Version 7.0 release note
This release note corresponds to the future first minor version of the next major version 7.
It is in EARLY ALPHA heavy development stage. It means it is ABSOLUTELY not yet suitable for production nor just for development and testing.
This release note is also in its early redaction stage.
Compatibility breaking changes
Among the reasons for this version to be the first minor version of a new major version are the changes at the level of the underlying technical components:
- JVM level
- Tomcat version
JVM related
The platform is now compiled at JVM level 21 (vs 17 for previous major version 6 and 11 for previous major version 5).
There is no impact unless certain Java APIs, which have been deprecated for several versions and may have been removed from the JVM, are used.
The *-latest Docker images have been built with JVM 21+ since major version 6 (JVM 25 for this major version 7).
Deprecated Java API usage should already have resulted in compilation warnings or errors within the platform; therefore, the JVM level change at platform level should not have further impact.
Tomcat related
The target Tomcat version for major version 7 is now Tomcat 11.
Tomcat 11 uses Jakarta EE 11 instead of JEE 8, which was used in previous Simplicité version's Tomcat 9 target.
As a result, imports such as javax.servlet.* must be updated to jakarta.servlet.*.
Typically, the usage of these packages occurs in the following platform hooks: customStartPage, customErrorResponse, and customAuth/customAuthPage.
For customized Docker images at the Tomcat level, note that version 7.x images use Tomcat 11, which may have slight differences in configuration files compared to Tomcat 9 used previously. Review and adapt customization Dockerfiles as necessary.
Third party components related
Server-side components
Removed libs
The following outdated third party Java libs have been removed:
- legacy Apache commons
commons-langlibrary, note that thecommons-lang3library is present since major version 5 - legacy Apache commons
commons-collectionslibrary, note that thecommons-collections4library is present since major version 5 - legacy Apache commons
commons-fileuploadlibrary, note that thecommons-fileupload2-*libraries are present since major version 5
If these libraries are required and refactoring is not possible, they may be re-added as needed.
Removed iText lib
As announced in the version v6.2 release note (and recalled in the version v6.3 release note):
- The legacy iText libraries have been removed and the associated helpers
PDFToolandPDFDocumentExternalObjecthave been completely refactored to use the PDFBox libraries. Any code written for iText and/or with the help of the above helper classes must be rewritten accordingly.
Removed grant hooks
As announced in the version v6.3 release note:
- All classes related to legacy grant hooks have been removed. Grant hooks have been deprecated since major version 5
in favor of platform hooks, the refactoring of user session level logic to
PlatformHooksshould have already been done.
Removed system parameters
The following deprecated system parameters have been removed:
GOOGLE_FONT, theme level fonts must be used instead
Client-side components
Librairies locations changes
The historical locations of Bootstrap libs have (finally) been changed.
This may have an impact only if included specifically using hardcoded paths (e.g. in a standalone external object page).
This should not be the case, as Java methods are provided to include these libraries properly without requiring knowledge of their locations (see below).
There is no reason to re-include these Bootstrap libs specifically within a custom component of the generic UI because they are already included.
The changed locations are:
- Bootstrap:
/scripts/jquery/bootstrap5/*to/scripts/bootstrap5/*(the Java methodsHTMLTool.bootstrapJS/bootstrapCSSshould be used instead of hardcoded paths). - Bootstrap date/datetime picker:
/scripts/jquery/bootstrap5-datetimepicker/*to/scripts/bootstrap5-datetimepicker/*(the Java methodsHTMLTool.bootstrapDatetimePickerJS/bootstrapDatetimePickerCSSshould be used instead of hardcoded paths).
Removed GoogleMaps helper lib
As announced in the version v6.3 release note:
The deprecated GoogleMap helper JS tool gmap.js has been removed. Custom code relying on this tool should be refactored
to use the Leaflet helper JS tool, which provides an abstraction layer over map service providers.
Note that existing GoogleMaps inclusion methods continue to include the GoogleMaps JS library,
but code relying on helper functions from gmap.js may require refactoring to use the GoogleMaps JS API directly.
Removed legacy ChartJS
- The legacy ChartJS version 2 has be removed, as is the support for legacy version 3 in the standard charts. The standard charts now use version 4 only. Any custom code written for legacy version 3 (or 2) should be refactored for version 4.
Security-related
After several security audit it appears some of the highly recommended security guidelines are not always taken into account in production which leads to unintentional potential risks.
Therefore it has been decided to change some elements to be more secure by default.
These changes requires some explicit configuration to get the same behavior as it was by default in previous versions.
Default value for security-related system parameters
The following system parameters have new default values:
USE_IO: the default value is nowno(no access to the I/O endpoint)USE_IO_TESTER: the default value is nowno(no access to the I/O tester page)USE_API_TESTER: the default value is nowno(no access to the API tester page)HTTP_HEADER: the default value now is the one indicated in the security guidelines. This has an impact if you use JS scripts, CSS styles sheets, images, ... from external URLs. If so you should customize this system parameter (in particular theContent-Security-Policy) accordingly to your use case (see the description of the system parameter for the usual cases: GoogleFonts, OpenStreetMaps, ...).
Any system parameter can be overridden by the corresponding environment variable SIMPLICITE_<name of the system parameter>.
They can also use [ENV:<name of an environment variable>] substitutions to be fully or partially overridden.
God mode mode disabled by default
For security reasons the critical "god mode" feature (allowing to change user) is not only driven
by the GOD_MODE_USER system parameter (which can be overriden on a per user basis) but also can be
globally enabled/disabled by the platform.godmode JVM argument.
In previous versions this JVM argument default value was true (enabled), now it is false (disabled).
Therefore to enable this feature you must now explicitly set this JVM argument to true.
In Docker images the value of this JVM argument can be set by the GOD_MODE environment variable.
Development mode restrictions
Some additional features have been restricted to development mode:
- The
DBAccesspage is now only accessible when in development mode
As a reminder the development mode is driven by the platform.devmode JVM argument.
In Docker images the value of this JVM argument can be set by the DEV_MODE environment variable.
Long text fields behavior vs truncation
FeatureFlag.TRUNCATE_TOO_LONG_TEXTis set tofalseby default.- the UX/UI is not impacted because field inputs are already limited to the max size
- but the API create/update will get an error if a data is too long (against data truncation in 6.3)
UI constant Simplicite refactored as ES module
The new ES module Simplicite has been refactored to clean its root data. Now the Simplicite interface contains only:
Simplicite.Globalscontains now all global variables from back-end: application infosROOT,URL,FULL_VERSION,ENDPOINT... and user's common propertiesLOGIN,LANG, etc.Simplicite.Applicationhas been preserved (same as$app) to contain all model constants:CONTEXT_*, fieldTYPE_*,TRUE/FALSE, etc.Simplicite.Ajax: unchanged namespace of model layer with ajax services toSession,Grant,BusinessObject,BusinessProcess, etc.Simplicite.UI: unchanged namespace of UI layer, controllers and viewersSimplicite.Diagram: SVG diagram modeler
Unsupported Ajax service call with a callback function
As announced in 6.3 release notes, the function callback as (first) parameter are no more supported in Ajax services.
Those functions should be moved in a then statement before upgrading to V7.
Example for a search service:
// Wrong syntax: this callback won't be called and filters not applied correctly
obj.search(list => { ... }, filters);
// Good syntax with promise since V6
obj.search(filters).then(list => { ... });
Deprecations
JVM level
All JVM core APIs marked as deprecated since version 17 should be refactored to prevent future potential JVM-level compatibility issues (see above).
TinyMCE v6
This old version of this HTML editor is not maintained anymore (and the latest v8 is only for commercial usage).
The UI will now use the open-source Quill component instead of TinyMCE (see below).
The TinyMCE libs v6 will be kept in this minor version 7.0 of the platform, but they will be removed in next minor version 7.1. If you have some custom UI components using directly TinyMCE you should refactor them to use Quill or use the abstraction layer of the UI API.
Features
Clipboard-able fields
Added a "Copy to Clipboard" setting for Long Text and HTML Content fields. Click the clipboard icon next to these fields to copy their visible content.
Manual API tokens
An action has been added to manually create an API token for predefined durations.
This action is implemented at the SimpleUser level and thus can be granted to any inherited objet of this low level user object.
It is by default granted to administrator profiles on the User system object.
Enhancements
Mentioned notification
A mentioned user (@user) will receive a notification (SocialPostMention notification) when a post is created.
Notification channels / content can be overridden via User interaction > Notifications > Notifications > SocialPostMention.
Flatpicker datetime picker
Date-time picker has been replaced by flatpickr:
- previous one can be loaded but is deprecated
flatpickrsupports dark/light themes with many features: pick a period, or several dates/times, exclude dates, show 2 months...- plugins have been added to show buttons (today/now, reset, close), and to pick a year or a month directly according to the field rendering,
- manage focus and toggle button for accessibility, arrow keys to change day (+ctrl to change month/year), enter/esc,
flatpickr(input, options)can be used directly in specific input/component- and the API
UIFieldDatetime.datePickerto get an input group with a date-picker is still compatible with previous implementation:
/**
* Get a datepicker input-group
* @param ctn optional container to append the picker (default is the input-group)
* @param options options
* @param options.input optional input element (create one if not specified)
* @param options.type $ui.TYPE_DATE (default) or $ui.TYPE_DATETIME or $ui.TYPE_TIME
* @param options.rendering optional field rendering
* @param options.autoopen true to open the picker on click
* @param options.clear true to add a clear button
* @returns input group with input and buttons
* @function
*/
UIFieldDatetime.datePicker(ctn: Container | null, options?: {
input?: JQuery,
type?: number,
rendering?: string,
autoopen?: boolean,
clear?: boolean
}): JQuery;
Maker Experience
Source file search
Integrated a search bar in the code editor to find a specific source file
Technical
Quill editor
HTML editor TinyMCE has been replaced by Quill V2
- With new
$ui.options.quillOptionsto define the default toolbar, with the themesnow $ui.options.tinymceOptionsand the loader$ui.loadTinyMCE()still load theTinyMCE V6, but they are now deprecated and no more used by the generic UI.
Basic usage in your UI component (external object, hooks...):
$factory.Quill().then(Quill => {
// Set value with DOM content
const div = $("#mydiv").empty();
const quill = new Quill(div[0], { theme: 'snow' });
const delta = quill.clipboard.convert({ html: "<p>Hello world</p>" });
quill.updateContents(delta, "silent");
div.data("quill", quill); // attach the quill instance for further usage
});
// ... and later to get HTML from editor
const html = $("#mydiv").data("quill").getSemanticHTML();
JDBC drivers location
The JDBC drivers JAR are now located in the webapp's WEB-INF/lib along with other 3rd party libs.
They have therefore been removed from the pre-configured Tomcat 11 package used on the SIM servers and embedded in our standard Docker images.
Optional importspec version
The version attribute can now be omitted to avoid version check. If the attribute is absent the import is processed regardless
of the current version of the module if already imported.
This can be useful, for instance, to force the re-import of a module.
Git tag importspec
When the import specification of a module uses a Git repository the version attribute (if set) is now used to find a Git tag:
- if the Git tag specified on the
versionattribute is found, the import is done on the tag (note that the cloned Git repository is then in "detached HEAD" state on which no commit, push or pull is possible, you can still delete it if needed). - if the Git tag specified on the
versionattribute is not found in the repository, an error is raised - if no
versionattribute is specified, the repository is checked out on the head
External objects HTTP headers
It is now possible to add custom HTTP headers to the external objet's response
(the related methods are addHTTPHeaders, removeHTTPHeaders and getHTTPHeaders).
Note that these headers are added after the platform sets the content type &nd cache-related headers, so only set such headers as custom headers if you know exactly what you are doing.
JSON schema tools improvements
The JSONSchemaTool JSON schema helper class now has a constructor with an explicit JSON schema version argument (VERSION_* constants).
The default constructor now uses by default the Draft v7 JSON schema version