Decision Insight 2.0.0 20210329 release notes

Hotfix 07 delivered on January 13th, 2022

Highlights

Major Apache Camel version change in future release

This release will be the last one using Apache Camel version 2.25.1. Next release will include a migration to Apache Camel version 3.7.2. This version change will require a mandatory migration of the existing applications, including libraries upgrade and potential routes update.

New features and enhancements

For end users

New icons

The HTML view is now using new icons from the Amplify design.

For application developers

Flex diagrams have been removed

Due to limitations in license agreement, the Configuration > Model > Diagram and Configuration > Attributes > Attributes Dependencies views have been deactivated. There is no HTML view equivalent for the moment. The application documentation (Administration > Application> Documentation) can be used to access the usages and dependencies for each attribute.

Fixed issues

Fixed security vulnerabilities

Support case

Severity

Details


Major

Jetty dependency updated

To prevent potential threats (CVE-2020-27223), Jetty has been upgraded from 9.4.35.v20201120 to 9.4.38.v20210224

Other fixed issues

Hotfix 07

Support case

Severity

Details


Blocking

Some notifications could be lost

Due to IllegalMonitorStateException in Kafka client, some notifications or triggers could be lost.  When this occurs , ADI no longer recreates the connection and the message is lost until connection can be reestablished.


Critical

Log4J could be sensitive to attack using the lookup variable

log4j was updated from version 2.16.0 to 2.17.1

Hotfix 06

Support case

Severity

Details

01320038 Critical

Log4J could be sensitive to attack using the lookup variable

log4j was updated from version 2.15.0 to 2.16.0

CVE-2021-44228 allows attackers to download and run any code on a server by logging a specially crafted string. This attack leverages the variable lookup in log4j and the current attack vector uses JNDI and LDAP.

Hotfix 05

Support case

Severity

Details

01320038 Critical

Log4J could be sensitive to attack using the lookup variable

CVE-2021-44228 allows attackers to download and run any code on a server by logging a specially crafted string. This attack leverages the variable lookup in log4j and the current attack vector uses JNDI and LDAP.

log4j was updated from version 2.13.3 to 2.15.0

Hotfix 04

Support case

Severity

Details


Blocking

Some notifications could be lost

Due to IllegalMonitorStateException in Kafka client, some notifications or triggers could be lost.  When this occurs, ADI now recreates the connection and retries to send the message.

Hotfix 03

Support case

Severity

Details


Major

Automatic purge was disabled on standalone node

It has been re-enabled

Hotfix 02

Support case

Severity

Details


N/A

Flex diagrams have been removed

Due to limitations in license agreement, the Configuration > Model > Diagram and Configuration > Attributes > Attributes Dependencies views have been deactivated. There is no HTML view equivalent for the moment. The application documentation (Administration > Application> Documentation) can be used to access the usages and dependencies for each attribute.

Release

Support case

Severity

Details


Major

Hyperlink couldn't be set on an acknowledge mashlet comment in the HTML view

The bug preventing to set a hyperlink in the acknowledge mashlet has been fixed.

Known issues

None

Installation

When installing a brand new node, please follow the Install a node manual.

When installing a hotfix or updating a node, please follow the Upgrade manual.

Support services

The Axway Global Support team provides worldwide 24 x 7 support for customers with active support agreements. 

Email support@axway.com or visit Axway Support at https://support.axway.com.

Related Links