Find our docker images and Helm Charts linked here:
>> Version Tags Services

Change in Testing Infrastructure Helm Chart

The infrastructure Helm Chart providing third-party software to build a first testing environment for a new yuuvis® Momentum installation contains Gitea 1.14.3 now as git server instead of Gogs.
>> Installing Helm Chart for Testing Infrastructure

Features

Here you will find some of the new release's highlights. Check out the Change Log for further information on all changes.

Please also pay attention to the Breaking Changes and some Update Instructions.

Core

Batch PATCH for Metadata

The metadata of multiple objects can be updated with one request of the new endpoint.
>> PATCH /api/dms/objects

Tenant Schema Management

System integrators are now able to manage the individual tenant schema for any tenant in the system via the following new endpoints:

• GET /api/system/tenants/{tenant}/schema - Retrieves the tenant schema that is stored for the tenant matching the {tenant} path parameter.
• POST /api/system/tenants/{tenant}/schema - Updates the tenant schema stored for the tenant specified by the {tenant} path parameter.
• POST /api/system/tenants/{tenant}/schema/validate - Validates an XML schema file to be used as tenant schema for the tenant specified by the {tenant} path parameter.

Cross-Tenant Requests (KDDA)

Within your yuuvis® Momentum cluster, you might want to operate a service for asynchronous background processing that is working on all the data in your system independently of the tenant they belong to. Such services need to access the data of all tenants. In order to enhance their performance, they can use an internal service account that allows for cross-tenant requests and thus avoid high numbers of requests to individual tenants. To configure internal service accounts, read this article carefully and make sure you do not skip any of the described configuration steps in order to ensure and secure the tenant separation.
>> Cross-Tenant Service Accounts

In order to allow for the configuration and usage of service accounts, an ancillary Kubernetes Service has to be created.
>> Update Instructions for AUTHENTICATION Service

Object Creation Permissions

In role sets, permissions can now be set for the creation of objects by introducing the action create.
>> Access Authorization and Permissions

So far, the object creation was enabled together with the edit permission via the action write. Hence, your role sets have to be updated as described in the Breaking Changes.
>> Breaking Change due to new Object Creation Permissions

Fuzzy and Proximity Search in Full-Text Queries

In full-text search queries, partially matching objects can be provided as results. Thus, it is possible to search for similar terms or variant spellings.
>> Fuzzy Search

Furthermore, it is possible to allow for reversed ordering of words in a phrase or to allow for additional words between the words of a phrase.
>> Proximity

Boosting for Full-Text Search

Boosting can be applied to the list of matches of full-text search queries. The boost operator influences the relevance of individual terms within a CONTAINS statement. Thus, the sorting of the objects in the hit list is directly influenced.
>> Boosting

Signature of Internal JSON Web Tokens

Each call of a yuuvis® Momentum endpoint is routed through the AUTHENTICATION service. After successful authentication, an internal JSON Web Token (JWT) is created and assigned to the call containing user-specific information. This JWT authorizes the call in every service within the data processing chain. In order to prevent unauthorized access from outside by faking the JWT, it has a signature that can be used for an additional validation of the caller's authorization. The additional section in the JWT might lead to a Breaking Change in your system.
>> AUTHENTICATION Service

AUTHENTICATION Service Information Endpoints

The /manage/** endpoints provided by the AUTHENTICATION Service are now available via a separate port that is protected from external access. Even if they are exposed for access without a specific authorization, they are accessible only for services inside the Kubernetes cluster. In order to call the /manage/** endpoints of the AUTHENTICATION service, its configuration has to be adjusted and an ancillary Kubernetes Service has to be created to manage the port as described in the update instructions.
>> Configuration Changes for the AUTHENTICATION Service

New Webhook for Import and Update

The new webhook type POST dms.request.objects.upsert.dadabase-before can be triggered by an object import, an update of the content, an update of the metadata or a tag update. It receives the completed objects just before they are indexed. That means the objects are already enriched with system properties and default values (wherever necessary), normalized and validated.
>> POST dms.request.objects.upsert.database-before

Service Monitoring

This monitoring solution allows the observation of your yuuvis® Momentum Kubernetes Cluster. The integrated Grafana Web UI serves for visualization of resource consumption and network traffic for yuuvis® services or their individual pods.
>> Service Monitoring

Retrieval of Configuration Files during Git Downtimes

The CONFIGSERVICE can retrieve the cached version of configuration files even if git is temporarily not accessible. Thus, during a downtime of the git server, GET requests to the CONFIGSERVICE will be successful whereas requests for storing resources will not be successful.
>> CONFIGSERVICE

Tenant Management API

Role Assignment via Groups (KDDA)

If users are assigned to a group, the same configuration of roles is assigned to all members. Therefore, the response body of the user information endpoints is extended. If a group is deleted, the roles referenced in that group will be removed from all group members. Groups and roles can both be individually created, modified, and deleted via the corresponding endpoints. The endpoints are not yet used by yuuvis® architect and yuuvis® management console.

In the tenant creation profile, the creation of groups and assignments of roles to users can be configured. It will be applied to each tenant creation process. Therefore, the corresponding endpoints expect/return the section groups in the body now:

• POST /tenant-management/api/system/profile - Update the tenant creation profile.
• GET /tenant-management/api/system/profile - Retrieve the tenant creation profile.

Assignment of the System Integrator Role (KDDA)

The endpoint POST /tenant-management/api/admin/users that is accessible with the role YUUVIS_TENANT_ADMIN does not allow for the assignment of the role YUUVIS_SYSTEM_INTEGRATOR anymore. Only the endpoint POST /tenant-management/api/system/tenants/{tenant}/users that is accessible with the role YUUVIS_SYSTEM_INTEGRATOR allows for the assignment of the role YUUVIS_SYSTEM_INTEGRATOR to other users.
>> Breaking Changes

Searching for Users (KDDA)

The requested list of users of a tenant can be filtered using a parameter. The following endoints are extended:

• GET /tenant-management/api/system/tenants/{tenant}/users for system integrators
• GET /tenant-management/api/admin/users for tenant administrators

Creating a Technical User

If a service should be authorized to call the endpoints of the Tenant Management API, a technical user account is required. It is now possible to create such accounts directly with a non-temporary password that will be stored encrypted in the tenant creation profile.
>> Tenant Creation Profile

User Invitation

If no SMTP parameters are set for a new user, no invitation e-mail can be sent. The currently logged-in user will be informed.

• POST /tenant-management/api/system/tenants/{tenant}/users for system integrators
• POST /tenant-management/api/admin/users for tenant administrators

Activating and Deactivating Tenants (KDDA)

Tenants created via Tenant Management API are activated per default. However, in customers' contractual agreements, it might be required to deactivate tenants. The endpoint for updating a tenant allows for deactivation and activation of tenants now.
>> PATCH /tenant-management/api/system/tenants/{tenant}

yuuvis® management console

Activating and Deactivating Tenants

In the tenant creation dialog, it is possible to activate or deactivate tenants according to customers' contractual agreements.
>> Organization View

yuuvis® client as reference implementation

Defining Object Types (KDDA)

The classification systemsot for System Floating Secondary Object Types (SFSOT) suppresses the listing of the corresponding Secondary Object Type for users of your client that do not have any administrative roles. The SFSOTs are not displayed in the Characteristics field in your client, but are listed in the classification[systemsot] field in the Administrative information section of the Summary aspect area.
>> Classification of Secondary Object Types

Switching Between Different Tenants

If you have user accounts in multiple tenants, you can now easily switch between the tenants after logging out of the currently active account.

Typification Suggestions during Object Creation

While creating a document object with a content file, the user can be supported by a prediction for the suitable typification of the object. Each suggestion consists of a rough typification by means of an object type (e.g., contract) and a suitable sub-typification (e.g., employment contract) defined as a value in the typification catalog field of that object type.
Note: This feature requires an installed beta version of the new Auto ML Platform which is not yet included in yuuvis® Momentum installations.
>> Defining Object Types for yuuvis® client

Support of Business Process Management (BPM)

The new public API of the BPM Engine is now used by yuuvis® client as reference implementation. The Inbox view allows for the handling of standard processes and follow-ups, whereas the My processes view provides an overview of all active processes started by the logged-in user. Moreover, the object actions can be extended with a plugin action that can be offered in the MORE ACTIONS action group.
>> Connection of BPM Engine

yuuvis® architect

Switching between Tenants

Users with accounts in multiple tenants can easily switch between their tenants via Switch tenant instead of a conventional logout. The new role YUUVIS_MULTI_TENANT is required.
>> yuuvis® architect

Client Development Libraries

Client Authentication via OpenID Connect

The Core Library is supporting the build of clients that can authenticate via OpenID Connect by means of bearer tokens. Thus, they can be operated outside the yuuvis® Momentum cluster.
>> Running clients outside the yuuvis® Momentum cluster

VIEWER Service

It is now possible to authenticate via bearer token to the VIEWER service. Especially, a preview for binary content files can be retrieved.
>> VIEWER Service

BPM Engine

Public API

The essential workflow functions needed for client development have been published as a public API. The API focuses on user perspective (get tasks of authorized user, start a process as authorized user, etc.) and allows for the development of fully custom clients on a stable API. Functions and endpoints needed for administrative purposes (such as "show tasks of all users in a tenant") are available only within the Kubernetes cluster and are not public.
>> BPM Engine Endpoints

Flowable Update

BPM Engine has been updated to Flowable 6.6.

BPM Model Scripting

Groovy is supported as scripting language in BPM models.

Health Check Endpoints

Each service offers the https://<host>/<service>/manage/health endpoint to retrieve information on its current status. DevOps engineers can thus monitor the liveness and readiness of individual services.
Note: As already described in the section for the core system above, the health check endpoint for the AUTHENTICATION service is only available for internal services.
>> Health Check for Services

Release Candidates

The Release Candidates (Alpha) provide the preliminary results expected to be ready at the corresponding date.
>> Version Tags Services - Release Candidates

Alpha1 - 01 JUN 2021

Core

Batch PATCH for Metadata

• A PATCH update of the value for a specified property can be applied to multiple objects. (internal: OKTO-4764)

Tenant Management API

Role Assignment via Groups

• Extensions of the tenant creation profile: (internal: COOL-14292)
  • A new parameter section groups is introduced that lists all groups to be created containing roles to be assigned.
  • The section user is extended to assig groups to a user.
• Users with the YUUVIS_SYSTEM_INTEGRATOR or YUUVIS_TENANT_ADMIN roles can create, update, get, and remove groups via Tenant Management API. These administrators can assign roles and users to a group as well as remove them. The members of groups are listed. (internal: COOL-14292)
• Users with the YUUVIS_SYSTEM_INTEGRATOR or YUUVIS_TENANT_ADMIN roles can create, and remove roles via Tenant Management API. (internal: COOL-14966)

Alpha2 - 15 JUN 2021

Core

Fuzzy Search of Full Text

• In full-text search queries, also partially matching objects can be provided as results. (internal: OKTO-4760)

Boosting for Full-Text Search

• Boosting can be applied to the list of matches of full-text search queries. (internal: OKTO-4761)

yuuvis® client as reference implementation

Defining Object Types

• A new classification value for secondary object types allows to hide the corresponding technical names in the Characteristics field of the Summary aspect area and display them in the Administrative information section instead. (internal: COOL-14997)

Alpha3 - 29 JUN 2021

The two weeks from 16 to 29 JUN 2021 will be our innovation sprint that allows us to try out new ideas and explore new ways for the future. We do not plan to deliver new features in this sprint, but we will fix the appearing bugs if possible.

Core

Signature of Internal JSON Web Tokens

• The internal JSON Web Token (JWT) has an additional section with a signature that can be used for additional validation of the caller's authorization. (internal: OKTO-4752)

Alpha4 - 13 JUL 2021

Core

New Webhook for Import and Update

• A webhook is provided that is triggered after storing the binary data and before writing the data to the database. (internal: OKTO-4819)

Retrieval of Configuration Files during Git Downtimes

• The CONFIGSERVICE can retrieve the cached version of configuration files even if the git is temporarily not accessible. (internal: OKTO-4894)

Tenant Management API

Searching for Users

• Users with the YUUVIS_TENANT_ADMIN role can search for users within their tenant. Users with the YUUVIS_SYSTEM_INTEGRATOR role can search for users within a specified tenant. (internal: COOL-13966)

Creating a Technical User

• It is possible to create a technical user with a non-temporary password. (internal: COOL-14976)

yuuvis® client as reference implementation

Switching Between Different Tenants

• After logging out, the user can change the tenant before logging in again. (internal COOL-14939) 

Typification Suggestions during Object Creation

• While creating a document object with a content file, the user can be supported by a prediction for an object type and a suitable sub-typification defined as a value in the typification catalog field of that object type. (internal: COOL-15049)
  This feature needs an installed beta version of the new AI Service.

Client Development Libraries

Client Authentication via OpenID Connect

• The Core Library is supporting the build of clients that can run outside the yuuvis® Momentum cluster by authentication in via OpenID Connect. (internal: COOL-15159)
  Note: A preview of binary content files is not yet supported.

BPM Engine

Public API

• Users can get the list of available process definitions (internal: ERA-7869) and details of a process definition. (internal: ERA-7870)
• Users can start a process (i.e., instantiate a process definition). (internal: ERA-7871)
• Users can get processes started by themselves (internal: ERA-7872) and details of a process. (internal: ERA-7874)
• Users can delete a process started by themselves. (internal: ERA-7875)
• Users can get all tasks assigned to themselves or where they are mentioned in the list of potential users for the task. (internal: ERA-7876)
• Users can get details of a task that is visible to themselves. (internal: ERA-7877)
• Users can claim ta ask, unclaim a task, or assign a task to another user. (internal: ERA-7878)
• Users can save variables of a task, without completing it. (internal ERA-7879)
• Users can complete a task. (internal: ERA-7880)

Flowable Update

• BPM Engine has been updated to Flowable 6.6.

Other stories

• Groovy is supported as scripting language in BPM models (internal: ERA-7568) 

Alpha5 - 27 JUL 2021

Core

Tenant Schema Management

• System integrators can manage tenant schemata for other tenants than their own. (internal: OKTO-4670)

yuuvis® client as reference implementation

BPM support:

• The new public BPM-API is supported (internal: COOL-15190)
• The 'Inbox' view supports standard processes in addition to follow-ups. (internal: COOL-15167)
• The new 'My processes' view is listing all active processes the user has started. (internal: COOL-15197)
• A plugin action can be imported that allows for specific processing of a selected object. (internal: COOL-15286)

Tenant Management API

Searching for Users

• Users with the YUUVIS_TENANT_ADMIN role can search for users within their tenant. Users with the YUUVIS_SYSTEM_INTEGRATOR role can search for users within a specified tenant.
  The corresponding endpoint is extended with the optional parameters search, first and max. (internal: COOL-13966)
  Note: This feature was planned for Alpha4 but had to be postponed.

Creating a Technical User

• The user passwords in the tenant creation profile will be stored encrypted. (internal: COOL-15202)

User Invitation and Deletion

• While creating a tenant with an initial user, you are informed that an invitation e-mail could not be sent if no SMTP parameters have been set. (internal: COOL-14401)
• The e-mail settings of a tenant can be changed. (internal: COOL-15214)
• Removing users removes their user settings as well (internal: COOL-14694)
  Note: This feature had to be postponed and is now planned for version 2021 Winter.

Activating and Deactivating Tenants

• The endpoint for updating a tenant allows for deactivation and activation of tenants. (internal: COOL-15220)

Keycloak Configuration during Tenant Creation

• Keycloak default roles: While creating a tenant, the Keycloak standard roles are set to empty per default or to custom values per profile. (internal: COOL-15188)
  Note: This feature was discarded. Alternatively, remove the Keycloak standard roles manually from your Master Realm. In the future, the Keycloak standard roles will no longer be offered in the user management of the Tenant Management API.

Final - 20 AUG 2021

Core

Cross-Tenant Service Accounts

• Business services can be enabled to perform cross-tenant operations. (internal: OKTO-4762)

Object Creation Permissions

• Permissions can be set for the creation of objects. (internal: OKTO-4807)

VIEWER Service

• It is now possible to authenticate via bearer token to the VIEWER service. Especially, a preview for binary content files can be retrieved. (internal: COOL-15168)

yuuvis® management console

Activating and Deactivating Tenants

• In the tenant creation dialog, it is possible to activate or deactivate tenants according to customers' contractual agreements. (internal: COOL-15230)

yuuvis® architect

Switching between Tenants

• Users with accounts in multiple tenants can easily switch between their tenants via Switch tenant instead of a conventional logout. The new role YUUVIS_MULTI_TENANT is required. (internal: COOL-15316)

Postponed Features

These initially planned features could not be realized. Some of them are planned for the next version 2021 Winter.

Core

Batch DELETE of Objects

Multiple objects can be deleted with one request.

CATALOG Service 

A new CATALOG service will be offered that allows for the integration of catalogs in yuuvis® Momentum.

Rendition Repository

A repository manages the renditions assigned to objects. Renditions can be added, updated, and deleted via specific endpoints.

Tenant Management API

Technical User Role in Keycloak (KDDA)

Technical users can be created together with a new tenant. The technical users have the YUUVIS_SERVICE role which is added to Keycloak, but not to yuuvis® Momentum. Users with this role are excluded from the user lists returned by the endpoints GET /tenant-management/api/admin/users and GET /tenant-management/api/system/tenants/{tenant}/users. Thus, in yuuvis® architect, they are not displayed in the user list of their tenant and cannot be edited.
Note: The concept of this feature is under development until further notice.

User Deletion (KDDA)

During the deletion of users, all their stored settings will be deleted as well.

Hotfixes

Below you will find information about the provided hotfixes. The latest status about the atrefacts can be bound here: "Version Tags Services".