8.13
Last modified: January 2, 2024
8.13.2
Release date: October 9, 2020
Fixes
- We fixed a bug where the Checking for errors message in the status bar did not complete. (Ticket 108549)
Known Issues
- Users with non-administrative user roles with the permission to manage users are able to escalate their privileges. For more information on this vulnerability, see SSA-875726 Privilege Escalation Vulnerability in Mendix.
- Fixed in 8.17.0.
- An “Oops” pop-up window appears when attempting to commit after renaming or deleting a module. (Tickets 69006, 107979)
- Fixed in 8.14.0.
8.13.1
Release date: September 11, 2020
Fixes
- We reverted a change to the way SVG images are rendered by the Image and Image Viewer widgets. They will be rendered as a
<img src="base64 svg" />
as in previous Mendix versions.
Known Issues
- Users with non-administrative user roles with the permission to manage users are able to escalate their privileges. For more information on this vulnerability, see SSA-875726 Privilege Escalation Vulnerability in Mendix.
- Fixed in 8.17.0.
- An “Oops” pop-up window appears when attempting to commit after renaming or deleting a module. (Tickets 69006, 107979)
- Fixed in 8.14.0.
8.13.0
Release date: August 25, 2020
We have decided to retract version 8.13.0 due to a security vulnerability related to the SVG image upload functionality. Only applications with SVG image upload functionality are impacted by this. If you have the SVG image upload functionality in your app, you can mitigate this vulnerability by excluding the .svg upload, as described in the Allowed Extensions section of Image Uploader. This is fixed in 8.13.1, and we strongly advise all customers running version 8.13.0 to upgrade to version 8.13.1.
Improvements
- We made some performance improvements to bulk record updates by taking advantage of the JDBC Batch API.
- We added support for registering custom web socket endpoints.
- The Yes (default) option of the Editable setting for widgets inside a snippet has been renamed to Inherited from snippet call to clarify the resulting behavior.
- We have added the ability for the data grid, reference set selector, and template grid widgets to handle paging without a total count of data. There is a new configuration setting for Show paging bar called Yes (without total count). This has a runtime performance benefit, as a count query operation is mitigated.
- Offline-first applications will now retry the synchronization on startup in case it failed the previous time.
- We added an option to enrich the Caption of a tab page with a badge.
- We now render SVG images as actual SVG elements within the Image and Image Viewer widgets for web in order to give you the option to color the SVG. Because the DOM structure is slightly different now for SVG images, styling may be affected. The old situation was
<img src="base64 svg" />
, and the new situation is<div><svg /></div>
(where thediv
has a relative position).
Fixes
- We fixed an issue that resulted in a
NullPointerException
during synchronization when renaming an entity that had a unique attribute mapped to a field with a non-default name in the database. (Ticket 102055) - When logging a JDBC URL, we now replace any password with asterisks. (Ticket 102530)
- We updated third-party components to newer versions that do not pose risks to Mendix apps. (Ticket 104872)
- We fixed an issue that occurred when importing a web service and the web service imported a schema file that included another schema file. (Ticket 101521)
- We fixed an issue where only part of the names were visible in the File > New Document dialog box.
- We fixed the problem where renaming a file with a different casing caused data loss when trying to commit multiple times. (Ticket 102247)
Deprecations
- Starting with Mendix 8.15, we will drop support for the following database versions that are no longer supported by the vendors:
- MariaDB 5.5
Known Issues
- Users with non-administrative user roles with the permission to manage users are able to escalate their privileges. For more information on this vulnerability, see SSA-875726 Privilege Escalation Vulnerability in Mendix.
- Fixed in 8.17.0.
- An “Oops” pop-up window appears when attempting to commit after renaming or deleting a module. (Tickets 69006, 107979)
- Fixed in 8.14.0.
Feedback
Was this page helpful?
Glad to hear it! Thank you for your response.
Sorry to hear that. Please tell us how we can improve.