P6 Core 6.3.3

Release date: Thursday, 3^rd of December 2020

Documentation can be found here. This is mainly a bug fix and security / documentation patch release.

This release introduces some breaking changes. We recommended that you carefully read the migration guide.

Features

• Allow default hidden column and default width, alignment & color for the grid.
• Postfix is shipped back in the Docker image to sent alerts via email.

Security Improvements

• Restricted URLs to install applications.
• XML External Entity Injection (XXE) vulnerability fixed.
• Remove unprotected endpoints /vmstats and /logstats.
• Clean CORS authorized domain list.
• The transactions service /documentContent endpoint will only provide file data from an allowed location specified by the resource property: p6.service.transaction.allowed.document.paths. Defaults are: ${P6_DATA}/resources/documents and ${P6_DATA}/tmp.

Documentation Improvements

• Document transaction wildcard search possibilities.
• Update P6 documentation front page.

Technical Changes

• The counter service UI leverages Web Components and React 16.
• Saxon-b removed for security reasons.
• Rename ‘WorkItem’ element in workflow step definition.
• XML View definitions are validated using an XSD at edition.
• Rename ‘WorkItem’ element in workflow step definition.

Bug Fixes

• Camel Jackson serialization doesn’t seem to be working.
• Tables service: extra unnecessary call to /apis/v2/tables/data when opening table data view via Portal.
• Workflow DSL failure - syncInlineAssignees() : P6Auth Response becomes corrupt?
• Workflow step definitions should be validated when saved in the portal.
• Error popup after edit and save the XML view of a transaction.
• Error logs to email processing can go recursive.
• Unable to search tables with value containing ‘.’.
• Can’t add and edit home pages.