Release Notes
The following sub pages contain all new features, improvements and tasks done in the denoted version. On this page, all information across versions can be found, like important changes or known bugs.
Breaking changes
Breaking changes may require changes in configuration, apps, or native module code after an ApiOmat upgrade to ensure system stability.
Version |
Affects |
Change |
Implications |
3.2.0 |
Docker images |
Rename of docker image for YAMBAS |
The name for the previous alpine-yambas image was renamed to apiomat / yambas. |
3.2.0 |
Objective-C SDK |
When loading data while the device is offline and no data is found in the cache, an error with the status code AOMID_NOT_FOUND_OFFLINE will be returned, instead of AOMNO_NETWORK. When using the caching strategy NETWORK_ONLY, AOMNO_NETWORK will still be returned as the cache is not used. |
If you are checking for the status code AOMNO_NETWORK when loading data and the cache is used, you'll have to check for AOMID_NOT_FOUND_OFFLINE instead. |
3.1.3, 3.2.0 |
apiomat.yaml/maxResults |
The system-wide maximum of results limitation is now set to 0/unlimited by default (was 1000 before) |
When querying large datasets with no limitation, database may take lots of time to collect the data. Thus, on systems where millions of entries can be queried, the yambas.limits.maxResults should be set back to a proper limit. |
3.0.1, 3.1.0 |
Dynamic Roles |
When Dynamic Roles where used (only possible in 3.0.0), the custom role check (a.k.a. overwritten isUserInRoles() method in Native Module) was not called when in another Native Module hook method or auth method the AOM.checkRoles() method was called. Since 3.0.1 this method is called. |
You're only affected if you implemented your own isUserInRoles() method and assigned the Role Class to a MetaModel, and also used AOM.checkRoles() on that MetaModel / on objects of that MetaModel in your code. |
3.0.0 |
Git Modules |
The whole git handling has changed. |
Read more about the change on our page Introducing the new git flow |
3.0.0 |
Deprecations |
The deprecations, which were scheduled to be removed for March 2018, have been removed. |
|
3.0.0 |
Sharepoint module |
Files were previously handled as Base64 strings in the attribute downloadableFile of the class SharepointFile. This attribute was changed to the type File and full static data handling was implemented. This means for example that in the response JSON the attribute is called downloadableFileURL and contains a URL where the actual file can be fetched. |
You need to change native module and SDK code to handle files correctly, as well as any code that manually sends HTTP requests to the SharepointFile REST endpoint. |
3.0.0 |
EULA Acceptance |
Each ApiOmat account (including the SuperAdmin) is forced to accept the EULA to enable the account. |
After installation or update, each account has to log into the dashbord one time and accept the EULA. Until then, each request with this account will raise an error, including all SuperAdmin requests. |
3.0.0 |
Native Module Methods |
The methods and resourceMethods field on AbstractClientDataModel are now of type IModelMethodsBackend and IResourceMethodsBackend. |
If you set your own mock-implementation of these Interfaces, you have to rewrite them to implement the new interfaces |
3.0.0 |
Server Code |
The user object in ServerCode does not have the [get/set]LocLatitude and [get/set]LocLongitude methods anymore and instead, the [get/set]Latitude and [get/set]Longitude methods are (furthermore) available. The [get/post/put/delete]Request methods are now only available on the static AOM object, but not on the objects itself. |
|
3.0.0 |
Paymill module |
The Paymill module is not available anymore, as it was only useable in ServerCode. |
The module will be removed from your Backends automatically after upgrade. |
3.0.0 |
Tumblr module |
The tumblr module is not available anymore. |
The module will be removed from your Backends automatically after upgrade. |
3.0.0 |
Swift SDK |
Swift SDK now uses Swift 4 |
You have to update existing Swift 3 apps to Swift 4: Swift 4 Information |
2.6.5, 3.0.0 |
Objective-C SDK |
Changed Cache-SDK from NSURLCache to DFCache |
|
2.6.1, 3.0.0 |
Static data (images and files) |
Similar to the change in 2.6.0, where the JavaScript SDK was affected, now the Android, Objective-C, C#, C#-SQLite and Java SDKs are affected |
|
2.6.0 |
JavaScript SDK |
When posting a file or an image to an object, the object needs to be saved before. |
When posting an image or a file, make sure the object was saved already. Otherwise the onError-callback will be triggered, giving a HREF_NOT_FOUND (601) error. |
2.6.0 |
JavaScript SDK |
When loading a referenced image or file, whose Href is missing, no exception will be thrown anymore. |
When loading a referenced file or image fails because the accoding Href is missing, you can check for this error within the onError callback instead of using a try-catch block. |
2.6.0 |
Static data (images and files) |
There are new ways for handling static data. The JavaScript SDK was changed so that it uses the new REST endpoints internally. So when using the JavaScript SDK to post images or files to objects, the static data URLs are different now. |
|
2.6.0 |
Twitter Module |
The twitter module have been moved from a static module to native module. Take a look at the module page to see what has changed. |
If you did not use the module in any of your modules or backends, it will simply be deleted. If the installation have modules or backends that use the module, please contact us to get the new native module version of the twitter module. For more information about the possible implications when switching to the native module version, please visit the Twitter module page |
2.5.6, 2.6.0 |
Any ("wrong") AppName Parameter in NativeModule Methods and Non-Transient References in NativeModules |
Any method in NativeModules that takes an appName parameter will now check whether the owner of the backend for which the request was originally made has permissions on the backend that is given by the appName parameter. Additionally, any non-transient reference that is loaded gets checked for correct permissions. This also means, that you have to call your custom REST-endpoints with the backend name included (as suggested since ApiOmat 2.1), e.g.: {BASEURL}/yambas/rest/modules/{MODULNAME}/{APPNAME}/spec/ping |
If empty or random Strings are passed as appName or if the request-originating backendowner does not have the permissions on the given backend, an unauthorized exception will be thrown. The additional permission check on references should not lead to problems, as it only prevents against a complex attack scenario with multiple implications related to knowledge against another backend The additional checks can be suppressed by setting strictChecks=false (on yambas.conf) or yambas.strictChecks:false (on apiomat.yaml) |
2.5.5, 2.6.0 |
Object-based DeltaSync |
When a client makes a request to a collection with a query like "a < 10" and receives 2 objects (a=8, a=9), he can send these objects' IDs and lastModifiedAt in the next collection query with "a < 10". Until now, the server responded with a delta-deleted header that included the IDs of those objects that were either deleted or changed in a way that they're not part of the result anymore (e.g. changed to a=11). From now on, the server will respond with a delta-deleted header for deleted object IDs and a delta-removed header for objects that are just not part of the result anymore. This change only applies to object-based DeltaSync. When using collection-based DeltaSync, there's no delta-removed header in the response at all and there are also no object IDs of objects that aren't part of the result anymore in the delta-deleted header. |
Clients with old SDKs will still work, because the server will combine deleted and removed object IDs in the delta-deleted header when the x-apiomat-sdkversion header is < 2.5.5, leading to the old behavior. New versions of most SDKs already take care of the separate response headers and the correct handling regarding the offline storage. The handling for the C# / Xamarin and Swift SDKs will be fixed in an upcoming version. When using requests without SDK version header, you need to change the DeltaSync handling. When using DeltaSync in Native Modules, no automatic SDK version check is done and you need to change the handling as well (e.g. start using r.setDeltaSyncRemovedList(...) etc.). |
2.5.0 |
Modules who use external libraries not included in default module code |
Loading of external libraries in native modules has been changed. Please read more at Native Module specific notes and limitations.
|
Update your module using the update guide. To switch back to the previous behaviour, set useOldClassloader=true in yambas conf oryambas.useOldClassloader:true in apiomat.yaml (supported since ApiOmat 2.5.2) |
2.4.7, 2.5.1, 2.6.0 |
Usage of save() in Native Module code |
Exceptions which are thrown in save() method in native modules are now populated to the calling code. This makes it possible to react on exceptions happened during the save operation. Before 2.4.7, these exceptions were catched internally and null was returned. |
Check module code and add a try { } catch block around thesave() calls if you want to handle the exception in native module code. |
2.4.7 |
C# / Xamarin SDK |
Portable Class Libraries containing the C# / Xamarin SDK can't target the Windows Phone 8.0 platform anymore, due to the use of the System.Linq.Parallel namespace. |
Instead of using PCL profile 259 we recommend using profile 111. |
2.4.3 |
OAuth2 error code handling |
OAuth2 Token verification can now be done by external Authentication classes. Due to workflow changes, return codes on authentication failure of OAuth2 tokens will change from 401 to 840. |
If Oauth2 error codes are checked in your application, add a handling for error 840 (token invalid). |
2.4.1 |
Modules with implemented auth() methods in Hooks |
Legacy call to auth hook method on Native Module class basis without any configured auth classes was removed (AOM-3567). To increase security and strictly follow the concept of Authentication classes, the auth() method in Hook classes is now only called when the specific class is also set up as an auth class. Before this change, auth hook methods were called in 2 additional cases:
|
To stay with the legacy behaviour, set the classBasedAuth=true in yambas.conf / yambas.classBasedAuth: true in apiomat.yaml before upgrade. |
2.4.0 |
Modules with own implementation of a REST class |
New swagger library in native modules. Existing modules custom REST interface will not be shown in Apidocs and Dashboard anymore. |
Update your modules and apply changes from the new library as described at the bottom of the help page. |
2.3.1 |
Installations using same username for Users and Customers |
Since using the same email/username for Users and Customers in one installation lead to various strange errors, it will not be possible anymore to create users and customers with the same name/email address. (AOM-3238) |
Users and Customers having the same login may not be usable anymore. |
2.2.1 |
Modules using the AOM.findByNames()method |
Behaviour of <YourModule>.AOM.findByNames(...) changed; Old behaviour:
New behaviour:
|
Change handling of the return value of the findBy() method in your native module code |
Remarkable changes
Remarkable changes do not affect system stability after ApiOmat upgrade, but may require changes in configuration, apps, or modules in the next development cycle.
Version |
Affects |
Change |
Implications |
all |
DEB repository key |
The GPG key for the Debian package has changed. |
Please add the newest key to bypass apt signature errors: wget -O - https: //repo-int .apiomat.com /yambas/rest/web/Key/LIVE/apiomat-archive-keyring .asc | apt-key add - |
3.3.0 |
Query Parsing |
The query parser is more strict for queries containing a dot and an unknown prefix. Wrong Queries like "this.id" or "unknownAttribute.id" do not work anymore and should be corrected. |
This only affects wrongly crafted queries. |
3.2.1 |
Server side attribute validation |
When using a collection attribute, the regex as well as min and max length validation is now executed for each element of the collection instead of the collection as a whole. |
This only affects you if you're using regex or min/max length values for validating attribute values. Existing data is not changed at all and neither the returned data when fetching objects. But when creating or updating objects the new validation rules are followed. |
3.2.1 |
TypeScript SDK |
toJson() method in AbstractClientDataModel was renamed to toJsonString() |
toJson() will now return a JSON-Object of the AbstractClientDataModel with all of its data |
3.1.4, 3.2.1 |
Dynamic Roles |
When using Dynamic Roles, the custom role check (a.k.a. overwritten isUserInRoles() method in Native Module) was not called for ApiOmat's Customer objects since 3.1.1 . Since 3.1.4 the custom role check is executed for Customers, again. |
You may be affected, if you implemented your own isUserInRoles() method that should be called for Customer requests assumed that the role class is assigned to a MetaModel. The isUserInRoles() method will now be called for Customers credentials again, like it is supposed to. |
3.1.4, 3.2.1 |
AOM.checkRoles() method |
The basic user roles have always been hierarchical, which means for example that a user with the grant role could also read and write the object, and a user with the write role could also read the object. AOM.checkRoles() didn't adhere to this hierarchy, but instead lead to an authorization error when for example a user had write permissions and wanted to read an object. This was fixed. |
AOM.checkRoles() is usually only required when combining custom auth methods with existing basic user roles. If you're using this method and didn't take the role hierarchy into account, you should revise your auth handling. |
3.2.0 |
Database storage engine |
The default MongoDB storage engine Wired Tiger is now fully supported in ApiOmat. |
We now support Mongo's default storage engine and use it when doing a fresh install. Existing installations will keep the MMAPv1 engine, and new installations can also be re-configured to use MMAPv1 in mongod.conf. |
3.1.3, 3.2.0 |
Backend and Customer caching |
We removed the nearcache configuration from our default hazelcast.xml, as the nearcache may lead to inconsistencies when reading backends or customers from the cache. |
We recommend to remove the nearcache configuration from hazelcast.xml. This may result in a slight decrease in performance, but fixes unexpected Unauthorized messages due to outdated cache entries. Your map configuration should look like this example |
3.1.0 |
Cron Jobs |
When using the static log methods from within a cron job, the module name that is displayed in the log message won't be Server Code anymore. Instead the name of the actual module, that contains the cron job, will be used. |
informative |
3.0.6, 3.1.4, 3.2.1 |
Java |
We switched from Oracle JDK 8 to AdoptOpenJDK 8 |
On Windows, when installing the JDK with the ApiOmat installer, the JDK installation path was previously "C:\Java\jdk8" (independent of the exact version), and now it depends on the OpenJDK version, for example "C:\Java\jdk8u202-b08", with a slightly changed subdirectory structure. To copy the old Java keystore to the new location you can run the following command (only necessary when you changed the keystore): copy "C:\Java\jdk8\jre8\lib\security\cacerts" "C:\Java\jdk8u202-b08\jre\lib\security\cacerts" |
3.0.3, 3.1.3, 3.2.0 |
EHCache |
EHCache caching was removed in favour of Hazelcast caching. |
Since EHCache was only used on single node deployments, no implications for productive setups are expected. |
3.0.1, 3.1.0 |
apiomat.yaml |
The SuperAdminPassword was removed from apiomat.yaml configuration. |
We recommend to manually delete the super admin password from your current apiomat.yaml. The entry is no longer needed. If you forgot your super admin password you are now able to get a password reset link to your configured super admin e-mail address. Just use the known password reset functionality. |
3.0.0 |
sdk.properties |
The build.xml for modules for Version 3.0.0 now also searches for properties defined in {user.home}/apiomat/apiomat.properties . If the sdk.properties defines the same value, the value is read from sdk.properties file. |
We recommend the removal of customerName, password and host from the sdk.properties files of your module and instead putting these values to your local {user.home}/apiomat/apiomat.properties file |
3.0.0 |
Modules with Git repository |
Native modules can now be stored in a subfolder of a git directory. Additionally, we automatically create a .gitignore file, which ignores common build directories. |
informative |
3.0.0 |
Java SDK |
JSON lib in class folder was replaced by library |
Update project/build settings by adding the new json library in the /lib folder and remove the existing org.json package in the project folder. |
3.0.0 |
Native Module objects |
The structure of the NativeModule classes (extending AbstractClientDataModel) have been changed. The IModel interface now extends IResourceMethods and IModelMethods and therefore, you can use these Methods directly on an IModel object without casting. |
informative |
2.6.5, 3.0.0 |
Static Data (images and files) |
Internal references for Files and Images |
Until 2.6.5, files and images are deleted automatically, if the url of a file or image attribute changed to another one. This behaviour now has been adopted for removing the url from the object or deleting the whole object with that url. Besides that, we keep track of the objects that reference a file or image. If multiple objects reference the same image or file, the resource will only be deleted automatically, if the last object itself gets deleted or the url gets removed from the last object. Keeping track of references between objects and static data only applies to newly created relations, to update old datasets, please contact us for an update script. We do not update the data automatically, as this may be a time-consuming process - depending on your installation. |
2.6.3, 3.0.0 |
HREFs of embedded objects |
Before 2.6.3, HREFs inside of embedded objects had "null" as scheme/prefix followed by a resource URL. Now, all these HREFs are set completely to null. Since HREFs of embedded objects cannot be used directly to e.g. query the REST interface with it, the changes are just of informative character. |
If your client makes use of embedded objects' HREFs, then some code changes for treatment of the new prefix might be necessary. |
2.6.0 |
Repository URL |
For updating to ApiOmat 2.6 and later, you have to update to our new repository repo.apiomat.com. Also, new (personal) credentials are need, which will be kindly provided by your customer success manager at ApiOmat. |
Change your repository URLs as specified in installation manuals. |
2.6.0 |
Password Policy configuration |
This new feature allows the system adminstrator to configurate a system-wide password policy. Every newly created password that doesn't match the policy rules will be rejected. For configuration details follow the instructions on the Password Policy page. Furthermore there are two new REST endpoints to login customers and organizations properly. Visit Apidocs REST endpoint documentation for more details. |
Configure passwordpolicy.json to define and enable some new password policy rules. For more information visit Password Policy . |
2.6.0 |
Usage of REST endpoint /backup of the RestoreModule |
The specific backup function by calling the REST endpoint '/backup' manually is not supported anymore. |
Instead of using '/backup' to manually backup ApiOmat's data use the pre-configured daily cronjob. For more information visit Configure Backup / Restore Functionality |
2.6.0 |
New app versions with ObjectiveC SDK |
|
Check your code after updating a new SDK if it uses the colletion types and correct the return values |
2.6.0 |
Download SDK REST endpoint |
The download SDK REST endpoint will now need an application/octet-stream accept header. You have to update the dashboard to the latest version and change legacy scripts to make the SDK download work again. |
If existing, check your own scripts using the REST endpoint and send the new header. |
2.5.7, 2.6.1, 3.0.0 |
C# / Xamarin (-SQLite) SDKs |
The Analytics package imports and helper methods have been removed due to lacking support of the PCL for the target platforms that the ApiOmat SDK PCL works with. |
If Analytics is enabled on your installation, future SDK downloads won't contain the Countly package imports and helper methods, so if you already used the helper methods in your app code, you will get compile errors. To continue using the Countly SDK, you can import the Countly package from NuGet to your project and call the Countly methods instead of our helper methods. See Analytics Module. |
2.5.7, 3.0.0 |
Resource access rights when using restrictResourceAccess and object with new attached static data URL gets saved in NM |
In the past, when a yambas image/file URL was set to an object in a Native Module hook method and then the object was saved, with "restrictResourceAccess" being enabled in the object's class, the image/file access rights were not changed to the ones of the object. This has been fixed now, so that the behavior is the same as when the object is updated with a static data URL via the REST API. |
If you don't want your static data access rights to adopt the ones of the object that the data URL is assigned to, you need to turn off "restrictResourceAccess". Be aware that this enables access by guests (that have the correct API key) though. |
2.5.5, 2.6.0 |
New Installations beginning with 2.5.5 |
The Audit Log feature is now deactivated by default for new installations. To activate it follow the instructions on the Audit Log page. |
informative |
2.5.2, 2.6.0 |
Installations with ApiOmat Analytics |
Analytics SDK updated to server version 16.12.3 (backward compatible with older versions) |
informative |
2.5.0 |
All |
The MetaModels of invisible classes can now be fetched by the module owner and customers with the writerole for the module. This was not possible previously. |
informative |
2.5.0 |
All |
Main-Modules, which are automatically created when creating a new App-Backend, will now be hidden in Dashboard (if not containing any classes) |
informative |
2.5.0 |
Installations with ApiOmat Analytics |
Activation of the Analytics module is now done via adding it to the default modules in yambas.conf/apiomat.yaml. The separate config value analytics.enabled is not used anymore. |
Update config file to keep default module behaviour |
2.5.0 |
Image or file usage in Backbone SDK |
When loading images or files using the Backbone.js SDK, the data within the resulting model is not Base64 encoded anymore. Also the information about size, ownership etc. is not contained anymore. Alternatively you can use the loadResource method to access to former image or file data. Therefore have a look at the 'working with files' topic in the sdk reference. |
informative |
2.5.0 |
All |
Authentication of customers or organizations email adresses is now case insensitive. |
informative |
2.5.0 |
New Installations beginning with 2.5.0 |
ApiOmat issues new license keys (64 char length). These keys are periodically activated automatically, and no permanent connection to license server is needed anymore. After a successfull activation, an offline license is stored to the YAMBAS users directory and is used 10 days max. During that period, re-activations are done automatically, which will reset the 10 days threshold and generate a new offline license. |
informative - old license keys still work |
2.5.0 |
All |
YAMBAS installation now uses an own user aom-yambas and a new service name aom-yambas instead of tomcat7. |
informative |
2.5.0 |
Fileuploads with > 200MB |
Upload of static data (files, images, etc) is limited to 200 MB by default and can be changed in apiomat.yaml/yambas.conf files. |
informative |
2.5.0 |
All |
When downloading a file in the SDKs, it only gets stored in in-memory cache or persistent storage if their size is below a certain threshold. This value can be configured in the Datastore. |
informative |
2.5.0 |
Modules with own implementation of a REST class |
Native modules will contain a newer swagger annotations library after download - please update your module. Using this library version, you can use more specific definitions of @ApiParam annotations like format or type. |
Update module libraries to get access to new annotation parameters |
2.5.0 |
Native Module usage |
Native modules do not contain static class files anymore, they're packaged into an own lib. Additionally a new ant task to update your module is available. Please read more about updating your module. |
|
2.5.0 |
Native Module usage |
Modules can be released for each system separately. The field releaseState reflects the state for the current system (depending on the X-apiomat-system header in request). Additionally, there is a field releaseStates with the current state for each system. If you update this field, the releaseState field will be ignored. |
informative |
2.4.10, 2.5.5, 2.6.0 |
Native Module Deployment |
Modules are now deployed in bottom-up order. If you have a Module A which uses Module B, then, while deploying Module A, the onDeploy-Method of Module B is called first and afterwards the one of Module A. In un-deploy process the methods are called top-down. When undeploying Module A, the onUndeploy method of Module A is called first and then the one of Module B. Note that the invocation of these methods are done only in the context of a specific module (the two onDeploy method calls for the deployment of module A is independent from the onDeploy method call of module B) |
informative |
2.4.8, 2.5.1, 2.6.0 |
ObjectiveC SDK usage |
[Objective-C] Getter methods for attributes of type long and double are now returning a value of type NSNumber. |
ObjectiveC Apps may have to be changed when updating to a new SDK |
2.4.6 |
All |
ACLs of objects and classes can now be fetched separately using REST and native modules. Both will addtionally contain attributes/methods for allowedRoles{Read, Write, Create, Grant}ForClass and allowedRoles{Read, Write, Create, Grant}ForObject. The existing Implementation allowedRoles{Read, Write, Create, Grant}ForClass will remain and return a merge of both the objects and class ACLs like it was implemented before. |
informative |
2.4.2 |
All |
Startup of YAMBAS and Dashboard will check if either yaml or conf file is defined in system properties or environment. If both config files are defined, neither Dashboard nor YAMBAS can guess which one is correct and will stop with an error message. |
Check if your operation systems configuration uses multiple definitions of the config file location; change to a single one if necessary |
2.4.0 |
Apps using the Push Module |
receiverUsername attribute of PushMessage was removed because of duplication of receiverUsernames attribute. Old SDKs will still work, but newer SDKs won't contain this attribute anymore. |
informative |
2.4.0 |
Native Module usage |
Please update to the newest native modules delivered from ApiOmat when you want to inherit classes; when using older versions of the modules, sometimes the hook methods to not get called properly |
Apps may have to be changed when updating to a new SDK |
2.4.0 |
All |
New repository paths: To update to version 2.3.3 or 2.4.x, please remove the old apt/rpm repository and add the new one according to the documentation before starting the update command. |
Change the repository paths on your linux installations before upgrade |
2.4.0 |
Native Module usage |
No serialization anymore in JAR native modules |
informative |
2.4.0 |
All |
Salt & Pepper values are used to strengthen the hashing of user passwords |
informative |
2.3.9, 2.4.9, 2.5.4, 2.6.0 |
Existing Modules |
The version of the maven-dependency-plugin should be pinned to 2.1. Otherwise, libraries will be duplicated and lead to unforseen behaviour. Please remove these duplicates. ApiOmat 2.5.2 delivers a fixed pom.xml for new modules. Read more about that in the warning-note on the Maven Integrationpage. |
Update pom.xml of any existing module, remove duplicates |
2.3.0 |
Apps using the Wordpress Module |
Wordpress type attribute name changed; type will not be set- or gettable by older SDKs when using Wordpress. |
Apps may have to be changed when updating to a new SDK |
2.2.7 |
Multi-node setups |
Application config changes can trigger the modules onConfigChange() method on all cluster nodes, depending on the @ModuleConfig.notifyAllNodes setting. |
informative |
2.2.1 |
All |
Deploy in Dashboard only compiles dynamic (non-native) modules of the customer |
informative |