7.23

Last modified: February 29, 2024

7.23.37

Release date: October 12, 2023

Go to Marketplace

Improvements

  • We optimized server responses and prevented the returning of unnecessary data.

Fixes

  • We updated a third-party library to stay within actively supported versions for which patches are made available on a regular basis, preventing challenging update paths in case of issues.

7.23.36

Release date: September 18, 2023

Go to Marketplace

Improvements

  • We now support the SameSite parameter in HTTPS cookies. This setting can be configured using the com.mendix.core.SameSiteCookies Mendix Runtime setting.

Fixes

  • We added the custom setting RequestHandling.AllowLegacyCookies to allow for violations of RFC 6265, which is enforced in the most recent Jetty versions (for more information, see RFC6265_LEGACY). Be aware of the fact that enabling this custom setting exposes your app to CVE-2023-26049.

7.23.35

Release date: April 24, 2023

Go to Marketplace

Improvements

  • We added support for the following database versions:
    • MariaDB 10.11
    • Microsoft SQL Server 2022
    • Oracle Database 21c
    • PostgreSQL 15

Fixes

  • We replaced a third-party dependency to prevent a potential security vulnerability.
  • We fixed an exception in the from-dateTime XPath functions and the DATEPART OQL function that occurred when using the built-in HSQLDB database. (Ticket 180239)

Deprecations

  • We have dropped support for the following database versions that are no longer supported by the vendors:
    • PostgreSQL 10
    • SQL Server 2017
  • We will drop support for MariaDB 10.3 after June 1, 2023, as it is no longer supported by the vendor.

7.23.34

Release date: February 2, 2023

Go to Marketplace

Improvements

  • We upgraded to HSQLDB 2.7.1. As a result, Java functions can no longer be registered in the database.

Fixes

  • We fixed CVE-2023-23835.
  • We fixed an issue with Arabic date/time format handling in HSQLDB. (Ticket 141313)
  • We fixed an issue where Mendix Console Log failed to open when running from Eclipse. (Ticket 168212)
  • We fixed an issue in the DATEDIFF() function for HSQLDB where it was off by 1 day due to time zones.
  • We fixed an issue where the time zone was displayed incorrectly as +2 (when it should have been +3) for Amman, Jordan and Damascus, Syria.

Deprecations

  • Starting with version 7.23.36, we will drop support for MariaDB 10.2, as it is no longer supported by the vendor.

7.23.33

Release date: October 10, 2022

Go to Marketplace

Fixes

  • We updated the image metadata extractor library. (Ticket 163987)
  • We fixed an issue with the JSON reader that caused an error when converting an app to the latest version. (Tickets 164992, 166288)

Deprecations

  • We dropped support for Oracle 12.2, as it is no longer supported by the vendor.
  • Starting with version 7.23.35, we will drop support for the following database versions that are no longer supported by the vendors:
    • PostgreSQL 10
    • SQL Server 2017

7.23.32

Release date: August 16, 2022

Go to Marketplace

Improvements

  • We upgraded PostgreSQL driver to version 42.4.1.

Fixes

  • We fixed a missing execution ID in the trace log lines of microflows run by scheduled events. (Ticket 153273)
  • We fixed an issue where temporary files used for image rotation were not being closed. (Ticket 154992)

7.23.31

Release date: June 1, 2022

Go to Marketplace

Fixes

  • We fixed CVE-2022-31257.
  • We fixed CVE-2022-27241.
  • We fixed an issue in MySQL 8.0.29 and above that occurred when dropping a column with a name length over 53 characters long.

Breaking Changes

  • We now block changes to the Password attribute of User and User-derived objects in client commits (for example, via the Save button in forms). The old behavior is deprecated, but it can be restored until Mendix 10 by setting the BlockPasswordInClientCommit custom setting to false.

Deprecations

  • As announced in the deprecations for 7.23.29, we have dropped support for DB2 version 11.1.

7.23.30

Release date: April 7, 2022

Go to Marketplace

Improvements

  • We now support MariaDB 10.6.

7.23.29

Release date: March 1, 2022

Go to Marketplace

Improvements

  • We added the possibility to specify the BCrypt cost when configuring the hash algorithm via a custom setting. To do this, use the value BCRYPT:cost for the setting HashAlgorithm, where cost can be a value from 10 to 30. If you only specify the value BCRYPT, a default cost value will be used.
  • We upgraded the JDBC driver for Microsoft SQL Server to version 9.4.1. If you use the Database connector with SQL Server and integrated security, you may need to update the JDBC driver in the userlib folder as well.

Fixes

Breaking Changes

  • When accessing the contents of file documents, access rules on the Contents attribute are now checked instead of relying entity access alone.

Deprecations

  • We dropped support for the following database versions that are no longer supported by vendors:
    • MariaDB 10.1
    • MySQL 5.7
    • PostgreSQL 9.6
  • Starting with version 7.23.31, we will no longer support DB2 11.1.

7.23.28

Release date: December 21, 2021

Go to Marketplace

Fixes

  • We upgraded the Cloud Foundry client (mx-cf-client) by updating Apache Log4j libraries to 2.17.0, which addresses CVE-2021-45105.

7.23.27

Release date: December 16, 2021

Go to Marketplace

Improvements

  • We added support for PostgreSQL 14.

Fixes

  • We fixed CVE-2022-25650.
  • We upgraded the Cloud Foundry client (mx-cf-client) used to deploy Mendix applications from Mendix Desktop Modeler to compromised Cloud Foundry services by updating Apache Log4j libraries to 2.16.0, which addresses CVE-2021-44228 and CVE-2021-45046.

Deprecations

  • Starting with version 7.23.29, we will drop support for the following database versions that are no longer supported by the vendors:
    • MySQL 5.7
    • MariaDB 10.1
    • PostgreSQL 9.6

7.23.26

Release date: October 28, 2021

Go to Marketplace

Improvements

  • We upgraded the SVG library to version 3.3.0.

Fixes

  • We fixed CVE-2021-42015. (Ticket 126829)
  • We fixed an issue where imported SVG images appeared in the black color. (Ticket 130343)

7.23.25

Release date: September 27, 2021

Go to Marketplace

Fixes

  • We now block marking inactive users as active when the named users license limit is exceeded. We do not block creating inactive users anymore in this situation.

7.23.24

Release date: August 16, 2021

Go to Marketplace

Improvements

  • We updated the SVG library to the latest version.

Fixes

  • We fixed an issue where creating the deployment package failed due to exceeding the number of entries in the package. (Ticket 124493)
  • We fixed an issue where NPEs were not returned from a microflow in certain cases. (Ticket 125909)

7.23.23

Release date: June 25, 2021

Go to Marketplace

Improvements

  • We now log the addition of request handlers.
  • We improved the page export speed by up to 50% in some cases.

Fixes

  • We fixed an error that occurred when refreshing the list of Team Server apps in the Open App dialog box. (Ticket 112763)
  • We fixed an issue where temporary files and folders (like GPUCache) were created in the app directory, which led to unnecessary merge conflicts. (Tickets 105909, 106329, 107857)
  • We upgraded the SQL Server JDBC driver authentication DLL files to 9.2.1. (Ticket 124044)

Deprecations

  • We dropped support for the following database versions that are no longer supported by vendors:
    • Oracle 18
    • SQL Server 2016
  • Starting with version 7.23.25, we will drop support for Oracle 12.2, as it is no longer supported by the vendor.

7.23.22

Release date: June 9, 2021

Go to Marketplace

Fixes

  • We fixed an error that occurred when refreshing the list of Team Server apps in the Open App dialog box. (Ticket 112763)
  • We fixed a medium-severity security issue where write access could be bypassed in certain scenarios. (Fixed CVE-2021-33718)

7.23.21

Release date: May 18, 2021

Go to Marketplace

Improvements

  • We improved the validity of sessions in session caches. As a result, changes made on one cluster node will now eventually be reflected on others. Also, Core.getSessionById might potentially update the current session and related data in the current cluster nodes session cache. (Ticket 113448)
  • We added support for IBM DB2 11.5, MariaDB 10.4, and MariaDB 10.5.

Fixes

  • We fixed a runtime issue where log messages from components that use Apache commons logging ended up on the console output of the app. These messages are no longer written to the console output of the app. We introduced a new custom setting where you can set EnableApacheCommonsLogging to true to see these log messages in the Mendix logs. (Tickets 103160, 118254)
  • We fixed an issue where selecting an icon using the keyboard was not possible after filtering. (Ticket 104249)
  • We resolved an error that occurred when installing the Desktop Modeler because an additional file could not be downloaded.
  • We fixed an issue where the Buddhist calendar did not work properly in Android mobile browsers. Now, Android mobile browsers will show the Mendix app calendar instead of the native calendar.

Breaking Changes

  • It is no longer possible to add mathematical expressions in an XPath outside of tokens. Mathematical expressions should be calculated outside of the XPath expression.

Deprecations

  • We will drop support for Oracle 18 before June 30. We will announce this again when the support is dropped.
  • Starting with version 7.23.23, we will drop support for Microsoft SQL Server 2016, as it is no longer supported by the vendor.

7.23.20

Release date: March 8, 2021

Go to Marketplace

Fixes

  • We fixed an issue where negative numeric values were formatted incorrectly in CSV exports. (Ticket 114902)

7.23.19

Release date: December 17, 2020

Go to Marketplace

Fixes

  • We applied an important security patch that fixed the SSA-875726 Privilege Escalation Vulnerability for authenticated users. We strongly advise upgrading your Mendix applications to this version, where the issue has been fixed.

7.23.18

Release date: December 3, 2020

Go to Marketplace

Improvements

  • The built-in database viewer now uses a free TCP port instead of a fixed one to avoid conflicts.
  • We greatly improved the performance of the last step of committing and updating. (Ticket 93773)
  • We fixed an issue in microflow optimization related to list aggregation. An optimization was hit too eagerly if there were multiple paths through a microflow to aggregate actions. (Ticket 109987)

Known Issues

7.23.17

Release date: October 13, 2020

Go to Marketplace

Fixes

  • We upgraded the internal browser to fix an issue where single sign-on for the Desktop Modeler was giving an error. (Ticket 108368)
  • We fixed an issue where Mendix apps could not be loaded within an iframe due to stricter browser policies regarding the SameSite and Secure attributes on cookies. (Ticket 108400)
  • To protect the security of apps, Shockwave files (SWF) will no longer be displayed inline.

Known Issues

7.23.16

Release date: September 1, 2020

Go to Marketplace

Fixes

  • We fixed the use of amount/offset in a retrieval schema for OQL union queries. (Ticket 104888)
  • We upgraded library dependencies containing known vulnerabilities. (Ticket 105109)
  • We fixed the problem where renaming a file with a different casing caused data loss when trying to commit multiple times. (Ticket 102247)

Known Issues

7.23.15

Release date: July 27, 2020

Go to Marketplace

Fixes

  • We fixed an error in the Call REST service activity where using a DELETE request with a body sent an empty body. (Tickets 92953, 103950)
  • We fixed an issue that caused session keep alive to become defunct if a database connection became stale. (Tickets 102373, 103767, 103811)
  • When you replace an existing module with a new version of the same module, the Desktop Modeler now checks for every index if it can be reused. If the contents have not been changed, it does not have to be rebuilt, and that reduces downtime. (Tickets 87221, 97497, 98060, 101556)

Deprecations

  • We dropped support for the following database versions that are no longer supported by vendors:
    • Oracle 11, 12.1
    • MySQL 5.5, 5.6
    • MariaDB 5.5, 10.0
    • PostgreSQL 9.2, 9.3, 9.4
    • SQL Server 2008, 2008r2, 2012, 2014

Known Issues

7.23.14

Release date: May 4, 2020

Go to Marketplace

Improvements

  • We added support for the following database versions:
    • Oracle Database 12c releases 2, 18, 19
    • MariaDB 10.2, 10.3
    • MySQL 8.0
    • PostgreSQL 11, 12
    • SQL Server 2019

Fixes

  • Downloading private content in the Marketplace available in the Desktop Modeler has been enabled again for this version and all further 7.23.x versions. It is not possible for Desktop Modeler versions below 7.23.14.
  • We changed the log level for the “Executing query with old implementation due to detected difference” message from Warning to Debug.

Known Issues

7.23.13

Release date: April 1, 2020

Go to Marketplace

New Features

We added experimental support for queuing tasks as a part of a closed beta test.

Fixes

  • We fixed a performance degradation related to the Retrieve by path action. (Ticket 97260)
  • We fixed an issue where microflows that changed a large amount of objects and returned a Boolean value resulted in a client-side exception.

Deprecations

  • Starting with Mendix 7.23.15, we will drop support for the following database versions that are no longer supported by the vendors:
    • Oracle 11, 12.1
    • MySQL 5.5, 5.6
    • MariaDB 5.5, 10.0
    • PostgreSQL 9.2, 9.3, 9.4
    • SQL Server 2008, 2008r2, 2012, 2014

Known Issues

  • Users with non-administrative user roles with the permission to manage users are able to escalate their privileges. For more information on this vulnerability, see SSA-875726 Privilege Escalation Vulnerability in Mendix.
  • Downloading private content in the Marketplace available in the Desktop Modeler has been temporarily disabled due to a security risk. Please see this issue described in the Marketplace release notes for more information, details about where to find your private content, and plans for future version-specific fixes.

7.23.12

Release date: February 19, 2020

Go to Marketplace

Fixes

  • We fixed an issue where export mappings that use XML choice or XML inheritance threw exceptions during runtime. (Ticket 93998)
  • We fixed an issue in JSON import mappings, where using a JSON structure that defines an array of objects and using a microflow in the mapping resulted in no data being imported. (Ticket 95390)
  • We fixed the identifier reserver timeout error that occurred due to long garbage collector pauses. (Ticket 88181)
  • We now use the network timeout in the identifier reserver for PostgreSQL and DB2 instead of the JVM-based timer. This can be disabled by setting the UseNetworkTimeout parameter to false. (Tickets 88010, 92169, 93573)
  • We introduced the JdbcLoginTimeout parameter to limit the database connection establishment time (with a default of 5 seconds). (Tickets 88010, 92169, 93573)

Known Issues

  • Users with non-administrative user roles with the permission to manage users are able to escalate their privileges. For more information on this vulnerability, see SSA-875726 Privilege Escalation Vulnerability in Mendix.
  • Downloading private content in the Marketplace available in the Desktop Modeler has been temporarily disabled due to a security risk. Please see this issue described in the Marketplace release notes for more information, details about where to find your private content, and plans for future version-specific fixes.

7.23.11

Release date: December 23, 2019

Go to Marketplace

Improvements

  • We improved the performance of export mappings that export persistable associated objects. They now retrieve batches of associated objects instead of individual associated objects. This reduces the number of calls to the database.

Known Issues

  • Users with non-administrative user roles with the permission to manage users are able to escalate their privileges. For more information on this vulnerability, see SSA-875726 Privilege Escalation Vulnerability in Mendix.
  • Downloading private content in the Marketplace available in the Desktop Modeler has been temporarily disabled due to a security risk. Please see this issue described in the Marketplace release notes for more information, details about where to find your private content, and plans for future version-specific fixes.
  • Export mappings that use XML choice or XML inheritance throw exceptions during runtime. (Ticket 93998)
  • When you use a JSON structure that defines an array of objects and also use a microflow in the mapping, then no data is imported. (Ticket 95390)

7.23.10

Release date: December 12, 2019

Go to Marketplace

Improvements

  • We upgraded the akka-actor and akka-stream libraries from 2.5.19 to 2.5.25. We also added the akka-stream-alpakka-xml library (version 1.1.1).

Fixes

  • We fixed an issue where retrieving large volumes of data from an OData endpoint threw an out-of-memory exception. (Ticket 86797)
  • We fixed an issue where importing JSON using a find-by-key action would sometimes throw a stack overflow exception. (Tickets 87422, 92033)

Known Issues

  • Users with non-administrative user roles with the permission to manage users are able to escalate their privileges. For more information on this vulnerability, see SSA-875726 Privilege Escalation Vulnerability in Mendix.
  • Downloading private content in the Marketplace available in the Desktop Modeler has been temporarily disabled due to a security risk. Please see this issue described in the Marketplace release notes for more information, details about where to find your private content, and plans for future version-specific fixes.

7.23.9

Release date: November 25, 2019

Go to Marketplace

Fixes

  • We fixed a bug that caused an inconsistency in session time zone configuration in clustered environments where no default user time zone was selected. (Ticket 69401)
  • We fixed two rare issues that occurred if you chose Discard when closing a modified document. (Ticket 90993)
  • We improved the performance of committing many (1000+) entities in a microflow. (Tickets 85461, 89267, 89279, 90357)
  • We fixed an issue where offline synchronization failed after the user’s authentication token expired. (Tickets 85208, 85976)
  • We fixed a bug where triggering a microflow after a failed login attempt worked unexpectedly. (Tickets 88971, 89196, 90471)

Known Issues

  • Users with non-administrative user roles with the permission to manage users are able to escalate their privileges. For more information on this vulnerability, see SSA-875726 Privilege Escalation Vulnerability in Mendix.
  • Downloading private content in the Marketplace available in the Desktop Modeler has been temporarily disabled due to a security risk. Please see this issue described in the Marketplace release notes for more information, details about where to find your private content, and plans for future version-specific fixes.

7.23.8

Release date: September 19, 2019

Go to Marketplace

Fixes

  • For published REST services, we changed the behavior of OPTIONS requests when CORS is enabled. In that case, OPTIONS requests no longer require authentication. (Ticket 86452)
  • We fixed an issue in the call web service action. When the web service returns an empty object, there is no longer an error. An empty value is returned instead.
  • We fixed an issue where newly created objects in offline apps did not successfully synchronize when they contained read-only attributes for a logged-in user. (Ticket 80083)
  • When running a hybrid app or web app in a mobile browser on iOS 12.2, the keyboard did not appear when clicking an input field, and you had to click multiple times to get the keyboard. This is now fixed. (Tickets 82022, 82079, 82462, 85575, 86079, 86186)
  • We fixed an issue where a non-persistable context entity was not available on a newly opened page. (Ticket 64168)
  • We fixed an issue in document export that resulted in critical errors. (Ticket 87355)
  • We fixed an issue where page templates with a data view that did not have a data source led to an exception during local deployment. (Ticket 85777)
  • We fixed an issue in the Studio Pro Marketplace where clicking Request info for a Marketplace component led to an error message.
  • We fixed an issue where Studio Pro installation failed if AdoptOpenJDK had been installed manually.
  • We fixed an issue that prevented some users from merging specific revisions from another branch. (Ticket 85619)
  • We fixed an error that sometimes occurred when changing the return type of a Java or JavaScript action.
  • We fixed an issue that prevented sessions from staying alive when using optimistic locking. (Ticket 85222)
  • We fixed a bug that created an unnecessary session when reusing an anonymous session. (Tickets 77806, 77927, 81465, 81488)
  • We fixed the slow processing of OQLs that contain a long chain of either AND or OR nodes. (Ticket 84037)
  • We fixed an issue where a variable containing NULL or empty caused an error when used in the string comparison functions of XPath expressions. (Ticket 78645)
  • We fixed an issue where the row order was mixed up when multiple sort directions were added using XPathBasicQuery.addSort.

Known Issues

  • Users with non-administrative user roles with the permission to manage users are able to escalate their privileges. For more information on this vulnerability, see SSA-875726 Privilege Escalation Vulnerability in Mendix.
  • Downloading private content in the Marketplace available in the Desktop Modeler has been temporarily disabled due to a security risk. Please see this issue described in the Marketplace release notes for more information, details about where to find your private content, and plans for future version-specific fixes.

7.23.7

Release date: July 23, 2019

Go to Marketplace

Improvements

  • We improved logging to better diagnose problems with staying signed in to the Desktop Modeler.
  • You will now be warned if you have no attribute selected while entering entity indexes.

Fixes

  • We fixed an issue where the error-checking progress bar remained stuck. (Ticket 69295)
  • We fixed an issue where you could not open a domain model when it was migrated to version 7.23.6 if the domain model contained an association of length 0px. (Ticket 85976)
  • We fixed an issue in the call web service action where the Convert to custom header button threw an error when one or more expressions were left empty. (Ticket 84513)
  • We fixed an issue in published REST services where upgrading a published REST service from version 7.10 to version 7.13 or above set Requires authentication method to No.
  • We fixed an error in the domain model editor that displayed a big red cross if associations had zero length. (Tickets 85602, 85421, 85308)
  • We fixed an issue where the wrong profile was loaded after login when previewing a non-responsive profile in the browser. (Ticket 83617)
  • We fixed an issue in the document exporter where dates defaulted to a European format instead of applying the project language settings. (Ticket 78711)
  • We improved the editing behavior of the data grid widget so that when an on-change microflow is slow, it no longer resets to the old values. (Ticket 84282)
  • We fixed an issue with setting the values of the owner and createdDate system members when a new object is created. (Ticket 83424)
  • We fixed an issue where CPU usage became too high. If critical error messages are logged, EchoAction now returns only the first ten of them. (Ticket 82162)
  • We fixed an issue where pasting a Model Share into the System module resulted in an error.

Known Issues

  • Users with non-administrative user roles with the permission to manage users are able to escalate their privileges. For more information on this vulnerability, see SSA-875726 Privilege Escalation Vulnerability in Mendix.
  • Downloading private content in the Marketplace available in the Desktop Modeler has been temporarily disabled due to a security risk. Please see this issue described in the Marketplace release notes for more information, details about where to find your private content, and plans for future version-specific fixes.

7.23.6

Release date: June 25, 2019

Go to Marketplace

Improvements

  • We fixed the visualization of self-referencing associations in the domain model editor. They are now much easier to select! As a bonus: the cardinality numbers are now displayed on the line as opposed to next to it.

  • We added the possibility to export a module package from the command line using mxutil.exe. Using the command create-module-package, you can specify the module to export. Using the option filter-required-libs, you can filter the userlibs that have an accompanying .[ModuleName].RequiredLib file. Using the option exclude-files, you can filter files using regular expressions.

  • We added support for XML-based import mapping in web service call action for the new implementation.

Fixes

  • We made it possible to have more than one thousand documents at the same level in the Desktop Modeler (but please try to avoid that situation anyway). (Ticket 82990)
  • We fixed a problem where associated objects were not sent to the server if they had been changed in sub-microflows.
  • We fixed a problem where an invalid hash error occurred after a project conversion when editing or adding entities. (Ticket 82007)
  • We fixed an issue where logging into a hybrid app using a pin login got significantly slower when many authentication tokens were issued for a specific user. (Ticket 79099)
  • HashString attributes will no longer be synced. This fixes a problem where account data could not be synchronized. (Ticket 77734)
  • We fixed an issue in published OData services where filtering based on associations threw an error when using a Postgres database. (Ticket 82216)
  • We fixed an issue in published OData services where an object without an associated object was not returned when the client filtered on a specific association.
  • We fixed an issue in XML import mappings. We no longer allow DOCTYPE declarations in the XML input, because that is potentially unsafe. Thanks to MAYASEVEN for finding this! (Ticket 83370)
  • We fixed an issue in the Desktop Modeler where using XML Schema with required recursive nodes could not be used in mappings. (Ticket 83792)
  • The Desktop Modeler no longer crashes when you are editing complex nested expressions. (Tickets 83132, 83383)

Known Issues

  • Users with non-administrative user roles with the permission to manage users are able to escalate their privileges. For more information on this vulnerability, see SSA-875726 Privilege Escalation Vulnerability in Mendix.
  • Downloading private content in the Marketplace available in the Desktop Modeler has been temporarily disabled due to a security risk. Please see this issue described in the Marketplace release notes for more information, details about where to find your private content, and plans for future version-specific fixes.
  • In some cases, while doing an error check, a progress bar starts loading and does not stop. This is a user interface problem, the error check itself is completed properly. (Ticket 69295)
  • If a domain model is drawn which contains an association of length 0px, you cannot open the domain model when it is migrated to version 7.23.6. For more information see this Mendix Community question. (Ticket 85976)

7.23.5

Release date: May 28, 2019

Go to Marketplace

Offline Improvements

  • We made offline synchronization more robust. Instead of aborting the whole synchronization in the case of a server error, we now skip any unsynchronizable objects and log an error on the runtime.
  • Errors during offline synchronization cleared changes on your device without synchronizing to ensure the app did not stay in an unsynchronizable state. Now, objects are skipped that encounter errors during synchronization. The other objects are still synchronized.

Known Issues

  • Users with non-administrative user roles with the permission to manage users are able to escalate their privileges. For more information on this vulnerability, see SSA-875726 Privilege Escalation Vulnerability in Mendix.
  • Downloading private content in the Marketplace available in the Desktop Modeler has been temporarily disabled due to a security risk. Please see this issue described in the Marketplace release notes for more information, details about where to find your private content, and plans for future version-specific fixes.
  • In some cases, while doing an error check, a progress bar starts loading and does not stop. This is a user interface problem, the error check itself is completed properly. (Ticket 69295)

7.23.4

Release date: May 9, 2019

Go to Marketplace

Improvements

  • We improved the performance of the Desktop Modeler when adding or deleting documents. The algorithm ensuring consistency now performs fewer searches through the app.
  • In published web services, SOAP fault XML messages are no longer indented. This makes the messages smaller.
  • We improved and fixed the Runtime API documentation of the Core.commit and Core.commitWithoutEvents methods. (Ticket 80711)

Fixes

  • We fixed the issue where debugging through the Desktop Modeler Console log was not possible while running an app from Eclipse, because the Console log would only show an empty window. (Ticket 81204)
  • We fixed an issue where after enabling collaborative development with the Web Modeler in the Developer Portal for an existing app, the Desktop Modeler suggested doing this again. (Ticket 81540)
  • We fixed an issue in consumed web services where the header for SOAP 1.2 was text/xml instead of application/soap+xml. (Tickets 77527, 77867, 80167)
  • We fixed an issue in published REST services where using a custom microflow for authentication resulted in an empty request body in the operation microflow. (Tickets 80147, 81114)
  • We improved the UI around creating a message definition in the Desktop Modeler. When selecting an entity while the message definition name was empty, the name was not being set to the entity name. This was working up to Mendix 7.23.1.
  • We fixed an issue in consumed web services where using a custom request body without headers using the new web services implementation no longer accepted a custom body with an envelope. (Ticket 78564)
  • When an end-user is accessing a page URL without sufficient privileges, the login page will now show this message: “You don’t have enough permissions to access this page. You may try to log in as a different user.” (Ticket 46929)
  • When an end-user is accessing a page URL without sufficient privileges, they might want an easy way to go back to the home page. If your theme does not already contain a Go home button, you must now add a button with the goHomeButton ID in your login page in your theme. This button will only be shown when the end-user is trying to access a page URL they do not have permission to access. (Tickets 46929, 68401)
  • A customized sign-in page now plays nicely with the page URL functionality. (Tickets 67469, 68401)
  • The document exporter will now use country-specific currency formatting if such a language is selected. (Ticket 80402)
  • We fixed a bug where menu items with a Create object action were not hidden, even when the end-user did not have enough privileges. (Ticket 82188)
  • Hovering over an empty row in a data grid resulted in a Javascript error in the client. We fixed this. (Ticket 79747)
  • When the widget updater was determining the link to the Mendix Marketplace, it erroneously updated the version of that widget without actually updating the widget. As a result, the widget updater showed all the widgets as “up to date,” while that was not the case. This has been fixed.
  • We fixed an out-of-memory issue on cluster followers caused by persistent session objects. (Ticket 80910)
  • We fixed an issue where the isSynced expression was not up-to-date after synchronizing. (Ticket 80709)
  • We fixed an issue where conditional visibility only worked after a retrieve action for objects with an association. (Ticket 77931)
  • We fixed an issue where the CSV export of decimal values contained spaces. (Ticket 80694)
  • When a non-anonymous end-user logged in to a hybrid offline app, the home page of the anonymous user role was opened. The end-user’s home page is now opened based on their role. (Ticket 79182)
  • We fixed an error that occurred when snippets did not have an entity set yet. (Ticket 78495)
  • We fixed an issue where login messages where not be translated. (Ticket 79325)
  • We fixed an issue in published OData services where the service feed did not have a title for the workspace, even though that is required. (Thanks to Ronald van Puijenbroek for pointing this out in the Mendix Community!)
  • We fixed an issue where the Desktop Modeler crashed when previewing images that were very narrow. (Ticket 80161)
  • We removed the Get Started page from the interface, because it is no longer actively used and under certain circumstances it caused a crash. (Ticket 81645)
  • We made it clear in the Scheduled Event editor that a month is treated as 31 days and a year as 365 days when repeating an event. (Ticket 51421)
  • We fixed a situation where data set access was out-of-date without showing an error. (Ticket 80381)
  • We fixed an issue where you could not configure a Java action call with a lot of parameters. (Ticket 55350)
  • You will not encounter errors anymore when debugging an application from Eclipse with a default runtime port. (Tickets 63971, 64886, 68651)

Deprecations

  • App services are now deprecated. If you are using app services, you need to turn them into web services before the app services are removed altogether

Known Issues

  • Users with non-administrative user roles with the permission to manage users are able to escalate their privileges. For more information on this vulnerability, see SSA-875726 Privilege Escalation Vulnerability in Mendix.
  • Downloading private content in the Marketplace available in the Desktop Modeler has been temporarily disabled due to a security risk. Please see this issue described in the Marketplace release notes for more information, details about where to find your private content, and plans for future version-specific fixes.
  • In some cases, while doing an error check, a progress bar starts loading and does not stop. This is a user interface problem, the error check itself is completed properly. (Ticket 69295)

7.23.3

Release date: March 26, 2019

Go to Marketplace

New Features

  • We added collaborative development process – a new way of sharing model changes. It allows team members to work together in the Desktop Modeler and the Web Modeler without using Sync with Web Modeler. When the Desktop Modeler user presses Update or Commit, the Web Modeler changes are committed and merged automatically. For more information on the new process, see Collaborative Development.

  • We added support for SAP HANA database as a relational database back end on SAP Cloud Platform.

  • We added support for AdoptOpenJDK. If you install the Desktop Modeler and you do not have Oracle’s JDK or AdoptOpenJDK installed, the installer will install AdoptOpenJDK.

Fixes

  • We fixed an issue in the call web service action where selecting Simple expressions for each request parameter resulted in a (content) element in the request body. (Ticket 77690)

  • We fixed an issue in the call web service action where in case the server returned an error, not all memory was freed. The error message in this scenario was “WARNING - Jetty: (1/9) java.io.IOException: Too many open files.” (Tickets 77649, 81835, 82129, 82198)

  • We fixed an issue in export mappings based on message definitions where setting the Send empty values to Yes, as null and exporting an empty association would result in an internal JSON exception. (Ticket 77204)

  • We fixed an issue where published REST services were always be reported as unused. Now they are unused when they have no resources.

  • Upgraded jackson-databind.jar and jackson-core.jar to version 2.9.8.

  • Template grids configured with automatic refresh now show the latest attribute values correctly. (Tickets 70087, 76401)

  • We fixed an issue in custom widgets where object subscriptions were triggered not for objects retrieved through XPath without a schema. (Ticket 79199)

  • We fixed an issue where loading data in a Text widget over association failed in Internet Explorer 11. (Tickets 80240, 80947, 81000, 81219, 81449)

  • When an object over association was fetched in a data view or an Image widget while the starting object was not available, this caused an exception. We fixed this issue. (Ticket 79182)

  • We fixed an issue where the roles of a page used in a menu widget were changed, and the page containing the menu widget was not updated during fast redeploy.

  • Excluded documents can be exported and imported now. (Ticket 79631)

  • We applied changes in access rules with XPath constraints to committed persistable entities at the end of a microflow. (Tickets 56500, 64294, 65312, 76585)

  • We added support for the X-Forwarded-Proto HTTP header to determine whether cookies should be sent using a secure protocol or not. (Ticket 80168).

  • Children of system-managed associations owner and changedBy can be now retrieved by path. (Ticket 80079).

Known Issues

  • Users with non-administrative user roles with the permission to manage users are able to escalate their privileges. For more information on this vulnerability, see SSA-875726 Privilege Escalation Vulnerability in Mendix.
  • Downloading private content in the Marketplace available in the Desktop Modeler has been temporarily disabled due to a security risk. Please see this issue described in the Marketplace release notes for more information, details about where to find your private content, and plans for future version-specific fixes.
  • In some cases, while doing an error check, a progress bar starts loading and does not stop. This is a user interface problem, the error check itself is completed properly. (Ticket 69295)
  • After enabling the new collaboration mode in the Developer Portal for an existing project, the Desktop Modeler may suggest doing this again. You may safely ignore this pop-up window. (Ticket 81540)
  • Debugging through the Mendix Console Log is not possible while running a Mendix project from Eclipse. (Ticket 81204)

7.23.2

Release date: March 7, 2019

Go to Marketplace

Fixes

  • We fixed an issue in published OData services that occurs where a client requests a single associated object that is not there, the result is now 204 No Content instead of 200 OK.
  • We fixed an issue in published REST services where using multiple path parameters but having them in a different order in the list resulted in the wrong values. A consistency error is now shown for this situation. (Ticket 78323)
  • We fixed an issue where closing and opening a page intertwined and lead to unexpected behavior. (Ticket 67688)
  • When the isNew function was used with an empty object it threw an error. We fixed that and return false now in such a case. (Ticket 78555)
  • We fixed an issue where offline app synchronization failed when synchronized file entities had security constraints. (Ticket 76082)
  • We fixed an issue where the previous page was briefly shown when closing a form and opening a new form with a nanoflow. (Tickets 76083, 78605, 79392)
  • We fixed an issue where custom widgets that subscribe using the this.subscribe function and unsubscribe using mx.data.unsubscribe got an error when calling mx.data.unsubscribe. (Tickets 79881, 80075, 80078, 80174)
  • We fixed an issue where a data grid tooltip was displayed with missing data. (Ticket 78301)
  • We check whether your project needs to be updated from the Team Server before you see the Commit Message dialog box. (Ticket 79316)
  • When passing the command-line parameter --enable-chrome-dev-tools, the Chrome developer tools in the Sign-in dialog box will be opened. This is done for diagnostic purposes. Also, we added a lot of logging for the sign-in process so that we can find out why people are having trouble signing in to the Modeler. (Ticket 78510, 79012, 78899)
  • We fixed an issue where the list of ignored files keeps growing with every branch that you create. In extreme cases this could even lead to the modeler crashing while merging. To prevent crashes in projects that already have large ignore lists, the feature that automatically resolves conflicts on ignore lists has been disabled. From now on, conflicts on ignore lists will be rare, because we change the ignore list less often. If you still encounter conflicts on the svn:ignore property, they have to be resolved by using TortoiseSVN. (Ticket 78557)
  • We automatically ignore the folder node_modules to avoid committing thousands of files accidentally.
  • We fixed an issue where creating multiple sessions was allowed for a single user when multiple sessions were not allowed in the Modeler. (Tickets 78405, 79370, 79520)
  • We fixed a bug where the Desktop Modeler crashed when a debugger session was disconnected. (Ticket 76990)

Known Issues

  • Users with non-administrative user roles with the permission to manage users are able to escalate their privileges. For more information on this vulnerability, see SSA-875726 Privilege Escalation Vulnerability in Mendix.
  • Downloading private content in the Marketplace available in the Desktop Modeler has been temporarily disabled due to a security risk. Please see this issue described in the Marketplace release notes for more information, details about where to find your private content, and plans for future version-specific fixes.
  • In some cases, while doing an error check, a progress bar starts loading and does not stop. This is a user interface problem, the error check itself is completed properly. (Ticket 69295)
  • Debugging through the Mendix Console Log is not possible while running a Mendix project from Eclipse. (Ticket 81204)

7.23.1

Release date: February 20, 2019

Go to Marketplace

Fixes

  • We fixed a performance issue with projects that contain many excluded documents. (Tickets 78588, 79840, 79891, 79894, 79895, 79906)

Known Issues

  • Users with non-administrative user roles with the permission to manage users are able to escalate their privileges. For more information on this vulnerability, see SSA-875726 Privilege Escalation Vulnerability in Mendix.
  • Downloading private content in the Marketplace available in the Desktop Modeler has been temporarily disabled due to a security risk. Please see this issue described in the Marketplace release notes for more information, details about where to find your private content, and plans for future version-specific fixes.
  • In some cases, while doing an error check, a progress bar starts loading and does not stop. This is a user interface problem, the error check itself is completed properly. (Ticket 69295)
  • Debugging through the Mendix Console Log is not possible while running a Mendix project from Eclipse. (Ticket 81204)
  • Custom widgets that subscribe using the this.subscribe function and unsubscribe using mx.data.unsubscribe get an error when calling mx.data.unsubscribe. (Tickets 79881, 80075, 80078, 80174)

7.23.0

Release date: February 12, 2019

Go to Marketplace

New Features

Improvements

  • We shaved two seconds off the startup time of the Desktop Modeler and MxBuild. You get two seconds, and you get two seconds, everybody gets two seconds!

  • The caption of a data grid column is now automatically set to an attribute name (when you are selecting an attribute), unless you do explicitly set the caption.

  • No need to wonder what Marketplace widgets you are using in your project and to find a way to check if you have the latest version anymore! In Project > Tools we added the Update Widgets setting which gives you an overview of the widgets you are using, what their current version is in your project, and what the latest version is. Moreover, you can now select several widgets and update them by simultaneously clicking Update.

  • It is now possible to set the render mode of a container widget as one of the HTML5 section tags (for example, main, section, header, footer).

  • We improved the accessibility of pop-up windows and pages in pop-up layouts.

  • Syncing files for offline apps is much faster now! We only synchronize changed files, which saves a lot of network traffic and time. In addition, resiliency to network failures during file download has been improved: the offline database is not updated with changes from the server until all network operations are completed.

  • The List operation activity is now supported in nanoflows.

  • We improved the build time of your project. This was possible by replacing Bnd for packaging the Java part of the project.

  • We fixed the issue with the Get Started pane which was not display anything when a user was not signed in.

  • We fixed an issue where some technical details (the Mics panel) were displayed in Java actions properties.

  • When reverting a renamed Java action, dataset, or consumed app service, the associated files are also renamed. When reverting a renamed module, files in this module are moved.

  • We support the custom setting DatabaseJdbcUrl for PostgreSQL databases too (this setting was already supported for the other database types).

  • We fixed an issue where a database failover could lead to a Jetty ThreadPool exhaustion, preventing requests from being handled and causing the system to report a “low on resources” warning.

  • We improved performance when importing content in which an attribute value is at the end of the payload.

Fixes

  • We added a missing consistency check for the Aggregate list action, so your aggregate action will not fail in runtime if you are using an attribute that does not belong to the selected entity. (Ticket 77198)
    • Conversion fix: For a selected attribute on the Aggregate list action that cannot be found as a part of the entity of the input variable, we now change it to an attribute with the same name if it exists on the entity. This conversion ensures that users will not get consistency errors.
  • We fixed an issue where it was not possible to commit after merging in a branch. (Tickets 78468, 78322, 79166, 78542, 76785, 77955, 77245)
  • It is now possible to use Override and Deprecated as entity names without running into Java compilation problems. (Ticket 53711)
  • We now refresh input forms in the Modeler after using the Show button so that information gets updated. (Ticket 39000)
  • We fixed an issue where double-clicking did not work in the domain model editor if you programmed your mouse to double-click for you. (This one is for you, Marcel!)
  • We fixed an issue where a deprecation warning appeared in the log if you used a report grid or a report chart. (Ticket 68270, 70168)
  • For a better user experience, mobile devices will now use the native date/time picker even if a custom format has been configured. (Ticket 67091)
  • We fixed an issue where if the first tab of a tab container was initially hidden with conditional visibility, the next visible tab was not activated correctly. (Ticket 66929)
  • Previously, a data grid search field for an attribute of enumeration type showed an additional empty option in the drop-down menu, which was confusing and led to zero results in the search. We fixed this by replacing it with an option that allows you to search specifically for rows where the attribute is empty. (Ticket 66129)
  • We fixed an issue where copying the contents of an editable grid cell with Ctrl + C caused the text “C” to appear in the cell. (Ticket 77075)
  • We fixed an issue where a list view listening to another widget within the same data view did not always refresh correctly when that data view was refreshed. (Ticket 77305)
  • We fixed an issue where signing out did not work correctly after following an anchor link. (Ticket 76708)
  • We improved the performance of pages that contain a lot of text or button widgets. (Ticket 76125, 76341)
  • We fixed an issue where an object with a required validation received a validation error from an on-change microflow. As a result, the changed value was cleared, and the object with the previous (correct) value was saved, instead of being blocked with a validation message due to the required validation. (Ticket 62739)
  • We fixed an issue where clicking a microflow button twice was possible even if Disabled during action was set. (Ticket 76020)
  • We fixed an issue where returning a string value from a nanoflow failed. (Ticket 69895)
  • We fixed an issue where the Retrieve action over an association in a nanoflow returned empty for a list variable. (Ticket 76491)
  • We fixed an issue where closing the current page and opening a new one from a microflow resulted in opening the previous page. (Tickets 66534, 76966, 79169)
  • We now show a consistency error when a Show page action has specializations configured and the default page does not accept a context parameter. (Ticket 70079)
  • We fixed an issue where non-persistable objects were attempted to be synchronized for offline apps. They are filtered out now. In addition, support for committing non-persistable objects in offline apps has been added. (Ticket 65805)
  • We fixed an issue in import mappings where is was not possible to pass the mapping argument to the microflow selected in the Call a Microflow method.
  • We fixed an issue in export mappings where mapping different specializations of an entity resulted in an error. (Ticket 76307)
  • We fixed an issue in XML import mappings where the mapping failed because find by key was used for a key that was the content of an XML node. (Ticket 76438)
  • We fixed an issue in the message definition editor where filtering expanded the tree so far that the Modeler could become unresponsive. (Ticket 77195)
  • We fixed an issue in the message definition editor where after changing the association, the Refresh button did not fix the consistency error. (Ticket 77187)
  • We fixed an issue where the debugger shortcut keys (for example, Alt+F6) were not working. (Ticket 78125)
  • We fixed an issue where the Mendix Console Log application was crashing while showing a dialog box.
  • We fixed an issue where re-ordering sub-widgets (for example, data grid columns) was more difficult than intended. (Ticket 77423)
  • We fixed an issue where an object which was initially auto-committed and then explicitly committed in a before-commit action was still treated as auto-committed one. (Ticket 78384)
  • We fixed an issue where the locales of Saudi Arabia, Qatar, Yemen, and Myanmar used non-western digits. (Ticket 77676)
  • We fixed an issue where the Extract as sub-microflow functionality for loops with objects inside resulted in duplicated parameters and consistency errors. (Ticket 77673)
  • We fixed a unique constraint violation because of duplicate keys, because of incorrect client/server communication about objects when microflows are running in the background. (Ticket 78210, 78407, 78478, 78588, 78688, 79489)
  • We fixed an issue reported through the Mendix Community where the Modeler window was not visible when used in multiple screen setups.

Deprecation Warnings

  • com.mendix.core.ICore is deprecated in the Java public API and will be removed in Mendix 8.

Known Issues

  • Users with non-administrative user roles with the permission to manage users are able to escalate their privileges. For more information on this vulnerability, see SSA-875726 Privilege Escalation Vulnerability in Mendix.
  • Downloading private content in the Marketplace available in the Desktop Modeler has been temporarily disabled due to a security risk. Please see this issue described in the Marketplace release notes for more information, details about where to find your private content, and plans for future version-specific fixes.
  • In some cases, while doing an error check, a progress bar starts loading and does not stop. This is a user interface problem, the error check itself is completed properly. (Ticket 69295)
  • Debugging through the Mendix Console Log is not possible while running a Mendix project from Eclipse. (Ticket 81204)
  • Custom widgets that subscribe using the this.subscribe function and unsubscribe using mx.data.unsubscribe get an error when calling mx.data.unsubscribe. (Tickets 79881, 80075, 80078, 80174)
  • When opening a large app with this version of the Desktop Modeler, the loading of the app can take multiple seconds, and in some cases, the Modeler may become unresponsive. This is due to a performance issue in the Project Explorer relating to excluded items. We will be releasing a patch with a fix for that shortly. (Tickets 78588, 79840, 79891, 79894, 79895, 79906)