CE Release Notes

James Davies

v2.4.0 (2019-05-14)

Download

Web Application Download (MD5 | SHA1 | SHA256)

Cassandra Schema (MD5 | SHA1 | SHA256)

New Features!

Summary Description Issue Number(s)
Searching and Pagination Searching and pagination has been added to the User, Team, Form, Datastore Form, Kapp and Space endpoints. Previously, the API would return a list of ALL records which could cause performance issues when thousands records were returned. Queries can now be constructed using KQL (Kinetic Query Language) to search for records in these models and return paginated responses. See the in-app API documentation for usage details. KCORE-2593
Form Overwrite Protection The application now provides functionality for protecting against accidental form overwrites when multiple developers are working on the same form wihtin the Form builder. KCORE-2746, KCORE-2747

Improved Functionality

Summary Description Issue Number(s)
Ability to set expiration of password reset tokens Improves password reset functionality by allowing Space Admins to pass an exipration information when generating a token. Previously password reset tokens were only valid for 24 hours. KCORE-2794
Ability to set sesion cookie max age Adds the ability to set client session cookie max age via a cookieMaxAge environment variable KCORE-2726

Bugs Fixed

Summary Description Issue Number(s)
Unrecognized Locales Locales that are not recognized by the system caused errors. The issue walks all accepted locales and uses the application's default (English) if none are found KCORE-2796
Bug when clearning checkbox values Fixes a bug that existed when clearing checkbox question values on a Kinetic form. KCORE-2756
Login Bug in Base Bundle Fixed a with the Login Button in the enbedded base bundle that wasn't respecting installations that use subdomains for tenant routes. KCORE-2795

v2.3.0 (2019-02-05)

Download

Web Application Download (MD5 | SHA1 | SHA256)

Cassandra Schema (MD5 | SHA1 | SHA256)

New Features!

Summary Description Issue Number(s)
Translations Kinetic Request CE now supports the ability to translate content in forms and bundles. Leveraging this new functionality will require some changes to your bundle, however if you're using the standard Kinetic Bundle, you'll get this functionality automatically with an upgrade. KCORE-2215
Team and User Security Policies Security Policies can now be defined for who can create and update Users and Teams. Previously, only space admins were able to create or update Teams and Users. KCORE-2498
Space Default and User Locale/Timezone Setting We've added the ability to specify a Default Timezone and Locale for a space, and also the ability to let a user specify their own Timezone and Locale. This info is particularly helpful when sending email notifications within workflow. KCORE-2527

Improved Functionality

Summary Description Issue Number(s)
Form Update Webhooks When a form is updated, the Created At /Updated At Dates are now passed as part of the webhook body. This enables administrators to implement form auditing solutions using workflow. KCORE-2282
Parent / Child Relationships Removed the ability to delete a submission if it has a child to reduce errors caused when updating a submissions with a missing parent.

Improved the error message when updating a submission that has a parent that is missing for existing submission data.
KCORE-2377, KCORE-2380
Form Builder Display Conditions Added Form 'form(review)' bindings to page display condition menu which enables form builders to conditionally display an element if a form is in "Review Mode" or not. KCORE-2401
Missing Security Policy Error Message Improved the error message raised when a security policy references a missing definition. This is particularly helpful when importing a form from another system that is referencing a Security Policy that doesn't exist. The new error message contains that name of the form that is missing the security policy along with the name of the referenced Security Policy Definition. KCORE-2408
JS Helper Method for working with Subforms Implement method for cleaning the Kinetic.form object when working with subforms KCORE-2472
Deleting Datastore Records Unable to delete datastore records unless a user is a space admin KCORE-2490

Bugs Fixed

Summary Description Issue Number(s)
Single Page App Login Issue SPA spaces render the embedded base bundle login when attempting to open a kapp/form/submission that doesn't exist KCORE-2272
System Console Bundle Path System console should not require that a bundle path be set KCORE-2273
Creating Categories with Attributes When creating a category, an error is returned when trying to set an attribute using attributesMap KCORE-2283
Datastore Form Attributes DatastoreFormAttributes can be created with no name via the API KCORE-2284
Creating Teams with Attributes Unable to add attributes to a team when creating the team KCORE-2285
Incorrect Redirects Some redirects improperly include /:spaceSlug prefix regardless of whether the request has a space subdomain KCORE-2305
Admin Console Broken Link Datastore Form Builder - View submissions link does not take you to submissions KCORE-2340
CE Webhook Secret Encryption CE Webhook Configuration - Secret should be encrypted / not visible to end users KCORE-2344
Updating Submission Parent via API Unable to remove Submission parent / origin via PUT passing null as value. KCORE-2369
Searching on indexes that aren't built Datastore Submission search allows searching on indexes that aren't built KCORE-2400
currentPage Property when using PATCH api PATCH Submission endpoint isn't respecting the currentPage property KCORE-2402
Review submission redirect issue Review approval links do not properly redirect when a context is present KCORE-2413
Space oAuth Client Secret Encryption The space.oauthClient.clientSecret should be encrypted / not included to end users KCORE-2417
Datastore Submission Index issue with Checkboxes IndexOutOfBoundsException when creating datastore submissions with overlapping checkbox fields KCORE-2451
Logging issue with Datastore Webhooks Webhooks log 'Unexpected parent type: Datastore Submission' when handling Datastore related webhooks KCORE-2466

v2.2.0 (2018-10-18)

Download

New Features!

Summary Description Issue Number(s)
Implemented Frame Policy Management In order to address clickjacking attacks, a management interface that allows administrators to configure trusted frame domains was implemented within the Administration Consoles. KCORE-14
Addressed CSRF Vulnerabilities In order to address Cross-Site Request Forgery (CSRF) attacks, the application implemented the [synchronizer token pattern][15]. Previously CSRF attacks were expected to be mitigated by the web proxy / load balancer [_verifying standard headers.][16]_ KCORE-1932
Implemented CORS Management In order to address cross origin attacks, a management interface that allows administrators to configure trusted resource domains was implemented within the Administration Consoles KCORE-1983
Implemented Subdomain Support In order to address request forgery attacks between spaces on a single instance of Kinetic Request CE, the application now supports the ability to user separate subdomains for each space. This is configured on your load balancer or web proxy by adding the "X-Kinetic-Subdomain" header. KCORE-2221

Improved Functionality

Summary Description Issue Number(s)
Implemented ability to specify that an HTTP request should return a 401 if the requester is not authenticated. Kinetic Request CE bundles often retrieve lists of Forms or Submissions on behalf of the user. If the user's session times out, those calls would return only the records available to a "public" user (which are typically different than the records available to an authenticated user). By passing a "X-Kinetic-AuthAssumed" header with the AJAX request, the developer can instruct the application to return a 401 response (which can then be handled by displaying of a login model) rather than the incomplete results. KCORE-1759

Bugs Fixed

Summary Description Issue Number(s)
Default Bundle contained a hard coded reference to the 'kinetic' web application context. The bundle that ships with the Kinetic Request CE application (commonly referred to as the "Base" bundle) included a hard coded reference to the "kinetic" web application context. This would have caused an error for customers leveraging subdomains for tenant spaces. KCORE-2228
Incorrect results being returned for some Datastore Submission searches Datastore submission searches were incorrectly omitting results when a compound index specified a greater than (or equal to) expression without a less than (or equal to) expression.

Also, the Datastore Submission indexes that included a checkbox question as part of the index definition were not properly being updated when the checkbox value changed.
KCORE-2269,KCORE-2279
The '?debugjs' URL parameter was not being respected in SPA mode The '?debugjs' URL parameter is used during development to prevent the Kinetic Request CE application from minifying the JS/CSS code returned from the server (for easier debugging). This URL parameter was not being respected when a space was configured with the "Single Page App" display type.. KCORE-2275

v2.1.1 (2018-04-27)

Download

  • Web Application Download
  • Cassandra Schema

    Bugs Fixed

    Summary Description Issue Number(s)
    Resolved bug where improper authorization was granted in spaces that were configured as a Single Page App. Display authorization was being ignored when displaying embedded forms/submissions when the space is configured as a Single Page App.

    This bug was introduced in Version 2.1.0 and was would have only been an issue if the Single Page App feature (part of 2.1.0) was being leveraged.
    KCORE-2205
    Resolved bug with spaces configured as a Single Page App where the location field under Space Settings looked empty even though it was set. When a space is configured as a Single Page App, a "Location" field is presented to users under Space > Settings. This bug resolved an issue where the location field looked empty even though it was populated. KCORE-2206
    Resolved a bug that form developers experienced when using the Firefox browser to add choices to a checkbox/radio button question. If using the Firefox Browser to add choice options to a checkbox or radio button field, an additional "empty" choice was being added. This fix resolves that bug for Firefox Users.

v2.1.0 (2018-04-16)

Download

* [Download Links Removed] * There is a known security vulnerability in the 2.1.0 release for customers leveraging the Single Page App feature. Customers should upgrade to 2.1.1.

New Features!

Summary Description Issue Number(s)
Implements Datastore as a component of the CE Platform. Implements Datastore as a component of the CE Platform, allowing Datastore forms to define and build up referential data that can be effectively leveraged. Datastore forms can store hundreds of thousands to millions of records and still perform searches quickly and effectively on any field or combination of fields by allowing administrators to not only define the form, but the indexes on those forms. For more information on Datastore, click here. KCORE-1755
Add ability to compare current (previous) and updated values for update webhooks Adds the ability to access both the current (previous) and updated values in the update webhooks, which means both the old and new values are available to the receiving system (eg. task tree). KCORE-2069
Adds support for single page app bundles by adding a new space Display Type. The necessary files for the CE server part of a REACT bundle (webpack) now ships with the application, and a single page app are more easily specified with a Display Type on the space. KCORE-1921

Improved Functionality

Summary Description Issue Number(s)
Implements ability to return only specific attributes or values via the API using the ?includes parameter. Previously, either all or no attributes could be returned via the API. This update implements the ability to return only specific attributes or values via the API using the ?includes parameter. Ex. ?includes=attributes[my-attribute-name] KCORE-1798
Improved Stability of Submission Indexing/Searching This addressed many sub-issues, including adding the ability to check and rebuild submission indexes, the ability to do blue/green submission indexing, WriteTimeoutException handling for Submissions, and a number of changes to support datastore form indexing. KCORE-1912
Adds Origin and Parent GUID submission properties to the CE Console Forms > Submissions > (guid) When viewing the submission in the CE console, the Origin and Parent GUIDs are shown. KCORE-1921 KCORE-1950
Java 9 without configuration This addresses an issue in CE caused by changes to what is included (and not) in the default path in Java 9. This allows use of Java 9 without having to update the path. KCORE-2007
Introduces use of an attribute map when using the CE API to interact with attributes. Improved ability to set specific attributes by providing an attribute map when updating a CE object via the API. Also implements the ability to return attributes as a map instead of an array by specifying ?includes=attributesMap instead of ?includes=attributes. Note this can also be used to get a specific attribute with a map using ?includes=attributesMap[ATTRIBUTE NAME] KCORE-2025
Exposes the form type to the front end via the form object (K('form')) and the K.config.ready selector. The form type property is now available to the form object with the call: K('form').type(). It is also available to K.config.ready. KCORE-2028
Update the K.load js method to pass a status code to the error callback The error callback on K.load (calling subforms) is called for any error not 401, 403, or 404 (these have different callbacks). This enhancement passes the status code to the callback to allow for conditional handling if desired. KCORE-2104
Don't fire the User Updated webhook on auto.update (when using an identity provider) because nothing has actually changed. When authenticating to CE using an identity provider, if the auto.update setting was set to true, the user record was being updated even if no changes were made to the user. This was causing User Updated Webhooks to be triggered even though nothing changed. This enhancement cleans that up and prevents the webhook from firing in this particular nothing-changed scenario. KCORE-2192

Bugs Fixed

Summary Description Issue Number(s)
Page navigation to the "first" page should not require a reference page When setting what page a submission is on via the API, developers previously needed to pass the name of the page. This was inconvenient and wasn't needed. KCORE-1810
Fix regression with LDAP groups not being applied when using LDAP authenticator When using the LDAP authenticator, the individual who logs in should have their LDAP groups added to their UserDetails to be able to be used by the system, including by KSL for security rules. This was lost in a previous release and is restored in this release. KCORE-2094

v2.0.4 (2018-02-21)

Download

Bugs Fixed

Description Issue Number(s)
Automated false-positive index entry repair sometimes removes the wrong index entry KCORE-2031
When searching, an empty string should be treated the same as null KCORE-2032

v2.0.3 (2018-02-05)

Download

Improved Functionality

Description Issue Number(s)
Added the ability to restore deleted forms via the Rest API (this functionality is not available within the CE Consoles as of this release) KCORE-777
Implemented ability to calculate and pass displayable pages to client-side code KCORE-1906
Added ability to use form('review') in server-side expression evaluation KCORE-1896
Application Stability Improvements -
Implement ability to fix false-positive submission indexes KCORE-1913
Implement ability to do blue/green submission indexing KCORE-1904
Implement ability to rebuild the system submissions index KCORE-1916
Implement ability to check the system submissions index KCORE-1917
Implement 'include=values.raw' in order to provide visibility into malformed or orphaned submission values KCORE-1937
Secuirty Improvements -
Fixed XSS vulnerability in application error pages KCORE-1979

Bugs Fixed

Description Issue Number(s)
Automated false-positive index entry repair sometimes removes the wrong index entry KCORE-2031
When searching, an empty string should be treated the same as null KCORE-2032
Updated K.field().setOptions.() method to trigger change events when invoked via custom js KCORE-1462
Fixed issue where the javascript method K.field().options() does not bind change events after being used to set options on checkbox/radio's KCORE-1813
Rendering activity charts can cause the web browser to become unresponsive if there is a lot of submission data KCORE-1885
Updated K('form').previousPage() to respect the action.stop function when invoked via custom js KCORE-1903
Updated application submission logic to return an empty array for checkbox/attachment fields with no values instead of null to be consistent with other fields KCORE-1907
Changed application logic to not set Field Default value if the submission has not been submitted KCORE-1909
Incorrect cassandra consistency levels are sometimes applied (introducing the possibility of inconsistent data in extreme edge cases) KCORE-1918
NullPointerException raised by API when a submission has a malformed attachment value KCORE-1919
Fixed issue where custom tag libraries (app-taglib.tld, bundle-taglib.tld, and json-taglib.tld) failed validation when enabled on the web server KCORE-1931
Changes for KCORE-1586 introduces bug where bridged resources on submitted pages do not work properly KCORE-2012

v2.0.2 (2017-11-01)

Download

Improved Functionality

Description Issue Number(s)
Ability to map LDAP/SAML attributes to user attributes automatically when users authenticate. KCORE-1254
Added the bundle.identity() method for use within javascript to get the current users username. KCORE-1665
Implemented Structured Logging which ensures that a log file is a preset, consistent, and in a machine readable format. KCORE-1677
Updated webhook calls to send webhook event meta data (Type of Event, Event Action & Timestamp) KCORE-1757
Added Profile Attributes as variables throughout the form builder for use in setting defaults, and in bridged resources. KCORE-1764
Added ability to restrict users that are able to login to the system and space consoles by IP Address/IP Range KCORE-1786
IN-APP DOCUMENTATION UPDATES

- Authentication Documentation
* Submission Activity Rest API
- Page Navigation Rest API
- Me Rest API
- Updated user settings documentation when creating/updating a space user
-

Bugs Fixed

Description Issue Number(s)
Fixed issue where users that had access to a submission, but didn't have access to submit the form could not access bridged resources. KCORE-1586
Fixed issue where users that had access to a submission, but didn't have access to submit the form could not access the submissions files. KCORE-1691
Fixed error with submission searching which sometimes returns 'Attempting to fill ... strand' errors. KCORE-1827

v2.0.1 (2017-10-18)

Download

Improved Functionality

Description Issue Number(s)
Error callback options for K.load function. Documentation available in application: kinetic/your-space-slug/app/dev/docs/js/guides/subforms KCORE-1650

Bugs Fixed

Description Issue Number(s)
Ability to delete submissions associated to (soft) deleted forms KCORE-1731
Ability to modify or delete submissions with malformed values KCORE-1732
SAML IDP metadata file is not loaded from %DATA_DIR%/config KCORE-1734

v2.0.0 (2017-05-01)

Download

New Features!

Description Issue Number(s)
Implement teams KCORE-1530
Implement OAuth provider functionality KCORE-1569
Implement submission handle KCORE-1572
Implement submission activities KCORE-1587
Implement submission support access KCORE-1593

Improved Functionality

Description Issue Number(s)
Improve performance for submitting forms with a large number of fields KCORE-1524
Limit ability to change a space slug to only the system administrator account KCORE-1554
Add ability to reference optional fields/attributes/etc when evaluating expressions KCORE-1594
When displaying a submission to a user that has 'Submission Access' but not 'Submission Modification' privileges, automatically render in review mode KCORE-1595

Bugs Fixed

Description Issue Number(s)
Attachment fields should fire change events KCORE-975
Checkbox fields should not require an array when setting a single default value KCORE-1083
Enter does not work as expected when creating list choices KCORE-1190
Renaming a security policy definition breaks references to the definition KCORE-1418
Webhook body content encodes some UTF-8 characters as '?' KCORE-1525
Date and Date/Time fields values show up in Chinese for some users KCORE-1526
Renaming a user profile attribute breaks references to the definition KCORE-1552
Submission searching should be case insensitive KCORE-1556
Cloning a form should not copy the Created By information KCORE-1584
Login and Reset Password redirects are not encoding username KCORE-1620
Dropping a file onto an attachment field sets the value for all attachments on the page KCORE-1643
Sharing a name between a field and section causes client-side error KCORE-1647

v1.1.1 (2017-06-30)

Download

Bugs Fixed

Description Issue Number(s)
Changing a field from a string datatype to a JSON datatype breaks security evaluation with 'Unable to parse JSON content' KCORE-1730
Submissions with malformed values should still be modifiable so that they can be deleted or updated with well formed values KCORE-1732

v1.1.0 (2016-12-19)

Download

Improved Functionality

Description Issue Number(s)
Create a webhook callback for User creation KCORE-1385
Ensure all session content is serializable so that sessions are persistable and rolling restarts/upgrades are possible KCORE-1484
Allow K.load to set parent and origin KCORE-1486
Implement user profile attributes KCORE-1487
Add require authentication config for spaces and kapps KCORE-1500
As a first time user, I want my welcome process to be easier KCORE-1508
Expose request information (headers, parameters, etc) as bindings to scriptables KCORE-1515
Add confirm dialog for delete of bridged resource KCORE-1518
Consolidate space/kapp navigation into a lefthand navbar KCORE-1520

Bugs Fixed

Description Issue Number(s)
No conflict breaks change events for custom rendered fields KCORE-1461
Problems evaluating submission labels should not raise exceptions KCORE-1482
Submission patching should only update values that were passed KCORE-1488
/me endpoint does not handle attributes the same way as /users/ME KCORE-1489
The sample cassandra.properties file contains property names for the client-server encryption settings that correspond with the property names the application expects. KCORE-1490
Provide a better error message if keystore / truststore files cannot be found KCORE-1491
The default ca-certs file is currently being replaced by the cassandra keystore / truststore KCORE-1492
Authorization not applied when including parent and origin to submission endpoint KCORE-1493
The /SPACE/app/api/v1/kapps/KAPP/forms endpoint only shows modifiable forms KCORE-1497
Searching by a Kapp field that is not present on all forms sometimes raises "Unknown Field" errors KCORE-1501
Null field label resulting in Null Pointer Exception on render KCORE-1505
User and Identity webhooks should include space bindings KCORE-1507
Cache control headers should be added to all non-static resource requests KCORE-1511
Submission submittedAt/submittedBy should be set when a submission is created in a 'Closed' state KCORE-1512
Submission search may provide incomplete results if an AND segment contains more than the LIMIT results KCORE-1516

v1.0.7 (2016-12-12)

Download

v1.0.6 (2016-09-21)

Download

Issues

Description Issue Number(s)
Text and HTML form elements do not apply translations KCORE-1477
Submission searching sometimes raises 'Attempting to fill a fully fetched strand' error KCORE-1479
Submission searching sometimes raises 'Moment cannot be cast to String' error KCORE-1478

v1.0.5 (2016-08-22)

Download

Issues

Description
Translation functionality -- Requires Admin Kapp installed in your space
Added ability to filter submissions by Kapp fields for submissions on the Activity Console so that these can be search across forms
No longer show 'visible' on a non-bridged resource set-fields as it wasn't applicable
Changed Set fields dialog (Event) to use field label, if present, instead of field name
Fixed issue where filtering forms in form list by status of "Active" also includes Inactive forms
Fixed issue where button to Upload File erred in some versions of Firefox
Fixed issue where 'submissions' tab/link disappears when viewing submissions
Fixed issue where form would get a Not authenticated error code from the BridgedResourceHelper when accessed with Safari

v1.0.4 (2016-07-08)

Download

Issues

Description
SAML Authentication Support
Cassandra configuration updates including client encryption options, authentication options, and multiple cassandra contactpoint points
Inclusion of Cassandra version and additional environment data in the environment.log
Ability to set sort order and which fields are displayed on bridge requests
Callbacks added on K('form').save() and K('form').submitPage() to do custom actions like a message or redirect
Ability to configure a system-wide SMTP configuration for system emails which is used if no space SMTP configuration is set
Updated user profile view so the password reset and other values were visually differentiated
Logs can now be viewed per space in addition to the system level
Webhook error handling UI re-designed to include more intuitive handling of errors
Ability to retry a webhook and update the data/structure sent to the consumer
Updated in-app technical documentation (via Help menu)
Ability to use a shared bundle directory across spaces
Include webhook errors in the application.log
Attribute definitions can now include a description for easier maintenance
Include a configurable data directory for properties, rather than the static one inside the app, allowing customers to specify a writeable directory outside their web app
Include space and user attribute definitions when fetching space via the API
Read-only page on Kapp Setup that shows Kapp fields available
Add bundle.apiPath attribute/method for bundle developers to make links less brittle
Allow searching of submissions by null form types
Updated TaskRuns helper to use space attributes for TaskServer and TaskSource if Form/Kapp not found
Improve errors raised when evaluating webhook filters and webhook urls
Add pattern on space bundle path to restrict changing out of the /app/bundles directory
Minor management consoles UI updates
Fixed API connections when using LDAP that required local credentials
Fixed cloning a button where any render attributes were shared
Fixed updating render attributes where the save was not taking place
Fixed display issues where items were overlapping in some dialogs and menus
Fixed canceling import with same slug warning leads to un-importable state
Fixed allowing empty render attributes which caused a 500 error
Fixed webhook jobs status not being updated typically seen during time-outs
Fixed an empty HTML structure created inside the normal form BODY
Fixed selecting Space Attribute Task Source Name resolved to ${form('attribute:Task Source Name')} in the webhook URL definition
Fixed error that happened when a completed subform which had elements removed
Fixed issue where system was unable to find LDAP groups more than one CN or OU deeper than the base DN

v1.0.3 (2016-05-11)

This release provides a number of usability improvements prior to our annual KEG event along with other bug fixes.

v1.0.1 (2016-04-13)

Bug fixes and minor enhancements from initial public release

v1.0.0 (2016-03-04)

Initial Production Release