CUBA Platform Release Notes

Due to changes in the "remember me" login mechanism (see below) all application users will have to enter their credentials when logging in, as if their browser cookies were removed.

The LoginScreen class has been refactored to simplify creation of alternative login screen implementations. The AuthInfo inner class has been moved into LoginScreenAuthDelegate, so if you have extended login screen in your project and overridden methods with this class in the signature, make the proper import to fix compilation, for example:

public class ExtLoginScreen extends LoginScreen {
    @Override
    protected void setAuthInfo(LoginScreenAuthDelegate.AuthInfo authInfo) {
    // ...

Due to changes in SideMenu component, the main screen using such menu should have cssLayout as a root container. If you have the main screen with non-responsive side menu in your project, Studio will replace the root hbox with cssLayout upon automatic migration. If something is wrong with your main screen layout, make sure the root container is correct, for example:

<window xmlns="http://schemas.haulmont.com/cuba/screen/window.xsd"
        extends="/com/haulmont/cuba/web/app/main/main-screen.xml">
    <layout>
        <cssLayout id="horizontalWrap">
            <workArea id="workArea">
            <!-- -->

Due to introducing security scopes, the cuba.anonymousSessionId application property has been removed. Now anonymous sessions for all scopes are created with random identifiers.

The following changes have been made in the UserSession class:

The HTML content of many UI components (such as Label value and TextField caption) is now sanitized by default to prevent cross-site scripting (XSS). If you have any problems with displaying custom HTML, try to turn off the sanitization using the cuba.web.htmlSanitizerEnabled application property or in individual components using their setHtmlSanitizerEnabled() method.

When using Folders Panel, the Add to set action and button do not appear automatically in the tables linked to the generic filter. If you need this action, add it explicitly as described in the Record Sets section.

Amazon S3 file storage implementation has been moved to a separate add-on. See the add-on README for details.

JGroups has been updated to version 4.1.8.Final. If you use middleware cluster, make the following changes in your JGroups configuration files:

The DataContext.evictAll() has been renamed to evictModified(), which is a more appropriate name for the method evicting only modified and removed instances. Use the new clear() method to evict all instances including modified ones.

The Icons.Icon.name() method has been renamed to iconName().

Calendar has been generified and requires specifying particular datatype to work with corresponding date API (previously java.util.Date used directly).

In the REST API add-on, the responseView optional parameter can be used in create/update requests. Without it, only 3 attributes of the entity are returned in the response:

{
   "id": "<entityId>",
   "_entityName": "<entityName>",
   "_instanceName": "<intanceName>"
}

The security subsystem permissions and roles have been reworked to provide "denied by default" model instead of the previous "allowed by default". Newly created with CUBA 7.2 projects will use the new model by default. If you migrate a project from the previous CUBA version, Studio will add the application properties explained in Legacy Roles and Permissions to keep your existing security configuration intact.

Now security roles and access groups together with permissions and constraints can be defined at design time using annotated Java classes. It makes the access control more robust and eliminates difficulties with transferring the configuration between application instances (e.g. from the development environment to production). Please note that design-time roles will work only in new projects created with CUBA 7.2. If you are migrating from a previous version and want to create roles at design time, you have to remove the properties explained in Legacy Roles and Permissions and reconfigure all your existing roles and permissions.

Security scopes have been introduced to allow you to define different sets of roles for users logging in through different clients. The motivation behind this feature is that REST API clients should normally have more restrictions than Generic UI, because Generic UI is more safe by its nature.

Usage of Application Home has been standardized for development and deployment environment. When you start the application in Studio, the application home is created in deploy/app_home directory. It contains conf, temp and work directories for all application blocks, as well as the common logs directory. The application home also contains the empty local.app.properties file and the default logging configuration in logback.xml.

You can easily provide your own logging configuration for the development environment: just create etc/logback.xml file in the project, and when you start the application, the file will be copied to deploy/app_home and recognized by the logging initialization procedure.

Now you can configure connections to databases using application properties, see Connecting to Databases. This method simplifies the overall configuration, because app.properties files define all settings including the data source parameters. Also, it makes your WAR file completely independent of the application server environment.

Spring profiles can be used to customize application in different environments.

OS environment variables can be used as a source of application properties values.

Redeployment of web applications without restarting the application server works more reliably as a result of using the Classloader Leak Prevention library.

SideMenu is now collapsible, which saves horizontal space. Also, the branding image and other components of the menu have been rearranged. See also the Breaking Changes section for possible issues on migration.

The "remember me" login mechanism has been completely reworked:

Views used for loading data in screens can be defined right in the screen descriptors, see an example here. This feature reduces the need for creating shared views in the views.xml file.

Standard actions now have parameters that can be configured in XML and Java. So you don’t have to rewrite the whole action behavior just to open an editor screen as a dialog, or to specify a different screen class. Use Component Inspector in Studio to find and assign action properties and handlers, or copy code snippets from the documentation.

ViewAction allows you to open entity edit screen in read-only mode. The optional enableEditing can be used to switch to the edit mode without reopening the screen.

Introduced StandardOutcome and DialogOutcome enumerations that can be used instead of CloseAction constants when closing screens and testing how the screen or dialog was closed.

Form now supports flexible positioning of fields, see the colspan and rowspan XML attributes and corresponding parameters of the add() method.

In addition to the global layout template for the generic filter, a layout can be specified for each filter instance, see controlsLayoutTemplate property.

BulkEditor has the responsive layout, which you can control using the columnsMode attribute.

In DateField, if the new autofill attribute is set to true, the current month and year is set automatically after entering a day.

TimeField can work in 12h AM/PM format if you set its timeMode attribute to H_12.

In Table and DataGrid, you can set initial sorting order declaratively using the sort attribute of the column element.

For DataGrid and TreeDataGrid, you can use the following predefined styles: borderless, no-horizontal-lines, no-vertical-lines, no-stripes.

PopupView supports setting its position using popupPosition, popupTop, popupLeft attributes.

All tables and data grids now have Select all / Deselect all commands in the columns popup, which simplifies managing long lists of columns.

setOptionImageProvider method have been added to LookupField and LookupPickerField. It allows you to display images for the field options (previously only icons could be used). Go to Handlers tab in Studio component inspector and double-click optionImageProvider field to generate handler code.

Button has its own shortcut attribute, which allows you to assign keyboard shortcuts to buttons not linked to actions.

The new Slider component has been implemented.

If you set the autoLoad attribute of RowsCount to true, the component will load the number of rows in background and show it automatically.

Filter component can now work with KeyValueCollectionContainer loaders.

Kotlin is fully supported, which means that you can use it in all parts of the project: entities, beans, screen controllers, etc. Hot-deploy of screen controllers written in Kotlin also works.

Now you can provide database migration scripts for additional data stores in /db/init_<datastore_name> and /db/update_<datastore_name> directories of the core module. The scripts will be executed by the createDb and updateDb Gradle tasks having the storeName parameter, as well as by the application server if the cuba.automaticDatabaseUpdate property is configured accordingly.

Gradle 5.6.4 is used for migrated and new projects. Studio automatically sets the proper version in the gradle/wrapper/gradle-wrapper.properties file. Check it in case of any troubles with project building.

JUnit 5 is used in new projects for tests. The documentation has been updated accordingly.

ViewBuilder simplifies creation of views in the business logic and tests.

DataManager's fluent interface allows you to specify JPQL queries in abbreviated format omitting parts of the query that can be inferred from the context.

Listeners of read-only transient properties are now notified when related properties change. It helps to update UI components displaying read-only attributes that depend on some other mutable attributes.

@PostConstruct methods can accept Spring beans available in the global module as parameters.