beqom v10 HF187 - Release notes
This article lists the new features that have been added to the platform, as well as the bugs that have been corrected in this release.
Deployment date: PRD: March 20th, 2025
Fix version: v10 - HF 187.28 - DB 10.0.978
| Type | Issue key | Description | |
|---|---|---|---|
| Zendesk | Jira | ||
| BQM-24857 | Web App/Admin Portal: Optimization of the Translation Mechanism The mechanism used by the application to retrieve the translations for the labels of the interface was heavily using the cache, leading to performance degradations. This mechanism, used among others in process grids, was refactored to make sure that it does not consume unnecessary resources. | ||
| BQM-24931 | Security Enhancement: Application Secrets Application secrets related to app settings and web config were available in the source control in the application. For added security, these secrets were moved to Azure Key Vault. | ||
| BQM-24935 | Security Enhancement: Swagger Update In order to improve the security of the beqom v10 application, Swagger was updated on all NEXT services to protect the application from reflected XSS attacks. | ||
| BQM-24936 | Security Enhancement: HTML Sanitization in Forms In the , malicious HTML code could be inserted in the form description and in the form field description using unicode characters via API or using an HTML link as follows. To improve the security in the components, both possibilities have been removed. | ||
| BQM-24938 | Admin Portal: Missing Access Control for User Image In the Admin Portal interface of the TCM v10 application, under > Functional Admin > Users, the Azure blob URL of the user image was visible in the developer tools of the Web browser. Since the blob was public, it meant that any unauthenticated user could access the blob. The issue was corrected; the blob URL is no longer displayed in the developer tools. | ||
| BQM-25009 | Web App/Admin Portal: Cannot Add Multiple Lines in Messages In previous versions of the TCM v10 application, it was not possible to write messages (using custom localization) on several lines; the application did not recognize either <br> or /n in the messages. This behavior was improved; the localization mechanism will now recognize both elements in display the text on multiple lines. | ||
| BQM-25033 | Web App/Admin Portal: Translation Cache Issue Following the translation mechanism optimization introduced in ticket BQM-24857 (documented in the Updates & Enhancements section of this document), an issue where the localization cache was not correctly populated was uncovered. The system took the case of the translation keys into consideration, leading to attempts to duplicate keys because of the case. The issue was corrected by making sure that all searches and insertions use lower case. | ||
| BQM-25034 | Web App: Redirection in Application URL If the application's login URL contains the "ReturnUrl" parameter with a redirection URL, the user was actually redirected to the specified URL. This behavior constituted a potential danger because the redirection URL could be set to a malicious URL. The behavior was corrected; now the user is redirected to the redirection URL only if it is a relative URL and it is included in a whitelisted list of URLs. Otherwise, the user will be redirected to the default page of the application. | ||
| BQM-25047 | Web App: Incorrect Columns in Excel Export When exporting a process grid using the standard export or the basic export, the resulting Excel file contained all the columns of the grid, regardless of the columns selected in the Column tool. The issue was introduced by performance optimization efforts on the process grids. It was corrected and the column selection is now taken into account again at export. | ||
| BQM-25060 | Web App: Process Grid Values Wiped when Saving When saving new values in a process grid containing large quantities of data, an error would occur and the newly entered values were saved. Investigation revealed that the issue occurred because, due to the long running call to save the values, the database session was recycled by the system. The problem was corrected and process grid saving now behaves as expected, even with large quantities of data. | ||
| BQM-25246 | Application Deployment Failure The application failed to deploy in test environments because, as part of the refactoring efforts to use Key Vault for secrets, a value in RN.WebUI that defaulted to a blank value while the configuration of the application expected a value. To correct this problem, the configuration was changed to allow a blank value on this parameter. | ||
| BQM-25257 | Error When Load Comp Planner from API When attempting to process Comp Planner requests from the API, an error 401 was returned. This was due to the fact that security fixes performed in the context of application security improvements had removed a couple of nodes needed for token handling. These nodes were restored and the Comp Planner is now responsive again. | ||
| BQM-25265 | Admin Portal: Profile Image Incorrectly Updated in User Details The following issue was observed in the Admin Portal interface of the TCM v10 application: if the picture of a user was changed twice from ADMIN > Functional Admin > Users > <user> > Properties, and then the user logged out before logging in again, the image displayed in the user details (the pop up window displayed when clicking the user avatar in the top right corner of the application screen) corresponded to the image selected at the first change of picture and not at the second change as it would be expected. The issue is now corrected and the user details profile picture behaves as expected. | ||
| BQM-25413 | Improve the Performance of Bulk Validation This performance improvement enhances the efficiency of bulk validation operations by optimizing NHibernate queries. Previously, excessive lazyloading led to over 600 queries being executed every time an employee record is validated in a process grid, significantly impacting efficiency. The improvement ensures eager loading of referential objects, reducing query overhead and improving execution time. | ||
| BQM-25444 | Back-End: Gateway Crash When the application threw an exception during the import of a grid, a second exception could be triggered which led to a crash of the application. A fix that improves the stability of the Gateway service was introduced to avoid a crash of the application in case of an exception when uploading an Excel file. | ||
| 110747 | Web App: Hierarchy Explorer Display Issue in Team Inbox The following issue was observed when working with the Team Inbox feature of Web App: after a few clicks in various nodes of the hierarchy tree, the width of the tree becomes fixed to a certain value with no possibility of scrolling to the right, which made it difficult to identify the names of the people or entities in the tree. The problem was corrected and the hierarchy tree can now be correctly displayed. | ||
| 113115 | Web App: Incorrect Application of Permissions to Rules The following issue was reported in the Web App interface of the TCM v10 application: users who were part of teams that only had a read-only access to certain rules could still edit the criteria and the calculation method of the rule. The issue was corrected; permissions are now properly applied. | ||
| 116831 | Web App: Hierarchy Node Order Modified at Page Refresh The following issue was observed in the Web App interface of the TCM v10 application: the order of the nodes in the was changing when the process grid page was refreshed. The problem occurred because, contrary to child nodes in the process hierarchy, no sorting was applied to the root nodes. A default alphabetical sorting order has now been applied to the root nodes and refreshing the page no longer shuffles the nodes. | ||
| 117536 | Web App: Cannot Download Documents to Data Grid When attempting to download a document attached to a data grid for which the document attachment feature was activated, the application would display an error and the operation would fail. The error came from a token issue that prevented users from opening several documents successively for different rows in a data grid. The issue was corrected and the proper token value is now use for the download mechanism. | ||
| 118410 | Admin Portal: Error When Adding a Sub-Folder in Populations When attempting to add a sub-folder to a folder existing in Populations under the of the Admin Portal interface, the application would display an error and the operation was halted. This issue, related to the migration of the application framework to .NET8, prevented the application from resolving the security checks performed for users when creating a folder in populations. The issue was corrected; sub-folders can now be created as expected. | ||
| 118623 | Web App: Statement Generation Failure Statement generation jobs would fail with with an "Object reference not set to an instance of an object." error. The problem was related to the migration of the application framework to .NET8 framework. A key, related to the statement generation timeout was not properly migrated, which prevented the Scheduler from executing statement generation jobs. Timeout key was added and statement generation jobs can now be properly executed. | ||
| 118931 | Web App: Incorrect Values in Drop-Down Lists in Process Grids The following issue was reported in Web App: when working in a process grid, specifically when using drop-down lists whose values were dependent on the culture selected by the end-user, the behavior of the list was incorrect and all possible values for all cultures were displayed instead of only the values for the selected culture. The issue occurred because of a missing culture filter on indicator fields, which was added to the database query used to retrieve the values in the drop-down lists. | ||
| 121474 | Web App: Process Grid Timing Out When exporting large process grids, the process would time out of the operation took more than 230 seconds. This was due to the fact that the export methods were behaving asynchronously. To correct this, the function calls have been wrapped into tasks for all void methods (with no return value) to prevent the load balancer from going into timeout. | ||
| 121879 | Outlook Message File Type Support in Attached Documents Following a security update to the application that restricted the file types allowed for file upload into the application, the list of allowed formats has been expanded to include Outlook messages in .msg format. | ||
| 123581 | Back-End: Rule API inoperative After the deployment of a hotfix package, the Rule API was no longer operative and was throwing an error. Investigation of the issue revealed that the error occurred because the back-end calls of the API were not fully asynchronous by default. To correct this, asynchronous calls were introduced to all Rules and Simulations execution endpoints. | ||
| 123677 | Web App: Cannot Export Process Grid The standard export of process grids stopped working in the Web App interface of the beqom v10 application. This was linked to the correction of the issue detected in ticket #121474 whereby the context of the request was lost and therefore the application was unable to process standard export requests. The issue has been corrected and standard export can now be used as expected again. | ||
| 124239 | Admin Portal: Support .xslx in Report Subscriptions In order to offer more possibilities when generating Excel reports using report subscriptions, the functionality of the report subscription has been extended. It is now possible to generate reports in .xslx format, making it possible to generate larger reports. When creating the subscription, two formats are now available, Excel 2003 for .xls and Excel 2007 for .xlsx. | ||
| #118408/#118907/#119495/BQM-25151 Web App: UI Operations Failing with Timeout Error The following issue was observed in the Web App interface of the beqom application: when an operation was running for an extended period of time in a process grid (more than 4 minutes), a timeout would occur with an error 500. With the migration of the application framework to .NET8, the application now uses HTTP connections are used. These connections get terminated if no data is sent either way in the channel which causes long operations, such as process grid change validation, to fail. To work around this issue, the front-end of the application now retrieves the result of the process grid operations from the KernelService using the callId and the back-end triggers the application of the changes asynchronously (to avoid any waiting period). This is an attention message. Please note that SSRS reports that take more than 3:50 minutes to load are no longer supported. | |||
| #119968/#120878 Web App: Report Detailed not Saved into k_stats The following issue was reported: the application stopped logging report details into the k_stats table at a date in October 2024. Analysis of the problem traced back the .NET 8 migration, during which a critical piece of code for action logging was modified. The issue was corrected and the Analysis, Rules and SSO service actions are now logged properly again in the k_stats tables. | |||
| BQM-24939/BQM-25137 Web App: Concatenation Issue in Machine Learning A potential SQL injection vulnerability was detected in the Machine Learning feature of the application, where SQL were built using string concatenation, specifically payeeCodes were concatenated without sanitizing the strings. To correct the issue, the payeeCodes are now passed to the query as DbParameters, which sanitizes them and reduces any vulnerability. | |||
| BQM-25056/BQM-25085 Web App: File Service Vulnerability In Web App, an authenticated user had the possibility to download any file for any employee in a process grid provided that this user know the unique ID of the file, even of they were not granted access to the specific process or to the employees for whom the files were relevant. To correct the issue, before download the application now checks that the authenticated user has access to the process and/or to the employees. | |||