Release Notes - PoolParty 2022 R1 (9.0.2) - Minor & Bug-Fix Release
Release Notes - PoolParty 2022 R1 (9.0.2) - Minor & Bug-Fix Release
12/05/2023
Improvements
UnifiedViews has its own installer to streamline the installation process and is no longer included in the PoolParty installer.
Data Validator design has been improved:
The buttons on the overview page remain visible when scrolling down the page. This helps the user to see which actions are available on that page.
We have introduced a global message indicating to the user that a data validation process is active. This message is shown whenever a project is open so that its status is clearer to the user.
Bug Fixes
The RML Schema Mapping DPU of UnifiedViews has been updated.
GraphSearch export method GraphSearch/api/export/{format} was fixed and works again.
Previously under certain conditions large files could break the corpus management feature because file size verification did not work properly. This issue has been fixed.
When the history data in a PoolParty project is large using the Web Service Method: Request the History of a Project no longer leads to very high RAM consumption.
Deleting a concept in a PoolParty project via the Web Service Method: Delete a Concept no longer results in orphan concepts.
The availability check for external services could lead to unwanted side effects. We have changed this so that now only a TCP/IP connection to the service port is established to determine the availability of the service and indicate it via a red or green light.
Project import including contributors and users no longer makes user management view inaccessible.
Metadata of collections can be updated properly now.
API Changes
The Web Service Method: Request the History of a Project has two new parameters, "offset" and "limit". The defaults for those parameters are offset = 0 and limit = 100, unless otherwise specified in the request. By setting the limit to -1 (limit=-1) all available history data will be returned.
Security Fixes
Updated Apache Commons FileUpload to version 1.5 to address CVE-2023-24998 (A06:2021 – Vulnerable and Outdated Components)
Updated Logback to version 1.2.11 to address CVE-2021-42550 (A06:2021 – Vulnerable and Outdated Components)
Updated Apache Velocity Engine to version 2.3 to address CVE-2020-13936 (A06:2021 – Vulnerable and Outdated Components)
Updated Spring Security to version 5.6.10 to address CVE-2022-31692 (A06:2021 – Vulnerable and Outdated Components)
Updated Spring Core to version 5.3.26 to address CVE-2023-20861 (A06:2021 – Vulnerable and Outdated Components)
Session cookie settings have been revised and adapted to a higher security level to reduce the risk of XSS or CSRF attacks. (A03:2021 – Injection)
HTTP header settings have been revised and adapted to a higher security level to reduce the risk of XSS attacks. (A03:2021 – Injection)
Deployment Updates
Tomcat 9.0.73
Keycloak 21.0.1
Logback 1.2.11
Lucene and Solr 8.11.1
ElasticSearch 7.17.9