Intrexx Steady Track 10.3.0 - Version 2.17 of log4j
Published on 20.12.2021
Fixing the CVE-2021-45046 vulnerability by raising the Log4J libraries to version 2.17.
Intrexx Steady Track 10.3.0 - Version 2.16 of log4j
Published on 17.12.2021
Fixing the CVE-2021-45046 vulnerability by raising the Log4J libraries to version 2.16.
Intrexx Steady Track 10.3.0 - Closing of log4j
Published on 13.12.2021
On Friday, December 10, 2021, a critical zero-day vulnerability has been disclosed in a component (Log4J) that is also used in Intrexx (CVE-2021-44228, https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2021/2021-549032-10F2.pdf?__blob=publicationFile&v=3). Intrexx versions 19.03 and higher are affected under certain circumstances.
A reloading of malicious code as described in the CVE is not possible but since not all details are known yet, it cannot be ruled out with complete certainty that an exploit of the vulnerability could be possible by extending the currently known attack.
Therefore, we advise all our users to apply the latest updates. These updates fix the vulnerability in the library (Log4J).
Intrexx Steady Track 10.3.0
Below you will find an overview of the features implemented in Intrexx Steady Track10.3.0 and the changelog for Intrexx Steady Track 10.3.0.
In the Layout Designer, there is also a new tree menu available for selection. Click here for more information. The previous tree menu is still available.
Bugfixes and features, published on 07.12.2021
Update to Intrexx Steady Track 10.3.0
IX-12193: Websocket permissions
Problem: When deleting applications that have defined topic permissions, the permissions are not deleted and remain in the database.
Solution: When deleting the application, the permissions are now also deleted.
IX-12321: Proxy login
Problem: Dialog checks the connection to the proxy even if the dialog is canceled.
Solution: If canceled, the check is no longer performed.
IX-12877: Buttons in tables
Problem: In some circumstances, buttons in tables are no longer displayed when scrolling.
Solution: Transfer of values for links for buttons corrected so that they are now displayed.
IX-13381: Systemcare - Analyze log files
Problem: Derby DB log files can be selected in Systemcare.
Solution: Derby removed from configuration.
Problem: During the initial download of the server certificate, no proxy is used, although the proxy is known to Intrexx.
Solution: Proxy is now used when downloading the server certificate.
IX-13786: Child data groups
Problem: When filtering on a non-empty file field in a child data group, an error occurs.
Solution: Join to the child data group is now created correctly.
IX-14366: Dynamic view
- The controls Dynamic view, Listbox, Sortable list, Sortable list view, Value drop-down list, Value listbox do not take over the entered title when creating a new one.
- When creating new Dynamic view, Listbox, Sortable list, Sortable list view, Value listbox controls, the title of a previously edited control is in the title field.
When creating the Value listbox control, the data field selection is displayed although this is not actually intended and can lead to unexpected behavior on the web because only the last entry is ever saved.
In the value drop-down list control, no binding page is displayed when editing although there is nothing to prevent a read binding.
For listbox and value listbox controls, help icons for width and height are not visible.
Solutions: The problems mentioned above have been fixed.
IX-14378: Global search
Problem: Since the search was switched to a single index, it no longer provides alternative search suggestions.
Solution: Search suggestions are now displayed again.
Problem: Warning message in the browser console for portals with an HTTPS connection that the cookies we set will soon no longer be supported due to missing secure attributes.
Solution: For HTTPS connections, the cookies set by us (layout, language) are additionally set with the attribute "secure".
Problem: Setup creates a backup file of unchanged requestvalidator.cfg.
Solution: Backup is created only when the file is changed.
IX-14908: Language constants in applications
Problem: Page titles from constants are not updated in the application structure under certain circumstances.
Solution: If a title is assigned for pages from a newly created application constant, this is also immediately displayed and used in the application tree.
Problem: Patcher uses an incomplete ClassPath.
Solution: All jars are now added to the running patcher / publish mechanism under lib/custom instead of just using the first level jars.
IX-15054: Delete portals
Problem: Log directory is kept after deleting the portal.
Solution: The log directory is now also deleted.
IX-15070: Multiple selection
Problem: Browser.getValue no longer returns the saved values in case of multiple selection (view).
Solution: View control of the multiple selection returns the stored value via Browser.getValue.
IX-15150: Generate documents
Problem: If a document is created from an Intrexx page and there is an unlocked table with a multiple selection on this page, then the saved values of the multiple selection are not displayed in the created document.
Solution: The values are now completely displayed in the generated document.
IX-15167: Data navigation
Problem: Display during data navigation may not be initialized correctly.
Solution: Data navigation now shows correct values again.
IX-15170: "Design" module
New selectors for pagination controls
IX-15174: Linux - root user
Problem: NPE on update if Portal Manager was started with root on Linux.
Solution: NPE now no longer occurs.
Problem: patchportal.bat does not work.
Solution: Fixed an error in the handling of path specifications.
Problem: Setup dialog accepts blank SubjectAlternativeNames entries and writes them to the certificate.
Solution: Blank SANs are now ignored.
IX-15243: Unique Number Generator
Problem: Unique Number Generator throws errors in combination with integer data.
Solution: Integer data is now also supported.
IX-15244: File storage location
Problem: Under certain circumstances, incorrect characters are displayed in the file locations dialog when importing applications on computers running MacOS. The text in question is unreadable due to an incorrect font.
Solution: The font is now set correctly so that the text is legible.
IX-15246: "Design" module
Problem: Layout Designer does not accept shadow tree styles.
Solution: CSS validator has been updated. Shadow tree selectors can now be used.
IX-15247: Element templates
Custom control templates that have at least Intrexx version 10000 are now patched.
IX-15251: SAP Business Suite Connector
Problem: Reference fields are not loaded.
Solution: Reference fields are loaded again.
IX-15253: Data Picker
Problem: On mobile pages, Data Picker results are displayed as a table, which means there is not enough space to display them.
Solution: Data Picker results are now displayed as a list again on mobile pages.
IX-15262: Markdown editor
Problem: Preview does not work correctly.
Solution: The CSS of the editor is now loaded correctly again. Now all buttons, the preview and the frame are working again.
IX-15277: Data Picker
Problem: If a drop-down list is cleared, the values filled in by data mapping are not reset.
Solutions: Values are now also removed when resetting the drop-down list.
IX-15278: Element templates
Problem: Button that jumps to another application cannot be saved as a template.
Solution: Buttons that jump to a different application than the current one can now be created as a separate template again by dragging and dropping them from the workspace into the "Elements" area.
IX-15288: Edit field - date
Problem: Onblur events configured by the user for date fields are no longer triggered.
Solution: The problem has been fixed.
IX-15294: "Design" module
In the Layout Designer, there is a new menu type called "Mega menu".
IX-15295: New tree menu
In the Layout Designer, there is also a new tree menu available for selection. The old tree menu is still available.
Problem: Incorrectly set file owners in the installation directory after updating to Steady Track.
Solution: File owners are now correctly set to the configured daemon user.
IX-15312: Rolling Update
Problem: The "Cancel" button in the authentication dialog did not work on Linux. The dialog (SudoPage.java) is always displayed when services are started, stopped, created or deleted under Linux: This means that the dialog is displayed when a portal is created or deleted or when updates are installed.
Solution: The "Cancel" button in the authentication dialog now works again.
IX-15314: Remote access to Intrexx Portal
Problem: During remote access, the wrong server version is displayed in the event of an error.
Solution: The correct server version is now displayed.
IX-15326: Headless setup
Problem: Entering a blank password during headless setup causes an error.
Solution: A blank password is now detected during installation and a corresponding message is displayed.
Problem: When embedding images in the TinyMCE edit box with "data: marker" in the HTML, document creation errors occurred afterwards.
Solution: The bug has been fixed - documents can now be created.
IX-15354: Button with email configuration and email action in processes
Problem: In certain cases, an incorrect record is rendered due to an incorrectly determined primary key in emails.
Solution: The primary key is now correctly determined.
Problem: GroovyOrgBuilder._isPasswordAcceptable() throws NPE if username is null.
Solution: The null value is now handled correctly.
IX-15380: Global timer
Problem: With the "Run overdue timer jobs at server startup" setting, all timer jobs with this setting are run at every restart.
Solution: When the server is restarted, timer jobs are now started only if they are overdue and the "Run overdue timer jobs at server startup" setting is set.
Problem: If a proxy for the update mechanism is defined during setup without user and password, an error is generated.
Solution: The setup can now be executed error-free without specifying user and password.