24.10

We are pleased to announce our latest 24.10 release of Journey Manager is ready for you to download! It includes new and enhanced features, security improvements and updated libraries, plus bug fixes. Read on to find out more!

Version	Date Released	New Features	Improvements	Fixes	Security	CVE
24.10.0	04 Dec 2024

Highlights

Receipts on Demand

There are often requirements to generate receipts before a submission is completed, which is not always very easy to achieve. To meet this demand for receipts we have introduced a Receipt Generator service via the Fluent API. The Receipt Generator takes a form and either a submission or submission xml and generates a receipt using the configured receipting service. This allows customers to build specific receipt form designs, and pass submission data from submissions or services as required by the solution to generate any receipt they desire. For more information, see Receipt Generator service.

Greater control of Solution Workflow through Job Start enhancements

TJM 2024.10 introduces the ability to start a collaboration job earlier in the initial journey flow. Previously Jobs were created automatically, if a Job service was configured on a form, after the initial submission was user submitted. We have now enabled the create of Jobs any time after the initial form request. Using the fluent API Job Builder solution developers can create a job linked to a submission in any active state (Open, Saved). This provides developers increases freedom in how the orchestrate a user’s journey. For more information, see Job Details.

API Security

It is important that we provide customers with the best tools and options to ensure their solution is secure. We have made changes to TJMs API endpoints to allow setting separate security managers from what is set on the Manager module. We have split out the APIs into their own module war. This will allow using different authentication methods for your APIs, such as OAuth or JWTs, then what you have configured for users accessing the Manager Admin console. For more information, see Security Manager Overview.

Fluent Services Available across multiple Orgs

As the range of solutions expand on a given system customers often find that they have repeated services that are utilized by multiple solutions across a number of different organizations. Certain Fluent Service types can now be assigned to multiple organizations, allowing the services to be shared. Reducing the number of individual services that are deployed to a system. This helps keep the system usage down and makes support and maintenance easier. For more information, see Assign Organizations to a Service.

Fine Grain Billing with the New TJM Billing Record feature

Experimental | This is an experimental feature not intended for production environments.

As solutions have increased in complexity, with multiple forms and steps in workflow, accurately tracking the transaction usage has become much harder. To solve this, we have introduced a new feature to allow more customizable tracking of the billable aspects of clients onboarding journey. Through the Fluent API a client can now create a bill record. These records indicate a billable transaction and can created on demand in any Fluent Service. Bill records can be linked together to form a journey and are periodically published out to the Temenos transaction record keeping service. For more information, see Billing.

Changelog

The changelog is a list of all new features, enhancements and fixes for this release.

New Features

The following new features are introduced in this release.

Fluent API	Fluent Receipt Generator Service – New Fluent Service that generates receipts on demand. Add create/update class for Portal Resources.   Billing record.
API	New Submission API endpoint (Experimental).
Fluent	Allow Fluent Services to be called by multiple Orgs.

Improvements

The following improvements are included in this release.

Collab Jobs	Job Enhancement - Job creation trigger before start submission submitted.
Manager	Enhance Purging of Eventing tables. Enhance form Page Tracking functionality to allow injecting of Txn properties into html head. Integrity checker service orphaned records auto-deletion.   Add flag to include formXml with input params on service invoke. Add option to force Form Data obfuscation (Formally Form Data Encryption). Split settings out for strictHeaderSecurity. Upgrade Puppeteer. Update workspaces API to allow setting additional task parameters to support the Notification feature. Upgrade to Wildfly 33.0.1.
API	Separate TJM APIs from the manager UI war.
Fluent API	Add Jakarta.validation library to secure compiler whitelist.   Add method for setting Open Saved Form Token to fluent security util class.   Enable to fluent api to accept Base 64 string for Byte input.
Workspaces	Add permissions for Submission xml and submission properties view/edit in workspaces. Workspaces PII Subquery Performance Enhancement. Default "Enhanced PII Search" to be true. Improve Enhance PII Search and Remove unused method. Update Workspaces API to allow user query to retrieve user preferences. Allow workspaces unassign API to clear task Message and Subject.

Fixes

This release fixes the following known issues.

Manager	Renamed FileUpload column "Content_Type" to "file_content_type”. Groovy service log search page timeout on when view while long service execution. Fix NoClassDefFoundError in db-updater. Fix the issue with eventing errors threshold limit. Job delivery doesn't resolve unless delivery set on submission level. Date field widget not working on certain pages admin UI. Fix issue with data retention on email_queue records. Remove operations space option from fresh installs. CayenneRuntimeException when Delete Orphaned Records. Portal deployment failed on "CSRF Protection Ignore Patterns". Default Admin Password requirements don't match the security manager settings. Fix database transaction not being returned to the pool. Enforce the core edit permission for deleting the core services. Parameter - Form CSP Header value field is not displayed on edit. Npe thrown when marshalling a Txn with comments from a deleted user.
Fluent API	Receipt Updater fails when using Transact Function Form. Npe thrown when marshalling a Txn with comments from a deleted user.	TSR-827065
Manager, SDK	Properly handle special characters in form names in both UI and through SDK. Test and Validation Delivery channels not being setup via SDK. NoClassDefFoundError Exception When Running ant app-package Command.	TSR-764264

Security

This release addresses the following security issues.

Manager

Remove Hardcoded S3 credentials.
Move the licensing and exchange credentials to database storage.
Add host whitelist to protect from Host Header Injection vulnerability.

3rd Party Libraries

The following third party libraries have been upgraded to meet CVE requirements.

CVE	Library	Version
CVE-2023-22102	mysql-connector-j	8.0.33 -> 8.2.0
CVE-2023-33202	bcpkix-jdk18on	TJM Unaffected
CVE-2024-7254	protobuf-java	3.19.6 -> 3.25.5
CVE-2023-33202	bcutil-jdk18on	TJM Unaffected
CVE-2024-35255	azure-identity	1.10.4 -> 1.13.1
CVE-2024-35255	msal4j	1.13.9 -> 1.17.2
CVE-2023-5685	xnio-api via spring-boot-dependencies	3.3.2 -> 3.3.4
CVE-2024-28168	fop-core	2.9 -> 2.10
CVE-2024-38821	spring-security-web	6.1.8 -> 6.3.4
CVE-2024-38816	spring-webmvc	6.1.12 -> 6.1.14

Journey Manager 24.10