Release Note
30 posts
Nov 08 2023
Aug 01 2023
Jun 30 2023
FORMCYCLE 7.4.5
Fixes
- As a precation, update some dependencies due to the reported vulnerabilities CVE-2023-33201, CVE-2023-34623, and CVE-2023-34462. Note however that we are not aware of any attack vectors regarding Xima® Formcycle currently.
For plugin developers
- You can now access header parameters from the HTTP request in plugins such as pre-render plugins. To do so, use the newly added method "IFormRequestContext#getHeaderParameters()".
Checksums
Jun 20 2023
FORMCYCLE 7.4.4
Fixes
Designer
- Select elements that are added to the form via drag & drop always use the default select options again ("Option 1", "Option 2", "Option 3"). Due to an error in version 7.4.3, the options from a previously created select element were used occasionally.
- Fixed an error where the workflow designer could not be opened anymore when the selected authenticators of a state were previously saved in an incorrect manner by the application.
- Pages cannot be moved below the footer area anymore in the form designer. Additionally, you can fix forms with pages under the footer area by dragging the page with the mouse and dropping it onto the footer area. This will put the the page above the footer again.
Workflow
- Fixed an error in the PDF fill action when a specific font is selected. For fonts with an old font format, the PDF fill action sometimes failed with an error.
- Identity provider plugin with a custom user interface work correctly now, even when installed as a client plugin.
Misc.
- Updated several dependencies to prevent potential vulnerabilities.
Checksums
May 11 2023
Apr 17 2023
FORMCYCLE 7.4.2
Fixes (web forms)
- Empty formula conditions do not result in a script error anymore. Empty conditions are treated as "true".
- Improved performance for formula conditions.
- Form elements hidden via conditions are not shown anymore when the media type is set to "print".
- When a form element is initially hidden and has the option "clear if hidden" enabled, existing values are now cleared again.
- When a form element is disabled by a condition, validation error messages are removed if any were present.
- Improved error message when a file was uploaded that exceeds the upload limit which was configured via System -> General.
- Fixed an error that occurred when FORMCYCLE was running on a Windows server and a file with a colon in the file name was uploaded.
Fixes (backend)
- The workflow section in the generated form overview PDF is displayed correctly again.
- More resilient reconnection attempts when the connection to a frontend server was lost.
- Fixed an error in the inbox when the subject of a form record contained special control characters such as U+0002.
Checksummen
Mar 28 2023
FORMCYCLE 7.4.1
Changes
- Increased the character count limit for the description of an appointment template
Fixes
- When creating new directories via the workflow action "Save to file system", permissions from the parent directory are inherited correctly again.
- Fixed an error when sending forms via the offline plugin.
Checksummen
Feb 20 2023
Jan 23 2023
FORMCYCLE 7.3.0
Features
- Support for sending emails via via the Microsoft Graph API. This lets you use Microsoft Office 365 accounts for the email server configuration. See system email server and client settings
- Added a new URL parameter jsonPath to data query URLs (CSV, XML, JSON, database, and LDAP data sources). These URLs all return a JSON object with the requested data. When a jsonPath is given, only the data at that JSON path is returned. This makes it easier to filter for the data which you want to retrieve.
- The form designer lets you configure whether a form element is available or not, depending on the form record's state the user's user group. When it is not available, the value of that element is not shown in the data table in the inbox. A new role permission was added that lets you configure this behavior. When a user was granted that permission, they can see the values of all form elements, regardless of whether they are available.
Changes
- Improved support for direct authentication methods for forms (e.g. via header parameters):
- When the user open a form, an attempt to authenticate the user is made once for each configured direct authentication method.
- In case neither direct authentication was successful, and if at least one indirect authentication method (e.g. system login) was configured, the login prompt is shown to the user.
- In case neither direct authentication was successful, and no indirect authentication methods were configured, the HTML template Login failed is shown to the user.
- Replace the existing XSLT engine with a newer engine. The new engine now also supports XSLT 3.0, XPath 3.1 and XQuery 3.1. Because the XSL parser of this engine works a bit stricter than the old engine, small incompatibilities with wrong XSLT may be possible. An overview of known errors can be found under XSL transformation
- Rework the mail server configuration and mail server placeholders:
- As the system administrator, you can allow each client to, or prevent them from making use of the system mail server.
- As the system administrator, you can allow each client to, or prevent them from configuring a custom client mail server.
- The default values form the system mail server for the sender address and the sender name can now also be changed by each client.
- The placeholders [%$CLIENT_MAIL_SENDER%] and [%$CLIENT_MAIL_SENDERNAME%] are now deprecated. You should use the placeholders [%$DEFAULT_MAIL_SENDER%] and [%$DEFAULT_MAIL_SENDERNAME%] instead. The deprecate placeholders are still replaced, but should not be used anymore.
- When neither a client nor a system mail server was configured, or the system mail server cannot be used, workflow actions that require a mail server are not available anymore.
Fixes
Frontend forms
- Fixed an error with disabled fields when an existing form record is opened again.
- Fixed an error when multiple JavaScript files are concatenated if a form is opened with inline mode enabled (URL parameter xfc-rp-inline=true).
- Forms which require a direct authentication (e.g. via a header parameter) are now displayed correctly again.
- The appropriate error template is now shown again when a form requires authentication via Kerberos and that authentication failed.
- Fixed an error with visible-if conditions when the element is also repeated.
- Fixed an error with the login process when the form was embedded in an external page via AJAX and a login service with popups was used.
Form designer
- Allow the data-force-validation attribute in the form preview within the designer.
- Better error handling for invalid autonumeric attributes when opening a form.
Workflow
- Fix an incompatibility with the workflow action "Process log as PDF" where the action from existing forms was sometimes not recognized.
- Fix a rendering error when printing a web form. A printed form sometimes contained tall empty sections when invisible containers were used.
- Fix a bug in the Word fill action. When a PDF was using hidden Word controls, the base64img function did sometimes not insert the image correctly.
Inbox
- Fix localization for the event status of when using the iCAL URL for an appointment configuration.
- Remove the limit on the number of characters in form specific inbox views.
- When you change the subject template form record, all form records are update. This update no longer fails when the subject of single form record could not be update. All other form records will still get updated now, and an error message is displayed at the end.
- Values from question elements are now shown properly in the inbox; and are also included in Excel and XML exports.
Checksums
Oct 27 2022
FORMCYCLE 7.2.1
Features
- Two new action for converting between files, base64 strings, and data URIs. This can be helpful e.g. when you want to embed images into a document as a data URI.
- See the actions Decode Base64 and Encode Base64
- You can now set the HTTP headers Content-Security-Policy and Content-Security-Policy-Report-Only via System, General. It is possible to set different headers for the frontend and the backend.
Changes
- You can now directly change the name, tags, description and group of a form when you import a form into Xima® Formcycle.
- Reduce verbosity of protocol entries for soft errors when a file could not be resolved in the workflow.
- It is possible to send automatic emails when the system is updated. When an update is started, but the system is already up-to-date, a different email with an appropriate text is now sent.
- The PDF importer now lets you change the text of checkboxes and radio buttons before you import the form element into the form.
Fixes
Frontend-Formulare
- Buttons that are disabled do not get enabled anymore after the form was submitted
- Improved keep alive mechanism for form session.
- The generated script for embedding forms via the API now also works in the header of a web page.
Form designer
- Auto completion for the CSS classes in the form designer now works again for all available classes.
- Fixed minor error with the presentation of the form within the form designer (relative URLs from @font-face rules are again resolved against the proper base URL)
- Changes in the rich text editors are now applied faster.
- When the builtin resource 031-extended-min.css is overloaded, this overload is now also respected within the form designer, so that the form looks the same in the designer.
Workflow
- When you use the action PDF fill to fill PDF documents that conform to the PDF/UA standard, the resulting PDF document also conforms to the PDF/UA standard.
Inbox
- Exporting selected form records as Excel or XML document is now possible again.
- Fixed a performance issue with many form records in the inbox.
- Booked appointments in the calendar view of the inbox are shown with colors again.
Backend
- Update Dutch translations.
- Small UI fixes in the backend and the designer.
- Update the dependency commons-text to 1.10, due to the potential vulnerability CVE-2022-42889.
- Improved security for the form designer and the backend in general.
For plugin developers
- Authenticator plugins (IPluginAuthenticatorType) can now supply a custom UI for the external users configuration in the backend.
- When a IPluginCallbackLogic plugin is used, the default allback logic is not executed anymore, only the callback logic of the plugin.