboss
stop jboss: sudo /etc/init.d/ew-server stop
restart jboss: sudo /etc/iinit.d/ew-server start
8 Clear cache from browser.

Users may clear their browser cache to see the effect of this change immediately or wait a few hours for cached items to expire.
37653 Security: put limits on access to REST/SOAP commands based on group membership Additional controls were added to enhance REST/SOAP security via Setup/System/Manage Web Services. This allows SOAP/REST access to be limited to particular groups. For backwards compatibility, all groups have access to both SOAP and REST by default.
37654 URLs for the REST "redirect" option may now be resticted to whitelisted ones Only URLs listed in the 'Allowable_Redirection_Hosts' variable are allowed in REST redirects now.
37712 Backup process improved to address DDL table locking The backup process previously failed if tables were locked by DDL operations. A warning about potential issues has been added: 'Timeout waiting for DDL lock on table 'Sales Issues', please try again later. Lock(s) held by...'.

Now, when a table is locked, the export process will wait until it can safely begin.
37822 Limited access to REST and SOAP by IP address Implemented the ability to limit REST and SOAP by IP address.

The following variables were added:

Security:REST IP Blacklist
Security:REST IP Whitelist
Security:SOAP IP Blacklist
Security:SOAP IP Whitelist

These allow individual IP addresses, separated by comma, as well as ranges, separated by dash. IPv4 and IPv6 are allowed.

Blacklist defines those IP addresses that are forbidden from access.
Whitelist defines those IP addresses that are allowed for access.

Admin console blacklist takes precedence over KB-specific blacklist.
KB-specific whitelist takes precedence over Admin KB whitelist.

Admin console Blacklist takes precedence over Admin console whitelist
KB specific Blacklist takes precedence over KB specific whitelist

Normally, KB-specific values will be used. Admin KB settings can be used by a server admin to temporarily blacklist any suspicious IP addresses until an investigation has been carried out or pre-emptively whitelist some IP addresses (but let KB admins override this).
37860 Added button 'Analyze table' New functionality has been added to the admin console that allows an admin to force the DB to analyze and collect index statistics. This can improve performance by helping the database find the optimum index to use for queries.

The Setup/Repair page now has a section titled 'DB maintain' with the button 'Analyze Tables'. After selecting a KB, the system checks if there is any import processes running, and if not, will start the analysis process. The new Status report message is 'Analysis is being run. You can find results in server logs.' The server log now contains the analysis output.

If a project is in the process of importing, a confirmation pop-up will appear stating: "It is not recommended to run analyze table at the same time when any project is in importing state. Continue?".

It is recommended the user cancels the analysis process and waits until any import is finished in such cases.
38061 Added global variable to control the output of error messages in SOAP and REST Added a new admin console global variable Security:Web Services Verbose Errors with the values Yes or No and a default value of No.

If set to No and a SOAP or REST EWSelect call returns an error message, the message in truncated to a generic message: Wrong query see details in the logs.

If set to Yes, the full error message is returned.
38062 Added global variable to disable Anti-SQL injection Implemented a new global variable "Security:Web Services Anti SQL Injection" of type choice Yes/No with default value 'Yes'.

The default value of Yes enables an advanced Anti SQL-injection feature that limits the "where" clause in SOAP/REST EWSearch calls to a single table and disables the following functions:

"DATABASE", "USER", "VERSION", "CURRENT_USER", "BENCHMARK", "SLEEP", "HEX", "UNHEX", "BIN", "ASCII", "HOST_NAME", "HOSTNAME", "SERVERNAME", "SERVERPROPERTY", "DATADIR", "IS_SRVROLEMEMBER", "SESSION_USER", "LOAD_FILE", "GROUP_CONCAT", "GLOBAL.VERSION", "SYSTEM_USER", "SCHEMA", "UUID", "CONCAT_WS", "PASSWORD"

This variable can be set in the admin console to apply a default value to all KB's, or may be set in an individual KB, in which case the value set in the individual KB takes precedence. It may be set to Yes if it is necessary for REST or WS programs to use the above functions or access more than one table in a select statement.
38319 Fixed an issue with related table action bars Previously, when a user opened a record for viewing (not editing) that contained a related table, the action bars for the related table were missing the buttons New, Mass Edit, etc.

Now, if a user has the proper permissions for the related table, the buttons will appear when viewing or editing the record and the action bar will contain the same buttons in both cases.

For security reasons a new setting has been added to the related table data type.
On the Display tab it says:
(x) Allow all actions in Action Bar only when editing the main record
( ) Allow all actions in Action Bar when viewing or editing the main record

The first setting is selected by default.

Also, the new setting is greyed-out if the user chooses not to display an action bar.
38720 Added support for MySQL 5.6.14 The default version of MySQL has been upgraded to 5.6.14 to address performance bugs in earlier releases of MySQL

Category :
Bug
ID
Summary
Resolution
29828 Fixed minor problems with styles in look and feel wizard There were some places in the interface where incompatible styles were combined, creating the potential for white on white fonts. This has been fixed.
32452 Improved display of Timezones Added the ability to edit and manage short Timezone abbreviations using: Setup -> System -> Set Knowledgebase Time -> Edit TZ Abbreviation.

Default Timezone abbreviations are provided and may be edited if desired.
34992 Print rules from a table The ability to print a full description of all the rules in a particular table, or the entire KB, has been restored. This can be accessed via the Print icon in a table's Action bar.
36096 "New Note" option in 'All Communication' table toolbar bug An issue with the 'New Note' option in the 'All Communication' table toolbar has been fixed.
36880 Fixed incorrect record save confirmation message when viewing a record from Last Opened menu Previously, if a user viewed a record by clicking on an item in the left hand pane section 'Last Opened' and then clicked on another item in the last-opened section, the user got a warning message stating "All changes will be lost" and asking the user to confirm. This message was unnecessary and has been removed.
37021 Fixed a bug that could cause duplication of attachments created via the REST/SOAP interface A bug in the REST/SOAP interface that was causing attachment files to be duplicated has been fixed.

A check/repair mode has been added to the Admin Console's Repair Tab to remove duplicates that had been created due to the bug.
37535 Fixed an IE-specific bug that sometimes caused an SoD when saving related records This addresses a bug in IE that sometimes caused an exception when saving a record that was opened via a related table.
37572 Fixed a bug that could cause an SoD when entering table setup Fixed a bug that caused an exception when attempting to enter a table's setup wizard if "comment" text entered using the layout facility contained a hotlink to an external website.
37652 Security: placed limitations on the "where" parameter for EWSearch in SOAP/REST to prevent SQL injection attacks Added an SQL parser and limited the 'where' parameter to a single table (i.e. the system shouldn't allow a UNION or sub-selects with a different table using the 'where' parameter).

Made error messages non-verbose by default.

Added a blacklist of functions:

"DATABASE", "USER", "VERSION", "CURRENT_USER", "BENCHMARK", "SLEEP", "HEX", "UNHEX", "BIN", "ASCII", "HOST_NAME", "HOSTNAME", "SERVERNAME", "SERVERPROPERTY", "DATADIR", "IS_SRVROLEMEMBER", "SESSION_USER", "LOAD_FILE", "GROUP_CONCAT", "GLOBAL.VERSION", "SYSTEM_USER", "SCHEMA", "UUID", "CONCAT_WS", "PASSWORD"
37695 Fixed an issue regarding API $genhotlink expiration after a month Fixed an issue with the expiration date in the hotlink generator and API HTML form generator. Previously, they expired after a month. This problem has been fixed.
37717 FTS Search for text with apostrophe fixed Previously, full-text search treated the apostrophe character ' as a letter, so a search for Kohl would not find the word Kohl's. This has been fixed, so it is now possible to find this word by searching for Kohl or Kohl's
37836 Fixed an error on configuring external sync A bug was fixed that caused an exception when external sync was set in certain configurations.
38341 Fixed an issue with updating Email Campaign results Previously, in some cases, Email Campaign results couldn't be updated. This problem has been fixed.
38440 Fixed issue with displaying the list of recipients in the Send Email dialog box Fixed an issue with the display of the list of recipients Users field in the email editor when adding or removing users from the recipients list. Now the display of the recipient list is properly updated if the "Users" field is deselected.

Note: The system always sent the email to the right set of individuals, this was just a display error in the interactive feedback provided to the user when composing the email
38681 Various minor bug fixes to Sync functionality Several issues with Sync functionality were fixed, improving overall performance and reliability.