Release 5.3.1 Private Cloud

Progress® Rollbase® Version 5.3.1 Release Notes

Release Date 

December 12th, 2018

  • For information on supported platforms, see here.
  • For Third party acknowledgments, refer product documentation or the installation directory.

Fixed Issues

Following is the list of issues fixed with this release.
Case ID Defect ID Description
00470469 RB-9087 After Create Trigger on record created from Portal throws "You do not have permissions to view this record".
00470245 RB-9083 Modified Server API permissions and app with formula field in 4.5.x causes error when importing the App XML into
00466371 RB-9021 After upgrading to 5.3, all the portal pages display incorrect portal date format.
RB-9069 Session fixation issue and clear session on logout issue due to incorrect attributes in JSESSIONID.
RB-9074 When Rollbase is configured with Tomcat 9, change in tenant's localization settings is not updated.
RB-9041 databases.xml rewrites each time on every rollbase startup even without any change in the database details
RB-9040 Value changes within the shared property DefaultDateFormat are not picked up dynamically.

Known Issues

  1. On an existing Rollbase setups, in case if any user encounters "Error: no column assigned to Expression field Installation Expression" while updating records from Published Application, the workaround is to convert the expression field to 'formula' and then back to 'expression'. (This error should never occur in a fresh setup)
  2. MySQL Connector/J 8.0 is now recommended for MySQL 8.0. A notable change is that the driver’s class name has been changed from com.mysql.jdbc.Driver to com.mysql.cj.jdbc.Driver. With MySQL Connector/J 8.0, although the older class name is supported, it is advised to update the class name for existing databases.
  3. MySQL JDBC driver (8.0) drivers may affect Date/Time field values.  If any errors are encountered during Tomcat startup, please refer to this article. A date/time field may retain the current/correct date, but the time component might show a future time (such as 1:42 PM instead of the current time of 8:42 AM). The driver now expects an additional parameter ‘serverTimezone’ in the connection URL.
  4. Primary keys are now added to RB_RELATIONSHIP and RB_TRANSLATION tables. While executing the update_5.3.0.sql script if either or both of these tables contain any duplicate records, Duplicate entry / Primary Key Constraint Violation errors will be seen. To resolve such errors, please follow the approach detailed in article.
  5. For OpenEdge and Oracle databases, login names are now case insensitive. If more than one user with the same login name exists, regardless of case, the user may fail to login. In this event, the login name entries need to be fixed manually in the database. For other databases, the login name is already case insensitive.
  6. In REST APIs, newly introduced shared properties UseISODateFormatInRESTJSON and UseISODateFormatInRESTXMLQuery are enabled by default. As a result, Date, Date/Time fields (including Expression and Formula fields whose return type is Date or Date/Time) return the values in ISO format. To fallback to earlier behavior, these properties need to be disabled explicitly.

Rollbase 4.4.4

Enhanced Hashing and Encryption Algorithms for Rollbase Private Cloud

SHA‐512 as Hashing Algorithm

Rollbase has upgraded its password hashing mechanism to SHA‐512. Each hashing process combines plain‐text password with random salt generated using cryptographically secure pseudo‐random number generator (CSPRNG). Existing passwords will be re‐hashed using SHA‐512 after user login.

Encryption Algorithm Private Key

Rollbase supports encryption for text, phone, and email fields, and contents of file upload fields. All these data are by default encrypted using AES (Advanced Encryption Standard) with 128‐bit key size.

When the system restarts after upgrading to 4.4.4, a private.key file that contains the secret key unique to your Rollbase instance is generated and saved in your Rollbase config folder on your master machine at <ROLLBASE_HOME>/config/security.

NOTE: Store a copy of the generated key in a secure place so that it is available for situations such as disaster recovery, or machine changes. This file is created and managed by Rollbase and should not be edited locally.

All fields currently encrypted using default encryption algorithm (AES‐128) will continue to function correctly. They will be decrypted and then re‐encrypted using your preferred algorithm and generated secret key the next time they are edited and saved.

AES‐256 Encryption Algorithm Support

Rollbase now also supports encrypting data using AES with 256‐bit key size. This is a system wide choice and managed through the shared property ‐ ‘EncryptionType’.

To make use of AES‐256 on a Rollbase Private Cloud:
  1. Set value of shared property ‘EncryptionType’ from 0 to 1. This is a one‐time setting. Once set to 1, reverting to 0 is not recommended. If no value is specified, ‘EncryptionType’ uses its default value, 0. No additional changes are required if you want to continue using AES‐128.
  2. Install Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 8 to enable the 256‐bit Key Size used by AES‐256. For download and usage instructions, see here.

Note: If these JCE files are not installed and the property ‘EncryptionType’ is set to 1, encryption attempts will fail with the exception: Illegal Key Size.

Important: Support for unique constraint validation on encrypted fields has been deprecated. Thus, unique checks on encrypted fields will not work. Encrypted fields cannot be audited, marked unique or indexed as part of the search engine. Once set, this option cannot be removed.