What's New in 21.11

We are pleased to announce our latest 21.11 release of Journey Manager is ready for you to download! It includes new and enhanced features, security improvements and updated libraries, plus bug fixes. We've updated a few Fluent API classes as well. Read on to find out more!

Version Date Released Features & Enhancements Resolved Issues Downloads
21.11.2 14 February 2022 
21.11.1 22 December 2021 
21.11.0 03 December 2021 

Key Features

Here is a list of the key features we've introduced and enhanced. To learn more about each feature, click a documentation link or read the Features and Enhancements section below.

New Statuses for Organisations, Form Spaces and Forms 

As a frequently requested feature to enhance the Journey Manager capability, we've added new statuses, which you can use to take forms offline and thus support maintenance activities on forms and integration services. This feature adds capability to take a form, form version, organization or full portal offline or to just stop rendering forms but allow users of currently rendered transactions to complete their journey.

Permissions and REST Service

We have added permission checks to the Fluent API to enable better control of which function users can access through the Fluent Rest API. For more information, see the Fluent API documentation.

The new permission checks do not apply to standard Groovy scripts executed within the users form flow. However, the capability exists to enable these check if this becomes required for a customer.

Scheduled Groovy services now run using the ServiceUser role, which defaults to a admin level role. This role can be limited to enhance the security around these services, if required.

Fluent API

We've enhanced Fluent API: 

  • Add/Delete Groups
  • User Query Enhancements
  • Previous Submission
  • MemCache Lifetime Controls and Clear functions
  • Fluent oAuth2 Security Manager 

Click Deprecation

Apache Click is an old non supported library used in the Journey Manager UI screens in the forms portals and the manager console. We are steadily phasing this library out and, in this release, we have re-written the authentication, password management and basic error pages in forms portals.

The HTML structures of the pages have been preserved as much as possible. However, these are significant changes so form space styling will need to be reviewed. A new border page has been introduced to support these new pages.

While working on the next Journey Manager 22.04 release, we will continue to deprecate the remaining workspace functionality, which will enable the majority of the remaining Click functionality to be removed from the user facing spaces.

Features Removed

  • FOP - FOP receipt service has been removed
  • TField - Support for the End-Of-Life T-Field product has been removed from Journey Manager

Upgrades & Security

We have performed the following libraries upgrades and security enhancements. 

Apache Cayenne Upgrade

This is a major upgrade of Apache Cayenne, so Core Groovy scripts using Cayenne may need to be modified. 

Velocity Upgrade

Velocity has been upgraded due to security issues. The upgrade of Velocity has breaking changes that may need to be addressed in customer's space styling and email templates:

  1. Checks for empty strings or null. Replace this code:
    #if ($flash != "")) 
    with:
    #if (($flash) && ("$flash" != ""))
  2. Combined boolean checks on one line. Replace this code:
    #if($startDate && $endDate)
    with:
    #if($startDate) 
        #if($endDate)
     

Spring Security Upgrade

This is a major upgrade, which has included changes to the way Spring Security is configured. This should not affect customers as the original functionality has been maintained. However, if form spaces or security have been heavy customized, some changes may be required.

CSRF Protection on spaces

We have added the CSRF Protection option to the Workspaces, Workspace and Web-plug spaces. This option is selected by default in Workspaces, but it is not selected for  other form spaces by default. In the form spaces, CSRF will only be supported with Full FTX Maestro forms and not with the old click based space pages, so the choice for the workspaces portal to default this On, and Off for the other spaces.

Note

There is a bug with the Maestro Attachment Field widget, which has been fixed in Maestro 21.11. To be able to upload attachments with CSRF, you will need to upgrade and re-deploy the form with this fix, available with the Maestro maintenance releases 19.05+, including 21.11. 

Release Details

21.11.2

Resolved Issues

 

21.11.0

Features and Enhancements

Key Module Summary
TMR-3179 Core Services Upgrade to Velocity 1.7
TMR-3205 Core Services Upgrade to commons-io-2.10.jar
TMR-3271 Core Services Move to Argon2id password encoders for local user accounts
TMR-3295 Core Services Increase length of User agent storage in JM
TMR-3302 Core Services Upgrade BouncyCastle to 1.69
TMR-3317 Core Services Upgrade Spring security 5.5.1
TMR-3354 Core Services Upgrade to commons-compress-1.21
TMR-3362 Core Services Use Help Desk View and Collaboration Job View to control access to comments
TMR-3372 Core Services upgrade to accessors-smart 2.4.7, nimbus-jose-jwt 9.13, oauth2-oidc-sdk 9.15
TMR-3373 Core Services Upgrade to Wildfly 24.0.1
TMR-3388 Core Services Remove the old FOP receipt render service and disabled test
TMR-3392 Core Services Upgrade the jsoup library to 1.14.2
TMR-3422 Core Services Upgrade to shiro-core-1.8.0.jar
TMR-3470 Core Services Upgrade to  sshd-core-2.7.0
TMR-3471 Core Services Upgrade to undertow-websockets-jsr-2.2.12
TMR-3472 Core Services Upgrade to  jakarta.el-3.0.3.jbossorg-4
TMR-3473 Core Services Upgrade to netty-all-4.1.68.Final
TMR-3116 Fluent API Add Add/Delete Group API
TMR-3118 Fluent API User Query Enhancement ( Query By Roles)
TMR-3239 Fluent API Incorporate, View, Add, Update and Delete permissions to Fluent API calls through the Rest API
TMR-3248 Fluent API Expose previous submission relationship 
TMR-3356 Fluent API Expose MemCache Lifetime options
TMR-3401 Fluent API Memcache add clear capability
TMR-3260 Manager Enable session based authentication on Manager Rest API's
TMR-3466 Manager Code Scan Hit, Client Cookie Security: Overly Broad Path
TMR-3231 Workspace Remove Apache Click from login pages for spaces
TMR-3232 Workspace Remove Apache Click from error pages in the spaces
TMR-3240 Workspace Enable Spring CSRF protection on Workspaces space
TMR-3309 Workspace Replace the click com.avoka.fc.portal.security.SecurityPageInterceptor
TMR-3310 Workspace Replace the click com.avoka.fc.core.page.FormPageTrackingInterceptor interceptor
TMR-3326 Workspace Remove CardCvvInfoPage page from spaces
TMR-3430 Workspace Add optional CSRF protection to web-plugin and workspace
TMR-2453 Core Services Fluent OAuth Security Manager
TMR-3207 Core Services Form/Organisation and Space status control
TMR-3229 Core Services Upgrade to Apache Cayenne 4.1
TMR-3235 Core Services Remove TField support from JM

Resolved Issues

Restricted content

You need to login to access this content. If you still don't have access after logging in, you can request it by posting a new question using Website issue in the Category dropdown.

Downloads 

Restricted content

You need to login to access this content. If you still don't have access after logging in, you can request it by posting a new question using Website issue in the Category dropdown.