8.11
Last modified: September 18, 2023
8.11.1
Release date: July 23, 2020
Fixes
- We fixed an issue regarding the
SameSite
cookie policy. Now ifaddCookie
is called onIMxRuntimeResponse
theSameSite
attribute is only set if the cookie is created with the attributeSecure
. - Besides any cookies coming from the Runtime, the client manages two particular cookies:
originURI
and a test cookie that is used to reliably determine whether cookies are enabled in the browser. In line with the stricter default value for theSameSite
cookie attribute (as enforced by the latest versions of Google Chrome and upcoming versions of Mozilla Firefox), we now set theSameSite
attribute toNone
and theSecure
attribute totrue
, in case the app is being served over https. For apps served over http, there are no changes.
Known Issues
- Users with non-administrative user roles with the permission to manage users are able to escalate their privileges. For more information on this vulnerability, see SSA-875726 Privilege Escalation Vulnerability in Mendix.
- Fixed in 8.12.5.
8.11.0
Release date: July 7, 2020
For more information on this release, see the Mendix 8.11 – Welcome Aboard blog post.
Improvements
- We now support the
SameSite
property in HTTP cookies. It is set toNone
by default, but this can be changed in the custom settings. - The XPath
contains
,starts-with
, andends-with
string functions are now case-insensitive in SAP HANA. - We upgraded the following JDBC drivers:
- HSQLDB to version 2.5.0
- PostgreSQL to version 42.2.14
- Microsoft SQL Server to version 8.2.2
- Oracle to version 19.6
- MariaDB to version 2.6.0
- Helpful information is now shown when a query timeout occurs during a cluster leader action.
- We improved the look and feel as well as the styleability of reference selector and drop-down widgets for native mobile pages. To access the new versions, either set
useUniformDesign: true
or upgrade Atlas UI to the latest version. - When you select a page for the Show page activities in microflows/nanoflows, the context object will now be automatically filled in if there is only one candidate available.
- Published OData services now allow clients to retrieve associated data using
$expand
. - We added the Highlight shown errors and warnings in the editor setting in the Preferences dialog box to enable or disable the highlighting of errors/warnings in the editor.
- You can now use a listening data view inside a pluggable widget.
- The Export documentation to file option now includes enumerations with a name and caption (in the default language) for each value.
Fixes
- We fixed a rare issue where Studio Pro crashed when validating XPath constraints. (Ticket 100658)
- We fixed a bug that prevented users from changing their own passwords. (Tickets 98303, 98732, 99392)
- We fixed an issue where it was no longer possible to copy-paste tab pages.
- We fixed a bug where users saw the mouse pointer on clickable containers, although those same users could not access the configured action. (Ticket 100744)
- We fixed an issue in the Call REST service and Call web service activities where setting Timeout to empty gave an error pop-up window and it should have given a consistency error.
- We fixed an issue where a data view with a conditional visibility expression that made it initially invisible prevented the entire page from loading. (Ticket 102053)
- If the Errors pane was too small to display any errors, using the Go to Error List menu item on an element resulted in an error. This is now fixed.
- Error/warning highlights in the microflow editor are now drawn at the correct scale when using a DPI setting other than 100%.
- When you had a page with a lot of widgets and were moving to another page or the page was rebuilt because the data sources were returning different objects, this resulted in an error in the client. We fixed this and improved performance along the way. (Ticket 98603)
- Pluggable widgets were sometimes showing an Unknown widget error in the client. This should no longer be the case.
- If a custom widget could not be loaded, opening its properties dialog resulted in an error. This is now fixed.
- We fixed a bug where synchronizing more than 999 objects with the Synchronize to device activity caused an error in an offline-first application.
- We solved an issue where native apps became unresponsive after performing multiple navigation actions in one nanoflow. (Tickets 93927, 94302, 100808, 102203)
- We fixed an issue with the
parseInteger
andparseDateTime
functions. The default values are now allowed to be empty again. (Ticket 102398)
Deprecations
- The constructor of
RequestHandler
that accepts anObject component
as a parameter has been deprecated in the Runtime API. Use theno-arg
constructor instead.
Known Issues
- Users with non-administrative user roles with the permission to manage users are able to escalate their privileges. For more information on this vulnerability, see SSA-875726 Privilege Escalation Vulnerability in Mendix.
- Fixed in 8.12.5.
- Cookies set by the client do not fully comply with the new requirements with regards to the
SameSite
attribute, which are being rolled out by Google Chrome (for more information on SameSite cookies, see SameSite cookies explained). Some users may experience problems opening their application when running locally and when using Chrome. (Ticket 104100)- Fixed in 8.11.1.
Feedback
Was this page helpful?
Glad to hear it! Thank you for your response.
Sorry to hear that. Please tell us how we can improve.