Release notes
Nov 08 2023
FORMCYCLE 7.4.6
Fixes
Web forms
- If a minimum value was configured in an input field by another data type and then changed to the regular expression data type, the minimum value is no longer checked, but now the stored regular expression.
Workflow Designer
- With the Word Fill action, uploaded images from dynamic upload elements are displayed correctly again.
- When saving the workflow, the user who last edited the form is updated in addition to the modification date.
- For workflow actions of the type database query and LDAP query with parameters in the form of a question mark, the specified values for the parameters are now transferred to the query in the order entered. With more than 9 parameters, the 10th parameter was transferred between the 1st and 2nd parameter due to incorrect sorting.
- A problem with the workflow action of the type PDF fill has been fixed, where some Unicode characters such as umlauts or other characters could not be inserted into the PDF. This is now possible again if the font used supports this.
- The Word fill functions rmr(), rmtp(), rmp() and rmt() now also delete if no argument has been specified and the value to be checked is empty.
After updating a form, the configuration of a Word Fill action is now correctly applied again.
Inbox
- An error in the creation of project-specific mailbox views has been fixed.
Backend
- With the "Azure AD" authenticator, all user groups are now read from the AD. Previously, the query of user groups was unintentionally limited to 20.
- When sending many forms with appointment selector at the same time, it could happen that several appointments with the same date were booked. * This has been adjusted so that double bookings are no longer possible.
- Forms with tags can once again be updated correctly with a form export that uses the same tags.
General
- Updating dependencies to prevent vulnerabilities
Checksums
Aug 01 2023
Jun 30 2023
FORMCYCLE 7.4.5
Fixes
- As a precation, update some dependencies due to the reported vulnerabilities CVE-2023-33201, CVE-2023-34623, and CVE-2023-34462. Note however that we are not aware of any attack vectors regarding Xima® Formcycle currently.
For plugin developers
- You can now access header parameters from the HTTP request in plugins such as pre-render plugins. To do so, use the newly added method "IFormRequestContext#getHeaderParameters()".
Checksums
Jun 20 2023
FORMCYCLE 7.4.4
Fixes
Designer
- Select elements that are added to the form via drag & drop always use the default select options again ("Option 1", "Option 2", "Option 3"). Due to an error in version 7.4.3, the options from a previously created select element were used occasionally.
- Fixed an error where the workflow designer could not be opened anymore when the selected authenticators of a state were previously saved in an incorrect manner by the application.
- Pages cannot be moved below the footer area anymore in the form designer. Additionally, you can fix forms with pages under the footer area by dragging the page with the mouse and dropping it onto the footer area. This will put the the page above the footer again.
Workflow
- Fixed an error in the PDF fill action when a specific font is selected. For fonts with an old font format, the PDF fill action sometimes failed with an error.
- Identity provider plugin with a custom user interface work correctly now, even when installed as a client plugin.
Misc.
- Updated several dependencies to prevent potential vulnerabilities.
Checksums
May 11 2023
FORMCYCLE 7.4.3
Fixes
- Fixed an error when sending mails via the system mail server. Once the system mail server settings were saved once, mails could not be sent anymore, and a server restart was required.
- Permissions when writing files to the file system are also inherited properly now when the old workflow is used.
- Fixed an error when updating a form. The error occurred when the uploaded form contained a workflow version with the same technical ID as an existing version.
- Options for select elements from plugin catalogs are not extended with the default options anymore. For example, when a select field had two options, the third default option with the name "option 3" was added.
Checksummen
Apr 17 2023
FORMCYCLE 7.4.2
Fixes (web forms)
- Empty formula conditions do not result in a script error anymore. Empty conditions are treated as "true".
- Improved performance for formula conditions.
- Form elements hidden via conditions are not shown anymore when the media type is set to "print".
- When a form element is initially hidden and has the option "clear if hidden" enabled, existing values are now cleared again.
- When a form element is disabled by a condition, validation error messages are removed if any were present.
- Improved error message when a file was uploaded that exceeds the upload limit which was configured via System -> General.
- Fixed an error that occurred when FORMCYCLE was running on a Windows server and a file with a colon in the file name was uploaded.
Fixes (backend)
- The workflow section in the generated form overview PDF is displayed correctly again.
- More resilient reconnection attempts when the connection to a frontend server was lost.
- Fixed an error in the inbox when the subject of a form record contained special control characters such as U+0002.
Checksummen
Mar 28 2023
FORMCYCLE 7.4.1
Changes
- Increased the character count limit for the description of an appointment template
Fixes
- When creating new directories via the workflow action "Save to file system", permissions from the parent directory are inherited correctly again.
- Fixed an error when sending forms via the offline plugin.
Checksummen
Feb 20 2023
FORMCYCLE 7.4.0
Features
Backend
- Previously, you could already use certain types of placeholders in database and LDAP queries. Now you can also make use of user placeholders such as [%USER.id%] or [%LAST_USER.id%]. If a database or LDAP query is initiated via AJAX from a web form, it is important to send the current ID of the form session via the frid parameter for this to work. The code editor offers a code template for database and LDAP queries which already contains this parameter.
- In the appointment management menu, you can now enter a custom subject and description, which is used for the events in the ICAL calendar file for an appointment. You can also enter placeholders or I18N variables.
Form designer
- When you choose a data source (e.g. database or LDAP query) for the options of a select element, you can now also configure a column for the title of each option, in addition to the display label and value of the option. When the select element is displayed as a list of checkboxes or radio buttons, the title is shown to the user when they hover over an option with the mouse.
- In previous FORMCYCLE versions, the values of all columns from a data source were always added to the select element as data attributes (e.g. data-col0, data-col1). Now you can deactivate this behavior so that such attributes are not generated any longer. This may be useful in case the data source contains sensitive data you do not want to make public.
Changes
Backend
- For each appointment, you can enable the ICAL URL which contains all booked appointments and can be imported into mail clients or calendar applications. This ICAL calendar now includes the fields X-PUBLISHED-TTL and REFRESH-INTERVAL. This makes it easier for mail programs and calendar applications to decide how often they should check for updates. Currently, this value is set to 1 hour.
- The menu System -> Server information now also list the malware scan directory, which is used to store uploaded files temporarily when the system performs a malware scan.
Workflow
- Due to security concerns, merge fields are not interpreted as HTML anymore when using the workflow action "Word Fill". If HTML is required, use the Word function "html" explicitly, e.g. "tf1.html()".
Form designer
- When you add a condition to a form element (e.g. hidden-if), you can already enter a custom formula such as [%tf1%] == "Test". Starting with FORMCYCLE 7.4.0, this formula can now access the JQuery instance of the current element via the this context. This is especially useful for repeated elements, when you want to access the current element repetition or another element within the same repeated container. For example, if both tf1 and sel1 are form fields within a repeated container fs1, then you can use the formula this.closest(".dynamic-row").find("[data-org-name='sel1']").val() === "5" for tf1 in order to check whether the corresponding select field from the repeated container sel1 has a value equal to 5.
Fixes
Backend
- Form export files with a manually created state that was named Received can now be imported correctly again.
- Various small bug fixes and security improvements. In particular, used libraries were updated for this purpose.
Frontend forms
- External users from an OpenID Connect identity provider can now log in to web forms again even when they open the form on a frontend server.
- The automatic upload feature for upload elements works correctly again even when forms are integrated via AJAX into a third-party page.
- When a form contains an appointment picker and server-side validation was enabled for any element, the selected appointment got cleared in case the form was submitted with invalid data and the server rejected the form submission. This has been fixed so that the selected appointment now remains selected.
- When an element is repeated, you can defined a repeat trigger such as a text field that controls the number of repetition. When a new repetition is added, the value of the repeat trigger text field is updated, and vice-versa: When a different number is entered in the repeat trigger field, new repetitions are added or existing repetitions are removed to reflect the new value of the repeat trigger. In the first case, when new repetitions were added, the initial state of conditions such as hidden-if for the new repetition were sometimes not evaluated correctly.
- Affects select elements for which the autocomplete option is enabled:
- FORMCYCLE generates an <input> element in addition to the <select> element. The name of the <input> element contains the suffix _autocomplete. (e.g. sel1_autocomplete), but the data-name attribute did not. This was fixed so that the data-name now also contains the derived name with the suffix.
- Since FORMCYCLE 7.0., when a condition references an autocomplete element, the entered text of the input field was erroneously used instead of the option value. For forms in multiple languages, this could not work. This was fixed so that the option value is now used. To preserve backwards compatibility, a new option was added to the form designer that can be found in the properties panel to the right, at the bottom of the Form tab in the advanced section: Use option text for conditions referencing an autocomplete element. For existing forms, this option is enabled; for new forms, this option is disabled. We recommend that you keep this option disabled and do not enable it.
Form designer
- Fixed a bug where the CSS classes of the most recently selected element was applied to all selected elements. This bug only occurred when multiple elements were selected at the same time.
- The setting for the W3C compliant mode now defaults to disabled for old forms again. It is still enabled by default for new forms.
Workflow
- The dialog for loading unsaved changes is now closed again after you press a button.
- When executing an HTTP request action and the server responds with a redirect (HTTP header: Redirect) and the redirect is a relative URL, that URL is now resolved against the request URL. This is correct as specified by RFC 7231. Previously the URL was not resolved at all.
- There is also a new option that lets you choose how to resolve relative URLs: against the request URL, against a custom URL, or not at all.
For plugin developers
- You can now access the data of the current form request session ("FRQSession" ) within plugins of type IPluginFormPreRender, IPluginFormPrePersist, IPluginFormPreProcess, IPluginFormPreResponse as well as in workflow action plugins and possibly also placeholder plugins. Furthermore, you can also write values back to the FRQ session via the return value of IPluginFormPreRender, IPluginFormPrePersist, IPluginFormPreProcess, IPluginFormPreResponse, and workflow action plugins.
- Plugins of type IPluginFormPreRender are usually only executed when a form is opened via the /form/provide URL. Now you can opt-in to have your plugin get executed in other situations as well, such as when opening a form in the inbox or when printing a form via a print services. To do so, override the shouldExecute method of the IPluginFormPreRender plugin.
- Various libraries have been updated
Checksums
Jan 23 2023
FORMCYCLE 7.3.0
Features
- Support for sending emails via via the Microsoft Graph API. This lets you use Microsoft Office 365 accounts for the email server configuration. See system email server and client settings
- Added a new URL parameter jsonPath to data query URLs (CSV, XML, JSON, database, and LDAP data sources). These URLs all return a JSON object with the requested data. When a jsonPath is given, only the data at that JSON path is returned. This makes it easier to filter for the data which you want to retrieve.
- The form designer lets you configure whether a form element is available or not, depending on the form record's state the user's user group. When it is not available, the value of that element is not shown in the data table in the inbox. A new role permission was added that lets you configure this behavior. When a user was granted that permission, they can see the values of all form elements, regardless of whether they are available.
Changes
- Improved support for direct authentication methods for forms (e.g. via header parameters):
- When the user open a form, an attempt to authenticate the user is made once for each configured direct authentication method.
- In case neither direct authentication was successful, and if at least one indirect authentication method (e.g. system login) was configured, the login prompt is shown to the user.
- In case neither direct authentication was successful, and no indirect authentication methods were configured, the HTML template Login failed is shown to the user.
- Replace the existing XSLT engine with a newer engine. The new engine now also supports XSLT 3.0, XPath 3.1 and XQuery 3.1. Because the XSL parser of this engine works a bit stricter than the old engine, small incompatibilities with wrong XSLT may be possible. An overview of known errors can be found under XSL transformation
- Rework the mail server configuration and mail server placeholders:
- As the system administrator, you can allow each client to, or prevent them from making use of the system mail server.
- As the system administrator, you can allow each client to, or prevent them from configuring a custom client mail server.
- The default values form the system mail server for the sender address and the sender name can now also be changed by each client.
- The placeholders [%$CLIENT_MAIL_SENDER%] and [%$CLIENT_MAIL_SENDERNAME%] are now deprecated. You should use the placeholders [%$DEFAULT_MAIL_SENDER%] and [%$DEFAULT_MAIL_SENDERNAME%] instead. The deprecate placeholders are still replaced, but should not be used anymore.
- When neither a client nor a system mail server was configured, or the system mail server cannot be used, workflow actions that require a mail server are not available anymore.
Fixes
Frontend forms
- Fixed an error with disabled fields when an existing form record is opened again.
- Fixed an error when multiple JavaScript files are concatenated if a form is opened with inline mode enabled (URL parameter xfc-rp-inline=true).
- Forms which require a direct authentication (e.g. via a header parameter) are now displayed correctly again.
- The appropriate error template is now shown again when a form requires authentication via Kerberos and that authentication failed.
- Fixed an error with visible-if conditions when the element is also repeated.
- Fixed an error with the login process when the form was embedded in an external page via AJAX and a login service with popups was used.
Form designer
- Allow the data-force-validation attribute in the form preview within the designer.
- Better error handling for invalid autonumeric attributes when opening a form.
Workflow
- Fix an incompatibility with the workflow action "Process log as PDF" where the action from existing forms was sometimes not recognized.
- Fix a rendering error when printing a web form. A printed form sometimes contained tall empty sections when invisible containers were used.
- Fix a bug in the Word fill action. When a PDF was using hidden Word controls, the base64img function did sometimes not insert the image correctly.
Inbox
- Fix localization for the event status of when using the iCAL URL for an appointment configuration.
- Remove the limit on the number of characters in form specific inbox views.
- When you change the subject template form record, all form records are update. This update no longer fails when the subject of single form record could not be update. All other form records will still get updated now, and an error message is displayed at the end.
- Values from question elements are now shown properly in the inbox; and are also included in Excel and XML exports.
Checksums
Oct 27 2022
FORMCYCLE 7.2.1
Features
- Two new action for converting between files, base64 strings, and data URIs. This can be helpful e.g. when you want to embed images into a document as a data URI.
- See the actions Decode Base64 and Encode Base64
- You can now set the HTTP headers Content-Security-Policy and Content-Security-Policy-Report-Only via System, General. It is possible to set different headers for the frontend and the backend.
Changes
- You can now directly change the name, tags, description and group of a form when you import a form into Xima® Formcycle.
- Reduce verbosity of protocol entries for soft errors when a file could not be resolved in the workflow.
- It is possible to send automatic emails when the system is updated. When an update is started, but the system is already up-to-date, a different email with an appropriate text is now sent.
- The PDF importer now lets you change the text of checkboxes and radio buttons before you import the form element into the form.
Fixes
Frontend-Formulare
- Buttons that are disabled do not get enabled anymore after the form was submitted
- Improved keep alive mechanism for form session.
- The generated script for embedding forms via the API now also works in the header of a web page.
Form designer
- Auto completion for the CSS classes in the form designer now works again for all available classes.
- Fixed minor error with the presentation of the form within the form designer (relative URLs from @font-face rules are again resolved against the proper base URL)
- Changes in the rich text editors are now applied faster.
- When the builtin resource 031-extended-min.css is overloaded, this overload is now also respected within the form designer, so that the form looks the same in the designer.
Workflow
- When you use the action PDF fill to fill PDF documents that conform to the PDF/UA standard, the resulting PDF document also conforms to the PDF/UA standard.
Inbox
- Exporting selected form records as Excel or XML document is now possible again.
- Fixed a performance issue with many form records in the inbox.
- Booked appointments in the calendar view of the inbox are shown with colors again.
Backend
- Update Dutch translations.
- Small UI fixes in the backend and the designer.
- Update the dependency commons-text to 1.10, due to the potential vulnerability CVE-2022-42889.
- Improved security for the form designer and the backend in general.
For plugin developers
- Authenticator plugins (IPluginAuthenticatorType) can now supply a custom UI for the external users configuration in the backend.
- When a IPluginCallbackLogic plugin is used, the default allback logic is not executed anymore, only the callback logic of the plugin.