logoBack to home screen

ADx 2.2.303 (12/05/2020) Patch Release Notes

Overview

This is a patch release to ADx 2.2, fixing a critical repository access control problem where users could access all repositories (even repositories with access set to denied).

Complimentary to the above, we introduced new runtime properties related to the default configuration of repository access control. Please read about Configuration Changes for a detailed description of the new properties.

As a result of new access control implementation, only active repositories are visible in ADx landing page.

For information about the 2.2 release, please read ADx 2.2 Release Notes.

New Installation

You can install this release from the provided package. Follow the Installation Instructions if you're installing from scratch.

Updating Conversion and ADx

For information on how to update the previously installed Conversion and ADx, see the following:

Note that this release includes configuration changes - please update your settings file accordingly if you want to re-use it.

Configuration Changes

This patch introduces new ADx runtime properties related to default repository access control.

Conversion Package

No changes.

ADx Package

In this release, new runtime properties related to repository access configuration are added to the installation settings file. These properties allow you to do the following:

  • Set default access rights (grant or deny);
  • Grant repository access to selected roles;
  • Deny repository access from selected roles.

These properties are explained in the New Runtime Properties section. Please keep in mind that these properties affect only new repositories (created after these properties are set).

If you don't change the default settings, new ADx repositories will still be accessible to all users.

New Runtime Properties

The following runtime properties are added in this release:

PropertyDescriptionDefault
ADX_DEFAULT_REPOSITORY_CONNECTIVITY_PERMISSIONSets the "Connect Default" property in the Access Control Configuration. Possible values are GRANT (default) and DENY.GRANT
ADX_DEFAULT_REPOSITORY_CONNECTIVITY_ROLES_GRANTA comma-separated list of the roles that should automatically get CONNECT access granted (regardless of the current repository setting). For example: "role1,role2".Empty list (no roles assigned)
ADX_DEFAULT_REPOSITORY_CONNECTIVITY_ROLES_DENYA comma-separated list of the roles that should automatically get CONNECT access denied (regardless of the current repository setting). For example: "role3,role4".Empty list (no roles assigned)

The above properties only affect repositories created after the properties were set. In simple terms, the above properties work as follows:

Repository PermissionUser with role in ROLES_GRANTUser with role in ROLES_DENYUser with role not listed anywhere
GRANTCan access repositoryCannot access repositoryCan access repository
DENYCan access repositoryCannot access repositoryCannot access repository

If you want to check the full list of runtime properties available for ADx and Conversion, go to the Runtime Properties page.

Changed Runtime Properties

None.

Removed Runtime Properties

None.

Known Issues

Issues mentioned below have been reported in the previous releases - we are currently working on fixing them.

Known Issues ADx

IssuePriorityDescription
AD-321CRITICALAdd missing indices
AD-354CRITICALADx Admin: Problem when synchronizing Type Definitions form DCTM/CMIS
AD-1096MAJORStopping ADx Tomcat process may take multiple minutes
AD-348MAJORADx Admin: Repository Modification-Status not updated on Update
AD-1204MAJORRepository Filters Don't Return Any Results
AD-1222MAJORIt's necessary to activate a repository twice after changing settings
AD-342MINORHibernate warnings in the log files
AD-341MINORJava warnings with Java 9 and later during startup
AD-311MINOROracle - DbLockManager prints Oracle constraint message

Cannot migrate legacy contents simultaneously

Due to cache database being shared between repositories, it's not possible for now to run multiple migration jobs from a single legacy repository at the same time. You need to wait for the previous migration to finish before running a new one.

Open API doesn't load when ADx runs in cluster

After starting newly installed ADx with Standard repository and trying use Open API, an error occurs:

This problem only occurs on clustered ADx installations. After restarting the ADx node, it should be gone (you can also switch to Swagger 2.0 which works in all situations).

Known Issues Conversion

IssuePriorityDescription
AD-338CRITICALIntroduce roles for conversion
AD-337MAJORMake TF Conversion workbench consistent to ADx
AD-501MAJORtf-conversion user has the admin role assigned
 EXTDOCS-71MINORFix wrong encoding on opening resource in Browser

Minor Warnings

StatusLogger Error

The following error currently appears in ADx console output. It doesn't affect ADx functionality or performance.

ERROR StatusLogger No log4j2 configuration file found. Using default configuration: logging only errors to the console. 
  Set system property 'org.apache.logging.log4j.simplelog.StatusLogger.level' to TRACE to show Log4j2 internal initialization logging.

Tomcat Shutdown Warning

The following warning is sometimes thrown by Tomcat when stopping the service:

./tribefire-console-stop.sh
...
Tomcat did not stop in time.
PID file was not removed.
To aid diagnostics a thread dump has been written to standard out.
Tribefire Host stopped.

This happens when shutdown takes longer than Tomcat expects. Shutdown may take several minutes, which will result in this message being printed out. This warning could appear on both Conversion and ADx.

Java Warnings

When using Java 9 or later, the following warning may appear in application logs and also during installation procedure:

WARNING: An illegal reflective access operation has occurred
WARNING	: Illegal reflective access by com.braintribe.model.processing.itw.asm.AsmClassLoaderWrapper$1 (file:/path/to/instant-type-weaving-1.0.28.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int)
WARNING: Please consider reporting this to the maintainers of com.braintribe.model.processing.itw.asm.AsmClassLoaderWrapper$1
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release

Ticket: https://jira.braintribe.com/browse/AD-341

Hibernate Warnings

The log files may contain Hibernate-related warnings. They can be identified based on the fully qualified class which starts with org.hibernate, as in:

WARNING org.hibernate.tuple.entity.EntityMetamodel 'HHH000084: Entity [com.braintribe.model.user.User] is abstract-class/interface explicitly mapped as non-abstract; be sure to supply entity-names' [TribefireServices-2.0:tribefire-services#initialize,ApplicationLoader:/tribefire-services#initialize]

Ticket: https://jira.braintribe.com/browse/AD-342

These warnings do not affect the functionality of the application and can be ignored. We are working on a fix.