Original Release Name - pi.2021-11-25
Patched Release Name - pi.2021-11-25.1
Patched Release Name - pi.2021-11-25.2
Patched Release Name - pi.2021-11-25.4
Original Release Date -
Patched Release Date -
Patched Release Date -
Patched Release Date -
We are pleased to present our latest offering of pi - our November 2021 release! This page helps summarise and familiarise you with the changes we have made, and is supported (where applicable) with useful videos to help explain the changes we have delivered.
Note |
---|
- in response to a Java security vulnerability around Log4J2, we have opted to patch our November dashboard release to mitigate against any risks. More information can be found HERE. - because of the need for customers to upgrade to the latest version of the dashboard, to benefit from Log4J2 patches, it is imperative that the release notes and upgrade documentation is read and understood before attempting to upgrade, so you are aware of the changes made to the dashboard and any additional configuration that you may need to change to complete a successful upgrade. We always suggest attempting upgrades in non Production environments beforehand. Multiple customers have recently attempted to upgrade through multiple versions, and have come across issues around environment variables, proxy and embedding settings - for more information on these areas, we recommend reviewing the Embedding Dashboard & Charts page first |
Info |
---|
Before upgrading, we recommend taking a backup. You can find more information here. |
Here’s what we’ll cover;
Table of Contents |
---|
Added
Role level variables and role level restrictions have been added to the system. This means that the system now has a more flexible way to provide variables and restrictions to a user.
previously, if 10 users shared the same variable you would need to add that variable to each individual user
now, you can create a role with a variable and if this role is then assigned to 10 users, they would all have this variable
the same concept also applies to role restrictions
Please look at Role Level Variables for more information.
Video
We’ve created a short video to explain this in a bit more detail.
Confluence youtube macro video | ||||
---|---|---|---|---|
|
2 new magic variables have been added:
LANGUAGE_LOCALE
- locale from language selection on the login screen (these selectable options are configured from dashboard installation on the server machine)LOCALE
- locale of a user's browser, which generally is used for date formatting (this reflects whatever locale a user set on their browser)
Changed
Patched Release 2021-11-25.1 - updated Log4J2 library to version 2.15.0 in response to security vulnerability (CVE-2021-44228).
Patched Release 2021-11-25.2 - updated Log4J2 library to version 2.16.0 in response to security vulnerability (CVE-2021-45046)
Patched Release 2021-11-25.4 - updated Log4J2 library to version 2.17.0 in response to security vulnerability (CVE-2021-45105)
There will only be 1 version of log4j in the dashboard installation files, showing the latest version
Files are located here:
C:\Program Files\Installation_location\Dashboard\tomcat\webapps\panLicenceManager\WEB-INF\lib
C:\Program Files\Installation_location\Dashboard\tomcat\webapps\panMISDashboardResources\WEB-INF\lib
A ‘value’ field in the MIS_VARIABLES table has been changed from varchar(4000) to long text in order to accommodate longer text inputs.
maxSize restrictions have been removed from the following interactable domain objects:
MisChartColumn.operandTwo
MisColumn.columnName
MisDataSourceItem.driverClassPath
MisDefinedChart.helpText
MisDefinedChart.chartLevelStyles
MisFilterColumn.operandOne
MisFilterColumn.operandTwo
MisHierarchy.accessibilityMessage
MisHierarchy.htmlCardStyleSheet
MisHierarchy.customSql
MisHierarchy.svgUrl
MisHierarchyColumn.urlLink
MisLayoutText.text
MisParameter.hierarchyId
MisParameter.orderingIndex
MisPreferredLayout.layoutXml
MisReportFilter.defaultValue
MisReportLayout.layout
MisReportMedia.positioningStyle
MisReportMedia.formattingStyle
MisReportMedia.text
MisReportMedia.imagePath
MisSchedule.emailMessage
MisScheduleAttachment.webServiceUrl
MisScheduleJob.error
MisSecurityUser.clientPassword
MisSecurityUser.encryptedPassword
MisTable.tableName
MisTable.whereClause
MisTable.tablePriority
MisTableJoin.joinSql
MisUserRestriction.orderingIndex
MisVariable.value
As a precautionary measure, we have removed the Apache Drill and Firebolt JDBC drivers from Tomcat until we have hear back from them to clarify if they carry the Log4j2 vulnerabilities or not.
Workaround - if you are currently using these, after upgrading you will need to add them yourself under tomcat/custom_jdbc_drivers
and ensure their safety.
Fixed
We have made changes to how dark themes are used in the dashboard. In order to display text correctly in labels when using a dark theme we recommend:
Setting white text on the css classes shown in the following screenshot, they are designed for such customisation
Making sure the data colour and system background colour are dark colours, so that regardless if text is not contained fully in the data block it will still display correctly
The following screenshot shows how labels look on a Doughnut chart displayed on a dark theme.
You can find more information on using dark themes here.
Crosstab tables that have special characters in the header row, e.g. *, %, £ or white spaces, will load and be displayed correctly.
When a user creates a chart and receives the message ‘Content Unavailable’ they will still be able to access the Chart Editor screen by clicking the ‘Edit Chart’ icon in the top-right corner of the cell.
The dashboard was updating/ removing the password for Data Connection ID 21 after migrating to a newer version of the dashboard. This happened because the dashboard was assuming that Data Connection ID 21 was a MariaDB.
When selecting recipients for reports, the users that are displayed in this section will depend on both the user and role permissions.
For a user to appear in the list of recipients, they must have the ‘Can Be An Email Recipient’ privilege or be attached to a role that has this privilege.
Info |
---|
Role permissions will override user permissions. |
When ‘Display Value as Percentage by Column’ is selected in ‘Attributes’ for a Crosstab table, the column totals will be calculated correctly as percentage values.
Errors were occurring during a large amount of API calls. A fix has been added to this release to address this.
When trying to import large data connections, where the json file was over 5 megabytes, the browser took too long to draw the UI. A change has been added to improve performance meaning that the browser won’t crash in such cases.
If a report contained a chart that had been created with free hand sql, the chart was not displayed in the report if the selected user didn’t have the ‘Can Edit Chart SQL’ permission. Users will now be able to view the chart in a report when they don’t have this permission.
If a schedule task is not available to a user because the schedule is owned by a category that the user doesn’t have access to, they would see records with blank names on the Report Monitoring screen. These records were related to the schedules that were not available to the user, a change has been introduced so that users will no longer see these records.
When using OpenID custom connector, the login screen was not displaying the login button.
When using an external database, trying to connect with a username that was different to root was not working. Problems were also occurring if the schema had a different name.
The renderer was using the internal port as a Dashboard URL to run its services which in some instances caused issues due to proxy and cookie configuration in the dashboard. To address this, the internal port has been removed from the configuration and instead, the renderer will be using the Dashboard URL to run its services.
Keeping An Eye On pi
Info |
---|
|