Version 1.28.0
In this version, we have expanded the functionality of the authorization module. We have added the ability to use simultaneously different authorization services. We have updated the system behavior algorithm when entering credentials to enhance security. Additionally, we have introduced a new authorization widget that supports this functionality.
Additionally, we have made browsing information more convenient. This version includes:
- a compact form view mode that displays more information on the page and reduces the need to scroll.
- the ability to add digit separators for numeric values. These separators can be customized for each language.
- an updated employee profile view in the self-service portal.
Another major improvement has been made for users of the service component of the platform: you can use the VIP attribute of the Caller in the reports.
The update also contains several system enhancements and fixes to improve security and overall system behavior.
New functionality
Numeric separators in fields, Simple tags and Activity Feed
In this version, we have optimized the display of digits to improve readability. As part of this improvement, several separator options for digits and fractional parts are now available. They are also used in the condition builder and the Activity Feed.
To enable separators, use the simple.number.enable_grouping_separator system property. You can also set different separator types for each language your system is localized to. Default separators are:
- English:
1,000.25. - Russian:
1 000,25.
The enableGroupingSeparator attribute has been added to the Simple-tag string allowing control over the display of numeric separators in text fields. This attribute takes precedence over the system property.
Separators are not applied to certain column types, for example, they are not applied to the columns of type sys_id.
Read more in the documentation.
Compact view mode for records
We have added an option to display all fields in a compact layout. You can enable Compact mode in the Preferences menu. This mode reduces the headers and margins of the form fields, allowing more data to be displayed on a single page.
Authorization through third-party SSO providers
This version includes a new feature that supports simultaneous use of different authorization providers. Users can now choose whether to authorize with the basic method or with a third-party provider. To support this, the system now includes:
- The SSO Providers (sso_provider) table that you can use to create provider records for system authorization. You can also configure how these providers appear in the authorization widget.
- The authorization widget has been updated to display new buttons for signing in with any of the available providers. You can customize both the number and type of buttons.
Read more in the documentation.
Improvements
Improvements to the employee profile on the self-service portal
In this version, we have updated the employee profile page in the self-service portal. In the “out-of-the-box” version, the available information is now organized in two widgets:
- Static User Information SA – displays user details.
- Static Record Information SA – displays organization-related data.
This update enables users to locate information more efficiently thanks to a refined layout that offers enhanced usability and the ability to highlight specified fields. Additionally, administrators can now define which user data is shown in the self-service portal more effectively.
Read more in the documentation.
VIP attribute for the Caller field
In this version, the Caller field of the Task (task) table refers to the Employee (employee)table. With this change, you can mark callers as VIP and use this attribute in reports.
Security Enhancement for the SimpleSystem Class
In the platform version 1.28.0, we strengthened the system security by adding ACL verifications to the methods of the SimpleSystem server class. Now, the system verifies the user’s access rights for create, read, and update operations when:
- Modifying the system properties (setProperty());
- Managing users (getUser(), getUserID());
- Modifying the system properties (setProperty(), getProperty());
- Managing users (getUser(), getUserID(), getApplicationId());
- Generating URL actions (generateUrlAction());
- Handling events (eventQueue(), eventQueueScheduled()).
However, for the eventQueue() and eventQueueScheduled() methods, ACL verifications are skipped if the script runs in a context with ACL rules disabled.
The implemented rules address vulnerabilities, such as unauthorized property modifications via the setProperty() method.
Read more in the documentation.
Fixes
DEF0021221: In the previous version of the platform, when selecting a date, the system set a date different from the specified one if the user selected a time zone in which the date differed from the date in UTC. In this version, we have implemented support for correct calendar operation in different time zones.
DEF0021197: In the previous version, there was no option to add access criteria for portal cards. This version includes a new Access сriteria field on the form, where you can specify records from the User Criteria (sys_user_criteria) table. As a result, portal cards are now displayed according to the access control configurations.
The documentation has been updated to include information regarding the restrictions associated with the portal card links. These links can be absolute or relative but must redirect to pages within the portal.
DEF0020813: It has been determined that the access control rules were not effective when the fields of the condition builder were autocompleted. When a user initiated the input of a value, the system showed all options, including those that should have been hidden from the current user. In this version, the access control rules function correctly, the suggested options contain only search results the user can access, and a "Results not found" message is displayed if no suitable or available results are found. A 404 error is displayed in dictionaries in such cases.
DEF0020414: In the preview window of a record containing a WYSIWYG field, the content of this field was displayed in full. Now, this content is shown in a collapsed form, similar to fields of type Text.
DEF0020379: Previously, when creating organizational units below the Company level, there was no possibility to select a company due to incorrectly configured filters. In this version, the issue has been addressed, and the Company field is now populated automatically.
DEF0019784: The retry and back-off values were not supported when working with the gRPC connection. This caused the Timer action that was used in the action specified in the Subflow action to be aborted with an error. Since this version, the Subflow action has been executed correctly.
DEF0019048, DEF0019047, DEF0019044: In the previous version, microservice vulnerabilities were identified due to the use of outdated Go libraries, x/net, and gRPC. In the current version, the following libraries have been updated to their most recent versions:
- list-exporter
- external-rabbitmq-producer
- external-rabbitmq-consumer
DEF0018874: In previous versions, the system tended to cease functioning in response to a high volume of repetitive requests. In this version, we have implemented a secure mechanism for gRPC clients to make repeated requests.
DEF0017118: A Switch workflow action froze after reassigning a default exit. The issue arose due to the repositioning of the exits of the actions, which also resulted in an update to the wf_activity_exit data. This data contained the updated order value of the action exit record. However, the business rule did not update the default value of the order number of the action exit record, which resulted in the workflow being halted. This version includes updated business rule logic and stable Switch action.
DEF0014524: Due to the untimely updating of some links on portal pages, users were unable to access the actual versions of the my_sc_tickets and view_model pages after updates. In this version, the links have been corrected.
DEF0020716: The SimpleOne complex-offline.yml distribution was missing the itglobal_com.docker_apps_monitoring role used for monitoring containers kafka_server and kafka_connect. This made it impossible to install them concurrently with the Offline and Online distribution of SimpleOne. In this version, the monitoring containers (exporters) are deployed on the same virtual machine as the Kafka containers.
In addition the itglobal_com.docker_apps_monitoring role has been reconfigured to ensure stable operation of the containers.