Administrations-Changelog

The driver provided via pax-jdbc-mssql is no longer delivered.

Please ensure that the MSSQL driver used has at least one of the following versions: 10.2.4, 11.2.4, 12.2.1, 12.6.5, 12.8.2, 12.10.2, 13.2.1

If an older driver is being used, it should be replaced. Remove the old driver by deleting it from the deploy directory or by uninstalling pax-jdbc-mssql or the driver itself. Then install a current driver (without the pax-jdbc-mssql feature). See also: Databases

If the configured identity provider is not reachable, it is no longer incorrectly logged that the local Karaf identity provider has been selected as a fallback. Instead, it is indicated that this could be enabled as a fallback.

Ein Fehler wurde behoben, dass der Endpunkt GET /cxf/bpc-core/im/organisations nicht mehr KeyCloak-Gruppen listet, die als Untergruppen definiert sind. Grund war eine Änderung im Verhalten von KeyCloak ab Version > 26.

In the central configuration file (bpc.env.sh), an error in the commented-out option DE_VIRTIMO_BPC_DECANTER_APPENDER_OPENSEARCH_DELETEENTRIESOLDERTHAN was fixed. Previously, activation did not work because the value must be enclosed in quotation marks. The Windows variant was not affected.

With this update, the Karaf version is upgraded to 4.4.8. It is necessary to update the modules bpc-be-core, bpc-be-analysis, bpc-be-forms, and bpc-be-monitor.

For BPC module developers

With the updated Karaf, we are delivering CXF 3.6.8 instead of 3.6.7, which provides Jackson in version 2.19.2.

Please update the CXF version (3.6.8) and Jackson version (2.19.2) in your pom.xml. Check whether you have an Import-Package statement for this version. This must be added or adjusted if you use Jackson features such as the ObjectMapper class.

Http calls via an Http-Proxy or Flow connection filter out the BPC Api-Key header (X-APIKey). Attention: This could affect existing BPC configurations, for example if an INUBIT process is triggered that in turn makes calls to the BPC API using the provided API key. (In this case, it would be better to store a fixed BPC API key in the INUBIT process.)

For boolean values in the settings tables, a combo box is no longer displayed; instead, only the checkbox with the truth value is shown. The value can be changed by clicking, pressing the space bar, or pressing Enter.

Http calls via an Http-Proxy or Flow connection filter out the BPC Api-Key header (X-APIKey). Attention: This could affect existing BPC configurations, for example if an INUBIT process is triggered that in turn makes calls to the BPC API using the provided API key. (In this case, it would be better to store a fixed BPC API key in the INUBIT process.)

For new backend connections of the type HTTP-Proxy and Flow, the option Filter BPC Session is enabled by default.

It could happen that replication got stuck in a certain time window if this window bordered on the present and no records were found.

For existing Karaf installations, add the following value to KARAF/etc/custom.properties:

The option for grouping settings is now initially enabled. It is recommended to use this view, as the settings are displayed together in a common context.

For the process status change, it is now possible to configure the preselection of a value. The preselection is controlled via the configuration preselectState in the setting function_changeStateConfig.

"preselectState": "_first": Always selects the first available value from the dropdown. "preselectState": "<search value>": Selects the first entry that contains the specified text (case-sensitive). Both raw values and display names (from Custom Renderer) can be used.

If exactly one process is loaded and there are exactly two values to choose from, the status field automatically selects the status that does not correspond to the current status.

Example configuration

If the BPC is operated in a cluster, it was sometimes not possible to deactivate maintenance mode via the GUI.

The logging configuration has been changed so that session tokens are masked. For new installations of Karaf, this happens automatically. For existing installations, please adjust the configuration file [KARAF]/etc/org.ops4j.pax.logging.cfg. Replace the old line

with the following lines

Since with Keycloak and OIDC the session tokens are UUIDs that are also used elsewhere, we log the first and last four characters here.

If binary files were loaded via INUBIT or another backend system, it could happen that the files were corrupted when downloading or viewing them.

Dashboard widgets now only display the configuration icon if the user is allowed to edit the dashboard. For this, they need the bpcDashboard_editDashboard permission. Users without this permission can no longer edit dashboard widgets. If editing options (e.g., for custom widgets) should still be offered, the corresponding permission must either be granted or the configuration must be provided through alternative means (e.g., via the widget header).

In the setting moduleHeaderContent, the parameter showSelectionCounter in the metablock can be used to control whether the number of selected records is displayed.

See also Monitor-Schnellfunktionen

Dashboard widgets now only display the configuration icon if the user is allowed to edit the dashboard. For this, they need the bpcDashboard_editDashboard permission. Users without this permission can no longer edit dashboard widgets. If editing options (e.g., for custom widgets) should still be offered, the corresponding permission must either be granted or the configuration must be provided through alternative means (e.g., via the widget header).

The start script no longer waits 30 seconds after starting OpenSearch and Karaf. If problems occur where OpenSearch is not available in time, the Watchdog should be used.

The start script no longer makes any changes to the environment. Directories must be configured according to the installation instructions, and JAVA_HOME must also be configured correctly.

The ProzessStarter configuration for windowWidth and windowHeight now correctly affects the window.

The selection of an operator for "number" filters has been restricted to the operator list. The default operator is defined as "=" and, additionally, the default operator can be changed in the filter configuration within the column configuration. See also Konfiguration der Monitor-Spalten

The right bpcMonitor_editMonitorViews can be set for specific instances to create and modify views in certain monitors by appending the module ID at the end.

See OpenSearch Indizes-Ansicht

There is now a description of the internal model_version of the BPC at Versionierung der internen BPC Konfiguration. It also explains that this can have an impact on a Downgrade of the BPC and on Deployment between different BPCs.

The changelog now indicates when there is an update to the internal configuration.

Additionally, an overview of all versions in which a change to the model_version took place is now displayed in Administrations-Changelog. In this context, an overview of versions with Karaf and OpenSearch updates has also been added.

See MinIO als S3 Backup für OpenSearch

In Installation, the installation via bundle file is now described. The included start and stop scripts are now described.

Notes added that usually only read permissions are necessary for database connections.

See Backend Connections, Sicherheit and Documents.

Instructions for downgrading the BPC taking technical specifics into account. See: * Versionierung der internen BPC Konfiguration * Troubleshooting * Downgrade Guide

Update OpenSearch according to the update guide

Monitors that have an externalReference field with an IGUASU reference can display a link that allows you to jump to the data source in IGUASU. For this, the renderer flow!_!flowRenderer must be set in the monitor column configuration.

See also: BPC → IGUASU

Scripts are provided that allow BPC or Karaf and OpenSearch to be started and stopped.

See Download - Virtimo Fileserver

The user session can be supplemented with customData, which comes from the Additional Info endpoint of the Identity Provider Backend Connection.

See also User Session um zusätzliche Organisationen/Rollen/Rechte und weitere Daten ergänzen

In the OpenSearch log, there are many logs such as "QueryGroup _id can’t be null, It should be set before accessing it." This is a known bug in OpenSearch that was introduced with version 2.18.0. We have reduced the output as much as we could from our side.

Note: If users already have existing installations of the default instance (BPC Default Reports) in the Analysis Module, it is recommended to set the chart background color to full transparency (RGBA alpha value: 0) under Chart Configuration → Settings → Background Color. This improves visualization when used with the Dark Theme.

Snapshots whose names do not conform to the current naming scheme have blocked the execution of the backups.

If the HTTP proxy used an HTTP/2 connection, the pseudo-header ":status" was forwarded to the client. This leads to an error if interpreted strictly. For example, in this case, nginx reported a 502 Bad Gateway error to the client.

If a deployment was carried out from a BPC with existing monitor views to a BPC that did not yet have any views, an error occurred.

This error has been fixed.

A bug was fixed that prevented instance-specific HTML content editing rights from being granted via the role htmlcontent_editor_<MODULE-ID>.

Update OpenSearch according to the update guide

For the hardening of the TLS settings, properties were set in custom.java.security.

If you are not yet using a custom.java.security file via Zentrale Konfigurationsdatei, you should do so.

Existing custom.java.security files should be supplemented with the following entry:

The bpc.env files now also set the security.properties for OpenSearch from the custom.java.security file. As a result, changes in the file affect both Karaf and OpenSearch.

When using a bpc.env, it is recommended to update it. If not already present, the file custom.java.security should be added. The following must be added for this purpose.

See also Zentrale Konfigurationsdatei

With the BPC license, settings can now be protected from modification. This will primarily be used in our cloud installations (K8s). For example, we use the core setting 'backupRepository' to define the configuration of OpenSearch backups in an Amazon S3 bucket, and this should not be changeable via the BPC frontend.

To achieve this, the XML can be extended with the list element NON_WRITEABLE_SETTINGS containing the IDs of the non-editable settings when creating the license.

Excerpt from a sample license:

The settings (example: _core_noinstance_backupRepository) are the same as those used in the OpenSearch index 'bpc-configuration'.

The structure is as follows: <ModuleId>_<InstanceId>_<SettingName>

If it is a setting of a module and not of an instance/component, then the value noinstance is to be used for <InstanceId>. You can find the <SettingName> by displaying the "ID" column in the settings grid in the BPC frontend.

Example: _core_noinstance_backupRepository

We have reduced the number of shards in the Core_IndexTemplates setting to 1. This is also the default setting that Elasticsearch/OpenSearch has been using for new indexes for a few years. This only affects newly created indices. Indices that have already been created are not affected.

By optimizing access to the OpenSearch Backup API, fewer accesses to the data storage are performed. This reduces the corresponding costs, for example, when using Amazon S3.

When saving JSON settings, attributes within objects were automatically sorted. This behavior has been disabled. This makes it possible to arrange the order according to your own criteria.

The bpc.env files now also set the security.properties for OpenSearch from the custom.java.security file. As a result, changes in the file affect both Karaf and OpenSearch.

When using a bpc.env, it is recommended to update it. If not already present, the file custom.java.security should be added. The following must be added for this purpose.

See also Zentrale Konfigurationsdatei

The file name of the license can now also be license.xml.virtimo. Previously, it had to be license.xml.bpc. This makes it possible to use a license that is also a valid INUBIT license file at the same time.

The loading of the BPC configuration in the client is accelerated by the change.

For the hardening of the TLS settings, properties were set in custom.java.security.

If you are not yet using a custom.java.security file via Zentrale Konfigurationsdatei, you should do so.

Existing custom.java.security files should be supplemented with the following entry:

The placeholder #user.loginName# is now correctly replaced in the Data_Filter when the dynamic filter # is used.

If the client sends multiple session cookies because several BPCs may be installed on the server, the appropriate session cookie is now taken into account.

In cases with frequent changes to the data, errors could occur in the monitor when displaying detail views. As a result, the entire rendering of the application was disrupted and the page had to be manually reloaded.

Uploaded files are no longer kept entirely in memory. This reduces memory usage and prevents "OutOfMemoryException".

We used CXF version 3.5.4 in our previous Karaf releases. This CXF version provides Jackson in version 2.14.3. Now we ship Karaf with CXF 3.6.5, which provides Jackson in the version 2.17.2.

Please update the CXF version (3.6.5) in your pom.xml. And more important is to update also the used Jackson version (2.17.2). For this check if you have an Import-Package statement for it. This must be added or adjusted when you use Jackson functionality like the ObjectMapper class.

Replace

with

Update OpenSearch according to the update guide

The log level for the BPC plugin in OpenSearch has been reduced from trace to info. This setting can be found in the file opensearch/config/log4j2.properties.

In the bundle info, which can be accessed via the Karaf console, the time of the last change to the underlying source code is now displayed instead of the build time.

Update OpenSearch according to the update guide

From IGUASU version 3.0.6, it is possible to jump directly from the BPC Flow Processor overview to the IGUASU processor. “Frontend URL” and “System ID” are now available in the Flow Manager. “URL” has been renamed to “Service URL.” Username and password are no longer required. Long descriptions of the processors are displayed in a shortened form, with the full text shown in the tooltip.

If the available disk space falls below defined thresholds, shards are redistributed to other nodes. It can also happen that indices are set to read-only to prevent the disk from filling up.

The value of cluster.routing.allocation.disk.threshold_enabled is now true. This corresponds to the OpenSearch default value.

Fields that contain nested JSON objects receive "formatter": "jsonStringify" in the initial column configuration. This converts the contents into text and displays them in the monitor.

A bug was fixed that caused individual replication jobs not to be correctly distributed across all available nodes when changes were made to the nodes in the BPC cluster.

Although the OpenSearch connection was configured with http, an attempt was made to establish the TLS context based on the configuration. However, if this configuration was incorrect, an error occurred.

The configuration is now ignored, as it is not relevant for http connections.

Nevertheless, it is recommended to use secure connections at this point.

There were various problems when the time zone of the "last update column" in the database table is set to UTC: - The tail sync did not always delete all records. - Instead, it updated all records on each run. - The interaction with replication also became confused.

The documentation for configuring secure network connections has been revised.

See in particular Sichere Verbindung (TLS/HTTPS)

Update OpenSearch according to the update guide

A dark theme is available for the BPC. It can be downloaded from the download page.

To switch between installed themes, you can use, for example, the plugin Theme Switcher.

When impersonating other users, the language can no longer be changed in the Keycloak profile of the impersonated user. For this to work, Keycloak must be correctly configured so that impersonator information is passed along via an active scope.

The configuration grid_showHeader is obsolete as it causes errors. The behavior of the header has been controlled for quite a while using the parameter moduleHeader_enabled.

Karaf access via SSH is described in more detail and useful notes have been added.

The following documentation pages have been changed.

Update OpenSearch according to the update guide

While loading the BPC, the version number of the Core Common Package (Fe-Core) is determined and stored in the local storage. If this version number differs from the one stored during the previous load, the local storage is cleared.

It is now possible to specify references to external resources when writing audit information. For example, it is possible to refer to the IGUASU instance that created the entry.

See System Monitoring (Metriken für Prometheus)

For the HTML Content module, instance-specific roles can now be assigned for editing: htmlcontent_editor_<MODUL_ID> See also: HTML Content Modul (Benutzerdefinierte Inhalte)

JSESSIONID cookie has been deactivated

Update OpenSearch according to the update guide

If an IP pinning error occurs, you can now log in normally in the browser after reloading the page. The error will not be displayed again (unless the IP changes again).

In current Karaf versions, Karaf-specific environment variables for setting JVM memory have been removed and must be replaced with an alternative.

Linux

Please replace in bpc.env.sh

with

and adopt the values accordingly.

Windows

Please replace in bpc.env.cmd

with

and adopt the values accordingly.

See also Zentrale Konfigurationsdatei and Karaf

In current Karaf versions, Karaf-specific environment variables for setting JVM memory have been removed and must be replaced with an alternative.

Linux

Please replace in bpc.env.sh

with

and adopt the values accordingly.

Windows

Please replace in bpc.env.cmd

with

and adopt the values accordingly.

See also Zentrale Konfigurationsdatei and Karaf

Data binding within forms has been revised. The combination of several data bindings now requires an operator such as +. Further information: Attribute von Formular-Komponenten binden

Update OpenSearch according to the update guide

Data binding within forms has been revised. The combination of several data bindings now requires an operator such as +. Further information: Attribute von Formular-Komponenten binden

Update OpenSearch according to the update guide

The additional component of Karaf called 'Decanter' is used to write the Karaf logs to the OpenSearch index 'bpc-logs'. With a new installation of Karaf, this component is already pre-installed and nothing needs to be done. If an existing Karaf installation cannot or should not be replaced, it can also be installed using the Karaf console (Internet connection required).

Due to this change, the use of Java 17 is now mandatory and support for Java 11 has ended.

Karaf must be updated with this update.

The additional component of Karaf called 'Decanter' is used to write the Karaf logs to the OpenSearch index 'bpc-logs'. With a new installation of Karaf, this component is already pre-installed and nothing needs to be done. If an existing Karaf installation cannot or should not be replaced, it can also be installed using the Karaf console (Internet connection required).

New status endpoint for querying the role of individual nodes in cluster operation. This endpoint can now be used to check whether a node has the "master" role or not. See also BPC API /cxf/bpc-core/status/clustermaster

Due to this change, the use of Java 17 is now mandatory and support for Java 11 has ended.

Karaf must be updated with this update.

An update of the OpenSearch plugin (os-bpc-plugin) is necessary.

An update of the OpenSearch plugin (os-bpc-plugin) is necessary.

For existing installations, the file bpc-be-dashboard.jar can be removed without replacement and deleted from the KARAF/deploy directory. The dashboard module now consists only of the file bpc-fe-dashboard.war.

Update OpenSearch according to the update guide.

If the environment variable KARAF_PAX_JDBC_FEATURES_TO_INSTALL is used in the central configuration file bpc.env.sh, ensure that the new module PAX JDBC Feature Installer is installed.

If backend module developers use the OpenSearch REST High Level Client, packages will most likely need to be adjusted, as OpenSearch has moved some classes here.

Update OpenSearch according to the update guide.

If the environment variable KARAF_PAX_JDBC_FEATURES_TO_INSTALL is used in the central configuration file bpc.env.sh, ensure that the new module PAX JDBC Feature Installer is installed.

If backend module developers use the OpenSearch REST High Level Client, packages will most likely need to be adjusted, as OpenSearch has moved some classes here.

Update OpenSearch according to the update guide.

If the environment variable KARAF_PAX_JDBC_FEATURES_TO_INSTALL is used in the central configuration file bpc.env.sh, ensure that the new module PAX JDBC Feature Installer is installed.

If backend module developers use the OpenSearch REST High Level Client, packages will most likely need to be adjusted, as OpenSearch has moved some classes here.

Karaf must be updated with this update.

Logging into the Karaf console via SSH is no longer allowed by default for users from the users.properties. To allow users to log in via SSH, add the ssh role to individual users in the KARAF/etc/users.properties file or add the role to the admingroup.

Entries in the file KARAF/etc/keys.properties that you do not use for login with a public/private key can be removed.

Entries in the file KARAF/etc/keys.properties that you do not use for login with a public/private key can be removed.

Karaf must be updated with this update.

Logging into the Karaf console via SSH is no longer allowed by default for users from the users.properties. To allow users to log in via SSH, add the ssh role to individual users in the KARAF/etc/users.properties file or add the role to the admingroup.

If set, remove the following no longer needed os-bpc-plugin specific settings from conf/opensearch.yml.

If this is not done, OpenSearch will not start and will display the error "please check that any required plugins are installed, or check the breaking changes documentation for removed settings".

Only relevant for module developers When using the BPC JsonEditor (xtype bpcJsonField or bpcCodeEditorWindow.json), the optional JSON schema is now passed via schema and no longer via jsonSchema.

The content of the Monitor jump column was previously trimmed (removal of spaces at the beginning and end) when filtering in the target monitor. This is no longer done, so that you can specifically filter for values with spaces at the beginning or end.
If you use values with additional spaces in your Monitor jump column (e.g. also in connection with the separator) that do not match the target values in the target monitor, these may need to be removed.

Only relevant for module developers When using the BPC JsonEditor (xtype bpcJsonField or bpcCodeEditorWindow.json), the optional JSON schema is now passed via schema and no longer via jsonSchema.

If set, remove the following no longer needed os-bpc-plugin specific settings from conf/opensearch.yml.

If this is not done, OpenSearch will not start and will display the error "please check that any required plugins are installed, or check the breaking changes documentation for removed settings".

The content of the Monitor jump column was previously trimmed (removal of spaces at the beginning and end) when filtering in the target monitor. This is no longer done, so that you can specifically filter for values with spaces at the beginning or end.
If you use values with additional spaces in your Monitor jump column (e.g. also in connection with the separator) that do not match the target values in the target monitor, these may need to be removed.

An update of OpenSearch or the os-bpc-plugin is required.

An update of OpenSearch or the os-bpc-plugin is required.

The name of the common function "getInstanceUrl" (introduced with BPC 4.1.0) is being replaced by "getModuleUrl".

Update OpenSearch according to the update guide

The name of the common function "getInstanceUrl" (introduced with BPC 4.1.0) is being replaced by "getModuleUrl".

Update OpenSearch according to the update guide

To avoid scripting attacks, renderers can now no longer be defined as JavaScript in text form on the columns. Custom renderer functions can be referenced as described here. Formatting functions from Ext.util.Format can be used by specifying the formatter. See: column_configuration.

An update of the Karaf is mandatory for this BPC update.

Customer themes and custom BPC modules must be adapted so that the Web-ContextPath and Webapp-Context in the manifest file must begin with a /. To achieve this usually the file build.gradle can be adapted. An example can be seen https://bitbucket.org/virtimo/bpc-theme-template/commits/469a13171aa82655b6f0475b38a561d2ebceee52 [https://bitbucket.org/virtimo/bpc-theme-template/commits/469a13171aa82655b6f0475b38a561d2ebceee52][here].

In the configuration file [karaf]/etc/org.ops4j.pax.web.cfg parameters have been renamed:

We had to move some interfaces/classes from the de.virtimo.bpc.core to the de.virtimo.bpc.api package.

If you compile your code for 4.0.8 or 4.1 and get errors, then please adjust the Java imports. In most cases you just have to replace .core. by .api.. Otherwise delete the import and let the IDE find it for you.

And please be sure that you do not have <Import-Package> statements in your pom.xml to the following packages:

In case you used BPC Core utils classes.

Please adjust your Java import statements

And your pom.xml (<Import-Package>)

In case you used

de.virtimo.bpc.core.utils.BpcTrustStoreUtil.setTo(…​)

then please replace it with

de.virtimo.bpc.util.BpcTrustStore.getInstance().setTo(…​)

For BPC developers Plugins are passed a context when called. Two attributes in the context object have been renamed. moduleId became baseModuleId and instanceId became moduleId.

Relevant for BPC Module Developers / Important for BPC Developers.

This is only necessary, when you use one of the following annotations in your backend modules/bundles:

If this is the case, then please update your resources/OSGI-INF/blueprint/context.xml

and replace

 <bean id="bpcJAXRSInvoker" class="en.virtimo.bpc.jaxrs.BpcJAXRSInvoker"/>

with

 <bean id="bpcJAXRSInvoker" class="en.virtimo.bpc.jaxrs.BpcJAXRSInvoker" init-method="onStartup" destroy-method="onShutdown">     <argument ref="blueprintBundleContext"/>  </bean>

JAAS Karaf Passwords

For the passwords in the [karaf]/etc/users.properties a stronger encryption is used by default from this Karaf version on.

If these passwords cannot be adjusted, then make the following adjustments to the [karaf]/etc/org.apache.karaf.jaas.cfg configuration file. This will revert to using the previous (weak) encryption.

 encryption.name = basic  encryption.algorithm = SHA-512

JAAS JDBC passwords

The Virtimo JAAS JDBC implementation now uses the password encryption settings of the file: [karaf]/etc/org.apache.karaf.jaas.cfg These do not match the previously used password encryption.

So if JAAS JDBC was already used and the existing (weak) hashes should be used further, please create the following file: [karaf]/etc/de.virtimo.bpc.core.auth.jaas.jdbc.cfg

The following content sets the previous (weak) configuration:

To use a more secure hash algorithm like argon2, all user passwords must be recreated and thus reset.

A Content Security Policy(CSP) is set via HTTP header. This can affect custom modules, INUBIT WebApps or integrated third-party applications. To customize the CSP see Content Security Policy.

We used CXF version 3.5.4 in our previous Karaf releases. This CXF version provides Jackson in version 2.13.4. Now we ship Karaf with CXF 3.5.5, which provides Jackson in the version 2.14.1.

Please update the CXF version (3.5.4 → 3.5.5) in your pom.xml. And more important is to update also the used Jackson version. For this check if you have an Import-Package statement for it. This must be added or adjusted when you use Jackson functionality like the ObjectMapper class.

Replace

with

Dashboard setting Dashboard_Responsive(ID: module_isResponsive) and Dashboard_Layout(ID: layout_config) are omitted. Dashboards are now "responsive" by default and take advantage of the available space in their column. Widget can now be adjusted in height and width by the user. These changes are kept in the browser, but can also be saved to the dashboard by authorized users. Resetting local change is no longer possible on the widget, but is offered via a button in one of the toolbars. For the button to appear, the value "resetUserState" must be added to one of the settings ModuleHeader_Content, Toolbar_LeftContent or Toolbar_RightContent.

See also Dashboard-Schnellfunktionen

Replication status information is no longer displayed on the monitor. This status information will be added via plugin in a future release.

In case you used

de.virtimo.bpc.core.utils.ServiceUtil.unregisterService(bundleContext, ServiceRegistration, Class);

then please use

de.virtimo.bpc.api.BpcService.unregister(bundleContext, ServiceRegistration, Class);

instead.

For BPC module developers

There was an undocumented function that reacted globally, on all components with the attribute targetModule, to the event click. This passed the value of targetModule to the BpcCommon.Api.showModule method, triggering navigation to that module. This function has now been removed. If you have used the attribute targetModule, e.g. on buttons, for navigation, you have to set this up by a separate handler that only affects your components.

A big request, when updating Karaf do not simply copy all etc files from the old installation to the new one. This may result in new Karaf options not being set and in the worst case the Karaf will not start.

And if somehow possible, do not change any [karaf]/etc files manually and instead make the adjustments via bpc.env.sh (Linux/macOS) or bpc.env.cmd (Windows). This makes Karaf updates much easier and can be used in BPC versions >= 3.4. See Zentrale Konfigurationsdatei.

Per override values of etc files most customizations can be done without editing an etc file.

For example, if the path to the keystore and truststore files should be set differently: The definition of the paths are in the configuration file [karaf]/etc/org.ops4j.pax.web.cfg in the options org.ops4j.pax.web.ssl.keystore and org.ops4j.pax.web.ssl.truststore.

Now to set the paths of the two options differently, two environment variables can be added in the bpc.env.sh:

 export ORG_OPS4J_PAX_WEB_ORG_OPS4J_PAX_WEB_SSL_KEYSTORE=/opt/bpc.env/ssl/virtimo_keystore.jks  export ORG_OPS4J_PAX_WEB_ORG_OPS4J_PAX_WEB_SSL_TRUSTSTORE=/opt/bpc.env/ssl/virtimo_truststore.jks

Another example how to set the option en.virtimo.bpc.core.cfg in the [karaf]/etc/de.virtimo.bpc.core.maintenancemode.fileSystemLimitInMB:

 export DE_VIRTIMO_BPC_CORE_DE_VIRTIMO_BPC_CORE_MAINTENANCEMODE_FILESYSTEMLIMITINMB=4096

One limitation will be fixed with the next Karaf update. The deploy directory ([karaf]/deploy) cannot currently be set by environment variable due to a "bug". This affects the felix.fileinstall.dir option in the [karaf]/etc/org.apache.felix.fileinstall-deploy.cfg configuration file.

Three files should be copied or replaced with symbolic links depending on how they are used:

Of course, this is only necessary if they have been customized at all. The options in the two cfg files could also be set via environment variables, but then some environment variables would have to be set.

An update of the Karaf is strongly recommended for security reasons.

Monitor views created with a BPC version < 2.1.6 are no longer supported. To preserve these views, they must be opened and saved once in the "Manage Views" dialog. This process will save the views in the correct format.

A big request, when updating Karaf do not simply copy all etc files from the old installation to the new one. This may result in new Karaf options not being set and in the worst case the Karaf will not start.

And if somehow possible, do not change any [karaf]/etc files manually and instead make the adjustments via bpc.env.sh (Linux/macOS) or bpc.env.cmd (Windows). This makes Karaf updates much easier and can be used in BPC versions >= 3.4. See Zentrale Konfigurationsdatei.

Per override values of etc files most customizations can be done without editing an etc file.

For example, if the path to the keystore and truststore files should be set differently: The definition of the paths are in the configuration file [karaf]/etc/org.ops4j.pax.web.cfg in the options org.ops4j.pax.web.ssl.keystore and org.ops4j.pax.web.ssl.truststore.

Now to set the paths of the two options differently, two environment variables can be added in the bpc.env.sh:

 export ORG_OPS4J_PAX_WEB_ORG_OPS4J_PAX_WEB_SSL_KEYSTORE=/opt/bpc.env/ssl/virtimo_keystore.jks  export ORG_OPS4J_PAX_WEB_ORG_OPS4J_PAX_WEB_SSL_TRUSTSTORE=/opt/bpc.env/ssl/virtimo_truststore.jks

Another example how to set the option en.virtimo.bpc.core.cfg in the [karaf]/etc/de.virtimo.bpc.core.maintenancemode.fileSystemLimitInMB:

 export DE_VIRTIMO_BPC_CORE_DE_VIRTIMO_BPC_CORE_MAINTENANCEMODE_FILESYSTEMLIMITINMB=4096

One limitation will be fixed with the next Karaf update. The deploy directory ([karaf]/deploy) cannot currently be set by environment variable due to a "bug". This affects the felix.fileinstall.dir option in the [karaf]/etc/org.apache.felix.fileinstall-deploy.cfg configuration file.

Three files should be copied or replaced with symbolic links depending on how they are used:

Of course, this is only necessary if they have been customized at all. The options in the two cfg files could also be set via environment variables, but then some environment variables would have to be set.

We had to move some interfaces/classes from the de.virtimo.bpc.core to the de.virtimo.bpc.api package.

If you compile your code for 4.0.8 or 4.1 and get errors, then please adjust the Java imports. In most cases you just have to replace .core. by .api.. Otherwise delete the import and let the IDE find it for you.

And please be sure that you do not have <Import-Package> statements in your pom.xml to the following packages:

In case you used BPC Core utils classes.

Please adjust your Java import statements

And your pom.xml (<Import-Package>)

In case you used

de.virtimo.bpc.core.utils.BpcTrustStoreUtil.setTo(…​)

then please replace it with

de.virtimo.bpc.util.BpcTrustStore.getInstance().setTo(…​)

For BPC developers Plugins are passed a context when called. Two attributes in the context object have been renamed. moduleId became baseModuleId and instanceId became moduleId.

Dashboard setting Dashboard_Responsive(ID: module_isResponsive) and Dashboard_Layout(ID: layout_config) are omitted. Dashboards are now "responsive" by default and take advantage of the available space in their column. Widget can now be adjusted in height and width by the user. These changes are kept in the browser, but can also be saved to the dashboard by authorized users. Resetting local change is no longer possible on the widget, but is offered via a button in one of the toolbars. For the button to appear, the value "resetUserState" must be added to one of the settings ModuleHeader_Content, Toolbar_LeftContent or Toolbar_RightContent.

See also Dashboard-Schnellfunktionen

Replication status information is no longer displayed on the monitor. This status information will be added via plugin in a future release.

In case you used

de.virtimo.bpc.core.utils.ServiceUtil.unregisterService(bundleContext, ServiceRegistration, Class);

then please use

de.virtimo.bpc.api.BpcService.unregister(bundleContext, ServiceRegistration, Class);

instead.

To avoid scripting attacks, renderers can now no longer be defined as JavaScript in text form on the columns. Custom renderer functions can be referenced as described here. Formatting functions from Ext.util.Format can be used by specifying the formatter. See: column_configuration.

JAAS Karaf Passwords

For the passwords in the [karaf]/etc/users.properties a stronger encryption is used by default from this Karaf version on.

If these passwords cannot be adjusted, then make the following adjustments to the [karaf]/etc/org.apache.karaf.jaas.cfg configuration file. This will revert to using the previous (weak) encryption.

 encryption.name = basic  encryption.algorithm = SHA-512

JAAS JDBC passwords

The Virtimo JAAS JDBC implementation now uses the password encryption settings of the file: [karaf]/etc/org.apache.karaf.jaas.cfg These do not match the previously used password encryption.

So if JAAS JDBC was already used and the existing (weak) hashes should be used further, please create the following file: [karaf]/etc/de.virtimo.bpc.core.auth.jaas.jdbc.cfg

The following content sets the previous (weak) configuration:

To use a more secure hash algorithm like argon2, all user passwords must be recreated and thus reset.

A Content Security Policy(CSP) is set via HTTP header. This can affect custom modules, INUBIT WebApps or integrated third-party applications. To customize the CSP see Content Security Policy.

For BPC module developers

There was an undocumented function that reacted globally, on all components with the attribute targetModule, to the event click. This passed the value of targetModule to the BpcCommon.Api.showModule method, triggering navigation to that module. This function has now been removed. If you have used the attribute targetModule, e.g. on buttons, for navigation, you have to set this up by a separate handler that only affects your components.

An update of the Karaf is mandatory for this BPC update.

Customer themes and custom BPC modules must be adapted so that the Web-ContextPath and Webapp-Context in the manifest file must begin with a /. To achieve this usually the file build.gradle can be adapted. An example can be seen https://bitbucket.org/virtimo/bpc-theme-template/commits/469a13171aa82655b6f0475b38a561d2ebceee52 [https://bitbucket.org/virtimo/bpc-theme-template/commits/469a13171aa82655b6f0475b38a561d2ebceee52][here].

In the configuration file [karaf]/etc/org.ops4j.pax.web.cfg parameters have been renamed:

An update of the Karaf is strongly recommended for security reasons.

We used CXF version 3.5.4 in our previous Karaf releases. This CXF version provides Jackson in version 2.13.4. Now we ship Karaf with CXF 3.5.5, which provides Jackson in the version 2.14.1.

Please update the CXF version (3.5.4 → 3.5.5) in your pom.xml. And more important is to update also the used Jackson version. For this check if you have an Import-Package statement for it. This must be added or adjusted when you use Jackson functionality like the ObjectMapper class.

Replace

with

Relevant for BPC Module Developers / Important for BPC Developers.

This is only necessary, when you use one of the following annotations in your backend modules/bundles:

If this is the case, then please update your resources/OSGI-INF/blueprint/context.xml

and replace

 <bean id="bpcJAXRSInvoker" class="en.virtimo.bpc.jaxrs.BpcJAXRSInvoker"/>

with

 <bean id="bpcJAXRSInvoker" class="en.virtimo.bpc.jaxrs.BpcJAXRSInvoker" init-method="onStartup" destroy-method="onShutdown">     <argument ref="blueprintBundleContext"/>  </bean>