Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-42117: Release Notes - TopEase Documentation

Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 allows an authenticated remote attacker with Object Modification privileges to insert arbitrary HTML without code execution.

CVE
#sql#xss#csrf#vulnerability#web#ios#apple#apache#js#java#perl#xpath#ldap#pdf#log4j#auth#dell#chrome#firefox#ssl

TopEase 7.1

Release 7.1.34 (2022-06-09)

Release Notes - TopEase - Version 7.1.34 ** Maintenance * [TOPEASE-6066] - Update JXBrowser to 7.24+ to fix move-cursor issue in designer

** Bug * [TOPEASE-5142] - Lines after Gateways often overlap in sequence diagrams * [TOPEASE-5903] - LicenseService is broken when server is only reachable through a http proxy or if port 80 is blocked * [TOPEASE-5936] - JSP Reports fail when using option ‘Individual Reports’ * [TOPEASE-6125] - Unable to change diagrams in TopEase Designer 7.1.33 * [TOPEASE-6127] - Workflow Rules: OnCreationChangeStatusRule creates all accountable entries as deputy * [TOPEASE-6130] - Wrong lane used sometimes after adding new activity in swimlane * [TOPEASE-6133] - Unneeded bend after gateway in swimlane diagrams * [TOPEASE-6143] - Error during XPath execution when date-expression delivers an empty node-set * [TOPEASE-6150] - Exception when aggregating certain BIAs * [TOPEASE-6154] - Designer editor for text PVs overwrites text when editing (insert mode)

** New Feature * [TOPEASE-6117] - WorkflowRules: allow to set Priority and Condition in ChangeAccessRule * [TOPEASE-6136] - WorkflowRules: copy assessment answers from previous assessment * [TOPEASE-6160] - WorkflowRules: support sending of workflow emails in CopyBehaviourRule

** Improvement * [TOPEASE-6012] - BCM-Values inheritance plugin needs enhancement for value flow on detail Activity level * [TOPEASE-6021] - WorkflowRules: Improve MoveObject executable for ExecuteOnChangeRule * [TOPEASE-6128] - WorkflowRules: support parameter copySubobjects in OnCreationRule * [TOPEASE-6165] - Ability to access timeseries in Key Figures (Facts and Figures) using XPath * [TOPEASE-6144] - Value flows between sub activities of the same Main-Activity are not relevant in a BIA

Release 7.1.33 (2022-03-25)

Release Notes - TopEase - Version 7.1.33 ** Bug * [TOPEASE-6041] - SequenceDiagram: container shapes are not rendered expanded * [TOPEASE-6045] - Moving a shape in a diagram requires extra mouse-movement between shape selection and possible drag operation

** New Feature * [TOPEASE-6067] - Filter Assessment Questionnaires according to domain query (XPath) filter

** Improvement * [TOPEASE-6023] - Show object name in diagram tooltip * [TOPEASE-6040] - Reporting Interface should have indexed associations * [TOPEASE-6035] - Properly save link-points of newly created edges to related objects * [TOPEASE-6050] - Restrict drop of RelatedObjects to the “RelatedObjects” Lane

Release 7.1.32 (2022-02-25)

Release Notes - TopEase - Version 7.1.32 ** Bug * [TOPEASE-6019] - constraint fix should run privileged * [TOPEASE-6031] - Ctrl-S in diagram does not work sometimes * [TOPEASE-6033] - Unable to fix missing VC flow-peer in diagram editor

** New Feature * [TOPEASE-5657] - BIA calculation of asymmetrically modeled process landscapes * [TOPEASE-5945] - Ability to edit “related objects” inside the diagram * [TOPEASE-5978] - support workflow state as a permission axis * [TOPEASE-5979] - support configurable permission priority

** Improvement * [TOPEASE-6004] - CopyBehaviourRule: support 3D relations in parameter ‘removeRelations’ * [TOPEASE-6024] - Enum’s Name is not available in XPath * [TOPEASE-6018] - Add prio and condition to Permission Matrix report * [TOPEASE-6028] - Node- and Relation-Labels for the palette should be configurable

Release 7.1.31 (2022-01-28)

Release Notes - TopEase - Version 7.1.31 ** Bug * [TOPEASE-5728] - W3 vulnerability ‘Authentication bypass with UID’ (CVE-2021-42115, CVE-2021-42545) * [TOPEASE-5735] - W3 vulnerability 'Invalid Datatype (numeric values) to Non-Editable Fields (Denial of Service)' (CVE-2021-42122) * [TOPEASE-5919] - Exception when changing PV-date within different timezones * [TOPEASE-5944] - Exception during RepositorySynchronizer.receive() due to previous problem and attempt to reconnect inside web-context * [TOPEASE-5959] - Search in designer might fail due to readlock not immediately available * [TOPEASE-5960] - Omit excessive logging of PV “” being processed by PV formatter

** New Feature * [TOPEASE-5825] - TSM: add ability to profile XChange server using the Flight-Recorder API

** Improvement * [TOPEASE-5961] - Prevent TopEase Server start to be interrupted due to a timeout * [TOPEASE-5973] - Default Tomcat access log format does not show request duration

Release 7.1.30 (2021-12-14)

Release Notes - TopEase - Version 7.1.30 ** Maintenance * [TOPEASE-5645] - Update JDOM 1.x to 2.x, then update to fixed 2.x (owasp) * [TOPEASE-5912] - log4j update required due to CVE-2021-44228

** New Feature * [TOPEASE-5901] - Allow escaping of HTML tags during XML import

** Improvement * [TOPEASE-2845] - BPMN Text Annotations should be able to attach to a SequenceObject * [TOPEASE-5907] - Unpleasant rendering of Events and Event Labels in BPMN diagrams * [TOPEASE-5911] - Renew Code Signing Certificate 2021 * [TOPEASE-5915] - Autohistory Rule: Improve history log entries for assessments

Release 7.1.29 (2021-12-02)

Release Notes - TopEase - Version 7.1.29 ** Maintenance * [TOPEASE-5823] - Update Java Runtime to recent version 1.8.0u312 NOTE: Due to the changed JRE, we do not provide a separate update-installer for this release.

** Bug * [TOPEASE-5849] - XMLImport uses wrong ChangeType * [TOPEASE-5873] - PredefinedValue Filter in ReportWizzard throws Exception * [TOPEASE-5877] - Cannot delete object having diagram layout information on some read-only diagram * [TOPEASE-5894] - GcAssessment properties are always provided in default language

** New Feature * [TOPEASE-5744] - Execution of server tasks in w3

** Improvement * [TOPEASE-5883] - Risk-Map calculation should be able to calculate with %-values

Release 7.1.28 (2021-10-28)

Release Notes - TopEase - Version 7.1.28 ** Bug * [TOPEASE-5651] - Adding new nodes into an expanded subprocess is visually possible, but fails when storing * [TOPEASE-5653] - Unable to save layout of sequence flow diagram with swimlanes in certain cases * [TOPEASE-5660] - W3 F&F: total value calculation fails if individual value has only a unit * [TOPEASE-5728] - W3 Security issues CVE-2021-42115, CVE-2021-42545 * [TOPEASE-5729] - W3 Security issue CVE-2021-42116 * [TOPEASE-5730] - W3 Security issue CVE-2021-42117 * [TOPEASE-5731] - W3 Security issue CVE-2021-42118 * [TOPEASE-5732] - W3 Security issue CVE-2021-42119 * [TOPEASE-5733] - W3 Security issue CVE-2021-42120 * [TOPEASE-5734] - W3 Security issue CVE-2021-42121 * [TOPEASE-5735] - W3 Security issue CVE-2021-42122 * [TOPEASE-5747] - W3 Security issue ID-011 Insufficient Session Timeout

** New Feature * [TOPEASE-5282] - TSM: Add ability to change log-levels at runtime * [TOPEASE-5738] - Provide ability to query the label of a schema object type incl. “subtypes” * [TOPEASE-5803] - Ability to see actual zoom level in diagrams

** Improvement * [TOPEASE-5656] - Ability to move objects from/to Subprocesses in BPMN Diagrams * [TOPEASE-5796] - Ask before rejecting changes when user presses “X” button * [TOPEASE-5801] - Enable the Diagram overview by default in edit mode * [TOPEASE-5696] - Enable having Risks with mixed RiskDefinitions on the same RiskMatrix * [TOPEASE-5746] - W3 Security issue CVE-2021-42123 * [TOPEASE-5750] - W3 Security issue ID-014 Visible Detailed Error/Debug Page

Release 7.1.27 (2021-07-01)

Release Notes - TopEase - Version 7.1.27 ** Bug * [TOPEASE-5508] - ArchitectureDiagram does not show transitive relations * [TOPEASE-5621] - JXBrowser timeout while loading diagram in Designer * [TOPEASE-5625] - Diagramming: Rendering of sequence flow diagram with expanded activities does not work correctly with default swimlane * [TOPEASE-5643] - SequenceFlow Diagram: sub-processes might be unintentionally deleted when using the property ‘expanded’ within a swimlane diagram

** New Feature * [TOPEASE-5489] - Conditional Format for F&F field values * [TOPEASE-5526] - Plugin to support inheritance of BCM values between Processes

** Improvement * [TOPEASE-5503] - Always ask for http(s) ports during installation * [TOPEASE-5515] - CopyWizard: Add Value-flows from/to Event and Gateway to process-scenario * [TOPEASE-5516] - CopyWizard: copy References along with Processes * [TOPEASE-5581] - Allow manual output messages in AntRunner log from XSLT * [TOPEASE-5646] - Assessment App: add state in folder overview table and chart

Release 7.1.26 (2021-03-02)

Release Notes - TopEase - Version 7.1.26 ** Bug * [TOPEASE-5456] - Repeated error message dialogs when editing in context diagram options of the designer * [TOPEASE-5480] - BIA: NPE while aggregating evaluation resources after customer converted suppliers (Resource) to ExternalAgents ** New Feature * [TOPEASE-5439] - Specifying a shape-template for a container-node in a context diagram does not work * [TOPEASE-5442] - Diagram tile with navigation functionality * [TOPEASE-5454] - Change font style within shape-editor ** Improvement * [TOPEASE-5455] - Use graph-navigation component also in bdna-diagrams-panel, changes navigation behavior

Release 7.1.25 (2021-01-29)

Release Notes - TopEase - Version 7.1.25 ** Bug * [TOPEASE-5367] - Unable to view relation overview in Designer on Activities when supported-by relation is used * [TOPEASE-5369] - Problem while editing Risk Definition Settings * [TOPEASE-5392] - Some of the model settings are missing a default identifier * [TOPEASE-5395] - Designer Settings UI allows for hierarchically nested Risk-Definition settings, but this is not intended * [TOPEASE-5420] - Diagram with other relations - don’t show nil objects * [TOPEASE-5426] - Copy from model with valid fingerprint can block the access to the model ** New Feature * [TOPEASE-5222] - Add Risk-Indicator to Model-Diagrams in pseudo-3d * [TOPEASE-5399] - Use ExternalAgent supports relations in BIA Supplier Evaluation * [TOPEASE-5433] - Mail / NotificationRules change rendering of xpathProperties if it is a list of objects involved ** Improvement * [TOPEASE-5339] - In solutions show only diagram templates in diagram create dialog * [TOPEASE-5365] - TopEase Installer should ask before overwriting “TopEase XChange.conf” file in ProgramData * [TOPEASE-5381] - Order of diagram-templates when creating a new diagram * [TOPEASE-5396] - Stop excessive logging in case an Assessment-Indicator does not have a formula defined * [TOPEASE-5397] - Configure the membership of users to business roles only in TopEase model * [TOPEASE-5416] - Object converter from some object type to ‘Folder’ converts only the root object

Release 7.1.24 (2020-12-10)

** Maintenance * [TOPEASE-5341] - Security updates for dependend libraries * [TOPEASE-5343] - Security update for AntRunner Plugin ** Bug * [TOPEASE-5285] - W3: Number property cannot be deleted * [TOPEASE-5291] - Regression: Missing server configuration file may cause excessive logging * [TOPEASE-5307] - Diagram Editor may hang forever in javascript code execution * [TOPEASE-5309] - Synchronize error due to concurrent checkin * [TOPEASE-5313] - Gantt Diagram: Access deny on some task details prevents the displaying of all tasks * [TOPEASE-5338] - Workflow view can not be rendered due to missing permissions * [TOPEASE-5351] - Missing implicit access permissions for some Settings objects ** New Feature * [TOPEASE-5322] - Metamodel enhancements for BCM-App ** Improvement * [TOPEASE-5325] - Improve quality of detailed diagrams in pdf reports * [TOPEASE-5339] - Show only diagram templates in diagram create dialog * [TOPEASE-5350] - WorkflowRules: support update permissions in CopyBehaviourRule

Release 7.1.23 (2020-10-21)

** Bug * [TOPEASE-5150] - NPE during merge in designer * [TOPEASE-5179] - Predefined Values might not get cleaned up if not used anymore * [TOPEASE-5181] - Multiple predefined values can be created with the same name * [TOPEASE-5189] - W3: Predefined Values are not visible when their Settings-Container does not have an Identifier * [TOPEASE-5206] - W3: Diagram-Palette object names in wrong language * [TOPEASE-5213] - Diagramm push Template options issue * [TOPEASE-5224] - W3: F&F timeseries (discontinued) might show up like continued * [TOPEASE-5209] - More parts of Diagrams in wrong language ** New Feature * [TOPEASE-5242] - Schema Extension for W3 BIA * [TOPEASE-5215] - Support diagram rotation and elevation ** Improvement * [TOPEASE-5219] - Ability to set a date property during Import Soft Cleanup * [TOPEASE-5241] - IdentifierSetClear Plugin improvement * [TOPEASE-5250] - Add ability to use Predefined Values of type Date inside XPath expressions * [TOPEASE-5249] - Update spring from 5.2.6 to 5.2.9 to fix security issue

Release 7.1.22 (2020-08-25)

** Bug * [TOPEASE-5151] - Regression: Designer’s Diagram Tab is unable to load shape-icons in built’ version * [TOPEASE-5168] - MailServiceImpl continues to send already sent mails * [TOPEASE-5170] - MailQueueThread does not end when deactivated * [TOPEASE-5177] - Update-Installer removes too many files

Release 7.1.21 (2020-08-17)

** Bug * [TOPEASE-3878] - TopEase might be vulnerable against XXE attacks * [TOPEASE-4820] - Designer: load diagram on creation * [TOPEASE-4896] - When updating a server installation, the service-user gets reset to “system-user” * [TOPEASE-5028] - Designer: View Filter does not work for all main folders * [TOPEASE-5032] - High memory consumtion of Leaflet-Map integration * [TOPEASE-5044] - Missing Default-Folder Identifier on old/upgraded models * [TOPEASE-5054] - Chrome and Edge new Color Popup misses default colors * [TOPEASE-4933] - Gantchart: pressing ctrl-a and delete deletes all content without asking * [TOPEASE-5059] - JasperReports: Text inside curly braces {} is not rendered * [TOPEASE-5106] - Wrong format of ShapeEditor changes in Designer & misleading error message * [TOPEASE-5117] - ContextDiagram: on removing target object = model from entry, the model object is removed * [TOPEASE-5124] - NPE when scrolling in Modell Report Settings Table * [TOPEASE-5125] - Save JViews Diagrams as SVG not possible anymore after upgrading batik * [TOPEASE-5127] - Loading of custom bi-report i18n files does not work as specified for zipped reports * [TOPEASE-5139] - Nodes in swimlane loose their position ** New Feature * [TOPEASE-5068] - Add color to Predefined Values * [TOPEASE-5122] - Add a description property to Predefined Values ** Improvement * [TOPEASE-5057] - Inline-Edit of label in Diagram should auto-commit on focus lost * [TOPEASE-5136] - Add new value “On Demand” to “Frequency of Control/Change” property of BusinessRule Objects ** Maintenance * [TOPEASE-4980] - Update Jasperreports library to latest version * [TOPEASE-5149] - Designer: Show detail relations again in relation overview

Release 7.1.14 (2020-06-12)

Technical fixes and fixes for web solutions.

Release 7.1.13 (2020-03-18)

Same as 7.1.12 with minor technical fixes.

Release 7.1.12 (2020-03-11)

** Bug * [TOPEASE-4722] - “Reports” tab in Designer is extremely slow * [TOPEASE-4926] - Riskmap fetch data call fails with http-401-unauthorized in Firefox 60esr * [TOPEASE-4951] - Diagram: the full display of responsible persons in Orgchart is provided only with display scaling = 100% * [TOPEASE-4973] - Gantt-Diagram does not show german month-names in timeline * [TOPEASE-4977] - Search does not work with Read access denied objects ** Improvement * [TOPEASE-4941] - Ability to use certificate without providing an alias if the Certstore contains only one certificate * [TOPEASE-4962] - Copy/Paste not allowed by workflow rules

Release 7.1.11 (2019-12-13)

** Bug * [TOPEASE-4899] - Diagram: the PNG export does not contain header, footer, legend * [TOPEASE-4901] - Unable to create editable VC-Flow diagram in solution ** New Feature * [TOPEASE-4884] - Provide Gantt-Dgm on Risk-Measure Tab ** Improvement * [TOPEASE-4887] - Navigation in GanttDgm

Release 7.1.10 (2019-11-17)

** Bug * [TOPEASE-4494] - Explicit Full-GC takes too much time in large heap * [TOPEASE-4882] - ModelResource.getByIdMember()does not take “current object” into account when providing an xpath subquery * [TOPEASE-4890] - W3: Unable to change Event triggertype if there is no triggertype set yet ** New Feature * [TOPEASE-4809] - Provide a Gantt-Chart to visualize planned Tasks, Measures and probably lifecycles ** Improvement * [TOPEASE-4850] - SwimlaneDiagram: support PartialLayout (fixed nodes) * [TOPEASE-4878] - Improve Search results

Release 7.1.9 (2019-09-26)

** Bug * [TOPEASE-4860] - NPE when adding more Rows or columns to RiskDefinition and starting to choose the cell colors ** Improvement * [TOPEASE-4858] - Model-defined Font color is not used for “Questions”

Release 7.1.8 (2019-09-16)

** Bug * [TOPEASE-4839] - Potential wrong results in RiskMap for Folder ** New Feature * [TOPEASE-4815] - W3: Make the Landscape-Diagram (geolocation) available * [TOPEASE-4843] - Diagram Shape with vertical text ** Improvement * [TOPEASE-4827] - TE Designer does not start * [TOPEASE-4849] - Improvements for Riskmap * [TOPEASE-4854] - Diagram: Reset custom shape color

Release 7.1.7 (2019-08-26)

** Bug * [TOPEASE-3398] - XMLImport with unique="true" on RACI relations does not work as expected * [TOPEASE-4643] - BIReport execution gets exception while trying to render large images ** Improvement * [TOPEASE-4750] - BiReports: support parameter TE_XPATH_DIAGRAMS * [TOPEASE-4805] - WorkflowRules: support parameter ‘checkCurrentUser’ in CheckFourEyesPrincipleRule ** Sub-task * [TOPEASE-4729] - Pull swimmlane options from diagram template fails

Release 7.1.6 (2019-07-22)

** Bug * [TOPEASE-4789] - w3: diagram links are duplicated for the first diagram of the selected object * [TOPEASE-4030] - Problem when pressing F2 on Sequenceflow ** New Feature * [TOPEASE-4692] - WorkflowRules: new rule SetPredefinedValuesOnChangeRule ** Improvement * [TOPEASE-4592] - Add standard Influence Types * [TOPEASE-4710] - Reference: show icon from source if the attached reference kind has no icon * [TOPEASE-4724] - WorkflowRules: support html content type in SendMailRule * [TOPEASE-4746] - Assessment: Creation of new Assessments in IT-SEC does not work properly * [TOPEASE-4790] - w3: don’t show the “summary” label in the Info sidebar when no shape is selected

Release 7.1.5 (2019-05-15)

** Bug * [TOPEASE-4652] - Wrong initial position of new nodes in swimlanes * [TOPEASE-4657] - Diagram: the SVG export does not contain header, footer, legend

Release 7.1.4 (2019-05-06)

** Bug * [TOPEASE-4448] - Unable to catch up with repository under high load * [TOPEASE-4499] - W3-Requests fail due to serverside change dispatching * [TOPEASE-4533] - Option GatewayType is not available if a new gateway is introduced into a sequence Flow * [TOPEASE-4538] - Unable to save BVC Flow dgm * [TOPEASE-4539] - Exceptions in SequenceFlow Diagramming * [TOPEASE-4543] - Unable to save “Step Type” of an Activity-Object in Sequence Flow Diagram * [TOPEASE-4567] - JasperRepors: error in rendering tables from html fields via TextReport * [TOPEASE-4570] - HierarchyDiagram: new added objects can produce an unwished automatic layout * [TOPEASE-4582] - Exception while saving edits in Sequenceflow dgm from Template * [TOPEASE-4587] - When an error occurs during save of dgm changes, the dgm remains in an incomplete state * [TOPEASE-4603] - BVC Diagram: the graphical modelling of BVC structure diagrams does not work ** New Feature * [TOPEASE-4573] - W3: Assessment App Enhancements * [TOPEASE-4615] - Swimlane Diagram: support label for ‘Related objects’ ** Improvement * [TOPEASE-4531] - Enable caching based on ETag for w3 resources * [TOPEASE-4534] - Search Option in Diagram Editor * [TOPEASE-4560] - Allow to print the Version of an Artefact on a Diagram * [TOPEASE-4585] - GapReport does not show useful results for deltas on Comments * [TOPEASE-4590] - Questionnaire requires Facts and Figures Tab * [TOPEASE-4599] - An empty lane may appear in sequence flow diagrams * [TOPEASE-4626] - Diagram: improve layout for objects without flows * [TOPEASE-4630] - DenyDeleteRule: support parameters to ignore the execution of the rule for given users or groups ** Sub-task * [TOPEASE-4562] - AutoHistoryRule does not correctly handle “no change” * [TOPEASE-4571] - Repository requires Change-History cleanup * [TOPEASE-4575] - The GapReport on Assets (having lot of Assessments) produces too much garbage * [TOPEASE-4625] - Provide a Tool for Repository Maintenance “History Cleanup” action

Release 7.1.3 (2019-02-28)

** Bug * [TOPEASE-4437] - Delete collides with insert * [TOPEASE-4467] - JasperReports: WorkProducts in yfiles diagrams are not rendered in reports * [TOPEASE-4490] - Access Exception during GapReport execution ends in InternalServerError * [TOPEASE-4494] - Explicit Full-GC takes too much time in large heap * [TOPEASE-4519] - Changing Orientation of a Swimlane-Diagram should also change the swimlane orientation * [TOPEASE-4526] - Process does not show when double click on Process Landscape

** New Feature * [TOPEASE-4471] - Add functionality to gather Support-Information from a running XChange instance

** Improvement * [TOPEASE-4495] - Improve reaction on “delete collides with insert” * [TOPEASE-4504] - Graph3: Improve incremental layout of Hierarchy Diagram * [TOPEASE-4508] - Enable support for pre-generated reports in Bdna-Report-Menu * [TOPEASE-4520] - Option for Layout Orientation Change in Diagrams should not be allowed if diagram is based on a template

Release 7.1.2 (2019-02-04)

** Bug * [TOPEASE-4455] - Race condition within CalculationContext in W3 * [TOPEASE-4465] - Designer: Copy&Paste from Word into HTML fields ignores formatting * [TOPEASE-4469] - Unable to use Compare-View when objects being compared have long names * [TOPEASE-4470] - Unable to answer Questionnaire if Answer Dimension has no numeric value assigned * [TOPEASE-4476] - “delete collides with insert” due to thread-unsafe GUID implementation ** Improvement * [TOPEASE-4457] - Logging performance is slow in production * [TOPEASE-4474] - Add helpful information to log when “delete collides with insert” occurs

Release 7.1.1 (2019-01-18)

** Bug * [TOPEASE-4453] - Word and PDF Reports dont work anymore in TopEase 7.1.0 * [TOPEASE-4455] - Race condition within CalculationContext in W3

** Improvement * [TOPEASE-4456] - Include a thread identifier into the log output

Release 7.1.0 (2019-01-09)

** Bug * [TOPEASE-3160] - Exception in WebPortal if related share gets deleted * [TOPEASE-3493] - Resource flow created in Portal does not appear in Designer * [TOPEASE-3970] - WebPortal: Language change not possible after object selection * [TOPEASE-4112] - ReportWizard: configured object types are not correctly evaluated for server execution * [TOPEASE-4131] - Report “template.dir” property needs to be absolute * [TOPEASE-4144] - W3: Relation Overview does not display whole diagram * [TOPEASE-4145] - W3: Custom color editable in diagram readonly mode * [TOPEASE-4192] - Add write access permission checks to w3 RACI * [TOPEASE-4195] - biReport execution lacks error logging * [TOPEASE-4197] - Job Trigger can get invalid and prevent server start * [TOPEASE-4203] - Create Diagram from template fails if the template is associated with access denied diagrams * [TOPEASE-4219] - SequenceDiagrams Workproducts (states) are not displayed in IE on W2 Technology * [TOPEASE-4236] - Plugin 'Set State and Validity’: not all valid states are selectable * [TOPEASE-4253] - Improve performance on advanced indexed searches though code optimization * [TOPEASE-4254] - JSP Reports: Switching the report profile is not correctly supported * [TOPEASE-4270] - Web3: Performance degradation due to sorted list access inside XPath evaluation * [TOPEASE-4277] - Assessment Service XPath filtering * [TOPEASE-4283] - W3: Tree navigation not always possilble * [TOPEASE-4284] - Doubleline in shapeeditor causes connectors to not start at shape bounds * [TOPEASE-4289] - XML import fails with errors caused by buggy sax-parser used from JRE * [TOPEASE-4294] - W3 Assessment: Comment changes are not being saved * [TOPEASE-4297] - DiagramEditor: Property editor “default” is always checked * [TOPEASE-4298] - Web3: Button “navigate up” on DiagramEditor not visible in WebExplorer/readonly mode * [TOPEASE-4304] - Ability to save an existing shape-style under a different name in shapeeditor * [TOPEASE-4320] - Concurrent write attempt fail in w2 * [TOPEASE-4321] - improve brute force login attack protection with DoS prevention * [TOPEASE-4326] - Cancelling Jobs kills Job too early on systems with long latencies * [TOPEASE-4330] - NPE in AntRunner after XMLImport tries to perform Delete-Support * [TOPEASE-4335] - AccessManager check throws “requires active transaction” * [TOPEASE-4336] - NPE in MyNavResNavigator * [TOPEASE-4385] - Rule Editor: by deactivating an action rule, the action flag is also removed * [TOPEASE-4387] - JasperReports: Report can not be generated if contained svg is illegal * [TOPEASE-4388] - JasperReports: Report can not be gererated if it contains a table with an empty row * [TOPEASE-4399] - Unable to start TopEase Designer with Checkpoint Endpoint Security Application Control * [TOPEASE-4408] - W3 PV number-editor allows invalid data to be saved * [TOPEASE-4409] - Performance problems within CustomDataEditPage when having many PV values * [TOPEASE-4413] - W3 Support type and pattern in band-text-editor * [TOPEASE-4414] - AddReference Dialog needs too much time to open in a large model environment * [TOPEASE-4418] - ArchitectureDiagram takes too long to generate in large models * [TOPEASE-4419] - Diagram’s 3 fields are not visible in container shapes * [TOPEASE-4423] - W3 Reference element not showing correct buttons

** New Feature * [TOPEASE-4180] - Web3 feature to check specific access permissions * [TOPEASE-4194] - Simplify integration of predefined values * [TOPEASE-4232] - Edit width and height of nodes in the diagram properties panel * [TOPEASE-4295] - W3 Assessment WS: Get Assessment by qType Identifier * [TOPEASE-4308] - Add optional lineage col to assoc table * [TOPEASE-4311] - Schema: allow RuleSet and BusinessRule objects in default folder * [TOPEASE-4327] - Add info about system processor to logfile * [TOPEASE-4344] - Provide a script such that customers can easily create certificate requests * [TOPEASE-4417] - W3 Ignore case when comparing server user name with resource user ID * [TOPEASE-4430] - W3 readonly table for reverse RACI relations

** Improvement * [TOPEASE-2089] - Change the schema-default value for Priorities from “null” to "-" * [TOPEASE-2861] - Use a state-of-the-art password-hashing library to store passwords securely * [TOPEASE-4124] - Support LDAPS (SSO, LDAP over SSL) * [TOPEASE-4132] - Potential security issue through leaked Exception in webportal response * [TOPEASE-4137] - GraphEditor: improved rendering of 3 fields in diagram shapes * [TOPEASE-4139] - improve SSO user lookup when UPN is email address * [TOPEASE-4234] - XPath extension function q:formatDate to get a formatted date * [TOPEASE-4238] - Add tooltips to svg-diagrams generated with new Diagram Editor * [TOPEASE-4239] - Gap Report Improvements * [TOPEASE-4246] - Workflow Rules: xpath configuration of raci holders in OnCreationChangeStatusRule and OnCreationRule * [TOPEASE-4271] - Web3-Search should find objects when only parts of a word is typed * [TOPEASE-4275] - Improve Search * [TOPEASE-4290] - CreateDialog: support custom association for customType * [TOPEASE-4315] - Graph3 HierarchyDiagram: Support Option “Levels Horizontal Layout” * [TOPEASE-4319] - web3 json responses should be gzipped * [TOPEASE-4362] - Add warning, when Predefined Values are being abused * [TOPEASE-4374] - Tomcat security settings require an update * [TOPEASE-4386] - Autohistory: support logging of extent changes (access & user management) * [TOPEASE-4393] - Ability to customize the distance between Diagram Header/Footer and the diagram content * [TOPEASE-4396] - Support for Onlinehelp in W3 Solutions * [TOPEASE-4411] - CustomDataEditPage should take order of CD from “selectedSettings” config * [TOPEASE-4424] - W3 Solutions should show reference page for ExternalReference objects * [TOPEASE-4445] - SequenceDiagram: Label of Start Events should be placed on top for vertical layout

** Sub-task * [TOPEASE-3770] - Lucence search engine update * [TOPEASE-3941] - Show relation browser in the right pane when user selects node * [TOPEASE-3952] - Improve behavior on touch- and tiny devices * [TOPEASE-4247] - Possibility to define management ratios for QNaires (Indicators)

TopEase 7.0

Release 7.0.7 (6. Jun 2019)

** Bug * [TOPEASE-4236] - Plugin 'Set State and Validity’: not all valid states are selectable * [TOPEASE-4237] - TEXML Export: Text of objectlink is always exported in the default language * [TOPEASE-4254] - JSP Reports: Switching the report profile is not correctly supported * [TOPEASE-4289] - XML import fails with errors caused by buggy sax-parser used from JRE * [TOPEASE-4302] - Exception after closing Ctx-Dgm settings in Designer within DiagramEditor * [TOPEASE-4385] - Rule Editor: by deactivating an action rule, the action flag is also removed * [TOPEASE-4465] - Designer: Copy&Paste from Word into HTML fields ignores formatting * [TOPEASE-4476] - “delete collides with insert” due to thread-unsafe GUID implementation * [TOPEASE-4567] - JasperRepors: error in rendering tables from html fields via TextReport * [TOPEASE-4723] - Excessive logging when no WE licenses are available ** New Feature * [TOPEASE-4232] - Edit width and height of nodes in the diagram properties panel ** Improvement * [TOPEASE-4234] - XPath extension function q:formatDate to get a formatted date * [TOPEASE-4238] - Add tooltips to svg-diagrams generated with new Diagram Editor * [TOPEASE-4239] - Gap Report Improvements * [TOPEASE-4246] - Workflow Rules: xpath configuration of raci holders in OnCreationChangeStatusRule and OnCreationRule * [TOPEASE-4315] - Graph3 HierarchyDiagram: Support Option “Levels Horizontal Layout” * [TOPEASE-4374] - Tomcat security settings require an update

Release 7.0.6 (5. Jun 2018)

** Bug * [TOPEASE-3970] - WebPortal: Language change not possible after object selection * [TOPEASE-4219] - SequenceDiagrams Workproducts (states) are not displayed in IE on W2 Technology ** Improvement * [ ] - Some W3-Diagramming improvements

Release 7.0.5 (1. May 2018)

** Bug * [TOPEASE-3493] - Resource flow created in Portal does not appear in Designer * [TOPEASE-3681] - Missing files after generating a diagram as png only * [TOPEASE-4155] - YFiles designer integration (and headless generation) need to be customizable too * [TOPEASE-4195] - biReport execution lacks error logging * [TOPEASE-4197] - Job Trigger can get invalid and prevent server start * [TOPEASE-4200] - Wrong sort order in lifecycle table * [TOPEASE-4202] - Performance problem while accessing AdditionalValueSettings in real-world models * [TOPEASE-4203] - Create Diagram from template fails if the template is associated with access denied diagrams * [TOPEASE-4204] - Diagram generation performance degradation after generating lots of diagrams

** New Feature * [TOPEASE-4162] - Add ability to navigate svg-diagrams generated with new Diagram Editor * [TOPEASE-4180] - Web3 feature to check specific access permissions * [TOPEASE-4181] - OWASP: security issue through CSRF Cookie only authentication in W3 * [TOPEASE-4206] - Create Arrow Shapes with notch * [TOPEASE-4208] - Add ability to define default size for new nodes in diagrams

** Improvement * [TOPEASE-4040] - Make it possible to remove multiple reports at the same time

Migration note:

Existing usages of the Job Administration Web Service may need to adopt their code. See note in Job Administration Web Service.

Release 7.0.4 (16. Mar 2018)

** Bug * [TOPEASE-4160] - Invisible toolbar buttons in Designer Diagrammer when in fullscreen * [TOPEASE-4177] - W3-DiagramEditor image generation returns prior image rather than the requested

** New Feature * [TOPEASE-4159] - Support of filtering in bdna-tree

** Improvement * [TOPEASE-2861] - Use a state-of-the-art password-hashing library to store passwords securely * [TOPEASE-4123] - Add object-id to exported SVG’s * [TOPEASE-4130] - Potential clickjacking through frameable response in web portal * [TOPEASE-4172] - Allow use of WorkflowState during SoftDelete of imports

Release 7.0.3 (23. Feb 2018)

** Bug * [TOPEASE-4069] - Identifier conflict on Resource import (XML) * [TOPEASE-4112] - ReportWizard: configured object types are not correctly evaluated for server execution * [TOPEASE-4142] - Serverside generation of YFiles Diagrams sometimes fails with IllegalStateException * [TOPEASE-4151] - TopEase Designer startup fails due to GroupPolicy problem with JXBrowser * [TOPEASE-4155] - YFiles designer integration (and headless generation) need to be customizable too

** New Feature * [TOPEASE-4149] - Add property ‘Label’ to Lifecycle and Positioning

** Improvement * [TOPEASE-4124] - Support LDAPS (SSO, LDAP over SSL) * [TOPEASE-4137] - GraphEditor: improved rendering of 3 fields in diagram shapes * [TOPEASE-4139] - improve SSO user lookup when UPN is email address * [TOPEASE-4140] - Designer: add multilanguage editor for Lifecycle’s ‘note’ field

** Sub-task * [TOPEASE-4027] - First navigation on diagram opens right drawer * [TOPEASE-4114] - Support Identifying Types for the shape customization

Release 7.0.2 (14. Dez 2017)

** Bug * [TOPEASE-4093] - Designer: the tab Resource/EAM cannot be opened * [TOPEASE-4094] - Designer: only first level Projects can be chosen from selection panels

** New Feature * [TOPEASE-4077] - Designer: edit the diagram’s identifier * [TOPEASE-4089] - Support for resetting layout

Release 7.0.1 (06. Dez 2017)

** Bug * [TOPEASE-4071] - 7.0.0 installer does not include strong crypto policy * [TOPEASE-4079] - Unable to provide ssl certificate without specifying a key alias

** New Feature * [TOPEASE-4083] - Copy and edit existing Jobs with web service

** Improvement * [TOPEASE-4080] - Modelling Rules: Support multilanguage rule name * [TOPEASE-4087] - Modelling Rules: Rule / Group identifier must be unique * [TOPEASE-4053] - Provide edit functionality for BVC Diagrams with Flow

Release 7.0.0 u1 (20. Nov 2017)

** Bug * [TOPEASE-4071] - 7.0.0 installer does not include strong crypto policy * [TOPEASE-4075] - Re-Enable SSO with simple A/D user lookup (pre-Win2000 option)

Release 7.0.0 (03. Nov 2017)

Initial release, see Highlights for new Features.

This release also contains all fixes of TopEase 6.9 update 11 and before.

Additional, the following issues have been resolved:

** Bug * TOPEASE-4063 ArchitectureDiagram: The sorting of a swimlane added to a layouted diagram is incorrect * TOPEASE-4044 allow version tag with same name for different scopes * TOPEASE-4016 Web JSP Reports: Hyperlinks are not correct (javascript function) * TOPEASE-3886 Favorite Reports defined as ‘Job Report’ are shown in portal even if inactive * TOPEASE-3777 Report Wizard report show hidden predefined values * TOPEASE-3754 Facts & Figures show unit identifier instead of unit name * TOPEASE-3411 WebReports: icons are missing in jsp reports

** Improvement * TOPEASE-4056 Model Settings: allow decomposition of settings * TOPEASE-4054 AssessmentModel: add support for LifecycleState * TOPEASE-4045 Diagram Templates: push current object selection in Relation diagrams * TOPEASE-4000 Remove SSL-Setting from installer, enabled SSL needs to be the default. * TOPEASE-3966 ability to store attached files in repository location * TOPEASE-3958 Office templates signed with sha256 certificate * TOPEASE-3875 update spnego to v7 * TOPEASE-3699 upgrade jersey libraries * TOPEASE-3983 Show report button more prominetly * TOPEASE-4020 Provide a dedicated field for BCM’s “key dates” field * TOPEASE-4019 Add targetLikelihood and targetImpact properties to Risk Assessment * TOPEASE-4012 Designer: Explore/Search feature in Diagram Copy Dialog * TOPEASE-4011 Designer: Option to reset diagram layout on pushing template settings * TOPEASE-3939 Web3: Table responsive colums feature (show/hide depending on table width)

** Retired Feature * TOPEASE-3891 Retire usage of Java-Applet for JViews based diagramming * TOPEASE-3889 Remove support for iGrafx flowcharts

TopEase 6.9

Release 6.9 update 11 (16. April 2018)

** Bug * [TOPEASE-3493] - Resource flow created in Portal does not appear in Designer * [TOPEASE-4049] - Unable to add new Diagram items in Web sometimes (JSF portal) * [TOPEASE-4064] - ActivityDiagram: Web editing does not support comma in new object names * [TOPEASE-4195] - biReport execution lacks error logging * [TOPEASE-4197] - Job Trigger can get invalid and prevent server start

** Improvement * [TOPEASE-3940] - Unable to set access permissions for Task- and Behavior type of Sequence flow objects * [TOPEASE-4130] - Potential clickjacking through frameable response in web portal * [TOPEASE-4132] - Potential security issue through leaked Exception in webportal response * [TOPEASE-4137] - GraphEditor: improved rendering of 3 fields in diagram shapes

Release 6.9 update 10 (11. Sept 2017)

** Bug * [TOPEASE-3999] - Frequency value displayed invalid when read-only * [TOPEASE-4009] - Swimlane diagrams: lanes must have same order in all languages * [TOPEASE-4037] - Diagram Template: Cannot push/pull template settings if the template has an Identifier

Release 6.9 update 9 (29.June 2017)

** Bug * [TOPEASE-3928] - Diagramming: portal navigation in Visio diagrams (svg) opens a new window * [TOPEASE-3929] - WebPortal: Diagram sub-page -> replace print button by download link

Release 6.9 update 8 (19.May.2017)

** Bug * [TOPEASE-3900] - ICEFaces Datepicker popup renders behind parent popup dialog * [TOPEASE-3902] - Exception during XML-Import when objects get deleted

** Improvement * [TOPEASE-3901] - WorkflowRules: support parameter ‘ignoreMissingHolders’ in ChangeAccessRule * [TOPEASE-3911] - JQuery security update

Release 6.9 update 7 (28.Mar.2017)

** Bug * [TOPEASE-3825] - WebPortal: Showing Report Links for Objects has very bad performance * [TOPEASE-3869] - Favorite Reports aren’t removed when removing Report from the web * [TOPEASE-3874] - Unable to set Folder.contentType with XMLImport * [TOPEASE-3876] - WebPortal: Copy URL feature does not work for dynamic tables * [TOPEASE-3882] - Autohistory: Not all changes contained in a transaction are logged in the Change Control history * [TOPEASE-3892] - No Multilanguage in the Risk Classification Setting Matrix * [TOPEASE-3896] - Exceptions are thrown when some plugins are loaded

** Improvement * [TOPEASE-3785] - WebPortal: Dynamic table add / edit / delelete button disregard access permissions * [TOPEASE-3879] - WebPortal: Dynamic table component improvemnt to assign org-object as role/holder * [TOPEASE-3880] - WebPortal: DeleteSupport Widget for deleting shortcuts and original object * [TOPEASE-3881] - WebPortal: Show quality rule result for State and Wokflow-State * [TOPEASE-3894] - GraphEditor: Names in swimlane headers should be separated by ‘;’

Release 6.9 update 6 (22.Feb.2017)

** Bug * [TOPEASE-3833] - Shortcuts sorted by rank do not update if rank changes * [TOPEASE-3836] - WebPortal: Model PopUp Dialogs do now work in Edge, Chrome and Firefox * [TOPEASE-3838] - Designer: Risk Assessment Editor cannot add new assessment if table is sorted ascending * [TOPEASE-3867] - WebPortal: Umlaute in predefined value pop-up are not correctly displayed * [TOPEASE-3868] - Diagram: allow selection of Folder in object type selections * [TOPEASE-3869] - Favorite Reports aren’t removed when removing Report from the web * [TOPEASE-3870] - ReportWizard: Comments on measurements and risks are not reported

** New Feature * [TOPEASE-3818] - WebPortal: Enhanced Search Feature to exclude property type from search * [TOPEASE-3834] - Plugin: Cleanup Html List Entries

** Improvement * [TOPEASE-3837] - Support for loading multiple TEBiFunction Plugins * [TOPEASE-3844] - Limit excessive logging during XML Imports * [TOPEASE-3862] - Autohistory Rule: Log diagram changes * [TOPEASE-3866] - WebPortal: Lifecycle - show description in tooltip

Release 6.9 update 5 (28.Oct.2016)

** Bug * [TOPEASE-3759] - Portal: Search throws exception if search string contains special characters * [TOPEASE-3795] - Rule: OnDeleteRACIDefinition causes NPE * [TOPEASE-3796] - WebPortal: Dynamic table can cause exception in combination with access permissions * [TOPEASE-3804] - Reference Generator causes exceptions during the parsing of document properties * [TOPEASE-3815] - Webportal: Random behavior with workflow plugin * [TOPEASE-3819] - WebPortal: Add search field to single object association web component * [TOPEASE-3821] - BiaStaffEvaluationFeature has interchanged values for Role and Person * [TOPEASE-3825] - WebPortal: Showing Report Links for Objects has very bad performance * [TOPEASE-3828] - Error “For input string: “ “” when searching Users for Active Directory / LDAP Synchronisation

** New Feature * [TOPEASE-3792] - Designer: Filter for Diagram Legend * [TOPEASE-3814] - WebPortal: Option to show Save, Reset and Navigation buttons in the toolbar * [TOPEASE-3816] - RiskAssessment: add features for raw values * [TOPEASE-3822] - JasperReports: new SQL functions for CurrentUser * [TOPEASE-3826] - WebPortal: Add help text to custom search terms

** Improvement * [TOPEASE-3793] - WebPortal: Enhance Copy URL to consider all tab levels * [TOPEASE-3794] - WebPortal: Option to show/hide Description, Cost and Impact in Interdependency table * [TOPEASE-3797] - Allow Diagram Generator Wizard to create “empty” diagrams * [TOPEASE-3798] - Excel to CSV converter writes date properties in US format always, need option to write in local format * [TOPEASE-3817] - JasperReports: Upgrade aspose libraries * [TOPEASE-3824] - JasperReports: new SQL function GETPATH

Release 6.9 update 4 (20.Aug.2016)

** Bug * [TOPEASE-3781] - The default certificate should be different on any installation * [TOPEASE-3782] - WebPortal: Number Input is not handled correctly in Dynamic Table Edit Dialog ** New Feature * [TOPEASE-3779] - WebPortal: Facts & Figures simple editable component * [TOPEASE-3784] - WebPortal: Priviledged Object Creation in Dynamic Table Add-Dialog ** Improvement * [TOPEASE-3386] - Diagramming: Consolidate behavior of “showInherited” option * [TOPEASE-3387] - Diagramming: Inconsistent behavior of “Show inherited associations” on some diagrams * [TOPEASE-3405] - WebPortal: The labels for summary, purpose, etc. should be customizable * [TOPEASE-3769] - WorkflowRules: support xpath condition parameter * [TOPEASE-3771] - BI Interface: export validFrom / validTo from lifecycle / positioning as timestamps * [TOPEASE-3785] - WebPortal: Dynamic table add / edit / delelete button disregard access permissions * [TOPEASE-3788] - Workflow Rules: Sendmail rule enhancements (setPredefinedValues) * [TOPEASE-3789] - JasperReports: On report registration, the default ‘Report File’ is preset to absolute and not relative path

Release 6.9 update 3 (15.Jul.2016)

** Bug * [TOPEASE-3762] - Wrong order of timeframes in BIA after changing timeframe settings * [TOPEASE-3764] - Unexpected server shutdown may end with corrupt license files * [TOPEASE-3766] - Unable to delete a repository-entry from the list of repositories in designer * [TOPEASE-3768] - Save as image inside web graph editor does not work ** Improvement * [TOPEASE-3685] - WebPortal: Copy URL to clipboard feature enhancement

Release 6.9 update 2 (27.Jun.2016)

** Bug * [TOPEASE-3715] - JasperReports: rendering html lists in tables * [TOPEASE-3716] - JasperReports: Rendering subreports in table cells * [TOPEASE-3748] - JasperReports: Word template from subfolder ‘template’ is not used from registered .zip report * [TOPEASE-3750] - Schreibfehler in Start Page im Designer (deutsch) * [TOPEASE-3755] - WebPortal: NPE in dynamic table edit dialog in RACI widget * [TOPEASE-3756] - WebPortal: Wrong tooltip for removeing filter in navigator search * [TOPEASE-3758] - WebPortal: Property ‘searchModel’ not found on typecom.deron.te.web.modules.create.selectors.IdentifierOwnerSelector * [TOPEASE-3759] - Portal: Search throws exception if search string contains special characters * [TOPEASE-3760] - Diagramming: Resource Model Diagram throws NullPointerException

** Improvement * [TOPEASE-3743] - JasperReports: Upgrade to library aspose-words-jasperreports-2.7.0 * [TOPEASE-3749] - JasperReports: Upgrade to library aspose-words-jasperreports-2.7.1

Release 6.9 update 1 (25.May.2016)

** Bug * [TOPEASE-3629] - Report Wizard Web report fails with relative path * [TOPEASE-3690] - WP State Diagram does not consider options * [TOPEASE-3691] - Unable to hide Risk Management folder in view mgmt * [TOPEASE-3692] - ReportWizard: support features from schema extension * [TOPEASE-3695] - unable to run JSP’s from UNC path when they use custom Tag Libraries * [TOPEASE-3696] - Dashboard history chart not displaying in IE * [TOPEASE-3703] - WebPortal: Filter for object type ‘ProjectModel’ does not work * [TOPEASE-3704] - Missing icons in BVC Overview Report * [TOPEASE-3708] - WebPortal: Dynamic table sorting throws exception if cell contains empty collection * [TOPEASE-3709] - JasperReports: Report fails when running on repository version * [TOPEASE-3711] - ‘UI Initialisation failed’ error when creating RiskMetricValue with empty rank * [TOPEASE-3713] - Problem when starting an XChange server without BI-Service licensed * [TOPEASE-3718] - Wrong multilingual text display inside Lifecycle table * [TOPEASE-3719] - Editing in Graph Editor inside a Web Portal using Internet Explorer does not work if the browser’s page zoom is not 100% * [TOPEASE-3720] - JSP Reports: wrong output if contentType is ‘text/csv’ * [TOPEASE-3721] - WebPortal: Export of dynamic table does not always create a valid file name * [TOPEASE-3723] - JasperReports: support lists in tables * [TOPEASE-3728] - Links on Visio diagrams with SVG technology do not work in Web Poprtal * [TOPEASE-3729] - WebReports: diagrams are missing when using Visio

** New Feature * [TOPEASE-3707] - Make Risk Management reports available in TopEase Designer * [TOPEASE-3710] - WebPortal: Search functionality in dynamic table filter dialog

** Improvement * [TOPEASE-3312] - OnlineHelp: Explain the Diagram Options * [TOPEASE-3686] - WebPortal: Set Reference Kind for newly created External References * [TOPEASE-3694] - Diagramming: support features from schema extension in shape fields * [TOPEASE-3722] - WebPortal: Layout improment of dynamic table export * [TOPEASE-3732] - WebPortal: Hmogenize layout of root page (list of available portals)

Release 6.9 (11.Mar.2016)

** Bug * [TOPEASE-589] - Bad rendering of inexistent Objects within ObjectLinks of WebExplorer * [TOPEASE-3435] - Overwrite confirm comes twice when native file SaveAs dialog is used * [TOPEASE-3581] - Implicit Identifiers are shown in UI but do not have any functionality anymore * [TOPEASE-3601] - Diagramming: Visio SVG output does not work with multiple links * [TOPEASE-3630] - Report Wizard does not support Umlaute in options * [TOPEASE-3638] - Missing links in static report menu should appear as such * [TOPEASE-3650] - Make Predefined Values optionally hierarchically ordered * [TOPEASE-3663] - ReportWizard: Custom field labels not correctly reported * [TOPEASE-3667] - NPE in File Chooser

** New Feature * [TOPEASE-3656] - WorkflowRules: new rule ExecuteOnChangeRule

** Improvement * [TOPEASE-3604] - WebPortal: Add the ability to open object links in a new tab / window * [TOPEASE-3635] - Improved display of relative paths in ExternalReference * [TOPEASE-3640] - Security: Apache Commons Collections update needed due to de-serialisation vulnerability * [TOPEASE-3645] - WorkflowRules: support CC in SendMailRule * [TOPEASE-3655] - WorkflowRules: support state in SetStateOnChangeRule * [TOPEASE-3687] - WebPortal: support parameter ‘showNullObject’ for selection tree in view:raci * [TOPEASE-3688] - WebPortal: Replace yellow frames and selected-tab color with gray * [TOPEASE-3689] - WebPortal: Increase the size of the field in the header showing the currently logged in user

TopEase 6.8

Release 6.8 update 3 (23.Dec 2015)

** Bug * [TOPEASE-3630] - Report Wizard does not support Umlaute in options * [TOPEASE-3631] - jsf project stage not changed to production * [TOPEASE-3634] - Exception while executing Diagram report as job * [TOPEASE-3636] - Search in static model report does not find terms with umlauts * [TOPEASE-3637] - Searchresult in static model report contains many consecutive ‘;’ delimiters ** Improvement * [TOPEASE-3542] - SVG Graphic should fit into window after load in Safari/iOS * [TOPEASE-3633] - WebPortal: Model needs to be definable by Identifier and not just by type

Release 6.8 update 2

** Bug * [TOPEASE-3551] - SVG diagrams are not correctly scaled in Word or PDF by Word reports * [TOPEASE-3599] - WebPortal: Bug in web search with custom object types only set to true * [TOPEASE-3602] - WebPortal: Clickjack filter prevents CKEditor from loading * [TOPEASE-3611] - ArchitectureDiagram: Fix potential NPE on drawing flows * [TOPEASE-3612] - WebPortal: Possible error in report creation wizzard with multiselection enabled * [TOPEASE-3613] - Diagramming: potential NPE in other relations * [TOPEASE-3617] - JasperReports: Temporary word document must be deleted * [TOPEASE-3618] - JasperReports: Numbered list must be reset in Word reports * [TOPEASE-3620] - Settings tree for F&F should not include Link object * [TOPEASE-3622] - CMDB Import does not remove deleted objects * [TOPEASE-3623] - JasperReports: Excel exporter does not rotate text ** Improvement * [TOPEASE-3605] - WorkflowRules: ChangeAccessRule with deputy support for permission subjects * [TOPEASE-3609] - Provide SVG comfort functions in static model report * [TOPEASE-3610] - WebPortal URL in Workflow send mail rule does not work in certain cases

Release 6.8 update 1

** Bug * [TOPEASE-3221] - Scrollable area of SVG diagrams is too wide on iOS devices * [TOPEASE-3518] - Problem with error handling in Share Connect Dialog * [TOPEASE-3541] - TopEase server non responsive after network interface change * [TOPEASE-3548] - Unresponsive TopEase Designer, ArrayIndexOutOfBoundsException logged * [TOPEASE-3549] - WebPortal: Sometimes misplaces buttons in text editor with iOS * [TOPEASE-3551] - SVG diagrams are not correctly scaled in Word or PDF by Word reports * [TOPEASE-3552] - WebPortal: Migrated Report jobs can cause NPE * [TOPEASE-3553] - Outdated Tomcat Webserver used * [TOPEASE-3554] - Error message reveals Tomcat version * [TOPEASE-3555] - Webportal and Webadmin may be vulnerable against clickjacking * [TOPEASE-3560] - ContextDiagram: Target of manual entry can’t be chosen from another model * [TOPEASE-3562] - Identifier conflicts while importing multiple models from XML * [TOPEASE-3569] - Regression from 6.6: Context Diagram (manual configuration) does not allow Links over more than one model * [TOPEASE-3574] - unwanted technical text in static model output * [TOPEASE-3579] - xpath number() function converts boolean to null instead of 0.0 or 1.0 * [TOPEASE-3580] - Reporting: ProcessBook.jsp fails * [TOPEASE-3594] - ReportWizard: Not applicable features must be ignored * [TOPEASE-3595] - JasperReports: Issues with relative defined reports * [TOPEASE-3596] - Search Applet in static model report output does not work anymore due to security issues * [TOPEASE-3600] - Static Portal: Issues with Visio diagrams

** New Feature * [TOPEASE-3437] - print tables from webportal into excel using the new standard function of jsf * [TOPEASE-3502] - WebPortal: Add XPath search functionality

** Improvement * [TOPEASE-3426] - Upgrade Java VM to Java 8 * [TOPEASE-3427] - Improve web security (https) * [TOPEASE-3546] - WebPortal: Dynamic table export values cleanup * [TOPEASE-3559] - WorkflowRules: support Resource email property containing ‘;’ separated addresses * [TOPEASE-3575] - Search: Improve search to also find serial numbers * [TOPEASE-3598] - WebPortal: Support multi-language in dynamic table object creation dialog ** Sub-task * [TOPEASE-3501] - The tree in the static model report does not load in Edge * [TOPEASE-3538] - WebPortal Admin: Add the possibility to define the Report Resources path

Release 6.8 (18.Sep 2015)

** Bug * [TOPEASE-2702] - WebExplorer and -Client do not consider all Service- / LicenseManager Options * [TOPEASE-2997] - Comment-Field in WebExplorer is vulnerable with XSS attacks * [TOPEASE-3345] - users/groups export from designer and import in server admin does not work as expected * [TOPEASE-3358] - WebPortal: Imported report should contain all parameters * [TOPEASE-3359] - WebPortal: Report import exception when user or group is assigned a second time * [TOPEASE-3360] - Designer: Add proper drive symbol for UNC path in reports table * [TOPEASE-3363] - Tree expand in Presentation View Dialog does not work like expected * [TOPEASE-3366] - WebPortalAdmin: Report links not shown if menu is inactive * [TOPEASE-3375] - reports defined in model with relative path don’t work * [TOPEASE-3379] - Favorite Report is not displayed if menu is disabaled * [TOPEASE-3382] - WebPortal: Advance OR-search does not work properly * [TOPEASE-3390] - JasperReport: Date input parameter is not shown in report output * [TOPEASE-3392] - search object tree scroll to selected element * [TOPEASE-3395] - Delta report throws exception using option Group by: Delta type * [TOPEASE-3404] - Portal: Measurement Template Dashboard does not work with all locales * [TOPEASE-3407] - Portal: Measurement / Risk Dashboard export to Excel not correctly formatted * [TOPEASE-3408] - Web Admin Console: The import of portal properties fails * [TOPEASE-3409] - JasperReports: Some texts introduced by copy&paste are not reported * [TOPEASE-3413] - Flow editor in designer fails when unknown workproduct * [TOPEASE-3415] - Designer: Object Permission Details Dialog gets not initialized correctly * [TOPEASE-3417] - Desinger: Label coloring incosistent * [TOPEASE-3428] - The %-character is not handeled properly in URLs * [TOPEASE-3458] - Multiserver: Foreign-Server share has real server name in its address instead of logical server name * [TOPEASE-3466] - report.war: Failure to Restrict URL Access * [TOPEASE-3467] - httponly flag on cookie is missing * [TOPEASE-3472] - Diagramming: fix filter for user selected objects * [TOPEASE-3478] - ClassDiagram: Filter is not applied to folders and originals * [TOPEASE-3483] - WebPortal: Exception in Quality Tab if multiple identical rule identifiers * [TOPEASE-3496] - Storing xte files on a net share is too slow * [TOPEASE-3512] - Improve Licence File handling * [TOPEASE-3516] - Security issue within JViews Servlet * [TOPEASE-3518] - Problem with error handling in Share Connect Dialog * [TOPEASE-3525] - “Shape Fields” configuration: Field selection is reset when Filter changes * [TOPEASE-3530] - WebPortal: Dynamic Table col width property has now effect * [TOPEASE-3533] - Add-Dialog should respect restricted licenses * [TOPEASE-3537] - Server is unable to start after forced kill ** Improvement * [TOPEASE-2250] - Drag & drop not supported for Requirement Relations * [TOPEASE-3356] - Designer: Improve group handling in report table * [TOPEASE-3384] - Designer: Enable Favorite Report settings for zipped reports * [TOPEASE-3385] - Diagram: Current color of shape is not shown in color editor * [TOPEASE-3393] - BIA: Aggregate IT-Evaluation resources can’t be performed in one step * [TOPEASE-3405] - WebPortal: The labels for summary, purpose, etc. should be customizable * [TOPEASE-3419] - JasperReports: enhanced support for templates * [TOPEASE-3423] - Platform: Update Apache Tomcat to version 8 * [TOPEASE-3426] - Upgrade Java VM to Java 8 * [TOPEASE-3430] - WebPortal: Improve tree scrolling behavior * [TOPEASE-3432] - WebPortal: Show if user / group has permission to execute a report as job * [TOPEASE-3441] - XChange Servers settings DB may become corrupt due to hardware failure. Create backup copies automatically. * [TOPEASE-3459] - improved support for resource files in a repository (Resources API) * [TOPEASE-3495] - Secure default configuration for SSL/TLS * [TOPEASE-3508] - WebPortal: Enable spellchecking for RichText Editor * [TOPEASE-3520] - Autohistory Rule: Improve history log entries for cost fields * [TOPEASE-3522] - WebPortal: Enable the Pattern Navigator to work with custom associations (3D) ** New Feature * [TOPEASE-3347] - Need a function to refer to a specific column inside DynamicTable’s XPath Columns * [TOPEASE-3437] - print tables from webportal into excel using the new standard function of jsf * [TOPEASE-3439] - WebPortal: Add ability to create Event and Gateways objects in the portal * [TOPEASE-3440] - WebPortal: Add WebComponent to edit Activity, Event and Gateway types * [TOPEASE-3444] - WebPortal: Portal specific help text can be displayed on the search page * [TOPEASE-3445] - Implementing brute-force prevention * [TOPEASE-3487] - WebPortal: Show multiple object links in a dynamic table cell * [TOPEASE-3489] - WebPortal: Add Report Column to Dynamic Table * [TOPEASE-3492] - Add Status and Workflow State to Risk and Measurement * [TOPEASE-3502] - WebPortal: Add XPath search functionality * [TOPEASE-3503] - WebPortal: Enhance search with custom types * [TOPEASE-3507] - WebPortal: Enhance Workflow Navigator with Filters, TreeView and RuleResult * [TOPEASE-3509] - Add license options to limit number of shares and number of portals per share * [TOPEASE-3524] - WebPortal: Show quality rule result in all navigators * [TOPEASE-3447] - Generic Schema Extension UI for Relations

Related news

Understanding the Red Hat security impact scale

Red Hat uses a four-point impact scale to classify security issues affecting our products. Have you ever asked yourself what it takes and what the requirements are for each point of the scale? We will talk through the highlights of our process in this article.Is this a CVE?First and foremost, what is a CVE? Short for Common Vulnerabilities and Exposures, it is a list of publicly disclosed computer security flaws. Learn more in this Red Hat post.To receive a severity rating, the issue needs to be a CVE. But what does it take to be a CVE? In order to warrant a CVE ID, a vulnerability has to comp

2022's most routinely exploited vulnerabilities—history repeats

Categories: Exploits and vulnerabilities Categories: News Tags: Zoho ManageEngine Tags: CVE-2021-40539 Tags: Log4Shell Tags: CVE-2021-44228 Tags: CVE-2021-13379 Tags: ProxyShell Tags: CVE-2021-34473 Tags: CVE-2021-31207 Tags: CVE-2021-34523 Tags: CVE-2021-26084 Tags: Atlassian Tags: CVE-2022-22954 Tags: CVE-2022-22960 Tags: CVE-2022-26134 Tags: CVE-2022-1388 Tags: CVE-2022-30190 Tags: Follina What can the routinely exploited vulnerabilities of 2022 tell us, and what do we think will make it on to next year's list? (Read more...) The post 2022's most routinely exploited vulnerabilities—history repeats appeared first on Malwarebytes Labs.

CVE-2022-47501: The Apache OFBiz® Project - Security

Arbitrary file reading vulnerability in Apache Software Foundation Apache OFBiz when using the Solr plugin. This is a  pre-authentication attack. This issue affects Apache OFBiz: before 18.12.07.

Ransomware's Favorite Target: Critical Infrastructure and Its Industrial Control Systems

The health, manufacturing, and energy sectors are the most vulnerable to ransomware.

CVE-2022-38775: Security issues

An issue was discovered in the rollback feature of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account.

Iranian APT Targets US With Drokbk Spyware via GitHub

The custom malware used by the state-backed Iranian threat group Drokbk has so far flown under the radar by using GitHub as a "dead-drop resolver" to more easily evade detection.

Researchers Uncover New Drokbk Malware that Uses GitHub as a Dead Drop Resolver

The subgroup of an Iranian nation-state group known as Nemesis Kitten has been attributed as behind a previously undocumented custom malware dubbed Drokbk that uses GitHub as a dead drop resolver to exfiltrate data from an infected computer, or to receive commands. "The use of GitHub as a virtual dead drop helps the malware blend in," Secureworks principal researcher Rafe Pilling said. "All the

Log4Shell – Iranian Hackers Accessed Domain Controller of US Federal Network

By Waqas The attack, according to authorities, was launched on the Federal Civilian Executive Branch (FCEB). This is a post from HackRead.com Read the original post: Log4Shell – Iranian Hackers Accessed Domain Controller of US Federal Network

CVE-2022-3575: Frauscher PSIRT

Frauscher Sensortechnik GmbH FDS102 for FAdC R2 and FAdCi R2 v2.8.0 to v2.9.1 are vulnerable to malicious code upload without authentication by using the configuration upload function. This could lead to a complete compromise of the FDS102 device.

Quarterly Report: Incident Response Trends in Q3 2022

Ransomware and pre-ransomware engagements make up 40 percent of threats seen this quarter By Caitlin Huey. For the first time since compiling these reports, Cisco Talos Incident Response saw an equal number of ransomware and pre-ransomware engagements, making up nearly 40 percent of threats this quarter.   It can be difficult to determine what constitutes a pre-ransomware attack if ransomware never executes and encryption does not take place. However, Talos IR assesses that the combination of Cobalt Strike and credential-harvesting tools like Mimikatz, paired with enumeration and discovery techniques, indicates a high likelihood that ransomware is the final objective. This quarter featured a variety of publicly available tools and scripts hosted on GitHub repositories or other third-party websites to support operations across multiple stages of the attack lifecycle. This activity coincides with a general increase in the use of other dual-use tools, such as the legitimate red-teaming ...

Joint Advisory AA22-279A and Vulristics

Hello everyone! This episode will be about the new hot twenty vulnerabilities from CISA, NSA and FBI, Joint cybersecurity advisory (CSA) AA22-279A, and how I analyzed these vulnerabilities using my open source project Vulristics. Alternative video link (for Russia): https://vk.com/video-149273431_456239105 Americans can’t just release a list of “20 vulnerabilities most commonly exploited in attacks on […]

U.S. Charges 3 Iranian Hackers and Sanctions Several Others Over Ransomware Attacks

The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) on Wednesday announced sweeping sanctions against ten individuals and two entities backed by Iran's Islamic Revolutionary Guard Corps (IRGC) for their involvement in ransomware attacks at least since October 2020. The agency said the cyber activity mounted by the individuals is partially attributable to intrusion sets tracked

Vulnerability Exploits, Not Phishing, Are the Top Cyberattack Vector for Initial Compromise

A slew of Microsoft Exchange vulnerabilities (including ProxyLogon) fueled a surge in attacks targeting software flaws in 2021, but the trend has continued this year.

CVE-2022-32427: Security Bulletin | Printerlogic

PrinterLogic Windows Client through 25.0.0.676 allows attackers to execute directory traversal. Authenticated users with prior knowledge of the driver filename could exploit this to escalate privileges or distribute malicious content.

CVE-2022-24406: Full Disclosure: Open-Xchange Security Advisory 2022-07-21

OX App Suite through 7.10.6 allows SSRF because multipart/form-data boundaries are predictable, and this can lead to injection into internal Documentconverter API calls.

Log4Shell Still Being Exploited to Hack VMWare Servers to Exfiltrate Sensitive Data

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), along with the Coast Guard Cyber Command (CGCYBER), on Thursday released a joint advisory warning of continued attempts on the part of threat actors to exploit the Log4Shell flaw in VMware Horizon servers to breach target networks. "Since December 2021, multiple threat actor groups have exploited Log4Shell on unpatched,

CVE-2022-32552: Security Advisory for security-bundle-2022-04-04

Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to a privilege escalation via the manipulation of Python environment variables which can be exploited by a logged-in user to escape a restricted shell to an unrestricted shell with root privileges. No other Pure Storage products or services are affected. Remediation is available from Pure Storage via a self-serve “opt-in” patch, manual patch application or a software upgrade to an unaffected version of Purity software.

Avos ransomware group expands with new attack arsenal

By Flavio Costa, Chris Neal and Guilherme Venere. In a recent customer engagement, we observed a month-long AvosLocker campaign. The attackers utilized several different tools, including Cobalt Strike, Sliver and multiple commercial network scanners. The initial ingress point in this incident was... [[ This is only the beginning! Please visit the blog for the complete entry ]]

CVE-2022-23712: Security issues

A Denial of Service flaw was discovered in Elasticsearch. Using this vulnerability, an unauthenticated attacker could forcibly shut down an Elasticsearch node with a specifically formatted network request.

EnemyBot Puts Enterprises in the Crosshairs With Raft of '1-Day' Bugs

EnemyBot DDoS botnet is rapidly weaponizing security bugs disclosed in CMS systems like WordPress plug-ins, Android devices, commercial Web servers, and other enterprise applications.

CVE-2022-21363: Oracle Critical Patch Update Advisory - January 2022

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).

CVE-2021-44548: Solr™ Security News

An Improper Input Validation vulnerability in DataImportHandler of Apache Solr allows an attacker to provide a Windows UNC path resulting in an SMB network call being made from the Solr host to another host on the network. If the attacker has wider access to the network, this may lead to SMB attacks, which may result in: * The exfiltration of sensitive data such as OS user hashes (NTLM/LM hashes), * In case of misconfigured systems, SMB Relay Attacks which can lead to user impersonation on SMB Shares or, in a worse-case scenario, Remote Code Execution This issue affects all Apache Solr versions prior to 8.11.1. This issue only affects Windows.

Microsoft’s Response to CVE-2021-44228 Apache Log4j 2

Published on: 2021 Dec 11, updated 2022 Apr 6. SUMMARY SUMMARY Microsoft continues our analysis of the remote code execution vulnerabilities related to Apache Log4j (a logging tool used in many Java-based applications) disclosed on 9 Dec 2021. Currently, Microsoft is not aware of any impact, outside of the initial disclosure involving Minecraft: Java Edition, to the security of our enterprise services and has not experienced any degradation in availability of those services as a result of this vulnerability.

CVE-2021-44228: Log4j – Apache Log4j Security Vulnerabilities

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.

CVE-2020-35198: Wind River

An issue was discovered in Wind River VxWorks 7. The memory allocator has a possible integer overflow in calculating a memory block's size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption.

CVE-2019-9167: Security Disclosures - Nagios

Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter.

CVE-2016-6816: Apache Tomcat® - Apache Tomcat 9 vulnerabilities

The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907