v11.5 2017-11-20 Added Option of Task which Not to Progress Unless All Operators have Completed Processing

Release Overview

Date Release

• Mon. Nov. 20th, 2017

Changes to be Noted

• Disable TLS 1.0 encryption
  • We will take a policy that we correspond on Free SaaS Edition firstly, then after 2 to 4 weeks to Paid Edition. (appended on 2017-11-07)
    • Free SaaS Edition：Nov. 20th, 2017
    • Paid Edition：2 to 4 weeks after Free SaaS Edition
    • If verification is necessary, please conduct it in the Free Edition environment on and after November 20
  • Internet Explorer 9/10, you will not be able to use Questetra
    • Internet 9/10 are already unsupported. Please use versions listed on System Requirements.
  • On some terminals with Android 4.4, you will not be able to use Questetra
    • It is available on Android 4.4.2 and later
  • For accessing the API, you will not be able to connect from a program such as Java 6/7 which is not compatible with TLS 1.1 or later as standard
    • You can use it by using versions that are compatible with TLS 1.1 or later, or updating, etc.
• Check out also the plans of changes in future versions [Plans of Future Changes] at the bottom of this page.

---

Details for Version 11.5

Changes of Functions for Normal User

Workflow

• Fixed following Bugs:
  • On the Task Operating screen of a Team task, nothing is displayed even if you clicking on the Operator button on the overview (displayed at the top)
  • On Task Operating screen for smartphone, if the processing is completed while leaving the cursor focusing on after inputting to Table type Data Item, the input data is not reflected

Open Chat

• Fixed following Bugs:
  • In a Topic timeline which is associated with a Process, “Detail (authorized)” button may be displayed even without authority

Dashboard / Account setting

• none

Changes of Functions for Process Owner (Workflow Administrator)

• none

Changes of Functions for Workflow Designer

Team Task / Team Swimlane

• In the Operator setting of Team Swimlane, added an option for not proceeding to the next Step unless all users have completed the processing
  • In addition to the conventional “Each task is finished when one of the allocated user has executed”, an option of “Each task is finished when every allocated user has executed” is added
  • Corresponds so that it cannot be set at the same time as “to flow to the transition destination selected by the user” (error occurrs at setting)
• Even though the state of the Task is not completed (other user’s processing remains), the Task is not displayed in [My Tasks] if you have completed it
  • Team Tasks which are not displayed in [My Task] are not notified even when exceeding the deadline

Service Task (Google Drive)

• Corresponded so that you can upload files specifying folder ID of Google Drive
  • In the case of designating folder ID, it becomes possible to upload files to existing folders (folders other than generated by Questetra)
• ID of uploaded file / display URL / download URL can be stored in String type Data Item
  • When uploading multiple files, specify String type (multiple lines)
  • Information of one file is recorded in one line
• Correspond so that to include (part of) the exception that caused the error in the error notification email

Script Task

• Corresponds so that OAuth 2 tokens obtained at [Google connectivity] < [Account Settings] can be used in Scripts
• In [Google Connectivity] < [Account setting], corresponded to display the scope of the token to be acquired

Throwing Message Intermediate Event (HTTP)

• Function of OAuth2.0 with Questetra as client goes official release from beta version
• Correspond so that validation error to be occurred when variable ${var[key]} is used
  • ${var[key]} is deprecated (due to be abolished in autumn of 2018). Please change to specify a fixed value instead of a variable.
• Corresponded to the problem that the token could not be acquired correctly, because of some incomplete encoding of the external service when acquiring OAuth 2.0 token.

Split

• In Split conditional expressions that specify Select type Data Item, added options to specify conditions such as “(value) has been entered” or “(values) has not been entered”
• Fixed following Bugs:
  • HTML escape has not been performed with the button name displayed on the Task Operating screen for “move to destination when user clicks on the button”

Add-on

• In App editing, corresponded so that to check whether “Options Master to be used in Select type Data Item” and “PDF form to be used for Service Task (PDF generation)” are registered
• Corresponded to perform application setting validation when adding / deleting “Options Master to be used in Select type Data Item” or “PDF form to be used for Service Task (PDF generation)”

Changes of Functions for System Administrator

• In [IP Address Filtering], added link to manual page

User / Organization / Role Management

• The function of loading the contents of the file into the text area upon batch registration goes to official release, and now it can be used by all support browsers
• Corresponded so that change of assignment of users to Organization / Role or change of organization structure are not executed simultaneously
• Fixed following Bugs:
  • User’s Organizational Information Duplicates, so a Task may not be Processed Normally
  • When you display the confirmation screen for collective registration in Firefox browser, it is hardly to read because there is no space between the items of Organization list (User collective registration) and affiliated user list (Role collective registration)

Password Login

• Corresponded so that to prohibit password login for target user account, If password login fails consecutively within a certain period of time.
  • Five consecutive failures within 15 minutes, then prohibit password login for 15 minutes
  • Notified to the target user by email (not notified to the system administrator)
  • It does not affect API access by Basic authentication or OAuth 2, or automatic login by cookie. Also, even if succeed in these, the password login prohibition is not canceled
  • It does not affect the already logged in session
• Corresponds so that user can reconfigure his or her own password while the user is not logged in
  • If you forget your password and password login is forbidden, it allows you to reset your password and to cancel password login prohibition
  • Password login prohibition is not canceled by password resetting by the system administrator or doing by the user in the account setting
  • It is possible to reset the password even if it is in the state of “Password login prohibition”

Single Sign-on (SAML)

• Corresponded so that “authentication lifetime” can be set in ID Provider setting
  • Changed so that the lifetime, which was fixed to “2 hours” conventionally, can be selected from between 2 hours and Never
  • It is now possible to use Google as an ID Provider
    • It is the specification that Google will continue to return old SAML token (authentication information), unless you log back in to Google
• Corresponded so that “digest algorithm” can be set in ID Provider setting
  • Changed so that to be able to select from “SHA-1 / SHA-256 / SHA-512”, whereas it was fixed to “SHA-1” conventionally
• Corresponded so that to be able to register multiple IdP certificates in ID provider settings
  • If it can be verified with any one of the registered certificates, it is treated as valid
  • Assuming a utilization which registering two old and new certificates at the time of updating the certificate
• Fixed following Bugs:
  • A system error may occur due to impropriety input on the setting screen

Changes of Functions for System Engineer

• Revamped API manuals
  • Published documents according with Swagger, and added links to them on the side menu
  • It will allow you to run the test using your browser as HTTP client, or to check curl command
• Publishing the Client Libraries (Java) created with Swagger Codegen
• Accessing in GET to the API “Accepting a Offered Task (/API/PE/Workitem/batchAccept)” is prohibited
• Concerning with abolishing OAuth 1.0 access to Developer API, added description of “Deprecated” to the following menu
  • [OAuth clients] < [API Clients] < [System Setting]
  • [OAuth Tokens] < [API Clients] < [System Setting]

Non-functional Changes and Changes of External tool Functions

• In Chrome extension “Questetra My Tasks”, changed the link destination of the newly Start processing
  • Corresponded to “Abolished permalink of Process Start (/PE/ProcessModel/listView?processModelInfoId=XXX&nodeNumber=XXX” (Ver. 11.4)
• In Chrome extension “Questetra My Tasks”, fixed a problem that category name of newly start does not fit in display frame
• Upgraded the application server (Tomcat 7 series to 8.5 series)
• In the setting file (qbpms.config), changed initial value of contextPath from localhost to 127.0.0.1 [other than SaaS]

Security Enhancement

• Ended support for TLS 1.0 encryption
  • We are promoting the use of the latest security protocol as an effort to strengthen security so that customers can use it safely.
  • Internet Explorer 9/10, you will not be able to use Questetra
    • IInternet 9/10 are already unsupported. Please use versions listed onSystem Requirements
  • On some terminals with Android 4.4, you will not be able to use Questetra.
    • It is available on Android 4.4.2 and later
  • For accessing the API, you will not be able to connect from a program such as Java 6/7 which is not compatible with TLS 1.1 or later as standard
    • You can use it by using versions that are compatible with TLS 1.1 or later, or updating, etc.
  • Reference / Related information
    • Salesforce disabling TLS 1.0 (Salesforce)
• Ban for SSL 3DES cipher suite
• For emails sent from Questetra to the outside, corresponded to STARTTLS
  • Exchange of email will be encrypted if the destination mail server supports STARTTLS

 

Plans of Future Changes

We are planning to alter the following specifications and system platform in the future versions.

Version to be scheduled

• Accessing to Developer APIs in OAuth 1.0 will be abolished
  • Please change to connection using OAuth 2.0, which is available since version 11.1
• In APIs of “Querying for all Process Instances records” and “Querying for Task records operated by the User”, it will be changed to explicitly designate as display items to include process data items as search results
  • Currently, Process Data Items specified as search criteria are automatically included in search results
  • After the specification change, only the Process Data Items which <view /> element is specified will be included in the search results
• For “Message Start Event (HTTP / Form)” “Catching Message Itermediate Event (HTTP)”, we will abolish the following form of URL which includes processModelInfoId / nodeNumber / key in the request parameter (Due to Fall of 2018)
  • Deprecated format
    • /System/Event/MessageStart/start?processModelInfoId=123&nodeNumber=0
    • /System/Event/IntermediateMessage/receive?processModelInfoId=123&nodeNumber=4
    • /System/Event/MessageStartForm/view?processModelInfoId=123&nodeNumber=1&key=XXXYYYZZZ
  • New recommended format（Ver. 11.4 or later）
    • /System/Event/MessageStart/start/123/0/start
    • /System/Event/IntermediateMessage/123/4/receive
    • /System/Event/MessageStartForm/123/1/XXXYYYZZZ/view
• For “Throwing Message Intermediate Event (HTTP)”, the variable ${var[key]} is now deprecated (due to be abolished in autumn of 2018)
  • The key can now be freely set for the calling [Message Start/ Catching Message Intermediate Event (HTTP)]. Consider security etc., please set appropriate key.
  • When sending the key parameter, do not use ${var[key]} and specify a fixed value set for each event
• In the “Script task” and “Service task (Add-on)”, we will abolish data retrieving / updating method of the following format. (due to be abolished in autumn of 2018)
  • Retrieving：data.get(“1”), Updating：retVal.put(“1”, “foobar”)
  • Please change to the new format (Ver. 11.4 or later) such as engine.findDataByNumber(1), engine.setDataByNumber(1, “foobar”)（M230）

 

---