You are viewing the documentation for Blueriq 15. Documentation for other versions is available in our documentation directory.

Before you upgrade make sure to read the General Upgrade instructions as well as the Upgrade instructions for previous versions.

The changes are color coded. Orange elements have been changed, Green elements have been added and Red elements have been removed compared to the 14.11 release.

Table of contents

SDK changes

DateValue

The DateValue.parseDate method no longer accepts strings with a time component. Use DateTimeValue.parseDateTime instead.

Removal of R8 export format

In release 15 the ability to read R8 exports have been removed and resulted into the following SDK changeset.

  • Removed package com.aquima.interactions.ds.export.r8

  • Removed package com.aquima.interactions.ds.xml.r8

  • Removed class com.aquima.interactions.test.templates.ApplicationR8ExportTemplate
    • Use com.aquima.interactions.test.templates.ApplicationR12ExportTemplate instead

Package rename of R8 datasources

In release 15 the r8 package name has been removed from the datasource packages in the SDK and resulted into the following SDK changeset.

  • com.aquima.interactions.communication.ds.xml.r8
    • moved classes and subpackages to com.aquima.interactions.communication.ds.xml
  • com.aquima.interactions.composer.ds.xml.r8
    • moved classes and subpackages to com.aquima.interactions.composer.ds.xml
  • com.aquima.interactions.ds.r8
    • moved classes and subpackages to com.aquima.interactions.ds
  • com.aquima.interactions.ds.studio.r8
    • moved classes and subpackages to com.aquima.interactions.ds.studio.r12
  • com.aquima.interactions.flow.ds.xml.r8
    • moved classes and subpackages to com.aquima.interactions.flow.ds.xml
  • com.aquima.interactions.dtree.ds.xml.r8
    • moved classes and subpackages to com.aquima.interactions.dtree.ds.xml
  • com.aquima.interactions.foundation.ds.r8.IXmlGlobalsR8
    • moved and renamed class to com.aquima.interactions.foundation.ds.IXmlGlobals
  • com.aquima.interactions.foundation.ds.r8.XmlGlobalsR8
    • moved and renamed class to com.aquima.interactions.foundation.ds.XmlGlobals
  • com.aquima.interactions.mapping.ds.xml.r8
    • moved classes and subpackages to com.aquima.interactions.mapping.ds.xml
  • com.aquima.interactions.metamodel.ds.xml.r8
    • moved classes and subpackages to com.aquima.interactions.metamodel.ds.xml
  • com.aquima.interactions.portal.ds.xml.r8
    • moved classes and subpackages to com.aquima.interactions.portal.ds.xml
  • com.aquima.interactions.process.ds.xml.r8
    • moved classes and subpackages to com.aquima.interactions.process.ds.xml
  • com.aquima.interactions.project.ds.xml.r8
    • moved classes and subpackages to com.aquima.interactions.project.ds.xml
  • com.aquima.interactions.rule.ds.xml.r8
    • moved classes and subpackages to com.aquima.interactions.rule.ds.xml

Removed classes

  • com.aquima.interactions.framework.documents.DefaultRendererFactory
  • com.aquima.interactions.framework.documents.ibex.IBexLogger
  • com.aquima.interactions.framework.documents.ibex.IBexRenderer
  • com.aquima.interactions.framework.documents.ibex.IBexRendererBase
  • com.aquima.interactions.framework.documents.ibex.IFODocumentHandler
  • com.aquima.interactions.framework.documents.ibex.XmlFoFileLogger
  • com.aquima.interactions.framework.documents.IDocumentsProperties
  • com.aquima.interactions.framework.documents.XmlFoRendererBase

Modified classes

  • com.aquima.interactions.framework.DefaultFactoryManager
    • Removed constructor: DefaultFactoryManager(com.aquima.interactions.portal.documents.IRendererFactory)
    • Removed constructor: DefaultFactoryManager(com.aquima.interactions.portal.documents.IRendererFactory, boolean)
    • Added constructor: DefaultFactoryManager()
    • Added constructor: DefaultFactoryManager(boolean)
  • com.aquima.interactions.foundation.connectivity.IHttpConnection
    • Removed method: getHeaderNames()
  • com.aquima.interactions.foundation.connectivity.impl.HttpConnection
    • Removed method: getHeaderNames()
    • Removed method: setHeaderNames(java.util.List)


Removal of SDK ibex rendering

In release 15 we have removed the ibex renderer from the SDK, which was deprecated in release 14.11, in favor of the document renderer client component and service. If you haven't migrated to the new document rendering service in release 14.11, please follow the migration guide to able to render pdf documents again.

Removal of  R8 project exports

In release 12 we introduced a new export format and to maintain backwards compatibility we added an extra set of properties to still be able to read the R8 exports. In release 15 we have removed the deprecated R8 exports altogether, when using an R8 export the Runtime will log an error stating that exports older than version 12 cannot be read anymore.

You can check if your exports are valid by opening the export's zip and verifying that it contains a file called .projectmetadata.xml. If the file is not present, the export was generated before release 12 and must be re-exported using a Blueriq Studio version 12 or higher.

Trace and Timeline SQL Store component

In release 14.6, the the Timeline SQL Store component was introduced. This allows to store timeline information separate from, or even without, trace information. To ease migration, we allowed the default trace configuration to work for both trace and timeline information. With this release, the timeline and trace components require their own configuration. Also, we changed the timeline database tables to express that they no longer belong to the trace component.

If you require trace information...

you need to configure the Trace SQL Store component. Note that this configuration probably already is in place. The trace-sql-store-without-timeline profile, which existed to ease migration, is no longer available, as the trace component does not store timeline information anymore.

If you require timeline information...

you need to configure the Timeline SQL Store component, if you have not already done so. Note that this component now requires its own datasource and no longer relies on the datasource of the trace component.

If you have an existing database with trace and timeline tables...

you need to upgrade the database tables to the new timeline tables. Use the scripts for your database in the Blueriq release zip: Runtime\Java\Webapp\DBScripts\blueriq-component-trace-sql-store\upgrades\15.0.0. Note that this scripts assumes the trace and timeline tables reside in the same database.

Trace event publisher

The Trace Event model version 1.0, which was deprecated in release 14.10, is removed. Only version 2.0 of the Trace Event model remains available. As a consequence, the property that allowed to still use the deprecated version, blueriq.trace.event.publisher.channel.amqp.version=1.0 is also removed.

Secure session cookie

We removed support for the BLUERIQ_SECURE_SESSION_COOKIE environment variable, which was deprecated in Blueriq 14.6.1. You should set a property to enable this behavior, as explained in Security: Blueriq session and cookie.

More secure defaults

To improve the default security configuration of the runtime this release has changed various configuration defaults to enable best practices by default.

redirect-url-whitelist

It has been made mandatory to configure a redirect URL whitelist for use with OpenId Connect's redirect_uri  and the error-redirect query parameter of several API endpoints. Previously, any redirect URL would be honoured when no whitelist had been configured, but this allowed open redirects to malicious URLs. The blueriq.security.redirect-url-whitelist  must now be configured with a comma-separated list of allowed redirect prefixes.

Content Security Policy

Starting with Blueriq 15.0, the default value for the Content-Security-Policy header in Runtime HTTP-responses has been changed. The default for all flags has been set to 'self'. This provides additional security to end users, by not allowing inlined resources or resources that are hosted on a different domain than the Runtime to be parsed by the user's browser. This may include images, fonts and third party scripts. To change these defaults, please refer to: Security: Clickjacking protection.

For users of the Material Theme: a profile named material-theme has been added which configures the CSP directives script-src and style-src to be compatible with the Material Theme. This profile is enabled by default, but you may have to add the profile if a custom bootstrap.properties  is present. When changing these CSP directives, disable the material-theme profile to ensure that your own properties defined in application.properties are not overwritten by this profile.

For users of alternative themes: the profile named material-theme may be disabled in bootstrap.properties.

Runtime API authentication

The endpoints of the runtime backend APIs have changed their authentication scheme from being OAuth2 based to just Basic authentication. This has been done as you could only use OAuth tokens requested from the runtime itself using a password  grant, such that using OAuth did not achieve an additional level of security compared to using Basic authentication nor was it possible to use external authorization servers.

The primary effect of this change is that the /api/v1/oauth/token  endpoint is no longer available. Requests to this endpoint have to be removed, and the usage of the access_token  that was extracted from its response as a Bearer  token in the Authentication  header of subsequent requests has to be replaced with a Basic  authentication token with the username/password that used to be used when requesting a token.

Another difference you may encounter is that unauthorized requests will now respond with a 401 Unauthorized HTTP status code instead of 403 Forbidden.

AQ_SoapServiceClient security configuration

The security configuration for AQ_SoapServiceClient has changed. The blueriq.soap.security.* and blueriq.connection.[name].soap.security.implementations properties have been dropped in favor of the blueriq.soap.interceptors.security.* and blueriq.connection.[name].soap.interceptors properties. With these changes, the security can be configured for both the BAAS and the AQ_SoapServiceClient in a similar way. For more information on how to configure AQ_SoapServiceClient security with the new properties, please refer to WS-Security.

One aspect of these changes mean that a timestamp is no longer automatically added when a signature interceptor is configured that signs the {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp  element.  Previously, Blueriq would automatically detect that the timestamp element was being signed, implicitly activating the creation of the Timestamp  element. With the new configuration, it is now required to explicitly enable the timestamp  action in the configuration yourself.

Please note that with these changes, we dropped support for the UsernameToken WS-Security profile in AQ_SoapServiceClient.

Support for the UsernameToken profile has been reintroduced for AQ_SoapServiceClient in Blueriq 15.11.


Renamed properties

In Blueriq 15.0, some properties have been renamed:

  • blueriq.user.headers has been renamed to blueriq.session.headers
  • blueriq.connection.headers has been renamed to blueriq.connection.sessionHeaders
  • blueriq.connection.[name].http.headerNames to blueriq.connection.[name].http.sessionHeaders
  • blueriq.connection.[name].soap.headers has been renamed to blueriq.connection.[name].soap.sessionHeaders

Removed properties

in Blueriq 15.0, some properties have been removed:

  • blueriq.exports-r8 properties have been removed.

  • blueriq.legacy.single-field-instance-list-pagination

  • blueriq.migrate.displaynames.endpoint
  • blueriq.scheduler-quartz.enableTaskMigration

Known issues

For an overview of known issue please refer to: Known issues.

Didn't find the answer you were looking for? Try the advanced search