stSoftware October 2016 Release Notes
Take a look at what's new
- Performance enhancements
- Excel template for accessing ReST services
- Screen expander
- Xero sync support added
- Fixed all XSS issues in core system identified by scans with https://www.tinfoilsecurity.com
- Fixed text expander
- ReST sync fixed
- Upgrade of core components
- ReST v7/class enhancements
- DBResult will page ahead for large record sets using a separate thread.
- Reduce logging of deprecated ReST calls ( was once every call, now once a minute)
- No need to check if user "System" can access a record. It can always access a record.
- Always search by concrete fields first then derived fields.
- Search by the paths with the least steps first
- Use LargeLongArray instead of very large native long as the G1 garbage collector segments the heap into thousands of smaller heaps. A large native long array causes "stop the world" pauses.
- DBReslt is now multi-thread safe.
Excel template for accessing ReST services
A Excel template for fetching data via ReST services can be downloaded here.
Pop open windows will now automatically expand to the content size.
Invoices and contacts can now be automatically sync'd to Xero when created in ST
Cross Site Script (XSS)
- New validation on all text&string fields to make sure the character values are within the illegal XML/HTML character range.
- Special parameters are checked to make sure they pattern match expected values if not a status 400 is returned.
- Special parameters for controlling window flow are sanitized.
- Automated unit test added which randomly injects standard attack strings into random screen parameters added to the daily builds.
- Validate all search parameters are valid before attempting the search
The text expander has be fixed to expand the text box to 80% of the window width
- ReST v5/sync has been enhanced to call v7/class
- Fix issue where one call setting the cursor size could leak over to a later call ( because of thread pooling).
- de-duplicate paths parameter
- return status 400 for classes that don't record journal data
- Correctly handle classes that have fields/subclasses defined in different layers
- Scan the trans_data table instead of joining to trans_record
- Removed the select overhead in isApplicable() method completely.
- Adjust page size to fix within desired maximum block time.
Upgrade of core components
ReST v7/class enhancements
- fixed issue found in v6/class when the _href is repeatedly followed from one call to v6/class to another.
- Fixed a n! performance issue in v6/class when scrolling very large data sets ( tested on a production 500k recordset), this is fixed by the cursor id which is passed back in the next parameter. The new ReST v7/class now supports cursors for scroll very large datasets ( 500k+) plus setting the cache headers when a key & timestamp are passed.
- Issue with v6/class where the transaction/layer part of the key passed to class rest service gets translates to a timestamp then linked records keys are returned with the maximum transaction for that record. When you then ask for the next record the process repeats but the next linked records will be as of the timestamp of the second linked record.
- Corrected handling of fetching records for classes without a primary key in v6/class
- Validate the parameters better to prevent 500 statuses in v6/class ( 400 instead)
- Corrected support for cache headers ( only set cache headers when archive is used)
- deprecated v6/class
- Don't use Archive for private database sites
- heartbeat to check the last back up time.
- fixed margin & alignment in member payment report
- new field Business:displayABN which correctly formats the ABN
- ReST to allow call timeout
- Handle guest sessions in server clusters.
- Mask password in logs when failing to connect to an SFTP server.
- Check Integer overflow in ReST services.
- Fixed file location to contain layer id.
- Fixed issue where searching for temporary rows ( performance issue as row will never be found)
- Retry connection to mail server. Suppress error message if retry succeeds.
- Removed unused GWT modules. All GWT modules are now deprecated and will be removed over time.