3.12.0 Platform Release

v3.12.0 release date is January 31, 2019.

New Features:

Master API key gets better protection in our UI.

Instead of displaying the API key as it is, we replaced it with asterisk symbols. It is displayed as some ****** sings with a Copy button that appears on hover. The API key is hidden on the User Profile page and Implement Flow tab. The last 4 digits are visible. Just click the necessary text field to be able to copy the API key, Usage example curl, and Flow values into a clipboard.

Set a secure attribute on cookies.

In case a session is secured utilizing TLS, the web application has to set the “secure” attribute into the sessions cookies. Purpose: The “secure” attribute prevents the browser from sending cookies without encryption. For example, it may happen if some part of a web application contents is not encrypted. However, it can also occur throughout an active attack in which an attacker injects or presents unencrypted links or references. We set 3 types of cookies that have to be secure now:

  • connect.sid - session cookie;
  • elastic_remember - “remember me” cookie;
  • last-contract - saves a recently used contract.

Password requirements for a new user.

In case a password is used as an authentication attribute, it should contain not less than 8 characters and should also include the following elements: upper and lower case letters, numbers, and special characters. Registered users can still log in without any problems, even if their passwords do not meet the requirements above. Allowed symbols:

  • latin alphabet (upper and lower case);
  • digits 0-9;
  • special symbols ~!@#$%^&*()_+-,.<>?/`|;:'[]=

As the Contract Admin, I want to invite users to contract and workspace in one click right on the Contract Page.

Now, the Contract Admin is allowed to invite other users to a workspace and a contract simultaneously on the Contract Page.

Invite to a Contract and a Workspace in one click.

Now, the Contract Admin is allowed inviting any other user to a workspace and a contract simultaneously right on the Workspace Page.

Extend driver events to have a purpose message from a Pod’s container status.

Common issues related to running steps inside a flow are reflected in the runlog. For example, the Out of Memory issue will be addressed as “Component run out of memory and terminated.” This approach can help with improving an overall debugging procedure.

Check roles usage in the /v2/tenant/:id/roles.

An additional verifications were added for changing roles procedure in the Tenant:

  • It is restricted to remove a role from the “Tenant-policy” if any user/contract utilizes it.
  • In case the role has to be removed from the “Tenant-policy”, but one of the contract.availableRoles is still using it, the 409 error code will be returned.

Removing pending invites for contract.availableRoles and tenantPolicy.roles.

All the pending invites made with an already removed role from the Contract or Tenant will be deleted.

Bug Fixes:

  • JSONata expression evaluation blocks the UI.

  • The Transformation component was freezing while processing a significant amount of data.

  • All the Components with optional Developer Mode tab received a new Evaluate button.

  • The Transformation component has also received the Evaluate button.

  • Retrieving a Mapping Result.

    To be able to retrieve a Mapping Result for Transformation component navigate to the Configure Input section paste the necessary expression into the text field and click Evaluate. While mapping is running in the background, the animated wheel icon appears. It indicates that everything is working fine and the page did not get stuck.

  • The POST v2/users endpoint is no longer accepting the relationships.contracts in the body request.

    This endpoint was changed: the section relation was removed. Now, the user is being created out of the contract’s scope. The following means that he is not allowed to log into our platform. Therefore, this user has to be added to one of the contracts utilizing Add a new member to the Contract’s scope

  • The Out of Memory record was not represented in the stderr file.

  • Component search in the “Designer” is broken.

  • I cannot utilize components on Frontend within the existed Revision, even if components are in the different contracts/teams.

  • It is impossible to remove the user in case if he is a member of more than one contract.

  • Permission assignment for OWNER role is static.

    The Contract Owner role is not required for the Contract. Now in case a contract is being created without an explicit Contract Owner role in the available_roles this role will not be added automatically.

  • User cannot delete his account in case a Contract does not have a user with the contract-owner role.

    Now the user with the Contract Owner role cannot perform a permanent deletion his/her account in case there is no other Contract Owner left in a particular Contract. For the other contract roles delete users account function available without any checks.