Release notes for RunMyJobs releases 9.2.8.0 through to 9.2.8.11

Impact Type Component Release Details
Impact Type Component Release Summary Details
Minor Defect Connector 9.2.8.6 Exception creating JDBCEnableParameterSubstitution parameter

Before: When creating a JDBC process definition, with a parameter JDBCEnableParameterSubstitution, then a constraint was automatically created for this parameter. If the constraint definition did not exist, it was created. When this process definition is then exported and imported into another environment, where this constraint definition does not yet exist, the import could fail. A workaround is to create manually a temporary JDBC process definition with a parameter JDBCEnableParameterSubstitution, as this will create the constraint definition. After that the temporary JDBC process definition can be dropped again.

After: Now, the constraint definition is created at startup. Therefore the constraint definition is available when such a process definition is imported. 


Id: RCORE-42447
Minor Defect General 9.2.8.0 Fix extraneous error logging for extension points

Before: When using extension points messages of the following form were logged:

ERROR 2021-04-19 14:54:47,868 GMT [http-nio-10180-exec-50-Executor 1874661] com.redwood.scheduler.extensionpoint.impl.ExtensionPointHTTPSession - Asked for SchedulerSession [ACTIONSUBJECT] but it was not available.

After: In normal usage, this message will no longer be logged.


Tickets: 143907
Id: RCORE-42036
Minor Defect General 9.2.8.0 Fix missing Protocol descriptions

Before: Readable descriptions for HTTP and X509 credential protocols were not available.

After: Descriptions have been added.


Tickets: 143436
Id: RCORE-42005
Minor Defect General 9.2.8.0 Link not displayed as link on support page

Before: The link to help about SimpleDateFormat on the support page was not clickable.

After: The link is rendered as a link that can be clicked on.


Tickets: 142739
Id: RCORE-41999
Minor Defect General 9.2.8.0 Object Search output results shows garbled "expand/collapse" icons in output (Chrome only)

Before: When viewing the output from a generated Object Search process in Chrome, then the "expand/collapse" icon is garbled.

After: This icon is correctly shown in all browsers.


Tickets: 143522, 144446
Id: RCORE-42092
Minor Defect General 9.2.8.0 System_Sleep logs error messages in scheduler.log when run for longer than 1s

Before: Empty output/error files are shown when you run a System_Sleep job.

After: Empty files are removed and not shown for a System_Sleep job.


Tickets: 145286
Id: RCORE-42224
Minor Defect General 9.2.8.6 Dispatcher may start a Job Chain job a minute too late in specific circumstances.

Before: Since 9.2.8.0 and in very specific circumstances, it is possible that a process could be scheduled a minute late. E.g. when a chain call of a chain is put on hold, immediately after the chain is submitted to run immediately, then there is a small chance that the chain gets scheduled a minute late.

After: this timing issue is fixed.


Id: RCORE-42482
Minor Defect Platform Agent 9.2.8.11 Improved logging, mainly for Support, around HTTP redirection and also HTTPS usage

Before*:* HTTP 30x redirection messages were incorrectly logged under debug logging as failed responses:
"HTTP server failed response with response code 302"
Also, no distinction was made between HTTP and HTTPS calls in the debug logs.

After*:* 30x messages are not reported as failed responses anymore. Instead are they reported as:
"HTTP server responded with URL redirection code 302"
Also, a distinction is made in the log messages between HTTP and HTTPS.


Id: RCORE-43048
Minor Defect Server 9.2.8.0 Move TransactionDump logging to its own file

Before: Errors could be logged in the form of:

ERROR 2015-03-11 12:01:23,158 Europe/Amsterdam [Redwood monitoring for SAP instance SC3 worker 4] com.redwood.scheduler.persistence.tdump - Start Transaction id=392474620 contains 1 objects. Persistence Error: 
com.redwood.scheduler.persistence.api.PersistenceException$NoRowsUpdated: JCS-123100: 0 rows updated in tid=392,474,620

After: These errors may still be logged, and they will be logged to a separate file, norowsupdated.log. The NoRowsUpdated will be logged at INFO. These can be ignored, but may be asked for by support when investigating issues.


Tickets: 102151, 125355, 126060, 96028
Id: RCORE-31372
Minor Defect Server 9.2.8.1 Prevent duplication of System_FTP_mget_Parallel and System_FTP_mput_Parallel process definitions

Before: It was possible to duplicate System_FTP_mget_Parallel and System_FTP_mput_Parallel, even though nothing could be changed on the resulting duplicate.

After: To prevent confusion, it is no longer possible to duplicate these definitions.


Tickets: 97353
Id: RCORE-32125
Minor Defect Server 9.2.8.8 getCurrentValueString() fails where getInValueString() and/or getOutValueString() work

Before: Calling getCurrentValueString() on a Date or Number parameter would cause a ClassCastException.

After: Calling getCurrentValueString() on a Date or Number parameter will return the same value as getInValueString() or getOutValueString depending on whether the parameter is an IN parameter or not, respectively. This makes is consistent with the other getCurrentValue*() methods.


Tickets: 146916
Id: RCORE-42410
Minor Defect User Interface 9.2.8.0 Missing translation com.redwood.scheduler.jsp.error.500.reason

Before: Missing reason translations for HTTP error response codes would result in false positive errors and warnings written to the log file (we generally do not expect to have a reason translation).

After: No errors or warnings are written to the log file when a reason translation is missing for an HTTP error response code.


Tickets: 146485
Id: RCORE-42353
Minor Defect User Interface 9.2.8.0 Potential server error in user interface when user has insufficient privileges

Before: If a user had sufficiently limited privileges it was possible to cause an internal server error to be shown when clicking on processes.

After: These cases have been fixed, and it is now possible to see these jobs in the user interface even if you cannot see the related process definition.


Tickets: 126194
Id: RCORE-42230
Minor Defect User Interface 9.2.8.6 Remove /components web endpoint

Before: The information of components that are initialised by lifecycle manager was exposed.

After: Do not expose the information of components that are initialised by lifecycle manager.


Id: RCORE-42554
Minor Improvement Server 9.2.8.7 Only update routing table if queueprovider really changes

Before: When selecting a queue provider for read, the internal routing table would be recalculated, even though the queue provider had not changed. This could occur when setting a field to have the same value that it already has.

After: The internal routing table is only recalculated if a change to the routing information occurs. This avoids unnecessary work from being done.


Id: RCORE-42683
Minor Improvement Server 9.2.8.9 Fix potential wait for one hour of parent jobs at system startup

Before: Under some circumstances it was possible for a resilient process to finish before the system had finished starting up. If this happened, and a second process was waiting for the first process, then a delay of up to one hour could occur before the completion of the process was noticed by the waiting process.

After: This has been fixed so that the waiter will always immediately see the completion of the child process.


Id: RCORE-43037
Minor Improvement User Interface 9.2.8.6 Rename filter "All Closed Queues" to "All Held Queues"

Before: Default filter "All closed queues" shows queues which are held, which is confusing.

After: The filter has been renamed to: "All Held Queues".


Tickets: 139250
Id: RCORE-41370
Normal Defect Connector 9.2.8.0 Add support for AS400 over JDBC

Before: The JDBC driver for AS400 does not support the Connection.getTypeMap() function and therefore creating a connection failed.

After: When the JDBC driver does not support the Connection.getTypeMap() function, then this will not cause creating a connection to fail.


Tickets: 145743
Id: RCORE-42296
Normal Defect Connector 9.2.8.0 Fixing Scheduler integration with r2w

Before: R2W was denying soap requests from the scheduler due to the missing authentication token.

After: R2W is now able to authenticate the incoming soap request from the scheduler due to the available authentication token.


Id: RCORE-42383
Normal Defect Connector 9.2.8.0 HTTPCommand#setHTTPHeaders sets arbitrary headers on SimpleHttpRequest, which isnt allowed

Before: You could set a number of HTTP Headers when submitting a HTTP/SOAP job.

After: The following headers are set automatically and should not be set anymore by the user.

  • connection
  • cookie2
  • host
  • soapaction
  • transfer-encoding
  • x-rw-hmacmd5

Currently the following headers can be set:

  • authorization: if set the HTTP command will use this on, otherwise it will check for a credential and set Basic authentication.
  • accept: Only one accept content type is allowed. If set the send command will be using it.
  • accept-encoding: only gzip and identity values can be set and will be used.
  • content-encoding: if set we will send the body in gzip.
  • content-type: if set the body will be sent with the specified content type. By default the content-type will be set to application/octet-stream.
  • cookie: if the Cookie header is set we will determine the cookies and pass these through.
  • user-agent: This is set automatically to identify the scheduler as the originator of the request, but can be overridden.

For every Header you can also set a job definition parameter prefixed with the JobDefinitionType (e.g. HTTP_Content-Type). For all headers the scheduler will search for the job parameter with the specified name, when not found it will search the [headers] section.


Tickets: 144776, 145023, 145060, 145288, 147057
Id: RCORE-42122
Normal Defect Connector 9.2.8.0 Parameter substitution broken in HTTP definitions

Before: The variables in the body text were not replaced by their parameter values.

After: Variables are replaced with parameter values again.


Tickets: 145608, 146808
Id: RCORE-42272
Normal Defect Connector 9.2.8.0 Proxy via credential is not used after startup, until credential is changed

Before: Due to a cache initialization omission, credentials of type 'proxy' were not used for the system-wide outgoing HTTP proxy until a change was made to this credential or any other credential of type 'proxy'.

After: The HTTP proxy cache is now properly initialized on boot with the available credentials.


Id: RCORE-42323
Normal Defect Connector 9.2.8.0 When authentication is required the SOAP wizard should present predefined credentials

Before: A credential was created in the GLOBAL partition when there was no credential found. If no authentication was needed for the SOAP call a "{redwood}:nocredential" credential was created.

After: If authentication is needed for the SOAP call you need to provide a predefined credential. The credentials are shown in a List. If no authentication (the default) is needed we don't create any credential anymore. 


Tickets: 143078
Id: RCORE-41933
Normal Defect Connector 9.2.8.6 PeopleSoft: Unable to use multiple distribution ids when submitting job

Before: It was only possible to use 1 distribution id when submitting a job to PeopleSoft.

After: You can now use multiple distribution ids separated by either a , (comma) or ; (semicolon).


Tickets: 147636
Id: RCORE-42510
Normal Defect Connector 9.2.8.6 SOAP request that needs basic authentication fails with an NullPointerException

Before: An NullPointerException could be thrown when we are not able to find a correct credential for the basic authentication.

After: When we do not find a correct credential we will now set the return code of process to be the return code of the SOAP request (e.g. 401)


Id: RCORE-42471
Normal Defect Connector 9.2.8.8 SOAP - Replacement variables are not replaced with empty strings in SOAP definitions if variable value is null

Before: Replacement expressions are not working with empty strings in SOAP definitions if variable value is null.

After: Replacement expressions are also applied on empty strings when the variable is null.

NOTE: A replacement expression for a variable that doesn't exist will be replaced with the original expression. For example, if your process has a parameter P1 with no value, a parameter P2 with the value test< then the replacement:

<body>
  <P1>${P1}</P1>
  <P2>${P2:xml}</P2>
  <P3>${P3}</P3>
  <empty>${}</empty>
</body>

will result in:

<body>
  <P1></P1>
  <P2>test&lt;</P2>
  <P3>${P3}</P3>
  <empty>${}</empty>
</body>

Id: RCORE-42922
Normal Defect Connector 9.2.8.9 PeopleSoft connector can't work in non-GLOBAL Partition

Before: PeopleSoft jobs can't run when the PeopleSoft system is created in any partition other than GLOBAL.

After: PeopleSoft jobs can now run when the PeopleSoft system is created in any partition.


Id: RCORE-43068
Normal Defect Connector 9.2.8.8, 9.2.8.9 PeopleSoft: PSjob submit gives errors

Before: When starting PeopleSoft PSJob processes, only generic parameters could be set. You could not set any specific parameter value for a PSJob subitem.

After: When importing PSJob definition from PeopleSoft the subitem parameters are imported and shown on separate tabs. Now, for all these processes that are run by the PSJob definition parameters can be set individually.


Id: RCORE-42774
Normal Defect Connector 9.2.8.11 Mandatory constraints for Oracle OHI, Oracle EBS, and PeopleSoft are checked too frequently

Before: If a parameter was mandatory and the process is in a chain, the input value always was checked for null values. However the values are not yet passed to the chain call at this time and so the validation incorrectly failed.

After: The check is done at the correct time. That is, they are skipped when the process is a chain call before starting, and are checked at the time that the call is scheduled to start.


Tickets: 142741
Id: RCORE-41915
Normal Defect Connector 9.2.8.11 OraApps: Make pre-filling fields for default values configurable

Before: After filling in the responsibility it could take a while that you see the next field filled. The reason is that all fields are checked to pre-fill default data.

After: It is possible to influence the behavior pre-filling mapped parameters - keep the recent behavior and prefill all mapped parameters, only pre-fill related mandatory mapped parameters or no pre-fill


Id: RCORE-43475
Normal Defect Connector 9.2.8.11 OraApps: Mandatory parameters with rel expression not working

Before: When using REL expressions to pass in values in OraApps job parameters this could fail when the job is used in a chain.

After: The REL expression is evaluated before passing the value to the job constraint for checking.


Id: RCORE-43480
Normal Defect Connector 9.2.8.11 Support MariaDB with JDBCJob

Before: JDBC jobs running against a MariaDB database failed with a java.sql.SQLSyntaxErrorException: invalid callable syntax. must be like

{[?=]call <procedure/function name>[(?,?, ...)]}

After: JDBC jobs can now execute SQL statements against a MariaDB database.


Id: RCORE-43407
Normal Defect Core 9.2.8.0 Add support for custom indexes

It is now possible to define custom indexes. In order to do so, create an ObjectIndex with one or more ObjectIndexColumns, specifying the object and fields for this index.


Id: RES-502
Normal Defect Core 9.2.8.6 Fix allowing Mail definition types to send to multiple addresses using the ; or , separators

Before: Mail process definitions failed when sending to multiple recipients.

After: Mail process definitions can send to multiple recipients, separated by either , or ;.


Id: RES-737
Normal Defect Core 9.2.8.7 Add support for escaping rules on parameter substitution

Before: Before version 9.2.8, parameter values in HTTP/SOAP requests are not escaped. From version 9.2.8 onwards, parameters are escaped with XML.

After: You now can specify how parameter values should be escaped. Without specifying an escaping rule, there is no escaping of the parameter value.

There are 4 options to escape a parameter value:

  1. xml – escape using XML 1.1 character escaping rules, the result will also use character entities for any non-ASCII character
  2. json - escape the parameter so that it can be included inside of a JSON string
  3. url - escape using URL escaping, assuming a UTF-8 character set
  4. html - escape using HTML character escaping rules

To specify an escape rule you need to add an option on the parameter substitution, e.g. ${parameter_name:xml}.

You can specify multiple escape rules on 1 parameter by appending them after each other. They will be handled in sequence of specifying, e.g. ${parameter_name:xml:json} will first escape using XML entities, and then escape that result using json, so an input of ' would become \' whereas ${parameter_name:json:xml} would convert a ' into \', as it would first convert into JSON ( \' ), and then convert that using XML entities.


Id: RES-701
Normal Defect Core 9.2.8.7 Use new wsdl reader to allow wsdl 2.0

Before: The PeopleSoft connector reads the WSDL in to determine which SOAP calls can be made. The connector was based on reading WSDL 1.1.

After: The PeopleSoft connector can now read WSDL 1.1 and 2.0 files to determine the SOAP calls that can be used.


Id: RES-732
Normal Defect Cronacle Light 9.2.8.0 Add support for constraints in forms

Before: Constraints were not supported in custom submit forms in the Runner and Studio, i.e. if you had a String parameter with an LOV in a custom submit form, a Text Field was rendered, without showing a dropdown with the possible values.

After: LOVs are supported in custom submit forms in the Runner and in Studio now.


Id: RES-599
Normal Defect Documentation 9.2.8.1 Windows Service doesn't add lib/ext to the PATH

Before: The native library files are not accessible when running as a Windows Service.

After: The appropriate directory is now on the java.library.path when running as a Windows Service.


Tickets: 147026
Id: RCORE-42433
Normal Defect Environments 9.2.8.0 Column Chooser: Partition shown 2x

Before: The column chooser for databases showed the column Partition twice.

After: This has been fixed.


Tickets: 139924
Id: RCORE-41410
Normal Defect General 9.2.8.0 Promotion system messages issue

Promotion system message has been improved to avoid misinterpretation:

Before: Objects {0} and {1} have been promoted to system {2}

After: Objects {0} and {1} are being promoted to system {2}


Tickets: 142394
Id: RCORE-42249
Normal Defect General 9.2.8.0 Autofill default values in JCE Raise/Wait Events

Some fields have default values in Job Chain Editor Raise/Wait Events. Present default values for those fields by default.


Id: RCORE-42398
Normal Defect General 9.2.8.0 Cannot rename process server due to unique key violation

Before: In some cases a Process Server could not be renamed to an earlier used name. This happened if the names of the Process Server and the Queue were the same, but it could happen in some other rare cases as well.

After: This has been fixed. It's possible to rename Process Servers again (reusing old names as well).


Tickets: 143075, 144988
Id: RCORE-41995
Normal Defect General 9.2.8.0 Custom entity types need support for deletion with parent object

Before: Entities (either builtin or custom) could not be deleted if there was a custom entity referencing it.

After: You can now specify the delete type when creating a custom foreign key. This has the following effect when trying to delete a parent record:

  • restrictParent/empty: the parent cannot be deleted if it still has children
  • withParent: when deleting then parent, all of its children are deleted as well
  • noRestriction: the parent can be deleted, even if it still has children

Id: RCORE-42107
Normal Defect General 9.2.8.0 Dependent config groups miss backends

Before: If an additional source for configuration values was configured but could not be initialised, the system would start by not using this source. This could potentially allow a user to have access to parts of the system that would otherwise be blocked.

After: When an additional source can not be initialised, the system will not start until the problem is resolved.


Tickets: 147408
Id: RCORE-41939
Normal Defect General 9.2.8.0 Errors and NPE when replying to usermessage

Before: UserMessage jobs showed output files that couldn't be viewed and gave errors when viewing.

After: UserMessage jobs will not show empty files any more. Files that are attached to the job can be viewed.


Tickets: 144901
Id: RCORE-42139
Normal Defect General 9.2.8.0 FCA_FPA_WorkFlow_Confirm: UserMessageHistory.rtx is uncompleted

Before: UserMessageHistory.rtx was incomplete when being downloaded.

After: UserMessageHistory.rtx contains valid and complete xml after being downloaded.


Tickets: 146231
Id: RCORE-42335
Normal Defect General 9.2.8.0 Fix potential error log by getting sap internal command output size

Some SAP definitions could produce superfluous errors in the log, This has been fixed.


Tickets: 142381, 142745
Id: RCORE-41869
Normal Defect General 9.2.8.0 Fix waiting status for externalJobStrategy jobs

Before: Processes marked as ExternalWaitForChild that created no output or log files would erroneously not delete the JobFile objects which could then be accessed via the UI, which would then display an error.

After: ExternalWaitForChild processes will correctly mark their files when completed.


Tickets: 145003, 146022
Id: RCORE-42216
Normal Defect General 9.2.8.0 Import max 50 PI channels each time

Before: All the PI channels matching wildcard pattern were imported.

After: Import of PI channels based on wildcard match is limited to max 50. 


Id: RCORE-41639
Normal Defect General 9.2.8.0 Improve logging for getting remote files in Get support files

Before: When requesting the support files some stacktraces were being logged at debug level, but these were not actual errors.

After: Improved the logging for Get support files (part of which is that the stacktraces are not logged anymore).


Tickets: 141783
Id: RCORE-41670
Normal Defect General 9.2.8.0 JCS-102133: No rights to modify ... privilege(s) on grant: ...

Before: A user with the admin role didn't have privileges for the object definition 'Built In Web Service' (and couldn't grant it to other users/roles). For the object definitions 'Process definition type' and 'User Login', a user with the admin role could grant the 'view' privilege, but not the 'All' privilege.

After: Fixed the missing/incorrect grants.


Tickets: 141136, 141140
Id: RCORE-41590
Normal Defect General 9.2.8.0 Job goes to error when file search matches a very long line and note is created with match

Before: When using a process definition with FileSearch and creating a process note when the search string was found, the process failed when the line in which the search string was found had more than roughly 900 characters.

After: If a long matching line is found, JobFileSearch post-running action Success message is being truncated to 800 characters to prevent the process note creation from failing.


Tickets: 145842
Id: RCORE-42314
Normal Defect General 9.2.8.0 JobChainCall RaiseEvent with different status is not possible

Before: It was not possible to have multiple RaiseEvents in a JobChainCall for the same event, but with with a different statuses.

After: It is possible to have the same RaiseEvent with a different status in a JobChainCall.


Tickets: 146778
Id: RCORE-42406
Normal Defect General 9.2.8.0 Jobchain hangs where the steps are all chained after system restart

Before: In rare circumstances (such as a server crash e.g.) some chains would get stuck where steps and calls would be in a Chained status. These chains were not picked up anymore, even after startup of the server.

After: Chains where steps and calls are stuck in Chained are now picked up and processed properly again.


Tickets: 142296
Id: RCORE-42362
Normal Defect General 9.2.8.0 MailConnector: Fix OAuth 2.0 support for POP3 after JavaMail/Jakarta Mail update

Before: Connecting with OAuth 2.0 authentication to Microsoft Outlook over POP3 and POP3S in a MailConnector was not possible. Also the MailConnector will shut down due to an error when trying to move emails using POP3 or POP3S.

After: Connecting with OAuth 2.0 authentication to Microsoft Outlook over POP3 and POP3S in a MailConnector is now possible. The MailConnector will also not try to move emails using POP3 or POP3S anymore and will not shut down due to the resulting error.


Id: RCORE-41923
Normal Defect General 9.2.8.0 Make "Unknown TableParameter format" error message more descriptive

Before: If the expression for a file or table parameter could not be parsed, then the error message didn't help to determine which parameter causes the issue.

After: The error message now includes the name of the parameter, and for which process the parameter belongs.


Tickets: 139782
Id: RCORE-41562
Normal Defect General 9.2.8.0 Monitoring dashboard uses LastModificationTime, but this is not updated for all status changes

Before: The Monitoring Dashboard used the field Job.LastModificationTime to determine whether a job was longer than some time in a certain status. This field is not updated for each status change, so this could lead to unexpected behaviour.

After: We introduced a new field Job.LastStatusChangeTime that is updated each time the status of a job changes. This new field is used in the Monitoring Dashboard now.


Tickets: 143062
Id: RCORE-41954
Normal Defect General 9.2.8.0 Monitoring servlet fails to look up ProcessServer Services for ProcessServers in nondefault partitions

Before: The monitoring servlet returned an error code if the process server was in a different partition. This was caused by the fact that the services could not be retrieved.

After: This has been fixed. The services are retrieved successfully now and the response indicates OK.


Tickets: 144783
Id: RCORE-42125
Normal Defect General 9.2.8.0 Monitoring/Housekeeping Dashboard - Global configuration screens: Checks on min/max missing

Before: On the Global Configuration screens on the Monitoring Dashboard and the Housekeeping Dashboard the minimum and maximum values for each option were displayed. However, you could still enter invalid values and these were stored in the database.

After: The values for all global configuration options on the dashboards are validated now before they are stored.


Id: RCORE-42002
Normal Defect General 9.2.8.0 Null check constraints should evaluate values when available

Before: System_CollectJobOutput and System_ForceJobStatusUnknown can't be used in a JobChain as the constraints defined on the Job Definition are fired too early.

After: The constraints are now fired correctly on time.


Tickets: 141788, 144425, 144942
Id: RCORE-42099
Normal Defect General 9.2.8.0 Passwords get exposed when hovering over a parameter

Before: Default expressions for password parameters are normally concealed, but still shown in the tooltip.

After: We now also conceal default expressions for password parameters shown in the tooltip.


Tickets: 145589
Id: RCORE-42271
Normal Defect General 9.2.8.0 Process does not complete if all children complete before setting completion strategy to ExternalWaitForChildJobs

Before: When using jcsJobContext.waitForAllChildJobsExternalCompletionStrategy()and if the child job finished at the same time that the parent job script finished, then it was possible that the parent would remain in waiting.

After: This race condition has been eliminated, such that the parent job will always go to Completed, or whichever status is appropriate depending on the child jobs.

Note: There is a very small window where this race condition can occur, in a normally running system these two jobs would both need to finish in the same millisecond to trigger this issue.


Tickets: 144926, 145003
Id: RCORE-42172
Normal Defect General 9.2.8.0 Remove legacy doc build from Crimson

Before: The documentation accessed from the product was shipped with the product, meaning that the documentation for a release could not be updated.

After: The documentation accessed from the product accesses a central documentation server provided by Redwood http://docs.redwood.com/. This has improved searching and can be updated when issues are noticed, thus immediately helping all customers.


Id: RCORE-41692
Normal Defect General 9.2.8.0 Remove or suppress vulnerable miscellaneous jars on jupiler

Upgrades the version of Apache Standard Taglibs to 1.2.5 to address CVE-2015-0254 which allowed XXE attacks through JSTL XML tags which are not used.


Id: ENV-1699
Normal Defect General 9.2.8.0 Segmentation Fault in jtool when Credential not found

Before: It was possible to get a segmentation fault with jscp if connection failures were detected.
After: The potential segmentation faults in jscp have been fixed.


Id: RCORE-42283
Normal Defect General 9.2.8.0 Sending mails with large templates could be slow

Before: Poor performance on parsing large sectioned files ( noticeable by sending large e-mails as mail-body ).

After: Performance is now significantly improved. In one case, a file that took several hours to parse is  now parsed in less than a second.


Tickets: 145968
Id: RCORE-42292
Normal Defect General 9.2.8.0 Should not try to create unnecessary constraint definitions by importing ccms job

Before: Importing a multiple step SAP job as a single process definition created unnecessary constraints which resulted in an error.

After: Unnecessary constraints are not created during the import.


Tickets: 146862
Id: RCORE-42349
Normal Defect General 9.2.8.0 System jobs should not log to scheduler.log at DEBUG

Before: When running the inbuilt system definitions, log entries such as the following would be logged in scheduler.log:

DEBUG 2021-01-01 13:00:00,000 GMT [Redwood Job Thread Pool: GLOBAL.System.System worker 0] com.redwood.scheduler.db.epoch.continuous.jobdef.SystemJobDefinition - isolationGroup r:null w:public void com.redwood.scheduler.system.jobs.RemoveOldJobs.setIsolationGroup(java.lang.String) 
DEBUG 2021-01-01 13:00:00,001 GMT [Redwood Job Thread Pool: GLOBAL.System.System worker 0] com.redwood.scheduler.db.epoch.continuous.jobdef.SystemJobDefinition - jobDefinitionPrefix r:null w:public void com.redwood.scheduler.system.jobs.RemoveOldJobs.setJobDefinitionPrefix(java.lang.String)

After: These are now logged to a different category, and so no longer turn up in scheduler.log.


Tickets: 144712
Id: RCORE-42158
Normal Defect General 9.2.8.0 System_ProcessKeepClauses fails to delete from the run cache

Before: Under certain circumstances, when running the scheduler on Windows, the cache files for the scripting files may not have been cleaned up.

After: These files will now be successfully cleaned up when no longer in use.


Tickets: 143500
Id: RCORE-42066
Normal Defect General 9.2.8.0 System_RemoveOldJobs should take System_Maintenance_Lock

Before: To run the system job System_RemoveOldJobs no locks were required, so this job could run in parallel with other jobs.

After: To run System_RemoveOldJobs the lock System_Maintenance_Lock is needed now, so that the job cannot run in parallel with other maintenance jobs such as System_ProcessKeepClauses.


Tickets: 141075
Id: RCORE-41888
Normal Defect General 9.2.8.0 The display value of constraint parameters in the Runner is not translated correctly.

Before: For String parameters with a simple constraint the values can be language specific. When submitting in the Runner, the values were translated correctly. But when viewing an already submitted job in the Runner, the system switched back to the default locale.

After: This has been fixed; when submitting as well as when viewing a submitted job in the Runner, the values are translated according to the user's locale.


Id: RCORE-42136
Normal Defect General 9.2.8.0 Update 9.2.4 ISU transports for compatibility with 9.2.6

Increased the version of the ISU transports to restore compatibility with 9.2.6 release.

 


Id: RCORE-42213
Normal Defect General 9.2.8.0 Upgrade vulnerable Apache commons jars

The version of commons-compress has been updated, this fixes CVE-2019-12402 which could potentially affect the PowerBI client.


Id: ENV-1701
Normal Defect General 9.2.8.0 Upgrade vulnerable jsoup version

Upgrades the version of jsoup used by the Redwood_Robotics and Redwood_MailReactor libraries from 1.13.1 to 1.14.2, to overcome CVE-2021-37714 which potentially allowed for denial of service when parsing untrusted HTML


Id: ENV-1751
Normal Defect General 9.2.8.0 jtool mput sets working directory to directory without resetting it

Before: When the jftp tool is invoked with an mput from reads from an absolute directory name, then the local directory is not reset to the current working directory on completion. So another mput in the same command sequence will fail if it specifies the local current directory. For example this would fail :

jftp mput myhostname myusername mypassword "/my/local/nested/file.txt" /my/remote/dir "file_in_current_directory.txt" /my/remote/dir

After: When the jftp tool is invoked with an mput from reads from an absolute directory name, then the local directory is always reset to the current working directory. So another mput in the same command sequence that specifies the local current directory will succeed.


Id: RCORE-39980
Normal Defect General 9.2.8.0 network-processor does not progress when an empty message is stuck in the msg directory

Before: A permanent invalid job-processor message would lead to an endless loop of retry attempts, filling up the log with messages like "Persistent message <message number>.001 does not contain message header".

After: The network-processor will retry the invalid message file for a maximum of 10 times and then moves it to the 'err' directory.


Id: RCORE-42192
Normal Defect General 9.2.8.0 proxy_url fails to parse more than one URL in some cases

Before: jsecret did not correctly parse a comma separated list of proxy server URLs supplied either as a command line option or within an HTTP_PROXY environment variable.

The Platform Agent failed to correctly parse more than one proxy server URL within a proxy_url Platform Agent configuration file.

After: jsecret correctly parses a comma separated list of proxy server URLs supplied either as a command line option or within an HTTP_PROXY environment variable.

The Platform Agent correctly parses one or more proxy server URLs within a proxy_url Platform Agent configuration file.


Tickets: 145402
Id: RCORE-42252
Normal Defect General 9.2.8.1 ClassCastException on delete of a process definition from the detail pane in the UI

Before:

  • When deleting a Process Definition from the its details page, an error reporting a ClassCastException would show.
  • When deleting a Process Definition related object (Chain, Report, ...) from its overview page, the object would still be visible in the overview with a name prefixed by "System_Internal_" until the page was refreshed.
  • When deleting a Process Definition or related object from its details page, the object would still be visible in the overview with a name prefixed by "System_Internal_" until the page was refreshed.
  • When deleting a Process Definition or related object, the object would still temporarily be visible using the "show hidden objects" filter.

After: This is all no longer the case, the ClassCastException is no longer shown, objects get removed from the overview and wont show when using the "show hidden objects" filter.


Tickets: 146929
Id: RCORE-42414
Normal Defect General 9.2.8.1 Duplicate key error could occur when many usermessages are created in parallel

Before: A "Duplicate Key" exception could occur when multiple UserMessages were created based on the same UserMessage definition.

After: This has been fixed.


Tickets: 147172
Id: RCORE-42446
Normal Defect General 9.2.8.1 Invalid Configuration detected

Before: Configuration options: UI.HelpVersion and UI.ProductInfoDoc were mandatory, not setting them caused logged ERRORS during installation or build if not set.

After: Made UI.HelpVersion and UI.ProductInfoDoc optional in redwood/scheduler/ui/src/xml/configurationoptions.xml config file


Tickets: 146964
Id: RCORE-42448
Normal Defect General 9.2.8.1 Mark mandatory fields in JCE Raise/Wait Events

Mandatory fields with are now marked with * for Job Chain Editor Raise/Wait Events.


Tickets: 146774
Id: RCORE-42413
Normal Defect General 9.2.8.1 PeopleSoft: Unable to find System_PeopleSoft_MonitorJob

Before: When starting PeopleSoft jobs that create child jobs a NullPointerException could occur with the message that child jobs can't be created. The childjob definition had to be imported before a parent job with these childjobs could be used. When the job definitions are not imported we are searching for a default job definition "System_PeopleSoft_MonitorJob". The search for this job definition caused a NullPointer Exception.

After: The "System_PeopleSoft_MonitorJob" is searched in the correct Application.


Id: RCORE-42451
Normal Defect General 9.2.8.1 Whitespaces are trimmed by JobParameterHelper

Before: SAP jobs with variant names with leading or trailing blanks could not be started.

After: SAP jobs with variant names with leading or trailing blanks can be started.


Tickets: 147368
Id: RCORE-42466
Normal Defect General 9.2.8.2 SAP transactions spoolfiles in XLSX format are corrupt

Before: SAP transactions spool in XLSX format is corrupt when retrieving from a cloud instance.

After: CSV file will be generated when retrieving spool in XLSX format. It is converted to XLSX format in Finance Automation.


Tickets: 147546
Id: RCORE-42498
Normal Defect General 9.2.8.6 Icon 'Remove' is missing in Novum theme

Before: The Novum theme was missing some images that caused buttons not be be clickable

After: All images are now provided, making the buttons visible and clickable again.


Tickets: 140925, 144242
Id: RCORE-41550
Normal Defect General 9.2.8.6 Kill SAP XBP child jobs when the parent is killed

Before: Killing a batch SAP job did not kill its child jobs

After: Killing a batch SAP job kills its child jobs, when /configuration/sap/xbp/EnableKillXBPChildJobsWithParent = true


Tickets: 143595, 146372
Id: RCORE-42443
Normal Defect General 9.2.8.7 Allow RedwoodScript-based SOAPRequest to do HTTP request as well

Before: A SOAPRequest call called within RedwoodScript could only be used to produce a SOAP call. However previously it could also be used to produce a HTTP call.

After: Only when the appropriate values are set  (e.g. SOAPAction, Accept etc.) these values are set on the SOAPRequest. It means that when not set it can be used as a HTTP request.


Id: RCORE-42585
Normal Defect General 9.2.8.7 Allow changing the user in CTS Export pusher definition

Before: Transport requests via CTS+ were always created with RFC user as owner

After: Transport request via CTS+ can be created for the other user with new job definition parameter SAP user.


Tickets: 147239
Id: RCORE-42675
Normal Defect General 9.2.8.7 Cannot control PI channels

Before: Managing PI channels was not possible due to the jobs failing with an XML parse exception.

After: It is possible to manage PI channels.


Id: RCORE-42768
Normal Defect General 9.2.8.7 NPE in System_ReportRun when no limit set

Before: When running System_ReportRun on a Report process definition that did not have a limit defined, it would fail with a NullPointerException, and if a limit had been defined, it would be used, even if it exceeded the system wide report limit of 500,000 rows.

After: Whenever a Report process definition is run, it will be limited to 500,000 rows, whether run directly or via System_ReportRun. If run via System_ReportRun, then it will not fail with a NullPointerException, even if the limit is not set.


Tickets: 146787
Id: RCORE-42396
Normal Defect General 9.2.8.7 Properly set default expression of Recipient parameters when importing CCMS jobs

Before: When importing a CCMS jobs, the recipient type on the generated process definition has been always set as Internet User.

After: When importing a CCMS job, recipient type on the generated process definition is set to the actual recipient type of the SAP job.


Id: RCORE-42700
Normal Defect General 9.2.8.7 Second spoollist cannot be retrieved properly as xls default format

Before: Second SAP spool could not be retrieved when process definition default output format is xls

After: Second SAP spool can be retrieved properly when process definition default output format is xls


Id: RCORE-42711
Normal Defect General 9.2.8.7 Sending mail fails when TLS is configured

Before: When sending mails, and the server supports TLS upgrade, the TLS upgrade would fail, causing the mail to not be sent, and the mail process to error.

After: Mail can now be sent when the mail server supports TLS upgrades.


Id: RCORE-42796
Normal Defect General 9.2.8.7 When logging in during an upgrade step the resulting exception will cause the upgrade to fail

Before: Under some circumstances when logging in during a system upgrade, the upgrade would fail with a NoRowsUpdatedException, requiring the system to be restarted.

After: Changes have been made to retry if a NoRowsUpdatedException occurs during the upgrade, this means that the startup may take a little longer, but the system won't fail to startup.


Tickets: 143798
Id: RCORE-42029
Normal Defect General 9.2.8.7 When using the mail job type CC and BCC headers do not work

Before: Specifying the CC or BCC headers in a mail definition would not send the mail to these addresses.

After: Setting these headers works as expected.


Id: RCORE-42793
Normal Defect General 9.2.8.8 Job count in joblog of a SAP job is "null"

Before: Job count in joblog.log and joblog.dat could be null.

After: Job count in joblog will be set properly.


Id: RCORE-42930
Normal Defect General 9.2.8.8 SAP BOBj jobs may go into error status when connection breaks

Before: SAP BOBj jobs may go into error when the connection breaks
After: SAP BOBj jobs don't go into error when the connection breaks


Id: RCORE-42795
Normal Defect General 9.2.8.11 Update node package chart.js for all supported versions

Update moment.js, a JavaScript library, to version 2.29.3 to overcome CVE-2022-24785. This update protects against unauthorised file access (a "path traversal" vulnerability).


Id: ENV-1966
Normal Defect General 9.2.8.11 Upgrade jackson-data bind to 2.13.2.2

Before: The version of Jackson shipped used within the product has a HIGH ranked CVE reported against it: CVE-2020-36518.

After: The Jackson libraries have been updated to a version not affected by this CVE.

NOTE: The product is not affected by this CVE, as the component in the library that caused the CVE to be raised is not used in the product. However, this has been updated out of an abundance of caution.


Id: ENV-1948
Normal Defect General 9.2.8.11 Upgrade okhttp3/okhttp to version 4.9.3

Before: the library okhttp3/okhttp v4.9.1 contains a security vulnerability CVE-2021-0341. This library is used by our mailservice.

After: the library okhttp3/okhttp is upgraded to v4.9.3. to resolve the CVE.


Id: ENV-1997
Normal Defect Housekeeping 9.2.8.0 Clean up Temporary files on restart

Before: At several places the system creates temporary files, which are cleaned up when their use is completed successfully. However, if the JVM is shutdown while the file is still in use it won't be cleaned up.

After: Temporary files are now always created in the same folder and this folder is cleaned at start up. So, if for some reason a file was not deleted, it will always be deleted at the next start up of the system.


Tickets: 141041
Id: RCORE-41572
Normal Defect Mailreactor 9.2.8.0 MailConnector: Add OAuth support for IMAP and POP3

Added OAuth 2.0 authentication support for IMAP and IMAPS for use with Microsoft Office 365 to the Mail Connector.

Configuration:

  • Settings for Microsoft Azure Active Directory
    • App registration
    • Public client flow allowed for App authentication
    • Delegated Microsoft Graph API permissions
      • IMAP.AccessAsUser.All
      • offline_access
      • Granted consent for all API permissions
  • Additional Connection Settings for MailConnector
    • redwood.connection.oauth.provider
      • The OAuth 2.0 token provider. Currently only "outlook" is supported.
    • redwood.connection.oauth.client
      • The Application (client) ID of the app registered in Microsoft Azure Active Directory.
    • redwood.connection.oauth.tenant
      • The Directory (tenant) ID of the app registered in Microsoft Azure Active Directory.
    • redwood.connection.oauth.authority (optional)

Tickets: 139619
Id: RCORE-41362
Normal Defect Mailreactor 9.2.8.0 MailConnector: Add support for Microsoft Graph

Support for the Microsoft Graph REST API added to the Mail Connector.

Configuration:

  • Settings for Microsoft Azure Active Directory
    • App registration
    • Public client flow allowed for App authentication
    • Delegated Microsoft Graph API permissions
      • Mail.ReadWrite
      • Granted consent for the API permission
  • Settings for the Mail Connector:
  • Connection Settings for the MailConnector
    • redwood.connection.oauth.client
      • The Application (client) ID of the app registered in Microsoft Azure Active Directory.
    • redwood.connection.oauth.tenant
      • The Directory (tenant) ID of the app registered in Microsoft Azure Active Directory.
    • redwood.connection.oauth.authority (optional)

Id: RCORE-41922
Normal Defect Platform Agent 9.2.8.0 Allow jobs to return-code > 255

Before: Unix process definitions were unable to return job status codes greater than 256, the reason being that on Unix systems the exit value is always modulo 256.
So for example, exit 513 will result in an exit value of 1.

After: A 'jtool setreturncode' mode has been added.
In situations where the customer wishes to return error codes larger than 255, we recommend the use of jsetreturncode.


Id: RCORE-37706
Normal Defect Platform Agent 9.2.8.0 Fix crash in jtool scp on solaris-sparc

Before: jtool scp could fail on sending or retrieval of (very) big files caused by the process accessing invalid memory. This was caused by a single byte buffer overrun.

After: The buffer overrun is avoided and any size files can be transferred using jtool scp.


Tickets: 143691
Id: RCORE-42028
Normal Defect Platform Agent 9.2.8.0 Fix memory error in jtool mail when secretfile argument is used

Before: jtool mail would generate an error message about a double free operation and an error returncode when the -secretfile argument was used. The mail was sent correctly.

After: The memory allocation mixup is fixed and no error is produced.


Tickets: 144052
Id: RCORE-42070
Normal Defect Platform Agent 9.2.8.0 Fix potential crash in JFTP PUT -ASCII

Before: When transferring files to a server via jtool ftp/ jftp put -ascii the transfer could abort and the program crash when the file content contained a \r character at the exact end of a buffer with a length that would be re-allocated to a different address by the memory allocator (which is OS-dependent.) This was observed on linux-x86_64 but can theoretically happen on any platform.

After: The reallocation is properly accounted for and the transfer no longer crashes.


Tickets: 143374
Id: RCORE-41987
Normal Defect Platform Agent 9.2.8.0 Missing translation in server logs

Before: Some messages created by the Platform Agent were not translated in the log file.

After: Messages that come from the Platform Agent are translated when writing to the logfile.


Id: RCORE-42034
Normal Defect Platform Agent 9.2.8.0 PA: Temporary loss of file events can occur when many file event definitions are present

Before: When many (> 100) file events are defined it is possible that a race condition between two threads in the platform agent results in a temporary loss of detection of some of these events. Restarting the agent or process server resets this error condition.

After: A change in file events always results in detection of all remaining and new file events.


Tickets: 146060
Id: RCORE-42346
Normal Defect Platform Agent 9.2.8.0 PlatformAgent: Make sure the AgentInitiated Servlet handles unrequested requests

Before: Navigating to a valid Agent Initiated URL from a browser will shutdown the associated Process Server.

After: Navigating to a valid Agent Initiated URL from a browser will result in an HTTP 403 Forbidden error being returned and will have no effect on the Process Server.


Id: RCORE-42285
Normal Defect Platform Agent 9.2.8.0 Remove Isolation Group references from jtool help

Before: jsecret offered an optional isolationGroup argument.

The Platform Agent and some jtool modes, specifically jscript and jevent, mandated the presence of an isolationGroup line within a supplied connection file.

After: jsecret no longer offers an optional isolationGroup argument. However it will still always include isolationGroup=GLOBAL in a generated connection for backwards compatibility.

The Platform Agent and jtool no longer require the presence of an isolationGroup line within a supplied connection file.


Id: RCORE-42264
Normal Defect Platform Agent 9.2.8.0 SQLPlus scripttype: allow connection with /

Before: SQLPlus connections could only be made with username and password (via a Credential).
 
After: SQLPLUS Connections can now make use of Oracle Wallets, either by using /@MYENDPOINT in the 'Remote Run as User' field or by only setting the JCS_REMOTE_ENDPOINT parameter to MYENDPOINT, while leaving the JCS_REMOTE_USER and JCS_REMOTE_PASSWORD fields untouched.


Tickets: 139303, 142386, 144991
Id: RCORE-41328
Normal Defect Platform Agent 9.2.8.0 Segmentation violation in jftp when hostname is not set

Before: jftp crashed with a segmentation violation when hostname was missing in the connection file.
After: jtfp returns an error message when the hostname is missing from the connection file.


Id: RCORE-41878
Normal Defect Platform Agent 9.2.8.0 System_Windows_Session_Create does not work

Before: Windows RDP session could not be created.

After: This regression has been fixed.


Id: RCORE-42214
Normal Defect Platform Agent 9.2.8.0 Update agent initiated url on permanent redirect

Before: The Platform Agent treated all HTTP 30x redirections as temporary redirections.

After: The Platform Agent treats successful HTTP 301 and 308 redirections as permanent redirections, so agent_initiated_url is updated following a successful permanent redirection request.


Id: RCORE-42116
Normal Defect Platform Agent 9.2.8.0 getting support files causes huge logging in AgentInitated mode with loglevel trace

Before: Retrieving support files from a platform agent in logLevel=trace could cause the logs to fill up will large parts of base64-encoded data.
After: The base64-encoded parts are not entirely logged anymore in logLevel=trace.


Id: RCORE-40149
Normal Defect Platform Agent 9.2.8.0 jtool getfile: Fix sporadic decompression issue

Before: Sporadically the jtool getfile tool would be unable to retrieve a file with compression, making it necessary to add the -nocompression flag. The error message given was:

code lengths don't add up (8000)

This happens when a compression block has very specific content with no repetitions.

After: The transfer always succeeds with compression enabled.


Id: RCORE-42027
Normal Defect Platform Agent 9.2.8.0, 9.2.8.1 Improve FileEvent handling

Before: When a File Event Definition is modified on the server, all File Event definitions were sent to the Platform Agent, and they were logged as being "modified" even if they might not have changed.

After: When a File Event Definition is modified on the server, only that definition is sent to the Platform Agent, reducing the amount of reconfiguration that needs to be done. When a platform agent restarts and/or reconnects, the full list of events will still be sent. Additionally, only definitions that are actually modified are logged as being "modified".


Tickets: 146560
Id: RCORE-42356
Normal Defect Platform Agent 9.2.8.1 Server hammered with AIX agent messages “retrying failed fork: Resource temporarily unavailable"

Before: A resource problem on the platform agent host could result in a large amount of error messages and Operator Messages like "retrying failed fork: Resource temporarily unavailable".

After: Retry attempts due to resource problems will generate warnings and no Operator Messages anymore. When the maximum number of retry attempts is exceeded, an error will be raised and displayed in the Operator Messages.


Id: RCORE-42427
Normal Defect Platform Agent 9.2.8.7 Fix rolling over to logfile with same generated name

Before: On Windows, when initial startup and configuration of the platform agent is very fast, the agent could run into an error during switch-over to a new log file where the name of the newly generated log file is identical to that of the initial log file. The following error message would then be reported: "The process cannot access the file because it is being used by another process."
After: The newly generated log file name is verified to be unique.


Tickets: 147170
Id: RCORE-42592
Normal Defect Platform Agent 9.2.8.8 platform agent 'scheduler' script loops when using ksh93

Before: Starting multiple platform-agent instances with 'scheduler start' using the 'ksh93' shell, could result in an infinite starting loop, raising errors like:
"A process still exists for instance 'test', please verify that it is stopped and remove its pid file '/opt/redwood/agent/etc/pid/test/test.ppid' before starting it again."

After: The instances start normally.


Id: RCORE-42851
Normal Defect Platform Agent 9.2.8.9 Installing agent with an installpath parameter ending with a slash may run into upgrade problem

Before: A platform installation path, ending with a slash character '/' resulted in a duplicate PATHS entry in the scheduler script after a version upgrade. This could result in a repetitive startup sequence for platform agents.

After: A trailing slash character in the existing PATHS setting is ignored for existing installations.
For new platform agent installations, a possible trailing slash character is removed from the destination path argument during the installation.


Id: RCORE-43029
Normal Defect Platform Agent 9.2.8.9 Platform Agent can crash when TRACE enabled and log file becomes full

Before: If Platform Agent trace logging was enabled and the log file became large so it needed switching to a new log file then the Platform Agent was likely to crash.

After: When Platform Agent trace logging is enabled and the log file needs switching over, then the Platform Agent performs normally.


Id: RCORE-42798
Normal Defect Platform Agent 9.2.8.9 Timeout values on Sun Solaris are incorrect for SSL connections

Before: Timeout values on platform-agent for Sun Solaris, set for SSL read/write timeout, could end up as incorrect very large numbers. Setting Loglevel=trace would show these incorrect values as e.g.:

TRACE 2022-03-22 23:34:18,530 CET 14269-getmessages #3 opsys.socket - fd=8/10.31.2.179:36525->10.31.2.137:443: timeout set to 21474836480s

TRACE 2022-03-22 23:34:18,530 CET 14269-getmessages #3 opsys.socket - fd=8/10.31.2.179:36525->10.31.2.137:443:: waiting for write, timeout in 21474836480000ms

After: The timeout values are correctly set. E.g.: timeout set to 5s


Id: RCORE-43058
Normal Defect Platform Agent 9.2.8.9 Upgrade to OpenSSL 1.1.1n

Before: Platform agent included OpenSSL 1.1.1l.

After: Platform agent now includes OpenSSL 1.1.1n.

The following CVE fixes are included in 1.1.1n.

CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates [High severity]

Note: This issue does not affect the scheduler, however the library is being upgraded out of caution. (We do not accept "user input" certificates).


Id: RCORE-43046
Normal Defect Platform Agent 9.2.8.9 Windows Platform Agent Spoolhost repeated String Buffer errors

Before: jrfc did not correctly handle invalid UTF (Unicode transformation format) sequences.
In the case of an invalid UTF sequence received by jrfc, we would see hundreds of 'Invalid byte xx at y bytes into UTF8 sequence' for the same offset (ie looping) that will then exceed our internal buffer sizes, because later in the logs when the output is processed we see hundreds of 'StringBuffer maximum capacity (> 512Mb)' exceeded FATAL log messages.

After: The UTF code used by jrfc, and by the Platform Agent in general, now correctly handles the detection of an invalid UTF sequence and no longer loops.


Id: RCORE-42850
Normal Defect Platform Agent 9.2.8.11 File event sending multiple operator messages per second

Before: Wild-carded file events could generate a flood of Operator Messages when they encounter files that could not be moved and files that are still in use and therefore cannot be moved yet.
After: Wild-carded file events will generate a single Operator Message at each scan interval for every file encountered that could not be moved.


Id: RCORE-43061
Normal Defect Platform Agent 9.2.8.11 Make sure Windows roll-over logfile is unique in Windows (refix)

Before: On Windows, when initial startup and configuration of the platform agent is very fast, the agent could run into an error during switch-over to a new log file where the name of the newly generated log file is identical to that of the initial log file. The following error message would then be reported: "The process cannot access the file because it is being used by another process."
After: The newly generated log file name is verified to be unique. This is fixing an earlier attempt to make this robust, which did not do the job very well.


Id: RCORE-43282
Normal Defect Platform Agent 9.2.8.11 Platform Agent no_proxy should implicitly include localhost, 127.0.0.1, ::1

Before: If a no_proxy file or environment variable NO_PROXY was configured that did not include localhost, then the Platform Agent was unable to run jobs.

After: The Platform Agent can successfully run jobs even when a no_proxy file or NO_PROXY environment variable failed to include localhost.


Tickets: 147324
Id: RCORE-42481
Normal Defect Platform Agent 9.2.8.11 Platform Agent should handle file event errors more consistently

Before: If a batch of files for a file event contained several files that could not be moved, then the back-off time was doubled for each file found in error. rather than just once for the whole batch. Or if a batch of files contained errors, but the last file processed was successful then backing off was stopped, causing looping Operator Messages.

After: A batch of files for a file event is now handled in a consistent fashion, preventing looping Operator Messages or alternatively backing off that is too aggressive.


Id: RCORE-43356
Normal Defect Platform Agent 9.2.8.11 SQLPLUS: connecting as user SYS on windows is broken

Before: Connecting with User SYS with SQLPLUS command fails on windows. The connection creates incorrect connection string syntax.

After: The connection string is now created correctly (with "as sysdba" at the end of the connection string)


Id: RCORE-43421
Normal Defect Platform Agent 9.2.8.11 Upgrade to OpenSSL 1.1.1o

Before: Platform agent included OpenSSL 1.1.1n.

After: Platform agent now includes OpenSSL 1.1.1o.

The following CVEs are fixed in OpenSSL 1.1.1o:

  1. CVE-2022-1473 - Low severity - OPENSSL_LH_flush() function has a slow memory leak if it decodes lots of certs.
  2. CVE-2022-1434 - Low severity - Only affects the OpenSSL 3.0 implementation of the RC4-MD5 cipher suite.
  3. CVE-2022-1343 - Moderate severity - OCSP_basic_verify issue when the OCSP_NOCHECKS flag is used.
  4. CVE-2022-1292 - Moderate severity - The c_rehash script does not properly sanitise shell metacharacters to prevent command injection.

Note: These issues do not affect the scheduler, however the library is being upgraded out of caution.


Id: RCORE-43385
Normal Defect Platform Agent 9.2.8.11 Windows agentless jobs can generate a 400Mb message file

Before: If a Windows Platform Agent encountered a non-transient WMI error, such as WBEM_E_ACCESS_DENIED, whilst monitoring an agentless job,, then the WMI operation would be repeatedly attempted with no limit. This would result in a very large number of job log messages for the Redwood Platform Server.

After: If a Windows Platform Agent encounters a WMI error whilst monitoring an agentless job, then the WMI operation is retried a limited number of times, in case the condition is transitory (such as WBEM_E_SERVER_TOO_BUSY). If the WMI error continues to occur, then the job fails and a small number of Operator Messages will be generated.


Id: RCORE-43357
Normal Defect SAP 9.2.8.0 BObj jobs may go into Error status when connection breaks

The BObj connector has been hardened against intermittent network failures.


Tickets: 143364, 143398, 143702
Id: RCORE-41967
Normal Defect SAP 9.2.8.0 Change library search path for SAP libraries

Before: jrfc jobs in Windows could fail due to loading of incompatible SAP nwrfc libraries that were found earlier in the PATH setting than the agent's own 'saplibs' directory.

After: The sequence to search the PATH for SAP nwrfc libraries has changed in favor of the platform-agent's own 'saplibs' directory.


Tickets: 145279
Id: RCORE-42238
Normal Defect SAP 9.2.8.0 Changes to SAP calendars may not be picked up by TimeWindows

Before: Importing SAP calendars did not update TimeWindows referencing these calendars if the SAP system was in any Partition other than GLOBAL.

After: Importing SAP calendars does update TimeWIndows referencing these calendars regardless of the partition of the SAP system. SAP systems in GLOBAL partition must not be prefixed with the partition name when used in period functions of TimeWindows.


Tickets: 144910, 145185
Id: RCORE-42223
Normal Defect SAP 9.2.8.0 Cleanup BOBJ thread by shutting down the process server

Before: SAP BObj process server stayed in partial running few seconds after shutting down. 

After: SAP BObj process server can be shut down directly. 


Tickets: 143373, 143702
Id: RCORE-42121
Normal Defect SAP 9.2.8.0 Create OM for BOBj connection issue less frequently

Before: SAP BObj connector created operator message every minute when connection is broken.

After: Operator message will be created every 1 hour. 


Id: RCORE-42091
Normal Defect SAP 9.2.8.0 Handle SAP XM275 exception properly

Before: In rare circumstances after a network outage SAP jobs may fail due to a timing issue.

After: The timing issue is now handled properly.


Id: RCORE-42301
Normal Defect SAP 9.2.8.0 Implement BAPI for HTML conversion of SAP Spool output

Before: Spools of SAP jobs could not be retrieved as HTML format.

After: Spools of SAP jobs can be retrieved as HTML format with the function module BAPI_XBP_GET_SPOOL_AS_HTML.


Tickets: 143173
Id: RCORE-35876
Normal Defect SAP 9.2.8.0 Import problems for multi-step SAP jobs without a template definition in SAP_ImportCcmsJobs

Before: SAP_ImportCcmsJobs could not import multi-steps SAP job as single definition without template definition.

After: SAP_ImportCcmsJobs can import multi-steps SAP job as single definition without template definition.


Tickets: 143957
Id: RCORE-42043
Normal Defect SAP 9.2.8.0 JRFC get-file timing issue when upgrading platform agent

Before: There was a small time window during the update process of an old platform-agent (containing SAP nwrfc libraries) to a new platform-agent, not containing the SAP nwrfc libraries anymore, in which an already pending SAP spoolhost 'get' action using jrfc was told to continue while the agent update was still searching and copying the SAP libraries from the old agent location to the new location.

After: A pending jrfc job waits until the platform-agent update process has finished to make sure that possibly existing SAP libraries in the old agent are copied to their new location.


Id: RCORE-42110
Normal Defect SAP 9.2.8.0 Job name in joblog of a SAP job might be "null"

Before: If JOBNAME parameter is not set, job name in joblog.log and joblog.dat is null.

After: Job name in joblog will be set properly.


Id: RCORE-42313
Normal Defect SAP 9.2.8.0 Parameter value of SAP variant will be overwritten with BAPI function module

Before: Using standard SAP BAPI variant function module, >!< didn't work as expected. The parameter value would always be overwritten.

After: Additional parameters in BAPI function module have been added  and the usage of >!< and ! was recovered.


Tickets: 143615
Id: RCORE-42061
Normal Defect SAP 9.2.8.0 Potential timing issue in XBP job control rules

Before: There was a timing issue in XBP job control rules which could cause the product to create operator messages for synchronized SAP jobs.

After: The timing issue in XBP job control rules has been fixed.


Id: RCORE-42127
Normal Defect SAP 9.2.8.0 SAP PS connection issue Sender Object Description and Sender Object are empty.

Before: When failing to connect to an SAP process server, the sender object of the corresponding operator message is not set.

After: The sender object is set properly.


Tickets: 143648
Id: RCORE-42023
Normal Defect SAP 9.2.8.0 SAP jobs can get stuck in Assigned status

A rare issue has been fixed which could cause a SAP job to get stuck in Assigned status if the central server was restarted while the SAP connector was unassigning that job.


Id: RCORE-41902
Normal Defect SAP 9.2.8.0 Set Dataservice job and BOBj job into Error status when the API reports an error

Before: SAP DataService job and SAP BOBj job could stay in status Running forever despite errors reported by the API.

After: SAP DataService job and SAP BOBj job will set to status Error when the API reports an error. Communication errors (eg. interrupted connection to the SAP system) will be treated as transient, though, keeping the job in status Running until they are resolved.


Id: RCORE-42088
Normal Defect SAP 9.2.8.0 Wrong output in SAP_GenerateCcmsJobDefinition

Before: Incorrect message has been written into the job log file when the template job definition was not set. 

After: The incorrect message has been removed from the job log file.


Tickets: 145084
Id: RCORE-42194
Normal Defect SAP 9.2.8.0 joblog.dat cannot be retrieved with jrfc

Before: joblog.dat could not be retrieved when running in the cloud.

After: joblog.dat can be retrieved when running in the cloud.


Tickets: 146669
Id: RCORE-42381
Normal Defect SAP 9.2.8.0 joblog.dat should only be created when FL_Showlog set

Before: SAP connector created joblog.dat every time when it was instructed to retrieve joblog.

After: joblog.dat will be created only if job parameter FL_SHOWLOG is set.


Tickets: 145788, 146037
Id: RCORE-42281
Normal Defect SAP 9.2.8.1 MassActivity jobs may end prematurely

Before: SAP mass activity processes may terminate prematurely before their sub-processes are finished in SAP.

After: SAP mass activity processes wait until their sub-processes are finished in SAP before terminating.


Id: RCORE-42408
Normal Defect SAP 9.2.8.6 Multistep SAP jobs always use English as step language

Before: If LANGUAGE parameter is not set in the job definition, multistep SAP jobs always use English as step language, otherwise it will use the the provided value

After: If LANGUAGE parameter is not set in the job definition, multistep SAP jobs will use SAP system default language as step language, otherwise it will use the the provided value


Id: RCORE-42502
Normal Defect SAP 9.2.8.7 BOBJ jobs should not go into Error status on transient connection errors

Before: BOBj job could go into status Error due to comminication errors with the SAP BOBj system but completed in SAP BOBj.

After: Communication errors (eg. interrupted connection to the SAP BOBj system) will be treated as transient, though, keeping the job in status Running until they are resolved.


Id: RCORE-42472
Normal Defect SAP 9.2.8.9 Enable to retrieve HTML format spool with JRFC

Before: Cannot retrieve spool output in HTML format, and large spool output in PDF format via the Spool Host.

After: Large spool output in PDF format can be retrieved via the Spool Host for RMJ and RMF, spool output in HTML can be retrieved via the Spool Host for RMF.


Id: RCORE-42779
Normal Defect SAP 9.2.8.9 SAP Joblog output formatting via Spoolhost is not correct when FL_SPOOL is set

Before: Cannot retrieve SAP joblog in pipe delimited format via the Spool Host when FL_SPOOL is set.

After: SAP joblog can now be retrieved in pipe delimited format via the Spool Host.


Id: RCORE-42979
Normal Defect SAP 9.2.8.11 Update skipped BW process job remote status properly

Before: If a BW process is skipped in SAP, the remote status of the corresponding process on the central server would not be updated to reflect this.

After: If a BW process is skipped in SAP, the remote status of the corresponding process on the central server will be updated to reflect this.


Id: RCORE-43387
Normal Defect Server 9.2.8.0 AS400: Finish jobs asynchronously to monitoring

Before: When downloading large files no other AS400 jobs were monitored. Also when replying to an operator message on the AS400, the process in the scheduler was not updated.

After: Finalizing AS400 jobs is done asynchronously, so downloading large log files doesn't prevent other AS400 jobs from being monitored. When replying to an operator message on the AS400, the process in the scheduler is updated to reflect the correct status.


Tickets: 141819
Id: RCORE-41911
Normal Defect Server 9.2.8.0 Action Component on slave is consuming CPU

Before: When running in a clustered environment the slave node can consume a lot of CPU even when it is not busy. The Action Component is stuck in a busy loop waiting to become the master node (if necessary).

After: The Action Component will now correctly idle when it is not the master and will not consume CPU needlessly.


Tickets: 145609
Id: RCORE-42279
Normal Defect Server 9.2.8.0 Add Configure_Published_WebServices global privilege

Before: Any user could publish any process definition as a web service.

After: In order to publish a process definition as a web service, the user must have the Configure_Published_WebServices global privilege. This is granted by default to the administrator user.

Note: This allowed a process definition to be published, however users could still not submit this definition via web services unless they had permissions to submit it locally. This means that the security impact of this was low.


Tickets: 146028
Id: RCORE-42220
Normal Defect Server 9.2.8.0 Alert firing when job is deleted logs WARN & ERROR message

Before: If a process is deleted before a process definition alert with a delay was begun, then ERROR messages would be logged, despite these being normal occurrences.

After: These messages are now logged at DEBUG level.


Id: RCORE-42084
Normal Defect Server 9.2.8.0 Allow cloud customers to Get Support Files

Before: If a user had the global privilege Support_Files_Get, they could request server log files with the GetSupportFiles functionality.

After: The global privilege Support_Files_Get is still needed to get the support files, but to include the server log files a user needs the global privilege System_Support as well. Additionally, the global privilege System_Dynamic_Trace is granted to the redwood-administrator role now by default (for cloud customers).


Id: RCORE-41407
Normal Defect Server 9.2.8.0 Allow to remove template flag

Before: You could set the 'template' flag on a process or chain definition, but it was impossible to remove this flag later.

After: Now it is possible to remove a 'template' flag from a process definition that has been marked as template.


Id: RCORE-41928
Normal Defect Server 9.2.8.0 ClassCastException when an Ad Hoc Alert is triggered

Before: A Classcast exception was thrown when using a ProcessServer check when raising adhoc alerts.

After: This has been fixed.


Tickets: 141932, 142960
Id: RCORE-41678
Normal Defect Server 9.2.8.0 Clear SchedulerSession while performing ObjectSearch

Before: Performing complex Object Search queries could result in high memory usage on the server.

After: The memory usage has been improved to release unused memory more often when performing an Object Search.


Tickets: 141027
Id: RCORE-41571
Normal Defect Server 9.2.8.0 Columns without descriptions cause the RTXWriter to fail on the agent

Before: Running jobs that make use of the RTXWriter that contained RTX without column descriptions on a platform agent would result in a NullPointerException and the job consequently failing.

After: Running jobs that make use of the RTXWriter that contains RTX without column descriptions on a platform agent proceed to completion successfully.

Note, the DataTransfomer extension point uses RTXWriter, and needs to be upgraded to get this fix.


Tickets: 146386, 146395
Id: RCORE-42339
Normal Defect Server 9.2.8.0 Do not store Authentication provider in session.

Before: When accessing the server from an initial request originating from outside of the server, an error could be produced in the browser about too many redirects.

After: This issue has been fixed.


Tickets: 144486
Id: RCORE-42100
Normal Defect Server 9.2.8.0 Don't log "Fixing" statements on every startup

Before: Upon each start of redwood-platform lines like the following are logged in scheduler.log

logs/scheduler.log:INFO 2021-07-06 22:20:58,088 GMT [Redwood Background Startup] com.redwood.scheduler.lifecycle.impl.ConfigurationComponent - Fixing JCS_REGISTRY0 entry name=CONFIGURATION፨␟ uniqueid=1
logs/scheduler.log:INFO 2021-07-06 22:20:58,088 GMT [Redwood Background Startup] com.redwood.scheduler.lifecycle.impl.ConfigurationComponent - Fixing JCS_REGISTRY0 entry name=SYSTEM፨␟ uniqueid=11429
logs/scheduler.log:INFO 2021-07-06 22:20:58,089 GMT [Redwood Background Startup] com.redwood.scheduler.lifecycle.impl.ConfigurationComponent - Fixing JCS_REGISTRY0 entry name=USER፨␟ uniqueid=5559

 

After: These are no longer logged, this also minorly improves startup speed, as these actions are no longer executed unnecessarily.


Tickets: 137152
Id: RCORE-42244
Normal Defect Server 9.2.8.0 Limit restarts to 100

Before:

  1. There was no limit on the number of restarts for a process, chain, step or call.
  2. If a job had unlimited restarts, the default delay would be applied.

After:

  1. The default restart limit and default delay will only be applied if the user does not specify anything. That is, if the user specifies a set number of restarts and a delay, that is what will be applied.
  2. If no restart limit is specified, then we will use the default restart limit.
  3. If the restart limit (default or specified) is greater than or equal to the default, and no restart delay is set, the default restart delay will be applied.

Id: RCORE-41606
Normal Defect Server 9.2.8.0 Missing REL functions in the Default Expression edit dialog

Before: The Default Expression REL editor was not displaying the method Logic.if and Logic.case for use when editing the REL Expression.

After: These methods are correctly displayed and available for use in the editor.


Tickets: 143514
Id: RCORE-41985
Normal Defect Server 9.2.8.0 Monitoring Dashboard has browser Context menu

Before: Right clicking on the Monitoring Dashboard and Housekeeping Dashboard gave access to the browser's context menu.

After: Right clicking on an item in one of the dashboards never gives access to the browser's context menu anymore; if the item has its own context menu this menu is displayed, otherwise nothing happens.


Id: RCORE-41099
Normal Defect Server 9.2.8.0 Out of Memory Exception due to excessive creation of loggers

Before: An internal map of the logging infrastructure was keeping more information than needed. This map was cleaned in System_ProcessKeepClauses, but when this job did not run or not often enough, the map could grow too large even causing an OOM.

After: The internal map is automatically cleaned up (and much sooner). The chance that the map grows too large is now minimal.


Tickets: 146866
Id: RCORE-42415
Normal Defect Server 9.2.8.0 Potential incorrect access to support servlet

Before: It was possible, if two people tried to access the support servlet at exactly the same time, for a user to be able to access the support servlet show page, or conversely for a user who should be able to see the page to not be able to see it.

After: This has been fixed so that the correct user is always checked when accessing the support servlet.

Note: The impact of this is very limited, as all actions that can be performed from the page perform the correct checks, so it isn't possible to do anything that you should not be able to, except to see the security servlet page.


Id: RCORE-42054
Normal Defect Server 9.2.8.0 Prevent null being passed to the writeCharacters method in XMLStreamWriterIndent

Before: RTXWriter could fail if null values were attempted to be written for RTX elements on platform agents.

After: RTXWriter omits empty optional elements and will not attempt to write content for  empty mandatory elements.


Tickets: 146386, 146441
Id: RCORE-42341
Normal Defect Server 9.2.8.0 REL expression Time.now('time zone') will now fail when called with an invalid timezone

Before: Calling the function Time.now("Invalid timezone") would not fail with an error message; the function would use the system time zone instead.

After: Calling the function Time.now("Invalid timezone") with an invalid time zone will now cause the function to fail with an exception.


Tickets: 138229
Id: RCORE-41286
Normal Defect Server 9.2.8.0 Recovery retry action should be RetryAlwaysAction when db disappears

Before: If the database connection cannot be retrieved, recover was tried for two minutes, after this the transaction would fail. Depending on where this happened, this could result in processes getting stuck in unexpected statuses.

After: When the database disappears, recovery is attempted indefinitely or until a recovery attempt fails for non-connection based issues.


Tickets: 142201, 142296, 144858, 144882, 144884, 144895, 145164, 146743
Id: RCORE-42150
Normal Defect Server 9.2.8.0 Recurring error message in tomcat.log file relating to a missing ErrorHandler

Before: Connections from the Platform Agent could produce warning statements in the tomcat.log file mentioning that org.xml.sax.ErrorHandler has not been set.

After: These messages will not longer be produced.


Tickets: 143646, 144720
Id: RCORE-42016
Normal Defect Server 9.2.8.0 Reduce logging from clustering when database isn't available

Before: If the database could not be contacted, then clustering would log every 100ms an error and full stack trace.

After: If the database cannot be contacted, then a stack trace will be logged on the first instance, and thereafter only a message every second.


Tickets: 144895
Id: RCORE-42149
Normal Defect Server 9.2.8.0 RedwoodScript Compilation with library fails on Windows

Before: On Windows compiling a RedwoodScript definition with a Library could fail as the packages defined in the library were not found. This was due to issues resolving the class path used for compiling, including failing to handle special characters in file names. 

After: The issue has been resolved.


Id: RCORE-42375
Normal Defect Server 9.2.8.0 Remove GMQuery items from audit-rules-app-production.car

Before: Installing audit-rules-app-production.car gave an error about the following two files in the car: Production_GMQuery_DiffOnly.xml and Production_GMRepository_DiffOnly.xml.

After: The files have been removed from the car, so installing them works again.


Tickets: 142830
Id: RCORE-41912
Normal Defect Server 9.2.8.0 Remove Non-functional Audit Rule Reason Required

Before: When creating an AuditRule you could enter the fields ReasonRequired and ReasonRequiredRegEx, but these were not used correctly.

After: The fields have been marked as deprecated to indicate that they should not be used.


Id: RCORE-41651
Normal Defect Server 9.2.8.0 Specify date range for out of office

Before: In the user settings it was possible to configure a proxy user (out of office), which allowed to delegate user messages to this proxy user.

After: Now it's also possible to specify a start date and end date for these out of office settings.


Tickets: 137754
Id: RCORE-41101
Normal Defect Server 9.2.8.0 Threads, started by JDBC do not stop when process server shuts down

Before: When running on Oracle RAC, the Process Server System_Oracle could stop working, when it was configured incorrectly. The Process Server could not be completely stopped nor started anymore, except by restarting the product completely.

After: When the OracleConnectString is misconfigured, then the System_Oracle process server will just not start.


Tickets: 141484, 141783, 141786, 145057
Id: RCORE-41668
Normal Defect Server 9.2.8.0 When using System_RemoveOldJobs steps of chain definitions marked as keep forced are not deleted

Before: When using System_RemoveOldJobs, steps of chain definitions, marked as "keep force", are not deleted.

After: When using System_RemoveOldJobs, steps of any deleted chain definitions will be deleted. Any calls from within the chain that have been marked as "keep force" will not be deleted.


Tickets: 129411
Id: RCORE-42229
Normal Defect Server 9.2.8.0 Wrong classloader as parent in library classloader

Before: Under some circumstances RedwoodScript could not be executed, leading to a NoClassDefFoundError.

After: RedwoodScript is now properly executed under all circumstances.


Id: RCORE-42209
Normal Defect Server 9.2.8.1 Empty optional RTX elements should not be written

Before: Empty optional RTX elements were written to the RTX output.

After: Empty optional RTX elements are omitted from RTX output.


Id: RCORE-42344
Normal Defect Server 9.2.8.1 LicenseAssertWriteCallback is retaining scheduler sessions

Before: Under certain circumstances objects were being retained in memory where they were not needed where short lived user sessions were being used.

After: These objects are no longer retained, reducing retained memory usage.


Id: RCORE-42445
Normal Defect Server 9.2.8.1 Potential db lock when running many jobs

Before: A potential deadlock could occur running a lot of jobs in parallel, and calling one of SchedulerSession.waitForJob()SchedulerSession.waitForJobs(), or SchedulerSession.waitForAllChildren().

After: This has been fixed.


Id: RCORE-42430
Normal Defect Server 9.2.8.2 Admin server fails to initialise configuration when an invalid database configuration is entered

Before: When configuring the system with the Admin server, if an invalid database connection was entered initially, later initialisation steps may fail.

After: The invalid database connection details will not interfere with the requirements for the initialisation steps, and installation can continue.


Id: RCORE-42483
Normal Defect Server 9.2.8.2 Document and Scripting streams queries are not in the correct case

Before: On databases that have case sensitive table names and fields, streaming Documents and upgrading old RedwoodScript definitions may fail to retrieve the data due to unknown table/field exceptions being thrown.

After: The case used for the queries is consistent with the table creation and will now correctly find the tables and fields in case sensitive database.


Tickets: 146905
Id: RCORE-42425
Normal Defect Server 9.2.8.6 Attachments are missing from workflow emails

Before: Mail_Attachments specified on UserMessageJobs (Workflows) weren't forwarded as Mail attachments.

After: Mail_Attachments specified on UserMessageJobs (Workflows) are now forwarded as Mail attachments.


Id: RCORE-42704
Normal Defect Server 9.2.8.6 HTTP: Allow JSON arrays

Before: An exception is thrown when the JSON output contains JSONArray's.

After: All JSON elements can be parsed.


Id: RCORE-42521
Normal Defect Server 9.2.8.6 Retrieving job files from the platform agent is limited by max open files

Before: reading a job file residing on a platform agent would not close the socket immediately, but only after the Java garbage collector ran. Opening many (thousands) of files in rapid succession could result in starvation (out of open files or sockets).

After: reading a job file that resides on a platform agent will now immediately close the socket in such a way that there is no remaining open socket (not even in CLOSE_WAIT or TIME_WAIT) on client (java server) or server (platform agent).


Tickets: 147131
Id: RCORE-42499
Normal Defect Server 9.2.8.7 Add missing database indexes

Before: There were some missing database indexes that, in some situations, caused the system to slow down.

After: Extra indexes have been added to help in this situation


Id: RCORE-42699
Normal Defect Server 9.2.8.8 AS400 job improvements (Include $ in Name, Retrieve JobLog independent)

Before:
$ character is not allowed in AS400 JobName. Only getting the logfile from an AS400 Job was not possible.
It was not possible to retrieve only the logfile for a job.

After:
$ character is allowed in the JobName.
Retrieving only the logfile is now possible by setting two parameters on the job:

  • OutputFileRetrieval=false
  • IndependentQPJOBLOG=true

It is also possible to configure this for all jobs, by setting the corresponding ProcessServer parameters:

  • As400JobOutputFileRetrieval
  • As400JobIndependentQPJOBLOG

Id: RCORE-42975
Normal Defect Server 9.2.8.8 Add content-type to refresh request of SSO login

Before: A missing Content-Type header could cause the browser to not process the SSO login request properly when using proxy servers.

After: This has been fixed.


Id: RCORE-42925
Normal Defect Server 9.2.8.8 Local REL in pre-condition does not find Library on step level

Before: Under certain circumstances local REL resolving would fail when being part of a job chain step.

After: This has been fixed.


Id: RCORE-42858
Normal Defect Server 9.2.8.8 WaitForJob infinite returns after 1 hour

Before: RedwoodScript Scripts using waitForJobs API functions, with infinite wait, stop waiting after one hour unless the process finishes before then.

After: Using waitForJobs with infinite wait will wait until the process has finished.

NOTE: This regression was introduced in 9.2.4.9, 9.2.6.6, and 9.2.8.1.


Id: RCORE-42924
Normal Defect Server 9.2.8.9 AS400 process server does not start when network is down

Before: When there is no route to the process server when the process server is started, you may still get an error and the PS goes to shutdown.

After: When starting the ProcessServer the AS400 service, if there is no route to the proces server, it will continue to try and connect to the AS400 system until it is available.


Id: RCORE-41296
Normal Defect Server 9.2.8.9 Process Chains can incorrectly run future steps too early in some circumstances

Before: Under certain specific timings, it was possible that a Process Chain could run future steps before they should get started. This chance is higher if the chain has preconditions and/or final status handlers.

After: The Process Chain runs correctly in these situations.


Id: RCORE-43056
Normal Defect Server 9.2.8.10 High CPU usage while AS400 attempts to connect when system is not yet available

Before: A fix was added to 9.2.8.9 that allowed an AS400 to retry connection if the system could not connect. This retried the connection immediately, potentially leading to a high CPU usage while waiting for the AS400 system to become available.

After: The system now waits for a second between retry attempts.


Id: RCORE-43324
Normal Defect Server 9.2.8.11 AS400: File event monitor should be aware of deleted file events

Before: If you have a very small interval for file events (less then 2 seconds) it could be that when deleting a file event definition a NullPointerException was thrown in the AS400 event monitor.

After: The AS400 event monitor now holds all information that is needed for an event monitoring. After the monitoring the event can be removed without problems.


Id: RCORE-42452
Normal Defect Server 9.2.8.11 AS400: Keep monitoring jobs in status "Console" after restart

Before: After a restart of the AS400 ProcessServer jobs in status "Console" were not monitored anymore. The jobs must be changed to a final status manually.

After: Jobs in status "Console" will be picked up after a restart and checked for status changes.


Id: RCORE-43350
Normal Defect Server 9.2.8.11 AS400: Reduce the number of operator messages at startup

Before: When the AS400 starts up in the cloud and the Secure Gateway is not up yet a lot of operator messages are produced with an unknown host exception. 

After: When duplicate messages are created within a certain timeframe (Default 5 minutes) only one message is written.


Id: RCORE-43327
Normal Defect Server 9.2.8.11 French language option missing for AS400 process server

Added the french language to the AS400 connector.


Id: RCORE-43474
Normal Defect Server 9.2.8.11 Hang caused by large number of events

Before: Slowdown could be observed in systems with a lot of Events.

After: Optimization has been done in queries in the EventComponent, including extra indexes.


Id: RCORE-42773
Normal Defect Server 9.2.8.11 Make creation of process file directories more robust

Before: In rare circumstances it was possible for two processes to attempt to create a directory at the same time, one of these would fail, potentially causing a process to not be run.

After: The creation of the directory is properly checked, and if two processes attempt to create the same directory at the same time, this will no longer fail.


Id: RCORE-42371
Normal Defect Server 9.2.8.11 Memory leak when java logging is used

Before: Using the java.util.logging classes in Redwood Script could result in leaking memory.

After: This has been fixed and logging will no longer leak memory.


Id: RCORE-42849
Normal Defect Server 9.2.8.11 Modify apitools to behave exactly like jtool event

Before: api-tools.jar event returned the eventid as the return code which made existing customer scripts fail as this was a change of behaviour.

After: api-tools.jar now returns 0 for success.
The event id is reported as "Successfully raised event with ID 85" for example.
Unless the new -silent argument is specified.
This matches the behaviour of jtool event.


Tickets: 146765
Id: RCORE-42431
Normal Defect Server 9.2.8.11 Starting the scheduler with a large number of queues and process servers can be slow

Before: When the scheduler has a large number of queues and/or process servers, greater than about 100 of each, then startup could take a long time.

After: The process has been optimised to ensure that startup occurs quickly, regardless of the number of active process servers or queues.


Id: RCORE-43355
Normal Defect Server 9.2.8.11 UK Bank Holidays 2022

Before: The Platinum Jubilee Bank Holiday would not happen on the date of 3 June 2022. The Spring Bank Holiday would happen on the date of 30 May 2022

After: The Platinum Jubilee Bank Holiday was added to happen once on the date of 3 June 2022. The Spring Bank Holiday was moved only in 2022 from 30 May 2022 to 2 June 2022


Id: RCORE-43051
Normal Defect Server 9.2.8.11 Update the start times of the quick cycling maintenance processes

Before: The following maintenance jobs all started at the fixed times based on a whole hour. These times seem to be the times that most of the jobs are scheduled, causing peaks in the job schedules:

  • System_UpdateJobStatistics
  • System_ProcessKeepClauses
  • System_DeleteJobFiles
  • System_Ignored_Alert_Reporter
  • System_Aggregate_History

After: The maintenance jobs above are now scheduled on random times, but with the same interval as before, reducing the peaks.

The randomisations happens only once, and happens the first time that the system starts up after installing this version.

The randomisations of the above mentioned maintenance jobs happens only if they have the default 15 minutes set as time interval in between executions or if no time interval is set.


Id: RCORE-41595
Normal Defect Server 9.2.8.11 Upgrade Postgres JDBC driver to 42.4.0

Upgrades the version of the PostgreSQL JDBC driver used in RunMyJobs and other products to 42.4.0, this fixes some minor issues in the driver.


Id: RCORE-43809
Normal Defect Third-Party Component 9.2.8.9 Upgrade jackson-databind to 2.13.2

Upgrades the version of the fasterxml Jackson products used in all products to 2.13.2, to overcome CVE-2020-36518 which could potentially allow a denial of service by uploading specially crafted JSON documents.


Id: ENV-1929
Normal Defect User Interface 9.2.8.0 Chain editor drag-to-copy does not work on Mac

Drag-to-copy feature of JobChain Chain editor now works on Mac.


Tickets: 143100
Id: RCORE-41935
Normal Defect User Interface 9.2.8.0 Create/Edit Document page (Content tab) is broken

Before: The ckeditor would not display if the user's default browser language was not English. Also, the file upload field was displayed but not populated.

After: The ckeditor will now always use English as a default language. The file upload field is now hidden and only displays the upload button.


Id: RCORE-40500
Normal Defect User Interface 9.2.8.0 Job monitor: Offer the option to collect the job output instead of the support files

Before: Right clicking a process in the Process monitor offered the option to get the support files for this process. 

After: This option has been replaced by the option Collect process output.


Id: RCORE-41656
Normal Defect User Interface 9.2.8.0 Make Screenreader accessibility a part of the User

Before: The screen reader functionality could be enabled by passing in the request parameter sap-accessibility or by assigning the role scheduler-screen-reader.

After: This has been replaced by the flag Subject.ScreenReader (either on a User or a Role); if the current user or one of its roles has the flag set, the screen reader functionality is enabled now. This also made the field LDAPProfile.ScreenReaderRole redundant, so this has been marked as deprecated.

Note: For backwards compatibility the role scheduler-screen-reader and any roles that are used in the field LDAPProfile.ScreenReaderRole are marked as screen reader roles (i.e. the flag Subject.ScreenReader is set to true).


Id: RCORE-42221
Normal Defect User Interface 9.2.8.0 Make the AuditObject.AdditionaIInfo column available in the overview table

Before: Audit records can have additional info specified, but it was not possible to see this information as a column in the Audit Trail overview.

After: Now it is possible to select the additional info column in the column chooser.


Id: RCORE-41872
Normal Defect User Interface 9.2.8.0 Monitoring/Housekeeping Dashboard: Use GenericInputs on the screens to edit the global configuration

Before: If you entered an invalid value in one of the fields on the Global Configuration screen on the Monitoring Dashboard or Housekeeping Dashboard, you could still click the Save button. It was not clear which value had actually been saved.

After: If you enter an invalid value the Save button is disabled now; you can only save the values if all values are valid.


Id: RCORE-42025
Normal Defect User Interface 9.2.8.0 NPE when promoting without required privileges or no remote system selected

Before: If you tried to promote to a remote system, an exception was thrown if no remote system was selected or if the user didn't have the required privileges.

After: The exception has been fixed. If the user doesn't have the required privileges an error message is displayed now. If the user hasn't selected a remote system, it is still possible to click 'Ok'. This will be fixed in a future version.


Tickets: 121862, 142597
Id: RCORE-38519
Normal Defect User Interface 9.2.8.0 Retention tab is broken

Before: Opening the details of a retention record on the Retention tab returned an error.

After: This has been fixed.


Tickets: 143968
Id: RCORE-42042
Normal Defect User Interface 9.2.8.0 Status Assigned, Waiting and Never have the wrong color in the Chain Runtime Diagram

Before: Processes in statuses Assigned and Waiting were not considered active causing them to not be identifiable as such in the Runtime Diagram.

After: Both process statuses Assigned and Waiting now have the active (blue) color. Never now has the attention (yellow) color, as it is not a final state.


Tickets: 143278
Id: RCORE-42009
Normal Defect User Interface 9.2.8.0 Various recurrence fields are disabled in submit wizard

Before: In the submit page, some recurrence options were always disabled and could not be used anymore.

After: The recurrence options are now enabled together with the radio group, so can be used again.


Tickets: 145439, 145956
Id: RCORE-42113
Normal Defect User Interface 9.2.8.6 Prevent deserialisation attacks on product via UI

Before: On some edit pages, after user interaction, specifically crafted input could be sent to the server in a way that posed a security risk.

After: We changed the way we handle server-client communication in those cases to remove the security risk.


Id: RCORE-42550
Normal Defect User Interface 9.2.8.8 Extension point configuration can not be found

Before: Under some circumstances, if there were a lot of updates, Data Transformer jobs were not able to find their configuration.

After: This has been fixed.


Id: RCORE-42841
Normal Defect User Interface 9.2.8.8 ProcessMonitor: intellisearch filter "lost" after refresh

Before: After executing a search (Intellisearch) on an overview, the overview is filtered on the search, a temporary "queryfilter" is created for it and that filter is selected as the current overview filter. However on various Firefox versions, the temporary "queryfilter" is not correctly selected, leaving the previously selected queryfilter set as selected (even though the filtering based on the search does happen).

After: This is now fixed and Firefox behaves in the same way as other browsers.


Id: RCORE-42678
Normal Defect User Interface 9.2.8.9 Upgrade ckeditor to 4.18.0

Upgrades the version of CKEditor4 used in Redwood Platform to 4.18.0 to overcome CVE-2022-24728  and CVE-2022-24729 which potentially allowed users to execute arbitrary javascript by uploading documents with specially crafted HTML, and tricking another user into opening them in the editor.


Id: RCORE-43053
Normal Defect User Interface 9.2.8.11 Bump Eclipse plugin version

Before: The version of the Eclipse plugin was not increased, causing Eclipse to ignore the new version.

After: The version has been increased, allowing Eclipse to download the version.


Id: RCORE-43325
Normal Defect User Interface 9.2.8.11 Database authentication user administration extension leaks memory

Before: External database authentication extension could become very slow and/or run out of memory with a large amount of users and roles.

After: The external database authentication extension has been rewritten and now reacts fast as well uses minimal server memory.


Id: RCORE-43214
Normal Defect User Interface 9.2.8.11 Duplicating Roles - Name change not allowed

Before: The generated name of a duplicated Role could be modified but would not be persisted.

After: Role names can be changed during creation, also when duplicating Roles.


Tickets: 147032
Id: RCORE-42416
Normal Defect User Interface 9.2.8.11 Make login message configurable

Before: Prior to 9.2.1.0, it was possible to configure login page to show a message on the login screen by setting the /configuration/security/title registry entry. This functionality was removed in 9.2.1.0.

After: The functionality to add a message to the login screen has been restored. This can be configured by setting the ui.LoginMessage configuration item, eg by setting the /configuration/jcs/UI/LoginMessage registry entry, or by setting the legacy registry entry /configuration/security/title.


Id: RCORE-43448
Normal Defect User Interface 9.2.8.11 Release classloader when possible

Before: Extension points could hold on to class loaders even if the extension point was no longer used.

After: The class loader is no longer referenced when not in use.


Id: RCORE-43369
Normal Defect User Interface 9.2.8.11 Remove Collect Job Output from Job overview menus

Before: Due to the processing required to enable the "Collect Job Output" menu, accessing processes could be slower if the scheduler has many process servers configured.

After: This menu option is removed, and thus the speed of selecting processes in the overview is improved.


Id: RCORE-43631
Normal Defect Workbench 9.2.8.0 Workbench: Delete note functionality is broken

Before: Notes could not be deleted in Workbench.

After: Notes can be deleted in Workbench.


Tickets: 121014
Id: RCORE-42284
Normal Feature Core 9.2.8.0 Add support for JSONPath mappings on HTTP definition output parameters

In both HTTP and SOAP definitions, response header values can be mapped to output parameters by specifying a parameter with the header name of direction Out or In/Out.

In SOAP definitions, when the response contains a JSON object, Out or In/Out parameters will be filled with the value of the corresponding field in the JSON of that parameters name. When the field contains a list and the parameter is listed as an array, the elements will be put in individual items of the array.

In both HTTP and SOAP definitions, the 'Out' suffix on output parameters is made optional.


Tickets: 143889, 146161
Id: RES-648
Normal Feature General 9.2.8.0 UserMessage: Map Out values of UserMessage job to In values of notification job

Before: In the core product in-parameters of a notification only inherited the in-value from the corresponding parameter of the user message. In FCA the notification parameter then got set again (and possibly overwritten) by an action of the notification with the out-value if it was available.

After: In the core product in-parameters of a notification now inherit the current value from the corresponding parameter of the user message by using getCurrentValue(). In FCA the notification parameter now does not get set by an action anymore.


Id: RCORE-41641
Normal Feature Server 9.2.8.0 Add streaming methods to access and update Documents

Streaming methods have been added to Documents to allow streaming the data from the Documents directly, reducing the memory usage in retrieving and updating the documents.


Tickets: 145805
Id: RCORE-42155
Normal Feature User Interface 9.2.8.0 Add the ability to modify chain call wait and raise events in the chain editor

Added the ability to modify wait and raise events on calls in the chain editor.


Tickets: 91299
Id: RCORE-25875
Normal Feature User Interface 9.2.8.11 Ability to monitor/control shell/job threads

Before: There is no option to monitor Redwood Script threads (either from Processes, Triggers, Shell etc).

After: It is now possible via the support servlet to see which Redwood Script threads are running, who started them, how long they've been running and to either show the process associated with it, or to interrupt the thread (in case of shell threads)


Id: RCORE-43212
Normal Improvement General 9.2.8.0 HistoryJobParameter table has been removed

Before: The HistoryJobParameter was maintained, however the usages of of this have been removed. Particularly when creating SAP processes, this table could see a lot of inserts and deletes, increasing load on the database.

After: HistoryJobParameter and its references have been removed. This object was never on the external API.


Tickets: 139912
Id: RCORE-41451
Normal Improvement General 9.2.8.0 Update Redwood Platform to use Tomcat 9.0.46

The version of Tomcat that Redwood Platform is based on has been updated to 9.0.46. This includes the fixes for the following security issues released in 9.0.43, and announced later:

Note: HTTP/2 is not enabled by default in Redwood Platform, nor are sessions persisted, so the default configuration is not vulnerable to these two issues.


Id: RCORE-42007
Normal Improvement General 9.2.8.6 Update JDBC drivers

Before: Not all JDBC drivers were up to date.

After: Updated the JDBC drivers to the latest versions. The new versions are:

  • db2: 11.5.7.0
  • mssql: 9.4.1
  • oracle: 21.4.0.0.1
  • postgresql: 42.3.1
  • jt400: 10.7

Id: RCORE-42694
Normal Improvement General 9.2.8.7 Improve prepare() times when process definition is prepared multiple times in parallel for the first time after modification

Before: If a process definition was modified, and then submitted by multiple threads in parallel, then every thread would attempt to do the work to create the new definition. This could result in a lot of unnecessary work, as only one of these could succeed, and the other threads would then have to reload the data. This is a general issue, but was most often seen in FCA loops, which would create a new thread for every iteration of data, which would all get submitted at the same time.

After: This is resolved by using an internal cache, and if multiple threads are waiting for the same prepare, then they will wait until the first one has completed, to use its result.


Tickets: 132047
Id: RCORE-40304
Normal Improvement General 9.2.8.7 Update Redwood Platform to use Tomcat 9.0.58

The version of Tomcat that Redwood Platform is based on has been updated to 9.0.58. This includes the fixes for the following security issues released in 9.0.58, and announced later:

Note: The product doesn't use FileStore to store sessions, and is unaffected by the above vulnerability, this is being updated out of an abundance of care.


Id: ENV-1878
Normal Improvement Platform Agent 9.2.8.0 Add option to platform agent to resume handling of file event quicker after an error

Before: Following a file event error, the file event was not retried for an hour, then further retry intervals were doubled until a maximum retry period of 1 day is reached.

After: Following a file event error, file event is retried at an interval of 4 times the configured poll interval. Further retry intervals are doubled until a maximum retry period of 1 day is reached.


Tickets: 142486
Id: RCORE-41880
Normal Improvement Platform Agent 9.2.8.0 Upgrade to OpenSSL 1.1.1k

Before: Platform agent included OpenSSL 1.1.1g.

After: Platform agent now includes OpenSSL 1.1.1k.

The following CVE fixes are included in 1.1.1k.

Of these, only CVE-2021-3449 might have relevance if you have configured your platform agents to serve local content via HTTPS.


Id: RCORE-41986
Normal Improvement Platform Agent 9.2.8.0 Upgrade to OpenSSL 1.1.1l

Before: Platform agent included OpenSSL 1.1.1k.

After: Platform agent now includes OpenSSL 1.1.1l.

The following CVE fixes are included in 1.1.1l.

Neither of these issues affect the scheduler, however the library is being upgraded out of caution.


Id: RCORE-42322
Normal Improvement SAP 9.2.8.6 Update SAP JCo to version 3.1.5

SAP JCo version 3.1.3 has issues with MSHOST connections and a memory leak in JCoServer. SAP has fixed the issue with SAP JCo 3.1.5. Default SAP JCo version has been set to 3.1.5.

 


Id: RCORE-42562
Normal Improvement Server 9.2.8.0 Allow to delete job definition which is still referenced as a branched version

Before: If a job definition was still referenced from a branched chain definition, it could not be deleted.

After: We now mark job definitions as discarded when trying to delete them. Normally discarded job definitions will be deleted by System_ProcessKeepClauses, so the end result will be the same. If for some reason the discarded definition cannot be deleted, it will still be visible as hidden object, but marked as 'discarded'.


Tickets: 140544
Id: RCORE-41529
Normal Improvement Server 9.2.8.0 Client uploader is no longer included in exported car files

Before: CAR files exported from the scheduler included code that allowed it to be run from the command line.

After: Based on usage patterns, this code has been removed from the exported CAR files, making the exports smaller.


Tickets: 146440
Id: RCORE-42345
Normal Improvement Server 9.2.8.0 Expose CronacleArchiveWriter.setComment to the Exporter interface

Before: The Promotion interface has the option to add a comment to the promotion action. However when using a custom Export using the Exporter interface it is not possible to set the comment in the generated car file.

After: The setComment method has been exposed to the Exporter api interface. This allows for setting the comment in the export-info.xml file in the generated car file from an Exporter.


Tickets: 142104
Id: RCORE-41697
Normal Improvement Server 9.2.8.0 Extend Local REL specification to other jobdefinition types

Before: Only Process Definitions of type RedwoodScript provided support for local REL expressions e.g. for the default expressions of parameters.

After: All Process Definition types support local REL expressions now. The additional optional field RELRelatedLibrary was introduced in the Process Definition entities for this purpose. If this library is specified then it is used to lookup the available REL entry points that can be used without specifying Partition and Library prefix directly in the REL expression. For backward compatibility reasons the old behaviour of RedwoodScript definitions is still supported, i.e. if the RELRelatedLibrary is not specified the REL entry points of the Library are retrieved that is assigned to the Script object as it was done before the change.


Id: RCORE-41762
Normal Improvement Server 9.2.8.0 Improve process finalisation speed when running processes in recurrences or submit frames

Before: When finalising or starting a new process in process group, a query was made to the database to check for other processes in the process group.

After: The product has been modified so that this check is no longer required, resulting in a minor performance improvement in the general case. In some cases, this query has been seen to interact badly with System_ProcessKeepClauses, in these cases the performance of System_ProcessKeepClauses has been significantly improved.


Tickets: 146131, 146512
Id: RCORE-42352
Normal Improvement Server 9.2.8.0 Monitoring: Add list of top tables to output of System_MonitorTables

Before: If a customer got a "growth alert" (an alert about a table that was growing fast), it was hard to identify the cause of the problem.

After: System_MonitorTables now creates a separate csv file with the table growth since the last run of the job. If an alert is sent now, the output of the previous runs of the job can be collected to analyse what happened and when.


Tickets: 138610, 84416
Id: RCORE-41247
Normal Improvement Server 9.2.8.0 Reduce default MaximumPresubmit count to 50 during upgrade

Reduced the maximum presubmit count from 5000 to 50, reducing the number of jobs that can be submitted for an indefinitely scheduled job group to 50 .


Tickets: 141497, 141531
Id: RCORE-41624
Normal Improvement Server 9.2.8.0 Reduce the amount of logs related to errors

Before: If a job was killed or threw an exception we saw two log messages and identical exception traces appear in scheduler.log

After: If a job was killed or threw an exception it now only yields a single log message and exception traces in scheduler.log


Id: RCORE-42057
Normal Improvement Server 9.2.8.0 Support using etcd as a configuration source

Before: Etcd was not supported by the scheduler configuration framework.

After: An etcd backend has been added to the configuration framework for storing configuration values.


Id: RCORE-41965
Normal Improvement Server 9.2.8.0 Wrap Push Acceptors in an Import object

Before: When a car file is imported through the REST api or promotion, the import is not visible in the Promotion->Imports overview.

After: Car files imported through Promotion are also visible in the Imports overview.


Tickets: 142398
Id: RCORE-41871
Normal Improvement Server 9.2.8.0, 9.2.8.6 Allow all Root objects with direct or indirect source that can use a library to be marked as invalid

Before: Upgrading can be blocked by RedwoodScript definitions if the API has an incompatible change, this normally requires commenting out or removing the definitions that cause the problem.

After: When importing a new flag can be set 'Invalidate on Error' that will mark the definitions that fail to compile as Invalid, rather than failing the import. Invalid definitions cannot be used until they are fixed, but the import can continue.


Tickets: 138772, 146622, 147547, 147563
Id: RCORE-41424
Normal Improvement User Interface 9.2.8.6 Update included version of ckeditor

Upgraded the ckeditor to the newest version, to address a vulnerability issue that exists in the previous version.


Id: RCORE-42551
Major Defect Connector 9.2.8.6 Disable loading of XML external entities via SOAP interface

Before: In some circumstances it was possible to pass a specially crafted XML document to the SOAP API that would allow you to read any file on the system that the scheduler has access to.

After: This is resolved.


Id: RCORE-42549
Major Defect General 9.2.8.0 MonitorTree: Disable monitor interval/functionality by default

Before: The monitor tree is enabled which can lead to a negative impact on performance when many updates are done.

After: The monitor functionality is disabled by default.

NOTE: To enable the monitor function there are two changes required:

  1. Set the registry entry /configuration/jcs/monitoring/enabled to true to enable the monitoring tree functionality. The system must be restarted after this change is made for it to take effect.
  2. To enable the monitor functionality for the platform agents you need to set on the process server that you want monitoring the process server parameter MonitorInterval to a value larger than 0. The previous default was 60.

 


Tickets: 146769, 146782
Id: RCORE-42337
Major Defect SAP 9.2.8.0 Disable XAL and XMW tabs by default

Before: The XAL and XMW tabs for SAP systems was shown in the UI. These options have been deprecated, and should not be used anymore.

After: The XAL and XMW tabs will only be shown if they were already used.


Id: RCORE-42147
Major Defect Server 9.2.8.6 Store the forwarded for ip address when available

Before: User login audit trails would show the (reverse) proxy ip address for clients.

After: An attempt is made to find the original client ip address on the request to store in the audit trail.

Note:** this change has introduced a backwards imcompatible change on the AuditSubjectLogin API where the setters have been removed. Although chances are low this is used in the field, be aware of this change.


Tickets: 147236
Id: RCORE-42442
Major Defect User Interface 9.2.8.6 Fix potential HTML injection issue with autosuggest control

Before: AutoSuggest control in Cronacle UI did not appropriately escape HTML characters, meaning that specially crafted names could potentially result in a cross site scripting attack vector.

After: HTML encoding is provided to autoSuggest control in Cronacle UI.


Id: RCORE-42552
Major Improvement Docker Images 9.2.8.11 Change default memory allocator for Java

Cloud only

Before: The default glibc memory allocator in Linux interacts very badly with Java, causing significant memory overallocation. In our cloud environment, this then caused environments to use too much memory, which resulted in them getting erroneously killed by the Linux Out Of Memory Killer (OOMK).

After: The memory allocator has been changed such that memory usage is much more consistent over time and load. Internal testing, which was previously able to reliably cause Linux to kill the environment with its OOMK, now passes and the environments do not see these issues, nor do they see memory increases over time.

Note: For on-premise customers, the memory allocator that we are are using is tcmalloc.


Id: ENV-2015
Major Improvement General 9.2.8.0 Update Redwood Platform to use Tomcat 9.0.52

The Tomcat version has been increased to 9.0.52. This resolves CVE-2021-33037 which allowed for HTTP request smuggling.


Id: RCORE-42329
Major Improvement General 9.2.8.1 Update Redwood Platform to use Tomcat 9.0.54

The version of Tomcat that Redwood Platform is based on has been updated to 9.0.54. This includes the fixes for the following security issues released in 9.0.54, and announced later:

Note: The product doesn't use web sockets in a way that would be affected by the above denial of service, this is being updated out of an abundance of care.


Id: ENV-1798
Major Improvement SAP 9.2.8.0 Add support for SAP JCo version 3.1.4

Support for SAP JCo 3.1.4 has been added. This JCo version is required for SAP SNC connections.


Tickets: 145724
Id: RCORE-42288
Critical Defect General 9.2.8.3 Upgrade Log4j to 2.15.0

Before: Logging within the product is done using Log4J. A new CVE has been reported in version of Log4j in use, CVE-2021-44228.

After: Log4J has been upgraded to a version that is not vulnerable to this exploit.

For on premise customers who are not able to apply this update then Redwood strongly recommends that you configure the logging to mitigate this by adding -Dlog4j2.formatMsgNoLookups=true to the startup configurations. You will need to restart your server for this to take effect.

Note: Due to the configuration of our cloud services, the published attacks are not effective. Nonetheless, it is recommended that customers upgrade to this version as soon as possible to ensure that any improvements in the attack techniques will be ineffective.


Id: ENV-1831
Critical Defect General 9.2.8.4 Upgrade Log4j to 2.16.0

Before: Logging within the product is done using Log4J. A new CVE has been reported in version of Log4j in use, CVE-2021-44228.

After: Log4J has been upgraded to a version that is not vulnerable to this exploit.

Note that the -Dlog4j2.formatMsgNoLookups=true flag is not effective against the latest exploit, however the default logging configuration does not use the vulnerable pattern layouts.

Note: Due to the configuration of our cloud services, the published attacks are not effective. Nonetheless, it is recommended that customers upgrade to this version as soon as possible to ensure that any improvements in the attack techniques will be ineffective.


Id: ENV-1837
Critical Defect General 9.2.8.5 Upgrade Log4j to 2.17.0

Before: Logging within the product is done using Log4J. A new CVE has been reported in version of Log4j in use, CVE-2021-45105.

After: Log4J has been upgraded to a version that is not vulnerable to this exploit.

Note that the -Dlog4j2.formatMsgNoLookups=true flag is not effective against the latest exploit, however the default logging configuration does not use the vulnerable pattern layouts.

Note: Due to the configuration of our cloud services, the published attacks are not effective. Nonetheless, it is recommended that customers upgrade to this version as soon as possible to ensure that any improvements in the attack techniques will be ineffective.


Id: ENV-1840
Critical Defect General 9.2.8.6 Upgrade Log4j to 2.17.1

Before: Logging within the product is done using Log4J. A new CVE has been reported in version of Log4j in use, CVE-2021-44832.

After: Log4J has been upgraded to a version that is not vulnerable to this exploit.

This vulnerability requires that the log4j2.yaml file be modified, and that the server be restarted, for the system to be vulnerable. We recommend that customers protect this logging configuration to ensure that it can not be modified.

Note: Due to the configuration of our cloud services, the published attacks are not effective. Nonetheless, it is recommended that customers upgrade to this version as soon as possible to ensure that any improvements in the attack techniques will be ineffective.


Id: ENV-1845