Version 1.27.0
In this version of the platform, we have implemented SSO configuration via Keycloak by OIDC and added several new widgets. With a new Simple tag, we have provided a direct access from the agent interface forms and portal pages to the lists of required tables. The new widget tag keeps all the usual interaction features.
System improvements include the Connect Manager library, which has been added to the to Indication Calculator, and updates to connectors improving system information security.
We have also fixed several issues related to authorization, security, and logic of the tables and reports.
New features
Portal Cards Widget
You can now customize portal navigation using cards in the new widget. The default number of cards and their layout are defined in the widget settings. The layout is responsive — if the number of cards exceeds the available screen space, the widget automatically hides the extra cards according to the screen resolution.
To configure the cards, create records in the Portal Cards (portal_card) table. For each card, specify a name and description, upload an image, and set the display order.
Read more in the documentation.
Portal Announcement Widget
In this release, we have enhanced the announcement widget to support two-column layouts and display more entries. When you move the pointer over a title that is too long to fit into a single line, the full text is shown in a tooltip. We have also optimized the widget behavior when it is viewed on different resolution screens.
Announcement types are now color-coded, making it easier to identify and navigate to the relevant content. The announcement publishing process remains unchanged.
Read more in the documentation.
Authorization Code Flow Introduced
In this version the application uses Authorization Code Flow instead of the Implicit Flow. You can now configure single sign-on (SSO) authorization flows — both with and without keys — using Keycloak and the OIDC protocol. The setup includes role mapping and login data updates. When mapping parameters are configured, the assigned roles are transferred into the system, and authorized users receive the access rights corresponding to their roles. The roles deleted in Keycloak will no longer be applied to users during authentication.
If a valid authentication token exists, users can sign in again without re-entering credentials.
Users with the new SSO_admin role can manage the integration settings.
Read more in the documentation.
Simple tag record list with controller tools
This update introduces a full-featured record list that can be added to portal pages or agent interface form sections. Use the Simple Tag recordList component to implement it.
The widget includes a condition builder with advanced features such as filtering, sorting, grouping, column search, and Create, Assign, Complete, and Add UI-actions. The layout can be customized using the burger menu on the widget form.
All updates can be reflected in real time without reloading the page.
Read more in the documentation.
Improvements
Universal widget Static Record Information SA
The Static Task Information SA widget has been renamed to Static Record Information SA. It is now also available for deployment on the portal. New configuration parameters allow better control over what data is displayed or hidden in the widget.
Read more in the documentation.
Access form records from related lists UI Actions
You can now add UI actions in the related list area to access or update objects in the current form.
- If the custom action initiated the server-side script execution, use the
parentvariable to reference the form’s record object. You can also use this variable in the Condition field of the UI action form. - If the custom action initiated a client-side script execution, use the SimpleForm object, just like you would for standard form actions.
Based on the script type (client-side or server-side), a help message about the available variables appears below the script field.
Read more in the documentation.
REM attribute search indexing
In this version the search results include REM attribute values that contain the search expression.
You can now enable global search indexing for REM attributes. To do so, select the Full text search checkbox on the Extended Record Model form. If you later clear the checkbox, any previously created search indexes for the attribute will be removed.
Use the search configuration to define the REM attributes that must be searchable.
Read more in the documentation.
Interface update
The layout for system listings has been improved for better readability and usability.
System Improvements
Dynamic connector Configure Connect
New connectors have been added in this release:
- dynamic-monolith — a dynamic connector that initially sends no table data. When an indicator is created, it adds the corresponding target table to receive its data.
- static-monolith — A static connector that sends records from the following tables to Kafka upon instance deployment: Calendar (sys_schedule), Timezone (sys_timezone), and Schedule element (sys_schedule_element).
Connect Manager library for the Indication Calculator
A new Connect Manager library has been developed for the Indication Calculator microservice. It manages settings for the dynamic-monolith connector.
The library only adds tables for data transfer by updating the table.include.list configuration field of the connector via the Kafka Connect REST API.
The Indication Calculator microservice connects to the kafka-connect cluster nodes with Haproxy using the KAFKA_CONNECT_HOST and KAFKA_CONNECT_PORT variables.
Snapshots are disabled for both dynamic and static connectors via the "snapshot.mode": "never" connector field.
Before creating an indicator, the system checks the exclude list in the monolithic connector config. If the target table is listed in table.exclude.list, the microservice blocks the indicator creation and returns an error.
Debezium-postgresql connector version update
The system now supports the debezium-postgresql connector versions 2.5.4 and later to ensure the system information security.
Fixes
DEF0020940: An issue was identified that prevented instances from being updated from the master version due to incorrectly specified endpoints. In this version, the endpoints have been corrected, and the update process now functions as expected.
DEF0019594: A security vulnerability was found in the form of a possible HTML injection (CWE-80). The content of a passed parameter could be included in an email from a trusted source and embedded into a page, allowing attackers to inject HTML tags containing links to external resources. In this version, content sanitization has been implemented to remove unsafe characters and hashtags.
DEF0019492: Due to the incorrect replication of Debezium, the replication slots used to hold a WAL because the connector did not commit the last LSN and the values in the replicationslotlag column were measured in megabytes and were not reset. The problem occurred due to the use of a single PostgreSQL instance that included multiple databases, one with high traffic, and the connector was reading data from the low traffic database. That caused the low-traffic replication slot to hold a WAL that did not relate to the tables included in the publication for that slot. In this version, we have taken the issue into account and configured the instance to work correctly when checking the database related items over extended time intervals.
DEF0019330: In the Unit (unit_id) field of the Cost Center (cost_center) record, the dictionary filter was configured incorrectly, making it impossible to select the required record. The problem occurred because the field referred to the Company column with the system name company instead of company_id. In this version, the filter configuration has been corrected.
DEF0019175: Due to the absence of the replication factor parameter in topics, containers running the microservices that consume Kafka messages (rule-engine, indication-calc, and list-exporter) would stop whenever the broker they were connected to was shut down. In this release, the parameter has been configured correctly and the system now automatically redirects consumers to other active broker nodes, ensuring the service continuity.
DEF0017982: Previously, the article publishing time displayed the current system time instead of the actual time the article was published. This issue was caused by a business rule located in the ITSM application. In the current release, the business rule has been moved to the Simple Application to restore correct time display in the published articles.
DEF0017670: In the previous version, users with any role could access system tables and fields that they were not authorized to use when building reports. This occurred because the reporting module did not support contextual access rules (ACLs). In this release, access controls have been strengthened. A new system property, reports.disable.table_ids, allows administrators to specify which reports should be restricted. Additionally, the Table field filter has been restored, improving the ability to search for the correct table when entering a column name.
DEF0016486: Users of the instances configured with SSO ADFS were unable to log out and remained active in the system even after clicking the Logout button. This version resolves the issue, and the logout functionality now works correctly.