Released on Sep 22, 2021
New in Platform Server 11.13.1
- We improved the UI and overall user experience of the Preview in Devices. We also added support for a modern variety of devices. (ROU-2177)
- The Modules screen in Service Center now displays the correct modules list when filtering by Status "with errors and warnings". (R11CT-121)
- Fixed the deployment error "Module [module name] is not available for deployment". (R11PBT-176)
- Fixed an issue in the Deployment Service that was causing incorrect log information of the modules to be undeployed/deleted from a frontend. (R11PIT-250)
- Fixed an issue that caused the logs of mobile apps to have an incorrect timestamp. (RPM-1172)
- Fixed an issue that sometimes caused the Environment Information not to be filled in the Service Center error logs. (RPM-1265)
- Fixed an issue in PWA applications where splash screens would hang on iOS 14.6 devices. (RPM-1308)
- Fixed broken references errors to indirect producers after an upgrade to Platform Server 11.12.1 or higher. (RPM-1352)
- Fixed an issue that caused navigations to the previous screen to go back more screens than it should. (RPM-1371)
- Fixed an issue that caused disabled Scheduler services to pick up events and email tasks that they would not process. This also caused a permanent warning displayed on the monitoring pages. (RPM-599)
- Fixed an issue that was preventing developers from using the Distribute tab in Service Studio. The issue would only manifest when Active Directory authentication was enabled for IT users. (RPM-921)
Fixed a server-side request forgery (SSRF) vulnerability on custom handlers. CVSSv3.1 score 6.5 (Medium).
Application Runtime Data Access and Manipulation
To protect our customers we're not providing further details on the issue.
Fixed an issue that caused the logs of mobile apps to have an incorrect timestamp.
Application Runtime Logging
The logs related to mobile apps, as shown in Service Center, were sometimes presenting a timestamp that was deviated from the actual time the event occurred. This could cause the events on the logs not to reflect the order in which they actually occurred, making it harder to understand the logs and troubleshoot a mobile app. The behavior was fixed and the timestamp of the logs now reflects the exact time of the event.
Fixed an issue that sometimes caused the Environment Information not to be filled in the Service Center error logs.
Application Runtime Logging
The issue would sometimes manifest when the device running the mobile app was offline and an error occurred. When the device comes online, the information is sent to the server to log. The log was written, however, the Environment Information field as seen in the error log detail didn't contain any data. Such information is useful to provide the runtime context in which the error occurred. This issue didn't cause any impact on the mobile app's normal usage nor on the end-user experience.
Fixed an issue in PWA applications where splash screens would hang on iOS 14.6 devices.
Application Runtime Application Distribution
Fixed broken references errors to indirect producers after an upgrade to Platform Server 11.12.1 or higher.
After upgrading to 11.12.1 and publishing a module, runtime errors due to incompatible definitions might occur. The issue would occur when a consumer module A is using a producer module B and that producer, in turn, has a producer C that references an extension E. In that case, module A would have errors about incompatibility with an Action from extension E.
Fixed an issue that caused navigations to the previous screen to go back more screens than it should.
On a Mobile or Reactive Web app, a screen that has a link that navigates to the previous screen would go instead to the screen before that. Effectively the navigation would send users to 2 screens before the screen they were on. More specifically, the wrong previous screen navigation occurs only after a navigation is performed on an OnInitialize event of a screen. The issue happens only with applications compiled on Platform Server version 11.12.0 or higher. It may happen on previous Platform Server versions, if the environment had the React 16 Technical Preview feature activated. The issue was fixed in this version and the wrong redirect will no longer occur.
Fixed an issue that caused disabled Scheduler services to pick up events and email tasks that they would not process. This also caused a permanent warning displayed on the monitoring pages.
Application Lifecycle Service Center
When configuring the servers it is possible to disable BPT processing for specific servers. This issue caused some events to be picked up during the disabled schedulers startup but never processed. The issue does not exist if all servers are allowed to execute BPT.
Fixed an integrated authentication vulnerability in OutSystem Cloud environments. CVSSv3.1 score 5.5 (Medium).
Fixed a vulnerability that would allow, in the OutSystems Cloud, users with access to the underlying infrastructure to be able to access applications developed in the environment. The vulnerability was fixed so that it no longer allows privileged users with infrastructure access to log in to applications.
Fixed an issue that was preventing developers from using the Distribute tab in Service Studio. The issue would only manifest when Active Directory authentication was enabled for IT users.
Service Studio Distribute
For Mobile apps, accessing Distribute tab in Service Studio in an environment with Active Directory enabled for IT users, would result in an "Invalid user credentials" error, even if the credentials were correct. The issue would occur with a combination of a Platform Server version higher than 11.10.2 and Service Studio version 11.10.06 or higher.
Fixed multiple security risks on the documentation of a REST API by raising the handlebars.js used in the swagger UI. CVSSv3.1 score 6.5 (Medium).
Application Runtime Logic Execution
The auto-generated documentation of a REST API was using an outdated version of handlebars.js that has known vulnerabilities. Security tests would flag this. The handlebars.js version was raised to an updated version.