With Corteza 2022.9, we continue to improve system stability, security, performance, as well as focusing on features to help organizations conform to data privacy policies and regulations.

Corteza Privacy

Corteza privacy provides features to help organizations conform to data privacy policies and regulations. With Corteza privacy, we aim to streamline the process of handling different data privacy regulations for low-code applications built with Corteza.

We introduce sensitivity levels which allow the administrators to classify what data is sensitive and on what level it should be treated as. We also introduced two new web applications; the privacy console, which allows the users to overview their data and request modifications and the data officer privacy console, which allows the data privacy officers to manage user-submitted privacy requests.

Redefined record storage

Corteza 2022.9 redefines how data is stored internally to improve performance, scalability, and flexibility. Corteza now supports the administrators to define external databases and configure dedicated, stand-alone data storage locations for modules.

Duplicate detection

Along the redefined record storage, we introduce tools to help prevent duplicate data. Corteza now allows administrators to specify rules to determine if a record entry exists and how the system should handle the duplicate. Currently, the system can either warn about the duplicate record or reject the record creation altogether.

Record revisions

Corteza now supports the administrators configuring Low Code modules to keep track of the changes in their records. The changes are tracked by introducing a revision number and providing a complete history of modifications for each record.

Only changes done from the 2022.9.0 version onwards are tracked. The pre-defined records are considered to be the first revision.

Permission debugging

To simplify the access control configuration process for different user roles, we introduced a new permission debugger, which allows the administrators to check if the resulting access control equals the expected one. The permission debugger is available in all of the permission configuration modal windows, and the Corteza Admin’s general component permissions.

  • The Corteza Reporter’s Group step changed to Aggregate, the old Join step changed to Link and a new Join step was added.

  • The Corteza Reporter’s date() expression function changed to return the entire date without time (the previous version returned the day number), and added a new day() function to retrieve the day number.


Released on: 2022.11.25

  • Added a new label position option for charts with y-axis. It enables you to position the label at the bottom, middle or top of the y-axis. The change was added because the y-axis label was overlapping with the values if they were bigger (18248a2).

  • Added new multi value filter operators (IN and NOT IN) to the pre-filter in the reporter UI. This why users have the ability to filter records using multi value fields. The change was added to bring back the support to filter records using their multi value fields inside reports (560).

  • Added additional configuration for pie, bar, line, and doughnut charts. Three new sections were added - tooltip, legend and offset as well as the options to rotate x and y axis labels (only for bar and line charts). The change was added to give the users more freedom to customize charts (a8d3b83, b2c9de5).

  • Changed the resource list now uses the same component, item count and pagination and it is also enabled for resource lists that support it. Now almost on every resource we show the total item count and we have the ability to go to the next page if there are items. The change was made because the look and feel of lists across Corteza needed to be unified. Also for better user experience and to always know the correct number of how many records/items we have. The change was made by updating and using the reusable CResourceList component in corteza-vue That means we can control the look of all lists from one place (030109b, 229bf12, c67daa7, 06c07d8, 6033433).

  • Changed the requirement to provide a handle when creating a resource is removed and handles are now optional. The change is applied in compose, admin, reporter, and workflow. The change was made because providing a handle shouldn’t be a necessity and resources should have the option to omit it. The change was made by removing the strict handle existence validation (cd86e85, cf21c47, 456c896, 9b88af0, 24b0dda, 34f261a, 3a90a10).

  • Changed the color of the button for confirming the action to accept a privacy request. The change was made to match the colors with the ones when confirming/denying the action to reject a privacy request. The change was made by changing the color to dark blue (d4ed9ff).

  • Fixed the avatar not being clickable on the auth screens on mobile devices due to the login form overlapping the top bar. The fix was made by adjusting the styling of the auth screens and the Corteza top bar (541, 541, 541).


Released on: 2022.11.08

  • There is a known bug where multi-value fields crash the server or produce unexpected results in reports. If your configuration uses reports which utilize multi-value fields, skip this patch version.

  • Changed the workflow step configuration results section when no results are present for execute workflow, function, prompt, and iterator steps. The change was made because the results section was present even if no results were listed for the specified workflow steps The change was made by hiding the results section if no results are present (2b4619a).

  • Changed the uninformative RBAC rule import error messages reported by the provisioning system. The error was uninformative because RBAC rules, in this context, don’t use identifiers. The change was made because the error in question was uninformative and looked like this: failed to complete transaction: store encoder encode rbac-rule []: unsupported resource type '' for RBAC store encode. The change was made by allowing custom error reporting logic for specific resources such as RBAC rules (e2ac9c4).

  • Changed password constraints which saved their values as strings to save them as numbers. Additionally, the labels of the two fields were reworded to match the style of the other inputs in the password constraints section. The change was made because the password constraints were saved as strings; with this change, the constraints will be saved as numbers (aad919f, 703516c, a248000).

  • Changed the documentation about sanitizers and fixed the example links in module field validation tab to now point to the correct anchors. The change was made because the documentation was lacking information about field value sanitization. The change was made by updating the documentation with a new important section describing this behavior and changing the documentation links in the module field configuration to point to validators/sanitizers (9af28f2).

  • Changed record pages to reflect the operation (creating, editing, viewing) in the title of the public page. The change was made because the previous titles didn’t match the consistency of the other page titles. When you were editing a record instead of saying Editing a record page the title was saying Viewing record page, which was wrong. The change was made by changing the translation message of a record in the create, view and edit components (b3ded1b, f7a520f).

  • Fixed incorrect user count from the system metrics report due to system-defined users. The fix was made by excluding system users from the metric report We didn’t exclude them from the total, but they were excluded from the per-day aggregation (fd6465d).

  • Fixed the timestamp in the details of an action log being different as the one in search results. The fix was made by applying a custom formatting to the timestamp (a4596fb).

  • Fixed strict record value duplicate detection, which was preventing record creation with same values for fields for strict duplicate detection validation. The fix was made by validating duplication only for selected field (eac2f07).

  • Fixed sub workflows being unavailable in the workflow execution step after the server was restarted. The issue was caused by the initialization logic excluding sub-workflows from the filter. The fix was made by including the sub-workflows in the initial load, thus resolving the issue (d64b732).

  • Fixed action log search results not showing the correct outputs. The fix was made by fixing the lapsus where the from timestamp was used for both the from and to date range which resulted in no matches (1fa5f39, c63df82).

  • Fixed Low Code namespace export where the name contained characters like /, . broke the export because they broke the URL. The same issue was addressed for record export but with module name. The fix was made by URI encoding the filename and replacing dots with - as that caused the URL to be broken (1f0ea56, 920cc5a).

  • Fixed JSON codecs ident getting set to the field’s name instead of values, when editing a module/configuring field mapping. The JSON codec requires you to specify where the JSON object is located, not the name of the value. Since values are stored in values, the value has to be values (where the JSON is). The bug told Corteza to look for the column with the field name which probably never existed. The fix was made By correctly defaulting the values (580db32).

  • Fixed DAL connection configuration displaying the default DSN connection parameters instead of the configured one. The fix was made by properly merging the default values and user-provided configurations, as well as fixing edge-cases where the configuration was made available after the page had loaded In the later case, the user-provided configuration was never displayed instead of the default values (0b41074, f9f7e92).

  • Fixed using workflowID parameter in workflowList not working because the returning value was getting corrupted in JavaScript due to unsupported uint64. The fix was made by replacing []uint64 with []string for filterworkflowID that corrupted the input value for JavaScript (uint64 vs int64) In addition, the filtering was moved to the store level (ca7d4b0).

  • Fixed DAL code ignoring module ID when doing record lookup. If you wanted to select a record you were receiving the error message: Could not create record: check error messages on the form, and on the form it was saying: record not found This fix ensures proper module ID is used (one from the module field options)when doing lookup. The fix was made By using module-id from module field options and not field’s module ID (a8d2fef).

  • Fixed broken filter and codegen definition for workflow filters which resulted in generating broken filter functionality. Filtering subworkflows with subWorkflow 2 flag in workflowList was not returning any subworkflows. The fix was made by properly applying conditions when sub-workflow filter was used (5b2ba54).

  • Fixed missing dal connection translation by converting its error meta key reference to kebab-case. The fix was made by adding missing credentials translations to the locale under system/credentials (434, 9021d1b, baff7b7).

  • Fixed broken translation due to incompatible fileName case in locale. The fix was made by renaming the file name for resources as per expected format (kebab-case) (b2ad8c2).

  • Fixed record search endpoints needlessly degrading performance by computing totals and paging cursors even when not required. The performance hit was noticeable on larger datasets. The fix was made by short-circuiting processing sooner when totals and page cursor navigation was not required This doesn’t change external behavior as those parameters were not included even tho they were computed (24b5d7c).

  • Fixed data aggregation count function crashing the server when no arguments were provided (count()). The old version allowed this format while the new one did not and it crashed the server. The fix was made by adjusting validations and adding additional exceptions for this specific case (fd3552e).

  • Fixed action log search results did not change if you reset the filter parameters. The filter parameters are reflected in the URL. The fix was made by properly updating the search parameters in the URL (ca14671).

  • Fixed geometry values not being saved when changed manually in inputs. The fix was made by correctly detecting changes on the geometry value since it uses a more complex structure then the rest of the inputs (893e644).

  • Fixed record export filter not interpolating placeholders such as ${userID} which lead to non functional exports. The fix was made by adding evaluation to the record export filter to correctly evaluate and interpolate placeholders (9e9898b).

  • Fixed privacy web apps not being enabled in the default Corteza configuration. The fix was made by adding the privacy web applications to the HTTP_WEBAPP_LIST env variable (c8508f4).

  • Fixed Data Privacy Officer role unable to see or review requests in the privacy web application due to invalid permission configuration. The fix was made by updating provision YAML files with search and read on corteza::compose, corteza::compose:namespace, corteza::compose:module and corteza::system resources Additionally, Data privacy officer permissions were changed to be able to view and edit a privacy request (1d390f9, 69f33fa, 2b35b98, a5e192f, 18a687a).

  • Fixed missing translations for gateway, auth, dal sensitivity, and data privacy. The fix was made by adding the missing translations to corteza-locale (bb29fe2, 56046e9, e64befa).

  • Fixed errors on reports not being captured. The fix was made by properly capturing and displaying errors (8926c04).

  • Fixed required module field flag is not reflected on the corresponding model attribute on the nullable flag. The fix was made by explicitly setting the nullable flag on all attributes when generating models where fields set the required flag (eb89992).

  • Fixed incorrect type encoding for Low Code charts where numbers were represented as strings and references (IDs) as numbers instead of strings. The fix was made by adding a hotfix to assure that these exceptions are properly encoded and presented to Low Code charts The initial issue is on the database level but the exact solution is still up for debate and will be addressed later (55702ec).

  • Fixed Email, File, Number, String, and URL fields not showing validation errors. The error under the field now also indicates the duplicated value. You still need the field on the record itself in order to see the validation error. The fix was made by adding the missing errors component to field viewers that didn’t have it (that is shown for expression fields on record edit) (1cf316c, 6bebd21).

  • Fixed the suspended and revoke access buttons being shown even when creating a new user. The fix was made by only showing those buttons when editing a user (2c35552).

  • Fixed users unable to press the submit button when trying to edit a user and the submit button remaining enabled even if an invalid (or missing) email was provided. The fix was made by properly applying the permissions obtained from the API user object in the webapp User class and correctly updating the form’s state based on the email validation (d585399, 99775e1).

  • Fixed external auth providers not being re-fetched after updating user password. The fix was made by refetching the external auth providers after updating (07de6a6).

  • Fixed gauge chart step name not displaying when value was larger than the largest step. The fix was made by setting the default step name to the largest, since if we find another step where the value currently is, we will use that one instead (808e438).

  • Fixed extra whitespace disappearing when using a rich text editor for the String field. The fix was made by tweaking the configuration for the viewer (adding 'white-space': 'pre-wrap') and the editor (adding preserveWhitespace: 'full' to CRichTextInput parse options) (854e6c8, db1ace1).

  • Fixed being able to submit a federation node form even if URL and name were not defined. The fix was made by correctly validating the form and disabling the buttons as needed (0f5170d, b8a49fd).

  • Fixed ownership information not being displayed on the connection. The fix was made by using the correct value for the field ownership (by switching the value from connectionownership to connectionmetaownership) (d585399, 6e2e2b2).

  • Fixed unable to save auth clients when setting either the valid from or expires at. The fix was made correctly parsing date-time values we get from the API (04c8c4e).

  • Fixed incorrectly displayed error message when un-deleting messaging queue; it was displaying the error message Queue deleted instead of Queue restored. The fix was made Translations were added in locale and applied in admin (7af6c9e, e00a3da).

  • Fixed deleted messaging queues being un-deleted if they were edited. The fix was made by correctly preserving the deleted state when updating the messaging queue (90b5414).

  • Fixed incorrectly passed translations to Results/Namespace, Record and User. The fix was made by correctly passing translations via props and interpolation Previously, part of the translations were passed without using interpolation and the other translations were passed as attributes causing the texts to not be properly translated (bed2dfa).

  • Fixed the Corteza crashing when adding additional DAL connections. The issue was caused by improperly handled initial and empty states for the DAL connection resource. The fix was made adding exceptions to reject default configuration options (no connection params) and properly handling the default state on the web application’s connection editor (55636d9, f5297d3).

  • Fixed file uploads being rejected when specifying what MIME types are allowed or not. The issue occurred due to additional meta tags provided by the files or the underlying libraries. The fix was made by reworking how MIME types are validated by switching from comparing MIME type labels to a more robust library which was already used for detecting MIME types (ab987cc).

  • Fixed disappearing white spaces when using a rich text editor in the String field. The fix was made by adding 'white-space': 'pre-wrap' to String viewer and preserveWhitespace: 'full' to CRichTextInput parse options (a89208f, 854e6c8).

  • Fixed automation button resource translations not preserving between page refreshes. The issue was caused due to improper indexing as well as missing code to apply resource translations to record list selection buttons. The fix was made correcting resource translation indexing to start with 0 instead of 1 as well as adding missing code to correctly apply resource translations to record list selection buttons (7a5e839, 6d58bf4).

  • Fixed record page navigation and sorting issue. The fix was made by improving record iterator implementation for page navigation and sorting and also fixing store drivers to be consistent respective to their query language for dateTime, number, boolean data types (6f04666).

  • Fixed simple equality operator = in the filter query that checks for all values in multi-value fields but only the first one due to the changed encoding of record values. The fix was made by introducing new operators IN and NOT IN and should be used when filtering records containing value inside multi value field (f6e3035).


Released on: 2022-10-13

  • Added support for DAL aggregation on the RDBMS level to improve performance on larder datasets by utilizing existing technology (1215511e2).

  • Changed privacy request comment loading indicator by introducing a spinner (46da70e).

  • Changed Corredor server to use a newer Pino version to the same version as elsewhere to avoid interface collisions (8893f33).

  • Changed Corredor server to no longer start if the provided configuration is invalid. The Corredor server now checks for validity and errors out if invalid (8893f33).

  • Changed JSON handling within the Corteza’s DAL package. We made the change to improve performance when processing a lot of JSON objects by switching to the valyala/fastjson package (ce6d7d02e).

  • Changed multi-value geometry field editor and viewer (32703e4, 46378d8).

  • Changed the API docs to be up to date and include automation endpoints (b03a09812).

  • Fixed memory leaks caused by DAL when running reports. The reporting logic didn’t close the open data sources (5d476dcfa).

  • Fixed invalid resource retrieval, which led to missing logos and fav icons on instances where the server and webapp are split. We resolved the issue by properly determining the URL for this scenario (1079236).

  • Fixed UI/UX issues in regards to the report builder’s tooltip and button sizes (bcf2b36), properly displaying page block headers and footers on plain page blocks (7e8fb2f).

  • Fixed duplicated result argument display on workflow function configuration. The issue occurred due to improper rendering condition (945f287).

  • Fixed expression values not being visible in the configuration sidebar when configuring workflows.

  • Fixed expression values not showing in the sidebar (2bae1bd).

  • Fixed failing namespace export when using namespace with characters such as / and .. The names are encoded before being sent over to avoid these issues (1d2fe47).

  • Fixed record edit/clone button not appearing on all records if no record page is present (71af271).

  • Fixed using ${ownerID} in filters, now properly uses the ownedBy value instead of the currently logged in user (like userID for its value does) (93f7ebc).

  • Fixed the process of undeleting auth clients (e69b0ef, 9ccdcae, 38626bd).

  • Fixed record export when the record count was 0 by preventing the export (2d7a1f6).

  • Fixed performance issues on integration gateway route reloading caused by re-registering all of the endpoints when one was updated (269cdb1ba, 955c4d9b9).

  • Fixed data corruption which was caused by an improper Low Code record value migration (7e4e4d3b5).

  • Fixed exporting records to a specific timezone by encoding the URI params (362ddca).

  • Fix workflow function errors caused by fetching an array of resources. The error was caused by a change in how expression types are determined and is temporarily patched with an edge-case exception (b581fe86a).

  • Improved error reporting on new user sign-up (57721291b).

  • Prevented stored XSS attacks in the logout back link by implying additional sanitation steps to the value (f1f4f4bd1).