Skip to content

P6 Core 6.3.3

Release date: Thursday, 3rd of December 2020

Documentation can be found here. This is mainly a bug fix and security / documentation patch release.

This release introduces some breaking changes. We recommended that you carefully read the migration guide.


  • Allow default hidden column and default width, alignment & color for the grid.
  • Postfix is shipped back in the Docker image to sent alerts via email.

Security Improvements

  • Restricted URLs to install applications.
  • XML External Entity Injection (XXE) vulnerability fixed.
  • Remove unprotected endpoints /vmstats and /logstats.
  • Clean CORS authorized domain list.
  • The transactions service /documentContent endpoint will only provide file data from an allowed location specified by the resource property: p6.service.transaction.allowed.document.paths. Defaults are: ${P6_DATA}/resources/documents and ${P6_DATA}/tmp.

Documentation Improvements

  • Document transaction wildcard search possibilities.
  • Update P6 documentation front page.

Technical Changes

  • The counter service UI leverages Web Components and React 16.
  • Saxon-b removed for security reasons.
  • Rename ‘WorkItem’ element in workflow step definition.
  • XML View definitions are validated using an XSD at edition.
  • Rename ‘WorkItem’ element in workflow step definition.

Bug Fixes

  • Camel Jackson serialization doesn’t seem to be working.
  • Tables service: extra unnecessary call to /apis/v2/tables/data when opening table data view via Portal.
  • Workflow DSL failure - syncInlineAssignees() : P6Auth Response becomes corrupt?
  • Workflow step definitions should be validated when saved in the portal.
  • Error popup after edit and save the XML view of a transaction.
  • Error logs to email processing can go recursive.
  • Unable to search tables with value containing ‘.’.
  • Can’t add and edit home pages.