# Core Engine Release 3.9

March 2021

We upgraded! What's new? Learn more about new features, technical changes and solved bugs in our 4App Core Engine.

Note on upgrading: If you upgrade from 3.7 or earlier versions, check all release notes in between for important information. They apply cumulative.

Note on individualization: Our release notes describe the standard product. If your 4ALLPORTAL is strongly customized or if you installed individual apps, we recommend contacting our support before upgrading.

# New features and improvements

# Back & refresh button

We added two new buttons to the detail view of all standard modules:

The back button brings you back to the previous view (e.g. back to your last performed searches result list) even after clicking through several records in the detail view.
The refresh button lets you refresh a record (e.g. after editing) without using the refresh button of the browser anymore.

# Additional improvements

Performance improvement of the file indexer due a file ID is only read when it is needed
API: Allow specifying the dimensions for endpoint /modules/{module}/objects/{id}
Info on how to create an API key
Support cache for manipulated images (more information)
Add expiry information to welcome- and password-reset-emails
Send related_module_name and related_bean_id with each dragAndDrop action call
TypeAHead: support new values for fields with value options
Feature: support custom field for pid_tree search
Remove leading and trailing whitespace characters from string values when parsing XML maps. To strip other string values use the adapters XmlStripStringAdapter or CollapsedStringAdapter
New operation method QUICK_EDIT to edit objects directly in a pop-up
Reduce loaded data in tree component
Translation polish: Field names, tooltips, wordings for users, change history
Polish labels and tooltips for several actions and views
Allow values that are shorter than three characters for list values in MetadataWorkflowAction
Allow to hide admin snap-ins with parameter <visible>false</visible> in .4apadminsi files
Improve png icon performance
Force health check also for database connections now
Polish labels and tooltips for serveral actions and views
Do not throw the derivate events of a PAP connector if the object is not available for this connector

# Technical changes & admin instructions

# New detail view layout files

For back & refresh button, we changed all detail view layout configuration files (default.4aplayout in global/defaults/layouts/detail and modules/{module name}/layouts/detail).
Possible impact: If you use custom layout files (global or modules), the new buttons may not show in your system.
What to do: Adapt the new components for your customized layout configuration files (.4aplayout_c files should work without adjustments).

# Solved bugs

Fix checking operation permission for subpanels when the objects requested via the multiple relationships
Fix unexpected logout with API key null
Fix ignore recipients without email address set
Fix activate and deactivate dimensions when they were already deactivated or activated
Fix compatibility with password manager Dashlane
Fix use new libraries to fix security vulnerabilities
Fix admin sidebar state after location change prevention
Fix doesn't set same site and secure for cookies for request with origin file://
Fix implement hashCode for CETypes
Fix create version with configured watermark
Fix unordered values options
Fix create subfolder
Fix wrong background when the transparency of an image removed
Fix save dimension process
Fix error when maintaining scroll position in the list
Fix choosing unsupported server language in UI
Fix definition of decimal places in number renderer
Fix loading process on the list tile
Fix escaping for LIKE search
Fix the addition of missing typeahead indexes on large amounts of data
Fix NPE from opentracing for not existing pages
Fix Combination of different search sources
API: fix setting the object type via PATCH or POST methods
API: fix sort argument causing errors, when specifying desc or asc
API: fix totalCount for objects endpoint. It now supports a new boolean parameter to enable
API: set limits for totalCount and limit to 15.000
API: add support to read Metric and Metric list fields
Fix only set default value one time and not on reload for field type of audit tables
Fix error in log for update 100LO from core
Fix activation of dimensions when opening a popup
Fix error after updating objects
Fix broken date chooser appearance
Fix empty popup for user downloads (personal settings) in desktop app
Fix failed login messages
Fix ignore files and folders starting with . when reading configuration
Fix visibility of pid operations
Fix infinite loop with expired sessions
Fix preview generation for audio files when the audio file contains more than one audio/video stream
Fix icon caching for requested icons before and after login
Fix output of the 4ALLPORTAL version
Fix tooltip change when selecting / deselecting history / favorites / file transfer
Fix display of "Restore backup" action
Fix collect fields for metadata mapping workflow
Fix only log authentication provider error with log level debug for configuration fixing

# How to get these improvements

Upgrade 4App Core Engine to version 3.9

# Patch releases

# Version 3.9.1

Fix wrong language of the share session
Fix refresh of list data
Support metric and object links mapping via mapping workflow and additions (more information)
Fix legacy API call didn't return unauthorized HTTP code 401 when the session is invalid
Fix null values for sortable fields. Enables sortable tree structures.
Fix UI cache providing outdated objects

# Version 3.9.2

Fix share by query configuration
Fix restoration of scroll position in the list

# Version 3.9.3

Api: Fix "Bearer" authorization

# Version 3.9.4

Allow duplicate ids when checking for conditional operations
Fix privilege escalation vulnerability by adding a stricter access control option: hidden
Fix download of the original file via legacy API
Fix download issue when the MIME-type contains uppercase characters
Improve performance for some searches
Fix proxy relation handling
Fix restoring from scrolling position in the list
Fix date validation text
Fix autorotation when generating the preview of postscript files (EPS, PS, AI)

# Version 3.9.5

Fix broken svg icons
Fix database deadlock when the mod_time_img should be updated

# Version 3.9.6

Keep the resolution tags when downloading the original file
Fix dimension handling in object renderer
Fix throw a change event if the property deleted of an object set to true

# Version 3.9.7

Fix missing label translation for searching shortcuts with no result
Remove permission requirement for request_mngt to create versions
Set creator and mod by for created versions
Fix ldap login with PowerPoint-Plugin. Allow fallback to default provider for connector names default and none
Fix login not possible when authentication provider not configured properly
Fix authentication providers not ordered
Fix upload of a preview when the upload file name contains ';' (semicolon) and/or '"' (double quote) characters
Store http session in database for SAML to work in cluster
Delete SAML authentication when logout
Fix allows enabling persistence of http session
Prevent cleanup jobs from deleting symbolic links

# Version 3.9.8

Set the ExcludeSessionRepositoryFilter as async to avoid errors in log
Fix fallback authentication provider on error response

# Version 3.9.9

Api: Fix querying dimensions with 4APQL

# Version 3.9.10

Fix role selection in role comparison
Fix error by loading a related field from a module with restricted permissions
Api: Fix selection of external relations with dimensions using 4APQL
Fix getting client type because type checking is case-sensitive
Fix accessing sortable fields over relations

# Version 3.9.11

Fix missed feature permissions while role compare by installation replicator
Fix sometimes missing "save" and "reset" in detail view
Fix logic for simple object renderer
Fix missing translation of connector info in login screen
Fix restore selection for "proxy" object (e.g. f_collection_item in DAM)
Fix removing in some cases one of the 4ALLPORTAL system folders, such as cefs
Fix duplicated objects when searching with sort and offset
Fix remove deleted sessions in cluster
Fix update session in cluster when feature permission or preset changed by user
Fix assemble session first and then store in container to avoid problem in cluster systems
Fix converting a multilayer TIFF images with alpha channel to JPEG
Fix behavior for certain links

# Version 3.9.12

Improve pid_tree layout
Fix corrupted XML and XLF(xliff) files when downloading as original

# Version 3.9.13

Fix unnecessary configuration import from hidden directories
Fix missing deletion trigger when setting the field "deleted" to "true".
Fix missing relation events when deleting a virtual relation
Fix dimension renderer (Dimension selection for searches)
Fix set session cookie with same site none and secure (if secure connection). Also do not ignore forward headers.

# Version 3.9.14

Fix converting the images in the same color space, but with a different color profile
Fix don't set invalid session from cookie to IAuthenticationFacade
Fix 500 Internal Server Error' on API call, because ThreadLocal not reset after exception

# Version 3.9.15

Fix variables in ConfiguredSearchRenderer
Fix use new tomcat library to proper handle urls which start with wss://
Fix use request.isSecure for setting cookie values secure and SameSite
Fix set request.isSecure to "true" when X-Forwarded-Proto contains value wss
Fix use method to set cookie CESESSID also for remove, because Chrome needs the same parameter for attributes secure and SameSite
Fix duplicated usage history

Http request.isSecure=true now generates cookie attributes secure and SameSite. Therefore, former configuration Cookie Secure in admin snap-in General system configurations/System Settings/Security should be switched to "disabled". It is necessary to set at least the proxy server's / load balancer's X-Forwarded-Proto header to https or wss.
This configuration option will possibly be removed later.

# Version 3.9.16

Update Docker base image with up-to-date Java and dependencies

# Version 3.9.17

Fix restore dimension renderer values in search renderer after back navigation
Fix async error at remote ip valve to avoid log messages
Fix internal error on invalid non null session in cookie
Do not set secure and SameSite attributes for cookie when accessing with old InDesign versions

# Version 3.9.18

Use the same sort direction for id as the first sort field ingroup by

# Version 3.9.19

Set correct cookie for websocket (wss://, ws://) so that no automatic logout occurs after login
Always allow header X-INDESIGN-CEP in cors-requests
Always set cookie Secure and SameSite=none for request issues by InDesign with header or query parameter X-INDESIGN-CEP >= 11 and ignore security configuration
Not set cookie Secure and SameSite for InDesign requests with header or query parameter X-INDESIGN-CEP < 11 and ignore security configuration
Always allow cors origins file:// and null for InDesign requests

# Version 3.9.20

Fix downloading SVG files as original
Allows multiple schedulers to run in parallel. Fix for example expired sessions not deleted from database.

# Version 3.9.21

Some improvement in event management

# Version 3.9.22

Fix reading "change" events
Fix simultaneous access to cached previews

# Version 3.9.23

Make comet messages more resilient in a cluster

# Version 3.9.24

← Core Engine Release 3.8 Core Engine Release 3.10 →