# Core Engine Release 3.10

September 2021

We upgraded! What's new? Learn more about new features, technical changes and solved bugs in our 4App Core Engine.

Note on upgrading: If you skip a version when upgrading, check all release and patch notes in between for important information. They apply cumulative.

Note on individualization: Our release notes describe the standard product. If your 4ALLPORTAL is strongly customized or if you installed individual apps, we recommend contacting our support before upgrading.

# New features and improvements

# New mass change option "Append text"

You can now select "Append text to existing text" as the type of change from the mass change drop-down. This allows you to add text to an existing field of type CEText or CEVarchar, which is useful when adding information to product descriptions, for example.

# Improved App Management and dependency check (admin)

Our admin snap-in General system configurations/App management/Apps now informs much clearer about available upgrade versions, displays a selected version's release notes and considers and informs about app dependencies before upgrading or deactivating a 4App. You may also search actively for pre-release versions. (More details)

# New User Impersonation (admin)

Admins and consultants with superadmin rights can open a session for any system user (not share users) without using a user's credentials. It is thus possible to see the 4ALLPORTAL front end from a user's point of view, e.g. to test (role) configurations or reproduce problems. Find this action here:

General system configurations/User settings/Users (list and detail view)
General system configurations/User settings/Role configurations (via the ...- button)

Please read this feature's important privacy notice here.

# New logging snap-in group (admin)

We improved our logging and error monitoring and implemented the new snap-in group
Protocol overview with five snap-ins (more details):

Application logs (moved from System settings): Now also captures startup and runtime warnings. Logging records are no longer deleted at startup or reload.
Mails: lists all emails / notifications sent from the system (e.g. eTicket or admin notification)
Missing translations: lists all detected not translated labels in your system (Beta feature)
Requests: lists all requests from Request Management and their statuses (e.g. pdf overviews)
Slow query: lists all database requests that took longer than 2 seconds (default) and shows a call's execution plan
For logging snap-ins File transfer and Shares go to the DAM's and Essential's Release Notes 3.10.

# New Slow query logging (admin)

We now log all slow database queries (default: 2 seconds +) to identify performance problems and get the option to improve. The logs are listed in the new snap-in Protocol overview/Slow query.
Configure it in admin snap-in General system configurations/System settings/Database. (More details)

# Improved Error logging (admin)

We renamed and moved snap-in "Log events" to Application logs in new snap-in group Protocol overview. We also added these new functionalities:

Logs now capture startup and runtime warnings in addition to errors.
Log records are no longer deleted automatically at startup or reload.
Log records can now be deleted manually in the admin snap-in.
From more than 100,000 records in the database, the oldest ones will be deleted permanently.

# New configuration snap-ins (admin)

With our new split configuration files comes the option to configure permissions and presets and make further module settings directly in the following new admin snap-ins (more details):

General system configuration/User settings/Feature permissions to create and manage feature permissions and presets
Module configuration/Feature permissions to create feature permissions for the selected module only
Module configuration/Native permissions to define native permissions for the selected module only
Module configuration/Object image to enable object images for the selected module only
Module configuration/Module definition to make basic settings for the selected module
DAM/File references to activate and configure the file reference (only if 4App DAM is active)

# Sortable relations (admin)

You can now divide your sortable field relations in subpanels. Instead of setting the relationName property, you have to use relationField. Additionally, the sort field has to be the relation field with the _rank suffix (more details).

# Additional database metrics (admin)

The metrics endpoint now has more database metrics, e.g. connection acquire time or active connections! They are created per database pool.

# API news (admin)

Support release type(s) as query parameter types of the endpoint GET:api/updates/{artifactId} to retrieve updates for specific release types, otherwise only for Release type.
Please note: To get an artifact of the other release type as Release, other repositories in the repository configuration have to be allowed.
New endpoint GET:api/updates/{artifactId}/{version} to get updates for the specified artifact and version with dependencies check.
New endpoint GET:api/marketplace/{artifactId} to retrieve the latest version of the specified artifact from the marketplace.
Please note: To get an artifact of the other release type as Release, other repositories in the repository configuration have to be allowed. Also, the query parameter types must be set to the required release type(s).
New endpoint GET:api/marketplace/{artifactId}/{version} to retrieve the latest version of the specified artifact and version from the marketplace.
New endpoint GET:api/system/apps/active/{artifactId}/{version} to update/upgrade the specified artifact and version with resolving all dependencies if possible.
New AfterCreateSessionEvent as replacement for after_create_session hook in the future. (more details)
New endpoint POST,PATCH,GET,DELETE:api/sync-connectors/{module}/{connector} to create, update, read and delete a synchronizer connector.
New endpoint GET:api/sync-connectors/{module} to retrieve all configured synchronizer connectors.

# Additional improvements

Add back & refresh buttons to the detail view of admin snap-in
Always show all accessible dimensions in the header
Local- and object renderer polishing for webhooks admin snap-ins
Support the file size, and the request size of a multipart request up to 1GB
Allow descending manual sort
New list representation of list fields with text renderer
Add a maximal width for tooltips
Prevent double clicks for operations in the toolbox
Add option to reset the sorting of a subpanel by switching the sort direction (ascending to descending to none)
Add sort controls to tile subpanels
Add new "proxy subpanel" layout (subpanel/proxy)
Add support for the field properties "readOnly" and "info" of the metadata field renderers
Add support for the field properties "label" and "info" of the simple field renderers
Generating previews for cr3 RAW files
Support the MIME-type "image/x-kodak-dcr"
Support convert options for video files: seek, duration and frame
Support the use of the API key for the legacy API
Store HTTP session in database for SAML to work in cluster
Delete SAML authentication when logout
Docker: allow the Core Engine to be upgraded to a newer version without upgrading the docker image
App Management: Remove of admin snapin "Repository settings", 1st and 2nd level administrator's should only be able to install stable-releases
Use logout URL for invalid session

# Technical changes & admin instructions

# Module configuration: Split .4apmsetup files into multiple files

We improved our feature permissions, presets, and native permissions handling to make custom permissions upgrade safe. From 3.10, the system no longer works with configuration files

global/defaults/module.4apmsetup
global/defaults/permission.4apmsetup
modules/MODULE/setup.4apmsetup

These files are split to the following new files and folders:

global/defaults/native_permissions.xml
global/defaults/permissions/
modules/MODULE/setup.xml
modules/MODULE/native_permissions.xml
modules/MODULE/ois.xml
modules/MODULE/permissions/
modules/file/check_references.xml (only if 4App DAM is active)

All .4apmsetup files from 4Apps and custom apps will be automatically converted and created in the _runtime folder at each system startup.

All .4apmsetup files from your custom folder will be converted once during the first startup after upgrading to 3.10 (more details).

Effect: With split configuration files, only specific changes are overwritten by customer or additional 4App settings. Additional feature permissions and presets no longer cause a problem when upgrading. The XML-file based module configuration is replaced by our new admin snap-ins.
What to do? Check your 4ALLPORTAL logfile after upgrading to 3.10 for configuration warnings and errors. No old configuration files should exist (possible warnings and errors and what to do).

Attention: .4apmsetup files are not changed in their 4App zip archive. The automatic conversion only works until the next major release 4.0.
What to do? If you use custom 4Apps, we strongly recommend to upgrade your custom apps with the required new files as soon as possible (best before upgrading to 3.10, at the latest before upgrading to 4.0).

# End of support: Internet Explorer

Please note that we do not support the Internet Explorer anymore. Opening the 4ALLPORTAL in this browser will produce an error. Please use another browser to use your 4ALLPORTAL.

# Hid modules in role configuration

We hid modules api_key, login_attempt and session from the role configurations per default.
Please note: If a module is not shown, also all custom role settings made for this module (stored in the database) will be ignored (more details and configure information).

# Automatic database pruning

Now all soft-deleted records (deleted=1) will be permanently deleted from the database 30 days after deletion time. Additionally, all obsolete records that were used for processing will be marked as deleted (deleted=1) after 14 days (more details).

# Changed native module permissions

We changed the native permissions of the following modules to this new default (only changes shown):

Module name	Module access	View	Delete	Edit	Assign	Create
api_key		public	public	public	public	yes
before		default	default	default	default	no
logevents		public	public
before		default	default
login_attempt		public	public	none	none	no
before		default	default	default	default	yes
session		public	public	none	none	no
before		default	default	default	default	yes
update_mngt	superadmin: yes, else: no		public	public	public
before	yes		own	own	own
webhook		public	public	public	public
before		default	default	default	none
webhook_event		public	public	public	public
before		default	default	default	none
webhook_logevent		public	public	public	public
before		default	default	default	none

For an overview of all permissions, take a look here.

# Moved and improved HTML Editor

We moved our HTML Editor from 4App DAM to Core Engine, where it is still used e.g. for eTickets. You can now edit HTML metadata directly in an asset's detail view after adding the editor to any CEText field of renderer type html.
Also, the editor's default menu items were extended and include more controls. The eTicket and download package editors keep their former choices though (more details).

Please note: To display HTML in a metadata field, you still need our 4App HTML Renderer.

# API: Support POST method for long GET URLs

In some cases the GET URL gets very long (e.g when filtering by IDs). Above a certain length this leads to errors for many web servers (because the HTTP standard does not specify the URL length).
To prevent such errors we added a way to send those long URLs as a POST request. (More details)

# Solved bugs

Fix error when deleting items in the reference renderer
Fix updating of the object image in the UI
Fix error with plain-html in layouts
Fix disable one of several dimensions
Fix wrong language of the share session
Fix legacy API call didn't return unauthorized HTTP code 401 when the session is invalid
Fix null values for sortable fields. Enables sortable tree structures.
Fix converting some 3d files to GLB
Fix privilege escalation vulnerability by adding stricter access control option hidden
Fix wrong relation type when using multiple relations to get the value and at least one of them is of the type "many-to-many"
Fix Core version in application log banner
Fix missing tooltips for several admin snap-ins (deleted objects, value options, api key, webhooks)
Fix missing label translation for searching shortcuts with no result
Fix concurrent access to the same application in the file system
Fix missed feature permissions while role compare by installation replicator
Fix rank value retrieval when updating a sortable field
Remove permission requirement for request_mngt to create versions
Set creator and mod by for created versions
Prevent cleanup jobs from deleting symbolic links
Fix corrupted XML and XLS files when downloading as original
Fix unchecked access for related module via object link
Fix allows to enable persistence of HTTP session
Set the ExcludeSessionRepositoryFilter as async to avoid errors in log
Fix set content type to text/plain and character encoding to UTF-8 for NagiosServlet /service/nagios/
Fix create session not work for a module with permission containing a template because the template needs content from a not initialized module
Fix accessing sortable fields over relations
Fix the comparison of the application versions: the release version has the higher priority over a snapshot
Fix missing refresh after role creation
Fix update after permanent deletion of deleted objects
Fix remove deleted sessions in cluster
Fix update session in a cluster when feature permission or preset changed by user
Fix assemble session first and then store in a container to avoid problem in cluster systems
API: Fix access to user module using the REST API
API: Fix selection of external relations with dimensions using 4APQL
API: fix querying of dimensions
Fix "referencefind" layout
Fix add filter off "share" user in referencefind view
Fix permanently delete for modules with virtual fields
API: Fix getting application icon for dependencies
Fix unnecessary configuration import from hidden directories
Fix losing marked objects on tree refresh
Fix SSO behavior issues
Fix showing wrong space after navigation to startup module
Fix error on role duplication
Fix missed license configuration to load some 4ALLPORTAL application at startup
Fix starting the 4ALLPORTAL when the database configuration is invalid
Fix not copying 4allportal-core.4app into data/apps folder leading to a 4ALLPORTAL unable to start
Fix use the correct user permissions to check if user has mod_access when setting additional permissions
Fix missing deletion trigger when setting the field "deleted" to "true".
Fix missing relation events when deleting a virtual relation
Fix set session cookie with same site none and secure (if secure connection). Also do not ignore forward headers.
Fix conflicting comet connection with eTicket
Fix converting the images in the same color space, but with a different color profile
Fix incorrect display of version tab when going back to Detail View
Fix due to missing tree actions empty action is displayed by tree
Fix application of actions "Rename" and "Create child element" from the tree header
Polish labels and tooltips for admin snapins e.g module configuration, role configuration, app management
Fix excluding folders through exclude patterns
Fix proxy relation handling for subpanels
Fix proxy relation handling for DetailSlidingList
Fix display of the node in the tree after the first child was created
Fix duplicated usage history
Fix failing system comparison

# How to get these improvements

Upgrade 4App Core Engine to version 3.10
No licensing required

# Patch releases

# Version 3.10.1

Fix restore dimension renderer values in search renderer after back navigation
Fix async error at remote ip valve to avoid log messages
Fix missing information for app dependency errors in app management
Fix internal error on invalid non null session in cookie
Do not set secure and SameSite attributes for cookie when accessing with old InDesign versions
Fix inject deep nested const parameter in import_layouts

# Version 3.10.2

Fix remove dimension value from fields with at least one not activated dimension
Fix wrong folder name flashes after creation/rename
Clean up the typeahead metadata index from values of the unnecessary fields
Fix grouping of features and presets
Use the same sort direction for id as the first sort field ingroup by
Fix item update in the tree
Set correct cookie for websocket (wss://, ws://) so that no automatic logout occurs after login
Always allow header X-INDESIGN-CEP in cors-requests
Always set cookie Secure and SameSite=none for request issues by InDesign with header or query parameter X-INDESIGN-CEP >= 11 and ignore security configuration
Not set cookie Secure and SameSite for InDesign requests with header or query parameter X-INDESIGN-CEP < 11 and ignore security configuration
Always allow cors origins file:// and null for InDesign requests

# Version 3.10.3

Fix "create and next" for subpanel quick-create
Cleanup the relations by delete permanently
Fix autocomplete copy with focus on empty text-input

# Version 3.10.4

Fix prune database for modules that do not have delete permissions for OIS
Fix prune database use module specific setting instead of default 30 days
Exclude "Orientation" metadata tag from striping when using "copy" mode
Support option "strip_exclusions" to exclude some EXIF metadata from striping (comma or semicolon separated) when using the "copy" mode
Don't log error precondition required because it's expected behavior
Fix incorrect parameters when the video needs to be converted
Fix checking permissions before moving / copying files / folders
Fix search with MetricRenderer for non metric fields
Suppress output of stack trace if not wanted or already logged
Fix generation of previews of the upload files in the filetransfer on Windows
Fix empty bubble in text renderer on search reset
Fix preview generation of some presentations (PowerPoint)
Fix missed new fields configuration after reload
Fix missing labels in toolbox if initially "small"

# Version 3.10.5

Fix editing of date for the task
Fix creating the system user session and permission
Suppress output of the stack trace during file import if a file or folder was not found during import
Fix downloading SVG files as original
Fix typeahead metadata search for values from the value options
Fix resuming request execution after errors
Fix update of apps

# Version 3.10.6

Fix missing locals for technical fields, shown in field selections of some admin snapins
Allows multiple schedulers to run in parallel. Fix for example expired sessions not deleted from database.

# Version 3.10.7

Fix keyboard handling in tree component
Fix session runtime not extended for /api calls
Session runtime extend improved. Now use session expiration from 4ALLPORTAL session after method call if possible instead of always extend expiration before method call.
Fix now always set session expiration when update last access
Comet does not extend session and use expiration from existing 4ALLPORTAL session for cookie expiration.
Improve empty state appearance

# Version 3.10.8

Fix "mass change" operation when there are additional permissions
Add list type's CEBooleanList, CEDateList, CEDoubleList, CEFloatList, CEIdentityList and CETimestampList for use in relations. No support for set to database or create fields in database.
Fix searching for superordinate or subordinate objects in same module and via same relation
API: Always add "module", "type", "mod_time" and "mod_time_img" (only if OIS is enabled for module) to field list
Fix general config error
Fix updating tree structure when the parent changed and the old or new parent was not found
New AfterCreateSessionEvent to avoid problems in cluster on session switch

# Version 3.10.9

Add new admin snap-in Update Management to Protocol Overview
Fix internal server error if the media "preview_base" was called
Fix BeanFieldRenderer showing dimension values correctly
Some improvement in event management
Fix error message when try to create duplicate user
Fix error when matching filter groups
Fix dropping non-existent indexes during update scripts and skip them instead
Fix don't show error page when login with SAML during reload
Fix the sessionPresetsDelete, deleteUserPresetUser and sessionPresetsPatch methods that were not synchron
Fix impersonation not working due to duplicate session cookie CESESSID

# Version 3.10.10

Fix reading "change" events
Add tooltips for shortened text bubbles
Fix search with operator "and not"
Fix the delete right check for the sidebar
Fix simultaneous access to cached previews
Fix display of unavailable objects in reference renderer

# Version 3.10.11

Fix read of add_permission. Now for example participants of collections shown after insert or change.
Fix back button behavior in detail views
Fix disabled field renderer

# Version 3.10.12

Fix missing "x" button on auto complete chips
Make comet messages more resilient in a cluster
Fix update after delete in recent objects
Improve Inter-tab-communication
Fix app update handling for not found dependencies

# Version 3.10.13

Fix editing of proxy beans in detail view
Fix some issues on browser back
Fix autorotate video previews recorded from iPhone
Improve dimension handling for related fields
Fix Value Option sorting
Improve loading renderer for proxy beans
Allow relation dependent quickcreate layouts

# Version 3.10.14

Fix plain installation not works when configuration not exists
Fix show active dimensions for renderers with list representation
Allow retrieval of the native fields when the maximum search count is exceeded
Fix potential shell injection (Spring4Shell). This is just a safety measure. The 4ALLPORTAL was not vulnerable.

# Version 3.10.15

Delete content from tables SPRING_SESSION_ATTRIBUTES and SPRING_SESSION to avoid errors after upgrade to 3.10.14
Exclude files and folders with "Combining Characters" from file system indexing
Fix autorotation of postscript files when generating previews
Fix converting the images with clipping path or alpha channel
Fix Jeager Tracing errors if Jeager Tracing is not configured
Fix firing all related change events when a linked object was changed
Fix checking for "health" status when reloading if the derivative service has not yet started

# Version 3.10.16

Fix duplicate operations in main view
Fix converting the SVG files to PNG with transparency
Fix occasional hang in distributed events causing reloads and restart to fail
Update dependencies - This is just a safety measure
Fix parsing the timestamps with the time zone

# Version 3.10.17

Fix the action extracting a 7z file after upload
Support binary search like mysql "binary like" for internal use only

# Version 3.10.18

fix security vulnerabilities
Improve filesystem performance in native apps

# Version 3.10.19

Fix showing label key for empty translations
Fix search with CEObjectLinkList
Add global login event for office plugins
Fix error when opening quick create popup
Fix searching for the object links
Remove old headers X-Content-Security-Policy and X-WebKit-CSP to reduce http response size
Remove CORS headers for /health to avoid problem with F5 Load Balancer
Fix list of bulk update types
Fix formatting the timestamps in API response
Support Object-Images with proxy modules in templates
Fix an app update issue, where a downgrade of the currently installed apps are suggested, if the user tried to install an incompatible 4app
Fix dependencies in powershell installation script
Fix startup script

# Version 3.10.20

Change 4App author to 4ALLPORTAL GmbH
Fix duplicating the recent objects
Fix issue with incognito tabs
Fix renderers on installation
Fix exception when going back to previous browser page
Fix template function 'getDate', when the time is not provided
Fix Reference Renderer default tile size (large (200px) => medium (120px))
Fix label key to successfully create relation
Fix zoom of tile in main view when holding button

# Version 3.10.21

Fix security vulnerabilities in docker container
Fix system log messages "[object Response]"

# Version 3.10.22

Fix formatting the timestamps in API response (/service/*)
Fix improve security by setting header x-content-type-options to nosniff
Fix cache-control, if no fallback image is set
add value frame-ancestors 'self' to a default Content-Security-Policy header config to prohibit website embedding (admin actions for a custom config)
Set max execution time for workflows and PAP connectors to 30 minutes

# Version 3.10.23

Fix UI exception for typeahead backend exception (e.g. invalid configuration)
Fix security vulnerabilities
Fix Reference Renderer tile sizes in dimension popup
Fix preview for IGES (IGS) files
Fix not allow to permanently delete system user from database
Fix replace line breaks and tabs in content security policy before use to prevent the server from crashing and restart not possible
Fix prevent the admin from saving feature/preset if he has read-only permission
Add value types CEVarbinary and CEVarbinaryList that are similar to the CEVarchar and CEVarcharList types, but store binary byte strings rather than non-binary character strings
Fix encoding of query URL when overriding request from POST to GET

# Version 3.10.24

Fix value selection for 'single_value' attribute for Selection Renderer of type RADIO
Fix application of attribute 'display_field' for Reference Renderer

# Version 3.10.25

Fix handling of urls without protocol
Fix generating previews for SVG files
Fix wrong color space when the EXIF tag "ColorSpace" has value 65535 (0xffff, Uncalibrated)
Support multiple values for "equal" and "like" search
Support metadata of the video frame rate (CM4AP.video_fps)

# Version 3.10.26

Fix security vulnerabilities
Fix display of not available references
Fix removed Photoshop tags for clipping path

# Version 3.10.27

Fix generating preview of the video files

# Version 3.10.28

Fix security vulnerabilities
Fix 10 second socket timeout
Fix activation of save/reset action in the toolbox
Fix showing correct object dimension values
Fix missing module selection in reference find popups

# Version 3.10.29

Forbid upgrading 4allportal-core application
Remove handling of relations to virtual modules (fixing system sync issues)
Fix security vulnerabilities
Fix parsing of duration parameter for video editing
Fix same modification time of roles and role access items after system sync
Fix triggering change events for relationships from the same module
Support big file node ids (unsigned long)
Fix horizontal scroll on sliding list jumps to the beginning after new data loaded

# Version 3.10.30

Fix session and login_attempt created for not existing user
Fix SelectionRenderer display in read-only mode

# Version 3.10.31

Fix style in object renderer when groups are hidden
Fix security vulnerabilities
Fix renderer and layout name for reference popup
Fix Link renderer shows wrong link text when display_text is not set
Fix NOT LIKE comparator for array values
Add DB index for the missing_label_translation module
Fix issue in role permission sql conditions when main module was not in quotes
Hotfix reduce number of reported missing translations (for the ValueOptions "-INFO" labels)

# Version 3.10.32

Fix tile view for ReferenceRenderer with unavailable objects
Fix issues when PAP connector event of a relation was triggered
Fix flickering image on changing e.g. f_collection participants
Fix no search result for fulltext search with thesaurus
Fix CEObjectLink list read does not work via relation because wrong sql was generated

# Version 3.10.33

Fix exclude functionality in a simple Renderer
Fix search in list with comparator NOT_LIKE, IS_NOT, NOT_IN, NOT_EQUAL results wrong content

# Version 3.10.34

Fix setting layout parameter "multiple" for SelectionActor in subpanel layouts
Fix ConcurrentModificationException in typeahead search
Fix security vulnerabilities

# Version 3.10.35

Fix wrong default resolution for the vector graphics (SVG and AI), now this resolution is 96 dpi
Fix WYSIWYG editor unexpected line breaks
Fix resolving a related field when the module permission exists
Fix parsing proxy fields when at least one of the related modules is missing

# Version 3.10.36

Fix Set only utf8 filename so that header Content-Disposition is not removed automatically
Fix checking for application upgrade
Forbid upgrading 4allportal-core application
Fix security vulnerabilities
Fix missing mass update option "append_text"

# Version 3.10.37

Add variable "objects.ids" to conditional operation type "open_url"
Add open type "iframe_popup" to conditional operation type "open_url"

# Version 3.10.38

Fix display position for dropdown
Add support for AWR files of Sony cameras A7-IV (ILCE-7M4)
Fix stack overflow error when having two change-files changing the parent file for all and "default" object types
Fix security vulnerabilities
Fix set properties to support MySQL 8
Remove the typeahead index from module session to avoid error with MySQL 8. Values from fields index and index_re were set to null.
Fix asynchronously creation of a new version of an asset
Skip autoincrement fields like CEIdentity and CEIdentityList when creating or updating a record
Improved log entry when connecting to the database fails
Add database index for the request management to fix the slow cleanup of request jobs that also made file import slow

# MySQL 8: Datetime not Supported in Typeahead

MySQL 8 does not allow empty strings in date conversion, so it is not allowed to use fields of MySQL type datetime (CETimestamp) in a typeahead index anymore. The following error would occur if such a field was configured:

java.sql.SQLException: Incorrect DATETIME value: ''

Possible impact: Custom typeaheads in which a date field is included will no longer work.
What to do: Check your custom typeahead indices for type CETimestamp and remove them.

# Version 3.10.39

Fix security vulnerabilities
Fix missing display name in admin view "deleted objects"
Fix YOUR-4ALLPORTAL-URL/swagger-ui/index.html did not work
Add "show_alpha" attribute for object images to the ImageRenderer
Fix useless null values in Reference Renderer
Fix not working Reference Renderer popup when having null values
Fix "disabled" status in Field Renderer

# Version 3.10.40

Fix dragging text from outside the 4ALLPORTAL
Fix slow verification of additional permissions
Fix security vulnerabilities

# Version 3.10.41

Fix validation not_null=false with regex validation
Fix concurrently modification errors during request jobs execution

# Version 3.10.42

Fix security vulnerabilities
Fix slow verification of additional permissions when permission is restricted by user and role

# Version 3.10.43

Fix too small table header size with reference tile renderer
Fix issue with full-text search when a search text contains an @ character
Fix some video files failing with the message "Too many packets buffered for output stream"

# Version 3.10.44

# Technical Changes

Tenant Management: We now check the unique tenant ID at system startup.

# Solved Bugs

Fix preview generation of some PDF files by updating Ghostscript to version 10.03.0
Fix security vulnerabilities

# Version 3.10.45

# Additional Improvements

Send the following prometheus metrics every hour instead of once per day: 4allportal_monthly_active_user, 4allportal_daily_active_user, 4allportal_monthly_active_user_last, 4allportal_daily_active_user_last

# Solved Bugs

Fix cgroup v2 container awareness. Without this enhancement, the JVM would not apply container resource limits when running on a cgroup v2 Linux host system, but would use the underlying host resource limits. This is fixed by using the latest openjdk-11 patch as the container base image instead of openjdk-14

# Version 3.10.46

# Technical Changes & Admin Instructions

We have converted the metrics 4allportal_monthly_active_user_last and 4allportal_daily_active_user_last into a tag timePeriod. It can now be used for metrics 4allportal_monthly_active_user and 4allportal_daily_active_user
We have added a new role tag for the prometheus metrics for 4allportal_monthly_active_user and 4allportal_daily_active_user to be able to group by role
We have added the following prometheus metrics: 4allportal_active_user_all_time, 4allportal_login_attempts, 4allportal_login_attempts_successful, 4allportal_module_objects_created, 4allportal_module_objects_updated

# Solved Bugs

Fix errors in the log and during restart caused by metrics not being sent after a system shutdown
Fix ConcurrentModificationException that occurred after changing properties of the same object in parallel. Changes are now synchronized

# Version 3.10.47

Fix generating a preview for RAW files when the RAW file contains a preview image

# Version 3.10.48

Fix extraction and analysis of metadata from large files (>2GB)
Fix problems with restoring the version of objects

# Version 3.10.49

Fix modified module count metric to track objects that were modified yesterday
Fix missed PAP connector events after full sync

# Version 3.10.50

Fix embedding of XMP FileID field in downloaded files
Fix concurrent access to cached derivates when they are being generated

# Version 3.10.51

Fix unexpected closing of scrollable dropdowns when try to select and option

# Version 3.10.52

# Improvements

In-App Customer Service: We have implemented an in-app customer service.

# Version 3.10.53

Fix an in-app customer service related issue

# Version 3.10.54

Fix not retrieving session embedded properties if the 4ALLPORTAL API URL was not set or not reachable
Fix security vulnerabilities

# Version 3.10.55

Removed IP metrics from Prometheus
Fix ldap login not working on windows

# Version 3.10.56

Fix detection and logging of slow SQL queries

# Version 3.10.57

Fix security vulnerabilities by updating library dependencies
Fix missing dimensions when retrieving the object of a PAP connector
Skip throwing the OIS events, when a watermark configuration field changes

# Version 3.10.58

Fix allow frontend to filter duplicate comet messages
Duplicate comet messages will be ignored
Fix concurrent modification of the object properties

# Technical Changes

# Change Event Table Pruning

We now check all change event tables ({module}_chg_evt) on a daily basis and clean them of completed entries older than 30 days.
Further information: Event Management documentation

# Version 3.10.59

Fix throwing of workflow events based on relation triggers

# Version 3.10.60

Fix security vulnerabilities
Fix the logging of unnecessary errors or warnings when requests (e.g. a video) are terminated by the client
Fix inability to use the in-app help for users without a registered email address

# Version 3.10.61

Fix inability to read tenant ID by updating a library

# Version 3.10.62

Fix security vulnerabilities by updating library dependencies
Fix opening 4ALLPORTAL ticket portal if the 4ALLPORTAL URL does not end with "4allportal.cloud"

# Version 3.10.63

Added logging improvements

← Core Engine Release 3.9 Core Engine Release 4.0 →