In this release we have introduced several key concepts and features to ensure that you and your teams can work together in a more secure way. The security improvements includes securing the REST endpoints and allowing to use an independent datasource for the database schema manipulations. The CMMN model was also extended to support disabling manual repetitions on the model level and we now support attribute value replacement on the CMMN models.
the edorasware team
The support includes a new section in the documentation about the custom database schema and data upgrades. The database schema manager is now able to use a separate data source to manipulate the database schema. Multiple data sources are used by clients which have different database users for data manipulation and database schema manipulation. Read more about these changes in the developer guide.
The REST endpoints now take into account the security roles of the current user. According to the security roles the actions on each dashboard are allowed or restricted. This release also contains security fixes for several XSS (Cross-site scripting) issues, which allowed malicious users save scripts in the content of fields and save them. These then could be loaded and executed afterwards in the view of other users.
We now support attribute value replacements in CMMN models similar to how this feature is already supported in form and process models when [[attribute-id]] place holders are used in the attribute values.
In a attribute’s value, you can reference another attribute by giving the attribute-id of the other attribute, for example in the "Description" attribute’s value (of a Human task), you can have "This task has priority=[[priority]]" where "priority" is the id of the "Priority" attribute.
In this case, in the generated CMMN XML the description value will be exported as "This task has priority=1" if the priority attribute’s value is 1. In case the priority is left blank, then, it will be exported as "This task has priority=".
Manual repetition can now be disabled on model level by setting custom property
manualRepetition = standardCmmn
on the case plan model. In addition to that, plan items having an on-part (referring via a sentry to another plan item) will not support manual repetition as the triggering of new instances will be controlled by the on-part.
Please have a detailed look at the upgrade notes for this version such that you are able to easily upgrade to the newer version.