What's New in 21.11
We are pleased to announce our latest 21.11 release of Journey Manager is ready for you to download! It includes new and enhanced features, security improvements and updated libraries, plus bug fixes. We've updated a few Fluent API classes as well. Read on to find out more!
Version | Date Released | Features & Enhancements | Resolved Issues | Downloads |
---|---|---|---|---|
21.11.6 | 31 July 2024 | ✓ | ✓ | ✓ |
21.11.5 | 31 May 2024 | ✓ | ✓ | |
21.11.4 | 8 March 2023 | ✓ | ✓ | |
21.11.3 | 14 July 2022 | ✓ | ✓ | |
21.11.2 | 14 February 2022 | ✓ | ✓ | |
21.11.1 | 22 December 2021 | ✓ | ✓ | |
21.11.0 | 3 December 2021 | ✓ | ✓ | ✓ |
Key Features
Here is a list of the key features we've introduced and enhanced. To learn more about each feature, click a documentation link or read the Features and Enhancements section below.
New Statuses for Organisations, Form Spaces and Forms
As a frequently requested feature to enhance the Journey Manager capability, we've added new statuses, which you can use to take forms offline and thus support maintenance activities on forms and integration services. This feature adds capability to take a form, form version, organization or full portal offline or to just stop rendering forms but allow users of currently rendered transactions to complete their journey.
Permissions and REST Service
We have added permission checks to the Fluent API to enable better control of which function users can access through the Fluent Rest API. For more information, see the Fluent API documentation.
The new permission checks do not apply to standard Groovy scripts executed within the users form flow. However, the capability exists to enable these check if this becomes required for a customer.
Scheduled Groovy services now run using the ServiceUser role, which defaults to a admin level role. This role can be limited to enhance the security around these services, if required.
Fluent API
We've enhanced Fluent API:
- Add/Delete Groups
- User Query Enhancements
- Previous Submission
- MemCache Lifetime Controls and Clear functions
- Fluent oAuth2 Security Manager
Click Deprecation
Apache Click is an old non supported library used in the Journey Manager UI screens in the forms portals and the manager console. We are steadily phasing this library out and, in this release, we have re-written the authentication, password management and basic error pages in forms portals.
The HTML structures of the pages have been preserved as much as possible. However, these are significant changes so form space styling will need to be reviewed. A new border page has been introduced to support these new pages.
While working on the next Journey Manager 22.04 release, we will continue to deprecate the remaining workspace functionality, which will enable the majority of the remaining Click functionality to be removed from the user facing spaces.
Features Removed
- FOP - FOP receipt service has been removed
- TField - Support for the End-Of-Life T-Field product has been removed from Journey Manager
Upgrades & Security
We have performed the following libraries upgrades and security enhancements.
Apache Cayenne Upgrade
This is a major upgrade of Apache Cayenne, so Core Groovy scripts using Cayenne may need to be modified.
Velocity Upgrade
Velocity has been upgraded due to security issues. The upgrade of Velocity has breaking changes that may need to be addressed in customer's space styling and email templates:
- Checks for empty strings or null. Replace this code:
with:#if ($flash != ""))
#if (($flash) && ("$flash" != ""))
- Combined boolean checks on one line. Replace this code:
with:#if($startDate && $endDate)
#if($startDate) #if($endDate)
Spring Security Upgrade
This is a major upgrade, which has included changes to the way Spring Security is configured. This should not affect customers as the original functionality has been maintained. However, if form spaces or security have been heavy customized, some changes may be required.
CSRF Protection on spaces
We have added the CSRF Protection option to the Workspaces, Workspace and Web-plug spaces. This option is selected by default in Workspaces, but it is not selected for other form spaces by default. In the form spaces, CSRF will only be supported with Full FTX Maestro forms and not with the old click based space pages, so the choice for the workspaces portal to default this On, and Off for the other spaces.
There is a bug with the Maestro Attachment Field widget, which has been fixed in Maestro 21.11. To be able to upload attachments with CSRF, you will need to upgrade and re-deploy the form with this fix, available with the Maestro maintenance releases 19.05+, including 21.11.
Release Details
21.11.6
Features and Enhancements
You need to login to access this content. If you still don't have access after logging in, you can request it by posting a new question and selecting the access you need in the Type dropdown.
You need to login to access this content. If you still don't have access after logging in, you can request it by posting a new question using Website issue in the Category dropdown.
{/show}
21.11.4
Resolved Issues
21.11.0
Features and Enhancements
Key | Module | Summary |
---|---|---|
TMR-3179 | Core Services | Upgrade to Velocity 1.7 |
TMR-3205 | Core Services | Upgrade to commons-io-2.10.jar |
TMR-3271 | Core Services | Move to Argon2id password encoders for local user accounts |
TMR-3295 | Core Services | Increase length of User agent storage in JM |
TMR-3302 | Core Services | Upgrade BouncyCastle to 1.69 |
TMR-3317 | Core Services | Upgrade Spring security 5.5.1 |
TMR-3354 | Core Services | Upgrade to commons-compress-1.21 |
TMR-3362 | Core Services | Use Help Desk View and Collaboration Job View to control access to comments |
TMR-3372 | Core Services | upgrade to accessors-smart 2.4.7, nimbus-jose-jwt 9.13, oauth2-oidc-sdk 9.15 |
TMR-3373 | Core Services | Upgrade to Wildfly 24.0.1 |
TMR-3388 | Core Services | Remove the old FOP receipt render service and disabled test |
TMR-3392 | Core Services | Upgrade the jsoup library to 1.14.2 |
TMR-3422 | Core Services | Upgrade to shiro-core-1.8.0.jar |
TMR-3470 | Core Services | Upgrade to sshd-core-2.7.0 |
TMR-3471 | Core Services | Upgrade to undertow-websockets-jsr-2.2.12 |
TMR-3472 | Core Services | Upgrade to jakarta.el-3.0.3.jbossorg-4 |
TMR-3473 | Core Services | Upgrade to netty-all-4.1.68.Final |
TMR-3116 | Fluent API | Add Add/Delete Group API |
TMR-3118 | Fluent API | User Query Enhancement ( Query By Roles) |
TMR-3239 | Fluent API | Incorporate, View, Add, Update and Delete permissions to Fluent API calls through the Rest API |
TMR-3248 | Fluent API | Expose previous submission relationship |
TMR-3356 | Fluent API | Expose MemCache Lifetime options |
TMR-3401 | Fluent API | Memcache add clear capability |
TMR-3260 | Manager | Enable session based authentication on Manager Rest API's |
TMR-3466 | Manager | Code Scan Hit, Client Cookie Security: Overly Broad Path |
TMR-3231 | Workspace | Remove Apache Click from login pages for spaces |
TMR-3232 | Workspace | Remove Apache Click from error pages in the spaces |
TMR-3240 | Workspace | Enable Spring CSRF protection on Workspaces space |
TMR-3309 | Workspace | Replace the click com.avoka.fc.portal.security.SecurityPageInterceptor |
TMR-3310 | Workspace | Replace the click com.avoka.fc.core.page.FormPageTrackingInterceptor interceptor |
TMR-3326 | Workspace | Remove CardCvvInfoPage page from spaces |
TMR-3430 | Workspace | Add optional CSRF protection to web-plugin and workspace |
TMR-2453 | Core Services | Fluent OAuth Security Manager |
TMR-3207 | Core Services | Form/Organisation and Space status control |
TMR-3229 | Core Services | Upgrade to Apache Cayenne 4.1 |
TMR-3235 | Core Services | Remove TField support from JM |
Resolved Issues
You need to login to access this content. If you still don't have access after logging in, you can request it by posting a new question using Website issue in the Category dropdown.