Some libraries have been removed from the project classpath and are no longer available to the Axon.ivy project.
lucene-core-4.5.1.jar
, lucene-analyzers-common-4.5.1.jar
, lucene-queryparser-4.5.1.jar
jgroups-3.3.4.Final.jar
jetty-continuation-7.4.5.v20110725.jar
, jetty-http-7.4.5.v20110725.jar
, jetty-io-7.4.5.v20110725.jar
, jetty-server-7.4.5.v20110725.jar
, jetty-util-7.4.5.v20110725.jar
freemarker-2.3.23.jar
spring-security-crypto-4.2.3.RELEASE.jar
ecs-1.4.2.jar
, hsqldb-1.8.0.10.jar
, jt400-7.3.0.3.jar
, jtds-1.3.1.jar
, mysql-connector-java-5.1.42.jar
, ojdbc8-12.2.0.1.jar
, postgresql-42.1.3.jar
, mssql-jdbc-6.2.1.jre8.jar
CSRF-protection is now enabled by default on all REST services provided by Axon.ivy (including services provided by the mobile workflow API and services provided by custom Axon.ivy projects).
PUT
, POST
or DELETE
the caller needs to provide a HTTP Header called X-Requested-By
with any value e.g. ivy. This is the Jersey provided protection of REST services against cross-site request forgery (CSRF). If the CSRF header is not provided on a modifying REST request the request will fail with an HTTP Status 400
(Bad Request). Custom REST services via GET
, HEAD
or OPTIONS
should therefore be implemented in a way that they don't modify data.
The CSRF protection for REST services can be server-wide disabled by setting the configuration property REST.Servlet.CSRF.Protection
to false. However, that is not recommended.
The engine is now able to execute projects in packed zip or iar files. If you deploy a new project to the engine, the new Process Model Versions will now contain a packed file instead of an expanded project directory by default.
Read-only projects
The packed projects are read-only projects. If you try to change the contents of such a project at runtime it will fail with a java.nio.file.ReadOnlyFileSystemException
.
Get write access
If write access is necessary, for instance because the ivy.cms
write API is used, the related project must be made writable. This can be done by deploying the project as an expanded project:
project-build-plugin
, the configuration parameter deployTargetFileFormat must be set to EXPANDED
.deploy
directory, it can be enforced by providing an options.yaml
file with the following contenttarget
fileFormat : EXPANDED
EXPANDED
File Format Option in the deployment dialog.All document generating functions from IvyAddOns are now available in the DocFactory project. This project can be imported over the Ivy Projects Importer. All other IvyAddOns functions are not supported anymore.
The fields in the authentication section on the web service inscription mask are automatically converted to properties. You were able to use macros in these fields, which will be converted to valid ivy script. There is one special case which won't be supported anymore: Macro expansion within macro expansion. For example: The macro <%= ivy.co("/pathInCms") %>
reads the content from the specified cms path. If there is also macro in the specified cms path, this macro will not be expanded anymore.
The support to import a Xpert.ivy 3.9 project into Axon.ivy Designer has been removed. If you need to convert a Xpert.ivy 3.9 project use Axon.ivy Designer 7.0 or earlier.
To prevent from the Session Fixation attack Axon.ivy renews / changes the session ID after login. If you have any trouble with it (e.g. in combination with Mobile App) you can disable this by changing the configuration property Session.RenewIdOnLogin
to false
. If you migrate from 7.0.4 the feature is per default disabled and stays disabled after migration. We highly recommend enabling this feature by changing the configuration property Session.RenewIdOnLogin
to true
.