AMT 124
Released: 11 Aug 2023.
For availability, please contact the Avanade Service Portal for information on downloading new releases.
Special attention items:
There are no special attention items for this release.
| Product | Cat | Subcat | Description | Type | Version | Priority |
|---|---|---|---|---|---|---|
| AMT LION | Developer | Forms | #1100 Extra Business Logic classes have been introduced in the runtime code of the Datagrid control, improving and simplifying the interaction with the Datagrid at runtime structurally. |
CHANGE | AMT 124 | Medium |
| AMT LION | Runtime | AMT Screens | #1102 In Datagrid, visual sorting and data sorting were not in sync. This was caused by the use of an incorrect index for the data. This issue has been fixed. |
FIX | AMT 124 | Medium |
| AMT LION | Runtime | AMT Screens | #27506 If a row was selected in a Datagrid and the Datagrid was then sorted, the selection disappeared. This issue has been fixed, and selected rows remain selected after a sort. |
FIX | AMT 124 | Medium |
| AMT LION | AMT COBOL | Control Center | Security | #27717 No validation of email inputs was performed. Email validation has been added to email input endpoints, so that only specific characters are allowed. This also impacts the auto-creation of users. |
CHANGE | AMT 124 | Medium |
| AMT LION | AMT COBOL | Runtime | Blazor Web Client | #27787 Error handling for expired Blazor tokens has been improved, and a unique application name has been added to session tokens, in order to facilitate working in environments with multiple applications. |
CHANGE | AMT 124 | Medium |
| AMT COBOL | Runtime | Blazor Web Client | #27798, #28150 The BMS Terminal form for AMT COBOL applications has been improved, so that it can handle the dynamic building of screens, as is done, for instance, through IBM COBOL command 'EXEC CICS SEND MAP ACCUM PAGING'. |
FIX | AMT 124 | Medium |
| AMT LION | AMT COBOL | Developer | Various | #27805 Scripts could no longer be imported correctly in environments running an Oracle database, which made it impossible to open the scripts in the AMT Developer Studio. Also, script files imported into the repository database were not physically stored on disk. This issue has been fixed. |
FIX | AMT 124 | Medium |
| AMT LION | Services | Application Server/Manager | #27812 While examining the security measures in place, it was discovered that the user lockout window was just half of the intended duration. Although the shorter user lockout window already met security standards, the lockout time was increased to the intended duration. As a result, it now takes longer before the lockout is reset. |
FIX | AMT 124 | Medium |
| AMT LION | AMT COBOL | Control Center & Application Center | Security | #27816 While examining the security measures in place, it was discovered that there was a XSS vulnerability in the AMT Control Center and AMT Application Center. This vulnerability has been mitigated. |
FIX | AMT 124 | Medium |
| AMT LION | Control Center | Configuration | #27937 Due to added encoding, viewing and editing, Web Consumables in the AMT Control Center was broken. This has been solved by sending the configuration as a proper JSON object instead of sending the configuration as a JSON string. |
FIX | AMT 124 | Medium |
| AMT LION | AMT COBOL | Runtime | Blazor Web Client | #27950 Instability in some asynchronous calls in the Editbox component has been resolved, by having the visible values in the Editbox handled by Blazor instead of Javascript. |
CHANGE | AMT 124 | Medium |
| AMT LION | Runtime | Various | INC1079642 / #28143 External calls to a .NET 6 DLL didn't work if they came from an online Form. The temporary setting 'FIXEXTERNALCALL' has been added to 'Sys.ini', in which comma-separated assembly names can be specified to be loaded internally. This setting is used for both reports and online forms. Example: 'FIXEXTERNALCALL=SendMail.dll'. |
FIX | AMT 124 | Medium |
| AMT LION | Runtime | Blazor Web Client | #34324 In the Blazor Web Client, images are now downloaded from the AMT System, and downloading is now done thread-safe. |
CHANGE | AMT 124 | Medium |
| AMT LION | AMT COBOL | Control Center | Security | #76496 During pentests of the AMT Control Center, it was discovered that a jQuery UI version was vulnerable for cross site scripting attacks. To mitigate these risks, the jQuery UI library has been updated. |
FIX | AMT 124 | Medium |
| AMT LION | AMT COBOL | Control Center & Application Center | Security | #77255 During pentests of the AMT Control Center and AMT Application Center, a vulnerability with regard to full paths disclosure was discovered. Some full path disclosures could be solved by using the %SYSROOT%, %APPROOT% and %APPNAME% placeholders in the basepaths and app configuration. It is therefore important to use these placeholders. The other full path disclosures were found in: The running jobs, completed jobs and batch history windows: these responses contained the full path to the DLL, EXE or script file that was executed. It was decided to not save the full path anymore. In this way the path containing the placeholders are shown on the mentioned pages. These will be the same paths as shown in the available job screen. Prints and Queued prints (printfile filename): this disclosure was solved replacing parts of the path with the configured placeholders. While getting the print preview: this disclosure was solved by not sending this information to the frontend anymore; this information was not needed and used. |
FIX | AMT 124 | Medium |
| AMT LION | AMT COBOL | Runtime | Blazor Web Client | #78551 The Blazor Web API notication hub did not send the station name to the Blazor Web Client. The notification hub was corrected, notifications are now shown to the intended users. |
FIX | AMT 124 | Medium |
| AMT LION | Developer | Various | #78580 In the AMT Developer Studio version control, different print layout versions were not merged correctly. This merging issue has been solved. |
FIX | AMT 124 | Medium |
| AMT COBOL | Generator | COBOL | #78622 AMT COBOL entry points in subprograms were not generated correctly for former MiFo applications. This issue has been fixed by changes in the AMT Generator. |
FIX | AMT 124 | Medium |
| AMT LION | AMT COBOL | Control Center | Configuration | #78713 After security enhancements, no printers were visible in the printer configuration screen in the AMT Control Center. This has been fixed. |
FIX | AMT 124 | Medium |
| AMT LION | AMT COBOL | Runtime | Web Client | #27723 AMT Web Client NoFramework Authentication cookies were not marked as secure by default in the settings. The generation of the default web.config has been improved so that the required SSL is set to true by default. |
FIX | AMT 124 | Medium |
| AMT LION | Developer | Forms | #78740 The Z-Order correction for old labels caused issues when applied concurrently. This has now been fixed. |
FIX | AMT 124 | Medium |