Skip to main content

 

 

 

 
 
 
 
OutSystems

Platform Server

Platform Server 11.14.0


Released on Dec 06, 2021

New in Platform Server 11.14.0

Bug Fixing

  • Fixed data vulnerability due to excessive logging. CVSSv3.1 score 4.4 (Medium). (RPM-1093)
  • Fixed a broken access control vulnerability in some buttons of Service Center. CVSSv3.0 score 5.4 (Medium). (RPM-1584)
  • Fixed multiple cross-site scripting (XSS) vulnerabilities in Popup_Editor, Popup_EditorForUpload, or Popup_EditorVanilla titles. CVSSv3.1 score 3.1 (Low) (RPM-447)
  • Fixed a security vulnerability on an internal Service Center API permission requirement. CVSSv3.1 score 6.3 (Medium). (RPM-747)
  • Fixed a security issue that could lead to session fixation problems. CVSSv3.1 score 5.4 (Medium). (RPM-966)
  • Breaking Change

    • The title of the Popup_Editor, Popup_EditorForUpload, and Popup_EditorVanilla is now encoded to prevent cross-site scripting (XSS) attacks. This may cause it to appear garbled in very specific scenarios.
      Check OutSystems 11 side effects and breaking changes for more details on the breaking change and a possible workaround.

    More details

    RPM-1024
    Fixed the validation of user Roles in Reactive Web Apps to ensure this step is performed only after loading the Roles information from the server.
    Application Runtime

    Fix Details:
    When the Single Sign-On Between App Types feature is on, end users performing the login on a Traditional Web App and then moving to a Reactive Web App might be redirected to the Invalid Permissions Screen, if the Default Screen is more restricted than the Registered Role.

    RPM-1041
    Fixed an issue when consuming a SOAP Web Service with HTTP transport binding.
    Application Runtime Logic Execution

    Fix Details:
    When consuming a SOAP Web Service, the expected protocol transport element was not being fetched correctly. This happened specifically for the "http://www.w3.org/2003/05/soap/bindings/HTTP/” transport element.

    RPM-1075
    Now, using DbCleaner API to delete a multi-tenant entity, event entity, or a multilingual static entity, also deletes the database objects associated with those entities.
    Application Runtime System Components

    Fix Details:
    When deleting an entity using the DbCleaner API several database objects associated with the entity weren't deleted. This issue occurred in the following cases:

    • Deleting a static entity containing translations, kept the multilingual tables and views.
    • Deleting an entity containing events, kept the event related tables.
    • Deleting a multi-tenant entity, kept the tenant views.
    Now, when deleting these entities, DbCleaner deletes the associated database objects.

    RPM-1093
    Fixed data vulnerability due to excessive logging. CVSSv3.1 score 4.4 (Medium).
    Infrastructure Management Platform Installer

    Fix Details:
    Fixed an SSRF vulnerability that could cause information exposure through log files. To protect our customers, we're not providing further details on this fix.

    RPM-1115
    Fixed an issue that was blocking the activation/deactivation of Timers in cloned modules.
    Application Lifecycle Service Center

    Fix Details:
    When trying to Activate/Deactivate a Timer of a module in the Service Center console, the operation has no effect and the NextRun value remains unchanged, although the feedback message confirms the change. This issue occurred only for modules that were cloned from modules with Timers.

    RPM-1118
    Fixed an issue that could cause incorrect code generation for SQL nodes with expand inline parameters in Oracle databases, after upgrading the Platform Server component to 11.12.0 or later.
    Publish Operation Compilation

    Fix Details:
    When upgrading an environment using an Oracle database to Platform Server 11.12.0 or later, the System Components installation failed with an HTTP NotFound error. After that, when trying to open the Service Center console, you would get ORA-00903 and ORA-00936 errors. Any use of expand inline parameters in SQL nodes would result in application errors. This issue only happened in some specific scenarios.

    RPM-1177
    The Roles screen of the Users application is now correctly listing only the end users having that role.
    Application Lifecycle Users

    Fix Details:
    In the Users application, when selecting a specific Role to see its details, you should see the list of end-users with that role. Instead, the screen listed all end-users in the environment.

    RPM-1190
    Fixed an issue that could cause incorrect code generation for SQL nodes with expand inline parameters in SQL Server databases, after upgrading the Platform Server component to 11.12.0 or later.
    Publish Operation Compilation

    Fix Details:
    When upgrading an environment using a SQL Server database to Platform Server 11.12.0 or later, the System Components installation failed with an HTTP InternalServerError. After that, when trying to open the Service Center console, you would get query execution errors. Any use of expand inline parameters in SQL nodes would result in application errors. This issue only happened in some specific scenarios.

    RPM-1198
    Fixed an error when publishing the System Components solution during the upgrade to Platform Server 11.12.0 or later caused by producer modules not being prepared.
    Infrastructure Management Platform Configuration

    Fix Details:
    When upgrading the Platform Server component to version 11.12.0 or later, publishing the System Components fails with the error "Old Producer: Producer module 'EnterpriseManager' hasn't been prepared for the the current OutSystems environment version". This error occurred only while upgrading environments that were originally created with very early Platform Server versions, having the effective User Provider of the Users module set to the Enterprise Manager deprecated module. As the Enterprise Manager module is not included in the solution anymore, the publishing failed.

    RPM-1260
    Fixed an issue that prevented Timers, Emails, and Processes from running after changing the name of the Server.
    Application Runtime Processes

    Fix Details:
    When changing the name of a registered front-end Server, a new Server record is automatically registered in the Service Center console after restarting the OutSystems Deployment service. This operation was lacking the update of the Timers, Processes, and Emails executed by that Server to reference the new record. This issue has been solved, and all references are now updated to match the new Server record when the Server name changes.

    RPM-1272
    Fixed the "Unable to find the specified file" error when publishing the System Components solution during a Platform Server upgrade.
    Publish Operation Compilation

    Fix Details:
    When publishing the System Components solution during a Platform Server upgrade, the following error is thrown for each module of the solution: "An error occurred in task 'Building Oml with Empty Proxies for espace [module_name]': Unable to find the specified file". This issue would happen because the user associated with the OutSystems Deployment Controller service lacked the permissions to create symbolic links.

    RPM-1296
    Fixed an issue that could cause a timeout when publishing the Service Center component through the Configuration Tool using an Oracle database.
    Publish Operation Compilation

    Fix Details:
    For some specific Oracle versions, the database engine is not choosing the most efficient plan to execute a specific query that runs during the compilation phase when using the default IntrospectionMethod key value defined in the Server.hsconf file. This was causing a timeout when publishing the Service Center component through the Configuration Tool.

    RPM-1323
    Fixed an error when setting IT users permissions and there are more than 1000 application permissions. This issue applied only to environments using an Oracle database.
    Application Lifecycle LifeTime

    Fix Details:
    When registering a new Oracle environment in the infrastructure through the LifeTime console, the environment synchronization generated several errors in the advanced query RemoveDeprecatedPermissions, which is executed by an internal Platform Server API. This problem only occurred for Oracle environments having more than 1000 application permissions.

    RPM-1325
    Fixed an error when publishing the Service Center component during a Platform Server installation or upgrade using an Oracle database. This error occurred only when the user OSADMIN had no permissions to execute the DBMS_RANDOM Oracle package.
    Infrastructure Management Platform Configuration

    Fix Details:
    While installing or upgrading the Platform Server in environments using an Oracle database, the publishing of the Service Center component failed with a "Could not create foreign key constraint." error. The issue only occurred in environments where the DBMS_RANDOM Oracle package was removed from the Public user group, resulting in the lack of permissions for the user OSADMIN to execute that package.

    RPM-1374
    Fixed the "Error getting publication state" error when publishing the System Components solution during a Platform Server upgrade.
    Infrastructure Management Platform Configuration

    Fix Details:
    When upgrading the Platform Server component, publishing the System Components failed with the error "Error getting publication state". This was an issue when the Configuration Tool retrieves information from the Server.API and it's now fixed.

    RPM-1420
    Fixed application deployment issues when Dynatrace was enabled in the environment.
    Publish Operation Deployment stage

    Fix Details:
    The Dynatrace tool injects customized code in some platform internal files, causing the OutSystems Deployment service to fail the integrity check after publishing a module. Having this tool enabled prompted the OutSystems Deployment service into error state and application deployments to fail with the error "Deployment failed: Ping validation failed".

    RPM-1421
    Fixed an issue that led to 404 Traditional Web app screens using an SEO Page Rule that started with "rest".
    Application Runtime SEO Friendly URLs

    Fix Details:
    The issue led to a 404 when accessing screens that used an SEO Page Rule. This issue occurred when using Platform Server version 11.12.1 or later and affected Traditional Web app screens using SEO Page Rule with a URL Pattern that started with "rest".

    RPM-1456
    Updated the installation checklist instructions for integration with IBM Db2 databases.
    Infrastructure Management Platform Installation Checklist

    Fix Details:
    In environments with integration with IBM Db2 databases, attempting to access the Db2 database after installing the Platform Server resulted in the error “The ConnectionString property is invalid“, with error stack “Unable to load DLL ‘cwbdc.dll’". This happens because IBM i Access for Windows has been replaced by IBM iAccess Client Solutions (ACS), therefore the required file "cwbdc.dll" is not installed anymore when following the previous installation checklist instructions. The checklist was updated to provide the correct instructions for integration with IBM Db2 databases.

    RPM-1522
    Fixed the error "ORA-01489: result of string concatenation is too long" when publishing a module with an Action which description exceeds 4000 bytes. This issue occurred only in Oracle databases.
    Publish Operation Compilation

    Fix Details:
    Starting from Platform Server 11.0.422.0, the Action's description is saved in the database with a limit of 2000 characters, which represents a maximum of 4000 bytes in Oracle databases. This issue occurred when the description of an Action had less than 2000 characters, but more than 4000 bytes, which can happen, for example, for Japanese characters. In this scenario, publishing the module resulted in the error "ORA-01489: result of string concatenation is too long".

    RPM-1526
    Fixed an issue that caused third-party components that used click events to not work as expected in PWA Mobile apps.
    Application Runtime Interface

    Fix Details:
    The issue caused third-party components that used click events to not work as expected. This occurred in Mobile apps distributed as PWAs. The issue no longer occurs after the removal of the FastClick.js from Mobile apps.

    RPM-1561
    The Configuration Tool no longer proceeds with the Apply and Exit operation if the Platform Administrator password is empty.
    Infrastructure Management Platform Configuration

    Fix Details:
    In environments using Windows Authentication, when you open the Configuration Tool the passwords are empty, which is the expected behavior. However, when clicking the Apply and Exit button, the Configuration Tool would execute the apply operation and attempt to connect with the database. In some cases, the failed login attempt to the database could lock the account.

    RPM-1575
    Fixed the Test Connection validation in the Configuration Tool when using Windows Authentication.
    Infrastructure Management Platform Configuration

    Fix Details:
    In environments using Windows Authentication, using the Test Connection returned a successful result when using an incorrect password.

    RPM-1584
    Fixed a broken access control vulnerability in some buttons of Service Center. CVSSv3.0 score 5.4 (Medium).
    Application Lifecycle Service Center

    Fix Details:
    In the tenant details of a module, the Timers tab was not properly validating the user permissions. It could allow an IT user to run timers without the proper permissions. The permissions are now properly validated.

    RPM-1608
    The Platform Server installer no longer installs .Net Core 2.1.
    Infrastructure Management Platform Configuration

    Fix Details:
    As of Platform Server 11.12.2, .NET Core 3.1 Runtime & Hosting Bundle for Windows is part of the system requirements, replacing the previously used .NET Core 2.1, which is no longer supported. However, the installer of Platform Server 11.13.0 or later installed both versions. Removing the .NET Core 2.1 from the environment after the Platform Server installation would cause some OutSystems services to fail.

    RPM-1623
    Fixed an issue that cause Reactive Web Apps to show a blank screen when opening them through a URL with a hash (#).
    Application Runtime Mobile Application Update

    Fix Details:
    The issue caused screens to show a blank screen when the screen URL included a hash (#). This occurred in Reactive Web apps in environments with the SEO-friendly URLs for Reactive Web Apps technical preview enabled.

    RPM-1644
    Fixed the "c is not a function" runtime error occurring on some occasions for Reactive Web Apps and Mobile Apps distributed as a PWA after a Platform Server upgrade.
    Publish Operation

    Fix Details:
    After upgrading from a Platform Server version prior to 11.12.0 to Platform Server 11.12.0 or later, the runtime error "c is not a function" would sometimes occur for Reactive Web Apps and Mobile Apps distributed as a PWA. This issue was related to the Modified Date of the Client Runtime resources, which is set by the npm package manager with the same pre-defined date for any client runtime bundle. This was preventing IIS to detect the need to update the cache, serving old client runtime bundles instead.

    RPM-1677
    Changes to REST APIs or SOAP Web Services settings executed via Service Center on the module's Integrations tab are now recorded in the General Log.
    Application Lifecycle Service Center

    Fix Details:
    There was no logging information in the General Logs when changing the settings of REST APIs or SOAP Web Services via Service Center on the module's Integrations tab. This issue had a low impact on OutSystems Sentry environments, as they include compliant level auditing on request.

    RPM-1684
    Link widgets that match the current screen are now correctly added the "active" CSS class.
    Application Runtime Interface

    Fix Details:
    In Reactive Web and Mobile apps, Link widgets that pointed to the current screen weren't set with the "active" CSS class. For example, this meant that a link in the menu that pointed to the current screen wasn't highlighted. This issue occurred in environments using Platform Server version 11.12.0 or higher.

    RPM-1917
    Removed the service account that was causing errors during publication of System Components in environments with Active Directory authentication configured.
    Infrastructure Management Platform Configuration

    Fix Details:
    The process of installation of System Components fails with HTTP error code 400 due to a misconfiguration of the ConfigurationTool_OperationsSA system account

    RPM-1923
    Fixed several missing logs in Service Center (e.g. Error and General logs).
    Application Lifecycle Service Center

    Fix Details:
    On new Oracle installations with 11.14.0.33133 have no logs available in Service Center screens. On upgraded platform versions the log rotations will not work correctly, so only old weeks will be available once the logs rotate. Request event log tables are not affected by this issue.

    RPM-447
    Fixed multiple cross-site scripting (XSS) vulnerabilities in Popup_Editor, Popup_EditorForUpload, or Popup_EditorVanilla titles. CVSSv3.1 score 3.1 (Low)
    Application Runtime System Components

    Fix Details:
    The titles of the widgets Popup_Editor, Popup_EditorForUpload, and Popup_EditorVanilla were not encoded by default, making them vulnerable to cross-site scripting attacks. The Title property is now encoded however, this may introduce a breaking change. Find more information about this breaking change here.

    RPM-478
    Fixed an issue that caused Entity_DropTable and Attribute_DropColumn actions of DbCleaner API to throw an ORA-00942 error when dropping entities or attributes in modules created in Oracle database schemas other than the main one.
    Application Runtime System Components

    Fix Details:
    Fixed an issue that caused an ORA-00942 error to show after dropping entities or attributes using DbCleaner API. This occurred when using an Oracle platform database and after using Entity_DropTable and Attribute_DropColumn actions with modules created in schemas other than the (Main) schema. Even after the ORA-00942 error, the entities or attributes were dropped. Now, the error is not shown after successfully dropping the entities or attributes.

    RPM-542
    Now, it's not possible to delete the active External Authentication Provider plugin.
    Application Lifecycle LifeTime

    Fix Details:
    Fixed an issue that prevented IT users from logging in environments or infrastructures while using a custom External Authentication Provider plugin. This occurred after deleting the active Authentication Provider plugin, and prevented the activation of the OutSystems Built-In Authentication in LifeTime. Now, it's not possible to delete the active External Authentication Provider plugin.

    RPM-546
    Fixed an issue that caused timeout when accessing the solution publish screen when the publish report has a very high number of messages.
    Application Lifecycle Service Center

    Fix Details:
    The issue prevented publishing a solution, due to a timeout in the solution publish screen that made it impossible to select 'Continue' button to proceed with the publish. This issue occurred when publishing large solutions.

    RPM-593
    Fixed the error message returned when publishing a module after trying to modify the length of a Text Id attribute of an Entity.
    Publish Operation Compilation

    Fix Details:
    The attempt of modifying the length of an Entity's Id attribute with Text data type can result in errors due to limitations on the database engine side. In those scenarios, the error message returned by the platform when publishing the module could be misleading and sometimes incorrect.

    RPM-714
    Fixed an issue blocking the external authentication of IT users using then AD authentication provider when using multiple deployment zones and not having the System Components deployed in the Default zone. Improved also the error message shown in this scenario.
    Application Lifecycle Users

    Fix Details:
    In an environment with multiple deployment zones where the System Components are not deployed in the Default zone, activating the AD authentication provider (ADAuthProvider) would result in the following error: "Test failed: Module must be available for all front ends (in global zone)". This issue prevented the activation of AD authentication for IT users. Also, the error message was misleading.

    RPM-741
    As a security improvement, extensions are no longer automatically recompiled on upgrade.
    Infrastructure Management Application Server

    Fix Details:
    Compilation during extension upgrades allows arbitrary code to be executed remotely in the server. This vulnerability has been classified as Critical with a cvss score of 9.1

    RPM-747
    Fixed a security vulnerability on an internal Service Center API permission requirement. CVSSv3.1 score 6.3 (Medium).
    Application Lifecycle Service Center

    Fix Details:
    Service Center APIs used by Service Studio to create and delete apps would allow deleting system modules when they shouldn't. Deleting system modules can impact a running environment, ultimately causing misbehaviors or unavailability. The internal APIs were hardened and no longer allow deleting system modules.

    RPM-754
    Fixed an issue that prevented DbCleaner API to delete attributes of multitenant database views.
    Application Runtime Public APIs

    Fix Details:
    Using the Attribute_DropColumn of DbCleaner API to delete an attribute of a multitenant entity would return the error: "Error executing query. View or function has more column names specified". The DbCleaner API now properly deletes the attribute.

    RPM-768
    The actions Entity_DropTable and Attribute_DropColumn from DbCleaner API now have a success output indicating if the drop operation was performed or not.
    Application Runtime System Components

    Fix Details:
    In the scenario of active columns and entities, the actions Entity_DropTable and Attribute_DropColumn from DbCleaner API don't perform the drop operation. However, no feedback was being returned about the effectiveness of the operation.

    RPM-939
    Fixed an issue that was causing Service Center to throw an error when exporting to excel the Screen Requests logs filtered by Application.
    Application Lifecycle Service Center

    Fix Details:
    When trying to Export to excel the Screen Requests logs from the Service Center, if the logs were filtered by any Application, the following error would be thrown: "There was an error while exporting data. Redefine log filters to retrieve less data and try again."

    RPM-945
    Fixed an issue that could cause modules to have outdated dependencies after a Platform Server upgrade.
    Application Runtime Data Access and Manipulation

    Fix Details:
    After upgrading from a Platform Server version prior to 11.10.0 to Platform Server 11.10.0 or later, performing the Apply Settings operation before republishing the applications would cause modules with renamed or deleted Site Properties to be outdated. This issue could cause the application to be unavailable.

    RPM-952
    Fixed an issue that occurred in Reactive Web apps and that prevented clearing an invalid value from a Text, Phone, or Email variable.
    Application Runtime Interface

    Fix Details:
    The issue prevented clearing the value of a Text, Phone, or Email variable in Reactive Web apps. This occurred if the value was invalid with Form.Valid runtime property set to False.

    RPM-966
    Fixed a security issue that could lead to session fixation problems. CVSSv3.1 score 5.4 (Medium).
    Application Runtime Authentication and Authorization

    Fix Details:
    In certain situations there is session fixation validations made on recent logins.

    RPM-977
    Fixed the warning "Resource Not Versioned" when deploying Reactive Web Apps.
    Publish Operation Deployment stage

    Fix Details:
    When deploying Reactive Web Apps, the staging report included the following warning for some Reactive Web modules: "Resource Not Versioned: The resource [resource_file] of the producer module [module_name] was not found in the application cache. Please republish [module_name] to prevent runtime errors". This issue had no impact on the running applications.

    Platform Server 11.13.2


    Released on Oct 18, 2021

    New in Platform Server 11.13.2

    • Flexible Upgrades is now available for Platform installations running over Oracle. (R11PIT-315)

    Bug Fixing

    More details

    RPM-1066
    Fixed an issue in the Users application preventing end-users from logging in when using standard LDAP authentication.
    Application Lifecycle Users

    Fix Details:
    End users configured with standard LDAP authentication were not able to log in due to an "Invalid username or password" error. This was an error in Users application related to the encrypt/decrypt password algorithm. The issue was found in version 11.7.3 and it's now fixed.

    RPM-1078
    Fixed an upgrade schema error when clicking "Create/Upgrade Database" in the Configuration Tool while upgrading the Platform Server from version 10 to version 11.11.1 or later. This issue applies only to self-managed environments.
    Infrastructure Management Platform Configuration

    Fix Details:
    While upgrading the Platform Server component in a self-managed environment from version 10 to version 11.11.1 or later, clicking the "Create/Upgrade Database" button in the Configuration Tool caused the upgrade schema error "Unable to obtain the connection string". Besides blocking the upgrade process, this issue didn't cause downtime or loss of service.

    RPM-1128
    Improved the performance of the modules preparation phase executed during the upgrade process.
    Infrastructure Management Platform Configuration

    Fix Details:
    The module preparation phase after a Platform Server upgrade could take a long time to complete, increasing the time a development team would have to go without being able to publish any modules. This is especially noticeable in large factories and it would only occur in Platform Server 11.12.0 or later. The module preparation was improved to be more performant.

    RPM-1278
    Fixed a high severity vulnerability by upgrading the packaged RabbitMQ to 3.8.21.
    Infrastructure Management Platform Configuration

    Fix Details:
    All versions of RabbitMQ prior to 3.8.16 are prone to a denial of service vulnerability. The packaged RabbitMQ was upgraded. You can check more details in this security bulletin.

    RPM-1434
    Fixed an issue that caused the incorrect calculation of the average time in Service Actions Performance report.
    Application Lifecycle Service Center

    Fix Details:
    The Service Actions Performance report in Service Center showed incorrect values for "Avg. Time". When generating or exporting a Service Actions Performance report from the Analytics tabs of Service Center, the report showed the same value for both "Avg. Time" and "Total Time" columns.

    RPM-1466
    Fixed a malformed login URL for SAML 2.0 when using an external IdP with SSO login URL containing query parameters.
    Application Runtime Authentication and Authorization

    Fix Details:
    After setting up SAML 2.0 in Users, app end users that try to log in get redirected to the User app with a permission denied message. The issue occurred due to a malformed login URL when using SAML 2.0 with a Single Sign-On URL that contained a query parameter.

    RPM-1487
    Fixed an issue that occurred when clicking "Apply and Exit" in the Configuration Tool after changing the Platform, Log, or Session database configurations.
    Infrastructure Management Platform Configuration

    Fix Details:
    Configuration Tool was not respecting alterations to the databases connection details (Platform, Log, and Session). Changes done in the Configuration Tool UI were not effectively saved. Upon clicking "Apply an Exit", older values (for example: database address, authentication mode and credentials) would be used, ultimately causing connection errors or operations to be attempted with the old values. The issue was fixed, and values changed in the UI are now fully respected.

    RPM-1502
    Fixed an issue that might cause the Configuration Tool to lock the Administrator or Runtime Active Directory accounts when using Windows Authentication.
    Infrastructure Management Platform Configuration

    Fix Details:
    When using Windows Authentication, opening the Configuration Tool could lock the Administrator or Runtime user accounts in the Active Directory. This would happen under a strict security policy to lock user accounts on first failed login attempt. This issue occurred because the Configuration Tool was attempting to login to the database with the Administrator and Runtime users as soon as the UI is opened, which doesn't apply to Windows Authentication.

    RPM-1509
    Fixed a licensing query that would generate "Licensing error" entries in Service Center Error logs.
    Application Runtime Licensing Runtime Checks

    Fix Details:
    In Service Center error logs, an entry with the message: "Licensing Error: An error occurred while validating feature 'InternalExternalUsersCounter': ORA-00972" would happen frequently. Appart from log polution, there was no futher impact. It would happen only when all of the following conditions are true:

    • the Platform Server version is 11.11.3 or later
    • the platform database is Oracle 12.1c
    • the license was purchased after January 2020

    The issue was fixed in an OutSystems internal query to no longer result in such an error.

    RPM-1537
    Fixed an issue where the Configuration Tool UI was not disabling Log and Session database credential fields when using Windows Authentication.
    Infrastructure Management Platform Configuration

    Fix Details:
    In the Configuration Tool, when authentication is set to Windows Authentication on the Platform tab, login errors could occur. The Administrator, Runtime, and Session credential fields in the Log and Session tabs should be disabled. The issue would cause the fields to be editable. This would force the user to fill in those fields, and, when the credentials didn't match, would cause a login error.

    RPM-912
    Fixed a compilation issue when consuming a SOAP Web Service containing a type and a subtype with the same name.
    Application Runtime Logic Execution

    Fix Details:
    A compilation error occurred after publishing a module which consumed a SOAP Web Service with polymorphism. This only occurred when one of the possible subtypes declares an anonymous type with the name as the subtype.

    Platform Server 11.13.1


    Released on Sep 22, 2021

    New in Platform Server 11.13.1

    • We improved the UI and overall user experience of the Preview in Devices. We also added support for a modern variety of devices. (ROU-2177)

    Bug Fixing

  • Fixed a server-side request forgery (SSRF) vulnerability on custom handlers. CVSSv3.1 score 6.5 (Medium). (RPM-1098)
  • Fixed an integrated authentication vulnerability in OutSystem Cloud environments. CVSSv3.1 score 5.5 (Medium). (RPM-728)
  • Fixed multiple security risks on the documentation of a REST API by raising the handlebars.js used in the swagger UI. CVSSv3.1 score 6.5 (Medium). (RPM-997)
  • More details

    RPM-1098
    Fixed a server-side request forgery (SSRF) vulnerability on custom handlers. CVSSv3.1 score 6.5 (Medium).
    Application Runtime Data Access and Manipulation

    Fix Details:
    To protect our customers we're not providing further details on the issue.

    RPM-1172
    Fixed an issue that caused the logs of mobile apps to have an incorrect timestamp.
    Application Runtime Logging

    Fix Details:
    The logs related to mobile apps, as shown in Service Center, were sometimes presenting a timestamp that was deviated from the actual time the event occurred. This could cause the events on the logs not to reflect the order in which they actually occurred, making it harder to understand the logs and troubleshoot a mobile app. The behavior was fixed and the timestamp of the logs now reflects the exact time of the event.

    RPM-1265
    Fixed an issue that sometimes caused the Environment Information not to be filled in the Service Center error logs.
    Application Runtime Logging

    Fix Details:
    The issue would sometimes manifest when the device running the mobile app was offline and an error occurred. When the device comes online, the information is sent to the server to log. The log was written, however, the Environment Information field as seen in the error log detail didn't contain any data. Such information is useful to provide the runtime context in which the error occurred. This issue didn't cause any impact on the mobile app's normal usage nor on the end-user experience.

    RPM-1308
    Fixed an issue in PWA applications where splash screens would hang on iOS 14.6 devices.
    Application Runtime Application Distribution

    Fix Details:
    According to https://www.theregister.com/2021/06/...indexeddb_bug/ Apple's WebKit team has managed to break the popular IndexedDB JavaScript API in the latest version of Safari (14.1.1) on macOS 11.4 and iOS 14.6.

    RPM-1352
    Fixed broken references errors to indirect producers after an upgrade to Platform Server 11.12.1 or higher.
    Publish Operation

    Fix Details:
    After upgrading to 11.12.1 and publishing a module, runtime errors due to incompatible definitions might occur. The issue would occur when a consumer module A is using a producer module B and that producer, in turn, has a producer C that references an extension E. In that case, module A would have errors about incompatibility with an Action from extension E.

    RPM-1371
    Fixed an issue that caused navigations to the previous screen to go back more screens than it should.
    Application Runtime

    Fix Details:
    On a Mobile or Reactive Web app, a screen that has a link that navigates to the previous screen would go instead to the screen before that. Effectively the navigation would send users to 2 screens before the screen they were on. More specifically, the wrong previous screen navigation occurs only after a navigation is performed on an OnInitialize event of a screen. The issue happens only with applications compiled on Platform Server version 11.12.0 or higher. It may happen on previous Platform Server versions, if the environment had the React 16 Technical Preview feature activated. The issue was fixed in this version and the wrong redirect will no longer occur.

    RPM-599
    Fixed an issue that caused disabled Scheduler services to pick up events and email tasks that they would not process. This also caused a permanent warning displayed on the monitoring pages.
    Application Lifecycle Service Center

    Fix Details:
    When configuring the servers it is possible to disable BPT processing for specific servers. This issue caused some events to be picked up during the disabled schedulers startup but never processed. The issue does not exist if all servers are allowed to execute BPT.

    RPM-728
    Fixed an integrated authentication vulnerability in OutSystem Cloud environments. CVSSv3.1 score 5.5 (Medium).
    Cloud Paas

    Fix Details:
    Fixed a vulnerability that would allow, in the OutSystems Cloud, users with access to the underlying infrastructure to be able to access applications developed in the environment. The vulnerability was fixed so that it no longer allows privileged users with infrastructure access to log in to applications.

    RPM-921
    Fixed an issue that was preventing developers from using the Distribute tab in Service Studio. The issue would only manifest when Active Directory authentication was enabled for IT users.
    Service Studio Distribute

    Fix Details:
    For Mobile apps, accessing Distribute tab in Service Studio in an environment with Active Directory enabled for IT users, would result in an "Invalid user credentials" error, even if the credentials were correct. The issue would occur with a combination of a Platform Server version higher than 11.10.2 and Service Studio version 11.10.06 or higher.

    RPM-997
    Fixed multiple security risks on the documentation of a REST API by raising the handlebars.js used in the swagger UI. CVSSv3.1 score 6.5 (Medium).
    Application Runtime Logic Execution

    Fix Details:
    The auto-generated documentation of a REST API was using an outdated version of handlebars.js that has known vulnerabilities. Security tests would flag this. The handlebars.js version was raised to an updated version.

    Platform Server 11.13.0


    Released on Aug 09, 2021

    New in Platform Server 11.13.0

    • We improved the experience of the "SEO-friendly URLs for Reactive Web Apps" technical preview. The platform now shows a compilation error when ISAPI Filter, one of the prerequisites, is missing from the installation. (RTAFB-4270)
    • New features in emails for Mobile and Reactive Web Apps. Attach files to emails. In addition to the existing widgets, design content with Table, List, and If. The Image widget now supports adding binary content from the database. To use the new widgets, update Platform Server and keep "Emails for Mobile and Reactive" on. To add attachments, update Platform Server and turn on "Attachments in Mobile and Reactive emails". (RTAFB-4602)
    • You can now use expressions to set titles of Screens. This lets you change the page title dynamically, and set unique values that show in the browser tabs, bookmarks, and results from the search engines. When using this feature, it is recomended that all developers in the same organization update Service Studio. (RTAFB-4738)

    Bug Fixing

    More details

    RPM-1038
    Fixed an issue that was causing headers not to be applied correctly in applications.
    Application Runtime System Components

    Fix Details:
    Headers added using the AddHeader action of HTTPRequestHandler weren't being applied to the applications. The symptoms may vary according to the type of header that was added. The issue can happen from Platform Server version 11.9.0 onwards and was fixed in this version to restore the proper behavior, adding the defined headers.

    RPM-1052
    Fixed an issue with SEO Friendly Urls, that caused a 404 when the module alias had the same name as the module.
    Application Runtime SEO Friendly URLs

    Fix Details:
    The issue occurs in modules that have the same name as the module alias. This created 2 entries in the database table every time you publish, overflowing, in the long run, the 10000 lines DB table limit. To prevent this issue, the DB table limit was increased above the 10000 lines, and there's an automatic cleanup on duplicated entries.

    RPM-1245
    Fixed an issue that caused the login action to take a long time in Traditional Web apps using SAML 2.0 authentication when the user has many active sessions.
    Application Lifecycle Users

    Fix Details:
    When using SAML 2.0 authentication in Traditional Web apps, the action of logging in is taking a very long time. This happens for very active users with hundreds of active sessions, most typically, users used for testing or automation. The issue resides in the RegisterUserSession action that's not performant in this edge case. This action was improved so that's no longer subject to performance degradation.

    RPM-341
    Fixed an issue with SEO Friendly Urls, that caused a 404 when the module alias had the same name as the module.
    Application Runtime SEO Friendly URLs

    Fix Details:
    This issue has the same cause as RPM-1052. Refer to it to understand the impacts and changes.

    RPM-365
    Fixed an issue that caused the join between the system tables Sent_Email and Email_Status not to retrieve any results.
    Application Runtime Logging

    Fix Details:
    This issue caused a join between the system tables Sent_Email and Email_Status not to retrieve any results. This has no impact on the OutSystems capability to send emails, but if you're using the Emails API in your logic, your application can be affected. The fix restored the proper behavior and the results of that join are now correctly retrieved.

    RPM-638
    Fixed an issue in the Security exceptions of Mobile apps that caused incorrect exception handling.
    Application Runtime Logic Execution

    Fix Details:
    The issue resided in the "Invalid Login" and "Not Registered" exceptions of Mobile apps that were not caught by their parent handler, Security exception. Instead, they were bubbling up to "All exceptions", ultimately causing the wrong exception message to appear to the end-user.

    RPM-905
    Fixed the client-side exception mechanism so it properly manages handlers from the parent exception.
    Application Runtime Logic Execution

    Fix Details:
    In Reactive Web or Mobile apps, user exceptions were not properly following the hierarchy of exceptions. The "parent node" exception, User Exception, should be able to handle any "children node" exception, for example, UserException1. Due to this issue, a UserException1 on client-side logic was not being handled by the User Exception parent node, and instead, it was bubbling up to AllExceptions, ultimately causing the wrong exception message to appear to the end-user.

    RPM-954
    Fixed an issue that prevented end users from closing Popover Menu used inside a Tabs OutSystems UI pattern.
    Application Runtime Interface

    Fix Details:
    In Mobile apps, end users couldn't close a Popover Menu by selecting an area outside the popover menu. This occurred with Popover Menu widgets used inside the Tabs OutSystems UI pattern, except for Popover Menus in the first tab.

    RPM-972
    Fixed an issue where scrolling doesn't work in Popover Menu widget when it's opened inside a Tabs pattern.
    Application Runtime Supported Forge Component

    Fix Details:
    When a Popover Menu widget is used inside a Tabs pattern, the end-user wasn't able to scroll the page if the Popover was opened. The issue would occur with previous Platform Server versions and OutSystems UI version 2.5.8 or higher. The issue was fixed and it's now possible to scroll properly using any OutSystems UI version.

    Platform Server 11.12.2


    Released on Jul 13, 2021

    Bug Fixing

    • Fixed an issue where linking to a screen with a custom URL defined caused a crash if mandatory inputs were empty or invalid. (RAR-782)
    • Fixed an issue on progressive web apps (PWAs) where data from an aggregate populated by local storage did not display. This issue occurred when a consuming module used a different entity name than the producer module. (RPM-896)
    • Raised the required Microsoft .NET Core Windows Server Hosting from 2.1 to 3.1. The checklist and documentation instruction links have been updated to reflect this. (RPM-1105)
    • Fixed an issue with Multilingual Locales that caused the following error message to display: "Problem fetching the current Locale. The returned Locale is either null or undefined." (RPM-1161)
    • For a REST Expose Action, the swagger.json file now correctly reflects the "Name in Response" value when you specify that the output parameter must be sent in the header. Previously, the "Name in Response" was ignored when specified for the output parameter. (RPM-1181)
    • Fixed an issue that removed page rules of Traditional Web applications when they were republished. (RPM-1324)
    • Fixed a performance issue with compiling modules. The fix reduces the number of database queries required when computing server-to-client data transfer optimization. (RTAF-4754)
    • Fixed a performance issue with SQL Server by eliminating unnecessary executions of the SERVERPROPERTY function. (RPLAT-650)
    • Fixed a SSRF security vulnerability on RestDevService. CVSSv3.1 score 4.3 (Medium). (RPM-996)
    • Fixed a SSRF security vulnerability on SoapDevService. CVSSv3.1 score 6.5 (Medium). (RPM-998)

    Platform Server 11.12.1


    Released on Jun 21, 2021

    Bug Fixing

    • When browsing application edit screens, Service Center no longer redirects you to the home page after a period of inactivity. (R11PIT-177)
    • Fixed an issue where it was not possible to send an e-mail using an SMTP provider that sends a non-supported command to authenticate. (RPM-1063)
    • Fixed an issue that removed page rules of Traditional Web applications when they were republished. (RPM-1324)
    • Fixed an issue causing unnecessary connections to the database. This fix prevents a performance impact in environments with SQL Server or Azure SQL Database. (RPM-993)
    • We fixed an error in Reactive Web Apps, in environments with the technical preview "SEO-friendly URLs for Reactive Web Apps". An error occurred when users accessed Screens that contain a Custom URL and an empty Page Name value or a Screen Name value equal to the Page Name value. This naming limitation no longer exists. (RTAF-4618)
    • We fixed an issue causing 404 errors in Reactive Web Apps. Screens configured with path parameters had 404 errors after upgrading an application. (RTAF-4646)
    • Fixed an issue where application runtime errors could occur under high concurrency conditions. This occurred with Static Entities defined in Libraries or when modules referenced Static Entities defined in Libraries. (RPLAT-751)

    Platform Server 11.12.0


    Released on May 24, 2021

    New in Platform Server 11.12.0

    • Upgraded to React 16. The platform runtime in Platform Server 11.12.0 and later uses the upgraded version of React, React 16. Although we’ve been testing this with help of multiple customers in multiple scenarios, we know that on rare occasions this upgrade may break some JavaScript extensibility code not compliant with React 16 so we recommend you fully test your Web Reactive and Mobile applications after the upgrade. This upgrade may also break the following components, so make sure you update to the latest versions from Forge: Multilingual Component, Input Masks Library, Input Masks Mobile. (RAR-174)
    • You can now Expose REST webservices using the PATCH verb. This capability is a technical preview feature and you need to activate the option "PATCH method in exposed REST APIs" in LifeTime. (R11DT-89)
    • It is no longer possible to concurrently publish the same modules in Solutions and individually. Modules in Solutions remain locked for the duration of the Solution publish. (R11PIT-176)
    • We improved the accessibility of the Table. The Table widget now has the following ARIA attributes: role="grid" and aria-rowcount. The cells in the Table have aria-colindex and aria-rowindex, while the header cell has aria-sort. (RAR-316)
    • We improved the Button Group widget accessibility by adding the following ARIA attributes: role="radiogroup", aria-activedescendant, role="radio", and aria-checked (if required by the item state). (RAR-319)
    • Improved the performance of Aggregates in PWAs when you use Join Conditions or Filters with more than one comparison. (RAR-381)
    • We improved the Radio Group widget accessibility by adding the following ARIA attributes: role="radiogroup", aria-activedescendant, role="radio", and aria-checked (if required by the item state). (RAR-433)
    • Native build now uses timeout returned by MABS instead of predefined value. (RLIT-4329)
    • With OutSystems Now being deprecated, the WebScreenClientExecuted event from PerformanceMonitoring API no longer retrieves properties related to applications running on mobile devices (DMan, Dmod, Dplat, DPlatV, NT, CN, CCC, CNT). (RLIT-4405)
    • When distributing an Android application using MABS 7, it is now possible to choose an Android App Bundle build type to generate an .aab file to upload to the Play store. (RNMT-4579) (RNMT-4579)
    • Redesigned the download page for mobile applications generated by MABS. (RNMT-4615)
    • Added support for SQL Server 2019 and compatibility level 150. This applies to the platform database, as well as external databases. (RPLAT-418)
    • Upgrading to the Oracle Managed Driver (19.10.1), fixes the ORA-12514 error in the Oracle Rac (Real Application Cluster). For more information on this and other fixes, see the Oracle release notes. (RPLAT-542)
    • Now, with Flexible Upgrades, after upgrading the Platform Server, you can opt to publish your applications gradually, following your teams' pace, instead of being required to publish all your applications directly after the upgrade. Not yet available in Platform installations running over Oracle, only for SQL Server. (RSUPT-705)
    • Now you can configure friendly URLs in your Reactive Web Apps. Go to Service Center > Administration > SEO URLs to set up the site rules and redirects. Configure the page rules in Service Studio, by setting Custom URLs to Yes in the Screen properties. SEO Friendly URLs is a technical preview feature, and you need to activate the option "SEO Friendly URLs" in LifeTime. (RTAFB-3869)
    • Inside Service Studio, you can now translate the UI for Reactive Web and Mobile Apps. (RTAFB-4112)
    • Added the server-to-client data transfer optimization for the Mobile and Reactive Web Apps. The optimization works for Screen Aggregates, Data Actions, and for the Server Actions in the logic flows of Screen Client Actions. (RTAFB-4331)
    • Now you can, in Mobile and Reactive Web Apps, create lightweight emails with basic navigation and styling. Emails in Reactive and Mobile is a technical preview feature, so you need to activate the option "Emails for Mobile and Reactive" in LifeTime. (RTAFB-4361)

    Bug Fixing

    • Fixed the client-side logs not being sent to the server after an upgrade rollback in a native mobile app. (RAR-123)
    • Fixed the client-side logs created offline not being sent to the server when reopening the app with the connection restored. (RAR-124)
    • The Dropdown now selects the correct item when the list contains default values for OutSystems data types. (RAR-610)
    • The default font in some factories, now loads correctly on users apps. (RLIT-4295)
    • Improved the feedback message when configuring Android Mobile Apps. (RLIT-4428)
    • The correct link now displays in the the Mobile Application description in Service Center. (RLIT-4434)
    • Fixed an issue in Service Center preventing the dependencies in a Solution to be properly shown. (RLIT-4457)
    • Fixed an issue that prevented the validation messages from appearing when a Form widget was used inside a Popup widget. This fix was done with the upgrade to React 16 of the runtime libraries. (RPD-3637)
    • Fixed a timeout error when deploying large modules or extensions. (RPD-3695)
    • Fixed an issue that could cause some application screens to crash and not recover, when there are database problems while loading Static Entities. (RPLAT-537)
    • We fixed the EPA Taskbox to correctly show content in the production environment. The Taskbox didn't send the UserId in the requests, causing an empty Activity Details Page. (RPM-1007)
    • Scheduler Service and Deployment Controller Service now run with a user with lower privileges. If during an upgrade you encounter any issues while setting the permissions for OutSystems services, check this article. (RPM-330)
    • Fixed an issue in the configuration of SAML authentication that prevented uploading a custom KeyStore. (RPM-339)
    • Fixed an issue causing a SBOX_FATAL_MEMORY_EXCEEDED error when having complex local storage Aggregates in PWAs. (RPM-427)
    • Fixed an issue in Service Center preventing the dependencies in a Solution to be properly shown. (RPM-490)
    • Fixed an issue that caused SSO to fail with some Identity Providers. (RPM-510)
    • Fixed an issue that caused an error when logging out from all applications using SAML authentication. This issue occurred only in on-premises infrastructures using Oracle databases. (RPM-530)
    • Triggers are now enabled in Oracle Databases if the compilation fails at the "Updating column default values" step. (RPM-541)
    • Fixed an issue on PWAs that caused Aggregates having a With or Without Join and a Filter over the joined Entity comparing its Id Attribute with NullIdentifier() to return no results. (RPM-565)
    • Fixed a Platform Server upgrade issue while running the Configuration Tool when the connection to MABS server fails. (RPM-592)
    • Fixed an issue that could cause the Service Center to become unavailable when using "servicecenter" as an alias of an application. (RPM-641)
    • Fixed a publishing error in public screens where producers were not exporting the default values of input parameters. (RPM-648)
    • Fixed an issue in the DiffDays client-side function that wasn't taking the time zone into consideration. (RPM-655)
    • Fixed issue that caused the filter on applications in Email Logs page to be lost when changing page. (RPM-696)
    • Fixed app runtime crashes after upgrading to Platform Server version 11.10.0 and later, when accessing Site Properties of a particular set of modules. (RPM-706) (RPM-706)
    • Fixed an issue that was causing the Traditional Web App Feedback balloon to be hidden whenever a screen's preparation calls to the Taskbox_Hide action. (RPM-709)
    • Fixed a Mobile App issue related to the triggering of the OnApplicationReady action before the app reloads to perform an upgrade. (RPM-799)
    • Added instructions to the install the check list to remove a Pure Deployment Controller from the Load Balancer, as well as disable the OutSystemsApplications app pool on IIS. to avoid requests being served by that server (RPM-804)
    • Fixed an issue which could cause degradation of the publish performance under certain circumstances. (RPM-810)
    • Fixed a BPT performance issue where ended events wouldn't get deleted after the process or the activity was closed. (RPM-814)
    • We improved the Service Center error "Invalid call of the [action name] client action of the [screen name] since the latter is not currently active". The error now has more details about the action and screen. Additionally, the verbosity of the error now depends on the context. (RPM-858)
    • Fixed a bug where the platform asked a user to login twice when using Integrated Windows Authentication (IWA). (RPM-924)
    • Fixed issue causing users to get the "Error loading original references" message when loading Modules that consume entities that have at least one attribute whose type is an identifier for an entity that is missing. (RPST-1305)
    • Improvements to module deletion logging now includes the time it takes for each operation to complete. (RPST-1346)
    • Fixed an issue that prevented Scheduler service errors from being registered in Service Center and Event Viewer. (RRCT-3554)
    • Fixed a Traditional Web App compilation crash that involved Trigger Event node and a type conversion in the Inputs of the Web Block event. (RTAFB-3598)
    • Fixed app runtime crashes after upgrading to Platform Server version 11.10.0 and later, when accessing Site Properties of a particular set of modules. (RTAFB-4142)
    • Fixed a performance issue with compiling modules. The fix reduces the number of database queries required when computing server-to-client data transfer optimization. (RTAFB-4754)

    Known Issues

    • Publishing Mobile or Reactive Web apps that use very complex structures in screen logic may take longer than usual or fail due to a timeout during compilation. It might also result in a memory consumption higher than usual while publishing.
    • To disable this for a specific module you can follow this procedure:
      1. Install Factory Settings Module in the environment (skip if already installed);
      2. Access Factory Settings Application; - Select "eSpaces" in the top of the app;
      3. Select your module from the list;
      4. Add a new configuration with the name "ClientSideOptimizerDisabled" and the value "True";
      5. Press "Define".
         
      To disable this for the whole environment you can follow this procedure:
      1. Install Factory Settings Module in the environment (skip if already installed);
      2. Access Factory Settings Application;
      3. Select "Platform Configurations" in the top of the app;
      4. Tick the options "Disable client-side optimizations for Reactive Web Apps" and "Disable client-side optimizations for Mobile Apps";
      5. Go to the bottom of the page and press "Apply".
         
    • Concurrent usage of Static Entities defined in Libraries can lead to transient application runtime errors

    Platform Server 11.11.3


    Released on Apr 21, 2021

    Bug Fixing

    • Expression values in widgets are now correctly translated when the locale changes. (RAR-603)
    • Fixed the Input widget so it doesn't lose the focus when inside the Popup widget. Applies to the Technical Preview - Reactive Web and Mobile runtime on React 16. (RAR-623)
    • Classification of end-users of OutSystems applications will now consider users with repeated accounts (same email or username) on different default tenants to consume only one license slot per user. (RPM-473)
    • 2-Stage deployment no longer skips the "finalize deploy" step. If for example, a solution contains a Producer and an outdated consumer module, the solution successfully completes and uses the updated modules. (RPM-538)
    • Fixed an issue that was causing memory leaks in Google Chrome browser when applying settings to the factory. (RPM-611)
    • Zip extension fixed to support unicode characters. (RPM-841)
    • Fixed an issue that prevented images from being displayed when Client-side optimizations Technical Preview feature was enabled. (RPM-848)
    • 2-Stage deployment no longer skips the "finalize deploy" step. If for example, a solution contains a Producer and an outdated consumer module, the solution successfully completes and uses the updated modules. (RPST-1444)

    Platform Server 11.11.2


    Released on Apr 21, 2021

    Bug Fixing

    • Fixed an issue that caused the deploy of modules with outdated references when deploying the running version of a solution with 2-Stage deploy on. (RPM-914)
    • Fixed a security issue that could cause unavailability of the platform. CVSSv3.1 score 6.1 (Medium). (RPM-621)
    • Fixed a security issue that could cause unavailability of the platform. CVSSv3.1 score 6.1 (Medium). (RPM-622)
    • Fixed a security issue that could cause unavailability of the platform. CVSSv3.1 score 6.1 (Medium). (RPM-623)
    • Fixed a security vulnerability. CVSSv3.1 score 8.3 (High)." (RPM-657)
    • Fixed a security vulnerability. CVSSv3.1 score 9.9 (Critical). (RPM-683)
    • Fixed a security vulnerability. CVSSv3.1 score 8.8 (High). (RPM-786)
    • Fixed a security vulnerability. CVSSv3.1 score 7.2 (High) (RPM-813)

    Platform Server 11.11.1


    Released on Mar 15, 2021

    New in Platform Server 11.11.1

    • This improvement fixes the table headers not being re-rendered when the locale changes. (RAR-456)
    • The Scheduler Service now runs in an isolated folder inside the Platform Server installation folder, "{Platform Server folder}/Scheduler". (RPOT-989)
    • Significantly improved the deployment time when a new attribute is added to an entity with millions of entries. (SQLServer Enterprise and Oracle) (RSAT-1049)
    • You can now override the extensibility configurations of your PWA application through LifeTime and you can also include your configurations in any module of the application. (RTAFB-2611)
    • Now the apps properly show content for the right-to-left (RTL) languages. (RTAFB-4062)

    Bug Fixing

  • Fixed a security issue that could cause unavailability of the platform. CVSSv3.1 score 4.1 (Medium). (RPD-4611)
  • Extension resources are no longer copied to consumers when there are only weak dependencies. CVSSv3.1 score 5.1 (Medium) (RTAFB-3511)
  • Breaking Change

    • Now, HTTP responses from Consumed REST API integrations are closed more aggressively. Previously, when doing numerous Consumed REST API requests, the number of used ports could increase rapidly and lead to port exhaustion problems. The new behaviour prevents this situation and helps avoid leaking resources, but can also cause runtime changes in some edge cases.
      Check OutSystems 11 side effects and breaking changes for more details on the breaking change and on a possible workaround.

    More details

    RPM-458
    Fixed an issue that caused an "Unable to save the deployment plan" error when deploying an application that consumes an SC Extension, between environments on LifeTime.
    Application Lifecycle LifeTime

    Fix Details:
    * Symptoms * Unable to save Deployment Plan due to the error: "LogDump application requires module 'PlatformLogs' from 'Service Center'" *How to reproduce* NA

    RPM-485
    Back navigations on Mobile Apps and Reactive Web Apps now correctly initialize the input values after an upgrade of the application.
    Application Runtime Interface

    Fix Details:
    When navigating with the back button on a Mobile or Reactive app after an upgrade, the previous state for the screens used before the upgrade is not recovered and the screen inputs are treated as empty.

    RPM-489
    Fixed an issue assigning complex variables in Client Actions when using the cache mechanism.
    Application Runtime Interface

    Fix Details:
    Assignment leaves nested record empty * This happens only when reading the values through the Cache mechanism. * When reading without using the cache mechanism, this problem does not occur. * The only difference between the 'cache' and 'no-cache' mechanism is the sequence of events, especially regarding the execution of the callbacks. When using the cache, the callback is invoked synchronously. When not using the cache, it's invoked asynchronously.

    RPM-534
    Fixed an issue where SEO Page Rules were cleared in a first redirect from an HTTP URL to an HTTPS URL.
    Application Runtime SEO Friendly URLs

    Fix Details:
    *Symptoms* When accessing a WebScreen using an SEO Page Rule, for example //TestPage/2 , but using HTTP when HSTS is enabled, the first access is redirected by the server to the non-SEO page with HTTPS, i.e. to https:////TestPage2.aspx?pagenum=2. *How to reproduce* In "Environment Security" (/servicecenter/Environment_Security.aspx), check options for "Enable HTTP Strict Transport Security (HSTS)", "Force HTTPS for screens in Web Applications" and click “Save and Apply Settings to the Factory“. In "SEO Friendly URLs - Page Rules" (/servicecenter/Page_Rules_List.aspx), click on "New Page Rule" and create new rule with a module, a web screen and URL Pattern: "/TestPage/{pagenum}" Visit http:////TestPage/2 and notice that the SEO rule was not applied. A redirect happened instead

    RPM-556
    Mappings being used on ListAppend and ListInsert actions now return all the expected records.
    Application Runtime Data Access and Manipulation

    Fix Details:
    *Symptoms* An Aggregate does not return all the records it is supposed to return if its result is only used in a ListAppend, in the flow of the action where it is included. *How to reproduce* - Create an Aggregate in the flow of an action, which is expected to return several results (more than 1); - Use its result only in a ListAppend (and not anywhere else);

    RPM-557
    Fixed an issue in method unregisteredBackNavigationHandler of JavaScript Navigation API causing all registered back navigation handlers to be removed from the queue.
    Application Runtime Logic Execution

    Fix Details:
    Unregistering a back navigation handler unregisters all handlers added after its registration.

    RPM-558
    Fixed a compiler error when a structure list with the attributes of the Entity type was used as a Source Record List in the ComboBox widget of a Traditional Web App.
    Publish Operation Compilation

    Fix Details:
    Compiler crash

    RPM-582
    Fixed an issue that could cause errors in PWAs (progressive web apps) running offline, if the PWAs were staged to a new environment in LifeTime or published from a solution.
    Publish Operation Compilation

    Fix Details:
    A runtime error is thrown navigating to certain screens on a PWA when application is offline. This is due to some missing resources on Service Worker that, consequently, are not cached and produce the error.

    RPM-591
    Fixed an issue that prevented the value of a Foreign Key Attribute in a Static Entity Record that was deleted in Service Studio from being deleted from the database.
    Publish Operation Compilation

    Fix Details:
    *Symptoms* When we delete the value of a Record in a Static Entity that is a FK and publish the oml, the value is not updated in the Database *How to reproduce* * Create a Module * Create Static Entity A and B * Create one attribute in static entity B that is an FK to A * Add at least one record to each static entity * Define the FK in B to a valid Record of A * Publish the Module * Changing the FK in B to a non record value (e.g. set it empty) * Publish the Module again * Check the Database and confirm that the FK in B still has the previous value

    RPM-713
    Fixed an issue where SLOWSQL entries for IsUserActive always had the column UserId set to zero.
    Application Runtime

    Fix Details:
    Customer detected exceptions with the message "There is already an open DataReader associated with this Command which must be closed first." when using the tool Appdynamics.

    RPM-752
    Fixed a runtime behavior causing Ajax requests to block for users having Kaspersky anti-virus software installed.
    Application Runtime Interface

    Fix Details:
    *Symptoms* *How to reproduce*

    RPM-760
    Fixed Client Actions set as functions so they use the default parameters when those functions are used inline. Previously the Client Actions set as functions ignored the default values in the inline calls.
    Application Runtime Logic Execution

    Fix Details:
    *Symptoms* When calling a Client Action as a function, if the action contains inputs with default values, the default values defined in the variables are not taken into account, leading to runtime issues. *How to reproduce* 1. Create a global Client Action and set its 'Function' property to Yes. I will name it 'Function'. a. Add the following input parameters and their default values to Function. i. In1 - Default Value: "function default" b. Add an Assign block and assign In1 to a new OutText output In1 = OutText 2. In any Screen, add a Client Action. I will name it Action1. a. Inside Action1, add an Assign block and assign a new Text1 Local Variable to Function(). Text1 = Function() 3. Create a button to call Action1 and debug the application. Notice that the Default Value from Function() will never be used. The issue can be reproduced in the OML in attachment testFunction.oml.

    RPM-815
    Configuration Tool always launches Service Center installation on every execution
    Platform Installation Configuration

    Fix Details:
    *Symptoms* In Configuration Tool, after clicking "Apply and Exit", Service Center publishing prompt will not be triggered. *How to reproduce* - Open the Configuration Tool, update any setting and click "Apply and Exit" - Click "Cancel" in the prompt for Installation/publish latest version of Service Center - Close Configuration Tool on the top right and click "Yes" on the "Do you want to save your changes?" prompt. - Open Configuration Tool and click "Apply and Exit" You will not be prompt to Install the Service Center until at least one setting is changed.

    RPM-877
    Fixed an issue with the calculation of the next run date for BPT events that failed with errors. Previously the next run date was set after months instead of after minutes.
    Application Runtime Processes

    Fix Details:
    *Symptoms* Events that fail are set to run several months in the future. *How to reproduce* Create a LighProcess in which the activity fails.

    Platform Server 11.10.4


    Released on Apr 21, 2021

    • Fixed a security issue that could cause unavailability of the platform. CVSSv3.1 score 6.1 (Medium). (RPM-621)
    • Fixed a security issue that could cause unavailability of the platform. CVSSv3.1 score 6.1 (Medium). (RPM-622)
    • Fixed a security issue that could cause unavailability of the platform. CVSSv3.1 score 6.1 (Medium). (RPM-623)
    • Fixed a security vulnerability. CVSSv3.1 score 8.3 (High)." (RPM-657)
    • Fixed a security vulnerability. CVSSv3.1 score 9.9 (Critical). (RPM-683)
    • Fixed a security vulnerability. CVSSv3.1 score 8.8 (High). (RPM-786)
    • Fixed a security vulnerability. CVSSv3.1 score 7.2 (High) (RPM-813)

    Platform Server 11.10.3


    Released on Feb 08, 2021

    Bug Fixing

    • Fixed application downtime in Farm environments due to missing DLLs in the Frontend servers, caused by running Configuration Tool from a location different than the first time it was executed, e.g through a symbolic link. (RPM-776)

    Platform Server 11.10.2


    Released on Dec 28, 2020

    New in Platform Server 11.10.2

    • When using React 16, render loop check now redirects to the Error Screen when a loop is avoided to prevent presenting incorrect data to the user. (RAR-441)
    • The locale is now added to the lang HTML element and corresponds to the same locale defined by the application. This is particularly important for accessibility purposes. (RTAF-3037)

    Bug Fixing

    • Fixed the text of the error message that shows when the app uses an unknown locale identifier. (RAR-330)
    • Registering a back navigation handler now correctly blocks a back navigation on React 16. (RAR-333)
    • Fixed the animation that is triggered by the event of leaving screen when using React 16. (RAR-439)
    • Fixed an issue that caused "None" type screen transitions to be animated in React 16. (RAR-445)
    • Fixed the on-screen keyboard so the search button shows for the inputs with the search type. (RPD-4843)
    • Fixed error that could prevent opening the Manage Dependencies window in Service Studio. (RPC-581)
    • Fixed an issue in Local Storage that led to a compilation timeout and prevented publishing apps. (RPM-467)
    • Fixed the cookies generated by Embedded Process Automation (EPA) taskbox so they use valid characters. (RPM-404)
    • Fixed the error screen that failed to initialize properly in PWAs. The bug also caused a popup to show that the browser didn't support Local Storage on iOS. This was happening because the error screen tried using WebSQL by default, instead of IndexedDB. (RPM-430)
    • Fixed error that could prevent opening the Manage Dependencies window in Service Studio (regarding extensions). (RPST-1122)
    • Fixed Service Center and System Components install being repeated by Configuration Tool even when their currently published version is already up-to-date. (RSUPT-558)
    • Fixed the cookies generated by Embedded Process Automation (EPA) taskbox so they use valid characters. (RTAF-3466)
    • Fix for connections left open in the database when modules start (RRCT-3274)
    • Fixed a security vulnerability. CVSSv3.1 score 5.4 (Medium). (RPD-4842)
    • Fixed a security issue. CVSSv3.0 score 5.3 (Medium). (RPD-4670)
    • Fixed a security issue. CVSSv3.0 score 5.8 (Medium). (RTAF-3479)

    Known Issues

    • In farm environments, if there is a symbolic link to the Platform Server folder, it’s possible for the Configuration Tool to be executed from different locations. e.g “F:\Program Files\OutSystems\Platform Server” is the platform installation folder and “C:\Program Files\OutSystems\” is a symbolic link. Every time Configuration Tool is run from a different location, it will corrupt some platform settings and it will cause DLLs to be wrongly deleted from the front-end.
      More details here.

    Platform Server 11.10.1


    Released on Nov 30, 2020

    New in Platform Server 11.10.1

    • Multilingual for Mobile and Reactive now maintains the selected locale between applications. (RAR-338)

    Bug Fixing

    • Fixed "No Default Screen" error screen when no default screen is selected. Now the app uses the first screen of the module and there's no error. (RAR-356)
    • Fixed navigation after a pending refresh. Now the screen redirects to the destination screen if there's a pending refresh when the user refreshes the page. Previously the app showed the origin screen after the refresh. (RAR-422)
    • Fixed an issue with the message after an upgrade is rolled back. The message that notifies the user that the upgrade failed now correctly shows. (RAR-423)
    • Added a new NameId format option in SAML configuration of the Users module (<Ignore field>). This new option allows you not to send the NameId format field. (RIDT-355)
    • Now, having a file named "Program" inside C:\ no longer causes errors when accessing Server.Identity and Server.API. (RPM-343)
    • Fixed an issue that caused the render loop protection to be triggered when multiple client variables were assigned in a client screen action flow. (RPM-380)
    • Fixed incorrect redirect to Users module after login using SAML Authentication for end-users. (RPM-395)
    • Configuration Tool is now able to detect the installation of .NET Hosting Bundle in order to diagnose problems related to its misconfiguration. (RPM-399)
    • Fixed PWAs crashing in OutSystems on iOS when accessing Local Storage. The crash was introduced by a bug in WebKit (https://bugs.webkit.org/show_bug.cgi?id=216769). (RPM-429)
    • Fixed a rare issue where publishing an extension would impact the database tables used by another module. (RPM-498)
    • Fixed issue where some database connections would be left open when starting a module. (RPM-504)
    • Fixed potential deadlock in OutSystems services when generating error logs while persisting logs in the database. (RRCT-3222)
    • Using .Net Framework 4.7.2 Oracle DB Provider. (RSAT-2481)
    • Validation and Upgrade messages can now be properly translated in Reactive and Mobile applications. (RTAF-3427)
    • The page title is now correctly translated in the runtime of Reactive Web Apps and Mobile Apps. (RTAF-3505)
  • Fixed an issue that allowed code injection on the description of exposed SOAP Web Services. CVSSv3.1 score 4.8 (Medium). (RBIT-37)
  • Known Issues

    • In farm environments, if there is a symbolic link to the Platform Server folder, it’s possible for the Configuration Tool to be executed from different locations. e.g “F:\Program Files\OutSystems\Platform Server” is the platform installation folder and “C:\Program Files\OutSystems\” is a symbolic link. Every time Configuration Tool is run from a different location, it will corrupt some platform settings and it will cause DLLs to be wrongly deleted from the front-end.
      More details here.

    Platform Server 11.10.0


    Released on Nov 09, 2020

    New in Platform Server 11.10.0

    • Added support for PLAIN authentication when connecting to email SMTP servers. OutSystems uses PLAIN authentication when LOGIN authentication is not available. (RRCT-2935)
    • Added support for email SMTP servers using implicit SSL connections on port 465. (RPD-4025)
    • It is now possible to apply settings to the OutSystems factory using a command-line flag of Configuration Tool. (RPD-4862)
    • Platform Server installation logs are now placed on the %localappdata%\OutSystems\PlatformInstaller folder. (RSAT-2289)
    • The error logs about the server responses in Mobile/Reactive apps now have information about the endpoint in use. (RAR-259)
    • You can now try out the Reactive and Mobile applications using the React 16 version. Start by enabling this technical preview feature in LifeTime. (RAR-270)
    • Fixed a bug that was blocking the user to set big extensibility configurations on LifeTime. It depends on LifeTime version 11.6.1. (RLIT-3938)
    • Now, when the Purpose of an environment changes a log entry is added. (RPST-883)
    • Added a retry mechanism for database deadlocks that occur while obtaining user information from the database. (RPST-374)
    • Improved the third-party libraries version algorithm added in the previous Platform Server versions to be more resilient regarding extensions that were created incorrectly. (RRCT-3102)
    • Upgraded NLog libraries to version 4.7.2. (RRCT-2965)
    • You can now optimize the amount of data transferred from the server side to the client side of Mobile and Reactive Web Apps. The optimization works for Screen Aggregates, Data Actions, and for the Server Actions in the logic flows of Screen Client Actions. This is a technical preview feature and you need to activate the option "Client-side optimizations for Reactive Web Apps" or "Client-side optimizations for Mobile Apps". (RTAF-3260)
    • You can now translate the UI of your Reactive Web Apps and Mobile Apps directly inside Service Studio. Multilingual is a technical preview feature and you need to activate the option "Multilingual for Mobile and Reactive" in LifeTime. After enabling the feature, use the new Multilingual Locales folder and new SetCurrentLocale system client action. (RTAF-3388)

    Bug Fixing

    • Fixed compilation of the local storage Aggregates with a Count over a Date/Time/DateTime attribute. (RAR-282)
    • Fixed "Cannot read property 'setAttribute' of undefined" error when creating nested tables with Table Records widget in Reactive Web App. (RTAF-2995)
    • Fixed an error while upgrading the Cache Invalidation Service (RabbitMQ) where having a momentary lock on the old version's folder would cause a failure. (RRCT-2962)
    • Now, Configuration Tool allows special characters on the password used for the Cache Invalidation Service (RabbitMQ). (RRCT-2980)
    • Fixed an issue in Configuration Tool that caused runtime errors and temporary app downtime while recreating a SQL Server session database. (RRCT-2982)
    • Fixed an issue that prevented applications from loading DLL providers correctly, which caused errors such as "No provider registered for key ...". (RSAT-2436)
    • Changed IIS configurations to define the minWorkerThreads. This change will not be applied if this value is already configured. (RPD-5040)
    • Fixed an issue where some SQL scripts for SQL Server did not contain schema information. (RPD-5090)
    • Fixed a solution publish error that occurred when compiling outdated dependencies to a structure having new attributes with complex data types. (RSBO-1521)
    • Fixed compilation error that occurred when there was a new attribute in a producer structure with a default value that wasn't refreshed in a consumer. (RPD-5039)
    • Improved the performance on the count of activities in the EPA Taskbox application. (RSBO-1300)
    • Fixed an issue that caused System Components installation via Configuration Tool to timeout when the Platform Server is under heavy use. (RSUPT-292)
    • Fixed module deletion not cleaning up the module's compilation result (its "share" folder) from the file system, leading to unnecessary disk space usage. (RSUPT-252)
    • Fixed a glitch in the UI that redirected users to a PopupUpload.aspx page after they pressed Enter in an Input widget, on the screen with a Popup Editor Rich Widget. (RTAF-3184)
    • Fixed SSO between different app types so the roles are correctly updated and users are no longer blocked from accessing the screens in the session. (RTAF-3182)
    • We fixed the issues in SSO between app types causing "invalidating espace caches" error messages in Service Center, by improving the lifecycle of cookies involved in SSO between app types. (RTAF-3153)
    • Fixed Expressions linked to the show-default-value attribute in Input widgets to reevaluate correctly after change. (RPD-4850)
    • Fixed a compilation error when a local storage Aggregate had a Group By with a field of the Binary Data type. (RTAF-3230)
    • We fixed a compilation error when using a Client Variable as the value for the Max Records property of a Screen Aggregate. (RTAF-3336)
    • Fixed the ListClear action so Traditional Web Apps transfer less data between the server and web browser. This improves the data transfer optimization mechanism. (RTAF-3335)
    • Fixed an issue that could prevent the Deployment Controller service from starting or rotating the log tables correctly. (RRCT-2983)
    • Timestamps used for session fixation protection are now stored using the UTC time zone. This prevents checks from being too aggressive during Daylight Saving Time transitions. (RRCT-3051)
    • Fixed an issue that prevented the "Distribute as PWA" toggle value to be persisted between environments when staging an app in LifeTime. (RTAF-3411)
    • Improved the error message shown when a module is not found while publishing a solution. Now the message states "Module with version not found" instead of "The given key was not present in the dictionary". (RPST-363)
    • Fixed authenticated user losing the roles while navigating from a Traditional to a Reactive app, with Single Sign-On activated. (RAR-307)
    • Fixed the CSS for the Dropdown widget. Now the CSS rules apply correctly. (RAR-332)
    • Fixed the scroll behavior of the Dropdown widget with Options Content set to Custom, in Reactive/Mobile apps. Previously the content scrolled down when users selected an item. (RAR-341)
    • Fixed the app upgrade mechanism when technical preview "Configure Mobile application updates distribution" is on. Previously, a native mobile app would still use the hybrid updates on the first load. (RAR-219)
    • Improved the error message when the app requires local storage access and IndexedDB isn't supported. (RAR-220)
    • Now you can choose the NameId format from a list of options when configuring SAML 2.0 Authentication for end users in the Users application. (RPD-5000)
    • Fixed error "[OSNOP5].DBO.[OSSYS_CLOUDPROVIDERTYPE] with key 0 was not found" in Service Center. (RLIT-3982)
    • We made several improvements in Service Center's Request Log screen (still in beta version): fixed an exception thrown when opening the Request Log screen through the Request Key link on the Error Log screen in Oracle databases; fixed an issue that caused the Timer details link to always redirect to the wrong screen; now the Request Logs screen works better for large factories. (RLIT-3904)
    • Fixed an issue in Service Center that was causing a weird behavior on the application edit screen when the setting .NET Globalization/UI Culture in IIS was set to pt-BR. (RLIT-3895)
    • Fixed an issue that was setting the wrong application description when creating the application through LifeTime. (RLIT-3888)
    • Action User_CreateOrUpdate of Users API now prevents the creation of new users with an existing username. (RLIT-3711)
    • Fixed database error in Oracle when publishing a module whose extended configurations exceed 4000 chars. (RPM-539)
    • Fixed an issue where the Popup_Editor block from RichWidgets was largely increasing the ViewState size by deprecating it into the Deprecated_Popup_Editor block and splitting it into two new blocks: The Popup_EditorForUpload to be used for the Popup_Upload screen, which requires some data on the ViewState; and the Popup_Editor to be used with any other screen, which does not require data on the ViewState. (RPD-5221)
    • Fixed an issue in re-deploy operations that, in some situations, reused the folder of the currently running application. (RPST-371)
    • Fixed database error in oracle when publishing a module whose extended configurations exceed 4000 characters. (RPST-926)
    • Fixed database error in Oracle when publishing a module whose extended configurations exceed 4000 chars. (RPM-465)
    • Fixed an issue that was preventing you from deactivating App Feedback, once you activated it for Reactive Web Apps. (RPM-362)
    • Fixed an issue that caused the static entities that shared the same first 10 characters to have the same translation table. This only affects Platform's that use Oracle database. (RPM-313)
    • Fixed issue that caused width of a Dropdown widget defined in Service Studio to be ignored in runtime. (RPM-413)
    • Fixed an issue that caused Binary Data in records not to be stored in Oracle databases. (RSAT-2305)
    • We added support for logging request events of server-side executions in Mobile and Reactive Web Apps. The logging of these request events is disabled by default. (RRCT-2985)
    • The module compilation process now provides detailed error messages when there are Missing Role exceptions. (RRCT-2971)
    • Fixed broken image links to images in Mobile Apps and Reactive Web Apps when using a referenced action from another module to get the image. (RPD-5111)
    • Fixed a bug that caused Service Center to incorrectly count Internal and External Users from disabled User Providers as active users. (RIDT-95)
    • Fixed Service Center installation being skipped by Configuration Tool when the previous attempt failed. (RSUPT-106)
    • Fixed runtime errors when deploying a module version that renames or deletes site properties. (RRCT-2981)
    • Fixed an issue that occurred while using Oracle as the platform database that recreated indexes of entities on every publish of the module. (RSAT-2336)
    • Fixed an issue that caused runtime calls of Service Actions to not dispose of resources (connections) at runtime. (RSBO-1539)
    • Fixed an issue that prevented using special characters such as ";" (semicolon) in database passwords. (RSAT-2239)
    • Fixed an issue that prevented users from logging in to Service Center after installing the platform. (RSAT-2228)
    • Updated the MySQL driver to version 8.0.20 and updated its dependencies. (RSAT-1965)
    • Improvement on performance for session model in Oracle (RSAT-1977)
    • Fixed issue in extension compilation during upgrades when the extension used deprecated internal methods. (RRCT-2956)
    • Fixed an issue where applications became unavailable while publishing solutions due to License Validations. (RRCT-3215)
    • Fixed a security vulnerability. CVSSv3.1 score 7.4 (High). (RTAF-3379)

    Platform Server 11.9.2


    Released on Apr 27, 2021

    • Fixed a security issue that could cause unavailability of the platform. CVSSv3.1 score 6.1 (Medium). (RPM-621)
    • Fixed a security issue that could cause unavailability of the platform. CVSSv3.1 score 6.1 (Medium). (RPM-622)
    • Fixed a security issue that could cause unavailability of the platform. CVSSv3.1 score 6.1 (Medium). (RPM-623)
    • Fixed a security vulnerability. CVSSv3.1 score 8.3 (High)." (RPM-657)
    • Fixed a security vulnerability. CVSSv3.1 score 9.9 (Critical). (RPM-683)
    • Fixed a security vulnerability. CVSSv3.1 score 8.8 (High). (RPM-786)
    • Fixed a security vulnerability. CVSSv3.1 score 7.2 (High) (RPM-813)

    Platform Server 11.9.1


    Released on Sep 24, 2020

    Bug Fixing

    • Fixed crash on Chrome while uploading files bigger than 100MB in Reactive Web and Mobile Apps. (RPD-5151)
    • Solved issue that could cause timeouts in Configuration Tool, on SQL servers (RIDT-211)
    • Fixed Oracle database upgrade scripts from O10 to O11 that caused a missing table to allow BPT Events to work correctly after the upgrade to 11.9. (RPM-387)
    • Generated applications now correctly identify and load all third party library versions in order to prevent inconsistent runtime behaviors. This behavior is disabled by default. (RRCT-3106)
    • Fixed a compilation error in Oracle when an Entity attribute type was changed from Long Integer to Decimal (20,0). The system will no longer consider this a change in the database. (RPD-5206)
    • Fixed a security vulnerability. CVSSv3.1 score 7.4 (High). (RTAF-3379)

    Platform Server 11.9.0


    Released on Jul 28, 2020

    New in Platform Server 11.9.0

    • Improved locking on IndexedDB allowing operations that use different entities to execute simultaneously. (RAR-142)
    • Added capabilities to support the platform in Mumbai AWS region. (RCVT-370)
    • This version of Platform Server brings the early access feature "Configure mobile apps updates distribution" to manage how mobile apps update on user devices. After you activate the feature for all environments in LifeTime, control which of your apps receive updates only through the app store, and which apps receive hybrid updates. Look for the new DEPLOYMENT tab in the "Mobile app update preferences" step of a deployment plan. (RNMT-4223)
    • Added an option to only automatically refresh references during solution publish operations when there are broken references, instead of on any differences. Configurable using Factory Configuration. (RPC-1177)
    • Applications created with OutSystems now correctly identify and load all third-party library versions to prevent inconsistent runtime behaviors. (RRCT-2687)
    • Upgraded Microsoft.AspNetCore and Microsoft.Extension libraries to the latest 2.1 LTS (Long-Term Support) versions. (RRCT-2896)
    • Moved SAML-related actions from the Authentication extension to the new SAMLAuthentication extension. If you're using any SAML actions outside the Users module, we recommend that you add the SAMLAuthentication extension as a dependency and update all references to the Authentication extension. (RSAT-2104)
    • Added an option in SAML configuration to only accept signed login responses from the Identity Provider server. (RSBO-1535)
    • Progressive Web Apps (PWAs) are now generally available (GA), after a period of early access (EA). Create a mobile app, and then turn on the toggle "Distribute as PWA" in the Distribute tab. To create a mobile app, select either Phone or Tablet App in the dialog for a new app. (RTAFB-2977)

    Bug Fixing

    • Fixed an issue that was preventing the Dropdown widget to be in dark mode. (RAR-145)
    • Fixed an issue where widgets with property values defined by an expanded record were re-rendered with every change to the screen data. (RAR-154)
    • Fixed a bug where the functions to execute the UI Block Aggregates over indexedDB could be generated with different names on their definition and usage, leading to a runtime error. (RAR-161)
    • Fixed an issue that was preventing the Daily Activity Report to be generated. (RLIT-3417)
    • Fixed a bug where sometimes extensions wouldn't sync. (RLIT-3669)
    • Fixed an issue that caused lost configuration to mobile application on LifeTime when publishing an extensibility configuration. (RLIT-3820)
    • Fixed an issue that caused an infinite loop when trying to logout using integrated authentication. (RLIT-3846)
    • Fixed vulnerability in PreviewInDevices regarding URL manipulation and Base64 encoding. (ROU-1116)
    • Upgraded Erlang to version 22.3 and RabbitMQ to version 3.8.3. Fixes occasional connection hangs on TLS connections. The Configuration Tool performs the upgrade when you click the "Create/Upgrade Service" button. (RPC-1131)
    • Fixed an issue that caused compilation errors when using long strings in Assign elements. (RPC-1132)
    • Fixed error "Object reference not set to an instance of an object." when attempting to delete an entity from a deleted Module using the DbCleaner API. (RPC-1156)
    • Fixed the Solution Upload in ServiceCenter to use less database connections. Previously it needed at least 2 connections for each application in the solution being uploaded. (RPC-1166)
    • We fixed Editable Table so it reverts the checkbox (boolean) values after users click Cancel. (RPD-3238)
    • Dropdown with custom property selected now automatically scrolls into selected item. (RPD-3459)
    • Fixed an issue that caused the incorrect render of List widgets items when the position of the list item changed. (RPD-3585)
    • Fixed an issue where sometimes when listing users in a role associated with an app the second page would show no users. (RPD-4987)
    • Fixed "ID" attribute from being placed on the container element instead of element the select on Dropdown widget. (RPD-5019)
    • OutSystems no longer generates three-part names in object definitions for SQL Azure. For more information check Windows Azure Import/Export Service and External References in Microsoft documentation. (RPD-5024)
    • Fixed NullReferenceException when deploying a Module using 'Run As' configuration. (RPD-5093)
    • Fixed an issue that would allow changing the Deployment Zone of an application consisting of extensions. (RPD-5113)
    • Fixed issue where pages were generated with meta tag Strict-Transport-Security displaying warnings in browsers console. (RPD-5124)
    • Fixed setup issue caused by compilation path not being node aware (RPD-5132)
    • Fixed an issue that logged false positive warnings in the server's Event Viewer and Service Center General Logs. (RPM-1719)
    • Fixed a compilation error when a local storage Aggregate had a Group By with a field of the Binary Data type. (RPM-317)
    • Improvements to the GetUserApplications query in the ApplicationSwitcher from RichWidgets in order to reduce the timeout or slow load time on Oracle stacks. (RPM-483)
    • Fixed a crash in the publishing step that was caused by invalid Theme names. (RPM-550)
    • Fixed an issue that caused System modules to not be visible in Manage Dependencies by users with List Applications permission assigned as default role. (RRCT-2890)
    • Fixed Scheduler Service becomes unstoppable when it starts with Deployment Controller down. (RRCT-2892)
    • Fixed a crash in the extension publishing process when attempting to delete temporary files used for validating the extension. (RRCT-2897)
    • Fixed assembly exclusion rules in extensions to allow discontinued platform assemblies to be included as resources. (RRCT-2915)
    • Fixed a situation where the Deploy Service could get stuck for 20 minute periods when failing to deploy applications to IIS. (RRCT-2936)
    • Fixed an issue in the Authentication extension that allowed customers to inadvertently call unsupported APIs. (RSAT-2173)
    • Fixed an issue that prevented using special characters such as ";" (semicolon) in database passwords. (RSAT-2239)
    • Fixed an error in External Authentication after a platform upgrade due to a change in the encryption mechanism. (RSBO-1437)
    • Fixed an issue in the timer that cleans SAML authentication logs due to a syntax error in Oracle Databases. (RSBO-1481)
    • Fixed a solution publish error that occurred when compiling outdated dependencies to a structure having new attributes with complex data types. (RSBO-1521)
    • We improved the robustness of the IDE to better understand occasional crashes due to invalid object referencing. (RTAFB-2880)
    • Fixed the data replacement crash when Entity that was supposed to be replaced had been deleted. (RTAFB-2968)
    • Resolving this issue fixed opening the Distribute panel in cases when PWA was activated. The error occurred because the PWA assets for the native mobile apps were generated, which caused Service Worker requests issues and related errors. (RTAFB-3050)
    • Fixed an error in the Preview in Devices component that was preventing the PWA panel with the QR code to show correctly. (RTAFB-3087)
  • Fixed a security vulnerability. CVSSv3.1 score 9.6 (Critical). (RPM-329)
  • The session is now logged out when there's a session fixation mismatch error. CVSSv3.1 score 3.7 (Low). (RRCT-2893)
  • Fixed a security vulnerability. CVSSv3.1 score 7.4 (High). (RTAFB-2226)
  • Breaking Changes

    • The platform now gives preference to usage of specific versions of third-party assemblies that are included in extensions. As a consequence, extensions that incorrectly include .NET Framework assemblies can prevent applications from working correctly due to conflicts between the included assemblies and the assemblies of the .NET Framework installed in the machine. In particular, including the extensions System.Net.Http.dll or System.Runtime.InteropServices.RuntimeInformation.dll causes issues in logging, login, and JSON serialization. (RPM-383) (RPM-386)
      Check how you can determine the affected extensions and how to adapt them to the new assembly loading behavior in OutSystems 11 side effects and breaking changes.
    • The KeyStore and SAML actions were moved from the Authentication extension, Authentication.xif, to the SAMLAuthentication extension, SAMLAuthentication.xif. This can cause some broken references when using methods from Authentication.xif that moved to the new module. (RSAT-2104)
      To fix this behavior, replace dependencies to KeyStore and SAML actions from Authentication to the corresponding actions from SAMLAuthentication.

    Known Issues

    • Deploying a Mobile App from an environment where you enabled the toggle "Distribute as PWA" doesn't automatically enable the same toggle in the target environment. The toggle in the target environment keeps its pre-deployment value. The runtime behavior of these apps may also be affected if the apps are opened in a browser, using PWA or Preview in Devices. You must manually activate the toggle "Distribute as PWA" for the Mobile App in the target environment.

    Disclaimer: QR CODE is a registered trademark of Denso Wave Incorporated.

    More details

    RPM-1719
    Fixed an issue that logged false positive warnings in the server's Event Viewer and Service Center General Logs.
    Application Lifecycle Service Center

    Fix Details:
    The issue added false positive "Front-end Server IIS Status: N/A" warnings for each of the servers in the environment every 15 minutes to the Event Viewer of the server, and General Logs of Service Center. The issue affected environments running Platform Server 11 - Release Oct.2019 (11.0.606.0) or later.

    RPM-550
    Fixed a crash in the publishing step that was caused by invalid Theme names.
    Publish Operation Compilation

    Fix Details:

    Platform Server 11.8.4


    Released on Apr 27, 2021

    • Fixed a security issue that could cause unavailability of the platform. CVSSv3.1 score 6.1 (Medium). (RPM-621)
    • Fixed a security issue that could cause unavailability of the platform. CVSSv3.1 score 6.1 (Medium). (RPM-622)
    • Fixed a security issue that could cause unavailability of the platform. CVSSv3.1 score 6.1 (Medium). (RPM-623)
    • Fixed a security vulnerability. CVSSv3.1 score 8.3 (High)." (RPM-657)
    • Fixed a security vulnerability. CVSSv3.1 score 9.9 (Critical). (RPM-683)
    • Fixed a security vulnerability. CVSSv3.1 score 8.8 (High). (RPM-786)
    • Fixed a security vulnerability. CVSSv3.1 score 7.2 (High) (RPM-813)

    Platform Server 11.8.2


    Released on May 26, 2020

    New in Platform Server 11.8.2

    • Improved the overall performance of compilation and runtime of local storage for PWAs. (RAR-98)
    • We improved the performance of the client-side Aggregates in the PWAs and the apps running in the browser. (RTAF-2160)

    Bug Fixing

    • Fixed an issue that prevented the preview of the Upload widget to display the correct image. (RAR-106)
    • Fixed a bug where aggregates that contained a Binary Data attribute failed to execute in mobile apps when running on the browser/PWA on iOS/macOS. (RAR-135)
    • Fixed a security vulnerability in login. CVSSv3.0 score 5.3 (Medium) (RPD-5021)
    • Fixed cross-site scripting vulnerability. CVSSv3.0 score 6.5 (Medium). (RPD-4832)
    • Fixed a security issue that allows a user to backup a license when he was not suppose to. CVSSv3.0 score 4.9 (Medium) (RPD-4982)
    • Fixed the deserialization of "simpleContent" data in consumed SOAP Web Services due to an issue in generated internal classes. (RSBO-1380)
    • Reduced the number of IIS threads necessary for the asynchronous logging to work. (RPC-1259)

    Platform Server 11.8.1


    Released on May 18, 2020

    New in Platform Server 11.8.1

    • We improved the user experience for activating Single Sign-On Between App Types (SSO) in Service Center > Administration > Security > Applications Authentication. Service Center now checks the requirements beforehand and determines whether security is managed in LifeTime. (RTAF-2459)
    • We improved the user experience for deactivating Single Sign-On Between App Types (SSO) in Service Center > Administration > Security > Applications Authentication. Now there's a message informing you which options need to be off when deactivating SSO. (RTAF-2535)

    Bug Fixing

    • Fixed an error while using Upload wiget with property capture on Android devices (RPD-4841)
    • We fixed the page scrolling up in Reactive Web App when users open a Popup widget. (RTAF-2550)
    • Fixed an issue where list iterations on functions raised an error when the function was called from an Expression in a widget. (RPD-3756)
    • Fixed SAP service generated code dumping the password not encrypted. (RSBO-1346)
    • Fixed bug where Internal and External Users features count was not coherent with the sum of users per User Provider in Oracle. (RSBO-1298)
    • We improved the robustness of the PWA caching mechanism by removing the unnecessary handling of the static resources. (RTAF-2150)
    • Fix issue that could cause all other applications to reload in IIS when a new or renamed module was published. (RPC-1168)
    • Fixed issue in Users application when filling Authentication configuration manually. (RSBO-1324)
    • Fixed visual hint on labels for mandatory RadioGroup and ButtonGroup widgets. (RAR-95)
    • Fixed ListDistinct System Action by tweaking the optimization algorithm. In certain cases, when the list came from an Aggregate of the same Action, the algorithm incorrectly removed duplicate list items. (RPD-4840)
    • Fixed an issue on the compiler optimization logic related to the basic list operations. The issue sometimes caused incorrect runtime behaviors. (RTAF-2027)
    • Fixed an issue that increased solution publication time when OSSYS_SOL_PUB_UNIT table had many entries. (RPD-4188)
    • Fixed issue preventing the creating of users in Service Center in environments not connected to LifeTime when there is an external authentication provider defined. (RLIT-3660)
    • Removed fallback JavaScript code in Service Center for features not supported in older browsers. (RLIT-3707)
    • Fixed bug on Service Center that was keeping the Mobile Apps tab on Monitoring from opening. (RLIT-3857)
    • Improved performance of Service Center's page that lists modules on large factories. (RLIT-3709)
    • Fixed an issue that was preventing Service Center to report the correct information about Extensibility Configurations to LifeTime, causing these configurations to always revert to Default when a module was published. (RTAF-2502)

    Platform Server 11.8.0


    Released on Apr 13, 2020

    New in Platform Server 11.8.0

    • Added a progress bar to Service Center operation pages, such as publish or apply settings, in order to improve the visibility of the progress and status of the operation. (RLIT-3565)
    • Reviewed the sections for granting security levels to Users or Roles in several screens, improving the copy and pattern used. (RLIT-3119)
    • Upgraded Oracle Driver to Oracle.ManagedDataAccess.Core version 2.19.60. (RPC-825)
    • Updated MySQL driver to version 8.0.18. (RPD-4645)
    • The built-in Service Studio tutorial (Help > Build an App in 5 min) now shows how to use the suggestions by the AI-assisted development feature. (RAID-484)
    • The configuration of Deployment Zones is now only available at application level. Applications with modules in different deployment zones are still supported but this is a deprecated configuration, which we will drop in the future. If you have applications with modules in different deployment zones, you must refactor and reorganize them to meet this restriction. (RLIT-3574)
    • Now you can use the new "Apply Settings to the Factory" button in Service Center to set runtime settings of an Environment, instead of creating and publishing a Solution containing all Modules.
      You'll also see a new warning in the sidebar whenever the environment has pending configurations. (RLIT-3632)
    • The QR Code now uses AppKey, instead of AppName, to generate the Application link. (ROU-890)
    • Improved error handling in threads created by OutSystems services to prevent potential crashes in error scenarios. (RPC-757)
    • You can now use SAML 2.0 authentication in your Reactive Web Apps. (RSBO-1318)
    • Now you can use Radio Button Widget in your Reactive Web and Mobile apps. To build and deploy an app with this widget in UI, you also need to update Service Studio and OutSystems UI. (RTAF-2143)
    • Now you can use Human Activity Destination property in Reactive Web Apps. (RTAF-2304)
    • We fixed the reloading of screens while navigating back in Mobile Apps and Reactive Web Apps. This was caused by a glitch in the way the apps handle the list of visited pages, in particular the Screens marked as default. (RTAF-2328)
    • We improved the preview of the Table Widget. The Table now displays more example records and you can hide/show the rows. (RTAF-1789)
    • Local storage for PWAs now takes advantage of IndexedDB. IndexedDB ensures better compatibility with modern browsers. IMPORTANT: The change of the database engine deletes the browser app data in your existing PWAs. If you notice runtime issues in PWAs, delete the site storage for the app domain. (RTAF-1188)
    • We implemented the single sign-on (SSO) for Traditional, Reactive Web and Progressive Web Apps (PWAs). Your users now sign in to one app and switch to the other apps without having to sign in again. (RTAF-1874)

    Bug Fixing

    • Fixed an issue that caused registering duplicated Application Templates. (RTAF-1847)
    • Fixed error detection in the compilation process. Subsequent errors could hide the original error cause. (RPC-888)
    • Fixed the execute permissions of the stored procedure that removes BPT events from the queue to enable no-downtime upgrades. (RSBO-1203)
    • Fixed a compiler crash when publishing a Solution that occurred when an Attribute from a producer Entity or Structure was deleted and a new attribute with the same name was added. (RSBO-1053)
    • Fixed a compiler crash when publishing a Solution that occurred when changing the Identifier of a Static Entity. (RSBO-1049)
    • Fixed an issue that caused unnecessary redeploys of apps in machines set to a non-UTC timezone, causing some app downtime. (RPC-1158)
    • Fixed an issue that published the most recent version of a Module while trying to republish the currently running version of that Module. (RPC-1192)
    • Internal logging now also includes the information sent to the Event Viewer to ease troubleshooting. (RPC-952)
    • Improved the session handling mechanism for OutSystems applications. (RPC-950)
    • Fixed Static Entities translations not preserving unicode characters when a translation is not defined. (RSBO-1043)
    • We improved the stability of the 1-Click Publish feature by fixing a bug related to the setting of a Style Property to a Web Block. (RTAF-2024)
    • Fixed an issue with timers and processes not running during balanced upgrades from OutSystems 10 to OutSystems 11. (RPC-390)
    • Improved startup time of Deployment Controller Service in large factories by removing redundant license validations. (RPC-381)
    • Fixed a bug that made it impossible to go back to a Timer's default timeout. (RPC-669)
    • Fixed error that could prevent opening the Manage Dependencies window in Service Studio. (RPC-581)
    • Fixed an issue in Configuration Tool when there's an incomplete SAML configuration, occurring in Oracle Databases. (RSBO-1222)
    • Fixed an issue that occurred during the publishing of a solution in an environment using SEO. The issue caused the following error: "A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond". (RPD-4770)
    • Fixed error when resetting Authentication configuration in the Users application after upgrading from previous Platform Server 11.7.x versions. (RSBO-1110)
    • Fixed version number inconsistency in platform libraries used by Integration Studio. (RPC-975)
    • Fixed a bug in the Online Monitoring screen of Service Center that caused Timers with no schedule to have their Next Run date set to "01-01-3000". (RPC-681)
    • Improved the performance of LifeTime synchronization process. (RLIT-3553)
    • Fixed an issue that was blocking the generation of mobile apps in some specific cases. (RLIT-3508)
    • Fixed an issue that could cause some screens to be incorrectly accessed outside of an internal network. (RLIT-3457)
    • Fixed authorization checks during module publication events that generate some error logs. (RPC-691)
    • Fixed an issue that was preventing the display of the icon to download the mobile generation log. (RLIT-3443)
    • Fixed an issue with DateTime data type in Input widget which prevented submitting valid DateTimes on iOS. (RPD-2841)
    • Now a True Change error tells you if there's an invalid sort expression in Reactive Table. Previously such an invalid expression broke the publishing step. (RTAF-1981)
    • Fixed an issue that prevented the logging database from being created or updated a second time when the platform database wasn't previously initialized. (RSAT-1907)
    • Fixed an issue that was preventing mobile apps with special characters in their names from installing on iOS. (RNMT-3842)
    • Fixed an issue that caused the lost of Client Variables values every time an iOS mobile app built with MABS 6 initializes. (RTAF-2213)
    • Added missing logging information to the Configuration Tool to help troubleshoot issues in database upgrade operations. (RPC-818)
    • Fixed an issue in Service Center Analytics that was causing the generation of empty Queries Performance reports. (RPC-862)
    • Fixed the timeout calculation of compilation operations. (RPC-679)
    • Fixed an issue that was preventing some environment runtime settings to be applied. Now you must use the new "Apply Settings to the Factory" button in Service Center to apply those settings. (RPD-3795)
    • Fixed an issue that caused a runtime error while using the ListClear action on the list of an Aggregate. (RPD-4566)
    • Fixed a compiler crash when introspecting the database index without the corresponding column. This fix makes the staging of apps between environments more resilient. (RPD-4602)
    • Improved the performance of Solution_Edit screen in Service Center. (RPD-3912)
    • Fixed a bug where granting/revoking Roles in the Mobile and Reactive Web apps failed to be sent immediately to the client-side cookie. The roles cookie is now updated during the next server call. (RPC-626)
    • Corrected the permissions for DBConnections and DBCatalogs screens so they can be accessed with the same permission level, i.e, "Monitor and Reference Applications" or higher. (RLIT-2977)
    • We improved the Error_Log screen search experience by allowing you to reduce the timeouts in large factories. You can now use a checkbox to enable the search of the stack trace, as it's no longer enabled by default. (RPD-2538)
    • Fixed an issue that caused Scheduler Service errors while using Processes or Emails in an Environment with multiple Deployment Zones and using an Oracle platform database. (RSBO-1211)
    • Fixed a bug that occurred while using Multiple Database Catalogs (MDC) that caused a Wait activity to crash due to a missing database catalog prefix. (RSBO-1210)
    • Fixed the count of Internal Users, for licensing purposes, when there are inactive Users. (RSBO-1251)
    • Fixed a compilation error when importing SOAP Web Services containing choices with repeated element names and complex types defined inline. (RSBO-1117)
    • The Configuration Tool no longer incorrectly overrides the Logging Database configuration with the Platform Database configuration when using TNS Names. (RPD-4201)
    • We fixed a logging issue after Platform upgrade, related to the Configuration Tool. The Configuration Tool config files weren't upgraded fully, preventing errors to be logged. (RSAT-1930)
    • Is now possible in SOAP to have a simpleContent with an extension element inside. (RPD-4624)
    • Fixed OS Traces template in Factory Configuration. (RPD-4638)
    • Fixed a bug that occurred while editing several rows in an Editable Table in quick succession that caused the table to show wrong data. (RPD-4745)
    • Fixed issue that prevented debugging while using multiple tabs in Service Studio. (RPD-4979)
    • Fixed an optimization bug that caused a compilation error while publishing a Module with Service Actions that don't query a database. (RPD-4695)
    • Fixed an error that stopped publishing a solution with more than 1000 Modules in an environment with an Oracle platform database. (RPD-4773)
    • Improved cleanup operations when upgrading to this version and there are custom "Protect" delete rules affecting OutSystems metamodel entities. (RPC-1086)
    • Fixed a bug that could crash an app while accessing a list leading to an Internal Error with a "Duplicate is not a valid operation inside a StartIteration/EndIteration block" logged error message. (RPC-977)
    • Fixed an issue with the "Retry" and "Skip" buttons of activities with errors in Service Center>Monitoring>Processes. (RPC-737)
    • Fixed slow first-time loading of apps that have a large appSettings.config file. (RPC-870)
    • Fixed an incorrect warning of no permissions when changing the Site Property value of a module. (RLIT-3442)
    • Fixed a problem synchronizing roles in a hybrid infrastructure on Cloud, when a new on-premises OutSystems 11 environment is added. (RLIT-3452)
    • Fixed an issue in input parameters of Service Actions with Decimal data type when the precision is longer than 14 digits. (RSBO-1194)
    • Fixed Mobile Generation Logs screen to only show the Applications the user has access to. Fixed Applications screens to only allow access to users that have access to the Application. (RPD-4800)
    • Fixed a security issue that allowed decrypting sensitive information. CVSSv3.0 score 5.3 (Medium). (RLIT-3562)
    • Fixed a security vulnerability. CVSSv3.1 score 8.3 (High). (RDEV-2256)

    Known Issues

    • Publishing Mobile apps that use local storage may take longer than usual or fail due to a timeout.
      The runtime behavior of these apps may also be affected if the apps are opened in a browser, using PWA or Preview in Devices.
      To overcome this issue, use Factory Configuration to disable "IndexedDB For Local Storage data on PWAs/Browsers".

    Disclaimer: QR CODE is a registered trademark of Denso Wave Incorporated.

    Platform Server 11.7.6


    Released on Apr 27, 2021

    • Fixed a security issue that could cause unavailability of the platform. CVSSv3.1 score 6.1 (Medium). (RPM-621)
    • Fixed a security issue that could cause unavailability of the platform. CVSSv3.1 score 6.1 (Medium). (RPM-622)
    • Fixed a security issue that could cause unavailability of the platform. CVSSv3.1 score 6.1 (Medium). (RPM-623)
    • Fixed a security vulnerability. CVSSv3.1 score 8.3 (High)." (RPM-657)
    • Fixed a security vulnerability. CVSSv3.1 score 9.9 (Critical). (RPM-683)
    • Fixed a security vulnerability. CVSSv3.1 score 8.8 (High). (RPM-786)
    • Fixed a security vulnerability. CVSSv3.1 score 7.2 (High) (RPM-813)

    Platform Server 11.7.3


    Released on Feb 17, 2020

    Bug Fixing

    • Fixed error when resetting Authentication configuration in the Users application after upgrading from previous Platform Server 11.7.x versions. (RSBO-1110)
    • Fixed an issue in Configuration Tool when there's an incomplete SAML configuration, occurring in Oracle Databases. (RSBO-1222)
    • Fixed an issue that caused a link that should open a popup window would not work depending of the order of the widgets. (RTAF-2216)
    • Fixed an issue with the "Retry" and "Skip" buttons of activities with errors in Service Center>Monitoring>Processes. (RPC-737)
    • Fixed an optimization bug that caused a compilation error while publishing a Module with Service Actions that don't query a database. (RPD-4695)
    • Mitigates MySQL connector bug by not disposing SQL commands. (RPD-4782)
    • Headers are now sent in consumed SOAP Web Services requests. (RSBO-1040)
    • Fixed an issue that occurred while deleting applications. CVSS v3.0 score 3.8 (Low). (RPC-607)
    • Fixed a security vulnerability. CVSSv3.0 score 9.1 (Critical). (RLIT-3368)

    Platform Server 11.7.2


    Released on Jan 20, 2020

    Bug Fixing

    • Fixed the triggering of the onclick event with a Rich Widget Popup Editor on a Screen/Block that would cause the onclick event handlers of its parents to trigger during the screen rendering. (RTAF-2089)

    Platform Server 11.7.1


    Removed from availability on Jan 20, 2020

    Bug Fixing

    • Fixed a bug related to the Rich Widgets Pop-Up pattern and the List Bulk Select widget, where a link/button triggered a pop-up and had the link/button associated with the List Bulk Select widget. (RTAF-2062)
    • Fixed the multiple executions of Screen Preparation Action that occurred when you used Rich Widgets File Upload in the Screen. (RTAF-2064)

    Known Issues

    • In Screens or Blocks with a nested Popup_Editor Rich Widget, the onclick event handlers of its parents can be triggered during the screen rendering, leading to unexpected runtime behavior.

    Platform Server 11.7.0


    Removed from availability on Jan 17, 2020

    New in Platform Server 11.7.0

    • It is now possible to consume REST APIs using Swagger specifications that have enum elements. (RSBO-872)
    • Added support for accent-sensitive Linguistic sorts on Oracle databases. (RSAT-1844)
    • You can now distribute your app as a Progressive Web App (PWA). Start by enabling this early access feature in LifeTime. Then, create a mobile or tablet app, publish it, navigate to the "Distribute" tab and toggle on "Distribute as the PWA" (no republish needed). You can try your PWA out by installing it through Android Chrome and iOS Safari. The early access PWA documentation explains how to enable PWA on iOS 13, as well as how to edit the manifest. Check also the blog post. Have fun and share your feedback with us on the forum! (RTAF-1831)
    • Service Center has a new look and feel, among with several improvements and bug fixes:
      - Added search ability to dropdowns with long lists, such as modules in filters
      - Replaced filters and navigation actions from submit to ajax submit
      - Improved responsiveness in mobile devices
      - Revamped Operation (publish/upload/download/apply settings) pages, now showing collapsible lines and displaying the status for each main step
      - Replaced references to "Module" in Monitoring screens by "Source" to avoid confusion with the actual "Module"
      - Added Applications to the search results screen
      - Added auto refresh ability in the Timer detail screen when the timer is running
      - Added links to Solution detail screen in Modules detail screen Solutions tab
      - Added date picker to date filters in Reports and Daily History Screens
      - Added a confirmation message in "apply settings" action in the Solution detail Screen
      - Added a confirmation message when downloading an application with broken or outdated references, in Application detail screen
      - Fixed “Check all modules" option not working in Solution detail screen
      - Fixed “Uploaded by me” filter in Extensions list page not working
      - Fixed Analytics and Administration menu entries not allowing opening in new tabs (RLIT-2821)
    • Improved the accessibility features of several Rich Widgets, for better WCAG compliance. (ROU-576)
    • Added new parameters to the Configuration Tool Command-Line Interface (CLI). These parameters (/EnableServerAPI and /DisableServerAPI) allow users to enable and disable Server.API and Server.Identity. (RPC-79)
    • The Platform Server releases now follow a new versioning format. Check this forum post for more information about this change.
      Factory Configuration was also updated to version 11.0.4 to be compatible with the new versioning. (RRET-1269)
    • Added three optional input parameters to configure additional Cookie settings in HTTPRequestHandler. (RTAF-1774)
    • End-users of OutSystems applications are now classified as Internal Users or External Users, based on the domain of their email addresses. You can configure the classification rules in the Licensing screen of Service Center. (RSBO-1016)

    Bug Fixing

    • Fixed an issue that was incorrectly triggering the "Required Field" validation message for a Button Group. (RPD-3591)
    • The QR code to test a mobile app using OutSystems Now wasn't being generated when the URL contained special characters (e.g. ç, à, á, í, etc). (RPD-4435)
    • Fixed a compilation error after deleting all Client Variables from a module. (RTAF-1610)
    • Fixed an issue in SEO Friendly URLs that was preventing new alias rules for modules to work properly in Oracle stack. (RPD-4436)
    • Fixed a runtime error when using Server actions in Exception Handlers. (RTAF-1672)
    • We fixed the compilation of a Screen Aggregate for local storage Entities with a dynamic sort. (RTAF-1645)
    • Fixed an issue that caused any module that had anywhere in the name "template_" to be registered as a template. (RTAF-1846)
    • Fixed a security issue that could cause unavailability of the platform. CVSSv3.0 score 4.1 (Medium). (RPD-4389)
    • Fixed triggering of On Scroll Ending in Reactive List Widget. We also improved the rendering of the elements inside lists. (RTAF-1805)
    • Fixed the automatic refresh of references that wasn't triggered after publishing the latest version of a module in an environment with Deployment Controller role only. (RPC-172)
    • Fixed cache invalidation service installation messages to avoid unnecessary output text when creating folders. (RPC-449)
    • Fixed the "Submit Feedback" screen displayed when opening the "Edit Site Property" screen in Service Center without any inputs. It now correctly displays the "Not Found" page. (RPC-450)
    • Fixed issue that caused unnecessary error logs to be generated during Service Center operations. (RPC-319)
    • Removed unnecessary accesses to the session database that could happen on Reactive Applications and REST Services. (RPC-347)
    • Fixed the search when looking for apps to configure AppFeedback so Reactive Apps that have AppFeedback enabled show in the configuration screen. (RTAF-1766)
    • Fixed multiple error logs being generated when there were problems rendering EPA Taskbox or App Feedback elements. (RPC-286)
    • Fixed a compiler error when using a local Screen variable in a complex Dynamic Sort of a Screen Aggregate. (RTAF-1740)
    • Now in a Solution detail screen in Service Center, both the list of Components and the list of Dependencies are ordered alphabetically. (RPD-4176)
    • The database scripts of the Configuration Tool now take into account schema owners in Oracle databases. (RPD-4468)
    • Now in Service Center, all search results are shown in alphabetical order. (RLIT-2057)
    • Fixed cross-site scripting vulnerability. CVSSv3.0 score 4.8 (Medium). (RLIT-3164)
    • Fixed an issue that could cause Configuration Tool to fail when installing over Azure SQL databases. (RSAT-1868)
    • Added a server.hsconf parameter named "ServiceInitializationTimeoutInSeconds" to configure the default timeout of services restart (in seconds) for the Configuration Tool. The default value is 180 seconds. (RSAT-1790)
    • It is now possible to use Unicode Support toggle in advanced configurations for SQL Server external database connections. (RPD-3665)
    • Fixed the scenarios where the "Add Query Origin to Generated SQL" setting wasn't applied. (RSBO-498)
    • Fixed the ISAPI filters for a pure controller farm scenario. (RPD-4124)
    • Improved the performance of ECT_Provider with a big number of user groups. (RPD-4407)
    • The integration logs now use an updated SOAP service endpoint when changed on a callback. (RPD-4585)
    • Fixed a crash publishing a solution with two-stage deployment when the solution contains modules that belong also to another solution that was previously prepared for deploy. (RPD-4502)
    • Fixed a compilation error caused by the implicit conversion of Client Variable. The error happened despite the fact the types were compatible. (RTAF-1506)
    • Fixed the Service Center application pool crashes in error request scenarios. (RPD-4486)
    • We fixed a memory performance issue related to Aggregates, SQL elements, and Entity Actions. The connection objects in the generated source code by the platform are now correctly disposed of and do not take up the resources. (RPD-4443)
    • Fixed a security vulnerability that allowed an adversary to know if a user with a given username exists in the OutSystems Platform. CVSS3.0 score of 5.3 (Medium). (RSAT-1818)
    • Fixed an issue in Platform Server installer that prevented the installation process due to inability to detect Microsoft Build Tools with Update 1 or with Update 2. (RSAT-1855)
    • Fixed share folders being deleted between the first stage and the second stage of a solution publish when a module is being published for the first time. (RPD-4503)

    Breaking Change

    • Upgraded SharpZipLib library to version 1.1.0. It is recommended to test application features related to Zip and Excel files. Note that third party-Excel components based on old versions of NPOI may need to be upgraded to work correctly. (RRCT-2368)

    Known Issues

    • When using the File Upload Rich Widget in a Screen that includes assigns to local variables shared between Preparation and OnNotify actions, Preparation runs multiple times, which may result in data corruption or unexpected runtime behavior.

     

    Disclaimer: QR CODE is a registered trademark of Denso Wave Incorporated.

     

    Platform Server 11.0.615


    Released on Apr 27, 2021

    • Fixed a security issue that could cause unavailability of the platform. CVSSv3.1 score 6.1 (Medium). (RPM-621)
    • Fixed a security issue that could cause unavailability of the platform. CVSSv3.1 score 6.1 (Medium). (RPM-622)
    • Fixed a security issue that could cause unavailability of the platform. CVSSv3.1 score 6.1 (Medium). (RPM-623)
    • Fixed a security vulnerability. CVSSv3.1 score 8.3 (High)." (RPM-657)
    • Fixed a security vulnerability. CVSSv3.1 score 9.9 (Critical). (RPM-683)
    • Fixed a security vulnerability. CVSSv3.1 score 8.8 (High). (RPM-786)
    • Fixed a security vulnerability. CVSSv3.1 score 7.2 (High) (RPM-813)

    Platform Server Release Oct.2019 CP6


    Released on Jan 20, 2020

    Bug Fixing

    • Fixed an error that showed that triggered an onclick event when a nested Rich Widget Popup Editor was present. (RTAF-2089)

    Platform Server Release Oct.2019 CP5


    Removed from availability on Jan 20, 2020

    Bug Fixing

    • Fixed an error that showed when using the Rich Widgets Pop-Up pattern with the List Bulk Select widget, where a link/button triggered a pop-up and had the link/button associated with the List Bulk Select widget. (RTAF-2062)
    • Fixed the multiple executions of Screen Preparation Action that occurred when you used Rich Widgets File Upload in the Screen. (RTAF-2064)

    Known Issues

    • In Screens or Blocks with a nested Popup_Editor Rich Widget, the onclick event handlers of its parents can be triggered during the screen rendering, leading to unexpected runtime behavior.

    Platform Server Release Oct.2019 CP4


    Removed from availability on Jan 17, 2020

    New in Platform Server Release Oct.2019 CP4

    • Added new environment security options to force Secure and SameSite properties in cookies generated by the platform. Check the document Upcoming changes in cookie handling in Google Chrome for more information. (RPC-502)
    • Added three optional input parameters to configure additional Cookie settings in HTTPRequestHandler. (RTAF-1774)

    Bug Fixing

    • Fixed a security vulnerability. CVSSv3.0 score 7.2 (High). (RPD-4310)
    • Fixed a security vulnerability. CVSSv3.0 score 7.6 (High). (RPD-4260)
    • Fixed an issue that occurred while deleting applications. CVSS v3.0 score 3.8 (Low). (RPC-607)

    Known Issues

    • When using the File Upload Rich Widget in a Screen that includes assigns to local variables shared between Preparation and OnNotify actions, Preparation runs multiple times, which may result in data corruption or unexpected runtime behavior.

    Platform Server Release Oct.2019 CP3


    Released on Nov 25, 2019

    New in Platform Server Release Oct.2019 CP3

    • Added support for Oracle 19c. This applies to the platform database, as well as external databases. (RSAT-1859)

    Bug Fixing

    • Fixed an issue in SEO Friendly URLs that was preventing new alias rules for modules to work properly in Oracle stack. (RPD-4436)
    • Fixed an issue that was incorrectly triggering the "Required Field" validation message for a Button Group. (RPD-3591)
    • We fixed the compilation of a Screen Aggregate for local storage Entities with a dynamic sort. (RTAF-1645)
    • Fixed share folders being deleted between the first stage and the second stage of a solution publish when a module is being published for the first time. (RPD-4503)
    • Fixed a crash publishing a solution with two-stage deployment when the solution contains modules that belong also to another solution that was previously prepared for deploy. (RPD-4502)
    • Command objects are now disposed in generated code for Aggregates, SQL elements, and Entity Actions. (RPD-4443)
    • Fixed Service Center application pool crashes in error request scenarios. (RPD-4486)

    Platform Server Release Oct.2019 CP2


    Released on Nov 07, 2019

    New in Platform Server Release Oct.2019 CP2

    • Added support for Oracle 18c. This applies both to the platform database and to external databases. (RSAT-1860)
    • It's now possible to use Client Variables in Aggregates. (RTAF-1334)

    Bug Fixing

    • Fixed an issue that was preventing mobile apps from installing on iPadOS 13. (RNMT-3294)
    • Button Group widget now gets the selected value style when the value's data type is different from text or number. (RTAF-1260)
    • Removed unnecessary audits from the TemplateManager module that could cause high number of requests after solution publications. (RPC-285)
    • The Table in Reactive Web now highlights which column is being sorted. (RTAF-1413)
    • Fixed issues with applying configurations, finalizing solutions, and apps publication in environments with a high number of modules. (RPC-355)
    • Fixed an issue preventing users of different tenants from submitting feedback. (RPD-4419)
    • Fixed Scheduler service to make it more resilient to being stopped while it is still processing jobs or with queued jobs to be processed. (RPD-4356)
    • Fixed an issue with Platform license becoming invalid in after machine restarts in recent versions of Windows due to serial number changing. (RPD-4216)
    • Improves performance of ECT_Provider when we have huge number of user groups. (RPD-4407)
    • Fixed an issue in the "LDAP_Search" action, included in the Authentication extension of the Users application, that was limiting the returned results to a maximum of 1000 entries. (RPD-4379)
    • Fixed redirecting users to the Service Center homepage when trying to view a module detail with an External Authentication provider enabled. (RPC-445)
    • Fixed a compilation error when publishing a solution with applications using a custom user provider that is not included in the solution and has compatibility issues. If the user provider is either missing in the environment or it is incompatible, you will now get a warning about this situation. (RPD-4368)
    • Fixed compilation error when an effective user provider is not included in a solution. (RPD-4361)
    • Fixed last_login not being updated when users login in Mobile Applications or from within a Web Service request. (RPD-4332)
    • Fixed the error "Circular attribute group reference" when executing the XMLDocument_Load action of the Xml extension. (RPD-3742)
    • Optimized Configuration Tool load time on scenarios where the database does not exist. (RSAT-1787)
    • Fixed incorrect tenant for eSpaces using an overridden effective user provider. (RPD-4377)

    Platform Server Release Oct.2019 CP1


    Released on Oct 09, 2019

    Bug Fixing

    • We deactivated the data fetching optimization in Reactive Web Apps, after identifying a severe issue. If you are using Platform Server 11 Release Oct.2019 we strongly advise that you upgrade Platform Server and republish your apps, as instructed in the Installation Checklist. (RTAF-1537)

    Known Issues

    • When using an External Authentication provider (Active Directory or LDAP), if a user tries to view the details of a module in Service Center, he is redirected to the Service Center homepage.

    Platform Server Release Oct.2019


    Released on Oct 02, 2019

    New in Platform Server Release Oct.2019

    • You can now create a new type of app, Reactive Web App. This type of app is based on the client-side development paradigm. Reactive App comes with its own new features: Table Widget, server-side pagination, and Public Screens. (RTAF-115)
      • Table Widget, available in the Reactive Web apps, comes with an accelerator: drag an Entity on it to create a table with sorting and pagination. Use tables to show data in cells distributed in rows and columns. (RTAF-204)
      • Use the server-side pagination feature of the Screen Aggregates to build faster apps that need to handle large data sets. Enter the Start Index and fetch the number of records you define in Max Records. (RTAF-630)
      • Public Screens will allow you to reuse UI across different Reactive Web modules and apps. Because the UI can be modular, you can now have more complex UI modules that you can maintain efficiently. You can collaborate better without merge conflicts, as one team can be working on the logic module, while the other is updating the UI module. (RTAF-198)
      • Download Tool is available in Reactive Apps. Now you can drag a Download Tool to your Flow and create a node which, when executed, sends a file for download to the end-user. (RTAF-993)
    • You can now create Libraries in Mobile and Reactive Web apps. This new module type is especially tailored for building highly reusable logic and UI and fits directly in the Foundation layer of the 4 Layer Canvas. (RSBO-708)
    • The checklist and documentation instruction links now include the required steps for the Microsoft .NET Core 2.1 Windows Server Hosting. Additionally, the recommended version has been raised to 2.1.12. (RPC-254)
    • Improved the solution publication messages regarding the database update to have more details about each step (RRCT-2429)
    • We improved Data Sources and made asynchronous data fetching straightforward to use in Mobile and Reactive Apps. Screen Aggregates and Data Actions are now available in the scope of other Screen Aggregates and Data Actions. We also added the Fetch property with On Start and On Demand options. Now you can implement patterns such as master/detail with an excellent performance and user experience. (RTAF-990)
    • Now you can create Client Variables in Mobile and Reactive Apps. Use Client Variables to store Basic Data Types locally or share the values across apps through public Blocks and public Client Actions. (RTAF-1051)
    • The Dropdown Widget has a new property Options Content, which you can set to Text Only or Custom. Text Only gives a native look and feel of the drop-down lists in your Reactive and Mobile apps. Use Options Content property set to Custom to build a list of images or other Widgets. (RTAF-1207)
    • Button Widgets in Mobile and Reactive Apps now have the Is Form Default property, which you can set to Yes and make the App submit the data from the related form when the end-user presses the Enter key. (RTAF-652)
    • The Users application now includes specific configurations for OKTA, for authenticating the end-users of your OutSystems applications. (RSBO-791)
    • Added Server.Identity service to support platform authentication. (RPC-82)

    Bug Fixing

    • Fixed a bug on Mobile Cookies validations where the HTTP response would return an internal error instead 403 status code (Forbidden) (RRCT-2601)
    • Improved some queries during Service Center publication to avoid timeouts on large factories. (RRCT-2598)
    • Fixed the recovery of connections to the cache invalidation service after the RabbitMQ server is restarted or the connection is lost. (RRCT-2509)
    • Fixed a concurency problem when stopping OutSystems services that could cause a large amount of errors to be sent to the event viewer logs. (RRCT-2510)
    • Fixed misbehavior when using confirmation message with pop-up editor screens. (RPD-4242)
    • Fixed an issue that prevented mobile applications from loading in Production environments when a producer module was published in Debug mode. (RPD-3596)
    • Fixed an issue where JPEG images (of type database in OutSystems application) would not correctly render in IE11. (RPD-4363)
    • Configuration Tool is able to proceed installation when the logging database is in availability group (SQL Server only) (RPD-4257)
    • Fixed an issue that caused the configuration of the internal network to block the access from the IP sources that match both the trusted proxies addresses and the internal network addresses. (RPD-4362)
    • NLS_LANGUAGE field is now also available while in advanced mode for Oracle external database connections (RPD-3717)
    • Fixed a crash in 1-Click Publish when the trace log level for the Deployment Controller Service was set to 4 (Debug). (RSCT-2054)
    • Fixed a problem when compiling modules if they contain widgets whose width or margin properties are not in a numeric format. (RTAF-1054)
    • Fixed stored procedure DEQUEUE_EMAILS_FOR_FRONTEND so it doesn't return duplicate email statuses in farm scenarios. (RPD-4350)
    • Fixed compilation problem in modules with a large number of entities in Oracle. (RPD-4268)
    • Fixed an issue that caused LifeTime Analytics to have no data on newly created applications. (RPC-177)

    Breaking Change

    • Upgraded Oracle Data Provider for .NET, Managed driver to version 19.3.1 (4.122.19.1:20190703). According to the official documentation, this driver allows applications to connect to Oracle Database 11g Release 2 or later.If you have integrations with earlier versions of Oracle Database, they will not work. You will need to upgrade your Oracle engine to version 11g Release 2 or later, in order to continue using those integrations. This driver supports native encryption, meaning that you can set up your database to require encryption and this means all connections will be encrypted between the server and the database (applicable for the platform and external databases). (RSAT-1723)

    Known Issues

    • When using an External Authentication provider (Active Directory or LDAP), if a user tries to view the details of a module in Service Center, he is redirected to the Service Center homepage.

    Platform Server Release Jul.2019 CP2


    Released on Aug 23, 2019

    New in Platform Server Release Jul.2019 CP2

    • The installation checklist now includes the instructions to disable Adaptive Optimizer features (OPTIMIZER_ADAPTIVE_PLANS, OPTIMIZER_ADAPTIVE_STATISTICS) in Oracle 12c R2. (RSAT-1623)
    • The Users application now supports SAML 2.0 authentication out of the box, including specific configurations for Azure AD, for authenticating the end-users of your OutSystems applications. (RSBO-540)

    Bug Fixing

    • Fixed brute force login check that blocked all logins behind a proxy when the X-Forwarded-For header field included a port number. (RPD-4272)
    • Fixed issue so inputs inside forms properly create an anchor element with text (conforming with WCAG21 AAA). (RPD-4274)
    • Fixed the installation with OEM licenses to allow installation of the Forge components from the installation checklist. (RPD-4276)
    • Fixed Platform DB recovery mode being set to Simple when the same DB is used for both Platform and Logging. (RPD-4282)

    Platform Server Release Jul.2019 CP1


    Released on Jul 25, 2019

    New in Platform Server Release Jul.2019 CP1

    • Added support for TLS 1.1 and TLS 1.2 on MySQL external database connections. Warning: OutSystems now distributes BouncyCastle (v1.8.3) and Google.Protobuf (v.3.6.1.0) alongside the MySQL driver - this may impact the existing extensions that use different versions. (RSAT-1258)
    • Downloading a mobile app by scanning the QR code in Service Studio is now possible on iOS 13. (RTAF-628)

    Bug Fixing

    • Fixed an issue that prevented some Dependencies to be added in Search in other Modules. (RDEV-413)
    • Fixed a security vulnerability. CVSSv3.0 score 7.5 (High). (RNMT-2812)
    • Fixed an issue in the Spanish translation of RichWidgets. (RPD-3132)
    • Fixed compilation error that occurred when SOAP Faults were using types based on the .NET CLR (Common Language Runtime). (RPD-3979)
    • Fixed bug where attributes of structures created by an Integration Plugin which had default values could not be consumed in another module. (RPD-3862)
    • Fixed compilation error when removing Entity or Structure attributes that are still used in consumer modules. (RSBO-630)
    • Description of entities using Japanese characters will be saved using Unicode correctly after first publish. (RPD-4258)
    • Fixed incorrect advanced query GetUsersByRoleId in the Users application. (RPD-4220)
    • Fixed missing producers when consuming/refreshing references while logged in using a composite user name (domain\username). (RPD-4185)
    • Fixed an issue in 1-Click Publish when a module is renamed changing only the case (e.g. from ModuleName to ModuleNAME), which was causing the module to be incorrectly undeployed. (RSCT-2042)
    • Fixed an issue in the pre-requisites checking stage of the Platform Server installer so it doesn't fail for Windows installations using Japanese language. (RPD-4212)

    Disclaimer: QR CODE is a registered trademark of Denso Wave Incorporated.

    Platform Server Release Jul.2019


    Released on Jul 11, 2019

    New in Platform Server Release Jul.2019

    • Added a new option in the "Single Sign-On" tab in Service Center. It allows you to bootstrap the admin password for the user provider. (RLIT-2571)
    • When configuring a mobile application, it is now possible to choose the version of the Mobile Apps Build Service (MABS) that will be used to generate the mobile app package. (RNMT-2296)
    • It is now possible to hide mobile app upgrade notifications by setting an empty message on the "Upgrade Messages" properties of the module. (RTAF-610)
    • The Platform Server installation/update/upgrade now requires you to define the password for the Platform Server admin user, which is done via Configuration Tool. If you have any installation automation in place you will need to adjust the server configuration file (server.hsconf) or command-line options and arguments.
      For more information check No default credentials in Platform Server. (RSAT-1409)
    • Added support for TLS 1.1 and TLS 1.2 on MySQL external database connections. Warning: OutSystems now distributes BouncyCastle (v1.8.3) and Google.Protobuf (v.3.6.1.0) alongside the MySQL driver - this may impact the existing extensions that use different versions. (RSAT-1258)
    • Added support for Windows Server 2019. (RSAT-1199)
    • Added Server.API service to enable platform operations and application lifecycle management. (RSCT-1835)
    • Minor improvements in the font and UI of the Users application. (RLIT-2592)
    • Added support for SOAP Actions containing special characters. (RSBO-384)
    • It is now possible to consume SOAP services that have sequences with duplicated elements. (RPD-3898)
    • You will need to install the latest version of the Development Environment in the Deployment Controller Server to ensure that you can benefit from the latest features and developments. This is now a required step when installing Platform Server feature patches and cumulative patches. (RSCT-1898)
    • Early access: We are working on new capabilities that will accelerate the development of web applications. (RTAF-115)

    Bug Fixing

    • Fixed compilation error that occurred when SOAP Faults were using types based on the .NET CLR (Common Language Runtime). (RPD-3979)
    • Fixed bug where it was not possible to use negative Ids for records of Static Entities. (RPD-3263)
    • It is now possible to consume SOAP services that have elements with spaces in the name. (RSBO-438)
    • Fixed the BPT automatic cleanup process that was marking newly created activities as closed. (RPD-3891)
    • Fixed a Service Studio crash that occurred when introspecting WSDL with types having a single attribute with the same name. (RSBO-249)
    • Fixed cache invalidations on Personal Environments (RRCT-2522)
    • Fixed an issue in Service Center that returns an error when users try to export Mobile Requests Logs. (RPD-3982)
    • The MABS version tag of a mobile application is now correctly updated in Service Center for all environments, including the ones not connected to LifeTime. (RPD-3851)
    • Fixed a permission error that caused users with Change & Deploy permissions to be unable to publish a new extension with database connection entities. (RPD-4103)
    • Fixed an issue that could cause a user with the correct set of permissions to fail to publish using Integration Studio. Instead, they would get the following error "You don't have enough permissions over the database connections that own the following external entities." (RPD-4162)
    • Improved the performance of the Process Monitoring page in environments with a large number of activities. (RPD-4080)
    • Fixed an issue in AddAttributeToHtmlTag action that could lead to an ArgumentOutOfRange exception in runtime. (RPD-3931)
    • Fixed an issue that caused the scheduler to stop handling Processes for a while when updating an existing license via "ConfigurationTool /UploadLicense." (RSAT-1398)
    • Fixed error when publishing a module containing a SOAP Web Service with Structures with special names, such as Assembly. (RSBO-414)
    • Fixed an issue that caused Configuration Tool to crash when executing scripts on SQL Azure when the databases were being created. (RPD-3956)
    • Fixed ListBox widget variable being empty inside OnChange handler in specific scenarios. (RPD-3983)
    • Fixed compilation error when using aggregates with cache inside data actions. (RPD-4039)
    • Fixed a problem in the code generation of SOAP service methods containing '.' in their names. (RPD-3948)
    • Fixed a lock on a file by Compiler Service after a second stage compilation error in Service Studio publication. (RPD-4024)
    • Fixed a rare 'The process cannot access the file' error that occurred during deployments. (RPD-4166)
    • Fixed incorrect advanced query GetUsersByRoleId in the Users application. (RPD-4220)
    • Fixed an issue that would cause Configuration Tool to crash if the database was not accessible. (RSAT-1387)
    • Fixed a crash that occurred when importing SOAP Web Services that had invalid WSDL definition with missing portType elements. (RSBO-356)
    • Fixed an issue with Input_AutoComplete being triggered in IE11 due to an unexpected 'keydown' event. (RPD-3866)

    Platform Server Release Apr.2019 CP1


    Released on May 17, 2019

    New in Platform Server Release Apr.2019 CP1

    • Added warning when no user is configured for Users app. Removed note saying default admin password. (RLIT-2574)
    • Added a new public action (Popup_Editor_GetMessage) to RichWidgets to get the Notify Popup message. (ROU-142)

    Bug Fixing

    • Fixed a problem when using ListAppend and ListInsert functions containing an If expression in the List input parameter. (RPD-3984)
    • Fixed bug where sometimes when starting the Deploy Service, applications were not deployed automatically (RSCT-1761)
    • Fixes an issue where the Viewstate did not store nested web blocks for triggered events. (RPD-4070)

    Platform Server Release Apr.2019


    Released on May 06, 2019

    New in Platform Server Release Apr.2019

    • Clicking Environment/Module Management in the toolbar now opens Service Center in the default browser instead of render it directly inside Service Studio. (RICT-825)
    • We changed the SQL Injection warning message to advise you not to set the use of Expand Inline option to "Yes". The warning helps to follow solid SQL security practices. (RRCT-2128)
    • Improved the experience of the Users application. We gave it a new look and feel and made the following usability improvements:
      — Page-specific links/actions were moved to inside the pages; the sidebar will now only display fixed links and recent items
      — Added breadcrumbs to pages and pagination and records counter to all pages showing lists
      — Added text filter in users sub-lists
      — When a user does not have a username defined it appears as "Not Defined" in the lists so that you can click it
      — Roles, Groups and Users dropdowns don't show the records already added to the lists; however, roles still show when they were inherited by group to allow overriding
      — When a role is inherited by a group, it does not show the option to remove the role, since this operation is not possible
      — Added the list of users able to access the application to the Application_List page – inspired by Rebecca Hall's idea (RLIT-2343)
    • Added a new action Session_GetWebAppLoginInfo to the PlatformRuntime API that allows you to get user information in advanced REST authentication scenarios. (RRCT-2274)
    • The VerifySqlLiteral action from Sanitization API was deprecated in favor of BuildSafe_InClauseIntegerList and BuildSafe_InClauseTextList. These new actions are available in Platform Server 10.0.1005.0 and in Platform Server 11.0.422.0. (RRCT-2108)
    • Added instructions on importing the server configuration file (exported from the Deployment Controller) in the Front-end servers when upgrading to a new release. Inspired by Kurt Vandevelde's idea. (RSAT-1314)
    • The Platform Installer will now automate most of the prerequisites and performance tuning setup. The GUI has screens that guide you through this new step. Also, a new flag (/InstallPrerequisites=True) was added to unattended installation that is needed to signal explicitly that the installer should try to automate the prerequisites and performance tuning setup. (RSAT-1308)
    • Platform Server now requires Microsoft .NET Framework version 4.7.2. We recommend that you check both the "Runtime Changes" and "Retargeting Changes" pages in the Microsoft .NET Framework documentation to identify any possible impacts that this update might have on your OutSystems applications. Installing this version will require you to reboot your server. (RSAT-1396)
    • The base image required for OutSystems applications running on Docker Containers Deployment Technology is now "microsoft/dotnet-framework:4.7.2-runtime". (RSAT-1397)
    • Upgraded RabbitMQ Client library to version 5.1.0. (RRCT-2142)
    • Upgraded Microsoft.AspNet.WebApi libraries to version 5.2.7. (RRCT-2143)
    • Replaced the OWASP HTML Sanitizer in Sanitization.xif by the HtmlSanitizer NuGet package.
      The SanitizeHtml action has the following differences when compared with the previous version:
      — The <noscript> HTML tag is no longer allowed
      — Some HTML attributes are no longer allowed: onfocus, onblur, onclick, onmousedown, onmouseup, noresize, background
      — The style attribute is now accepted (check the list of CSS attributes allowed by default)
      — The sanitization of attribute values is less restrictive, with no security implications (e.g. the color attribute now accepts a wider range of different values)
      — There might be some slight differences in the sanitized output, with no security implications (e.g. the new sanitizer replaces <br/> elements with <br>)
      — The new sanitizer does not add a nofollow attribute to anchor elements (RRCT-2161)
    • Updated the following JavaScript libraries used by the mobile application runtime: 'decimal.js' to version 10.0.1, 'toformat' to version 2.0.0. (RTAF-91)
    • Implemented several optimizations that reduced the load time of "List Modules" and "Solution Details" pages in Service Center. (RSCT-1852)
    • On a first install, ServiceCenter will now be deployed into a dedicated application pool in IIS named "ServiceCenterAppPool". On upgrade, if ServiceCenter exists in "OutSystemsApplications" application pool in IIS, ServiceCenter will be moved to a dedicated application pool named "ServiceCenterAppPool". If ServiceCenter is already in some other application pool, it will not be moved. (RSAT-1338)
    • Added to FactoryConfiguration the option to include X-Content-Type-Options header with nosniff as a method of preventing MIME sniffing from older browser versions. (RRCT-2270)
    • Service Center now links to the detach process documentation instead of launching the No Lock-in tutorial. (RICT-1199)

    Bug Fixing

    • Fixed incorrect character encoding in packaging of mobile applications. (RRCT-2216)
    • Fixed runtime error in client-side Aggregates with dynamic Order By's containing more than one attribute. (RSBO-54)
    • Fixed an issue that caused the Application 1-Click Publish to fail consistently when a previous 1-Click Publish aborted with an error. (RSCT-1693)
    • Fixed NullBinary() comparisons in client side with binaries being returned from server side aggregates. Previously it always returned "false" even when the binaries had no content. (RRCT-2279)
    • Fixed SOAP introspection not detecting some unsupported features. (RSBO-246)
    • Fixed the creation of Blank and Service modules to have the correct user provider set, instead of having the Template marked as user provider. (RRCT-2296)
    • Fixed an issue that prevented some OutSystems services from stopping when the Deployment Controller service was not running. (RRCT-2295)
    • Fixed an issue that caused Service Center to crash when changing the configuration of a mobile application. (RLIT-2490)
    • Fixed the errors related to retrieving mobile app authentication configuration that happened in some environments after upgrading to OutSystems 11 or after regenerating the authentication and encryption keys in Service Center. The error prevented mobile applications from working. (RPD-3794)
    • The User_Login action of the Users API no longer logs errors when the authentication is set to Active Directory or LDAP and the login is successful. (RLIT-2387)
    • Fixed the default action on the Create / Edit solution page on Service Center. Now the default action is to save the solution instead of searching. (RPD-3953)
    • Fixed query errors in some Users screens. (RPD-4015)
    • Fixed a problem when using ListAppend and ListInsert functions containing an If expression in the List input parameter. (RPD-3984)
    • The User_Login action of the Users API no longer aborts database transactions when an exception occurs. (RRCT-2189)
    • Fixed a rare problem that prevented custom Application and Screen Templates from being registered. (RSCT-1753)
    • Fixed an issue that was causing the error "Duplicate is not a valid operation inside a StartIteration/EndIteration block" when using cached actions. (RPD-3698)
    • Fixed a security issue that could cause session ids to be leaked with access to the Platform logs. CVSSv3.0 score 4.9 (Medium). (RRCT-2277)
    • Fixed a rare runtime error while running Aggregates when the Entity internal name was a reserved keyword. (RSBO-29)
    • Fixed SOAP introspection and compilation of WSDLs with enumerations inside <list> elements. (RSBO-272)
    • Changed how the machine memory is calculated in installation tuning scripts (when configuring worker process optimizations). Previous method could fail in some scenarios. (RPD-3685)
    • Fixed a runtime error while filtering booleans and date type in BPT tables. (RSBO-299)
    • Fixed a problem with Single Sign On on some scenarios with multiple frontends or containers. This could also lead to "Session fixation mismatch" errors. All existing sessions from applications in containers will be lost in the upgrade process. (RRCT-2214)
    • Fixed an issue with SanitizeHTML when sanitizing URLs with = characters. (RPD-3978)
    • Fixed Configuration Tool error 'The device is not ready' during upgrades from previous versions. (RPD-3880)
    • Fixed an error during publish caused by using SOAP Web Services with enumerations in Mobile modules. (RSBO-219)
    • Japanese characters are now correctly saved to the database when used in the default value of site properties. (RPD-3775)
    • Fixed an issue where added or updated fields in an editable table were not being enabled after an Ajax refresh of a row. (RPD-3879)
    • Fixed an issue in the JSON Serialize widget that affected the serialization of Date and Time values. This was causing the JSON Deserialize widget to return empty values. (RPD-3970)
    • Fixed an issue while generating service code when a SOAP operation contained headers in its input/output parameters. (RPD-4030)
    • Fixed Invalid numeric precision/scale error when reading -2^96 Decimal value in SQL Server. (RPD-4059)
    • Fixed issue farm environments when the platform is installed on different disk locations. (RPD-3896)
    • Fixed bug that occurred when consuming SOAP Web Services that use the same schema type as request/response and fault. (RSBO-306)
    • Improved the warning message in wizard "Create Action to Bootstrap Data from Excel" when the attributes are not going to be included in the bootstrap. (RSBO-53)
    • Fixed an issue when bulk changing the Test Values of several attributes in an Aggregate that were reverting to their original value. This was only happening when the original value was not null. (RSBO-71)
    • Fixed compilation error caused by a missing validation for the Combo Box variable type. (RICT-1320)
    • Removed unused CSS code that could cause browsers to generate a 404 error when retrieving some resources used in the configuration console of AD and LDAP providers. Embedded a font that was previously being downloaded at execution time. (RSAT-1328)
    • Removed incorrect warnings that were shown in Configuration Tool when clicking on 'Test Connection' for database users. (RPD-3691)
    • Using the List_SortColumn_GetOrderBy function from RichWidgets in a SQL Query Parameter with the Expand Inline property enabled will no longer trigger a SQL Injection Warning. (RRCT-2106)
    • Fixed a visual glitch in the Native Platforms Tab of Service Studio. (RNMT-2430)
    • Fixed occasional crash when merging Web Screens. (RICT-1237)
    • Fixed an error that prevented you from upgrading a module with the dynamic join logic to OutSystems 11. (RPD-3674)
    • Fixed a problem which caused SOAP Web Services imported in version 11 to have incorrect information. This happened when the WSDL had an enumeration defined in a top-level element that is used directly in an input part. (RSBO-360)
    • Fixed occasional crash using the Search in several tabs at the same time. (RTAF-108)

    Platform Server Release Jan.2019 CP3


    Released on May 06, 2019

    Bug Fixing

    • Fixed the BPT automatic cleanup process that was marking newly created activities as closed. (RPD-3891)
    • The MABS version tag of a mobile application is now correctly updated in Service Center for all environments, including the ones not connected to LifeTime. (RPD-3851)
    • Fixed an issue in AddAttributeToHtmlTag action that could lead to an ArgumentOutOfRange exception in runtime. (RPD-3931)
    • Fixed a problem in the code generation of SOAP service methods containing '.' in their names. (RPD-3948)
    • Fixed an issue with Input_AutoComplete being triggered in IE11 due to an unexpected 'keydown' event. (RPD-3866)

    Platform Server Release Jan.2019 CP2


    Released on Mar 14, 2019

    Bug Fixing

    • We fixed a compilation error in the SOAP web services that prevented module publishing when an array of enums is used directly as output. This affected only applications with the new SOAP implementation. (RINT-3289)
    • We fixed a compilation error in the SOAP web services that prevented module publishing in some cases of single unbounded attributes. This affected only applications with the new SOAP implementation. (RINT-3303)
    • Now you can use the forward slash ("/") in the Name fields of the pictures in your mobile app without getting the 404 error once you save them to the back end and try loading them. (RPD-3638)
    • Fixed a runtime problem in consuming services when there is a complex type with a single element with maxOccurs > 1 and that type is used as an element inside another type with maxOccurs > 1. (RINT-3224)
    • Updated the version of Charts application distributed with LifeTime. (RLIT-2357)
    • Fixed a security vulnerability. CVSS v3.0 score 7.1 (High) - Full details to be released in May 2019 (RLIT-2388)
    • Fixed issue in LifeTime when downloading a specific Application Version. (RLIT-2416)
    • Fixed the deployment error "Could not find a part of the path" that appeared when publishing a solution through OSPTool when eSpaces were moved across database catalogs. (RPD-3863)
    • Fixed an issue that was closing the DatePicker widget on iOS devices in web applications. (RPD-3852)
    • Fixed a security vulnerability (reported by Mina Edwar from Verizon). CVSS v3.0 score 8.1 (High) - Full details to be released in May 2019 (RPD-3849)
    • Fixed SAP introspection corruption that prevented you from consuming some methods dealing with multi-level tables. (RPD-3773)
    • Fixed an issue in the deployment service that was undeploying modules after upgrading from version 10. (RSCT-1773)
    • Fixed an issue in the Oracle driver that was preventing a query from aborting when a HTTP request timeout occurred while session data was being manipulated. (RPD-3726)
    • Fixed a bug that allowed Light Processes to have Input Parameters but would cause a compilation error when publishing. (RPD-3358)
    • Fixed an image rendering issue in Image widgets using binary data when Content Security Policy (CSP) is enabled. (RRCT-2186)
    • We fixed a bug that occasionally prevented Configuration Tool to modify the machine.config file because the file was used by another process. (RSAT-1226)
    • We fixed the href values in the Email links generated by the GetEntryURL Action of the HTTPRequestHandler extension. (RRCT-2254)
    • Fixed the error "Circular attribute group reference" when executing the XMLDocument_Load action of the Xml extension. (RPD-3742)
    • Fixed issue where "_" (underscore) characters were removed from email attachment filenames. (RPD-3690)
    • We fixed the SynchronizePublishMetrics error messages that appeared in the Error Log of some upgraded environments. (RPD-3729)
    • Fixed an issue with Input_AutoComplete being triggered in IE11 due to an unexpected 'keydown' event. (RPD-3866)

    Platform Server Release Jan.2019 CP1


    Released on Jan 22, 2019

    New in Platform Server Release Jan.2019 CP1

    • Added support for Service Actions in Service Center analytics reports. (ABE-618)
    • Enabled slow Service Action calls to be displayed in Lifetime's analytics. (ABE-619)
    • It is now possible to consume SOAP Web Services with binary type inputs. (RINT-3228)
    • You can now customize the mobile app version code in Service Center. This number is used by app stores to determine whether one version is more recent than another. To set the version code, navigate to Service Center > Factory > your mobile app > Native Platforms, then click the Change link in the Code column. (RLIT-2106)
    • Cache invalidation service binaries are now fetched from the official repository. (RRCT-2050)
    • Improved the UI of the Deployment Zones screen in Service Center. (RSAT-1132)
    • Added README files that guide the user to more specific documentation on container deployment. These files are automatically added to the configured "Target Output" folder of the container hosting technology on the first deployment to the container. (RSAT-1078)
    • The base FROM image for Docker-based container hosting technologies - Amazon ECS, Azure Container Service, Docker Containers - has been changed from "microsoft/iis:latest" to "microsoft/dotnet-framework:4.7.1-runtime". The Deployment Zones associated with these container hosting technologies and using "microsoft/iis:latest" as the FROM image will be upgraded to use "microsoft/dotnet-framework:4.7.1-runtime". Deployment Zones that are already using a different FROM image will be kept unchanged. This change will increase the time of the first application deployment to containers, as the first layers of the OutSystems application image will need to be rebuilt. (RSAT-1105)
    • Deployment timeouts for Container Deployment Zones are now configurable in Service Center. (RSAT-1103)
    • Modified the default paths for Amazon ECS and Azure Container Service hosting technologies. (RSAT-1100)
    • The unattended installation and upgrade process now validates the prerequisites. (RSAT-1023)
    • When configuring a mobile application, it is now possible to choose the version of the Mobile Apps Build Service (MABS) that will be used to generate the mobile app package. (RNMT-2296)

    Bug Fixing

    • Fixed a security vulnerability. CVSSv3.0 score 7.1 (High) (RLIT-2388)
    • Fixed an issue in the deployment service that was undeploying modules after upgrading from version 10. (RSCT-1773)
    • We fixed a bug that prevented you from installing Charts or OutSystems Now from Forge in some situations, causing the message "Application cannot be safely installed in your environment" to show. (ABE-1289)
    • Fixed an issue deploying multiple module applications to containers when the publish order of the modules was interleaved, causing the deployment to containers to fail. (RSAT-1171)
    • Fixed an issue in the installation process where the CPU cores were incorrectly counted when the core count was bigger than 9. (RSAT-1172)
    • Fixed "Failed to parse JSON request content" server-side exception triggered after mobile app upgrade rollback and navigation to modified screens. (RPD-3118)
    • Improved the application recovery in scenarios where the cache invalidation service is down and starts running again. (RRCT-2036)
    • When updating the cache invalidation service settings in the Configuration Tool, the user password is now also updated. (RRCT-2048)
    • The server configuration template for the unattended installation process now sets to false by default the encrypted attributes within the cache invalidation configuration. (RRCT-2049)
    • The log message from system action EspaceInvalidateCache now includes the name of the eSpace. (RRCT-2055)
    • Fixed an issue in the Oracle driver that was preventing to abort a query when a HTTP request timeout occurred while session data was being manipulated. (RPD-3726)
    • Queries to LDAP can now fallback to LdapConnection objects when using basic authentication. (RPD-3624)
    • App Feedback application is now more resilient to feedback submitted from screens having frames injected dynamically or resources with zero content length. (RPD-3588)
    • Fixed an issue that was changing the strings within brackets passed to an SQL element via an expand inline parameter. (RPD-3565)
    • Fixed an issue in the clean up process for old login attempts in Service Center. (RPD-3061)
    • Fixed an error occurring when a user with no permission tried to access Service Center log screens. (RLIT-2321)
    • The Users application now shows the correct number of users with a role in an application. (RLIT-2274)
    • Fixed broken links for the Roles in the Users application. (RPD-2833)
    • We fixed a UI bug in Users application > Groups > Roles. Now you'll have the correct links for the groups you add in Roles. (RPD-3055)
    • The "Publish all consumers" button in Service Center eSpace details page now publishes only the consumer modules that have references to the producer module in the current running version. (RPD-3355)
    • Enable container deployment info messages to be displayed in LifeTime. (RLIT-2261)
    • Fixed a compilation issue consuming SOAP Web Services that have a WSDL with GUID types. (RINT-2757)
    • Fixed the incorrect serialization of input parameters of Date, Time and DateTime data types in consumed SOAP Web Services. This might have caused data corruption on some scenarios. Check the Known Issues section in the Platform Server Release Sep.2018 Release Notes for more information. (RINT-3069)
    • Fixed a publishing issue consuming SOAP Web Services when a SOAP Structure is used both inside a element and a List. (RINT-3190)
    • Consuming SOAP services that include Time outputs no longer causes a compilation error. (RINT-3203)
    • Fixed a publishing issue consuming SOAP Web Services when the SOAP Structure contain only a single attribute of type List. (RINT-3217)
    • Fixed an issue consuming SOAP Web Services that contain the element. (RINT-3229)
    • Fixed the conversion of nil values for numerical types when consuming SOAP Web Services. (RINT-3287)
    • Fixed a runtime error occurring when a List Box is inside a Table Records. (RAFT-1703)
    • Fixed an issue in the installation process that was accepting as valid certain unsupported .Net Framework versions. (RSAT-1169)
    • Fixed a problem in the Configuration Tool that was not updating the Logs tab correctly when changing the Authentication type to Windows in the Platform tab. (RSAT-1108)
    • Fixed URL used by LifeTime to redirect users to configurations pages of environments. (RPD-3302)
    • Fixed issue when trying to connect to an invalid service on port 12003. (RPD-3626)
    • Fixed an issue causing a "Not Found" error in the Configuration Tool that occurred in clean installations of OutSystems 11 using Windows Authentication. (RRCT-2068)

    Platform Server Release Jan.2019


    Removed from availability on Mar 21, 2019

    New in Platform Server Release Jan.2019

    • Added support for Service Actions in Service Center analytics reports. (ABE-618)
    • Enabled slow Service Action calls to be displayed in Lifetime's analytics. (ABE-619)
    • It is now possible to consume SOAP Web Services with binary type inputs. (RINT-3228)
    • You can now customize the mobile app version code in Service Center. This number is used by app stores to determine whether one version is more recent than another. To set the version code, navigate to Service Center > Factory > your mobile app > Native Platforms, then click the Change link in the Code column. (RLIT-2106)
    • When configuring a mobile application, it is now possible to choose the version of the Mobile Apps Build Service (MABS) that will be used to generate the mobile app package. (RNMT-2296)
    • Cache invalidation service binaries are now fetched from the official repository. (RRCT-2050)
    • Improved the UI of the Deployment Zones screen in Service Center. (RSAT-1132)
    • Added README files that guide the user to more specific documentation on container deployment. These files are automatically added to the configured "Target Output" folder of the container hosting technology on the first deployment to the container. (RSAT-1078)
    • The base FROM image for Docker-based container hosting technologies - Amazon ECS, Azure Container Service, Docker Containers - has been changed from "microsoft/iis:latest" to "microsoft/dotnet-framework:4.7.1-runtime". The Deployment Zones associated with these container hosting technologies and using "microsoft/iis:latest" as the FROM image will be upgraded to use "microsoft/dotnet-framework:4.7.1-runtime". Deployment Zones that are already using a different FROM image will be kept unchanged. This change will increase the time of the first application deployment to containers, as the first layers of the OutSystems application image will need to be rebuilt. (RSAT-1105)
    • Deployment timeouts for Container Deployment Zones are now configurable in Service Center. (RSAT-1103)
    • Modified the default paths for Amazon ECS and Azure Container Service hosting technologies. (RSAT-1100)
    • The unattended installation and upgrade process now validates the prerequisites. (RSAT-1023)

    Bug Fixing

    • We fixed a bug that prevented you from installing Charts or OutSystems Now from Forge in some situations, causing the message "Application cannot be safely installed in your environment" to show. (ABE-1289)
    • Fixed an issue in the installation process that was accepting as valid certain unsupported .Net Framework versions. (RSAT-1169)
    • Fixed an issue deploying multiple module applications to containers when the publish order of the modules was interleaved, causing the deployment to containers to fail. (RSAT-1171)
    • Fixed an issue in the installation process where the CPU cores were incorrectly counted when the core count was bigger than 9. (RSAT-1172)
    • Fixed "Failed to parse JSON request content" server-side exception triggered after mobile app upgrade rollback and navigation to modified screens. (RPD-3118)
    • Improved the application recovery in scenarios where the cache invalidation service is down and starts running again. (RRCT-2036)
    • When updating the cache invalidation service settings in the Configuration Tool, the user password is now also updated. (RRCT-2048)
    • The server configuration template for the unattended installation process now sets to false by default the encrypted attributes within the cache invalidation configuration. (RRCT-2049)
    • The log message from system action EspaceInvalidateCache now includes the name of the eSpace. (RRCT-2055)
    • Fixed an issue in the Oracle driver that was preventing a query from aborting when a HTTP request timeout occurred while session data was being manipulated. (RPD-3726)
    • Queries to LDAP can now fallback to LdapConnection objects when using basic authentication. (RPD-3624)
    • App Feedback application is now more resilient to feedback submitted from screens having frames injected dynamically or resources with zero content length. (RPD-3588)
    • Fixed an issue that was changing the strings within brackets passed to an SQL element via an expand inline parameter. (RPD-3565)
    • Fixed an issue in the clean up process for old login attempts in Service Center. (RPD-3061)
    • Fixed a problem in the Configuration Tool that was not updating the Logs tab correctly when changing the Authentication type to Windows in the Platform tab. (RSAT-1108)
    • Fixed an error occurring when a user with no permission tried to access Service Center log screens. (RLIT-2321)
    • Fixed broken links for the Roles in the Users application. (RPD-2833)
    • We fixed a UI bug in Users application > Groups > Roles. Now you'll have the correct links for the groups you add in Roles. (RPD-3055)
    • The "Publish all consumers" button in Service Center eSpace details page now publishes only the consumer modules that have references to the producer module in the current running version. (RPD-3355)
    • Enable container deployment info messages to be displayed in LifeTime. (RLIT-2261)
    • Fixed a compilation issue consuming SOAP Web Services that have a WSDL with GUID types. (RINT-2757)
    • Fixed the incorrect serialization of input parameters of Date, Time and DateTime data types in consumed SOAP Web Services. This might have caused data corruption on some scenarios. Check the Known Issues section in the Platform Server Release Sep.2018 Release Notes for more information. (RINT-3069)
    • Fixed a publishing issue consuming SOAP Web Services when a SOAP Structure is used both inside a element and a List. (RINT-3190)
    • Fixed a publishing issue consuming SOAP Web Services when the SOAP Structure contain only a single attribute of type List. (RINT-3217)
    • Consuming SOAP services that include Time outputs no longer causes a compilation error. (RINT-3203)
    • Fixed an issue consuming SOAP Web Services that contain the xsd:include element. (RINT-3229)
    • Fixed the conversion of nil values for numerical types when consuming SOAP Web Services. (RINT-3287)
    • Fixed a runtime error occurring when a List Box is inside a Table Records. (RAFT-1703)
    • The Users application now shows the correct number of users with a role in an application. (RLIT-2274)
    • Fixed a rare over-optimization issue occurring in implicit conversions for List Records. (RSCT-1705)
    • Fixed an issue causing a "Not Found" error in the Configuration Tool that occurred in clean installations of OutSystems 11 using Windows Authentication. (RRCT-2068)
    • Allow HTTP connections from Service Studio to the Templates Manager (RAFT-1792)

    Platform Server Release Sep.2018 CP2


    Released on Jan 04, 2019

    New in Platform Server Release Sep.2018 CP2

    • Added a comment in the generated SQL of Advanced Queries and Aggregates with the location of the query in OutSystems applications. Configurable using Factory Configuration. Inspired by Neil Munro's idea. (ABE-1151)
    • Improved the 1-Click Publish performance of modules containing references without entities or structures. (ABE-1275)
    • The automatic trigger URLs for the Deployment Zone of Container hosting technologies now send the module names (as a JSON array) of the application being deployed. (RSAT-1118)

    Bug Fixing

    • Fixed the incorrect serialization of input parameters of Date, Time and DateTime data types in consumed SOAP Web Services. This might have caused data corruption on some scenarios. Check the Known Issues section in the Platform Server Release Sep.2018 Release Notes for more information. (RINT-3069)
    • We fixed an array compilation error in the SOAP web services that prevented module publishing. This affected only applications with the new SOAP implementation. (RPD-3627)
    • Fixed SAP connection testing in Service Center that always failed with an invalid login error. (RPD-3847)
    • Fixed an issue that was causing the error "Duplicate is not a valid operation inside a StartIteration/EndIteration block" when using cached actions. (RPD-3698)
    • Fixed an issue that was causing high memory consumption when using complex structures with several lists. (RPD-3633)
    • Fixed an issue that caused JSON Deserialize to fail when deserializing Null DateTimes "1900-01-01T00:00:00" in Mobile Devices with Negative Timezones offsets. (RPD-3661)
    • Added module information to some Scheduler error logs where this information was missing. (RRCT-2072)
    • Fixed an issue deploying multiple module applications to containers when the publish order of the modules was interleaved, causing the deployment to containers to fail. (RSAT-1171)
    • Fixed an issue in the Configuration Tool that was incorrectly checking log permissions when clicking the "Create/Upgrade Database" button for the platform database. (RSAT-1110)
    • Fixed an issue that prevented applications running in containers from picking up changes to the configuration files when configuration files are mounted in containers using SMB volumes or Kubernetes ConfigMaps. (RSAT-1117)
    • Changes in the license of an environment now correctly propagate to applications running in containers. (RSCT-1378)
    • Fixed an issue that sometimes prevented users from publishing a module after debugging it in a personal area. (RSCT-1656)

    Platform Server Release Sep.2018 CP1


    Released on Dec 20, 2018

    New in Platform Server Release Sep.2018 CP1

    • Added a comment in the generated SQL of Advanced Queries and Aggregates with the location of the query in OutSystems applications. Configurable using Factory Configuration. Inspired by Neil Munro's idea. (ABE-1151)
    • We removed the obsolete "referrer" directive from the Content Security Policy (CSP) configuration screens. (RLIT-2270)
    • The timeout for building mobile applications has been increased to 30 minutes when launched from Service Studio. (RLIT-2095)
    • The logs of query errors from Aggregates and Advanced SQL now contain more details. (RRCT-1918)
    • We fixed an issue with the compiler optimizer that sometimes caused long compilation times. (RSCT-1302)
    • Now there's a warning during an introspection of a WSDL, if it contains an attributeGroups element. (RINT-2759)
    • Added support for SOAP Arrays in consumed SOAP Web Services. (RINT-956)
    • Added support for "any" elements in consumed SOAP Web Services. (RINT-1439)
    • Added support for Polymorphism in consumed SOAP Web Services. (RINT-1972)
    • The SSL offload is now on by default for applications running in containers. (RSAT-1073)
    • The container deploy process no longer leaves behind old result files. (RSAT-887)

    Bug Fixing

    • Changing an input parameter of a Service Action from optional to mandatory will now trigger an exception at runtime when the parameter value is not set. (ABE-949)
    • We fixed an issue related to the Oracle driver not being able to abort a query when a HTTP request timeout occurs. (RPD-3426)
    • Now the system entities in the Oracle databases create the correct indexes for primary keys of the Text type. (RPD-3528)
    • User information is no longer propagated in BPT actions (e.g. ActivityClose) when the process is defined in a module with a different User Provider. (RRCT-1969)
    • In the modules with multi-tenant tables, the compilation time no longer scales up with the number of existing tenants. (RPD-3085)
    • Fixed a bug that prevented CSP (Content Security Policy) violation logs from reaching the endpoint specified by the "report-to" header field. Now the violation logs are saved properly. (RRCT-1982)
    • You can now set OutSystems to reject the requests for non-supported image formats. In "Factory Configuration" Forge component, go to Security and check the option "Enforce Valid Image Formats on Image and Binary Endpoints". The valid image formats are GIF, PNG, and JPEG. The setting applies to the images the end-users upload through the applications created in OutSystems. (RRCT-2002)
    • Fixed issue that prevented unblocking operations on blocked IP Addresses in the Users application when using Oracle as the database platform. (RPD-3537)
    • Fixed a bug that caused a "Cannot read property 'type' of null" JavaScript error when removing a radio button via an AJAX call. (RPD-3490)
    • Fixed PerformanceMonitoring API returning a TTLB (Time To First Byte) value lower than the TTFB (Time To Last Byte) value for Submit requests. (RPD-3497)
    • Fixed Feedback Message in Screen Preparation being shown twice. (RPD-3516)
    • Fixed high database load caused by the "GetDevEffort" query during LifeTime synchronization operations. (RPD-3542)
    • Now the AJAX Request no longer fails when a Web Screen has multiple HTML Forms. (RPD-3558)
    • We fixed the listing of the database connections for the extension configuration, so it can show more than 100 server connection. (RPD-3571)
    • Now you can set an empty Timer schedule in Service Center. This was already possible in Service Studio. (RPD-3580)
    • Fixed the default browser behavior to ask to save the login credentials. Now the password fields in OutSystems applications such as Service Center or LifeTime have the "autocomplete" property set to "off" by default. (RPD-3464)
    • We fixed the OsVisitor cookies so they are now properly set to expire, and no longer lost when the browser is closed. (RPD-3590)
    • Now you won't have an empty item in Service Center "Recent items" sidebar list when you publish an existing eSpace through Service Center. (RLIT-2277)
    • Now your unattended platform installations have the Debug Mode enabled. We fixed a bug that deactivated Environment Debug Mode when uploading the first license. (RLIT-2262)
    • Fixed issue that left applications as outdated after synchronization. (RLIT-2244)
    • Some previously missing administrative operations are now allowed in on-premises environments in hybrid infrastructures. (RPD-3449)
    • We corrected an issue with the Oracle introspection in Integration Studio. Integration Studio was unable to find tables if the schema was not explicit. Now there's a fallback to use the schema configured in the database connection. (RPD-2938)
    • Fixed the Service Center mobile request logs so they now have a unit of time. (RLIT-2170)
    • Fixed the name of the export file obtained after clicking the "Export to Excel" link from the Integrations Log page in Service Studio. (RLIT-2153)
    • Fixed spacing issues between links in the Tenant tab of the eSpace details screen in Service Center. (RLIT-2193)
    • Fixed the "Expected ';'" JavaScript error that appeared after an AJAX Refresh in some scenarios. (RPD-3511)
    • Fixed a compilation error that occurred when using a Web Service containing action with single outputs of type Structure. (RINT-2775)
    • The Configuration Tool command-line parameter "/ModifyDeploymentZone" now fails gracefully when trying to modify a non-existing deployment zone. (RSAT-1042)
    • Due to the specifics of deploying applications into containers, we disabled the Delete button for those applications. This is to prevent OutSystems Deployment Controller Service, for the application you are trying to delete, from a lock during the 30 minutes timeout in some scenarios. Otherwise, you'd need to restart the OutSystems Deployment Controller Service to resume normal operations before the timeout. Additionally, the messages related to container deployment are now correctly shown in LifeTime. Check "Deleting an application that is manually deployed to a container" for the instructions. (RSAT-1077)
    • Fixed deprecation warning due to the usage of 'buildpack' attribute in Pivotal Cloud Foundry (PCF) manifest files, which are used for PCF deployments. (RSAT-1055)
    • We fixed a resource disposal issue that might cause errors while contacting external container deployment tools. (RSAT-1104)
    • Fixed the incorrect serialization of input parameters of Date, Time and DateTime data types in consumed SOAP Web Services. This might have caused data corruption on some scenarios. Check the Known Issues section in the Platform Server Release Sep.2018 Release Notes for more information. (RINT-3069)
    • Fixed incorrect packaging of the Caching and Logging libs for the Container Application Scheduler. (RSAT-1074)
    • Consuming SOAP services that include Time outputs no longer causes a compilation error. (RINT-3203)
    • Fixed Service Center so it now ignores the database incoherences that can cause timers to appear to be running indefinitely. (RPD-2999)
    • Fixed an issue where database images containing trailing white spaces were not being rendered. (RRCT-1967)
    • Fixed an inconsistency in the Null binary parsing when serialized. Now a Null binary returned by the server actions is always serialized to '{}'. (RRCT-1968)
    • Fixed compilation error when WSDL anonymous types were not found. (RINT-2699)
    • Fixed rare deadlock in OutSystems Services. (RPD-3584)
    • Improved the flush of logs to the database when stopping the platform services to prevent the loss of some logs during shutdown. (RRCT-1989)
    • We fixed a performance bug in the database connection related to the login mechanism. You should see improvement in the applications that run many queries during the initialization phase. (RRCT-2033)
    • The RabbitMQ client now supports TLS 1.1 and TLS 1.2. (RRCT-2013)
    • Fixed Configuration Tool making it reference the Cache Invalidation Service script relative to its path. (RRCT-2003)
    • Oracle hints are no longer removed from queries supplied to Advanced SQL elements through input parameters. (RPD-3457)
    • Fixed a bug in LifeTime and Service Center that was marking modules as successfully published after the deployment failure. (RSCT-1222)
    • Now the custom handlers render correctly in the applications deployed to containers. (RRCT-1972)
    • Fixed the error about the 'precache.manifest' file not found that appeared when publishing a mobile module. (RSCT-1638)

    Platform Server Release Sep.2018


    New in Release Sep.2018

    Architecture
    • Added a new application and module type (Services) to promote a better application segmentation and governance. (ABE-1276)
    • Added a new language element (Service Action) which is a loosely coupled action (REST underneath) with impact analysis and security by default. (ABE-1277)
    • Optional parameters and attributes do not require refreshing consumers, making larger systems more loosely coupled and allowing independent teams to release more often without impacting each other. (ABE-1278)
    • Public Screens are now loosely coupled, avoiding circular references in dependency analysis. (ABE-1279)
    Containers
    • It's now possible to deploy and run OutSystems applications using Windows Docker Container in an on-premise Docker container environment, or in a cloud environment like Amazon (in Elastic Container Service) or Azure (in Azure Container Service). (RSAT-505)
    • The concept of Zones was revamped and it's now called Deployment Zones and have them associated to a hosting technology when application will be deployed. (RSAT-612)
    • A set of tools is now available to collect information about the Docker container and application health in order to help the troubleshoot or gather relevant information to the analysis. Check these troubleshooting tools here. (RSAT-829)
    • "Automatic" in the Deployment Mode section. For more info on how to configure the URLs that trigger the deployment actions, check How to automate Docker container deployment with Jenkins. (RSAT-395)
    • When an application is associated to a Deployment Zone configured to use containers as hosting technology, OutSystems platform will generate a bundle with all the assets needed to allow build and run your application in a container. (RSAT-385)
    • Fixed a container-related issue that left temporary files behind after aborting a solution that was published in the two steps mode. (RSCT-1379)
    • OutSystems Management Consoles gives you the possibility to defined the hosting technology for your applications. That technology is now visible though their logos in Lifetime animations. (RSAT-769)
    • Provided an hosting technology associated to Pivotal Cloud Foundry. When applications associated to a Deployment Zone with this kind of hosting technology are deployed, a bundle with all the assets are generated in order to deploy and run OutSystems applications in Pivotal Application Service (PAS). (RSAT-694)
    • It is now possible to define the desired Deployment Zone for an application during the preparation of a staging operation in LifeTime. (RSAT-744)
    SOAP
    • SOAP Web Service Methods now support default values in Input Parameters, Output Parameters and Structure Attributes of SOAP Web Services. The minOccurs/nillable WSDL attributes are now taken into consideration when determining mandatory Input Parameters and Structure Attributes. (RINT-1833)
    • Added support for consuming SOAP web services with Enumerations. (RINT-1764)
    • Introspect a WSDL that requires the basic authentication by passing the username and password into the URL (e.g. https://username:password@server/example.com?wsdl). Inspired by Darren Conroy's idea. (RINT-1656)
    • It is now possible to define the authentication type and the corresponding credentials for an imported SOAP 1.2 web service. (RINT-1225)
    • It is now possible to dynamically authenticate with different credentials per SOAP 1.2 web service method. (RINT-900)
    • It is now possible to override the authentication credentials for a SOAP 1.2 web service in Service Center. (RINT-897)
    • It's now possible to configure and see logs of consumed SOAP 1.2 web services in Service Center. (RINT-841)
    • Added support for consuming SOAP web services with nillable attributes. (RINT-835)
    • It is now possible to override the default service endpoint for a SOAP 1.2 web service in Service Center. (RINT-899)
    Logging
    • It's now possible to store logs in a separate database from the one storing the data used by business applications and the data that supports the platform runtime (thanks to Didier Miller for highlighting this need as an idea). (RRCT-1472)
    • Applications are now self sufficient regarding logging their own information. From now on the logging mechanism do not rely on an external service (LogService). (RRCT-839)
    • The logs of the query errors from Aggregates and Advanced SQL now contain more details. (RRCT-1918)
    • Unattended Installation API was updated to take in consideration a possible split between platform database and logging database (RRCT-1783)
    More
    • We improved the 1-Click Publish performance of the published modules by making the deploy phase differential. The smaller the number of modified resources, the more noticeable the speed improvement is. (RSCT-1436)
    • Application debug mode no longer depends on environment type (e.g. DEV, QA), making it possible to debug applications in all environments. Introduced new types of environments to allow for more flexible management of infrastructures. (RSCT-1148)
    • Web Blocks now support Events and Event Handlers to propagate changes to their parent element. (RAFT-1371)
    • You can now use ListDistinct, a new client and server action. The action removes duplicates from the list. Inspired by Carlos Henriques' idea. (RCOT-1108)
    • Inputs now have aria-required and aria-invalid attributes in web runtime applications. (RAFT-1292)
    • HTTPS is now maintained even when navigating to a Screen not explicitly marked as requiring HTTPS. (RRCT-1399)
    • Binary Resources referenced by Web Applications now have a 'by-copy' semantic and are automatically copied to relevant consumer Modules. (RRCT-1155)
    • New method registerDeviceClassGetter added to JS Public API allows to change the default behavior of adapting the css classes applied to the device resolution. By default, resolution higher than 1024px are considered tablets. (RAFT-1296)
    • To achieve higher performance, you can now create stateless BAPI calls to the SAP servers. (RINT-1934)
    • Changed the default User Provider for blank modules to match the provider of the Application Template in use. (RRCT-1858)
    • Configuration Tool now automatically changes the pipeline mode to "Integrated" in IIS Application Pools that only contain OutSystems applications. (RSAT-295)
    • OutSystems caching mechanism now uses RabbitMQ system to forward cache invalidation notifications to OutSystems applications. (RRCT-835)
    • You can now use Configuration Tool, via UI or Unattended Installation API, to install and configure the Cache Invalidation Service (RabbitMQ). (RRCT-1728)
    • To prevent runtime problems, the Session Database upgrade step is now mandatory during the Platform updates. (RSAT-974)
    • Removed support for SMS feature. (RRCT-1639)
    • Deprecated BeginReadUncommittedTransaction and BeginTransaction methods from RuntimePublic.Db API. (RSAT-791)

    Bug Fixing

    • Fixed a bug that caused the processing of error logs to fail with long Action names. (RPD-1769)
    • Fixed the bug that caused "Could not login to 127.0.0.1" error while publishing the "Current Running Version" of a Solution in Service Center. This caused issues in some upgrades. (RPD-2415)
    • Improved the Resources error message about paths that are too long. (ABE-1214)
    • Fixed invalid login error when using Integrated Authentication for both database and web service consumption. (RPD-3417)
    • Fixed an error related to the generation of the application icons when uploading an icon or creating a solution by uploading an OSP or OAP. (RPD-3444)
    • Fixed splash screen hanging in iOS when Content Security Policies are enabled. (RPD-3428)
    • Fixed an installation problem that was recreating the default Global Zone even after you had deleted it. (RSCT-1412)
    • Fixed an issue that was keeping unnecessary files in the "repository" folder on the server, increasing the folder size. (RSCT-1227)
    • Fixed problem that caused a module publish operation to fail due to a concurrent publish even when that module was not being published anywhere else. (RSCT-1267)
    • Fixed a problem where publishing simultaneously modules with identical names in different personal environments would result in having future publication attempts of those modules blocked. (RSCT-1287)
    • Fixed a bug that caused invalid generation of the CSP HTTP headers when using the default values from the Service Center settings. This prevented a small number of iOS apps from loading after the splash screen. (RRCT-1966)

    Known Issues

    • In some situations, the new SOAP implementation in OutSystems 11 incorrectly serializes input parameters of Date, Time and DateTime data types for consumed Web Services, which might cause data corruption (namely losing time offsets for Time and DateTime data types) when sending values of these data types. This new implementation is used for all consumed SOAP Web Service elements created in version 11.

      The previous behavior (in OutSystems 10) is the following:
      — Values of Time data type are sent without date information and with timezone information (offset).
      — Values of DateTime data type are sent with timezone information (offset).
      — Values of Date data type are sent without time information.

      In OutSystems 11 up to version 11.0.128.0 the incorrect behavior is the following:
      — Values of Time data type are sent with (unnecessary) date information and without timezone information (offset).
      — Values of DateTime data type are sent without timezone information (offset).
      — Values of Date data type are sent with (unnecessary) time information.

      The incorrect behavior has been fixed in version 11.0.128.0 to match the OutSystems 10 behavior.

    Platform Server 11.0.539.0


    Released on Jul 25, 2019

    New in Platform Server Release Jul.2019 CP1

    • Added support for TLS 1.1 and TLS 1.2 on MySQL external database connections. Warning: OutSystems now distributes BouncyCastle (v1.8.3) and Google.Protobuf (v.3.6.1.0) alongside the MySQL driver - this may impact the existing extensions that use different versions. (RSAT-1258)
    • Downloading a mobile app by scanning the QR code in Service Studio is now possible on iOS 13. (RTAF-628)

    Bug Fixing

    • Fixed an issue that prevented some Dependencies to be added in Search in other Modules. (RDEV-413)
    • Fixed a security vulnerability. CVSSv3.0 score 7.5 (High). (RNMT-2812)
    • Fixed an issue in the Spanish translation of RichWidgets. (RPD-3132)
    • Fixed compilation error that occurred when SOAP Faults were using types based on the .NET CLR (Common Language Runtime). (RPD-3979)
    • Fixed bug where attributes of structures created by an Integration Plugin which had default values could not be consumed in another module. (RPD-3862)
    • Fixed compilation error when removing Entity or Structure attributes that are still used in consumer modules. (RSBO-630)
    • Description of entities using Japanese characters will be saved using Unicode correctly after first publish. (RPD-4258)
    • Fixed incorrect advanced query GetUsersByRoleId in the Users application. (RPD-4220)
    • Fixed missing producers when consuming/refreshing references while logged in using a composite user name (domain\username). (RPD-4185)
    • Fixed an issue in 1-Click Publish when a module is renamed changing only the case (e.g. from ModuleName to ModuleNAME), which was causing the module to be incorrectly undeployed. (RSCT-2042)
    • Fixed an issue in the pre-requisites checking stage of the Platform Server installer so it doesn't fail for Windows installations using Japanese language. (RPD-4212)

    Disclaimer: QR CODE is a registered trademark of Denso Wave Incorporated.

    Platform Server 11.0.424.3


    Released on May 17, 2019

    New in Platform Server Release Apr.2019 CP1

    • Added warning when no user is configured for Users app. Removed note saying default admin password. (RLIT-2574)
    • Added a new public action (Popup_Editor_GetMessage) to RichWidgets to get the Notify Popup message. (ROU-142)

    Bug Fixing

    • Fixed a problem when using ListAppend and ListInsert functions containing an If expression in the List input parameter. (RPD-3984)
    • Fixed bug where sometimes when starting the Deploy Service, applications were not deployed automatically (RSCT-1761)
    • Fixes an issue where the Viewstate did not store nested web blocks for triggered events. (RPD-4070)

    Platform Server 11.0.422.0


    Released on May 06, 2019

    New in Platform Server Release Apr.2019

    • Clicking Environment/Module Management in the toolbar now opens Service Center in the default browser instead of render it directly inside Service Studio. (RICT-825)
    • We changed the SQL Injection warning message to advise you not to set the use of Expand Inline option to "Yes". The warning helps to follow solid SQL security practices. (RRCT-2128)
    • Improved the experience of the Users application. We gave it a new look and feel and made the following usability improvements:
      — Page-specific links/actions were moved to inside the pages; the sidebar will now only display fixed links and recent items
      — Added breadcrumbs to pages and pagination and records counter to all pages showing lists
      — Added text filter in users sub-lists
      — When a user does not have a username defined it appears as "Not Defined" in the lists so that you can click it
      — Roles, Groups and Users dropdowns don't show the records already added to the lists; however, roles still show when they were inherited by group to allow overriding
      — When a role is inherited by a group, it does not show the option to remove the role, since this operation is not possible
      — Added the list of users able to access the application to the Application_List page – inspired by Rebecca Hall's idea (RLIT-2343)
    • Added a new action Session_GetWebAppLoginInfo to the PlatformRuntime API that allows you to get user information in advanced REST authentication scenarios. (RRCT-2274)
    • The VerifySqlLiteral action from Sanitization API was deprecated in favor of BuildSafe_InClauseIntegerList and BuildSafe_InClauseTextList. These new actions are available in Platform Server 10.0.1005.0 and in Platform Server 11.0.422.0. (RRCT-2108)
    • Added instructions on importing the server configuration file (exported from the Deployment Controller) in the Front-end servers when upgrading to a new release. Inspired by Kurt Vandevelde's idea. (RSAT-1314)
    • The Platform Installer will now automate most of the prerequisites and performance tuning setup. The GUI has screens that guide you through this new step. Also, a new flag (/InstallPrerequisites=True) was added to unattended installation that is needed to signal explicitly that the installer should try to automate the prerequisites and performance tuning setup. (RSAT-1308)
    • Platform Server now requires Microsoft .NET Framework version 4.7.2. Installing this version will require you to reboot your server. (RSAT-1396)
    • The base image required for OutSystems applications running on Docker Containers Deployment Technology is now "microsoft/dotnet-framework:4.7.2-runtime". (RSAT-1397)
    • Upgraded RabbitMQ Client library to version 5.1.0. (RRCT-2142)
    • Upgraded Microsoft.AspNet.WebApi libraries to version 5.2.7. (RRCT-2143)
    • Replaced the OWASP HTML Sanitizer in Sanitization.xif by the HtmlSanitizer NuGet package.
      The SanitizeHtml action has the following differences when compared with the previous version:
      — The <noscript> HTML tag is no longer allowed
      — Some HTML attributes are no longer allowed: onfocus, onblur, onclick, onmousedown, onmouseup, noresize, background
      — The style attribute is now accepted (check the list of CSS attributes allowed by default)
      — The sanitization of attribute values is less restrictive, with no security implications (e.g. the color attribute now accepts a wider range of different values)
      — There might be some slight differences in the sanitized output, with no security implications (e.g. the new sanitizer replaces <br/> elements with <br>)
      — The new sanitizer does not add a nofollow attribute to anchor elements (RRCT-2161)
    • Updated the following JavaScript libraries used by the mobile application runtime: 'decimal.js' to version 10.0.1, 'toformat' to version 2.0.0. (RTAF-91)
    • Implemented several optimizations that reduced the load time of "List Modules" and "Solution Details" pages in Service Center. (RSCT-1852)
    • On a first install, ServiceCenter will now be deployed into a dedicated application pool in IIS named "ServiceCenterAppPool". On upgrade, if ServiceCenter exists in "OutSystemsApplications" application pool in IIS, ServiceCenter will be moved to a dedicated application pool named "ServiceCenterAppPool". If ServiceCenter is already in some other application pool, it will not be moved. (RSAT-1338)
    • Added to FactoryConfiguration the option to include X-Content-Type-Options header with nosniff as a method of preventing MIME sniffing from older browser versions. (RRCT-2270)
    • Service Center now links to the detach process documentation instead of launching the No Lock-in tutorial. (RICT-1199)
    • Header 'X-Content-Type-Options' with value 'nosniff' is now added by default to all server responses. Applications with custom solutions to achieve the same outcome should be reviewed to ensure compatibility with the new solution, or disable it using Factory Configuration (not recommended). (RRCT-2082)

    Bug Fixing

    • Fixed incorrect character encoding in packaging of mobile applications. (RRCT-2216)
    • Fixed runtime error in client-side Aggregates with dynamic Order By's containing more than one attribute. (RSBO-54)
    • Fixed an issue that caused the Application 1-Click Publish to fail consistently when a previous 1-Click Publish aborted with an error. (RSCT-1693)
    • Fixed NullBinary() comparisons in client side with binaries being returned from server side aggregates. Previously it always returned "false" even when the binaries had no content. (RRCT-2279)
    • Fixed SOAP introspection not detecting some unsupported features. (RSBO-246)
    • Fixed the creation of Blank and Service modules to have the correct user provider set, instead of having the Template marked as user provider. (RRCT-2296)
    • Fixed an issue that prevented some OutSystems services from stopping when the Deployment Controller service was not running. (RRCT-2295)
    • Fixed an issue that caused Service Center to crash when changing the configuration of a mobile application. (RLIT-2490)
    • Fixed the errors related to retrieving mobile app authentication configuration that happened in some environments after upgrading to OutSystems 11 or after regenerating the authentication and encryption keys in Service Center. The error prevented mobile applications from working. (RPD-3794)
    • The User_Login action of the Users API no longer logs errors when the authentication is set to Active Directory or LDAP and the login is successful. (RLIT-2387)
    • Fixed the default action on the Create / Edit solution page on Service Center. Now the default action is to save the solution instead of searching. (RPD-3953)
    • Fixed query errors in some Users screens. (RPD-4015)
    • Fixed a problem when using ListAppend and ListInsert functions containing an If expression in the List input parameter. (RPD-3984)
    • The User_Login action of the Users API no longer aborts database transactions when an exception occurs. (RRCT-2189)
    • Fixed a rare problem that prevented custom Application and Screen Templates from being registered. (RSCT-1753)
    • Fixed an issue that was causing the error "Duplicate is not a valid operation inside a StartIteration/EndIteration block" when using cached actions. (RPD-3698)
    • Fixed a security issue that could cause session ids to be leaked with access to the Platform logs. CVSSv3.0 score 4.9 (Medium). (RRCT-2277)
    • Fixed a rare runtime error while running Aggregates when the Entity internal name was a reserved keyword. (RSBO-29)
    • Fixed SOAP introspection and compilation of WSDLs with enumerations inside <list> elements. (RSBO-272)
    • Changed how the machine memory is calculated in installation tuning scripts (when configuring worker process optimizations). Previous method could fail in some scenarios. (RPD-3685)
    • Fixed a runtime error while filtering booleans and date type in BPT tables. (RSBO-299)
    • Fixed a problem with Single Sign On on some scenarios with multiple frontends or containers. This could also lead to "Session fixation mismatch" errors. All existing sessions from applications in containers will be lost in the upgrade process. (RRCT-2214)
    • Fixed an issue with SanitizeHTML when sanitizing URLs with = characters. (RPD-3978)
    • Fixed Configuration Tool error 'The device is not ready' during upgrades from previous versions. (RPD-3880)
    • Fixed an error during publish caused by using SOAP Web Services with enumerations in Mobile modules. (RSBO-219)
    • Japanese characters are now correctly saved to the database when used in the default value of site properties. (RPD-3775)
    • Fixed an issue where added or updated fields in an editable table were not being enabled after an Ajax refresh of a row. (RPD-3879)
    • Fixed an issue in the JSON Serialize widget that affected the serialization of Date and Time values. This was causing the JSON Deserialize widget to return empty values. (RPD-3970)
    • Fixed an issue while generating service code when a SOAP operation contained headers in its input/output parameters. (RPD-4030)
    • Fixed Invalid numeric precision/scale error when reading -2^96 Decimal value in SQL Server. (RPD-4059)
    • Fixed issue farm environments when the platform is installed on different disk locations. (RPD-3896)
    • Fixed bug that occurred when consuming SOAP Web Services that use the same schema type as request/response and fault. (RSBO-306)
    • Improved the warning message in wizard "Create Action to Bootstrap Data from Excel" when the attributes are not going to be included in the bootstrap. (RSBO-53)
    • Fixed an issue when bulk changing the Test Values of several attributes in an Aggregate that were reverting to their original value. This was only happening when the original value was not null. (RSBO-71)
    • Fixed compilation error caused by a missing validation for the Combo Box variable type. (RICT-1320)
    • Removed unused CSS code that could cause browsers to generate a 404 error when retrieving some resources used in the configuration console of AD and LDAP providers. Embedded a font that was previously being downloaded at execution time. (RSAT-1328)
    • Removed incorrect warnings that were shown in Configuration Tool when clicking on 'Test Connection' for database users. (RPD-3691)
    • Using the List_SortColumn_GetOrderBy function from RichWidgets in a SQL Query Parameter with the Expand Inline property enabled will no longer trigger a SQL Injection Warning. (RRCT-2106)
    • Fixed a visual glitch in the Native Platforms Tab of Service Studio. (RNMT-2430)
    • Fixed occasional crash when merging Web Screens. (RICT-1237)
    • Fixed an error that prevented you from upgrading a module with the dynamic join logic to OutSystems 11. (RPD-3674)
    • Fixed a problem which caused SOAP Web Services imported in version 11 to have incorrect information. This happened when the WSDL had an enumeration defined in a top-level element that is used directly in an input part. (RSBO-360)
    • Fixed occasional crash using the Search in several tabs at the same time. (RTAF-108)
    • Was this article helpful?