2024.03 (LTS)

Release Notes

2024.3.4 LTS

Besides the case list below, this release also updated the shipped java version from 21.01 to 21.05 and shipped NodeJS is upgraded from 20.11.1 to 20.18.0

2024.3.3 LTS

This is the first LTS release (of the 2024.3 branch). This will be a supported release for at least 2 years from this release.

This has some security fixes for XSS on the admin page.

A new property type modifiable is introduced that components should be using if the have optional edit support for nested dataproviders.

See the list of fixes below for all the improvements/fixes that did go into this release.

Also a number of releases will be done for various packages, its recommended to upgrade to those.

2024.03.2

This release fixes some regressions with nested property types having null values and improves support in those nested structures for Client or Serverside functions (for example a nested 'object' type) It also has a small fix for scrollbars for the main form.

Also Bootstrap (Extra) Components and Servoy Extra Compopnents have new releases for Servoy 2024.3.x release

2024.03.1

This is a extra security fix for the blobloader, before 2024.3.0 the way to create a blob url is:

var tableName = 'pictures';
var columnName = 'picture_media';
var mimeType = 'application/pdf';
 
var URL = 'media:///servoy_blobloader?servername=example_data'
URL += '&tablename=' + tableName;
URL += '&dataprovider=' + columnName;URL += '&rowid1=' + picture_id;
URL += '&filename=' + file_name

this should now be replaced with:

var tableName = 'pictures';
var columnName = 'picture_media';
var mimeType = 'application/pdf';

var url = clienutils.createUrlBlobloaderBuilder(columnName)
.serverAndTable("example_data",tableName)
.rowid(picture_id)
.filename(file_name)
.mimetype(mimeType)
.build(); 

that will return the blobloader url that is also already encrypted (and only valid for that client)

For this we introduced a 'clientutils' toplevel object (in 22.03 and 23.03 LTS this method is placed on application) This new toplevel object also has other methods now that are more related to this (moved from application), like getMediaUrl and generateBrowserFunction We will move more to this that are purely for browser interaction.

Also a securestring property type is introduced in this release. Components can use this to say that certain properties are only stored in the model on the client which are then send back to the server, where the client is only used as storing some state. But in the client this property shouldn't be changed or shouldn't be able really read by a user. These strings will be encrypted on the server and can only be decrypted on the server for that specific client instance. There will be component package updates coming that will be using this new property for more secure values in there models.

We also upgraded the PBKDF2Hash hashing function from HmacSHA1 to HmacSHA256. This does mean that the length of the hash string that is returned will be bigger, depending on the iterations (default 9999) this will be a now at least 86 chars instead of 63 chars. So if a password hash column was created that is less then 90 please have a look do an alter table on that column and make it at least 200 chars to also support it better in the future. SvySecurity by default had a size of 63, this is changed, but as an existing user its very possible that an alter table needs to be done.

The encrypting handler that is used to encrypt string between client and server (like the secure string above) uses now a better algoritm, it is changed from AES/CBC/PKCS5Padding to AES/GCM/NoPadding

2024.03

Enhancements

The following are key enhancments in Servoy version 2024.03

Stateless Login Form improvements

More integration with ServoyCloud, to also enabled forgotten password and other flows.

See here for more info.

ECMAScript Parser

JSFoundset, JSViewFoundset and JSDataset are now iterables so in the new parser they can be used like:

for(let record of foundset) {
 // use directly the record
}

Developer

Introduced a Servoy Darktheme that is more "darker".

New solution will not generate anymore 2 sets of less files (one for NG1 and the other for TiNG), it will now only generate the TiNG less file.

Dynamic guides in the Form Editor has a lot more improvements (still work in progress)

Core (Api) improvements

Setting a FoundsetFilter will not set by default the initalized flag of a foundset back to false, this means that it won't by itself on various calls do a loadRecors() by itself suddenly (to initialize itself) Because adding a foundset filter the developer is responsible for calling loadRecords() on that foundset after all filters are added. We added a new api: foundset.setFoundSetFilters(name, filters) which can be used to set multiply filters at once and the foundset will also load itself (query) with all those records at once we did add a servoy property "servoy.foundset.unitializeWithFilter" which is default false (so new behavior) so you can set the behavior back if you do depend on foundsets being initialized again by the system. See SVY-18707

Component development: there is now better support for calling any kind of server side function, without knowing the details how to call stuff. Where a component could have a model property with a type "function" and then with the use of the servoyService.executeInlineScripting(xx) you could call the server side. That is now not needed, because those functions are callable functions by itself now so you can do this.functionProperty(arg1, arg2). This also means that you can just give those functions straight into 3rd party components (that you wrap)

Inside Servoy this also works now for function references so elements.mycomponent.myproperty = {'test': function(){// some server side code}} And that 'myproperty' is of type "object", "map" or "json" that will just have a nested function 'test' that is callable as a normal clientside/browser function but will then call the server side. So no need anymore to only assign/reference top level functions. Both are now supported to have calls going back to the server from the browser.

ValuelistConfig objecthas now also an option to allowNewEntries or not]

Added JSFoundset.omitRecord(JSRecord) method.

Plugin api improvements

clientmanager broadcast api is adjusted a bit to be nicer when you just want to listen or just want to send messages.

JasperReportsPlugin has a new release, this one should be used on 2024.03 Because of this our IText.jar that we ship in our plugins is updated to what Jasper now uses: OpenPDF.jar This is a fork of the itext that we always shipped.

Testing (could be breaking)

JSUnit is now a headless client, so you can't use ui (form.elements.xxx or things like application.createWindow) anymore Its now purely a javascript unit code test UI Testing needs to be done with browser tools.

Lib upgrades

Updated embedded tomcat to 9.0.86

Lot of updates to 3rd party libs (Eclipse 4.30 (2023.12), plugins jars)

Angular is upgraded to 17.2, including all the libraries which also needs to be updated.

BREAKING

This release has a breaking change for people that are using deeplink (m=xxx) in the url of the client that you start.

That function now needs to have in the doc the annotation @deeplink, so the system knows that this function can be called as a deeplink. If a function doesn't have that annotation then it will not be called and Servoy will generate a error: "Trying to call a non deeplink (no @deeplink annotation) method: " The best way is to quickly annotate your deeplinks, but if for the short term that is not feasible you can add this property: "servoy.legacy.deeplinks=true" to the servoy properties file to get the old behavior back.

Note

As a heads up, This release will be te last release that will include SmartClient,WebClient and the NGClient (angularjs).

Case List

Below is a comprehensive list of cases associated with each release (candidate)

2024.3.4 LTS

Components
Key
Summary

2024.3.3 LTS

Components
Key
Summary

2024.3.2

Components
Key
Summary

2024.3.1

Components
Key
Summary

2024.3.0 final

Components
Key
Summary

2024.3.0-RC3

Components
Key
Summary

2024.3.0-RC2

Components
Key
Summary