Decision Insight 2.0.0 20210927 release notes

Hotfix 03 delivered on December 16th, 2021

Reminder

Apache Camel 3, included in this release, is not compatible with previous versions and requires manual migration operations

See Apache Camel 3 migration guide for more information

Notifications without DIMS

Starting with this release, DIMS is no longer the only solution for sending Notifications. There is now an internal messaging system that can be used removing the constraint on having to install DIMS

Read more

New features and enhancements

For application developers

Instance pagelet : Delete a dimension using the HTML view

It is now possible to delete a dimension in the instance pagelet using the HTML view.

Creating and deleting properties in html view

Properties can be created and deleted in html view.

Entities diagram

The entities diagram is now available in html view and can be found under Configuration > Model > Diagram

You can view all entities and their relations, and filter them as well.

For administrators

Notifications can use an Internal messaging system

For deployments triggering a small number of notification messages (less than 1000 per minute), a new internal messaging system is available.
Deploying additional DIMS nodes is thus no longer necessary in this case.

For more information on how to use notification messaging systems, see General configuration.

Use Notification with Classifiers computed at the instance deletion

Now we are able to send notification on all Classifier computed attributes including computings performed at the instance deletion

Computing persistence improved

When a computing returns no value, the persistence is skipped to aleviate the database pressure.

Fixed issues

Fixed security vulnerabilities

None

Other fixed issues

Hotfix 03

Support case

Severity

Details

01320038 Critical

Log4J could be sensitive to attack using the lookup variable

log4j was updated from version 2.15.0 to 2.16.0

CVE-2021-44228 allows attackers to download and run any code on a server by logging a specially crafted string. This attack leverages the variable lookup in log4j and the current attack vector uses JNDI and LDAP.

Hotfix 02

Support case

Severity

Details

01320038 Critical

Log4J could be sensitive to attack using the lookup variable

CVE-2021-44228 allows attackers to download and run any code on a server by logging a specially crafted string. This attack leverages the variable lookup in log4j and the current attack vector uses JNDI and LDAP.

log4j was updated from version 2.13.3 to 2.15.0

01317585 Major

Computed attribute no longer worked with a past unsupported configuration

When a computed attribute had a not supported configuration, even in a past version, it would not compute anything for any version. This issue could occur when migrating to version 20210524 or higher, after old baseline functions became unsupported:

  • Baseline - old
  • Classifier from baseline - old
  • Classifier from thresholds - old

Release

Support case

Severity

Details


Major

Inputs not encoded in url

When creating a hyperlink to an outside url, the value of the parameters passed are not percent-encoded which can make the target url useless


Major

Permission consistency issue

The application permissions have been modified. User can now access the entities with data analysis.

To update, create and delete classifier, data modeling and data analysis both the permissions are required though user can access classifier with either on of the described permission. 


Major

Pagelet picker with small layouts may prevent editing

If a layout is too small, the pagelet picker will change the layout and potentially prevent user to edit the elements.

The picker try to adapt to the size of the pagelet layout and display smaller icons when possible


Major

Filter by instance for instance pagelet may display parameters from other dashboards

The parameters that were available to use in a filter by instance displayed also the parameters that were available when configuring an hyperlink to another parameterized dashboard.


Major

Mini-dashboard is refreshed when it should not

mini-dashboard should be updated only following its own rhythm


Major

Deleting a pagelet may result in incorrect layout in html

Deleting pagelet in html may lead to incorrect layout, by removing other pagelets

Known issues

None

Documentation

None

Installation

When installing a brand new node, please follow the Install a node manual.

When installing a hotfix or updating a node, please follow the Upgrade manual.

Support services

The Axway Global Support team provides worldwide 24 x 7 support for customers with active support agreements. 

Email support@axway.com or visit Axway Support at https://support.axway.com.

Reminder

Apache Camel 3, included in this release, is not compatible with previous versions and requires manual migration operations

See Apache Camel 3 migration guide for more information

Legacy installer EOL

Starting in July 2021, the legacy installer for Windows and Linux will no longer be available for download.

The CLI installers and Docker Image will be the only ways of installing the platform.

Highlights

TODO

TODO

Read more

New features and enhancements

For end users

For application developers

Instance pagelet : Delete a dimension using the HTML view

It is now possible to delete a dimension in the instance pagelet using the HTML view.

Creating and deleting properties in html view

Properties can be created and deleted in html view.

Entities diagram

The entities diagram is now available in html view and can be found under Configuration > Model > Diagram

You can view all entities and their relations, and filter them as well.

For administrators

Notifications can use an Internal messaging system

For deployments triggering a small number of notification messages (less than 1000 per minute), a new internal messaging system is available.
Deploying additional DIMS nodes is thus no longer necessary in this case.

For more information on how to use notification messaging systems, see General configuration.

Use Notification with Classifiers computed at the instance deletion

Now we are able to send notification on all Classifier computed attributes including computings performed at the instance deletion

Computing persistence improved

When a computing returns no value, the persistence is skipped to aleviate the database pressure.

Fixed issues

Fixed security vulnerabilities

Other fixed issues

Hotfix 03

Support case

Severity

Details

01320038 Critical

Log4J could be sensitive to attack using the lookup variable

log4j was updated from version 2.15.0 to 2.16.0

CVE-2021-44228 allows attackers to download and run any code on a server by logging a specially crafted string. This attack leverages the variable lookup in log4j and the current attack vector uses JNDI and LDAP.

Hotfix 02

Support case

Severity

Details

01320038 Critical

Log4J could be sensitive to attack using the lookup variable

CVE-2021-44228 allows attackers to download and run any code on a server by logging a specially crafted string. This attack leverages the variable lookup in log4j and the current attack vector uses JNDI and LDAP.

Decision Insight is not sensitive to this attack (since version 20181112, OpenJDK 11.0.1+ does not allow untrusted code execution through JNDI/LDAP) but hotfixes have been released as an additional prevention measure (in case a vector other than LDAP can be exploited).

If the hotfixes are not deployed, the risk can be mitigated by adding the following line to all jvm.conf files for the existing Decision Insight and DIMS deployments :

-Dlog4j2.formatMsgNoLookups=true
01317585 Major

Computed attribute no longer worked with a past unsupported configuration

When a computed attribute had a not supported configuration, even in a past version, it would not compute anything for any version. This issue could occur when migrating to version 20210524 or higher, after old baseline functions became unsupported:

  • Baseline - old
  • Classifier from baseline - old
  • Classifier from thresholds - old

Release

Known issues

None

Documentation

None

Installation

When installing a brand new node, please follow the Install a node manual.

When installing a hotfix or updating a node, please follow the Upgrade manual.

Support services

The Axway Global Support team provides worldwide 24 x 7 support for customers with active support agreements. 

Email support@axway.com or visit Axway Support at https://support.axway.com.

Related Links