Kinetic Core 2.x Release Notes

v2.5.3 (2021-12-13)

Download

Web Application Download (MD5 | SHA1 | SHA256)

Cassandra Schema (MD5 | SHA1 | SHA256)

Bugs Fixed

SummaryDescriptionIssue Number(s)
Disable Submit Button On-ClickThis bug fix prevents the double submission of forms when the submit button is accidentally "double clicked"KP-4581

v2.5.2(CURRENTLY RC) (2021-09-03)

Download

Web Application Download (MD5 | SHA1 | SHA256)

Cassandra Schema (MD5 | SHA1 | SHA256)

Improved Functionality

SummaryDescriptionIssue Number(s)
Ability to search submissions via POSTThis improvement provides the ability to search for submissoins using a POST. Using a GET can be problematic in some implementations where customers have complex, lengthy search query parameters that make the URL too long. This functionality allows for a POST request to a new endpoint called .../submission-search with a body such as {"q": "..."}KP-4089

v2.5.1 (2021-08-11)

Download

Web Application Download (MD5 | SHA1 | SHA256)

Cassandra Schema (MD5 | SHA1 | SHA256)

New Features!

SummaryDescriptionIssue Number(s)
Configurable attachment link expirationThis feature provides the ability to adjust the amount of time an attachment link is valid for. In order to configure the file link expiration time for attachments in Kinetic Request CE, the com.kineticdata.core.fileLinkExpirationInSeconds java property may be set. This is typically either done with Tomcat startup arguments, or by adding an entry to the conf/catalina.properties configuration file that looks like: com.kineticdata.core.fileLinkExpirationInSeconds=30KP-3022

Bugs Fixed

SummaryDescriptionIssue Number(s)
Addresses XSS issue in default bundleThis feature Address XSS security issue with default bundle login.jspKP-3911

v2.5.0 (2021-03-29)

Download

Web Application Download (MD5 | SHA1 | SHA256)

Cassandra Schema (MD5 | SHA1 | SHA256)

New Features!

SummaryDescriptionIssue Number(s)
Remove support for bridged resource GET requests to prevent potential CSRF attacksThis issue removes the ability to retrieve a bridged resource using a GET request as some bridge adapters now support creating or updating records. This feature may cause backwards compatibility issues with javascript libraries that use bridges to retrieve data. They will need to be updated to do a PUT vs a GET request.KP-3022
Remove ability to inject HTML in page element bindingsThis feature sanitizes field values that are used within form HTML elements to prevent XSS attacks.KP-3029

v2.4.1 (2019-08-29)

Download

Web Application Download (MD5 | SHA1 | SHA256)

Cassandra Schema (MD5 | SHA1 | SHA256)

Bugs Fixed

SummaryDescriptionIssue Number(s)
Checkbox fields with invalid options being cleared on saveKCORE-2756 (released in CE 2.4.0) caused an unintended behavior making checkbox fields that were set with invalid options to be cleared when a form was rendered in the UI and then saved. At times, its common to set checkbox questions using workflow or the API to store an array of values, even if those values aren't valid options. This issue ensures that values that were set into a checkbox field via the API don't get cleared out when a form is saved.KCORE-2897
Form date field localization bugForm date fields were not respecting the users preferred locale.KCORE-2882
Translations error with subformsFixes an error that happens when subforms are leveraging translations.KCORE-2837
Datastore pagination bugFixes issue with pagination when searching for datastore submissions using a query.KCORE-2819

v2.4.0 (2019-05-14)

Download

Web Application Download (MD5 | SHA1 | SHA256)

Cassandra Schema (MD5 | SHA1 | SHA256)

New Features!

SummaryDescriptionIssue Number(s)
Searching and PaginationSearching and pagination has been added to the User, Team, Form, Datastore Form, Kapp and Space endpoints. Previously, the API would return a list of ALL records which could cause performance issues when thousands records were returned. Queries can now be constructed using KQL (Kinetic Query Language) to search for records in these models and return paginated responses. See the in-app API documentation for usage details.KCORE-2593
Form Overwrite ProtectionThe application now provides functionality for protecting against accidental form overwrites when multiple developers are working on the same form wihtin the Form builder.KCORE-2746, KCORE-2747

Improved Functionality

SummaryDescriptionIssue Number(s)
Ability to set expiration of password reset tokensImproves password reset functionality by allowing Space Admins to pass an exipration information when generating a token. Previously password reset tokens were only valid for 24 hours.KCORE-2794
Ability to set sesion cookie max ageAdds the ability to set client session cookie max age via a cookieMaxAge environment variableKCORE-2726

Bugs Fixed

SummaryDescriptionIssue Number(s)
Unrecognized LocalesLocales that are not recognized by the system caused errors. The issue walks all accepted locales and uses the application's default (English) if none are foundKCORE-2796
Bug when clearning checkbox valuesFixes a bug that existed when clearing checkbox question values on a Kinetic form.KCORE-2756
Login Bug in Base BundleFixed a with the Login Button in the enbedded base bundle that wasn't respecting installations that use subdomains for tenant routes.KCORE-2795

v2.3.0 (2019-02-05)

Download

Web Application Download (MD5 | SHA1 | SHA256)

Cassandra Schema (MD5 | SHA1 | SHA256)

New Features!

SummaryDescriptionIssue Number(s)
TranslationsKinetic Request CE now supports the ability to translate content in forms and bundles. Leveraging this new functionality will require some changes to your bundle, however if you're using the standard Kinetic Bundle, you'll get this functionality automatically with an upgrade.KCORE-2215
Team and User Security PoliciesSecurity Policies can now be defined for who can create and update Users and Teams. Previously, only space admins were able to create or update Teams and Users.KCORE-2498
Space Default and User Locale/Timezone SettingWe've added the ability to specify a Default Timezone and Locale for a space, and also the ability to let a user specify their own Timezone and Locale. This info is particularly helpful when sending email notifications within workflow.KCORE-2527

Improved Functionality

SummaryDescriptionIssue Number(s)
Form Update WebhooksWhen a form is updated, the Created At /Updated At Dates are now passed as part of the webhook body. This enables administrators to implement form auditing solutions using workflow.KCORE-2282
Parent / Child RelationshipsRemoved the ability to delete a submission if it has a child to reduce errors caused when updating a submissions with a missing parent.

Improved the error message when updating a submission that has a parent that is missing for existing submission data.
KCORE-2377, KCORE-2380
Form Builder Display ConditionsAdded Form 'form(review)' bindings to page display condition menu which enables form builders to conditionally display an element if a form is in "Review Mode" or not.KCORE-2401
Missing Security Policy Error MessageImproved the error message raised when a security policy references a missing definition. This is particularly helpful when importing a form from another system that is referencing a Security Policy that doesn't exist. The new error message contains that name of the form that is missing the security policy along with the name of the referenced Security Policy Definition.KCORE-2408
JS Helper Method for working with SubformsImplement method for cleaning the Kinetic.form object when working with subformsKCORE-2472
Deleting Datastore RecordsUnable to delete datastore records unless a user is a space adminKCORE-2490

Bugs Fixed

SummaryDescriptionIssue Number(s)
Single Page App Login IssueSPA spaces render the embedded base bundle login when attempting to open a kapp/form/submission that doesn't existKCORE-2272
System Console Bundle PathSystem console should not require that a bundle path be setKCORE-2273
Creating Categories with AttributesWhen creating a category, an error is returned when trying to set an attribute using attributesMapKCORE-2283
Datastore Form AttributesDatastoreFormAttributes can be created with no name via the APIKCORE-2284
Creating Teams with AttributesUnable to add attributes to a team when creating the teamKCORE-2285
Incorrect RedirectsSome redirects improperly include /:spaceSlug prefix regardless of whether the request has a space subdomainKCORE-2305
Admin Console Broken LinkDatastore Form Builder - View submissions link does not take you to submissionsKCORE-2340
CE Webhook Secret EncryptionCE Webhook Configuration - Secret should be encrypted / not visible to end usersKCORE-2344
Updating Submission Parent via APIUnable to remove Submission parent / origin via PUT passing null as value.KCORE-2369
Searching on indexes that aren't builtDatastore Submission search allows searching on indexes that aren't builtKCORE-2400
currentPage Property when using PATCH apiPATCH Submission endpoint isn't respecting the currentPage propertyKCORE-2402
Review submission redirect issueReview approval links do not properly redirect when a context is presentKCORE-2413
Space oAuth Client Secret EncryptionThe space.oauthClient.clientSecret should be encrypted / not included to end usersKCORE-2417
Datastore Submission Index issue with CheckboxesIndexOutOfBoundsException when creating datastore submissions with overlapping checkbox fieldsKCORE-2451
Logging issue with Datastore WebhooksWebhooks log 'Unexpected parent type: Datastore Submission' when handling Datastore related webhooksKCORE-2466

v2.2.0 (2018-10-18)

Download

New Features!

SummaryDescriptionIssue Number(s)
Implemented Frame Policy ManagementIn order to address clickjacking attacks, a management interface that allows administrators to configure trusted frame domains was implemented within the Administration Consoles.KCORE-14
Addressed CSRF VulnerabilitiesIn order to address Cross-Site Request Forgery (CSRF) attacks, the application implemented the [synchronizer token pattern][15]. Previously CSRF attacks were expected to be mitigated by the web proxy / load balancer [_verifying standard headers.][16]_KCORE-1932
Implemented CORS ManagementIn order to address cross origin attacks, a management interface that allows administrators to configure trusted resource domains was implemented within the Administration ConsolesKCORE-1983
Implemented Subdomain SupportIn order to address request forgery attacks between spaces on a single instance of Kinetic Request CE, the application now supports the ability to user separate subdomains for each space. This is configured on your load balancer or web proxy by adding the "X-Kinetic-Subdomain" header.KCORE-2221

Improved Functionality

SummaryDescriptionIssue Number(s)
Implemented ability to specify that an HTTP request should return a 401 if the requester is not authenticated.Kinetic Request CE bundles often retrieve lists of Forms or Submissions on behalf of the user. If the user's session times out, those calls would return only the records available to a "public" user (which are typically different than the records available to an authenticated user). By passing a "X-Kinetic-AuthAssumed" header with the AJAX request, the developer can instruct the application to return a 401 response (which can then be handled by displaying of a login model) rather than the incomplete results.KCORE-1759

Bugs Fixed

SummaryDescriptionIssue Number(s)
Default Bundle contained a hard coded reference to the 'kinetic' web application context.The bundle that ships with the Kinetic Request CE application (commonly referred to as the "Base" bundle) included a hard coded reference to the "kinetic" web application context. This would have caused an error for customers leveraging subdomains for tenant spaces.KCORE-2228
Incorrect results being returned for some Datastore Submission searchesDatastore submission searches were incorrectly omitting results when a compound index specified a greater than (or equal to) expression without a less than (or equal to) expression.

Also, the Datastore Submission indexes that included a checkbox question as part of the index definition were not properly being updated when the checkbox value changed.
KCORE-2269,KCORE-2279
The '?debugjs' URL parameter was not being respected in SPA modeThe '?debugjs' URL parameter is used during development to prevent the Kinetic Request CE application from minifying the JS/CSS code returned from the server (for easier debugging). This URL parameter was not being respected when a space was configured with the "Single Page App" display type..KCORE-2275

v2.1.1 (2018-04-27)

Download

Bugs Fixed

SummaryDescriptionIssue Number(s)
Resolved bug where improper authorization was granted in spaces that were configured as a Single Page App.Display authorization was being ignored when displaying embedded forms/submissions when the space is configured as a Single Page App.

This bug was introduced in Version 2.1.0 and was would have only been an issue if the Single Page App feature (part of 2.1.0) was being leveraged.
KCORE-2205
Resolved bug with spaces configured as a Single Page App where the location field under Space Settings looked empty even though it was set.When a space is configured as a Single Page App, a "Location" field is presented to users under Space > Settings. This bug resolved an issue where the location field looked empty even though it was populated.KCORE-2206
Resolved a bug that form developers experienced when using the Firefox browser to add choices to a checkbox/radio button question.If using the Firefox Browser to add choice options to a checkbox or radio button field, an additional "empty" choice was being added. This fix resolves that bug for Firefox Users.

v2.1.0 (2018-04-16)

Download

[Download Links Removed] There is a known security vulnerability in the 2.1.0 release for customers leveraging the Single Page App feature. Customers should upgrade to 2.1.1.

New Features!

SummaryDescriptionIssue Number(s)
Implements Datastore as a component of the CE Platform.Implements Datastore as a component of the CE Platform, allowing Datastore forms to define and build up referential data that can be effectively leveraged. Datastore forms can store hundreds of thousands to millions of records and still perform searches quickly and effectively on any field or combination of fields by allowing administrators to not only define the form, but the indexes on those forms. For more information on Datastore, click here.KCORE-1755
Add ability to compare current (previous) and updated values for update webhooksAdds the ability to access both the current (previous) and updated values in the update webhooks, which means both the old and new values are available to the receiving system (eg. task tree).KCORE-2069
Adds support for single page app bundles by adding a new space Display Type.The necessary files for the CE server part of a REACT bundle (webpack) now ships with the application, and a single page app are more easily specified with a Display Type on the space.KCORE-1921

Improved Functionality

SummaryDescriptionIssue Number(s)
Implements ability to return only specific attributes or values via the API using the ?includes parameter.Previously, either all or no attributes could be returned via the API. This update implements the ability to return only specific attributes or values via the API using the ?includes parameter. Ex. ?includes=attributes[my-attribute-name]KCORE-1798
Improved Stability of Submission Indexing/SearchingThis addressed many sub-issues, including adding the ability to check and rebuild submission indexes, the ability to do blue/green submission indexing, WriteTimeoutException handling for Submissions, and a number of changes to support datastore form indexing.KCORE-1912
Adds Origin and Parent GUID submission properties to the CE Console Forms > Submissions > (guid)When viewing the submission in the CE console, the Origin and Parent GUIDs are shown. KCORE-1921KCORE-1921KCORE-1950
Java 9 without configurationThis addresses an issue in CE caused by changes to what is included (and not) in the default path in Java 9. This allows use of Java 9 without having to update the path.KCORE-2007
Introduces use of an attribute map when using the CE API to interact with attributes.Improved ability to set specific attributes by providing an attribute map when updating a CE object via the API. Also implements the ability to return attributes as a map instead of an array by specifying ?includes=attributesMap instead of ?includes=attributes. Note this can also be used to get a specific attribute with a map using ?includes=attributesMap[ATTRIBUTE NAME]KCORE-2025
Exposes the form type to the front end via the form object (K('form')) and the K.config.ready selector.The form type property is now available to the form object with the call: K('form').type(). It is also available to K.config.ready.KCORE-2028
Update the K.load js method to pass a status code to the error callbackThe error callback on K.load (calling subforms) is called for any error not 401, 403, or 404 (these have different callbacks). This enhancement passes the status code to the callback to allow for conditional handling if desired.KCORE-2104
Don't fire the User Updated webhook on auto.update (when using an identity provider) because nothing has actually changed.When authenticating to CE using an identity provider, if the auto.update setting was set to true, the user record was being updated even if no changes were made to the user. This was causing User Updated Webhooks to be triggered even though nothing changed. This enhancement cleans that up and prevents the webhook from firing in this particular nothing-changed scenario.KCORE-2192

Bugs Fixed

SummaryDescriptionIssue Number(s)
Page navigation to the "first" page should not require a reference pageWhen setting what page a submission is on via the API, developers previously needed to pass the name of the page. This was inconvenient and wasn't needed.KCORE-1810
Fix regression with LDAP groups not being applied when using LDAP authenticatorWhen using the LDAP authenticator, the individual who logs in should have their LDAP groups added to their UserDetails to be able to be used by the system, including by KSL for security rules. This was lost in a previous release and is restored in this release.KCORE-2094

v2.0.4 (2018-02-21)

Download

Bugs Fixed

DescriptionIssue Number(s)
Automated false-positive index entry repair sometimes removes the wrong index entryKCORE-2031
When searching, an empty string should be treated the same as nullKCORE-2032

v2.0.3 (2018-02-05)

Download

Improved Functionality

DescriptionIssue Number(s)
Added the ability to restore deleted forms via the Rest API (this functionality is not available within the CE Consoles as of this release)KCORE-777
Implemented ability to calculate and pass displayable pages to client-side codeKCORE-1906
Added ability to use form('review') in server-side expression evaluationKCORE-1896
Application Stability Improvements-
Implement ability to fix false-positive submission indexesKCORE-1913
Implement ability to do blue/green submission indexingKCORE-1904
Implement ability to rebuild the system submissions indexKCORE-1916
Implement ability to check the system submissions indexKCORE-1917
Implement 'include=values.raw' in order to provide visibility into malformed or orphaned submission valuesKCORE-1937
Secuirty Improvements-
Fixed XSS vulnerability in application error pagesKCORE-1979

Bugs Fixed

DescriptionIssue Number(s)
Automated false-positive index entry repair sometimes removes the wrong index entryKCORE-2031
When searching, an empty string should be treated the same as nullKCORE-2032
Updated K.field().setOptions.() method to trigger change events when invoked via custom jsKCORE-1462
Fixed issue where the javascript method K.field().options() does not bind change events after being used to set options on checkbox/radio'sKCORE-1813
Rendering activity charts can cause the web browser to become unresponsive if there is a lot of submission dataKCORE-1885
Updated K('form').previousPage() to respect the action.stop function when invoked via custom jsKCORE-1903
Updated application submission logic to return an empty array for checkbox/attachment fields with no values instead of null to be consistent with other fieldsKCORE-1907
Changed application logic to not set Field Default value if the submission has not been submittedKCORE-1909
Incorrect cassandra consistency levels are sometimes applied (introducing the possibility of inconsistent data in extreme edge cases)KCORE-1918
NullPointerException raised by API when a submission has a malformed attachment valueKCORE-1919
Fixed issue where custom tag libraries (app-taglib.tld, bundle-taglib.tld, and json-taglib.tld) failed validation when enabled on the web serverKCORE-1931
Changes for KCORE-1586 introduces bug where bridged resources on submitted pages do not work properlyKCORE-2012

v2.0.2 (2017-11-01)

Download

Improved Functionality

DescriptionIssue Number(s)
Ability to map LDAP/SAML attributes to user attributes automatically when users authenticate.KCORE-1254
Added the bundle.identity() method for use within javascript to get the current users username.KCORE-1665
Implemented Structured Logging which ensures that a log file is a preset, consistent, and in a machine readable format.KCORE-1677
Updated webhook calls to send webhook event meta data (Type of Event, Event Action & Timestamp)KCORE-1757
Added Profile Attributes as variables throughout the form builder for use in setting defaults, and in bridged resources.KCORE-1764
Added ability to restrict users that are able to login to the system and space consoles by IP Address/IP RangeKCORE-1786
IN-APP DOCUMENTATION UPDATES

- Authentication Documentation
* Submission Activity Rest API
- Page Navigation Rest API
- Me Rest API
- Updated user settings documentation when creating/updating a space user
-

Bugs Fixed

DescriptionIssue Number(s)
Fixed issue where users that had access to a submission, but didn't have access to submit the form could not access bridged resources.KCORE-1586
Fixed issue where users that had access to a submission, but didn't have access to submit the form could not access the submissions files.KCORE-1691
Fixed error with submission searching which sometimes returns 'Attempting to fill ... strand' errors.KCORE-1827

v2.0.1 (2017-10-18)

Download

Improved Functionality

DescriptionIssue Number(s)
Error callback options for K.load function. Documentation available in application: kinetic/your-space-slug/app/dev/docs/js/guides/subformsKCORE-1650

Bugs Fixed

DescriptionIssue Number(s)
Ability to delete submissions associated to (soft) deleted formsKCORE-1731
Ability to modify or delete submissions with malformed valuesKCORE-1732
SAML IDP metadata file is not loaded from %DATA_DIR%/configKCORE-1734

v2.0.0 (2017-05-01)

Download

New Features!

DescriptionIssue Number(s)
Implement teamsKCORE-1530
Implement OAuth provider functionalityKCORE-1569
Implement submission handleKCORE-1572
Implement submission activitiesKCORE-1587
Implement submission support accessKCORE-1593

Improved Functionality

DescriptionIssue Number(s)
Improve performance for submitting forms with a large number of fieldsKCORE-1524
Limit ability to change a space slug to only the system administrator accountKCORE-1554
Add ability to reference optional fields/attributes/etc when evaluating expressionsKCORE-1594
When displaying a submission to a user that has 'Submission Access' but not 'Submission Modification' privileges, automatically render in review modeKCORE-1595

Bugs Fixed

DescriptionIssue Number(s)
Attachment fields should fire change eventsKCORE-975
Checkbox fields should not require an array when setting a single default valueKCORE-1083
Enter does not work as expected when creating list choicesKCORE-1190
Renaming a security policy definition breaks references to the definitionKCORE-1418
Webhook body content encodes some UTF-8 characters as '?'KCORE-1525
Date and Date/Time fields values show up in Chinese for some usersKCORE-1526
Renaming a user profile attribute breaks references to the definitionKCORE-1552
Submission searching should be case insensitiveKCORE-1556
Cloning a form should not copy the Created By informationKCORE-1584
Login and Reset Password redirects are not encoding usernameKCORE-1620
Dropping a file onto an attachment field sets the value for all attachments on the pageKCORE-1643
Sharing a name between a field and section causes client-side errorKCORE-1647

Did this page help you?