Changelog

CHANGES:

CHANGED:

• Runtime: param watcher forces cache sync at fixed intervals (configurable with HyperonEngineFactory#setWatcherForceSyncSeconds)

‍
FIXED:

• Prevent to import second domain root
• Master parameter is not cached if it is not used by the application
• Runtime - improved groovy function performance when groovySecured is set to true
• Batch tester - faster evaluation of all test cases

‍
‍

‍

CHANGES:
‍
ADDED:

• Add the possibility to invoke multiple contexts in Hyperon Runtime Rest
  

FIXED:

• Fix sql injection vulnerability in snapshot export if contains domain with attached region

CHANGES:

ADDED:

• ‍‍Add region and version description to snapshot metadata
• Enabling the configuration of superpack export using the application property "hyperon.studio.superpack.export.alias.with.master" [true/false]
  ‍

FIXED:

• Fix superpack export error if superpack should contain parameters assigned to an inactive version

CHANGES:
‍
FIXED

• Adjusting the limit in value type for dictionaries
• Added missing lib for profiler and sonar pages
• Referenced element existence validation checks all region versions during domain import in snapshot

CHANGES:

FIXED :

• Proper effective version handling when empty profile code exists after removing profiles
• Fix rendering error for blank value in local attributes

CHANGES:
ADDED:‍

• Possibility to disable (by default enabled) execution restriction of Groovy Compiler. Added properties: “hyperon.studio.groovy.secured” and “hyperon.runtime.groovy.secured” - possible values: true/false.

FIXED:

• Error during saving test case with the same name as test case existing in any test case package

‍

CHANGES:

‍

FIXED:

Hyperon-Studio

• Parameter view loading optimization.

‍

ADDED:

Hyperon-Studio:  

• Studio mailer enforces TLSv.1.2 support

Changes:

‍

FIXED:  

Hyperon-Studio

• Domain cache watcher failed when profiles for update contained null

‍

ADDED :

Hyperon-Studio:  

‍

• Remote execution restriction for Groovy Compiler. Unable to evaluate filesystem internal methods

‍

‍

CHANGES:

‍

ADDED:

• Changed precision from 6 to 8 decimal places in the test for numeric values when no tolerance is configured. When a tolerance is added no cut-off is performed for decimals.

​

FIXED:

• Error during adding levels to existing parameter.
• Added needed @ and $ characters as table and column prefix at query string in hyperon dialect to properly resolve schema of hyp_function table
• Proper warning message is displayed when remove action is performed on domain collection type definition

‍

CHANGES:

‍

FIXED:

• Fix saving attribute in existing domain.
  ‍

Changes:

‍

FIXED:

• Fix failure to delete domain attribute during snapshot import.

BUMP:

• Spring Framework version to 5.3.23
• Spring Security version to 5.7.3
• Vaadin version to 8.14.3

CHANGES:

‍

Added

• Added dictionary values, a special kind of parameter, which may be used as a matrix value.
• Added third semicolon-separated description value to import in the domain configuration.
• Fixed reassigning region functionality after restoring param/function from deleted profile to current profile.
• Added properties for hyperon-runtime-spring-boot-starter to configure external sources.
• Added logic to always export master parameter along with alias.
• Added group id to domain elements in session when region attached/detached.
• Enabled ForwardedHeaderFilter for Azure Active Directory flow to process Forwarded headers when Studio is behind reverse proxy. Important note from Spring Documentation -> "There are security considerations for forwarded headers since an application cannot know if the headers were added by a proxy, as intended, or by a malicious client. This is why a proxy at the boundary of trust should be configured to remove untrusted Forwarded headers that come from the outside".
• Added possibility to use MySql database with Hyperon. https://www.hyperon.io/tutorial/installing-hyperon-studio
• Added snapshot file name column in snapshot import history view.

‍

REMOVED:

• Domain snapshot won’t export session elements.

FIXED:

• Workaround for empty file validation - By default import button redirects to FileUploadHandler. So with empty file import in domain configuration from TextArea was blocked by FileMetadataValidator in FileUploadHandler.
• Blocked usage of main datasource as external source in parameters. Hyperon Runtime will block executing queries against main datasource from parameters defined as external source. External source parameter cannot be defined on environment with missing external source definition from application properties file.
• Fixed error of "hyperon.call()" invoke in python function.
• Fixed display of the notification's close button;
• Fixed display input parameter IN grid, when dictionary checkbox is turned off.
• New separated properties: hyperon.studio.security.type and hyperon.runtime-rest.security.type for security for studio and runtime.
• Proper references view in the domain tree when a referenced element is versioned. When a referenced element is not available in the current region version then references are also hidden and not exported in snapshot.
• When referenced element in snapshot import does not exists a lost reference element is logged at import results as the warning message.
• The snapshot export generates the domain configuration including all versions, so far only the active version was exported.
• Avoided nested region versions in the directory tree in snapshot export zip file.
• Fixed between matcher split algorithm (especially for DateTime), Removed comma separator "," from default separators.
• Fixed the mechanism for importing regions and versions - previously, a region version was created with an empty number.
• Domain cache cleared after every session publication with any domain element.
• Fixed comparison of object array in tester module.
• User with SYSTEM_CONFIG_ACCESS right is allowed to revert param/function changes from other user session.
• Fix error of editing parameter in version.

‍

BUMP:

• Hibernate version to 5.6.7.FINAL.
• Groovy to version 3.0.11;
• JUnit to version 5.8.2;
• GMaven to version 1.13.1;
• Surefire and failsafe to version 3.0.0-M7;
• H2 to version 2.1.212 and Liquibase to version 4.12.0. "NON_KEYWORDS=VALUE" jdbc url parameter is required for H2 database. Database migration through Hyperon Snapshot/Superpack is required as there is no support for migration from 1.4 version of H2 to 2.1

‍

Changes:

Fixed:

• Fix rendering error for blank value in local attributes
  ‍

ADDED:

• Studio mailer enforces TLSv.1.2 support  

FIXED:

• Parameter view loading optimization.

‍

CHANGES :

‍

ADDED:

• Changed precision from 6 to 8 decimal places in the test for numeric values when no tolerance is configured. When a tolerance is added no cut-off is performed for decimals.

​

FIXED:

• Cascade Call with empty result don't an throw INVALID_ROW_INDEX during function call

• Error during adding levels to existing parameter.

• Added needed @ and $ characters as table and column prefix at query string in hyperon dialect to properly resolve schema of hyp_function table

‍

CHANGES:

     FIXED:

• Fix error of editing parameter in version.
• Fix failure to delete domain attribute during snapshot import.
• Fixed the mechanism for importing regions and versions - previously, a region version was created with an empty number

Fixed:

• comparison of objects in array in a tester module now works properly

Added:

• Added possibility to specify hyperon runtime rest URL through property "hyperon.runtime-rest.url".
• "hyperon.studio.url" and "hyperon.runtime-rest.url" are now used to define Swagger OpenAPI server

Fixed:

• Unique identifier error while editing blob output level

‍

ADDED:

•     Added case-insensitive unique param code validator

‍

FIXED:

•     Fixed snapshot import history view. Previously unable to go to view.
•     Studio does not throw when role from authorization service not exists.
•     Fixed domain configuration tree view was hidden after Timeline updates

FIXED:

• Authorization for azure active directory works after spring-boot bump.

FIXED:

• NullPointerException for a region draft version when publish was invoked

ADDED :

• Hyperon-Studio: Configuration of max size of the imported file (snapshot, superpack, xml, etc.) with hyperon.studio.max-file-size property

‍

• Added Accept-Type headers (application/json, application/x-protobuf) for Hyperon Runtime Rest endpoints. Changed default to application/json.

FEATURES:

• hyperon-studio - exchange springfox into springdoc for Hyperon-Studio. The application expose Swagger-UI endpoint: https://${application_context_path}/swagger-ui.html
• runtime-rest:  exchange springfox into springdoc for Hyperon-Runtime-Rest. The application expose Swagger-UI endpoint: https://${application_context_path}/swagger-ui.html
• runtime-rest:  removed deprecated /execute endpoint
• runtime: added spring-boot autoconfiguration

‍

BREAKING:

• hyperon-studio: exchange column separator for parameter entry into ##col## instead ';'. It could take a while to update Oracle database schema (even few minutes, depending on the table PARAMETERENTRY size).  Microsoft SQL Server, PostgreSQL - update should be fast and unoticable

BUGS

• hyperon-studio: repaired problem after sending link to set password for new user
• hyperon-studio: minor fixes

‍

BUMPS

• runtime-rest:  spring-boot to version 2.6.6 regard to CVE-2022-22965 vulnerability
• hyperon-studio: spring-boot to version 2.6.6 regard to CVE-2022-22965 vulnerability

‍

OTHERS

• filtering matchers, checking matchers and types for imports
• fixed searching session for parameter/function assigned to region
• improved superpack validator API to check if component supports certain type of MppPack
• fixed showing errors (profile does not exist) on superpack export view
• change of delimiter fixed expected value reformat

‍

• bump: minimal supported java version to JDK 11
• Breaking. Properties name convention have changed.

   Find more info at: https://www.hyperon.io/tutorial/configurable-application-properties-new-properties-names-since-version-2-0-0

‍

CHANGES:
‍‍

FIXED:

• Error during creating a user with activation link method
  ‍

‍‍
‍
‍

‍

CHANGES

ADDED:

• Add region and version description to snapshot metadata

FIXED:

• Update of levels in aliases of the master parameter is performed only when an update of any level was taken on the master parameter and those levels exist in the alias. When the masterparameter has assigned region version then only aliases with same region version are considered
• Fix sql injection vulnerability in snapshot export if contains domain with attached region

‍

CHANGED:
‍

• runtime: TypeConverter API - constructor is deprecated in favour of TypeConverter#getInstance method

‍

Fixed

• Parameter view loading optimization.

CHANGES:

‍

FIXED:

Hyperon Studio

• Fixed referenced elements presence validation. Previously during validation versioning was not taken into account.
• Cascade with empty result don't throw INVALID_ROW_INDEX during function call.

Changes:

‍

FIXED:

hyperon-persistence:

• Bundle consistency after gmo model changed. Bundle would still be json represented at bundle value as long as it is owner of entity typeproperty only. Despite it has filled GMO_COLUMN_NAME at sandbox.
• Removed delete command validation.

Hyperon-Studio:

• Fixed empty number version import.

FIXED :

Hyperon-Studio

• Issues with a snapshot import/export process.
• The snapshot export generates the domain configuration including all versions, so far only the active version was exported.
• Proper references view in the domain tree when a referenced element is versioned. When a referenced element is not available in the current region version then references are also hidden and not exported in snapshot.

ADDED :

Hyperon-Studio

• Hyperon-Studio: Domain-cache is alwyas cleared after session is published.
• When referenced element in snapshot import does not exist a lost reference element is logged at import results as the warning message.

‍

REMOVED :

Hyperon-Studio

• Snapshot won't export domain elements only form session. That posibilliy was removed.

‍

ADDED:

•      Added case-insensitive unique param code validator

FIXED:

•     Fixed snapshot import history view. Previously unable to go to view.
•     Studio does not throw when role from authorization service not exists.
•     Fixed domain configuration tree view was hidden after Timeline updates

FIXED :

• Authorization for azure active directory works after spring-boot bump.

FIXED:

• NullPointerException for a region draft version when publish was invoked

ADDED :

• Hyperon-Studio: Configuration of max size of the imported file (snapshot, superpack, xml, etc.) with hyperon.studio.max-file-size property

‍

• fix: Fixed "hyperon.call()" invoke in python function. Added method for RhinoHyperon to fix overloading problem in python function invoker.
• fix: Added Accept-Type headers (application/json, application/x-protobuf) for Hyperon Runtime Rest endpoints. Changed default to application/json.
• bump: Removed unstable version of TXW2 library. All versions have been aligned.

• bump:  spring-boot to version 2.6.6 regard to CVE-2022-22965 vulnerability
• feat: exchange springfox into springdoc. Path is still the same: context-path/swagger-ui.html

• fix: setProfile step on superpack export is set properly
• fix: showing errors on superpack export view
• fix: refreshing superpack export grid
• feat: improved superpack validator API to check if component supports certain type of MppPack

‍

• fix: edit mode on grant view. Unable to edit grant view without edit mode selected.
• fix: swagger-ui for hyperon-runtime-rest was unavailabe
• bump: a version of liquibase-core library to 4.6.2

• Fixed logging multiple arguments in functions
• bump version of log4j2 to 2.17.1

‍

• SAML inactive period configured via properties

• allowed txt file suffixes to importing data

• bump log4j version in order to prevent vulnerability

• updated log4j2 version to 2.16.0 due to CVE-2021-45046
• added configurable SAML property names
• fixed Parameter watcher master/alias fetching from database while checking for any changes

• bump log4j version in order to prevent  vulnerability

• fixed security issue related to client-side remote code execution through formula injection in Excel/CSV exports

• added new global search category: domain attribute code
• fixed security issue related to client-side remote code execution through formula injection in Excel/CSV exports
• added system.function.logging.level parameter for function logging configuration
• added configurable sorting parameter's matrix rows in snapshot export
• alias can be attached only to regions where master exists
• removed minimal file size validation due to business logic
• added healthchecks in Docker images
• added context type fetching in tester arguments
• added "Remove all" functionality in Context
• added "Remove all" functionality in Domain definition and configuration
• increased possible role's length to 100

• added force remove flag in snapshot import
• improved groovy function cache
• added a possibility to create and send snapshot to different Hyperon Studio instances
• added tags filtering in snapshot export

• removed blockade preventing parameter's matrix export containing +, - or = characters in string type
• fixed bug that caused session publication errors when dealing with domain element attached to not active region version

• removed blockade preventing parameter's matrix export containing +, - or = characters (for types: integer, number, and between matchers)
• fixed redirecting to login page after password change

• fixed custom error page in Bundle's zip

• blocked "Remote Code Execution through Excel Formula Injection" vulnerability
• added password strength rules
• blocked ability to upload files with dangerous types
• added session invalidation after password change
• added ability to force password change for default admin/admin credentials. It's controlled by hyperon.studio.setup.password-force-change.enabled property.

• fixed runtime-rest war package errors

• fixed parameter's input values normalization in contains/* matchers

• added Hyperon Studio properties directories to search for in Hyperon Runtime REST war module

• added new form of runtime-rest module distribution. It's now available also as a war file

• fixed Hyperon Runtime REST JSON responses in Swagger UI

• fixed creating empty log file in Hyperon Runtime REST module if file logging is not used
• fixed hyperon/profiler listing page 404
• fixed empty profile.json files in Snapshot that caused import errors
• fixed problem with maximum number of expressions in domain attributes view
• fixed cascade parameter results that returned only first element in domain attributes
• improved handling empty responses in ParamValue result

• added new getDigest() method to Hyperon Engine as well as domain elements and attributes
• fixed problem with new lines in parameter's description

• fixed removing functions with assigned region when region is deleted
• fixed domain duplicates in Superpack REST import

• added integration with AWS Parameter Store in Hyperon Studio and Runtime REST
• added protobuf endpoints to Runtime REST

• fixed domain import error related to cycles in domain graph
• added flag to control whether an exception should be thrown when Hyperon can't cast a matrix value to the selected type
• added function argument type casting

• fixed bug that did not allow to launch Hyperon Studio on some machines

• fixed disappearing domain tree in domain view
• fixed clearing temp files after superpack/snapshot import/export
• added possibility to save logs into file in Hyperon Runtime REST

• added log management tool in function editor
• added superpack export/import between different environments right in Hyperon Studio
• added JWT support in Hyperon Runtime-REST and Studio. You can read more about this here: https://www.hyperon.io/tutorial/authentication-in-hyperon-studio
• ‍fixed disappearing domain elements in Studio that are attached to region
• fixed mark from file in parameter's view
• improved performance in parameter and function listing views

• fixed marking parameters from file
• fixed user region version cache invalidating issues

• fixed h2 column naming error

• introducing a new theme!
• fixed inspection view and its counter
• added integration with Azure Active Directory

• fixed runtime-REST execution in JDK 11
• fixed transaction lock during snapshot domain import

• created new invoke endpoint, it should be used from now on instead of execute endpoint, which is now deprecated
• added external source parameter export/import in snapshot
• added bcrypt complexity configuration via application.properties
• fixed auto refresh period description in external source view
• added tags to domain elements

• reverted execution/execute endpoint changes back to (1.14.*) naming

• fixed default profile tags in alias parameters

• added an option to attach matrix (not only one element as in the past) in the parameter's input source
• added an option to specify default tags in profile. By doing so, chosen tag may be automatically attached to parameters/functions and in parameters/functions listing view
• changed naming in the /execution REST endpoint

• fixed Studio's REST endpoints security bug
• upgraded Jquery to 3.6.0

• fixed Studio's docker image bug that did not allow to pass environment variables to the image

• fixed user's cache case sensitive login bug

• updated Tomcat version from 8.5 to 9 in Studio's docker image, changed from jre to jdk distribution

• added detailed logging in SAML authentication process

• added SAML authentication to Hyperon Studio. More details how to configure it can be found here

• fixed bug not allowing to export/import snapshot when Hyperon Studio is deployed to a server that contains spaces in its path

• added profilers to runtime-rest module. Available endpoints: /api/profiler/jdbc, /api/profiler/parameter, /api/profiler/function, /api/profiler/domain/attr. You can read more about it here:https://www.hyperon.io/tutorial/profilers

• decreased number of hashing rounds in Bcrypt for performance boost

• fixed bug related to parameters assigned to region not available from the tester view

• removed deprecated application property placeholder in Hyperon Studio and Hyperon-runtime-REST. The new one accepts properties files as well as the environment variables

• fixed resizing tester's result view
• external sources can now use different database type than Hyperon's main database
• fixed bad naming in global search view
• fixed few bugs with external sources in Hyperon-runtime-REST. Removed hardcoded developer mode credentials
• added missing PostgreSQL and MsSQL dialects in hyperon-runtime-REST
• changed default password algorithm to BCrypt. Since version 1.9.0 'Pbkdf2' was default password encoding algorithm. This change introduces 'bcrypt' as default one. 'Pbkdf2' can still be set using environment variable 'hyperon.security.passwordEncoder=Pbkdf2'. Keep in mind that this environment variable should be set for hyperon-studio process as well as for hyperon-runtime-rest if both are used. Moreover security for hyperon runtime rest can be now disabled completely using spring profile 'no-security'.

• fixed superpack's deleteParams step

• fixed refreshing warning status in superpack import
• fixed creating new region in superpack import
• fixed superpack's region import

• added new EI matcher
• you can now search in parameter's matrix without specifying its code in global search
• deprecated few REST endpoints
• fixed localDate/localDateTime suggestions in function editor
• fixed bug related to disappearing duplicated rows in parameter's matrix
• fixed profile bug in superpack's import

• added singular test case export/import
• SKIP result in snapshot import is now resolved the same in every snapshot step
• added ACTION field to snapshot's parameter import result
• removed howMany prefix from snapshot's domain import result
• added parameter code to UnknownLevelNameException where possible
• fixed bug related to missing new values in parameter's matrix textfields in edit mode

• added Java 1.8 LocalDate and LocalDateTime to Hyperon
• fixed region attach bug in domain configuration view
• fixed line numbers visible in exception's stack when invoking functions

• fixed bug related to changing function's arguments order
• fixed bug related to context paths in simulation view

• added setting dialect based on jdbc url
• added function argument class name length validator
• added parameter code length validator
• added missing icons in tester logs view
• added warning when loading empty XML file in domain
• added clearing selected element after add to test action
• fixed errors relating to domain types removal
• fixed setting current profile in superpack
• fixed bug related to asterisk symbol in parameters with matchers in input columns
• fixed few bugs related to working in multi tabs in a browser
• fixed batch tester file caching error
• fixed multiple counters in parameter and function views bug
• fixed a bunch of NPE errors in parameter/function views
• fixed breadcrumbs in the superpack view
• fixed going to changes from another profile in a session listing
• fixed superpack's load sandbox step on a different profile
• fixed disappearing records in local attributes table
• fixed cancelation of remote sessions
• fixed error when removing more than 1000 parameters/functions
• fixed refreshing session's counter
• fixed resolving space in snapshot import file
• fixed parsing array from MultiValue object in Hyperon-REST
• fixed refreshing domain tree in configuration view
• disabled filtering parameter entries in BLOB output levels

• changed password hashing algorithm from MD5 to SHA512. Old passwords will be automatically rehashed after first login

• fixed runtime Postgres db error
• added effective version to execution endpoint
• added dependencies to runtime-rest module for java 11 compatibility
• added docker to runtime-rest module
• modified context in execution endpoint, now you can pass more complex context via REST
• added /api prefix for studio rest API's endpoints

• fixed Hyperon Runtime Rest build scripts

• added new module: Hyperon Runtime Rest

• fixed removing input/output levels from alias
• fixed error when importing empty domain
• fixed "save order" button color
• fixed recursive  parameter's input level calls
• fixed tag uppercase'ing during imports
• fixed alias-master import order
• added missing spaces in domain definition view
• added function arguments type validation
• added new parameter prefetch strategy based on regions

• fixed parameter CSV import separator
• fixed allowed file extensions in parameter imports
• fixed parameter extract comparison
• fixed parameter renaming mechanism
• fixed alias import without master
• fixed not distinguish parameter/function code usage in domain attribute values
• fixed setOnBusiness/SystemError steps in the superpack
• improved logging during snapshot import
• removed unnecessary pack creation during pack.xml file creation
• added missing validation in function arguments for specified class type
• added possibility to overwrite function's/parameter's code during duplication
• added function code length validator

• added flag (true by default) to consider config.json file in Snapshot REST API
• added cache for some SQL queries in Hyperon Runtime

• fixed performance in tag import

• added new REST endpoint returning all domain paths for given profile
• added Swagger documentation in REST endpoints
• updated execution endpoint, added possibility to execute domain elements
• fixed tags uppercasing bug during import
• fixed Hyperon Persistence persist algorithm
• fixed performance issues in REST endpoints
• fixed missing tags in function import

• fixed Microsoft SQL Server dialect bug