- Release notes
- News
Download
- As a precation, update some dependencies due to the reported vulnerabilities CVE-2023-33201, CVE-2023-34623, and CVE-2023-34462. Note however that we are not aware of any attack vectors regarding Xima® Formcycle currently.
- You can now access header parameters from the HTTP request in plugins such as pre-render plugins. To do so, use the newly added method "IFormRequestContext#getHeaderParameters()".
Download 7.4.4
- Select elements that are added to the form via drag & drop always use the default select options again ("Option 1", "Option 2", "Option 3"). Due to an error in version 7.4.3, the options from a previously created select element were used occasionally.
- Fixed an error where the workflow designer could not be opened anymore when the selected authenticators of a state were previously saved in an incorrect manner by the application.
- Pages cannot be moved below the footer area anymore in the form designer. Additionally, you can fix forms with pages under the footer area by dragging the page with the mouse and dropping it onto the footer area. This will put the the page above the footer again.
- Fixed an error in the PDF fill action when a specific font is selected. For fonts with an old font format, the PDF fill action sometimes failed with an error.
- Identity provider plugin with a custom user interface work correctly now, even when installed as a client plugin.
- Updated several dependencies to prevent potential vulnerabilities.
Download 7.4.3
- Fixed an error when sending mails via the system mail server. Once the system mail server settings were saved once, mails could not be sent anymore, and a server restart was required.
- Permissions when writing files to the file system are also inherited properly now when the old workflow is used.
- Fixed an error when updating a form. The error occurred when the uploaded form contained a workflow version with the same technical ID as an existing version.
- Options for select elements from plugin catalogs are not extended with the default options anymore. For example, when a select field had two options, the third default option with the name "option 3" was added.
Download 7.4.2
- Empty formula conditions do not result in a script error anymore. Empty conditions are treated as "true".
- Improved performance for formula conditions.
- Form elements hidden via conditions are not shown anymore when the media type is set to "print".
- When a form element is initially hidden and has the option "clear if hidden" enabled, existing values are now cleared again.
- When a form element is disabled by a condition, validation error messages are removed if any were present.
- Improved error message when a file was uploaded that exceeds the upload limit which was configured via System -> General.
- Fixed an error that occurred when FORMCYCLE was running on a Windows server and a file with a colon in the file name was uploaded.
- The workflow section in the generated form overview PDF is displayed correctly again.
- More resilient reconnection attempts when the connection to a frontend server was lost.
- Fixed an error in the inbox when the subject of a form record contained special control characters such as U+0002.
Download 7.4.1
- Increased the character count limit for the description of an appointment template
- When creating new directories via the workflow action "Save to file system", permissions from the parent directory are inherited correctly again.
- Fixed an error when sending forms via the offline plugin.
Download 7.4.0
- Previously, you could already use certain types of placeholders in database and LDAP queries. Now you can also make use of user placeholders such as [%USER.id%] or [%LAST_USER.id%]. If a database or LDAP query is initiated via AJAX from a web form, it is important to send the current ID of the form session via the frid parameter for this to work. The code editor offers a code template for database and LDAP queries which already contains this parameter.
- In the appointment management menu, you can now enter a custom subject and description, which is used for the events in the ICAL calendar file for an appointment. You can also enter placeholders or I18N variables.
- When you choose a data source (e.g. database or LDAP query) for the options of a select element, you can now also configure a column for the title of each option, in addition to the display label and value of the option. When the select element is displayed as a list of checkboxes or radio buttons, the title is shown to the user when they hover over an option with the mouse.
- In previous FORMCYCLE versions, the values of all columns from a data source were always added to the select element as data attributes (e.g. data-col0, data-col1). Now you can deactivate this behavior so that such attributes are not generated any longer. This may be useful in case the data source contains sensitive data you do not want to make public.
- For each appointment, you can enable the ICAL URL which contains all booked appointments and can be imported into mail clients or calendar applications. This ICAL calendar now includes the fields X-PUBLISHED-TTL and REFRESH-INTERVAL. This makes it easier for mail programs and calendar applications to decide how often they should check for updates. Currently, this value is set to 1 hour.
- The menu System -> Server information now also list the malware scan directory, which is used to store uploaded files temporarily when the system performs a malware scan.
- Due to security concerns, merge fields are not interpreted as HTML anymore when using the workflow action "Word Fill". If HTML is required, use the Word function "html" explicitly, e.g. "tf1.html()".
- When you add a condition to a form element (e.g. hidden-if), you can already enter a custom formula such as [%tf1%] == "Test". Starting with FORMCYCLE 7.4.0, this formula can now access the JQuery instance of the current element via the this context. This is especially useful for repeated elements, when you want to access the current element repetition or another element within the same repeated container. For example, if both tf1 and sel1 are form fields within a repeated container fs1, then you can use the formula this.closest(".dynamic-row").find("[data-org-name='sel1']").val() === "5" for tf1 in order to check whether the corresponding select field from the repeated container sel1 has a value equal to 5.
- Form export files with a manually created state that was named Received can now be imported correctly again.
- Various small bug fixes and security improvements. In particular, used libraries were updated for this purpose.
- External users from an OpenID Connect identity provider can now log in to web forms again even when they open the form on a frontend server.
- The automatic upload feature for upload elements works correctly again even when forms are integrated via AJAX into a third-party page.
- When a form contains an appointment picker and server-side validation was enabled for any element, the selected appointment got cleared in case the form was submitted with invalid data and the server rejected the form submission. This has been fixed so that the selected appointment now remains selected.
- When an element is repeated, you can defined a repeat trigger such as a text field that controls the number of repetition. When a new repetition is added, the value of the repeat trigger text field is updated, and vice-versa: When a different number is entered in the repeat trigger field, new repetitions are added or existing repetitions are removed to reflect the new value of the repeat trigger. In the first case, when new repetitions were added, the initial state of conditions such as hidden-if for the new repetition were sometimes not evaluated correctly.
- Affects select elements for which the autocomplete option is enabled:
- FORMCYCLE generates an <input> element in addition to the <select> element. The name of the <input> element contains the suffix _autocomplete. (e.g. sel1_autocomplete), but the data-name attribute did not. This was fixed so that the data-name now also contains the derived name with the suffix.
- Since FORMCYCLE 7.0., when a condition references an autocomplete element, the entered text of the input field was erroneously used instead of the option value. For forms in multiple languages, this could not work. This was fixed so that the option value is now used. To preserve backwards compatibility, a new option was added to the form designer that can be found in the properties panel to the right, at the bottom of the Form tab in the advanced section: Use option text for conditions referencing an autocomplete element. For existing forms, this option is enabled; for new forms, this option is disabled. We recommend that you keep this option disabled and do not enable it.
- Fixed a bug where the CSS classes of the most recently selected element was applied to all selected elements. This bug only occurred when multiple elements were selected at the same time.
- The setting for the W3C compliant mode now defaults to disabled for old forms again. It is still enabled by default for new forms.
- The dialog for loading unsaved changes is now closed again after you press a button.
- When executing an HTTP request action and the server responds with a redirect (HTTP header: Redirect) and the redirect is a relative URL, that URL is now resolved against the request URL. This is correct as specified by RFC 7231. Previously the URL was not resolved at all.
- There is also a new option that lets you choose how to resolve relative URLs: against the request URL, against a custom URL, or not at all.
- You can now access the data of the current form request session ("FRQSession" ) within plugins of type IPluginFormPreRender, IPluginFormPrePersist, IPluginFormPreProcess, IPluginFormPreResponse as well as in workflow action plugins and possibly also placeholder plugins. Furthermore, you can also write values back to the FRQ session via the return value of IPluginFormPreRender, IPluginFormPrePersist, IPluginFormPreProcess, IPluginFormPreResponse, and workflow action plugins.
- Plugins of type IPluginFormPreRender are usually only executed when a form is opened via the /form/provide URL. Now you can opt-in to have your plugin get executed in other situations as well, such as when opening a form in the inbox or when printing a form via a print services. To do so, override the shouldExecute method of the IPluginFormPreRender plugin.
- Various libraries have been updated
Download 7.3.0
- Support for sending emails via via the Microsoft Graph API. This lets you use Microsoft Office 365 accounts for the email server configuration. See system email server and client settings
- Added a new URL parameter jsonPath to data query URLs (CSV, XML, JSON, database, and LDAP data sources). These URLs all return a JSON object with the requested data. When a jsonPath is given, only the data at that JSON path is returned. This makes it easier to filter for the data which you want to retrieve.
- The form designer lets you configure whether a form element is available or not, depending on the form record's state the user's user group. When it is not available, the value of that element is not shown in the data table in the inbox. A new role permission was added that lets you configure this behavior. When a user was granted that permission, they can see the values of all form elements, regardless of whether they are available.
- Improved support for direct authentication methods for forms (e.g. via header parameters):
- When the user open a form, an attempt to authenticate the user is made once for each configured direct authentication method.
- In case neither direct authentication was successful, and if at least one indirect authentication method (e.g. system login) was configured, the login prompt is shown to the user.
- In case neither direct authentication was successful, and no indirect authentication methods were configured, the HTML template Login failed is shown to the user.
- Replace the existing XSLT engine with a newer engine. The new engine now also supports XSLT 3.0, XPath 3.1 and XQuery 3.1. Because the XSL parser of this engine works a bit stricter than the old engine, small incompatibilities with wrong XSLT may be possible. An overview of known errors can be found under XSL transformation
- Rework the mail server configuration and mail server placeholders:
- As the system administrator, you can allow each client to, or prevent them from making use of the system mail server.
- As the system administrator, you can allow each client to, or prevent them from configuring a custom client mail server.
- The default values form the system mail server for the sender address and the sender name can now also be changed by each client.
- The placeholders [%$CLIENT_MAIL_SENDER%] and [%$CLIENT_MAIL_SENDERNAME%] are now deprecated. You should use the placeholders [%$DEFAULT_MAIL_SENDER%] and [%$DEFAULT_MAIL_SENDERNAME%] instead. The deprecate placeholders are still replaced, but should not be used anymore.
- When neither a client nor a system mail server was configured, or the system mail server cannot be used, workflow actions that require a mail server are not available anymore.
- Fixed an error with disabled fields when an existing form record is opened again.
- Fixed an error when multiple JavaScript files are concatenated if a form is opened with inline mode enabled (URL parameter xfc-rp-inline=true).
- Forms which require a direct authentication (e.g. via a header parameter) are now displayed correctly again.
- The appropriate error template is now shown again when a form requires authentication via Kerberos and that authentication failed.
- Fixed an error with visible-if conditions when the element is also repeated.
- Fixed an error with the login process when the form was embedded in an external page via AJAX and a login service with popups was used.
- Allow the data-force-validation attribute in the form preview within the designer.
- Better error handling for invalid autonumeric attributes when opening a form.
- Fix an incompatibility with the workflow action "Process log as PDF" where the action from existing forms was sometimes not recognized.
- Fix a rendering error when printing a web form. A printed form sometimes contained tall empty sections when invisible containers were used.
- Fix a bug in the Word fill action. When a PDF was using hidden Word controls, the base64img function did sometimes not insert the image correctly.
- Fix localization for the event status of when using the iCAL URL for an appointment configuration.
- Remove the limit on the number of characters in form specific inbox views.
- When you change the subject template form record, all form records are update. This update no longer fails when the subject of single form record could not be update. All other form records will still get updated now, and an error message is displayed at the end.
- Values from question elements are now shown properly in the inbox; and are also included in Excel and XML exports.
Download 7.2.1
- Two new action for converting between files, base64 strings, and data URIs. This can be helpful e.g. when you want to embed images into a document as a data URI.
- You can now set the HTTP headers Content-Security-Policy and Content-Security-Policy-Report-Only via System, General. It is possible to set different headers for the frontend and the backend.
- You can now directly change the name, tags, description and group of a form when you import a form into Xima® Formcycle.
- Reduce verbosity of protocol entries for soft errors when a file could not be resolved in the workflow.
- It is possible to send automatic emails when the system is updated. When an update is started, but the system is already up-to-date, a different email with an appropriate text is now sent.
- The PDF importer now lets you change the text of checkboxes and radio buttons before you import the form element into the form.
- Buttons that are disabled do not get enabled anymore after the form was submitted
- Improved keep alive mechanism for form session.
- The generated script for embedding forms via the API now also works in the header of a web page.
- Auto completion for the CSS classes in the form designer now works again for all available classes.
- Fixed minor error with the presentation of the form within the form designer (relative URLs from @font-face rules are again resolved against the proper base URL)
- Changes in the rich text editors are now applied faster.
- When the builtin resource 031-extended-min.css is overloaded, this overload is now also respected within the form designer, so that the form looks the same in the designer.
- When you use the action PDF fill to fill PDF documents that conform to the PDF/UA standard, the resulting PDF document also conforms to the PDF/UA standard.
- Exporting selected form records as Excel or XML document is now possible again.
- Fixed a performance issue with many form records in the inbox.
- Booked appointments in the calendar view of the inbox are shown with colors again.
- Update Dutch translations.
- Small UI fixes in the backend and the designer.
- Update the dependency commons-text to 1.10, due to the potential vulnerability CVE-2022-42889.
- Improved security for the form designer and the backend in general.
- Authenticator plugins (IPluginAuthenticatorType) can now supply a custom UI for the external users configuration in the backend.
- When a IPluginCallbackLogic plugin is used, the default allback logic is not executed anymore, only the callback logic of the plugin.
Download 7.2.0
- PDF importer
- You can now open a PDF document in the form designer. This opens the PDF importer, which lets you copy form fields and texts from the PDF to the Xima® Formcycle form. The importer also offers several convenience features to help you with the conversion of PDF forms to web forms.
- New form element Invisible Container
- The invisible container is similar to the standard container element. The main difference is that by default, the invisible container does not have a padding on each corner. In other words, you can nest as many invisible containers as you want to group elements without that having an effect on the visual appearance of the form.
- If you are using the Leitfaden plugin, you should update it to the current version. The invisible container element from the plugins is replaced by the built-in invisible container from Xima® Formcycle.
- Enter custom formulas for conditions in the form designer
- Previously, form field conditions such required-if or visible-if only let you select a single form element with a value to check. Now, you can also enter a custom formula that may contain references to multiple form elements.
- The formula must be a valid JavaScript expression (and not a statement). You can use variables such as [%tf1%] to easily reference the values of form fields.
- Note: Custom formulas are incompatible with server validation. Even if server validation is enabled, custom formulas are not validated by the server, submitted data will be accepted at face value.
- Free text input for select elements with auto complete
- A select element displayed as a combo box offers you the option to enable auto complete. Auto complete lets the user enter text and suggests available options depending on the entered text. Available options are validates, the user cannot enter text that does not correspond to an available options.
- This release adds a new option to select elements that allows the user to enter arbitrary text, even if that text does not correspond to an existing option.
- New workflow action Create protocol entry
- This action lets you create protocol entries for the form record with a custom message. These protocol entries can be viewed in the history tab of the inbox.
- New workflow action Form record history as PDF
- This action lets you create a PDF document with the history of a form record as it can be seen in the history tab of the inbox.
- Free content selection for the HTTP request action
- Until now, the HTTP request action only let you send requests where the body was either URL encoded (application/x-www-form-urlencoded) or a multipart body (multipart/form-data).
- Now you can either freely enter plain text or select a binary data for the request body content. You can also use this feature, for example, to interact with a JSON based REST API.
- The license details in the license menu now also include a note about whether the Azure AD and WebDAV features are enabled.
- Email notifications regarding failed system updates are now sent with their priority set to High.
- Changes to the WebDAV connections menu:
- Modifications made to WebDAV connections (creating a new connection, editing or deleting an existing connection) are now logged in the client protocol.
- WebDAV connections cannot be deleted anymore when they are still used by the workflow of an existing form.
- When a proxy server was configured in the JVM (Java runtime environment), that proxy server is used when sending emails via the email action, unless a different proxy server was configured explicitly.
- Removed the option that was added in version 7.1, which let you output the select options of select elements in multiple columns when creating a Word export. In order to position the select option in multiple columns, an additional table was created in the Word document, which interfered with Word functions such as rmt(), as those would affect the additional table with the select options, not the surrounding table as they did previously.
- Fixed file downloads in various menus in the backend. Downloading a PDF or Word export in Firefox does not result in a popup warning anymore.
- You can now use more than one reply to address again in the email action. Also fixed the email body type selection.
- Issues when deleting planned timed events of form copies were fixed.
- Invalid application sessions do not prevent new logins anymore.
- Form record from forms that make use of widget plugins can now be opened on the inbox frontend server again.
- Due to backwards compatibility, the no-argument usage sel1.con() of the Word function con nows gets interpreted as sel1.con(""), and checks whether one of the field values is empty. This is for legacy support only, we recommend that for newly created Word documents, you always use quotation marks to avoid ambiguity.
- Additionally, you can now also use the new Word function sel1.empty(). It lets you check whether there are either no values or one of the values is empty. We recommend you use this function for select elements to check whether no or an empty value was selected.
- Minor UI fixes in backend menus.
- Fixed issues when searching for form elements in the form designer.
- Fixed minor issues with how the form was displayed within the form designer and how CSS was loaded. There are also new versions of some widget plugins that should be installed, such as for the Google reCAPTCHA Plugin.
- When switching from a custom CSS theme to the defaul theme, that theme is now applied immediately to the form in the form designer.
- The form preview now also supports privacy policies or imprints hat are configured to be shown as a dialog.
- All available CSS classes are now suggested again when entering the CSS classes for a form element.
- When a form made use of upload fields with the automatic upload features enabled and also had a button with the action Submit no save, it was not possible to submit the form again after the submit button was clicked once. This is now fixed.
- The client-side validations is now performed always performed, even when a form had a button with the action Submit no save and is submitted multiple times.
- The marker that indicates whether a form field is a required field is now always set correctly, even when required-if conditions are combined with element repetitions.
- Added a new plugin interface: IPluginAuthenticationLogic. The existing plugin interface IPluginAuthenticatorType only works for form authentications that are done before the form is opened. Once authenticated, the user is always redirected to the requested form. This new plugin interface lets you define your own authentication logic, including custom redirections. For example, you could use this to implement custom login buttons for forms.
- The plugin IPluginAuthenticatorType now also allows direct clients to be used, which authenticate the user directly without redirecting to a page from the identity provider. This allows you, for example, to implement a custom authentication via HTTP request headers.
- Updates Pac4J to version 5.5.0. You should check authentication plugins that make use of the Pac4J API and adjust them if required.
Download 7.1.1
- Fixes a bug that sometimes resulted in the content of the JavaScript, CSS and meta section in the form designer being deleted.
- The content of the versions menu with the workflow and form versions is loaded correctly again.