Release notes for RunMyJobs releases 9.2.10.0 through to 9.2.10.1

Before: Under some circumstances, long running processes would not be able to load application resources.

After: This has been resolved so that processes can continue to load application resources.

Before: Several issues running AS400 Jobs

1. Errors occurred when submitting AS400 jobs because an unexpected connection failure occurs.
2. Jobs in Console are not set to Running when all operator messages are replied. This only occurs when the operator message is replied on AS400
3. When the Secure Gateway is not up and running and the AS400 process server is restarted the jobs could go in undispatched status.

After:

At startup we will better check if we can reach out to the AS400. We leave the Process Server in status Connecting while we can’t reach out to the AS400. If we do find the AS400 and we loose the connection while re-monitoring the jobs that were already started we don’t check the connection anymore.

The job is set to Running when all operator messages are replied.

We will retry (default 5 times) the login if we get an unexpected connection failure. This can be overruled on Process Server level (AS400JobSubmitRetry) or Job level (SubmitRetry)

Before: When sending an HTTP POST request, a source was mandatory in order to make sure the Content-Length header is set on the request.

After: It is now possible to send an HTTP POST request without body (Content-length will be set to 0)

Before: When we can't check the jobstatus in PeopleSoft the job is set to the final status Unknown.

After; A delay (default 60 minutes) can be set that will delay the setting of the final job status when we catch an exception when checking for the job status

Before
Client and trusted Certificate credential logging incomplete.
Passphrase encrypted private keys could not be loaded into Client Cert credential
Trusted Certificate loading reported no error if multiple certs or a cert + private key was supplied.

After
1. Trusted Certificates credentials - Report error if customer tries to either upload multiple certs into a single Trusted Certificate credential, or load a cert + private key into a Trusted Certificate credential. Previously the code "succeeded", but simply stored the first cert encountered.

2. Private keys that are passphrase protected can be uploaded for a Client Certificate credential. If the wrong passphrase is presented we fail as expected with, "JCS-102454: X509 Certificate error: Given final block not properly padded. Such issues can arise if a bad key is used during decryption."

3. Protected private key uploaded into ClientCertificate with wrong password and then corrected to right password now loads fine.

4. Trusted Certificates and Client Certificate public attributes such as Serial Number, Subject, Validity, Key algorithm, Issuer, Subject Alternate Name and Basic Constraints are now logged together with Endpoint name whenever these credentials are refreshed/reloaded. Use System_DynamicTrace "api.http=debug;net.tls.client=debug;model.method.impl.CredentialChecker=debug;" to inspect.

5. "Out of heap space"/array copy errors when our own ASN.1 parser is presented with non-ASN.1 in PEM format (such as OpenSSL uses when generating a passphrase protected keypair - see PEM ENCRYPTION FORMAT under https://www.openssl.org/docs/manmaster/man3/PEM_read_PrivateKey.html for details.

6. ASN.1 parsing of private keys now uses much clearer DEBUG logging, in case we encounter key loading issues in a customer ticket. We also explicitly log that we don't support Elliptic Curve cryptography if we ever encounter a private key encrypted this way (There's a separate JIRA to support it when a customer requests it).

7. PEM format certificates that include a certificate chain can now use successfully input into an X.509 Client Certificate. The order is expected to be: public cert, intermediate CA cert, root cert, private key.

8. An attempt to input an Elliptic Curve based private key now results in a clear error message (Elliptic Curve support is the subject of another JIRA).

Before: Libraries that contains a database driver used by a JDBC process server, can result in multiple instances of the database driver being registered with the Java JDBC DriverManager. As it is registered, the driver resources are not released and this can lead to the JVM hitting an OOM, running out of Metaspace.

After: Libraries that contains a database driver used by a JDBC process server are properly unregistered and have their consumed memory released.

Before: When a socket is closed without informing the job was put to Error.

After: When we get a SocketException we will put the job in the monitor tree again so we can finish the job.

Before: It could be that the event monitor thread is shutdown without notifying the process server when an unexpected exception is thrown.

After: An unexpected runtime exception is catched and the monitor thread will continue.

Before: When you are using an EBS job in a jobchain it is not possible to use restart status handlers because a mandatory userName field is not set.

After: The mandatory username check is removed as this field is set when the status handlers are used.

Before: Adding child jobs of a monitored job is slow.

After: Adding monitored jobs will be done in separated thread so the adding of child jobs is much faster.

Before: In a one-step chain, if a precondition REL expression threw an exception, the step would go into Error, however the chain would go into Completed, thus leaving the chain in an inconsistent state. An operator message was generated with a manual restart prompt, however responding to this operator message had no affect. If the chain had two or more steps, then the step would go to error, and the chain would block, again resulting in an inconsistent state.

After: If a step precondition throws an exception, it will be handled as if a call had gone into error, and do the appropriate handling based on the final status handlers. All calls in the step will be set to Skipped.

Before: When an Extension Point with an updated configuration was uploaded, the new configuration options and default values would not get updated.

After: This has been fixed.

Before: operator messages stayed in the system until a job was manually fired or scheduled to clean them up.

After: Introduced a new configuration group DefaultRetentionFroOperatorMessages with a setting RetentionDuration. All operator operator messages will be deleted after this duration which by default is 91 days.

Before: When setting "Returncode Map To Completed" on the System_Defaults_Partition or System_Defaults_System process definitions, it was not being considered as a "default value" for any process definition that didn't have this field set.

After: When setting "Returncode Map To Completed" on the System_Defaults_Partition or System_Defaults_System process definitions, it is considered as a "default value" for any process definitions that don't have this field set.

Before: Invalid requests would release version information about the underlying application server in error responses.

After: This information is now suppressed and will not be displayed.

Before: An error could occur when upgrading due to a missing type related to case sensitivity issues with the database.

After: The upgrade will now succeed.

Before: When the retention on history job was set to 0 and the license was not subscription based, no history jobs were created.

After: History jobs are always created. When the retention on history job is set to 0, it will be deleted immediately when the System_AggregateHistoryJob job runs, but only when usage data, based on the history job table, is sent to the usage service.

Before: When multiple agents connects after a system upgrade the agents all ask for the same download file to upgrade the PlatformAgent. This could cause a high cpu usage on server side.

After: As all agents wants the same upgrade file for a certain platform we now generate this upgrade file only once. The agents needs only to download this single created file for upgrading. 

After: The speed with which large chains can be loaded in the chain editor has been greatly improved. In some cases, improvements of up to 30% have been seen.

Before: Calculation for process scheduling when a Time Window closed could degrade system performance due to repeated evaluations of held queues.

After: Held queues are no longer evaluated for scheduling changes when the Time Window closes.

Before: In some circumstances it was possible for process definitions of types other than RedwoodScript and Java to be treated as Java code, and compiled if the library attached to the definition was changed. This would then fail the compilation, and thus prevent the update of the library.

After: Now only RedwoodScript and Java processes will be treated as Java code.

Before: The permissions for the Restricted Scheduler Session Specification was limited to being granted directly to a user.

After: Role based grants will now be used for determining a user’s permissions for the Restricted Scheduler Session Specification.

Before: In certain circumstances with occasional use, Redwood Script definitions that have not be updated recently may fail to run due to a NullPointException when trying to retrieve the underlying resources.

After: The old definitions will now correctly be upgrade to the new internal representation and can be run successfully.

When the license is based on usage, usage data is collected and sent to Redwood. This requires a license with a company.AccountID key and a key Contract.Subscription set to true.

Before: It was possible for an import to fail and prevent the user from logging in due to unresolved grants

After: Unresolved grants will no longer prevent the user from logging in.

Before: ProcessChain would ignore default array type parameter

After: This has been fixed

Before change: Application was consuming 250 MB memory during uploading 11MB document (For bigger files it can even throw OutOfMemory exception)

After change: Now application consuming only 50MB for 11MB document

Before: Internal management of threads could result in attempting to reused the internal ThreadGroup once it has been discarded.

After: The shutdown of the ThreadGroup will no longer happen and allow for future reuse.

Before: BaseRuleProcessor failed when need to parse date time string with time zone (when time zone as digits) "2022/08/02 22:00:00,559 -05:00"

After: BaseRuleProcessor correctly parsing date time string with time zone (time zone as digits +05:00 or letters GMT). When no time zone in string, then takes GMT as default.

Before: ProcessBuilder class could be used in Redwood Scripts

After: ProcessBuilder class can only be used in Redwood Scripts only when the configuration JavaToolkit.RedwoodScript.DisableRuntimeExec is set to false. It is not possible to disable this setting in the cloud systems.

Before: Since 9.2.9.0, exporting of a large CAR file from the product would be a very slow process.

After: The regression in the performance has been fixed.

Before: In some cases, we add security when it is not necessary

After: When we have a child object, we no longer apply security when retrieving the parent, as we already know it must have been applied to get the child in the first place

The speed loading of chains in the chain editor has been improved, in some cases loading in a quarter of the time.

Before: The methods from java.lang.System and java.lang.Runtime since Java 8 are not available, and will prevent the running of Redwood Script if these methods were attempted to be accessed.

After: The new methods have been made available, and will allow compilation of the Redwood Script.

Before: There was a problem accessing columns with their alias names in reports using REL

After: In the report REL context a new variable is available: columns. The variable will enable report users to access column values with a new column variable, e.g.: =columns.jd.Description. If a column name is unique in a result set it can be accessed without providing the table alias: =columns.Description. All aliases defined in the original report query are also available within the columns variable.

Before: Customers can set registry key jobhistory to value 0, which will prevent the system from writing historyjob entries.

After: When license key Contract.Subscription is set to true, historyjob entries should still be written and can be cleaned up as soon as they have been counted.

Before: When a custom start time was entered for a future job chain call, the start time would get overwritten once the step would go into running and there was a scheduling parameter set for the start time.

After: A manual set start time on a job chain call will no longer get overwritten by a scheduling parameter.

Before: Testing the JDBC Database connection to a JDBC driver could fail, due to errors initialising the class, preventing the creation of the Database object. This is most often seen with MySQL and Snowflake drivers. 

After: The validation uses less resources, and works in more cases. Specifically for MySQL, this allows the generation of JDBC connection to the database.

Before: internal references to database tables were potentially set incorrectly (a duplicate prefix in the CustomTableName column of the ObjectDefinition table ).

After: existing references will be repaired and new references will be set correctly from the start.

Before: Calls to UserMessage.renderHistoryAsHTML caused a formatting-related exception.

After: Formatting has been fixed and UserMessage.renderHistoryAsHTML can be used again.

Before: Clearing raised events inside loop immediately. No possibility to start process when one of few events raised.

After: Raised events are clearing after all job preconditions loop finished. User is able to start a process when one of many events have been raised. Events ware cleared after all preconditions were run.

Before: A change was released in 9.2.8.12 that caused some extension points to fail.

After: This has been resolved in 9.2.8.13. This does not affect the 9.2.9.x, or 9.2.10.x releases

This is purely a build system change that should have no impact on the delivered product.

Before: The calendar control in the Time Window edit page did not use the "Force 24-hour format" user setting.

After: The calendar control in the Time Window edit page displays time according to the "Force 24-hour format" user setting.

Before: The Postgres organisation announced a security flaw in the version of the database driver that we were using. This only impacted systems running on Unix style systems, but not MacOS. This vulnerability could allow other users that had access to the underlying OS to read the contents of any JAR files that were in the process of being persisted.

After: The database driver is updated to a version that is resistant to this attack.

NOTE: Redwood consider this flaw to be of a LOW risk level, as it only exposes JAR file contents, which are unlikely to contain any confidential information. It also has a HARD exploitation mode. Nonetheless, we are fixing this issue to eliminate that risk.

Before: Versions of the Postgres JDBC driver prior to 42.5.2 could, under some circumstances, get stuck when attempting to initiate an SSL connection to the Postgres server. In extreme cases, this could end up locking the product, as it would get stuck waiting for this connection to return.

After: The database driver is updated to a version that is resistant to this problem, even if the server is killed, or dies unexpectedly, at an inopportune time.

Before: Apache Tomcat has a security vulnerability (CVE-2022-45143)

After: Apache Tomcat has been upgraded to resolve the vulnerability.

Before: It could be that the connection ended because the socket was closed to early.

After: The connection is now retried a MaxNumberOfConnectionRetries (That can be set by a ProcessServer parameter).

Before: It could be that the job runs into error while retrieving files from AS400.

After: Before using the connection to retrieve files we will check if we have a valid connection. If we don’t have a valid connection we retry to create a valid connection. This only works for AS400 V7R1 and up.

Before

For process definitions System_ArchiveAuditObjects and System_ExportAuditObjects, the Partition field was a string, and the Business Key Contains field was a Partition dropdown.

After

For process definitions System_ArchiveAuditObjects and System_ExportAuditObjects, the Partition and Business Key Contains fields have been corrected.

Before:
Platform agent executable files on Windows were signed by “Redwood Software Nederland B.V.” issued by certificate authority ‘Go Daddy’
After:
Platform agent executable files on Windows are now signed by “Redwood Software, Inc.”, issued by certificate authority 'DigiCert'

Before: RunMyJobs was using Tomcat 9.0.70, in which a security issue has been found (CVE-2023-28708).

After: Tomcat has been upgraded to 9.0.73, where the security issue is resolved.

NOTE: The vulnerable classes from the CVE are not used, however the version is being upgraded out of precaution.

Before: Platform Agent installation on partition other than GLOBAL would fail.
After: Platform Agent can successfully be installed on user defined partitions.

Before: Secure Gateway could refuse to start after switching from one candidate to another, if the switch was not graceful, such as caused by an unexpected Windows upgrade.

After: Secure Gateway starts as expected after switching from one candidate to another, even if the switch was not graceful, such as caused by an unexpected Windows upgrade.

Before

Platform Agent uses OpenSSL 1.1.1q

After

Platform Agent uses OpenSSL 1.1.1t which includes the following CVE fixes:

• Fixed X.400 address type confusion in X.509 GeneralName (CVE-2023-0286) High severity
• Fixed Use-after-free following BIO_new_NDEF (CVE-2023-0215) Moderate severity
• Fixed Double free after calling PEM_read_bio_ex (CVE-2022-4450) Moderate severity
• Fixed Timing Oracle in RSA Decryption (CVE-2022-4304) {Moderate severity]

Before:
A job that runs 'jtool scp', using password authentication, would fail when running against an SSH server that has 'keyboard-interactive authentication' enabled.
The stderr.log file would show debug messages like:
DEBUG … 12345-jscp secure.plib - Attempting keyboard-interactive authentication
DEBUG … 12345-jscp secure.plib - Keyboard-interactive authentication prompts from server:
DEBUG … 12345-jscp secure.plib - get_userpass: name=SSH server authentication instruction=<null> prompt=| Password:
ERROR … 12345-jscp secure.plib - Credential system does not yet handle prompt of type SSH server authentication

After:
Jtool SCP will now successfully find the user and lookup credentials in the 'jtool scp <user>@<remote SSH host>' command, as before.

Before: Retrieving large output files from SAP BObj was using a lot of memory.
After: Reduced memory usage of large file retrieval from SAP BObj

Before: SAP jobs running in parallel may fail if they are converting spool to XLSX

After: SAP jobs running in parallel don’t fail when converting spool to XLSX

Before: Skipped process chains cannot be monitored properly

After: Skipped process chains can be monitored properly

SAP_Info definition has been extended to indicated if the SAP system is S/4 HANA

Before: Start up of the SAP process server could fail due to invalid registry values

After: Start up of the SAP process server will be succeed with invalid registry values

Before: redwood-platform based on openjdk:17.0.3-hotspot which has high severity CVE.

After: upgraded java version for redwood-platform to openjdk:17.0.5-hotspot.

This includes the fixes for the following security issues released in 9.0.68, and announced later:

• CVE-2022-42252: Apache Tomcat request smuggling

If Apache Tomcat 8.5.0 to 8.5.52, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default for 8.5.x only), Tomcat did not reject a request containing an invalid Content-Length header making a request smuggling attack possible if Tomcat was located behind a reverse proxy that also failed to reject the request with the invalid header.

Before: Specially crafted documents could be uploaded in such a way that it was possible to perform an XSS attack.

After: This has been resolved so that is no longer possible.

Before: In the document editor, content tab, non-binary uploads larger than 500k are shown but are in practise unworkable.

After: In the document editor, content tab, we now don't render a text input for non-binary uploads that are larger than 500k

Intellisearch could generate queries with a very large amount of bind queries in the where clause. This could result in a very slow query and cause severe product slowness in addition.

This has been fixed.

Before: one of the queries used in the dashboard took ~10s to run

After: sped up the query by ~3x, further optimizations will be performed in scope of other tickets

Before: Opening the ‘more’ dialog from an autosuggest dropdown sometimes resulted in a blank page

After: The ‘more’ dialog from an autosuggest dropdown works again

Before: User couldn’t add array type parameter for report. Query with in (:paramName) wasn't parsed correctly.

After: Reports support array type parameter. Queries with in statement are correctly parsed and processed.

Before: The Catalog interface (catalog-admin.car) is available in the download section ('Download CAR Files'), because it was required to install it manually.

After: The Catalog interface is not available in the download section anymore, because it is now automatically downloaded from the Catalog Server and automatically installed.

Before: the catalog admin needed to be installed manually.

After: the catalog admin is installed automatically, depending on the license. When the license is changed and the catalog should be installed, the upgrade job is automatically started to install the catalog.

Before: The Catalog Admin is delivered as a part of RunMyJobs.

After: Catalog Admin is downloaded from Catalog Server and installed by System_Upgrade job.

Before: There was no option in the platform-agent installers to specify an Application and/or a Description for the Process Server of the newly installed platform-agent

After: Two new parameters are added to the platform-agent installers to specify an Application name and/or a Description for this agent in the Process Server.
'-ap | –application <Partition.Application name goes here>'
'-ds | --description' "Description of the agent goes here"

Both installer parameters are optional and will only be used for a 'blank' downloaded platform-agent-installer that will register and create a new Process Server.
The parameters will have no effect on platform-agent installers that are downloaded for a Process Server that is created from the wizard.

Before: The Windows Platform Agent had no support for running jobs with a RunAsUser field that is a Managed Service Account.
After: The Windows Platform Agent support for running jobs with a RunAsUser field that is a Managed Service Account. The login credential for a Managed Service Account should specify ~ (tilde character) in the password field, much the same as psexec uses, to indicate that the password will be retrieved from Active Directory.

A new definition SAP_GetJobDetails has been introduced to help troubleshooting issues with SAP jobs

Before: The definition SAP_AbapRunPrintExt didn't provide a parameter for setting the target storage system for archive link. Also imported SAP jobs didn't have this parameter.

After: A new parameter "Target Storage System " (technical name ARCHIVE_ARCHIV_ID) has been added to the SAP_AbapRunPrintExt definition and is also automatically generated when importing SAP jobs.

Before: viewing very large chains in the runtime diagram could take a long time to load.

After: another option has been added to open these in a lightweight diagram. This diagram loads much faster but only displays basic information and actions are not available. Clicking a box in this diagram opens a details page beneath the diagram where all details and actions are available.

A new button ‘Help me automate’ was added to the main page to lower the boundary to request help for automating new processes.

Before: It was not possible with REL to address columns with spaces in their names in Data Transformer.
After: Now it is possible with REL to address columns with spaces in their names in Data Transformer by using array indexing or the getMember function:

=columns['column name']
=columns.getMember('column name')

The same syntax is now also available for job parameters:

=parameters['parameterName']
=parameters.getMember('parameterName')

Before: Product queries have no timeout on the database side, this can cause performance issues with outstanding queries blocking new ones from coming in. 

After: A query timeout parameter has been introduced that will cancel queries automatically after that time. Default value is 180s.

Before: SQL query where clause contains lot of conditions including system global privileges verification

After: SQL query where clause contains security conditions but without those related to the system global privileges that have been granted to the current user.

Before: Import SubjectObjectPrivilegesGrants override existing grants but doesn’t change flag 'exportable'. If grant doesn’t exist in file then is removed depenently on config.

After: Import SubjectObjectPrivilegesGrants override existing grants included change flag 'exportable'. If grant doesn’t exist in file then it is removed when 'exportable' in existing grant.

Before: Import SubjectObjectTypePrivilegeGrants and GlobalPrivilegeGrants override existing grants but doesn’t change flag 'exportable'. If grant doesn’t exist in file then is removed depenently on config.

After: Import SubjectObjectTypePrivilegeGrants and GlobalPrivilegeGrants override existing grants included change flag 'exportable'. If grant doesn’t exist in file then it is removed when 'exportable' in existing grant.

Before : MailReactor and Robotics libraries contained jsoup.jar version 1.14.2 which is vulnerable to CVE-2022-36033.

After : jsoup has been updated to version 1.15.3 which resolves that vulnerability.

Note: The product doesn't use jsoup in a way that would be vulnerable, however it has been upgraded out of caution.

Before: When jrfc is using SNC to securely connect to the SAP instance, SAP environment variables SNC_LIB and SECUDIR must be set. When these environment variables were not set for the (spoolhost) platform agent, such connections would just fail.

After: When one or both environment variables SNC_LIB or SECUDIR are not set when the (spoolhost) platform agent is started, the platform agent makes an effort to set these variables to a default location, if the default location directory exist.
SNC_LIB will then be set to <platform agent installDir>/saplibs/libsapcrypto.so (for Windows: sapcrypto.dll)
SECUDIR will be set to <platform agent installDir>/sapsec

For a successful connection the required SAP files must be present in these default locations. These SAP files are not provided by Redwood.

Before: If a user enters an invalid Windows FileEventCredentials Process Server field then the Platform Agent would fail to start. Removing or correcting that field, and restarting the Process Server would have no effect. The only remedy was to remove the FileEventCredentials field and then restart the customer’s Platform Agent.

After: Platform Agent will reject an invalid Windows FileEventCredentials Process Server field, and report an Operator Message, but the Platform Agent will start successfully.

Before: It was not possible to set SAP error message handling with SAP_MaintainXbpOptions
After: Enable to set SAP error message handling with SAP_MaintainXbpOptions

Before: Cannot monitor skipped processes in process chains.
After: Process chain with skipped processes are properly monitored

RFC scripting interface has been extended to better support function modules which don't require the SAP XBP interface.

Before: XBP interface was not able to retrieve SAP language directly
After: XBP interface can retrieve SAP language directly

Before: SAP_Info and SAP_GetInstalledComponents show unnecessary content. It didn’t show event control rules.

After: Removed unnecessary content from output, added event control rules.

Before: The SAP transport files for IDOC, ISU and XBP were available in Software Download
After: SAP transport files for IDOC, ISU and XBP have been removed from Software Download. IDOC is not supported anymore, XBP transports are not needed anymore, ISU transports are not compatible anymore with current SAP releases and will be replaced by a new AddOn in future.

Before: Under rare conditions of intermittent connection problems with the SAP system, SAP_RunTemplateJob could have submitted multiple jobs in SAP.

After: SAP_RunTemplateJob will not submit multiple jobs in SAP.

Before: RFC scripting can not retrieve SAP table larger than 512 characters

After: RFC scripting can retrieve SAP table larger than 512 characters if the SAP system supports it (SAP note 2246160)

Before: Constraints were not supported in standalone custom submit forms, i.e. if you had a String parameter with an LOV in a standalone custom submit form, a Text Field was rendered, without showing a dropdown with the possible values.

After: LOVs are supported in standalone custom submit forms now.

Before: The RTX Viewer only displayed the total row count in the summary panel like: Rows <total>

After: The RTX Viewer now also displays the filtered row count in the summary panel like: Rows <filtered>/<total>

Before: several time zone (like “MST”) were no longer recognised by the system due to their deprecation.

After: the time zones have been reinstated.

Before: Trying to load a chain in the editor that had more than 100 distinct process definitions in it would fail.

After: These chains can now be edited.

Before: The click button action does not work correctly
After: Able to open an internal mail client with predefined TO and SUBJECT fields

Before: A vulnerability to 3rd party script inject was possible through the loading of external resources.

After: A default Content-Security-Policy header is now defined that limits the use of external resources for all web pages. Extension points can overwrite this policy, for their generated pages, by adding a csp tag to the extension point deployment descriptor.

Before: several monitor events could be created linking to the same monitor node

After: only one monitor event can be created linking to a given monitor node

Note: in case of existing duplicates all but one (the oldest) monitor events will be deleted and an operator message will be created with XML representation of deleted entries.

Before: The definition SAP_RunTemplateJob submits the latest matching SAP job regardless of the client if client is omitted
After: The definition SAP_RunTemplateJob submits the latest matching SAP job in the default client if client is omitted

We invite users to test the new RunMyJobs beta interface. It is accessible via the product information menu ( “i” icon in the right top corner), under the section “Test new beta Interface”.

This is a preview of in-development enhancements to the RunMyJobs user interface, intended for your early exploration and feedback. When complete, this interface will be released as the new default for RunMyJobs.

Please share your feedback on the new interface by email to feedback@redwood.com.

This interface is not fully functional and should never be used to automate business processes in production environments.

Before: extend element in the deployment descriptor of an extension point had a singleSession attribute which could be true or false

After: singleSession is deprecated, new attribute was introduced: sessionpersitence, with three possible values:

• Stateless: no state is stored (even if a session is requested, it will be discarded)
• StatefullShared: state is stored, but shared with all requests that are being made, no matter the window the request comes from.
• StatefullMultiple: state is stored per invocation id, client responsible for keeping track of invocation id, default setting if none provided

Before: using CTS+ to deploy car files against RunMyJobs was very cumbersome because of a Java dependency on the Solution Manager host that does not support the required TLS ciphers to connect to runmyjobs.cloud.

After: the CTS+ deploy scripts have been adjusted to leverage the Redwood rest api to ingest the car file using either curl (on Unix type systems) and Invoke-WebRequest as native commands to deploy the car file.

Note: the interface of the script has change in a not backwards compatible fashion. Instead of two values for host and port in the connection field, a single argument with the full target url is expected now.

Before: When a SAProuter was defined in the SAP connect string, the spool host would fail the retrieval of SAP spool files as the SAProuter part was removed before connecting.

After: The connect string is left as is. Old behavior can be restored by using the registry key <code>/configuration/sap/xbp/output/IgnoreSapRouter = true</code>.

Before: There was a case present where a class loader which loaded a SQL driver from a library which was used in a JDBC service and a job could be closed and a NoClassDefFoundError error was thrown from the connection pool of the JDBC service. This could also affect extension points through a slightly different mechanism, but with the same net effect.

After: The implementation now is not throwing away a class loader when its classes are still in use.

We have detected a memory leak in the logger manager that was used. That got fixed, but on Windows, an explicit reference to the old logger manager is still in place in the setenv.bat script. Customers that upgrade to this version on Windows, need to make sure they do not overwrite the existing setenv.bat script with the previous one! As that could prevent the system from starting up.