Breaking Changes

The implementation of BaseTable has been adjusted, resulting in a change to the DeleteRowsAction class.

Custom plugins that use the BaseTable implementation to display/edit data in tabular format must make code-related adjustments.

Breaking Change

The following changes have been made to the DeleteRowAction class:

Workbench code in the plugin must adopt these changes to remain executable in the Workbench.

Impacts:

A problem with the auto-detection of EDI messages has been fixed. The entire EDIFACT header was evaluated and the rule file structure was used. The "Extended Auto-Detection" switch is now correctly applied.

Breaking Change

It is no longer possible to process both EDIFACT and EDIGAS messages in parallel with one adapter.

Resolution

This change was rolled back with INUBIT 8.0.39, and the previous behavior has been restored.

Impacts:

Previously, a bearer token had to be passed to the REST Input Listener Connector via the header parameter x-openid-token in order to have it checked against a Keycloak instance. The REST Connector has now been extended so that the bearer token can also be passed via the Authorization header parameter in the form 'Authorization: Bearer <Token>`.

Breaking Change

There is a change in behavior if both parameters, Authorization and x-openid-token, are passed in the header. Then the value in the Authorization parameter is used for authentication. The x-openid-token is not taken into account.

Impacts:

An issue applying the sanitizeHtml setting has been fixed. The global setting on the module now correctly overwrites the value on the instance if it is false. To restore the previous behavior, sanitizeHtml must be set to false and forceValidJavaScript must be set to true.

Impacts:

The start parameter -DenableFormatterMicrosecondsValidation can be used to force the formatter functions to fail if DateTime values are passed that exceed millisecond precision.

The start parameter must be passed when the Process Engine is started. The parameter should also be passed when the Workbench is started in order to force the same behavior in the client.

Impacts:

The XML validator plugin has been hardened and now ignores DTD declarations that could potentially be exploited as a vulnerability (XXE).

Impacts:

The jfreechart library has been updated. As a result, support for 3D representation in reports is no longer available. INUBIT still supports all 2D display types.

Impacts:

The h2 library has been updated. This library is required when using the H2 database.

If you use this database, the contents of the database file must be migrated before patching. See the manual patch steps for more details.

Impacts:

The information in the server configuration has been adjusted so that it no longer contains sensitive data such as passwords.

When using Workbench and Process Engine on different versions, problems may occur in the "Server Configuration" tab.

Impacts:

A problem when establishing an SSL connection between the workbench and the server has been resolved, so that it is now ensured that the sent certificate is checked accordingly and an invalid certificate (e.g. host name) leads to the connection being aborted.

Impacts:

A problem in parsing XPath expressions has been fixed that caused variables of type xs:date and subtypes to be treated as xs:string. This error could previously be worked around by casting the affected variables to the correct type within an XPath call.

Fixing the problem may cause XPath expressions that previously worked in 8.0 to fail. In such cases, add an explicit cast to the variables of type xs:date and thereby convert the value of the variable to string, e.g. xs:string($myVariableOfTypeXsDate).

Due to the change, the following things are no longer possible:

When assigning a default value to a variable of type xs:date or subtype, it is now checked more strictly that the specified value is a valid date, e.g. 2025-02-13’T'10:00:00.

Impacts:

The XPath version stored in Technical Workflows is now automatically updated to version 3.1 during import or migration.

Impacts:

With the move to JDK 11.0.19, SSLv3 is no longer available in the JDK and TLS versions 1.0 and 1.1 are deprecated. These changes in the JDK have now been transferred to the FTP module wizard.

Impacts:

When sending a message with an attachment was configured via the module wizard, the "Content-Type" parameter always received the value multipart/form-data, even if only a single attachment was sent. This has now been corrected and the content type is dynamically set based on the file type being sent.

Impacts:

At the REST API endpoint, which returns model data, the access options have been more restricted when data is queried for another user.

Impacts:

PostgreSQL databases ONLY:

Fixed a problem with storing timestamps in databases, which caused the time zone information to be lost. This creates manual effort for specifying and quoting the TIMESTAMP and TIMESTAMPZ values correctly. Otherwise, the query may fail when run against the database.

Impacts:

The BPC is now shiped with OpenSearch instead of Elasticsearch.

Be sure to read the more information here.

Impacts:

A Content Security Policy(CSP) is set via HTTP header. This can affect custom modules, INUBIT WebApps or integrated third-party applications. To customize the CSP see Content Security Policy.

Impacts:

The configuration of the auto-detection of EDIGAS rules has been revised. The structure of the EDIGAS_MESSAGES.xml file was completely revised and the EDIGAS_SUBSETS.xml file was removed.

As a result, there is only one place where the necessary information for the target rule can/must be given. In addition, any alpha-numeric values can be specified for the target rule version. Previously, only numerical values could be specified.

Adjustments to EDI rules

Please update the file EDIGAS-MESSAGES.xml under Global > System > EDI Specification > Rule Metadata in your INUBIT installation. Alternatively, you can also import this zip file directly under Global.

Remove the EDIGAS-SUBSETS.xml file in the same repository directory.

Impacts:

The implementation of the XSLT function Misc.branchToString() has been adjusted so that it can now be executed correctly with the Saxon 10 transformer.

Impacts:

Exploitation of the XXE XML document parsing vulnerability has been restricted in Technical Workflow. The use of the DOCTYPE statement is still possible, but external references are ignored and no longer resolved.

The default behavior can be defined differently using start parameters on the Process Engine or Workbench, if necessary. For more details, see the Patch Guide.

Impacts:

The Xalan library was removed due to its age and identified security vulnerabilities. Alternatively, the Xalan present in the JDK is now used. This is up-to-date and up-to-date.

Our extensive tests have shown no effect on the processing of XML data, e.g. in the XSLT Converter.

Nevertheless, effects for all customer systems cannot be ruled out. If you encounter problems reading, processing or writing XML data using Technical Workflows, please contact support.

Impacts:

Unique names for all HTML elements are now required when Eventing is used. If the name is missing from the element, eventing will no longer work. Manually it must be ensured that all necessary elements are adjusted.

Impacts:

The IS Configuration operation getPortalUsersForRole is not supported if BPC is configured as a process user server. Previously, an empty result with status OK was returned by the module, which did not provide any indication of the lack of support. Now contains the status ERROR and the result contains a corresponding message.

Impacts:

In the case of a full installation, the initial password of the user "root" is set dynamically in INUBIT during the installation and stored in the ibis.xml file. This makes the password different for each installation and on every system. When the ProcessEngine is started up for the first time, the value from the ibis.xml is adopted as the password for the "root" user. After that, the entry in the ibis.xml has no effect and can be removed or changed.

Recommendation: Change the password of the user "root" after the 1st login via the Workbench.

Impacts:

An output File Connector in IBISXml directory mode will throw an exception when the target directory does not exist. Before no action has been performed in the file system and no error has been reported on the module.

Impacts:

To increase security, the user passwords are no longer exported when exporting users and user groups. As a result, an initial password must now be specified during the import. This can be changed independently by the users after logging in.

Recommendation when using the INUBIT internal user management: Activate the option under Server configuration > user > Initial Password and enter a passphrase. In the import wizard, the password field is then pre-filled accordingly and all users are forced to change their password after the 1st login. This approach provides the best possible protection.

Impacts:

Authentication to the INUBIT REST API is now always carried out by default against the user management configured in INUBIT. If the authentication is to be carried out against the Process User Server configured in the INUBIT (e.g. for retrieving tasks), the parameter?userType=processUser must be entered.

Impacts:

Following the specifications of the Apache project, the web application (INUBIT) is now stored separately from the actual application server (Tomcat). The location of the web application is referenced via CATALINA_BASE and the application server via CATALINA_HOME. In the future, this will make it easier to replace the application server without having to retransmit adjustments to the web application.

Impacts:

User-defined loggers can now be stored for Log4J2 in the Workbench server configuration. The configuration is in JSON format. Existing loggers must be recreated.

Impacts:

BPC WebApp Global dataIS Object has been removed successfully and cannot be accessed anymore.

Impacts:

Log4J2 is now supported in the AS4 Gateway, replacing the previous use of Log4J1. Logging is configured in the <inubit-installdir>/inubit/server/ibis_root/conf/as4/log4j2.properties file.

Impacts:

The path usage has been improved in such a way that no double quotes are needed. This is valid for both Windows and Linux.

Impacts:

IM3 is no longer supported.

Impacts:

The Mongo DB Connector is no longer available.

Impacts:

The Web Service Controls Invoke, OnMessage, and Receive are no longer available.

Impacts:

It is not possible to use the INUBIT IS Connector from an INUBIT with version 7.x or older to an INUBIT with version 8.x or newer.

The INUBIT IS Connector communicates on the basis of REST from version 8.0. This means that it can only be used with other process engines that also have version 8.0.0 or higher. Older systems (version 7.4 and older) communicate via SOAP. This means that calls via INUBITs of different versions are only possible between systems up to and including 7.4 or from 8.0.

In addition, authentication in the INUBIT IS Connector module has been adapted so that this is now possible with every user registered in the target INUBIT system. The internal system users used previously can no longer be used. Therefore, adjust the authentication settings on your INUBIT IS Connectors.

Impacts:

In the Monitoring tab, icons to view and download a trace log file are available as well as a combo box with the list of log files.

Impacts:

Unsupported file upload/download functionality has been removed from INUBIT IS Connector.

Impacts: