Release notes for the first 6.5 GA Service Pack
AppBase 6.5 GA SP1 was released on August 13, 2018
Before you download and install AppBase 6.5 SP1 and the latest patch, please make sure to read:
Download Release and Latest Patch
Special Notices
This Service Pack is focused on significantly improving AppBase security, improving AppBase performance and providing bug fixes.
AppBase passes penetration tests proven by two independent security vendor reports.* Penetration Reports are available upon request.
The Service Pack includes all features released with AppBase 6.5 GA including all patches.
Release notes for AppBase 6.5 GA are available at Release Notes 6.5 GA
The Special Notices are cumulative, applicable to AppBase 6.5 GA SP1 Release and later.
AppBase Core Changes
- Updated ActiveMQ to version 5.15.3
- Updated TomCat to version 8.0.51
- Updated JDK to version 8u172
- Improved handling of environments without DBA level database user available. DBAUser placeholder is now optional.
- Many-to-many relation cardinality support has been restored
AppBase Security Strengthening
- AppBase installation does not require service account to be part of Local Admin group
- Fixed Viewer.Web personal information disclosure issue
- Added ability to configure allowed security protocol type in AppBase
- Removed excessive database privileges from AppBase
- Improved integration services security by adding support to send security token through headers
- Significantly improved security of all AppBase API including: CMS Service, Administration Service, Designtime Configuration Service (more than 300 methods have been protected), Runtime Configuration Service, Domain Configuration Service
- Significantly improved security of resources stored in CMS and Resource repositories
- Improved AppBase cookies security
- Added solution scope concept to protect cross-solution APIs (users have to have proper "Solution Access" role) BREAKING
- Improved default "Html Sanitizer" output encoder security BREAKING
- Token expiration security feature no longer depends on other components
- AppBase API server-side length validation has been improved
- Documented recommendations for users how to configure operation system security
- Significantly improved security of system and public (anonymous) users BREAKING
- Some obsolete AppBase components have been disabled by default to improve security BREAKING
- Some outdated client-side libraries have been updated to improve security
- HTTPS services security have been improved
- Reduced amount of information exposed by some components
AppBase Quality
- Further improved AppBase quality with almost 1500 automatic tests running after each nightly build for both supported databases (ORACLE and MS SQL server) totaling almost 3000 tests combined
- Improved automated testing procedures to make them more close to how AppBase is used in user environments
AppBase Optimization
- Optimized some AppBase internal scheduled jobs to reduce database locks and improve performance
- Significantly improved AppBase Application Studio View management UI performance
- Improved token access and decreased number of calculations being made each time a token is accessed
- Reduced number of enable/disable trigger SQL statements generated during solution deployment preview for the first deployment
- Solution deployment and solution export has been optimized to decrease deployment time slightly and database load significantly (number of opened connections has been significantly decreased also)
- Number of opened connections during solution import, deployment, export has been decreased significantly
- Improved BDS requests handling performance to increase number of BDS requests AppBase can process
- Significantly improved performance of selected AppBase pulling services for ORACLE database: QUEUE_EVENT, CAPTURE_QUEUE, QUEUE_FTS, QUEUE_OCR, QUEUE_PRINT. All improved pulling functions has been ensured to use proper indexes and best execution plans to improve performance and decrease overall database server load by using queries that do not cause many I/O database operations
AppBase Auto Provisioning
- Manual environment creation mode support for create tenant Powershell command
- Ability to import solution from local files for create tenant Powershell command. It is now possible to create tenant, solutions and environments in manual mode using solution zip files using only the Powershell command. This allows to complete solution installation without working AppBase UI (which some times can be the case when dealing with some Load Balanced configuration waiting for IT team to respond etc)
AppBase Installation
- Improved installation scripts to handle more situations automatically
- Improved "Verify Installation" command to do more checks
- Ability to configure some AppBase cookie names
- Added install scripts commands to help users to configure security protocol types, ciphers, and TLS fallback
- Significantly decreased AppBase "Server-Install" execution time by reworking AppBase npm packages installation process
- Developed schema name changing tool for AppBase
- Installation scripts will enable Windows Authentication in IIS. NTML provider has been moved to the top.
- Implemented feature to automatically grant "Log on local" rights for Active Directory users used for AppBase Windows Services
AppBase Web Site
- Users are redirected to Ecx.Web automatically when opening url to the root web site
Solution Experience
- Deployment preview has been simplified by removing most of the legacy options BREAKING
- Changed deployment preview to be more verbose when the deployment will cause data loss
- Anonymous (public) pages experience has been improved by keeping existing session when trying to access a public page BREAKING
Solutions AppBase Integration Quality
- DCM solution has been added to nightly auto-tests cycle. DCM team working on developing tests for DCM
- LTR, KB, CAL solutions have been added to nightly auto-tests cycle
AppBase Localization
- Improved AppBase localization by supporting localization on more AppBase pages and localizing more AppBase messages
AppBase Management
- Improved characters support for usernames field on user create/modify pages to allow more characters
- Implemented Data Connection String validation when creating new environment. It is no longer possible to create environment with invalid connection string - the AppBase must be able to open the connection for the validation to pass BREAKING
Bug fixes
- Fixed issues with some pages throwing UI errors on System Setup, Environment Setup and My Workspace sections
- Fixed issue with SQL rule cache not working correctly
- Fixed errors on some pages caused by outdated unnecessary token validations which become deprecated after introducing new more secured cookie token mode
- Fixed bug with install scripts create registry command failing when schema name was in lower case
- Increased solution export timeout
- Fixed bug when Capture.WinService was not restarted via management service if capture service started before tenant was created
- Issue with importing localization data from solutions exported in older AppBase versions
- Fixed install scripts using hardcoded 1521 port for Oracle
- Fixed issue with OCR.WinService, Print.WinService, FTS.WinService services not reloading on some AppBase events (tenant created, solution deployed)
- Fixed some issues with system variables on deployment and partial import
- Fixed issues with upload tenant localization resources feature
- Fixed issue with the install scripts when all connection issues were considered as if the database did not exist generating errors later when the script tried to create the schema
- DbPatcher applying changesets fixes
- Issue when "Clone Workflow" was not working for Sql Server has been fixed
- Issue with "SAML configuration" management not working for Sql Server has been fixed
- Fixed modification of "System Template" failing with "405. Method Not Allowed" error
- Incorrect paging on solution deployment journal page after applying filter has been fixed
- Fixed Created/Last Deployed date on My Workspace home page
- Fixed issues with user's last login date column on some locales by adding new locale independed column
- Fixed garbage records created in CALENDAR_PARTICIPANT, COLLAB_FOLLOWER tables when user creation failed due to invalid password
- Fixed some issues with determining default startup application that opens after user logs into AppBase
- Improved error message verbosity when error occurs during opening connection to show actual error message instead of "Connection must be open"
- Improved error messages for some DAS errors to be more user friendly
- Forgot Password design issues fixed
- Improved installation scripts error messages by removing some false-positive errors
- Fixed some AppBase url parsing parameters issues
- Fixed Change Password page help text to show accurate password policy information
- Fixed issue when + character was lost after saving system variables
- Invalid Print.WinService configuration has been fixed
- Fixed issue when under some pretty complex circumstances it was possible to create a view for C# rule
- Fixed issue when extension dll files that were not selected during export appeared in the exported model
- SuppressErrorModule not working correctly under some circumstances has been fixed
- Rule Editor toolbar has been removed because it was not working properly
- Fixed issue when it was possible to edit/delete system and public user accounts
- Under some configurations IIS user was not given log on as service right
- Fixed error when exception was thrown when installing an older version of VC Redistributable packages during install pre-requisites command cause some other components to not to be installed
- Improved Security Service REST methods error messages
- Validation error on New Attribute Type page has been fixed
- Deployment journal UI fixes
- Some older Sql Server changesets have been fixed
- Installation-InitializeSubstitutions install scripts command has been fixed for Powershell version 3
- CONF_CLEAR failing to complete under some circumstances has been fixed
- Fixed some UI localization issues with user solutions
- Fixed New User page not showing accurate password policy information
- Report's permissions not saved properly has been fixed
- Reports with lookup parameters error has been fixed
- Many issues with concurrent deployment continuation feature has been identified and fixed
- Fixed issue when cache was not cleared after localization data was updated
- Removed outdated publish option on solution export
- Fixed bug when + characters were replaced with space character in Data Connection string when creating new environment via AppBase UI
- Fixed bug when ConfigJS returned 403 HTTP error when SSL terminated on Load Balancer
- Fixed issue with user phone extension number not being showing on user modify page
- Duplicate error messages on User/ Group Management pages have been removed
- Fixed title for "Active Directories" menu item not being renamed to "Auth Configurations" on some older ORACLE installations
- Some Query Builder issues with Sql Server version have been fixed
- Fixed issues with changing user type feature
- Uploader error message column markup has been fixed
- Environment resource menu item has been removed
- Uploader file size validation issues have been fixed
- Fixed popup pages opened in full screen after login into AppBase after user sessions was expired
- Fixed issue when user token was used for some of Audit events handling in place of a system token
- Audit unauthorized access search form missing "Object Type" filter drop down values have been added
- Removed some unused residue calls to AppLibrary on some AppBase pages which blocked the pages sometimes for significant time (20 sec) when the AppLibrary was unavailable
- Issue with views not being selected by tags during partial export has been fixed
- Fixed issues with Custom Properties grid on User and Group detail pages
Side notes
*Each security vendor may use different penetration tests and passing the tests of some vendors does not guarantee passing the tests of any security vendor. Also "passing" criteria may be defined differently by different vendors or customers
Release Documentation
AppBase 6.5 GA SP1 Documentation is available here.
Knowledge Base Articles created/updated with SP1 release
- KB2018020901 BDS JSON Output Encoder Configuration
- KB2018041300 Use the user's last login date to develop the solution
- KB2018041600 Enabling Single Sign-On In Internet Information Services Web Server
- KB2018042600 How to configure redirect so the system works without ecx.web
- KB2018042601 CMS Settings. Configure CMS folder's permissions, allowed extensions, file size. Register shared directory in CMS
- KB2018043000 Manually adding URL Reservation to host web containers for AppBase Windows UI Server service
- KB2018050400 How to Configure AppBase Email Capture Channel
- KB2018051100 AppBase Configure preferred Security Protocol Type(TLS 1.x, SSL x)
- KB2018052200 How to configure Server Security
- KB2018052201 How to create public page
- KB2018052300 How to change URL Host on existing AppBase installation
- KB2018052500 Security service "Login" and "Auth" methods
- KB2018052501 System placeholders
- KB2018060400 Troubleshooting steps for corrupted file ASF.Print.WinService.exe.config.sample for 6.5.32.10
- KB2018060500 Cases of safe disabling of BDS Output Encoder
- KB2018061400 Solution Access Role Feature
- KB2018061401 Using AppBase API to manage Solution Access Role
- KB2018062600 ActiveMQ for Windows Maintenance for AppBase version 5.6
- KB2018070300 Windows Service Operation Issues Troubleshooting
- KB2018071900 Change value of distribution channel security type (None, SSL, TLS)
- KB2018072000 Public noauth Page keep session feature
- KB2018072400 Configure AppBase FTS Service To Use New Solr Installation
- KB2018072700 Changes to QUEUE_EVENT Archiver Feature default configuration since GA
- KB2018072701 Sequential QUEUE_EVENT processing feature (GROUPID,USEADVQUEUE) has been removed
- KB2018072702 DOMAINID column is no longer taken into account when processing QUEUE_EVENT records
- KB2018080100 How move to the top NTLM provider for windows authentication
- KB2018080200 DOMAINID column is no longer taken into account when processing QUEUE_FTS records
- KB2018080300 DOMAINID column is no longer taken into account when processing QUEUE_OCR records
- KB2018080301 QUEUEID Primary Key constraint added to QUEUE_OCR for ORACLE
- KB2018080302 DOMAINID column is no longer taken into account when processing QUEUE_PRINT records
- KB2018081300 Replaced INST_XXX tables with views
- KB2018081400 C# rules development in Visual Studio
- KB2018081401 Improvement to clustered setup Capture Service default configuration
- KB2018081500 How to access Solution, Version or User resources with ApiHelper
- KB2018082000 Custom Shell GA SP1 Update Guide
Known Issues
N/A
Installation Instructions
Install a new AppBase 6.5 GA SP1 Installation Guide is available here.
Download Release and Latest Patch
Download this release and latest patches.
End Of Life Schedule
| Product | Major Release | Released | End Of Life Announcement (EOL) | Last Order | End Of Maintenance | End Of Support | Comments |
|---|---|---|---|---|---|---|---|
| AppBase | 6.5 GA | 03/31/2018 | 12/31/2018 | 12/31/2018 | 04/15/2019 | 04/15/2019 | |
| AppBase | 6.5 GA SP1 | 08/13/2018 | 12/31/2018 | 12/31/2018 | 04/15/2019 | 04/15/2019 |