General Enhancements and Changes

Summary

The following enhancements and changes have been made as part of the 2024.4 update:

  • Security is enhanced with a stricter password policy on preproduction and production environments for 'stepsys' and 'DBA' accounts. For details, refer to the Changing a User Password topic in the System Setup documentation.

  • Testing business rules via REST now includes access to the Logger bind and meaningful error messages, which improves test and automation support for STEP systems and configurations in DTAP environments. Refer to the REST API V2 section of the Technical Documentation accessible at [system]/sdk or from the Resources section of the system's Start Page.

  • Data on references is now available in the In-Memory usage report and reporting is aligned between Cassandra and Oracle databases. This provides reliable outcomes when investigating heap memory issues related to references. A new summary tab is also provided in the report.

  • A new memory host pod called DuoPod has been introduced for use in smaller environments.

  • STEP now responds faster to stop commands when OneQueue is enabled. In addition, OneQueue scheduler can now process many small background processes with a performance comparable to MultipleQueue scheduler.

The following enhancements and changes have been made for SaaS environments and are documented in the SaaS Self Service 'User guide':

  • Access control can now be managed through import and export, which simplifies maintenance and enables transferring this configuration between environments. Also, users can automatically add their current IP address, while still having the option to manually enter other individual IP addresses / ranges as needed.

  • The STEP application shutdown process has been refined to ensure efficient, timely completion, with added diagnostic tools to facilitate monitoring and troubleshooting.

  • Optimizations have been made to improve performance of image caching for SaaS environments.

These enhancements and changes have been made as part of the 2024.4 update and are described in the Details section that follows:

  • Two new JavaScript methods allow purging product, entity, asset, and classification objects from STEP and for calling business functions by ID. These methods enable efficient removal of unused objects and simplify testing business actions with a dynamic lookup and execution of business functions.

  • JavaScript business rules logging is now limited in the standard STEP log file and is instead written in the new JS log files. This reduces the size of the STEP log and improves troubleshooting by separating log entries based on the source.

  • Security is improved with support for OAuth 2.0 (Open Authorization) authentication for connections to an email relay server.

  • A new Translation Screen for the Web UI allows for more granular review and management of in-progress translation jobs within the Web UI by displaying language-dependent attributes across languages and workspaces.

Details

New JavaScript methods

JavaScript functionality now includes two new methods, 'forceDelete()' and 'getBusinessFunctionByID()'.

  • forceDelete() efficiently bypasses the recycle bin when purging a node without dependencies (child nodes, references or links from other objects). If a node is included in a workflow or an event, purging it using this method also removes these instances. This method allows a JavaScript business action to fully remove product, entity, asset, and classification objects from STEP. Note that no delete event is captured with this method. For example, assets not referenced by any other object but included in an 'approval' workflow can be purged using this method. However, if a product has dependencies such as child objects or is referenced by another object, the purge will fail with a dependency exception that can be logged via the JavaScript Logger bind.

  • getBusinessFunctionByID() allows dynamically calling and evaluating business functions found by ID via BusinessRuleHome and is consistent with existing behavior for calling business conditions and actions. This simplifies testing business actions and is more flexible since it eliminates the need for a bind for each business function. The static 'Business Function' bind is unchanged and remains a valid option for calling business functions.

For more information, refer to the Scripting API section of the Technical Documentation accessible at [system]/sdk or from the Resources section of the system's Start Page.

New JavaScript business rule logging

JavaScript business rules log entries are now written in new JS log files, and follow the same structure as the STEP log files. These files include the same review options: main, previous, tail, view, and download. The current log file is named js.0.log, with older log files stored in the new js-logs folder and indicated by incrementing numbers (for example, js.1.log).

Log entry severity levels can be configured on the Logger bind. By default, the log level is SEVERE for production and preproduction environments, and INFO for all other environments. Although not set by default, the JavaScript.Logging.LogLevel property can be used to change the log level or turn the logging off.

JavaScript exceptions are indicated with a SEVERE setting and are recorded to both the JS log and the STEP log to ensure critical exceptions are visible from a single log source.

Additionally, the 'Test & Time Business Rule' dialog now always displays all INFO log messages when testing business rules. JavaScript log entries can be generated from multiple sources, including libraries, the default logger, the Logger bind, and triggered business actions.

For more information, refer to the Logs topic in the Administration Portal documentation, the Logging and Exception Handling topic in the Business Rules documentation, and the Logger Bind topic in the Resource Materials online help documentation.

OAuth available for email relay server

OAuth 2.0 (Open Authorization) authentication is now available for connections to an email relay server or service. OAuth 2.0 provides enhanced security compared to Basic authentication, which Microsoft plans to deprecate within their Exchange Online email service in September 2025. New configuration properties enable the use of a client ID combined with a client secret or a certificate for authentication, both of which ensure access while preserving password confidentiality. The OAuth 2.0 authentication solution has been verified with the Microsoft 365 Exchange Online email service.

Customers using their own email relay server for sending emails from STEP can continue to use Basic authentication, but now also have the ability to use this new and stronger authentication method.

For more information, refer to the Email from STEP topic in the Resource Materials online help documentation.

New Translation Screen for Web UI

In a significant update to the Web UI's translation capabilities, the new Translation Screen has been made available to allow business users to view language-dependent attribute values in all configured target languages and compare them to those in the approved source language. This powerful addition to the Web UI's translation offerings enables users to more easily monitor and manage data translation without leaving the Web UI.

For example, the new Translation Screen allows users to:

  • view translation status for any object in translation for all relevant languages, including information related to translation relations (source and target)

  • review translated object data for all language-dependent attributes and attribute groups for all relevant target languages and compare it with the approved version of the source language

  • approve translations within the Web UI

Previously, the Web UI offered limited translation review and approval process, forcing users to rely on the workbench to proofread and approve translations. These capabilities did not allow users to compare approved and unapproved values in a single view, which is central to managing translated object data.

To learn more about this update, click the business and configuration videos below. If the videos do not play as expected, they can also be found in the Customer / Partner Communities, and may also be accessible within the Stibo Systems Service Portal.

For more information, review the Translation Screen topic in the Web User Interfaces documentation.