The focus on this release upgrades is to describe how to adapt your application to changes introduced for avoiding CSRF attacks.
CSRF attacks upgrade
In the case you have a modified login.html
in a project, you should adapt the new files login.jsp
and login-error.jsp
. JSP files replaced login.html
and
login.error.html
. Please keep _csrf
parameter unchanged. Keep in mind that each PUT or POST request must attach a CSRF token to it.
Experimental multi-tab vis designer support
The activation of the multi-tab vis designer can be controlled through a new configuration property called experimental.vis.editor.multi-tab.enabled
. The default value of this property is false
which forces vis to use the previous implementation. As this new property is part of the configuration of edoras one, it is required to be present in the one
.properties
file. Within this release, you can find a new section which looks as follows:
##################################
# Experimental vis configuration #
##################################
experimental.vis.editor.multi-tab.enabled = false
Configuration changes for experimental multi-tab vis designer support
These changes are dependent on how you use edoras one: if you use the vanilla edoras-one-hosted
WAR file then you do not need to follow these steps, but if you use edoras one
as a dependency in your project then please read the changes carefully. Maybe not all changes apply to your setup as you did not overwrite the specified edoras one
configuration files. These are the changes you need to do if you overwrite the mentioned file:
-
In the
com/edorasware/vis/config/vis-application-context.xml
:-
to the existing bean declaration with the id
modelerConfiguration
add a new property with namemultiTabMode
and value${experimental.vis.editor.multi-tab.enabled:false}
.
-
Miscellaneous
Changed evaluation semantics of the CMMN Required rule
The required
rule of CMMN plan items is now evaluated on demand. Before this change, a plan item’s required
rule was evaluated once
(at the point in time the plan item was created). In order to model according to the old behaviour, you’ll have to set a variable out of a service task
(or by some other means) at stage activation time and then refer to the value of that variable in your required
rule.
Bootstrap project
Here you will find a list of files which have changed since the last release. This helps you check the difference between your bootstrap project version and the current one:
src/main/resources/com/edorasware/bootstrap/config/security/security-basic-config.xml
: CSRF attacks protection was added