Intrexx Steady Track 10.3.0 - Version 2.17 of log4j

Published on 20.12.2021

Fixing the CVE-2021-45046 vulnerability by raising the Log4J libraries to version 2.17.

 

Intrexx Steady Track 10.3.0 - Version 2.16 of log4j

Published on 17.12.2021

Fixing the CVE-2021-45046 vulnerability by raising the Log4J libraries to version 2.16.

 

Intrexx Steady Track 10.3.0 - Closing of log4j

Published on 13.12.2021

On Friday, December 10, 2021, a critical zero-day vulnerability has been disclosed in a component (Log4J) that is also used in Intrexx (CVE-2021-44228, https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2021/2021-549032-10F2.pdf?__blob=publicationFile&v=3). Intrexx versions 19.03 and higher are affected under certain circumstances.

A reloading of malicious code as described in the CVE is not possible but since not all details are known yet, it cannot be ruled out with complete certainty that an exploit of the vulnerability could be possible by extending the currently known attack.

Therefore, we advise all our users to apply the latest updates. These updates fix the vulnerability in the library (Log4J).

 

Intrexx Steady Track 10.3.0

Below you will find an overview of the features implemented in Intrexx Steady Track10.3.0 and the changelog for Intrexx Steady Track 10.3.0.

Mega menu

The new menu type provides a new view of the portal menu. The number of levels can be selected in the configuration. Click here for more information.

Tree menu

In the Layout Designer, there is also a new tree menu available for selection. Click here for more information. The previous tree menu is still available.

Changelog

Bugfixes and features, published on 07.12.2021

  1. Update to Intrexx Steady Track 10.3.0

  2. IX-12193: Websocket permissions

    Problem: When deleting applications that have defined topic permissions, the permissions are not deleted and remain in the database.

    Solution: When deleting the application, the permissions are now also deleted.

  3. IX-12321: Proxy login

    Problem: Dialog checks the connection to the proxy even if the dialog is canceled.

    Solution: If canceled, the check is no longer performed.

  4. IX-12877: Buttons in tables

    Problem: In some circumstances, buttons in tables are no longer displayed when scrolling.

    Solution: Transfer of values for links for buttons corrected so that they are now displayed.

  5. IX-13381: Systemcare - Analyze log files

    Problem: Derby DB log files can be selected in Systemcare.

    Solution: Derby removed from configuration.

  6. IX-13720: Proxy

    Problem: During the initial download of the server certificate, no proxy is used, although the proxy is known to Intrexx.

    Solution: Proxy is now used when downloading the server certificate.

  7. IX-13786: Child data groups

    Problem: When filtering on a non-empty file field in a child data group, an error occurs.

    Solution: Join to the child data group is now created correctly.

  8. IX-14366: Dynamic view

    Problem:

    • The controls Dynamic view, Listbox, Sortable list, Sortable list view, Value drop-down list, Value listbox do not take over the entered title when creating a new one.
    • When creating new Dynamic view, Listbox, Sortable list, Sortable list view, Value listbox controls, the title of a previously edited control is in the title field.
    • When creating the Value listbox control, the data field selection is displayed although this is not actually intended and can lead to unexpected behavior on the web because only the last entry is ever saved.

    • In the value drop-down list control, no binding page is displayed when editing although there is nothing to prevent a read binding.

    • For listbox and value listbox controls, help icons for width and height are not visible.

    Solutions: The problems mentioned above have been fixed.

  9. IX-14378: Global search

    Problem: Since the search was switched to a single index, it no longer provides alternative search suggestions.

    Solution: Search suggestions are now displayed again.

  10. IX-14630: Cookies

    Problem: Warning message in the browser console for portals with an HTTPS connection that the cookies we set will soon no longer be supported due to missing secure attributes.

    Solution: For HTTPS connections, the cookies set by us (layout, language) are additionally set with the attribute "secure".

  11. IX-14790: Setup

    Problem: Setup creates a backup file of unchanged requestvalidator.cfg.

    Solution: Backup is created only when the file is changed.

  12. IX-14908: Language constants in applications

    Problem: Page titles from constants are not updated in the application structure under certain circumstances.

    Solution: If a title is assigned for pages from a newly created application constant, this is also immediately displayed and used in the application tree.

  13. IX-14922: Update

    Problem: Patcher uses an incomplete ClassPath.

    Solution: All jars are now added to the running patcher / publish mechanism under lib/custom instead of just using the first level jars.

  14. IX-15054: Delete portals

    Problem: Log directory is kept after deleting the portal.

    Solution: The log directory is now also deleted.

  15. IX-15070: Multiple selection

    Problem: Browser.getValue no longer returns the saved values in case of multiple selection (view).

    Solution: View control of the multiple selection returns the stored value via Browser.getValue.

  16. IX-15150: Generate documents

    Problem: If a document is created from an Intrexx page and there is an unlocked table with a multiple selection on this page, then the saved values of the multiple selection are not displayed in the created document.

    Solution: The values are now completely displayed in the generated document.

  17. IX-15167: Data navigation

    Problem: Display during data navigation may not be initialized correctly.

    Solution: Data navigation now shows correct values again.

  18. IX-15170: "Design" module

    New selectors for pagination controls

  19. IX-15174: Linux - root user

    Problem: NPE on update if Portal Manager was started with root on Linux.

    Solution: NPE now no longer occurs.

  20. IX-15195: Installation

    Problem: patchportal.bat does not work.

    Solution: Fixed an error in the handling of path specifications.

  21. IX-15239: Setup

    Problem: Setup dialog accepts blank SubjectAlternativeNames entries and writes them to the certificate.

    Solution: Blank SANs are now ignored.

  22. IX-15243: Unique Number Generator

    Problem: Unique Number Generator throws errors in combination with integer data.

    Solution: Integer data is now also supported.

  23. IX-15244: File storage location

    Problem: Under certain circumstances, incorrect characters are displayed in the file locations dialog when importing applications on computers running MacOS. The text in question is unreadable due to an incorrect font.

    Solution: The font is now set correctly so that the text is legible.

  24. IX-15246: "Design" module

    Problem: Layout Designer does not accept shadow tree styles.

    Solution: CSS validator has been updated. Shadow tree selectors can now be used.

  25. IX-15247: Element templates

    Custom control templates that have at least Intrexx version 10000 are now patched.

  26. IX-15251: SAP Business Suite Connector

    Problem: Reference fields are not loaded.

    Solution: Reference fields are loaded again.

  27. IX-15253: Data Picker

    Problem: On mobile pages, Data Picker results are displayed as a table, which means there is not enough space to display them.

    Solution: Data Picker results are now displayed as a list again on mobile pages.

  28. IX-15262: Markdown editor

    Problem: Preview does not work correctly.

    Solution: The CSS of the editor is now loaded correctly again. Now all buttons, the preview and the frame are working again.

  29. IX-15277: Data Picker

    Problem: If a drop-down list is cleared, the values filled in by data mapping are not reset.

    Solutions: Values are now also removed when resetting the drop-down list.

  30. IX-15278: Element templates

    Problem: Button that jumps to another application cannot be saved as a template.

    Solution: Buttons that jump to a different application than the current one can now be created as a separate template again by dragging and dropping them from the workspace into the "Elements" area.

  31. IX-15288: Edit field - date

    Problem: Onblur events configured by the user for date fields are no longer triggered.

    Solution: The problem has been fixed.

  32. IX-15294: "Design" module

    In the Layout Designer, there is a new menu type called "Mega menu".

  33. IX-15295: New tree menu

    In the Layout Designer, there is also a new tree menu available for selection. The old tree menu is still available.

  34. IX-15308: Upgrade

    Problem: Incorrectly set file owners in the installation directory after updating to Steady Track.

    Solution: File owners are now correctly set to the configured daemon user.

  35. IX-15312: Rolling Update

    Problem: The "Cancel" button in the authentication dialog did not work on Linux. The dialog (SudoPage.java) is always displayed when services are started, stopped, created or deleted under Linux: This means that the dialog is displayed when a portal is created or deleted or when updates are installed.

    Solution: The "Cancel" button in the authentication dialog now works again.

  36. IX-15314: Remote access to Intrexx Portal

    Problem: During remote access, the wrong server version is displayed in the event of an error.

    Solution: The correct server version is now displayed.

  37. IX-15326: Headless setup

    Problem: Entering a blank password during headless setup causes an error.

    Solution: A blank password is now detected during installation and a corresponding message is displayed.

  38. IX-15339:TinyMCE editor

    Problem: When embedding images in the TinyMCE edit box with "data: marker" in the HTML, document creation errors occurred afterwards.

    Solution: The bug has been fixed - documents can now be created.

  39. IX-15354: Button with email configuration and email action in processes

    Problem: In certain cases, an incorrect record is rendered due to an incorrectly determined primary key in emails.

    Solution: The primary key is now correctly determined.

  40. IX-15376: Groovy

    Problem: GroovyOrgBuilder._isPasswordAcceptable() throws NPE if username is null.

    Solution: The null value is now handled correctly.

  41. IX-15380: Global timer

    Problem: With the "Run overdue timer jobs at server startup" setting, all timer jobs with this setting are run at every restart.

    Solution: When the server is restarted, timer jobs are now started only if they are overdue and the "Run overdue timer jobs at server startup" setting is set.

  42. IX-15441: Setup

    Problem: If a proxy for the update mechanism is defined during setup without user and password, an error is generated.

    Solution: The setup can now be executed error-free without specifying user and password.