v7.2.4

7.2.4 (2024-11-29)

Fix

• Fix SwitchSelect widget overflowing in vertical mode

• Fix untranslated buttons titles in view switcher toolbar

• Fix missing support of colors and shades config in charts

  Colors and shades config support was not implemented.
  This also add missing pre-build set of colors : material, roma, chartjs,
  roma, macarons. For example : <config name="colors" value="roma" />

• Fix save record in popup editor for m2o/o2o/m2m(selection)

  We can edit the record through popup editor, it will save record as following :

  • m2o/o2o/m2m(selection) : It will only save record when form is dirty
  • o2m/m2m(grid) : It will save record when any changes (also including non dirty dummy fields) in record

• Fix exclude duplicate record in data store search

• Fix cache a view/fields when data is exist

• Show error when view is not found

• Allow to generate empty changelog release

  If no changelog entries are found, there is no changelog release generated. This
  is the default behavior. New properties allowNoEntry and defaultContent can
  be used to determine if it is allowed to generate changelog without entries and
  to specify the changelog release content (for example, No notable changes).

• Fix Slider tooltip position

  The position of the tooltip is now aligned with the slider thumb even after scrolling or zooming.

• Add server-side view type mismatch check

  When a view is requested, check if the requested view type matches.
  If not, an error message is logged and no view is returned.
  This prevents front-end from processing views with wrong type and causing unexpected errors.

• Fix onSave action in grid details view

• Fix helper tooltip not accepting html elements

• Fix Quick Menu dynamic width

  Quick menus no longer have a dynamic width so typing on text input is not flipping the menu anymore.

• Fix rendering of object values in grid

• Small changes to refine UI

• Fix dirty record on MetaFile widgets

  Some MetaFile widgets, ie Image/Drawing/BinaryLink shouldn't mark
  the main record dirty when updating an existing associated file.

• Fix grid resizing lags

• Enhance Gantt toolbar actions style

• Fix login popup after expired SSO profile

  SSO profile may expire before the session expires, creating a situation where session exists
  with no valid profile. In that case, login popup could appear instead of being redirected to SSO.

  Now, log out subject when profile expires.

Security

• Fix XSS vulnerability

v7.1.11

7.1.11 (2024-11-29)

Fix

• Fix untranslated buttons titles in view switcher toolbar

• Fix save record in popup editor for m2o/o2o/m2m(selection)

  We can edit the record through popup editor, it will save record as following :

  • m2o/o2o/m2m(selection) : It will only save record when form is dirty
  • o2m/m2m(grid) : It will save record when any changes (also including non dirty dummy fields) in record

• Fix helper tooltip not accepting html elements

Security

• Fix XSS vulnerability

v7.2.3

7.2.3 (2024-11-13)

Fix

• Fix ImageSelect alignment in tree view

• Fix JS TypeError when action adds rows in one-to-many widget

  Page would crash (error 500) in case an action adds rows in one-to-many widget.

v7.1.10

7.1.10 (2024-11-13)

Fix

• Fix JS TypeError when action adds rows in one-to-many widget

  Page would crash (error 500) in case an action adds rows in one-to-many widget.

v7.2.2

7.2.2 (2024-11-12)

Feature

• Expose Rating to be used in template

Fix

• Fix set action attrs on editor fields

• Fix handle integer value in selection widgets

  When field type is integer/long in case of selection widgets then it should
  set value in record as integer.

• Fix onChange not triggered on Rating widget

• Fix populate changes should reflect into collection grid

• Fix pass grid name/type in editable grid action context

• Fix o2m items data conflict issue

  When data is reset through action-record or data is updated through popup
  then updated data should be merged properly to grid data.

• Fix show Display process option in form toolbar menu

• Fix x-bind string case sensitive issue

  When x-bind output of string field remains same for same field,
  it should reflect the output value instead of skipping value update.

• Exclude cid field in default generated views

• Disable sorting when we add a row

  After manual sort by column, added row could be at the top instead of the bottom.

• Fix tag height in advance search causing toolbar visual effects

• Close popup when adding records in o2m edit mode

• Fix tree-grid empty summary view styles

• Fix handling 0 valued in selection widgets

• Fix Stepper clickable in read-only mode

• Fix missing i18n extract of report-box#label attribute

• Fix skip translations search for empty value

• Fix grid customization of fields mentioned several times

  On a grid view definition, there may be several instances of the same field
  with different "if" conditions.

  When saving grid view customization, we need to retrieve all the fields with the same name,
  not just the first occurrence.

• Fix orderBy for new rows after save/refresh on o2m grid

  On o2m grid, order is normally preserved after search request.
  Now, search order is applied in case of form save/refresh.

• Fix mark form dirty on editable m2m add

• Fix SwitchSelect widget not displaying many-to-one values

• Fix criteria on grid columns search

• Fix persistence issue during tracking of one-to-one field

  Get new and old values without using context in audit tracker.

• cid field shouldn't be copyable

• Fix close dropdown on tag click in tag-select

• Fix empty criteria in advanced search query

  When field or operator is empty then that criteria should not send in search query.

• Fix call onChange on m2m record change

• Fix pass view attributes in field action context

• Fix selection-in attribute support in mass update

• Fix child dialogs shown behind mass update and advanced search

v7.1.9

7.1.9 (2024-11-12)

Fix

• Fix set action attrs on editor fields

• Fix onChange not triggered on Rating widget

• Fix populate changes should reflect into collection grid

• Fix o2m items data conflict issue

  When data is reset through action-record or data is updated through popup
  then updated data should be merged properly to grid data.

• Fix x-bind string case sensitive issue

  When x-bind output of string field remains same for same field,
  it should reflect the output value instead of skipping value update.

• Disable sorting when we add a row

  After manual sort by column, added row could be at the top instead of the bottom.

• Fix handling 0 valued in selection widgets

• Fix orderBy for new rows after save/refresh on o2m grid

  On o2m grid, order is normally preserved after search request.
  Now, search order is applied in case of form save/refresh.

• Fix criteria on grid columns search

• Fix empty criteria in advanced search query

  When field or operator is empty then that criteria should not send in search query.

• Fix call onChange on m2m record change

• Fix selection-in attribute support in mass update

v7.2.1

7.2.1 (2024-10-17)

Feature

• Fix search bar value duplicated in other quick menus

• Always show tenant selection for non-hosts resolved tenants

• TagSelect x-color-field attribute is now compatible with hexadecimal color values

• Add /files/data-export?fileName and /files/report?link endpoints

  Add files endpoints accepting filename as query param instead of path param.

  This ensures URIs are ASCII only, complying with Shiro InvalidRequestFilter.

  Files endpoints using filename as path param are kept for backward compatibility and may be removed
  in later versions.

Change

• Re-enable Shiro global filters

  Shiro global filters are re-enabled, now that our endpoints comply with
  Shiro InvalidRequestFilter (ASCII-only URIs).

  User endpoints also need to make sure they use ASCII-only characters in URI.

Fix

• Fix version issue in editable m2m grid

• Fix ColorPicker popper to work even with invalid values

• Fix tenant selection at login when hosts are not specified

  Session may exist even if user is not logged in.
  Tenant specified from login request should override any session tenant.

• Fix data-description not translated on enum/selection

• Fix restore items state on save in form view

• Invalidate session when tenant becomes inactive

• Fix skip view dirty on editable m2m grid changes

Security

• Always rely on codes when fetching user from profile

  Any extends of com.axelor.auth.pac4j.AuthPac4jUserService.getUser should takes
  care to rely on fetch users by code only (instead of fetching by code and email).

  In case your application use SSO authentication, a carefully review is needed.
  As we now rely on users codes to retrieve users, make sure the users codes match
  the user profile username or email provided by the identity provider (we rely on
  pac4j user profile mapping for this). For example, OpenID Connect providers commonly
  use preferred_username claim as username,but for others such as Azure OpenID Connect
  provider, it will use the upn claim as username. As fallback is will use the email
  claim as email. In case of existing users codes not matching identity providers username
  or email, it will not retrieve them and users will not be able to log in. Manually change
  will be needed, by updating users codes with their email for example.

v7.1.8

7.1.8 (2024-10-17)

Security

• Always rely on codes when fetching user from profile

  Any extends of com.axelor.auth.pac4j.AuthPac4jUserService.getUser should takes
  care to rely on fetch users by code only (instead of fetching by code and email).

  In case your application use SSO authentication, a carefully review is needed.
  As we now rely on users codes to retrieve users, make sure the users codes match
  the user profile username or email provided by the identity provider (we rely on
  pac4j user profile mapping for this). For example, OpenID Connect providers commonly
  use preferred_username claim as username,but for others such as Azure OpenID Connect
  provider, it will use the upn claim as username. As fallback is will use the email
  claim as email. In case of existing users codes not matching identity providers username
  or email, it will not retrieve them and users will not be able to log in. Manually change
  will be needed, by updating users codes with their email for example.

v6.1.6

6.1.6 (2024-10-17)

Fixed

• Fix bpm module discovery
• Fix pending actions not launched after notify

Security

• Always rely on codes when fetching user from profile

  Any extends of com.axelor.auth.pac4j.AuthPac4jUserService.getUser should takes
  care to rely on fetch users by code only (instead of fetching by code and email).

  In case your application use SSO authentication, a carefully review is needed.
  As we now rely on users codes to retrieve users, make sure the users codes match
  the user profile username or email provided by the identity provider (we rely on
  pac4j user profile mapping for this). For example, OpenID Connect providers commonly
  use preferred_username claim as username,but for others such as Azure OpenID Connect
  provider, it will use the upn claim as username. As fallback is will use the email
  claim as email. In case of existing users codes not matching identity providers username
  or email, it will not retrieve them and users will not be able to log in. Manually change
  will be needed, by updating users codes with their email for example.

v6.0.5

6.0.5 (2024-10-17)

Fixed

• Fix dirty view when an editor contain a button
• Fix hidden panels/buttons in editor when the record changes
• Fix details from view attrs reset when reloading from grid/tab
• Fix onnew popup actions called with delay
• Fix tab refresh with HTML dashlet
• Fix auth provider settings exclusive and absolute-url-required

Security

• Always rely on codes when fetching user from profile

  Any extends of com.axelor.auth.pac4j.AuthPac4jUserService.getUser should takes
  care to rely on fetch users by code only (instead of fetching by code and email).

  In case your application use SSO authentication, a carefully review is needed.
  As we now rely on users codes to retrieve users, make sure the users codes match
  the user profile username or email provided by the identity provider (we rely on
  pac4j user profile mapping for this). For example, OpenID Connect providers commonly
  use preferred_username claim as username,but for others such as Azure OpenID Connect
  provider, it will use the upn claim as username. As fallback is will use the email
  claim as email. In case of existing users codes not matching identity providers username
  or email, it will not retrieve them and users will not be able to log in. Manually change
  will be needed, by updating users codes with their email for example.