Changelogs

For BPC portal integration, the BPC API key must now be entered manually in INUBIT (e.g., via copy/paste).

Breaking Change

Previously, the BPC API key could be automatically created, retrieved, and saved via the INUBIT portal server configuration. This is no longer possible with BPC 5.0. The API key must now be manually created in BPC and transferred to INUBIT.

Due to the change in the underlying technical REST framework, the "Allow fallback to insecure trust manager" option is no longer selectable independently. This option is now only selectable if the "Allow fallback to insecure hostname verification" option is enabled.

Breaking Change

The following module configurations can no longer be applied as before:

Incorrectly configured modules may fail during execution and must then be manually adjusted.

Temporary Workaround

Both fallback options can be enabled using the -Dfeature.enable.restconnector.insecure.fallback=true switch in the Process Engine startup script. This also enables the option for insecure hostnames. Use this switch only in exceptional cases.

We recommend using secure connections that do not require any kind of fallback.

BPC 5.0 no longer supports INUBIT as an identity provider. This feature has therefore been removed from INUBIT.

Breaking Change

It is no longer possible to configure a BPC identity provider in the INUBIT portal configuration. This must now be done directly in BPC.

With the switch to JDK 21, direct Java calls from XSLT scripts may no longer work and must be adjusted.

Breaking Change

This change in behavior is due to the transition from JDK 17 to JDK 21 and the associated changes or removal of Java classes.

Saxon itself forwards Java calls directly to the JDK and does not ensure compatibility. This is the responsibility of the caller from the XSLT script.

Example:

With JDK 21, the Thread class was extended and a new method, sleep(Duration), was added.

Previously (JDK 17):

Calls to java:java.lang.Thread.sleep(1000) were successfully executed by the JDK.

The Thread class contains only one method, sleep, which expects a value of type long as a parameter.

New (JDK 21): Calls to java:java.lang.Thread.sleep(1000) fail.

The Thread class now contains two sleep methods, and the JDK doesn’t know which one to call.

Solution: The call to the Sleep method must now be typed: java:java.lang.Thread.sleep(xs:long(1000))

The jackrabbit-core library has been updated.

The commons-vfs library has been updated.

The angus-mail library has been updated.

The Tomcat application server has been updated.

INUBIT now supports the PostgreSQL database 17.

The INUBIT product now supports the PostgreSQL database version 18.

The INUBIT IS Connector now supports returning variables. Update both the source and target INUBIT systems.

Using the new "Variable Handling" option, a calling connector can receive variables and output them to the workflow.

The initial sizes in the Workbench have been realigned. The splitters on the Designer and Module Editor tabs are now better positioned, so direct manual readjustment is no longer necessary.

The UN/EDIFACT versions D21B to D24A are now available in the EDI rules editor.

A new option “Safe writing” for Samba protocol has been introduced. Files can be tranferred safely onto a remote location so it can be fetched from there by another process but without any clashes of writing process and the other reading process.

The OSCI Connector plugin has been removed. Older modules of this type can no longer be used after import or deployment.

To improve the visibility of information about the currently logged-in user, the status bar returns and displays the information familiar from INUBIT 7.4. The popup behind the info button has been removed, as all information is now visible in the status bar. The garbage collector for the Workbench can also be accessed there.

The INUBIT product now runs on JDK 21. The corresponding JDK is provided with the installer.

For BPC portal integration, the BPC API key must now be entered manually in INUBIT (e.g., via copy/paste).

Breaking Change

Previously, the BPC API key could be automatically created, retrieved, and saved via the INUBIT portal server configuration. This is no longer possible with BPC 5.0. The API key must now be manually created in BPC and transferred to INUBIT.

The Workbench now offers an AI assistant that answers questions based on the INUBIT documentation.

The INUBIT product is now shipped with BPC 5.0.1.

The Mail Connector now supports security checks, which are displayed in the Security Cockpit.

If data on an INUBIT is backed up with an external identity provider, this data can now be successfully restored or migrated to an INUBIT where these users do not exist in the external identity provider.

The connector now supports security checks, which are displayed in the Security Cockpit.

BPC 5.0 no longer supports INUBIT as an identity provider. This feature has therefore been removed from INUBIT.

Breaking Change

It is no longer possible to configure a BPC identity provider in the INUBIT portal configuration. This must now be done directly in BPC.

The installer now provides the new Virtimo product "Virtimo Suite". The images in the installer have been updated accordingly.

With the switch to JDK 21, direct Java calls from XSLT scripts may no longer work and must be adjusted.

Breaking Change

This change in behavior is due to the transition from JDK 17 to JDK 21 and the associated changes or removal of Java classes.

Saxon itself forwards Java calls directly to the JDK and does not ensure compatibility. This is the responsibility of the caller from the XSLT script.

Example:

With JDK 21, the Thread class was extended and a new method, sleep(Duration), was added.

Previously (JDK 17):

Calls to java:java.lang.Thread.sleep(1000) were successfully executed by the JDK.

The Thread class contains only one method, sleep, which expects a value of type long as a parameter.

New (JDK 21): Calls to java:java.lang.Thread.sleep(1000) fail.

The Thread class now contains two sleep methods, and the JDK doesn’t know which one to call.

Solution: The call to the Sleep method must now be typed: java:java.lang.Thread.sleep(xs:long(1000))

The INUBIT REST API now provides its content as OpenAPI Spec v3. It can also be used and searched via the Swagger UI. The endpoints are accessible anonymously. Therefore, this feature is disabled by default.

The endpoints are anonymously accessible. To activate, set the switch in the setenv.sh file to "true":

After activation, the following additional endpoints are available:

Support for INUBIT as an Identity Provider for BPC has been removed from the BPC Workflow package.

The BPC Database Flex Table module is now also delivered with the installer.

The BPC Forms renderer module is now also delivered with the installer.

The central proxy settings in INUBIT are now also used by the IGUASU connector to establish the connection.

A bug in the tagging process for workflows has been fixed. Previously, tagging would fail if chart modules couldn’t be found. The process is now more robust and completes the tagging as far as possible.

We are also working on providing a report that details all tagged and untagged resources.

When using an IS Connector in a sub-workflow, the variables necessary for returning to the main workflow were lost in version 8.1.11.

This issue has now been resolved, and both the Workflow Connector and the INUBIT IS Connector are working together again without any problems.

During the transfer of XML variables, they were incorrectly imported as type String at the destination. This problem has now been fixed, and the typing is working as intended.

An issue with importing workflows and modules has been fixed so that their status "active" or "inactive" is now always set as selected in the import wizard after the import is complete.

The number of calls to the ISPN_USER table during workflow execution has been reduced when logging is set to level "Error", "Warning" or "Info".

When accessing a NetApp share using a VFS connector and a path with a wildcard (*), subdirectories were deleted. This issue occurred both during read operations and during read and subsequent deletion operations and has now been resolved.

When accessing NetApp Share using the VFS Connector, attempts to delete empty directories failed. This issue has now been resolved.

If schema validation with Schematrons was performed under high load, execution errors could occur. This problem has now been fixed, and validation now works flawlessly even under high load.

An issue when reading and filtering files via the Samba protocol has been fixed. This could result in the error "STATUS_NOT_A_DIRECTORY," which would cause processing to abort. This problem has now been resolved, and the filtered list of files is output.

Added “Safe writing” option to the VFS Connector for all supported input formats.

Writing VFS files to a single directory on the target system resulted in a module execution error. This issue has now been resolved.

Support has been added for directly editing the AS2 module properties Mime.Decrypt.Keystore and Mime.Verify.X509 in the deployment dialog. If necessary, update the deployment.xml file in the Process Engine.

A problem with the automatic placement of connection lines after drag-and-drop has been fixed. The inserted module is now correctly connected even when positioned in front of or behind scopes and other tools.

Prerequisite

Change

Writing date values could lead to errors if the language of the accessing database user specified a data format other than YYYY-MM-DD. This issue has now been resolved, and the timestamp passed in the workflow in YYYY-MM-DD format is now correctly converted to the target format expected in the database and saved there.

Necessary Adjustments

If you have previously worked around the problem by reformatting the timestamp, this reformatting must be undone. It will no longer work after applying this patch.

The OpenSSL style configuration is deprecated with Tomcat 10.

With Tomcat 9, OpenSSL style configuration is supported like this:

With Tomcat 10, OpenSSL style configuration is deprecated but default JSSE connector is supported:

Reference: https://tomcat.apache.org/tomcat-10.0-doc/api/org/apache/coyote/http11/Http11AprProtocol.html

Due to the change in the underlying technical REST framework, the "Allow fallback to insecure trust manager" option is no longer selectable independently. This option is now only selectable if the "Allow fallback to insecure hostname verification" option is enabled.

Breaking Change

The following module configurations can no longer be applied as before:

Incorrectly configured modules may fail during execution and must then be manually adjusted.

Temporary Workaround

Both fallback options can be enabled using the -Dfeature.enable.restconnector.insecure.fallback=true switch in the Process Engine startup script. This also enables the option for insecure hostnames. Use this switch only in exceptional cases.

We recommend using secure connections that do not require any kind of fallback.

A normal (graceful) shutdown of the Process Engine is now logged in the system log. Previously, it only appeared in the startShutdown.log file.

The UI setting in the input connector configuration has been revised so that invalid values for "Max. number files" and "Max. total size" are now intercepted and corrected. This prevents incorrect values from being entered in these places via the UI.

A problem in the INUBIT repository that occurred when using Keycloak as the IdP has been fixed. If usernames with mixed uppercase and lowercase letters were created, an error occurred when accessing the repository for these users.

Fixed an issue in DB Explorer that prevented the DB Connector XML input structure from being generated.

An issue with displaying the selected encoding on the server side has been fixed. The display is now correct.

A compatibility issue with the JSON adapter has been fixed when configured with the default conversion setting "Generic" (only the module property "json.domain.Type" is set). The adapter now runs correctly again.

The previous workaround, which involved editing the module and publishing it again immediately, is no longer necessary.

The error "IndexArrayOutOfBoundsException" when setting filters on a monitoring table has been fixed.

With BPC 5.0, the transmission of the session ID in the response changes. The INUBIT Process Engine now supports both the BPC 4.x and BPC 5.0 formats.

Ein Problem bei der Bereitstellung des Deploymentprotokolls wurde behoben. Die Details werden nun wieder vollständig angezeigt.

When starting a process engine configured with a MariaDB database for the first time, warning messages could appear in the log. This issue has now been resolved.

The warnings in the trace.log about property merging conflicts that were reported when starting the Process Engine have been fixed.

The variable mapping dialog has been optimized to ensure that all content is displayed with sufficient space, especially the fold-out side tabs.

Geschweifte Klammern sind Sonderzeichen und dienen als Platzhalter. Sie können einen REST Input-Listener nutzen, um Teile des Aufrufpfades als Workflow-Variablen auszugeben.

Breaking Change

Im REST-Connectoren vom Typ Medium oder Output sind Pfadparameter mit geschweiften Klammern ({}) nicht erlaubt.

Beispiel: https://<hostname>:<port>/ibis/rest/rc/Listener1/{myOrderID}

Im Modulwizard und bei der Ausführung eines REST Connectors erscheint eine entsprechende Fehlermeldung.

The UI setting for storing the CPA file is now described more clearly.

The button for updating the INUBIT BPC modules has been removed. Please ensure that the corresponding modules are present in the BPC’s deploy directory. If the BPC is deployed via the installer, the modules should be present.

The Data Stream Analyzer could be forced to use MimeUtil to determine the MIME type using the special module property "datastreamanalyzer.mode." This option has now been removed. Apache Tika is now always used for analysis.

Breaking Change

If the module property "datastreamanalyzer.mode" is explicitly set in the Data Stream Analyzer, it no longer has any effect. Apache Tika is always executed internally to analyze the data stream. This may lead to a change in the detected MIME type.

The spring boot library has been updated.

The tika library has been updated.

The ZUGFeRD utility has been extended to support reading and writing of PDFs of type PDF/A-3B and PDF/A-3U.

The button for updating the INUBIT BPC modules has been removed. Please ensure that the corresponding modules are present in the BPC’s deploy directory. If the BPC is deployed via the installer, the modules should be present.

The "Migrate to Saxon 10" option has been removed from the Workbench. The necessary Saxon adjustments will be performed automatically during the migration or import.

The REST API endpoints now return the response in the format requested by the client. The same applies to error messages. The default is "application/json"; for XML, "application/xml" must be specified in the Accept header.

The Data Stream Analyzer could be forced to use MimeUtil to determine the MIME type using the special module property "datastreamanalyzer.mode." This option has now been removed. Apache Tika is now always used for analysis.

Breaking Change

If the module property "datastreamanalyzer.mode" is explicitly set in the Data Stream Analyzer, it no longer has any effect. Apache Tika is always executed internally to analyze the data stream. This may lead to a change in the detected MIME type.

If INUBIT is used with Keycloak, the backup files created so far are incomplete and the diagram, module, and repository data of INUBIT users are missing. This ticket will resolve the issue, and the backup files created from now on will be complete.

The FTP Connector plugin has been corrected so that it now terminates correctly in a timeout situation and the workflow aborts with a corresponding message due to this error.

Fixed an issue in the module wizard on the MDN validator page that prevented the stored certificate from being displayed.

An error when creating an SQL statement caused an error when executing the Midnight Task and has now been fixed.

The online documentation in version 9.0 is now called from the INUBIT 9.0 Workbench.

In the module wizard, the correct online help pages are now called from the Connection Pooling dialog when you click F1.

The Remote Connector has been updated with INUBIT 9.0.

Breaking Change

The Remote Connector in INUBIT 9.0 can no longer be used in INUBIT 8.1 and earlier. Adding it in the Connection Manager is no longer possible, significantly limiting maintenance and monitoring.

The HTTP status description available in the restConnector.responseStatusDescription variable has changed. If you need the value of this variable, adjust your logic to the new values.

The following table illustrates the new values:

Starting with INUBIT 9.0, REST connectors containing multiple path parameters with the same name will no longer execute.

The following actions will result in errors in the corresponding connectors:

Path parameter names must not be used multiple times. Correct any duplicates accordingly.

Starting with INUBIT 9.0, REST connectors whose path parameter contains a "." (period) will no longer be executed. The following actions will cause errors in the corresponding connectors:

Breaking Change

Path parameter names may no longer contain periods. Correct any incorrect names accordingly.

The feature available up to and including INUBIT 8.1, which allowed sending a request with the query parameter method=<HTTP method> and thus overriding the HTTP method at the endpoint, has been deprecated and is no longer available.

Breaking Change

Endpoints must now be called using the HTTP method with which they are exposed in the API. Overriding the HTTP method is no longer possible.

Keycloak has been updated.

A potential XXE vulnerability in the INUBIT REST API has been fixed. The following switches can be used to reject XML data that potentially exploits vulnerabilities:

Recommendation: Enable these switches in production systems to prevent potential security issues when processing XML.

Apache Tomcat has been updated.

The Web Service Connector module wizard has been enhanced so that when a keystore is stored, the keystore password is also saved and used at runtime. If the keystore and password do not match, the module will fail to execute, or the keystore cannot be stored in the module.

If the FTP connector is configured with a server via FTP or FTPS and the connection must be made via a proxy, this can now be configured accordingly in the module properties.

The Remote Connector has been updated with INUBIT 9.0.

Breaking Change

The Remote Connector in INUBIT 9.0 can no longer be used in INUBIT 8.1 and earlier. Adding it in the Connection Manager is no longer possible, significantly limiting maintenance and monitoring.

A problem with the task filter REST API endpoint has been fixed so that all tasks on the process engine that match the filter criteria can now be queried across all roles.

Accessing the Process Engine via CLI is now possible even on systems that do not support a browser UI.

Logging in via Workbench to a process engine that uses Keycloak as an identity provider is now token-based (OAuth). The user switches to the browser and logs in directly to Keycloak. Workbench then only uses the access token that Keycloak returns upon success.

The Workbench login screen has been redesigned and now supports login when using Keycloak as well as internal user management.

If Keycloak is used as an IdP, the session running there will be removed from the workbench when a user logs out.

Login via CLI against the internal user management is still supported with user and password.

INUBIT installer uses InstallAnywhere version IA2025 now.

The certificates to be stored in the connector can now also be integrated via the Credentials Manager.

The certificates, keystores and truststores to be stored in the connector can now also be integrated via the Credentials Manager.

The certificates, keystores and truststores to be stored in the connector can now also be integrated via the Credentials Manager.

The Credentials Manager now supports certificate storage. This can be used in modules to securely store public keys or certificates.

The Credentials Manager now supports key pair storage. This can be used in modules to securely store private keys or key pairs.

Certificates for remote connector configuration can now be integrated into system connectors via the Credentials Manager.

The AS4 gateway now works on Apache Tomcat 10.

The option to limit GUI threads has been removed under "General Settings". Any number of UIs can now connect to the Process Engine.

The tunnel functionality of the INUBIT Process Engine has already been discontinued and is now removed.

The Apache Camel library has been updated.

Additional endpoints for deleting diagrams and modules, as well as their versions, have been added to the Process Engine REST API.

INUBIT now supports Windows 2025.

A potential XXE vulnerability when reading the as4-gateway.xml file has been closed.

Support for "userType=processUser" has been removed from the following REST API endpoints:

When OAuth is enabled, the CLI now redirects to the configured authorization server to perform user login via OAuth.

The INUBIT CLI now allows OAuth authentication even when no browser is available.

The SOAP API in the INUBIT Process Engine has been removed. All access is now via the REST API.

Workbench and CLI now use OAuth for authentication against the Process Engine. Basic Auth is still supported as a fallback, but it is deprecated and no longer recommended for security reasons.

The JSON validator uses only modern way to validate the JSON with backward compatibility. Removed the legacy way to validate the JSON.

To set the username and password for the Keycloak connection, the values can now be passed as environment variables:

If the environment variables are not set, the values from the JSON configuration file are used.

Keycloak is now the default preconfigured user management system in the INUBIT Process Engine. Please fill out the required JSON configuration file correctly so that the server can start successfully.

Internal user management is still offered, but is not suitable for use in production environments.

When executing asynchronous workflow jumps with the same process ID via WFC, in which a multiplexer bundles incoming data streams, it is currently not possible to distinguish between the different executions at the mux. Therefore, the mux merges the first incoming data streams, which is not always desired.

The new module property "CreateModuleRunId" (type: Boolean) has been introduced at the workflow connector, which allows the multiplexer to distinguish between different asynchronous workflow executions. The module property must be created manually and assigned the desired value ("true", "false").

The keycloak_template.json file has been expanded to include a description of all available options. This means you can find the documentation directly in the file, rather than in the online documentation.

Keycloak has been included in the standard install set. This bundles the appropriate components for productive installation in one package.

A problem with detecting the port on which the INUBIT Process Engine is running has been improved so that it now works flawlessly even when using multiple ports.

Fixed a memory issue in the Workbench when repeatedly running diagram deployment.

A performance issue when inserting large amounts of data into a MySQL database has been fixed.

An issue with executing the INUBIT and Remote Connector service scripts under Linux has been fixed, so that the execution for retrieving the currently running instance now works correctly again.

Reading the contents of database tables failed when using some database types (including MySQL). This issue has now been resolved.

If Keycloak is configured as the IdP in a process engine, the user base will not be changed during migration or backup restoration. All INUBIT users must be manually created in Keycloak before the migration/backup.

Using the CLI has changed slightly. To access the help, you must explicitly pass the -h or --help parameter.

The HTTP status description available in the restConnector.responseStatusDescription variable has changed. If you need the value of this variable, adjust your logic to the new values.

The following table illustrates the new values:

Starting with INUBIT 9.0, REST connectors containing multiple path parameters with the same name will no longer execute.

The following actions will result in errors in the corresponding connectors:

Path parameter names must not be used multiple times. Correct any duplicates accordingly.

Starting with INUBIT 9.0, REST connectors whose path parameter contains a "." (period) will no longer be executed. The following actions will cause errors in the corresponding connectors:

Breaking Change

Path parameter names may no longer contain periods. Correct any incorrect names accordingly.

The feature available up to and including INUBIT 8.1, which allowed sending a request with the query parameter method=<HTTP method> and thus overriding the HTTP method at the endpoint, has been deprecated and is no longer available.

Breaking Change

Endpoints must now be called using the HTTP method with which they are exposed in the API. Overriding the HTTP method is no longer possible.