Miscellaneous Notes and Bug Fixes for USoft 11.0.1
Patch installation
When installing this patch in the production environment:
- Web publications must be updated in order to get the fixes made in this patch.
- Flat files must be updated.
- Service Framework servers must be updated.
Bug fixes
The identification number in front of each item is a Jira Issue ID. This is a number that USoft uses internally.
An identification number(s) in parentheses at the end of an item (if any) is a Jira Support ID. This is a number that USoft Support uses to communicate with external reporters.
DATABASE CONNECTIVITY
USD-6222
When creapp was run against OleDb, tables containing one or more CLOB columns would always be (re)created, even if nothing was changed.
This has been fixed.
DEFINER
USD-5259
In the "Business Rules and other Formulations" window, on the "Implemented By" tab, if you pressed F12 on the "Name 1" field for an existing implementation referring to a Role, Window or Dialog, Page, Page Set, Menu Page, Menu Line, Control (C/S) or Control (browser), then the lookup window would initially not show the full list of parent values to choose from, only the record corresponding with the current foreign key value.
In this situation, if you used the lookup to select a different parent value (all implementation types), this newly chosen value would not be copied back to the foreign key field in the child record.
The grid control on the "Implemented By" tab did not have a foreign key field for Role.
These 3 problems have been solved.
USD-5346
JScript interpreted code has been replaced by JavaScript interpreted code. Correspondingly, JScript components are now named JavaScript components. If you have JScript components they may need to be rewritten to JavaScript code.
USD-5470
When connecting or synchronizing in Version Control, there was no progress indicator during the import of paintings.
This has been fixed.
USD-5576
For subtypes with Create Separate Table = No, usmeta.tables() would output the table name as the subtype's physical name.
This has been fixed. Now, usmeta.tables() outputs the supertype table as the subtype's physical name.
USD-5760
If a version-controlled repository was configured, when USoft Definer was started with read-only rights, an error would occur: "No or limited rights on job".
This has been fixed.
USD-5798
The web browser control used to display color-coded formulations did not display any contents if the info window was opened with an automatic query (as is the case when you open a window for a specific object from the catalog).
This has been fixed.
USD-5804
The web browser control used to display color-coded formulations did not always immediately react to navigating to an empty record line, pressing Insert Record, or pressing F2 for Define-Query.
This has been fixed.
USD-6113
In a version-controlled repository, paintings would sometimes result in a “diff” when pulled, because the order of the elements in the paintings file would be different. This has been changed: the ordering of the elements in the painting files is now fixed by making use of the seqno/position property.
Note: If you start using Version Control for the first time, a change in the order of objects can be noted if no explicit value was set for their Position property. This can easily be corrected by setting a specific value for Position.
USD-6115
In a version-controlled repository, as a result of Synchronize, errors could occur if changes consisted in one of the following:
- a painting class was renamed.
- a member was renamed.
- a member was deleted and then re-inserted as a different type.
This has been fixed.
USD-6295
If you validated a job by using the context menu for the job node in the Definer catalog (via right-mouse-click), an error would occur.
This has been fixed.
USD-6313
In Definer windows that allow references to implementations, for example the Constraints window, after edits on the Implements tab, the colour-coded display on the Formulations tab did not synchronise.
Now, this synchronisation is still not automatic, but it can be achieved by refreshing the record (in the example, by pressing F5 on the Constraints record).
USD-6326
Entry points from the Teamwork catalog to Business Rules items led to the USoft 10 rule window (showing deprecated rule attributes), not to the new USoft 11 rule window (showing a colour-coded version of the formulation).
This has been fixed.
Entry points from the Teamwork catalog to Business Process items still lead to the USoft 10 window because the Business Process object type is deprecated in USoft 11.
USD-6352
In the Relationships info window, the attributes on the "Relationship Details" tab have been moved to the top part of the window on the right-hand side.
USD-6354
If you export a Business Object (BO) via Object Shopping, the EAR diagram information is not transferred. This has 2 consequences.
-
Relationship lines between the table boxes will only appear in the diagram after import if the relationship was explicitly included in the BO's Data Content. The Add Data Content wizard will help you do that.
-
After import, the position of the table boxes on the diagram canvas will have been lost. You need to drag the boxes manually to the positions you want.
USD-6493
USMeta.Columns and USMeta.Domains could incorrectly report on certain Unicode data types.
This has been fixed. Also, the now obsolete 'UNICODE_TYPE' attribute has been dropped.
USD-6594
The Teamwork, Definition, Implementations menu option has been dropped.
USD-6614
In a version-controlled repository, if a control in a Windows or browser-based UI was renamed, the change was written to file correctly for the specific window or page, but not for any subclasses of the window or page.
This has been fixed.
USD-5851
The export-import bridge from USoft Studio to USoft Definer has been simplified.
Source is now transferred as-is. It is no longer misused to distinguish Studio items from non-Studio items in Definer.
Formulations with Requires Implementation = No are now also transferred.
A Last Imported timestamp is now generated on Import.
All progress flags (Defined, Approved, Built, Cross-checked, Tested, Documented, Deprecated, each with user and datetime stamp) are now transferred.
The Label of each formulation (formerly Classification, eg. 'Definition', 'Necessity') is now also transferred.
It is no longer possible to write custom XSL to influence the behaviour of the bridge.
LINUX PORT
USD-6123
Performance of the Rules Service when running on Linux in a docker container has been significantly improved (up to twice as fast) compared to 10.1.
USD-6269
Assembly references in C# components can now use environment variables by wrapping the variable in the percent (%) symbol:
%MYENVVAR%
USD-6482
CVE Detection in Docker Scout.
Impact:
"CVE-2021-24112 System.Drawing.Common" was identified by Docker Scout during an internal scan. Upon investigation, it was determined that this vulnerability does not have a direct impact on the security or functionality of the product in its current configuration. Specifically, the remote code execution vulnerability that exists when parsing certain types of graphics files would not apply to the product because the drawing components are internally disabled and could not be exploited.
Resolution:
Despite the CVE's low impact on our product, the underlying issue has been resolved by updating System.Drawing.Common and purging all the affected version from our image, ensuring compatibility with the latest versions of affected dependencies.
Security Impact:
This CVE does not pose a security risk to the product. The resolution is preventive, ensuring continued compliance with security best practices.
USD-6483
False Positive CVE Detection in Docker Scout.
Issue:
Docker Scout identified a vulnerabilities (CVE-2023-0286 and CVE-2023-50782) in one of the images during a security scan, which was later determined to be a false positive.
Details:
The CVE flagged was incorrectly associated with a package/version combination in a base image. After further analysis, it was concluded that the specific vulnerability did not apply in this context, as the affected package or configuration was not present in the container image. The fixes have been issued by Canonical Ubuntu. For further reference, follow these links:
https://ubuntu.com/security/CVE-2023-0286 https://ubuntu.com/security/CVE-2023-50782
Action Taken:
Docker Scout team has confirmed the issue, and additional measures have been implemented to refine vulnerability detection and reduce the likelihood of such false positives in future scans.
Recommendation:
If your environment flagged this CVE, we recommend reviewing the package details and confirming whether the vulnerability applies to your actual setup. Also, ensure your Docker Scout is updated to the latest version to avoid similar false positives.
USD-6484
False Positive CVE Detection in Docker Scout.
Issue:
Docker Scout identified a vulnerability (CVE-2022-29217) in one of the images during a security scan, which was later determined to be a false positive.
Details:
The CVE flagged was incorrectly associated with a package/version combination in a base image. After further analysis, it was concluded that the specific vulnerability did not apply in this context, as the affected package or configuration was not present in the container image. The fixes have been issued by Canonical Ubuntu. For further reference, follow this link:
https://ubuntu.com/security/CVE-2022-29217
Action Taken:
Docker Scout team has confirmed the issue, and additional measures have been implemented to refine vulnerability detection and reduce the likelihood of such false positives in future scans.
Recommendation:
If your environment flagged this CVE, we recommend reviewing the package details and confirming whether the vulnerability applies to your actual setup. Also, ensure your Docker Scout is updated to the latest version to avoid similar false positives.
USD-6485
False Positive CVE Detection in Docker Scout.
Issue:
Docker Scout identified a vulnerability (CVE-2024-38095) in one of the images during a security scan, which was later determined to be a false positive.
Details:
The CVE flagged was incorrectly associated with a package/version combination in a base image. After further analysis, it was concluded that the specific vulnerability did not apply in this context, as the affected package or configuration was not present in the container image. The fixes have been issued by Canonical Ubuntu. For further reference, follow this link:
https://ubuntu.com/security/CVE-2024-38095
Action Taken:
Docker Scout team has confirmed the issue, and additional measures have been implemented to refine vulnerability detection and reduce the likelihood of such false positives in future scans.
Recommendation:
If your environment flagged this CVE, we recommend reviewing the package details and confirming whether the vulnerability applies to your actual setup. Also, ensure your Docker Scout is updated to the latest version to avoid similar false positives.
USD-6486
Version 11.0.BETA2 contained a CVE (CVE-2024-47554) in module commons-io/commons-io.
This has been fixed.
USD-6487
False Positive CVE Detection in Docker Scout.
Issue:
Docker Scout identified a vulnerabilities (CVE-2024-43483 and CVE-2024-43484) in one of the images during a security scan, which was later determined to be a false positive.
Details:
The CVE flagged was incorrectly associated with a package/version combination in a base image. After further analysis, it was concluded that the specific vulnerability did not apply in this context, as the affected package or configuration was not present in the container image. The fixes have been issued by Canonical Ubuntu. For further reference, follow these links:
https://ubuntu.com/security/CVE-2024-43483 https://ubuntu.com/security/CVE-2024-43484
Action Taken:
Docker Scout team has confirmed the issue, and additional measures have been implemented to refine vulnerability detection and reduce the likelihood of such false positives in future scans.
Recommendation:
If your environment flagged this CVE, we recommend reviewing the package details and confirming whether the vulnerability applies to your actual setup. Also, ensure your Docker Scout is updated to the latest version to avoid similar false positives.
SERVICE FRAMEWORK
USD-6093 (US-1344, US-791, US-640)
In USoft Service Definer, if commented-out SQL code contained something that looked like a hostvar, e.g., /*:hostvar*/ then the commented hostvar was considered as an input parameter.
This has been fixed. Commented-out SQL code is now ignored.
WEB DESIGNER
USD-5925
You can now achieve instant validation of values supplied by a web page user in an input control by setting special Web Designer properties.
For example, you can validate that the value a user types in a text box contains alphabetic characters only, or does not exceed some maximum length.
Instant validation gives feedback by applying user-friendly colours, icons and positioning in the web page. In some cases, feedback is more immediate than when you define the validation rule(s) (only) at domain level in USoft Definer.
For details, see documentation on these Web Designer properties:
- Validation Rules
- Validation Moment
- Validation Feedback
USD-6610
As of version 11.0.1, the entire USoft web UI API has been rewritten and restyled. For a full account, read “Revised web UI API” in: “New Functionality and Enhancements in USoft 11.0” earlier in this document.
USD-5145 (US-944)
$.udb.wait() now returns a UdbPromise as a result. This way, it can be chained with any existing other $.udb function that returns a UdbPromise.
USD-5390
In USoft 10, there are additions to various common and global prototypes, including the Object prototype. These additions contain functions such as 'map' which could cause name clashes if other, third-party software also tried to make such changes to the same prototype.
You can now use a ‘.usoft’ prefix to access the USoft functions on the prototypes, eg., object.usoft.map() for object.map().
USD-6293
A new 'Theme Outline' button property has been added. It allows you to switch between the bootstrap classes btn-* and btn-outline-*. See also 'Theme Color' property.
WINDOWS DESIGNER
USD-6307
When inserting a control in a Window, a value for the Position property would be calculated and set to inherit from 'System'. After closing and re-opening the window, it could get another value because of its calculated-from-system nature. Under version control, this could also lead to unexpected positioning differences when connecting and reading in a repository.
This has been changed. Controls now get a calculated, local, fixed value for their Position property when they are being inserted.
USD-6343
Under version control, if a page or window was renamed, committed and pushed, a Synchronize operation started by other developers could lead to unique-key errors.
This has been fixed.