11.1-MP5 Maintenance Patch Notes

May 2023

Business Rule Announcement

Impact to Certain JavaScript Business Rules

Starting in 10.3, JavaScript business rule performance improvements sometimes allowed JavaScripts with missing binds to run without generating an error. In 11.1-MP2 (and also in previous versions through 10.3-MP2 when patched in February 2023 or later), JavaScript business rules are prevented from sharing binds. After upgrading or applying one of these patches, a JavaScript business rule with a missing bind fails with an error.

Bugfixes

ISSUE-558286 - Adding logging to identify issue for incorrect Kafka Header published

Log endpoint configurations to determine if the erroneous variation is due to specific users or app servers. This solution is also available as a hotfix that is applicable to step-10.2-mp3.

ISSUE-577099 - Fix for XML importer errors with rollback

Fixed a problem with healthchecks when it is used to fix problems. There is also a hotfix available for this solution that is applicable to step-11.0-mp4 and 11.0-mp5

ISSUE-587752 - Fix for unable to use JavaScript search in STEP Workbench

Fixed a problem when search in workbench failed if any business rule's plugin cannot be found (for example, because of the missing license, component, or data inconsistency). There is also a hotfix available for this solution that is applicable to step-11.0-mp4, 11.0-mp5, and 11.1-mp4

ISSUE-589770 - Fix for request to set the WebUI.SSO.AllowChangePasswordForSTEPUsers=true property for the DEV environment.

Fixed a problem occurring when the User Password component on a User Details screen in the Web UI did not appear if a property to allow users changing the password for internal users was set and OAuthSSO was enabled.

ISSUE-593631 - Fix for inconsistency in displaying color coding for inherited asset reference/attribute between Multi Context Editor Screen and Product Details Screen

Now, both inherited and context-inherited attribute values will be shown with red arrow-down marking on Multi Context Editor screen in the Web UI instead of green marking to make a behavior consistent with Node Editor screen.

ISSUE-594784 - Fix for Inbound Integration Endpoint failing frequently

Fixed scenario where BGP could be started as ReadOnly and thus not allowing to commit. This would result in 'Can only perform operation while a transaction is active' errors. This could happen in rare cases if concurrent access to Recycle Bin is going when starting BGP. This has now been fixed.

ISSUE-598787 - Fix for sharedconfig property of count to display maximum children

Fixed problem when a message about too many children in the Web UI was showing incorrectly when opening a tree navigator with entities, where the previously selected entity does not have children and does not have any references, when having a product selected. There is also a hotfix available for this solution that is applicable to step-11.1-mp3 and 11.1-mp4.

ISSUE-599021 - Fix for upgrade to 11.1 issue - Release and online help not accessible via workbench

Fixed an error when running Menu / Help in workbench with Keycloak authentication.

ISSUE-599954 - Fix for completeness metric showing different values between Web UI & workbench

Now, a total completeness score on Web UI Node Editor Completeness Metric component can be shown without rounding it up. Contact Stibo Systems Support to enable this property. There is also a hotfix available for this solution that is applicable to step-11.1-mp2, mp3, and mp4.

ISSUE-600442 - The sensor: 'WebstartHealthcheckSensor-WebstartHealthcheck' has a status critical - why?

Extra log info for debugging purposes.

ISSUE-602906 - Fix for error on selected items in the packaging screen

Introduced a possibility to avoid selecting a currently selected packaging graph node on a corresponding Node List on Packaging screen in Web UI. To enable this possibility, contact Stibo Systems Support. There is also a hotfix available for this solution that is applicable to step-11.1-mp4.

ISSUE-603280 - Fix for Excel Imports failing in pre-prod with error 'no parent edge found to revive on'

Since 11.0-mp2 there was an issue with deleting products, entities, and classifications. The issue only occurs in some situations when having to delete objects that have been re-parented and force deleting their old parent before the child. The consequence of the problem is that the deleted and re-parented child will end up with no parent links. Such orphaned objects become invisible to the user--but still blocked the creation of an object with the same ID. With this fix, such orphaned objects now appear in recycle bin and can be purged from there (or actually also revived - in which case a new dummy node with ID TemporaryParentForOrphanedObject will be created for reviving object into). There is also a hotfix available for this solution that is applicable to step-11.0-mp4 and 11.0-mp5, and 11.1-mp4.

ISSUE-603300 - Fix for LOV cannot be updated - Process hung

Fix for Cassandra-specific performance problem when deleting old entries in the change log. There is also a hotfix available for this solution that is applicable to step-10.3-mp4, 10.3-mp5, and 11.1-mp4.

ISSUE-603723 - Fix for post-STEP v11.1 upgrade - Exporting data from workbench)

Fixed NullPointerException in STEP exporter related to exporting inherited cross references. There is also a hotfix available for this solution that is applicable to step-11.1-mp3.

ISSUE-604039 - Fix for the user interface language mixing English and German, although German was chosen as the locale

Some texts in the Web UI were not properly localized. This has been fixed. There is also a hotfix available for this solution that is applicable to step-11.1, 11.1-mp1 through mp4.

ISSUE-604560 - Fix for GS1 mapping of language specific

Using variables in GDSN import mappings could cause exceptions, making the import mapper unusable. This has been fixed.

ISSUE-604614 - Fix for issue with recent Background Process Web UI component

Fixed a problem when Background Processes displayed in Web UI Recent BGP's Panel were incorrectly sorted. Now, the BGPs are sorted by start date in descending order.

ISSUE-604766 - Fix for a post upgrade issue: Error message showing in HTML script that is not in readable format

Fixed a problem when in BGP report, a message 'Exception occurred during evaluation of BC ...' was not properly rendered to show a link of failed business condition. There is also a hotfix available for this solution that is applicable to step-11.1-mp3.

ISSUE-604841 - Fix for performance issue Web UI on PROD

Fixed problem when retrieving a Global Override mappings when loading a Web UI Node Editor could cause a performance issue.

ISSUE-605285 - Fix for transaction rollback error

Fixed problem that could cause the below type of error, when making a transition on a STEP Workflow. There is also a hotfix available for this solution that is applicable to step-11.1-mp4.

{code}

2023/03/16-13:18:21 7686|stibo_support|PRT|[customer]PIMUI com.stibo.portal.engine.server.util.ExceptionConverter convertExceptionSerializeAndLocalize SEVERE: Type: Unexpected error, Message: The transaction has been rolled back. See the nested exceptions for details on the errors that occurred.

localization key=i18n.stibo.portal.client.UserMessageType.ServerException

com.stibo.portal.framework.client.exception.PortalException: Type: Unexpected error, Message: The transaction has been rolled back. See the nested exceptions for details on the errors that occurred.

at

...

Caused by: com.solarmetric.jdbc.ReportingSQLException: ORA-02291: integrity constraint (STEPSYS.NODESTATE_PREVIOUS_TRAN_FK) violated - parent key not found

{prepstmnt 1458857017 INSERT INTO NODESTATE (ASSIGNEEID, ASSIGNEETYPE, CHECKID, DEADLINE, ENTRYTIME, NODEID, NODETYPE, PKID, PREVSEQNOASSI, PREVSEQNOTRAN, PRIORITY, STATEFLOWID, STATEID, TASKSTATUSID, TASKSTATUSTYPE, WFENTRYTIME) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) [reused=0]} [code=2291, state=23000]

{code}

ISSUE-605784 - Fix for bug on 'Data Validation in Web UI' feature

Fixed a problem when attributes marked as mandatory by a Business Condition on a Web UI Node Editor were making the buttons with Enforce Validity option disabled to become unavailable.

ISSUE-606498 - Fix for PDX: Sufficiency card breadcrumb errors

Fixed problem occurring when having a slash character ' / ' in product name caused a Sufficiency Card breadcrumb navigation to fail.

ISSUE-606717 - Fix for post upgrade issue - Web UI discrepancies

Fixed a problem occurring when the Run Business Action toolbar action, without selection on a Web UI Node List, was not respecting a current tree navigator selection when checking a business action object type validity. There is also a hotfix available for this solution that is applicable to step-11.1-mp4.

ISSUE-606903 - Fix for alphabetical-index section references change

Fixed problem with workbench Export Wizard removing objects when going back (clicking back button). There is also a hotfix available for this solution that is applicable to step-11.0-mp4 and 11.0-mp5.

ISSUE-607389 - Fix for calculated inherited attribute not coming in API

Fixed restapiv2 to include calculated values when the includeInheritedData option is selected for Get Product endpoint.

ISSUE-607416 - Fix for emergency Web UI setback in 11.1-mp2

Fixed a setback when Packaging / Multi Language and some other screens were not displayed under the Web UI Sub Screen Tab Page with Lazy Loading enabled if the screen has been accessed from Task List by clicking on one of the items in list. Instead, an Object Not Found placeholder message was shown.

ISSUE-607736 - Fix for TecDoc Reference Data 0423 throws 'empty string value' error

Added additional logging to diagnose root cause of errors shown whilst importing automotive reference data.

ISSUE-608168 - Fix for Object Type change from SKU to Deleted SKU is causing ObjectTypeConstraintAttributeException

Ensure old values from a lock-free schema change do not prevent changes of an attribute validity type. There is also a hotfix available for this solution that is applicable to step-11.1-mp4.

ISSUE-608267 - Fix for SaaS - need to raise the display / filter limit of references

Introduced a possibility to bypass a hardcoded 10K items limit when displaying items on Display Children Screen in the Web UI. To set this property, contact a Stibo Systems Support.

ISSUE-608566 - Fix for impossible to catch exception when using downloadAssetContent

Fixed problem when it was not possible to catch, and did not rethrow. a checked IOException from AssetDownloadHome.downloadAsset method in JavaScript business rules.

ISSUE-608953 - Fix for upgrade issue 11.1 MP2 to 11.1 MP4: Bind for object type not working

Fixed problem when Web UI Run Business Action incorrectly resolved Object Type Java Script Bind. There is also a hotfix available for this solution that is applicable to step-11.1-mp4.

ISSUE-609311 - Fix for classloader on Admin Portal PQL scripting

Fixed classloader on Admin Portal PQL scripting engine. Now, In-Memory healthchecks will work.

ISSUE-609555 - Fix for errors with calculated attributes

When using the function getInheritedPublicationValue in a calculated attribute, the calculated value shown in the workbench would sometimes be wrong. This has been fixed.

ISSUE-609837 - Fix for attribute profiling throwing a 'CaughtNullPointerException' error

Fixed NullPointerException in Data Profile BGP when profiling attributes, possibly used in Web UI configurations, and one of the Web UI configurations had an empty XML. There is also a hotfix available for this solution that is applicable to step-11.1-mp4.

ISSUE-611148 - Fix for cross context does not work with generic JSON

Fixed problem when diagnostics flipper on status tab on the workbench Integration Endpoint Editor was thrown an exception on systems with In-Memory enabled.

ISSUE-611402 - Fix for a post upgrade issue: empty recycle bin is not working

On out-memory systems, an In-Memory limit of only 100 objects plus their children were imposed on the actual purge-process, regardless of the size of the task. This has been fixed and a limit is no longer applied.

ISSUE-612707 - Fix for cross-site scripting

Addressed an XSS vulnerability when saving item's name in Web UI and when searching for it on a Search tab of Insert Inline Reference dialog.

ISSUE-612730 - Fix for matching Event Processor log showing error: java.lang.NullPointerException

Fixed NullPointerException in parallel framework that was related to non-initialized constraints. A problem was observed during matching parallel execution.

ISSUE-613357 - Fix for error message when uploading asset in Web UI

Fixed problem when asset importer was throwing an exception related to incorrect mime type caused by an attempt to import a noname.tmp file created by browser when uploading the image through the asset importer. There is also a hotfix available for this solution that is applicable to step-11.0-mp2, 11.0-mp3, 11.0-mp4, and 11.0-mp5.

ISSUE-613431 - Fix for SaaS - Unable to activate inbound because of multiple pollers

System deletes excessive polling Background Processes instead of throwing an error. There is also a hotfix available for this solution that is applicable to step-11.1-mp4.

ISSUE-613653 - Fix for error on OIEP: OutboundExporter

Fixed NullPointerException in domain export related to the missing base object for the exported edge model. There is also a hotfix available for this solution that is applicable to step-11.1-mp4.

ISSUE-613669 - Fix for Upload and insert Asset Reference option is not working in Web UI

Fixed problem when Upload And Insert Asset Reference Design Mode parameter for Referenced Asset Representation did not affect the "Upload and Insert Reference" option on the asset item's action popup on Web UI Node Editor. Instead, the Replace asset content design mode parameter was needed to make this action available. There is also a hotfix available for this solution that is applicable to step-11.1-mp4.

ISSUE-614636 - Fix for the empty recycle bin not working in DEV

On out-memory systems, an In-Memory limit of only 100 objects plus their children were imposed on the actual purge-process, regardless of the size of the task. This has been fixed and a limit is no longer applied.

ISSUE-614733 - Fix for enabling multiedit of tagged texts

Fixed the issue in Web UI that whenever a tagged text gets altered in the Multi Editor, all tags in the altered field get escaped with and it prevented reviewing correct formatting in RichTextEditor.

ISSUE-616816 - Fix for a post upgrade issue: error message showing in HTML script that is not in readable format

Fixed a problem when BGP report row containing INSERT TAGS, did not show an HTML markup correctly on BGP details screen in the Web UI. There is also a hotfix available for this solution that is applicable to step-11.1-mp4.

ISSUE-616821 - Fix for a post upgrade issue: Web UI navigation to pages does not work as expected when Children of Type page is used as sub screen under Node Details page

Fixed a problem when a sub screen tab page with lazy loading enabled did not load a Children Of Types screen properly when details overlay has been configured on a parent screen.

ISSUE-616826 - Fix for a post upgrade issue: Run Business Action toolbar action without selection on Web UI node list was not respecting a current Tree navigator selection when checking a business action object type validity

Fixed a problem when Run Business Action toolbar action valid for tree node selection object types were claiming an invalid object type when being executed without a selection on a Node List.

ISSUE-617223 - Fix for Faceted Search - Error

Fixed NullPointerException in Elasticsearch GraphQL, which happened when one of the sharable user groups in STEP did not have a name but only an ID.

ISSUE-617809 - Fix for Error in the Web UI while navigation to a different hierarchy

Fixed an exception in the Web UI when navigating between different hierarchies in Global Navigation Tree tab with selected product.

ISSUE-618196 - Fix for upgrading an environment to version 11.1

Patching a STEP system with the matching components and with matching data in the system, specifically golden record duplicates, to release 11.0 or later could halt the upgrade process. Patching can still take a long time after this bugfix is applied, but it will proceed. Refer to the online release notes for upgrading to STEP 11.0 (or later).

ISSUE-618462 - Fix for Asset Publisher pushing asset as ZIP File to AWS

Fixed a problem when MS Office files, transferred by Asset Publisher, were delivered as .zip files instead of keeping their correct extensions.

ISSUE-619084 - Fix for 'Internal Server Error' in Node Picker while using attribute search plugin

Fixed a NullPointerException when performing a typehead search on Search Table Tab page of a Node Picker component in the Web UI without any headers configured in design mode.

ISSUE-619381 - Fix for values removed when using the Rich Text Editor

The Multi Editor would save wrong values when handling STEP tags. This is fixed

ISSUE-619823 - Fix for post-upgrade issue 2: Run Business Action toolbar action without selection on the Web UI Node List was not respecting a current tree navigator selection when checking a business action object type validity

Introduced a possibility to check a BR validity against a current Web UI Tree Selection instead of Node List selection when executing a Run Business Action on a Node list. Contact Stibo Systems Support in order to enable it.

ISSUE-620545 - Fix for changing attributes from externally maintained to 'No' causes the system to crash

Fixed out-of-memory problem for large lock-free schema change operations.

ISSUE-620603 - Fix for IIE to EP throughput issue

Fixed problem with hotfolder implementations causing a five (5) second delay between processing each file.

ISSUE-621160 - Fix for problem when promoting product between workflow states. 0bits.legacy

Fixed a problem occurring when an empty mandatory value on an 0bits.legacy attribute caused an approval of a node via BR to fail.

ISSUE-621482 - Fix for Object Type bind within Business Rule not working after upgrading to .mp4: Object type with specified ID does not exist

Introduced a possibility to clear a Node List selection when executing Run Business Action from toolbar and a configured Business Action returns Reload Selection. To toggle this possibility, contact Stibo Support.

ISSUE-622160 - Fix for exports stalling on PROD and TEST and causing massive delays in delivery

Exports on Oracle out-memory systems were unnecessary slow, investigating an excessive amount of data during export of suppressed cross-references. This has been remedied. Patching will require one index to be rebuilt. The index is believed to be empty for most customers, and very small for the rest; as such little writing and sorting will take place, but we have no estimate for the patching time, as it is data- and hardware- dependent.

Security Enhancements

ISSUE-553167 - Fix for PenTest 04-22: High - Finding 2: Local File Inclusion

Improved path traversal protection for Web UI Theme Image Service servlet. Introduced a blacklist of forbidden exceptions for the GET method of this servlet, so the files with this extensions cannot be accessed for security reasons. There is also a hotfix available for this solution that is applicable to step-11.1-mp4.

Patch

The 11.1-MP5 baseline patch can be installed with the following recipes:

spot --apply=to:step/platform/step-11.1-mp5.spr

— OR —

spot --upgrade=step:11.1*

^*Before installing the recipe provided by the SPOT --upgrade functionality, review the baseline and component versions that the system will be upgraded to before applying. Verify that the baseline and/or components are the correct versions to be applied (i.e., the versions you did testing on—and not a higher, untested version).

Refer to the SPOT Program documentation for more information, including how to use the SPOT --upgrade command to also find compatible components that can be added at the same time as the baseline patch. SPOT Program information for on-premise systems can be found in the System Administration Guide within the Downloadable Documentation. For assistance, contact Stibo Systems Technical Services.

Note: Customers may want to search the Stibo Systems Service Portal for their Maintenance Patch Issue Numbers. To do so, while in the Service Portal, navigate to Issues (in the header bar) and then select 'Search for Issues.' Click on the 'Advanced' option on the filtering bar, and then type in 'issue=' and the Issue number from the Maintenance Patch Notes. Press Enter or click the magnifying glass icon to run the query. Users will only be able to view Service Portal issues for Maintenance Patch Issue Numbers that they have privileges to access. If the issue is not applicable to the user searching, then a 'No issues were found to match your search' message will be displayed.