j5 Framework 26.0 update 11 - j5 - Release Bulletin - Hexagon PPM

j5 Release Bulletin

Language
English (United States)
Product
j5
Search by Category
Release Bulletin

Improvements

  • 2021-06-17 - Added a confirmation dialog for "App Cache" updates on mobile, so that the user can accept or decline reloading the mobile view. (PT-4175)

  • 2021-07-02 - For templated dashboards with logbook filters, added an Apply Filter button that applies the selected filter. This allows a user to select multiple filters before asking for the report. (PT-9143)

  • 2021-07-02 - Made significant performance improvements to Templated Dashboards. (PT-9171)

  • 2021-07-02 - Service Workers is supported in j5 Mobile in anticipation of the Application Cache being removed. This also included various fixes and improvements to the mobile-server interaction. (PT-3626)

Security Updates

  • 2021-06-17 - Removed log4j library from the odajdbc driver. (PT-6452)

  • 2021-06-17 - Upgraded ActiveMQ from 5.16.0 to 5.16.2. This patch upgrade means that XStream, a dependency of ActiveMQ, is also updated from version 1.4.11.1 to 1.4.16 and so resolves several CVEs including: CVE-2020-26217, CVE-2021-21351, CVE-2021-21347, CVE-2021-21350, CVE-2021-21346, CVE-2021-21344. (PT-9278)

  • 2021-06-17 - Upgraded url-parse from 1.2.0 to 1.4.7 to prevent CVE-2018-3774. (PT-8468)

  • 2021-07-02 - Upgraded jsdom from 11.2.0 to 11.12.0 to address CVE-2018-1000620 in cryptiles 2.0.5. (PT-8470)

  • 2021-08-04 - Upgraded the dom4j library that is used by the j5 Reporting Service to resolve CVE-2020-10683 and CVE-2018-1000632. (PT-4588)

  • 2021-08-04 - Upgraded the XMLBeans library used by the j5 Reporting Service to resolve CVE-2021-23926. (PT-10910)

  • 2021-08-03 - Patched log4j library 1.2.17 shipped with ActiveMQ to resolve CVE-2019-17571 and removed unused ActiveMQ libraries. (PT-10089)

  • 2021-08-03 - Upgraded Apache HTTP Server (used in j5 Load Balancer) from v2.4.46 to v2.4.48 to resolve the following CVEs: CVE-2021-31618, CVE-2021-30641, CVE-2020-35452, CVE-2021-26691, CVE-2021-26690, CVE-2020-13950, CVE-2020-13938, CVE-2019-17567 and CVE-2018-16492. (PT-8447)

  • 2021-07-30 - Upgraded Batik to 1.14 to resolve CVE-2018-8013 and CVE-2017-5662. (PT-10346)

  • 2021-07-29 - Patched Pillow to resolve CVE-2021-34552, CVE-2021-25287, CVE-2021-25288. (PT-9338)

  • 2021-07-23 - Upgraded jetty-http to resolve CVE-2017-7658 and CVE-2017-7657. (PT-10520)

  • 2021-07-23 - Upgraded SnakeYAML to resolve CVE-2017-18640. (PT-10520)

  • 2021-07-23 - Upgraded alasql from 0.4.5 to 1.7.3 and cryptiles to 4.1.3 to resolve CVE-2018-1000620 and CVE-2018-16492. (PT-10026)

  • 2021-07-10 - Updated lodash-es dependencies to 4.17.15 to resolve CVE-2019-10744. (PT-10462)

  • 2021-05-21 - Upgraded YamlDotNet from 3.2.1 to 5.4.0 to resolve CVE-2018-1000210. (PT-8847)

  • 2021-05-28 - Upgraded yargs from 11.0.0 to 14.2.3 to resolve CVE-2020-7608 in yargs-parser 9.0.2. (PT-8863)

  • 2021-05-21 - Upgraded PyYaml from 3.12 to 5.4.1 to resolve CVE-2020-14343 and CVE-2020-1747. (PT-6514)

Bug Fixes

  • 2021-07-02 - Fixed an error in logging when a database query has too many parameters. (PT-7643)

  • 2021-07-02 - Fixed the Full Text Search indexer failing to index an IndustraForm if it could not parse certain richtext content; now only the field with the error will not be indexed. (PT-7319)

Translations

This release contains new translation strings, in the following translation domains:

  • sjsoft.WebComponents (1 new strings)

  • webui (4 new strings)

  • sjsoft.Apps.Logbook (1 new strings)