2021.9

With Corteza 2021.9, we continue to improve accessibility by introducing internationalization for the user interface as well as user-defined configurations. In addition, we’ve improved the overall design and user experience, improved the authentication and access control facilities, expanded on the existing feature set, and introduced a few new additions.

Internationalization

With internationalization, we add support for the translation of user interfaces, as well as locale specific date-time and number formatting. Corteza allows you to modify the built-in translations entirely as well as define translations for additional languages you might need or any custom web application modifications you might have performed. You can also translate most of the user-provided configurations (such as namespaces and module fields), allowing you to configure your Low Code applications to be accessible.

To enable translations for custom configuration, you will need to set the LOCALE_RESOURCE_TRANSLATIONS_ENABLED=true .env variable.

UI/UX

Building on the 2021.3 release, we continue to improve the user interface design as well as the overall experience when interacting with Corteza web applications. Most notably, we’ve reworked page navigation, improved consistency between different web applications, and added a more granular record list filter.

Access control

The access control facility received an upgrade, providing more fine-grained control over the access to your data, such as specific records or modules of particular namespaces. Contextual roles allow you to determine role membership and thus access to resources based on the state the system is in (such as what record we are editing).

With contextual roles, you can cover cases where a user is only allowed to access or manage data created or owned by them.

Authentication and security

The authentication flow is now more flexible by introducing support for SAML and split credential flow. Further improvements to the authentication token generator and handler help increase the stability and security of the system.

Integration gateway

Responding to the needs of defining custom API endpoints, we’ve expanded the sink route facility and introduced the Integration gateway. The improved facility simplifies the process of defining and managing custom API endpoints and defining processing for HTTP requests either via the built-in functions, workflows, or custom code.

The legacy sink route facility is still present and works as it did before, but we aim to replace the sink routes.

Reporter

The reporter provides a dedicated facility to define and view reports based on the data your Corteza Low Code defines.

Table 1. Important upgrade notes:

Access control

Corteza 2021.9 reworks the internals of our RBAC facility. From the access evaluation flow, to how rules are encoded.

When upgrading to 2021.9:
  • Corteza will automatically scan all existing RBAC rules, remove any obsolete rules like messaging, sanitize existing (federation module renaming) and properly change change resource IDs.

  • Corteza will automatically upgrade, add, remove, and rename roles as needed based on the reworked system:

    • authenticated, anonymous, super admin roles are added,

    • everyone role is removed

    • all RBAC rules owned by the now deprecated everyone role are migrated to the role authenticated

    • static role IDs (1 for everyone and 2 for admin) are replaced by sequential IDs. All memberships and RBAC rules are transferred to the updated role IDs.

  • Corteza will automatically add the following system users:

    • Corteza Provisioner (provision@corteza.local, corteza-provisioner); member of super admin account, used for all provisioning actions.

    • Corteza Service Account (service@corteza.local, corteza-service); member of super admin account, used for all service activities, CLI interface.

    • Corteza Federation (federation@corteza.local, corteza-federation); member of super admin account, used for all federation activities.

2021.9.10

Released on: 2022-04-20

  • Changed the profiler endpoints (when enabled) to be under /debug instead of /__profiler to conform to pprof requirements (2653c3894).

  • Fixed improper static translation loading for custom languages (964b71a56).

  • Fixed memory leaks and general performance optimizations for content sanitization (2711b0211), workflow loading (35c1c0892), and expression processing (4eccaa826).

  • Fixed workflow attachment uploading for all supported types (Reader, Bytes, and String) (7448a2d7b).

  • Fixed prompt duplication by preventing prompts from being resent over web sockets (f8a089a15.

2021.9.9

Released on: 2022-04-05

  • Changed resource translation sanitization to be looser to support a wider range of formatting options (4278e5823).

  • Fixed missing role references for namespace export where the User module field defined role prefilters (cb44b6591).

  • Fixed improper namespace import resource re-identification due to resources being ignored (3b235e330).

  • Fixed workflow trace parameter (3e068026).

  • Fixed improper resource translation content sanitization for RTE contents (50671180d), link attributes (f699d4b1e).

  • Fixed actionlog codegen lapsus (d44d396b3)

  • Fixed missing roles in the impersonated user — roles were not included in the generated JWT (e4ba223da)

  • Fixed improper resource iterator data chunking which caused the database to error out for large datasets (69c95a5a3)

  • Fixed record list not working when duplicate fields reside on same page (c13dd1e81).

  • Added additional link tags to make them more secure (889e2485f).

2021.9.8

Released on: 2022-03-07

  1. Changed default background colour to white in MetricConfigurator (49a525a).

  1. Fixed count expression function to properly handle the no argument case when typed values are being used (usually when invoked via workflow expressions) (5d7d3aa3).

  2. Fixed improper page blockID assignment on page create (95065f8e7).

  3. Fixed improper page blockID assignment on page create (95065f8e7).

  4. Fixed role management on external auth providers (d679a59).

  5. Append custom args when executing Corredor scripts via Compose REST handlers (2741e3577).

  6. Fixed improper handling of unresolved (type any) values (5ff68c414).

  7. Hide refresh data button when no data is present in MetricConfigurator (8fc446c).

  8. Increase z-index for PageBuilder to avoid toolbar with icons appearing below the Block’s title and description (667a9b0).

  9. Translate messages in errors component (acd5473, 1e933b2, 0af18b1).

  10. Reminders of other people showing up (63b3efe).

  11. Translations of field configurators and calendars (d4a379e, 5f00980).

  12. Relative values with charts (eb5c4c7, 025cfd5).

  13. Fix number of record to be exported in ExporterModal (eb5c4c7, 5f36917).

  14. Add missing input string to integration gateway namespace for admin (eb5c4c7, 64d27e1).

  15. Fixed cumulative funnel chart value calculations (0fbce36).

  16. Fixed improper reporter funnel chart display due to invalid data type conversion (c7ca7d1).

  1. Strengthen reset-password flow with rate limiting and invalidation of existing tokens(d2d0245d5).

  2. Improve attachment validation on size and type for compose uploads (6f19f00b2).

  3. Sanitize back-link on logout page (XSS) (8c0a62284).

  4. Refactor delete all session of user from auth page (23a8b757ee).

2021.9.7

Released on: 2022-02-10

  • Fixed set expression function to properly handle types provided by workflow execution (f42d707).

  • Fixed OIDC provider scope string issue (b1572e1).

  • Fixed workflow issues with invoker/runner (c4d80b88).

  • Fixed resource translations for content and automation page blocks (8a8cf42e).

  • Fixed inconsistent NULL order for different DB engines causing paging cursor issues (2be460ee).

2021.9.6

Released on: 2022-01-26

Contributors: Peter Grlica (GH), Denis Arh (GH), Vivek Patel (GH), Tomaž Jerman (GH), Katrin Yordanova (GH), Jože Fortun (GH).

  • Added support for RTL direction.

  • Added support for additional arguments when invoking automation scripts via API (91eb88d2).

  • Added support for resource translation on select field options (c72902a8).

  • Added support for SAML signed requests (5e4486c7, 7ec02f6e).

  • Added support for SAML HTTP binding (717cae5c0b, 5cf0597b40)

  • Added option to hide the import button on the record list (cd982a8, 9c85d0b, 874e0b2).

  • Added support for version specific DB_DSN .env variable, simplifying development (c3516dd).

  • Added find and has expression functions (86deaea9).

  • Added sort expr function (be6b572)

  • Added support for multi-value filtering on record lists (d0213cb).

  • Added processing indicator when deleting records in record list (6d47c1b)

  • Refactored workflow execution and fixed runner/invoker logic (92224360).

  • Fixed improper attachment upload permission checks due to partial request parameters (#309, #346).

  • Fixed improper QL argument transformations based on the used database (#308).

  • Fix broken docker container health check on Corredor server (dce30ba).

  • Changed federation locales (91094e44).

  • Refactored minio store and fixed invalid bucket name issue (23a2446).

  • Fixed scrolling when only one pageBlock is added (88f3e72).

  • Fixed translations on password reset (87f08d8).

  • Fixed RBAC rules and workflows not applying after being imported via namespace import (ff6cadc0).

  • Fixed improper handling of empty resource translation strings (resource-translations) (4b264798, 043588f1).

  • Fixed external OIDC for Corteza flow (398242b).

  • Fixed percentage calculation for all types of charts (2b7c949).

  • Fixed field picker system field translations (fa80ade, 485187e).

  • Fixed namespace importing — additional request validation (ca178714b), improve internal resource identification (00dd86fb9, d247ec678, and 8be8be96d).

  • Fixed improper API request content parsing when Content-Type defines character set (d0154cc1b).

  • Fixed improper error handling for the upload component (a0a1ac0).

  • Fixed role-security setting for external providers (05a40ca).

  • Fixed issue with OIDC provider removal (c078808).

  • Fixed queue name matching on workflow onMessage event (79d8a842)

  • Fixed calendar event display for events that span multiple months (4d2f824)

  • Fixed record list filter for number and id fields (3b421a1)

  • Fixed namespace selector overflowing sidebar (b9aa41e)

  • Fixed metric page block field selector options (cb69c80)

  • Fixed chart rendering edge case where the canvas did not yet exist (1b965f8).

  • Fixed centering for the empty record list label (f467e0f)

  • Fixed inline record editor not checking permissions for deletion (f74d398)

  • Fixed improper reminder handling, causing them to sometimes not show (94247f0)

  • Fixed invalid membership fetch for closed roles (88955eb)

  • Fixed column order not persisting for ColumnPicker component (9659d9f, 2b7c949, b53bc6b).

  • Make default value not required for multi fields (aae3f6f)

  • Prefill inline record editor related values (c457679)

  • Disable page deletion if it has sub-pages (67c3b2c)

2021.9.5

  • The record import via the import CLI command requires you to provide module field definitions along with the record import definitions. The constraint will be lifted in future patch releases.

Released on: 2021-12-16

Contributors: Katrin Yordanova (GH), Vivek Patel (GH), Jože Fortun (GH), Denis Arh (GH), Tomaž Jerman (GH), Peter Grlica (GH).

  • Role security (forbidden, permitted, forced) on external authentication providers (91eb88d2).

  • Workflow functions for attachment management (8a8c7685).

  • OIDC support for corteza (a2091db).

  • Integration Gateway json response postfilter and http request to scope (b0590d2f).

  • JWT generate workflow function (eecf8670).

  • Unix strftime support to gval functions (d5001341).

  • Integer caster to gval functions (3473a267).

  • Added support for role permission cloning (0564fe7, d06cd41, 9bd530a).

  • Added custom processing button (6ec4157).

  • Translations for reporter webapp (6e26d5a, 931011c).

  • Added additional string manipulation functions to reporter expressions (a45c914e).

  • Added support for record import via the import CLI command (96556f54).

  • Translatable content (modules, names, pages, namespaces) is now sent with current language (5bd3bd37).

  • Improve slow performance in some casses with wf-loops by increesing workflow session state flushing from 10 to 1000 (486a5752).

  • Prevent table display elements from crashing if an empty join frame is recieved (f244b7b2).

  • Fixed improper report route bindings (d250827b).

  • Added missing type definition to the report filter perser registry (08ef5ab10).

  • Fixed panicking report filter marshaling when invalid (59ef8da1a).

  • Fixed improper handling of automation page blocks which define buttons with no references (047b647af).

  • Prevent text from exiting container in EditorToolbox (147dcd7).

  • Fixed improper date manipulation functions for reporter expressions (46372f55).

  • Fixed persistent run-as workflow issue after trigger removal (87f08d8b).

  • Fix access control checks on UI (e902382).

  • Fix user role membership picker (cadb6e1).

  • Fix module field order changing when you navigated to all records (3525ef8).

  • Fix record and user selector editors not rendering properly (09bca49).

  • Fix display element configurator options form not resetting properly (6b33655).

  • Broken translations on password reset (87f08d8)

  • Prevent error message from being transformed by toLowerCase() 32e9325)

  • Changed chart display element configurator (b553f72).

2021.9.4

Released on: 2021-11-26

Contributors: Katrin Yordanova (GH), Vivek Patel (GH), Jože Fortun (GH), Denis Arh (GH), Tomaž Jerman (GH).

  • Added .env options to control OAuth2 access and refresh token lifetime (14450dc4).

  • Added support for base password constraints (420b5ee1, 984a5e99).

  • Added translations for webapp-workflow (15d12b3, 77de17e).

  • Added custom processing button (6ec4157, 1b67f4b).

  • Added multi select to workflow options prompts (661781d).

  • Added warning when workflow triggers paths change (07705d21).

  • Added expandable expressions editor to workflows (680149e).

  • Fixed improper report filter type casting for ID-like values (597484914).

  • Fixed default record module field value validation setup (aced989ae).

  • Boolean value (record field) sanitization(edbbf2f0).

  • Uint64 JSON serialization in Corredor payloads (3241ff4e).

  • Fixed invalid data point labeling for radial charts (4cbeb210).

  • Fixed report table pagination (71dc2d2).

  • Fixed workflow help shortcut opening when inputting ? (8fd0f15).

  • Admin role membership management (2df2f48).

  • Update Bluemonday & net packages (73c0b312).

2021.9.3

Released on: 2021-11-10

Contributors: Denis Arh (GH), Jože Fortun (GH), Tomaž Jerman (GH) Matija Rešek (GH

  • All user’s access tokens are now removed after password change (01577191).

  • Fixed improper page block ref validation for yaml encode (5afc715f).

  • Fixed unstable RBAC check that was caused by more complex setup of roles and RBAC rules (a385fe1c).

  • Fixed multi value required field errors (a5e4fb21).

  • Fixed display elements configurator sometimes not loading correct information when switching between elements (b8121e5).

2021.9.2

  • If you wish to enable functions for workflow - action log interaction, the ACTIONLOG_ENABLE_WORKFLOW_FUNCTIONS .env variable must be set.

Released on: 2021-11-04

Contributors: Denis Arh (GH), Jože Fortun (GH), Tomaž Jerman (GH), Katrin Yordanova (GH)

  • Added a user interface to configure SMTP setting; such configuration does not require server restart (0b69d1a2, 20a85d8).

  • Added support for workflow - action log interaction (search, create) (1014f53a).

  • Added support for server plugins (614d2b30).

  • Added workflow import note (9d98170).

  • Compose module fields no longer accept reserved system names — recordID, ownedBy, createdBy, createdAt, updatedBy, updatedAt, deletedBy, and deletedAt (20757e58, 20a85d8).

  • Resource translations no longer fallback to base language in case of a missing translations (4cd54a58).

  • Compose webapp now sends Content-Language and `Accept-Language HTTP headers (f8427346).

  • Server source is now built with -trimpath and without -mod=readonly flags (0b02535c).

  • Namespace export no longer preserves logo/icon references (dab413ece).

  • Initial documentation site redesign (14550adf).

  • Fixed boot-level workflow initialization logic which crashed the server if an enabled workflow defined an invalid trigger configuration (415982c8).

  • Fixed workflow saving when the configuration sidebar was opened (6d8796e).

  • Fixed improper Low Code Checkbox labels representation for false values (0330e31, aef1a14).

  • Fixed accent & HTML escaping in translated strings (556ffc5e).

  • Fixed resource translation issues for current language, accents, and escaped HTML (05178c2b).

  • Hide pages if the parent page is marked as not visible (957a9de2).

  • Fixed broken permission setting from Low Code admin panel on module for fields & records (8ae2a48d).

  • Fixed RenderOptions expr value assignment via selectors (445f0ed5).

  • Fixed RBAC rule migration crash on duplicate rules (e8bc6141).

  • Docker container healthcheck (9d7cf23c).

  • Fixed compose false value label (6da6989).

  • Fixed sidebar shadow (4a02d90).

  • Fixed reporter table column reordering (6b25473).

  • Fixed Low Code error when the automation scripts are not loaded (bb94645).

  • Disabled the load button in chart editor (6912fcd).

  • Fixed improper prefilter handling in the chart editor (aeceb35).

  • Fixed improper Low Code page exporting with un configured or partially configured page blocks (032566d9).

2021.9.1

Released on: 2021-10-18

Contributors: Peter Grlica (GH), Denis Arh (GH), Katrin Yordanova (GH), Jože Fortun (GH), Vivek Patel (GH), Matija Rešek (GH), Mario Burazer (GH)

  • Added handle/slug error text in Compose (c7f543ec).

  • Extend record export with filter in Compose (1f5d2abf).

  • Added tooltip for Integration Gateway endpoint in Admin (d897ba3d).

  • Added server sorting fields to integration gateway to support UI (c388f8).

  • Added Bytes ([]byte) expression type (614237).

  • Improved colour scheme picker in Compose (211227ba).

  • Open Admin template previews in new tab (88f05df2).

  • Refactored message bus to conform to rbac, service and package layer architecture (54b716).

  • Improved Integration Gateway filter handling (c6e3d0e9).

  • Fixed Compose calendar buttons styles.

  • Fixed back-button on record viewer.

  • Fixed Admin compose settings not reflected in Compose (bf9e7064).

  • Fixed for unsupported MIME types error message not showing in Compose (8561dca6).

  • Fixed query handling when exporting records in Compose (78e6d296).

  • Fixed server workflow step duplicate issue (e2e751).

  • Fixed unique constraint matching on resources on server (59ffe7).

  • Fixed: Missing Corteza server image root ssl certificates that caused issues with outbound HTTP and SMTP requests (8b008545).

  • Fixed invalid z-index for record list filter components (6171af5b).

2021.9.0

Released on: 2021-10-11

Contributors: Tomaž Jerman (GH), Peter Grlica (GH), Mia Arh (GH), Denis Arh (GH), sgg-adraynrion (GH), Katrin Yordanova (GH), Jože Fortun (GH), Vivek Patel (GH), Matija Rešek (GH), Mario Burazer (GH), Bill Ewanick (GH)

  • Added support for internationalization of Corteza web applications (#237, 31132570, e4eb28b8, c3ff0ae1), as well as for some user-provided resources (Low Code modules, namespaces, and pages) (46a7d94d). Locale specific number and date-time formatting are also included (da9a450f).

  • Added a system-managed facility for defining and handling custom API endpoints (#232, 652cc074. The facility allows you to trivially define new API endpoints for webhooks or custom integrations needed by your business processes. The facility defines a tight integration with Workflows for request processing (#245).

  • Added a specialized facility for creating, managing, and running reports(02b3e833). The reporting facility defines a dedicated user interface (corteza-webapp-reporter).

  • Extended Low Code feature set:

    • added role based filtering to user module fields (da181c30),

    • added advanced record list filtering using field-specific filters (5e7e8ce5),

    • added a comment page block (1032399f), and general UI/UX tweaks for easier navigation,

    • added configurable module field descriptions and hints,

    • Added an additional namespaceID parameter when searching over namespaces (21a3c5e6).

  • Added a fake data generator which can be used to create placeholder records and users (#216). The data generator is invoked through the CLI @todo CLI ref.

  • Added support for entire Low Code namespace duplication, import, and export directly from the Low Code interface (000664ef, 533b534f).

  • Extended authentication feature set; allowing authentication sessions to be manually revoked (#254, #210, 1cb2e64d), improved the users CLI commands with additional options (bed63c4f, e4cd1f5b), and added the client_credentials and user impersonation (b245726c, 25e4d11f). The authentication clients user interface now provides a series of cURL examples for interacting with authentication clients (16ae4c22).

  • Added support for SAML authentication providers (#188, aedb2aef, 670b1609).

  • Added *.search RBAC access control operations for all resources 92d2de86, f630a3d9, 0a388382.

  • Added support for automation which is triggered before or after a user is suspended (13fc9d26).

  • Extended Workflow feature set:

    • added the invoker and runner credentials in the initial scope (806dbfaa),

    • improved trigger validation based on the workflow configuration (f40f7982),

    • added functions to interact with the RBAC facility (89ae50db),

    • improved the user interface to display configuration and debug errors (the triggers now also show errors),

    • added an indicator for when the workflow try-run is running.

  • Expended the feature set of the expression engine:

  • Improved system setup and configuration flow as well as overall stability (5a67ecf7, a94e39b3, a229d0ec):

    • Added option to limit the number of users (1b3a811c),

    • Added support for .env file configuration from arbitrary location via the --env-file command parameter ({SERVER_COMMIT_BASE6496027a[6496027a]}).

  • Prepared the store infrastructure for cockroachDB support (109e23fc).

  • The user interface of the Corteza web applications was changed to increase consistency, accessibility 58aa46ee, 89ad4311, and better user experience. More notable changes:

    • the navigation was moved under the left sidebar,

    • the top bar defines shortcuts to the more common operations related to the viewed page,

    • the module field picker was completely reworked (8364da10).

  • Changed the file field preview to show the last uploaded attachment when the single image option is selected (2d593af0).

  • Reworked the RBAC access control facility allowing greater flexibility with resource-specific rules, contextual roles (2f2c055e), and improved logging (922f4c31). Corteza now defines a series of system users and roles which are used for system tasks, such as provisioning and federation.

  • Low Code module, module field, and record RBAC rule configuration buttons are now located under a single drop-down.

  • Added the reporter webapp to the default list of webapps (e6950812).

  • Changed workflow deferred triggers to ignore and skip empty constraint values (8d9a3d54).

  • Upgraded zap logger to v1.19 (e48ffb2e).

  • Tweaked system logging:

    • replaced errors with warnings for runtime OAuth issues (0cb91793),

    • tweaked log stacktrace and added support for depth level control using the LOG_STACKTRACE_LEVEL .env variable (28e1774c).

  • Moved PROVISION_SETTINGS_ settings into a YAML provision file (2d78ae42).

  • Switch the base image to deb/ubuntu due to library incompatibilities (00ba60e5).

  • Removed PROVISION_SETTINGS_ in favour of a YAML provision file (2d78ae42).

  • Removed the query parameter from the record list filter endpoint (10e8b77d).

  • Removed Google maps from the provisioned application list (d6f24605).

  • Removed obsolete settings for the namespace sidebar and Corteza One (b459bd35).

  • Removed tabs and panels on Corteza One.

  • Fix broken links in README (7974ca65).

  • Fix inconsistent grant-validGrant auth client JSON prop name (40ddb9db).

  • Fixed attachment upload errors when an empty attachment or an ico file were uploaded (f5532acf).

  • Removed unneeded content from the served webapp content evaluation check (3638ecac).

  • Fixed failing mount when webapps are disabled (63dbe702).

  • Exclude deleted reminders from the reminder list API endpoint (9f74d5c0).

  • Prevented duplicate values on multi-value selection fields.

  • Fixed the task duplication bug on calendars (2e322054).

  • Fixed namespace searching be case insensitive (5ce9572d).

  • Fixed improper actionlog type casting which resulted in broken log messages when the front-end technology stack was unable to parse the values (5ac8790b, d1ccbc3e).

  • Fix invalid error message if the user is not allowed to search over namespaces (7cf6c18d).

  • Fixed missing notifications across web applications.

  • Fixed typos in envoy error messages (0a241fab).

  • Fixed notifications disappearing when changing the current page.

  • Fix ClaimsToIdentify to return identity with all authenticated roles (67d7882b).

  • Added missing access control properties to resource responses (774354d6).

  • Addedd missing access control checks for reminders (03344782).

  • Fixed improper admin webapp permission display if the user does not have sufficient permissions..

  • Fixed improper automation session state representation for prompted sessions (234d3795).

  • Fixed expression function parameter and return value casting for string functions.

  • Added missing federation structure sync response wrappers (8ee91eb7).

  • General stability of the system has been improved.

  • CLI commands now use the system user when executing commands (dca5757f).

  • Moved import/provisioning access control from Envoy to the invoking service (a2b964c5).

  • Defined a proper facility for testing Integration gateway handling logic (6ceadf40).

  • Allow store function codegen logic to define imports specific to them (b95e878c).

  • Build and integration pipelines moved to Github Actions.

  • Removed misleading federation etc/ (d4505482).

  • Removed the long deprecated storybook (76270476).

  • Implemented the C3 feature and applied it to web applications (a318b380, 4c5e2c24).