Some libraries have been removed from the project classpath and are no longer available to the Axon.ivy project.
CSRF-protection is now enabled by default on all REST services provided by Axon.ivy (including services provided by the mobile workflow API and services provided by custom Axon.ivy projects).
DELETEthe caller needs to provide a HTTP Header called
X-Requested-Bywith any value e.g. ivy. This is the Jersey provided protection of REST services against cross-site request forgery (CSRF). If the CSRF header is not provided on a modifying REST request the request will fail with an HTTP Status
400(Bad Request). Custom REST services via
OPTIONSshould therefore be implemented in a way that they don't modify data.
The CSRF protection for REST services can be server-wide disabled by setting the configuration property
REST.Servlet.CSRF.Protection to false. However, that is not recommended.
The engine is now able to execute projects in packed zip or iar files. If you deploy a new project to the engine, the new Process Model Versions will now contain a packed file instead of an expanded project directory by default.
The packed projects are read-only projects. If you try to change the contents of such a project at runtime it will fail with a
Get write access
If write access is necessary, for instance because the
ivy.cms write API is used, the related project must be made writable. This can be done by deploying the project as an expanded project:
project-build-plugin, the configuration parameter deployTargetFileFormat must be set to
deploydirectory, it can be enforced by providing an
options.yamlfile with the following content
target fileFormat : EXPANDED
EXPANDEDFile Format Option in the deployment dialog.
All document generating functions from IvyAddOns are now available in the DocFactory project. This project can be imported over the Ivy Projects Importer. All other IvyAddOns functions are not supported anymore.
The fields in the authentication section on the web service inscription mask are automatically converted to properties. You were able to use macros in these fields, which will be converted to valid ivy script. There is one special case which won't be supported anymore: Macro expansion within macro expansion. For example: The macro
<%= ivy.co("/pathInCms") %> reads the content from the specified cms path. If there is also macro in the specified cms path, this macro will not be expanded anymore.
The support to import a Xpert.ivy 3.9 project into Axon.ivy Designer has been removed. If you need to convert a Xpert.ivy 3.9 project use Axon.ivy Designer 7.0 or earlier.
To prevent from the Session Fixation attack Axon.ivy renews / changes the session ID after login. If you have any trouble with it (e.g. in combination with Mobile App) you can disable this by changing the configuration property
false. If you migrate from 7.0.4 the feature is per default disabled and stays disabled after migration. We highly recommend enabling this feature by changing the configuration property