3.11.1 Release Notes

edgeCore Security Updates

ES2019-777 – Upgraded Apache Tomcat to v9.0.30 with a number of resolved CVEs.

ES2019-784 – Upgraded Jackson-databind to v2.9.10.1 (addressed CVE-2019-16942 / CVE-2019-16943) and removed sonar-runner-api.

ES2019-785 – Upgraded to the latest Apache LDAP (api-all) v2.0.0 (from v1.0.3): CVE-2018-1000632

ES2019-786 – Upgraded to the latest v4.1.1 release (from v4.1.0) to address Apache POI vulnerability: CVE-2019-12415

ES2019-787 – Updated HarLib library to remove dependency on a legacy Jackson Core library.

edgeCore Resolved Issues #

ES2019-588 – Enhanced partial backups to include external libraries used by JavaScript Feeds and Transforms.

ES2019-662 – Fixed issue where the first page of a carousel in Kiosk mode was not loading if a Page Variable exists.

ES2019-669 – Fixed issue in configuration dialogs where validation of numbers was not immediate (required leaving the field).

ES2019-673 – Fixed issue where user-level Secured Variable values were lost on upgrade to v3.11 from certain earlier versions.

ES2019-675 – Fixed issue in which the maximum Tooltip width was observed to be reduced in v3.11.

ES2019-679 – Fixed issue in the Bullet Chart Visualization in v3.11 where a red outline was observed around the bars in the chart.

ES2019-680 – Fixed a regression where the Server Time Zone information was lost from the System Info display.

ES2019-682 – Enhanced configuration fields in Pipeline Connections and Feeds by modifying parameters to allow the evaluation of System Variables in them.

ES2019-693 – Updated backup/restore configuration to recognize Cyberark.properties file and include it in a full export and restore.

ES2019-730 – Enhanced Push data source to improve handling HTTP response codes and messages (see also ES2019-770 below).

ES2019-743 – Fixed regression in v3.11 where in some cases Secured Variables were not working in JavaScript Feeds and Transforms.

ES2019-745 – Fixed issue where entering the string “null” into some configuration fields in the pipeline UI, and saving, would cause the field to become empty on re-edit.

ES2019-749 – Fixed issue where it was possible for a job with missing upstream results to not get scheduled after an update.

ES2019-758 – Fixed issue where a Push Feed would initially receive data but then not retain the data on client refresh.

ES2019-763 – Fixed regression where Backup interface did not display an error message when a corrupted zip file was uploaded.

ES2019-766 – Enhanced SQL Transforms to warn users from saving transforms that use with query syntax (see Known Issue below regarding ‘WITH’ clauses).

ES2019-770 – Enhance Push data source to provide client with a set of known/documented success/failure response codes (see also ES2019-730 above).

ES2019-771 – Fixed an issue where, when attempting to restore an HTML Template Visualization from JSON backup, the code preview (Renderer tab) displays the content appropriately but when switching to the Preview tab, code is not rendered into HTML elements.

ES2019-772 – Fixed an issue where an HTML Template Visualization would get a JavaScript error when trying to report a bad template JavaScript file.

ES2019-780 – Fixed a regression where Job changes to enable or disable ServerJob scheduling were not applied to the active pipeline.

ES2019-781 – Fixed a regression in the LDAP Authenticator where a user could have a failed login due to account inactivity and password expiration.

edgeCore Known Issues #

Please review the following known issues:

Bootstrap 4 Updates #

Due to the significant upgrade to Bootstrap 4, systems with customizations in the following areas should be tested to determine if they will require updates:

  • HTML Template Visualizations
    • Example: Glyphicons are no longer included. If you have custom HTML Templates that used them, in v3.11 they will all be empty.
  • Login Pages
  • Themes

Common Table Expression ‘WITH’ Clauses #

edgeSuite uses H2 database in support of the SQL Transforms. SQL that uses Common Table Expression (CTE) ‘WITH’ clauses have been identified as causing two issues.

  1. Lock Timeouts: Transforms fail to run; as temporary tables fail to be cleaned up.
  2. Memory Leaks: The temporary table results are not being cleaned up properly in all instances; and it will trigger Out Of Memory on the JVM.

For additional information on this known issue, and remediation options, see SQL Transform.