Fixes and Known Issues

Product Fixes

The Summer 2024 release of ProcessMaker Platform includes a series of important fixes to enhance functionality and improve overall user experience. This update addresses a variety of issues, ensuring smoother performance, greater stability, and improved usability across several key features.

Version 4.11.6

  • Fixed an issue that caused the system to freeze when handling variable names with a nested object structure of three or more levels in dot notation. The system now processes these configurations smoothly.

  • Web entry links now display a notification if the task is already completed or routed.

  • File upload security has been strengthened to display a clear error message for disallowed file formats, now rejecting archive formats like .zip, .rar, .tar, .7z, and similar file types.

  • The email change mechanism has been secured to prevent potential account takeover risks. Validation now specifically applies to ProcessMaker users logging in with usernames and passwords, ensuring authenticated and protected email updates.

  • Session tokens are now invalidated upon logout, enhancing security by securely terminating active sessions and preventing unauthorized access.

  • Mitigated vulnerabilities in SVG files uploaded to the file manager, preventing unauthorized redirects and enhancing platform security.

  • The getScriptExecutionResponse function has been fixed to ensure correct execution without errors when using $key. Scripts now run as expected and return accurate results.

  • The autosave feature in screens now correctly saves new lines in rich text controls, retaining the original formatting even after refreshing the page.

  • The Signature screen control now remains visible on mobile devices while scrolling, ensuring it does not disappear after signing.

  • Web entry endpoints now utilize caching, significantly reducing load times for form submissions and screen rendering.

  • Guided Template imports are now faster and more efficient, allowing for quicker setup and a smoother experience.

  • Fixed an issue where custom CSS was not rendering in the summary of a case. Custom CSS in Display screens now appears as intended in the case summaries.

  • An option has been added for ProcessMaker Administrators/Super Admins to log in with local credentials, bypassing SSO authentication even when Standard Login is disabled, facilitating SSO troubleshooting.

  • The model_id assignment issue during process template import has been resolved, ensuring that embedded LaunchPad links are included as expected.

  • The placeholder text in the templates search bar has been updated to "Search templates," aligning with the intended function.

  • FlowGenie can now be added to project assets without issues, allowing for seamless integration from the project's asset section.

  • Added a status indicator to show when slideshow mode settings are being saved, ensuring 'Enable Slideshow Sharing' setting remains correctly selected.

  • SAML users now successfully log out on the first attempt, eliminating the need for a second logout action.

Version 4.11.5

  • Resolved errors encountered by some users after logging in when using custom dashboards.

  • Optimized DB queries for overall performance improvements.

  • Resolved an issue where Saved Searches were not working in some environments due to empty time zone values for deleted users.

  • Changed the Element Destination label to Task Destination in the properties for Form-Tasks, Manual-Tasks, End Events, Signal End Events, and Terminate End Events for consistency with terminology used across the Platform.

  • Addressed an issue where screens for parallel tasks did not display any information. Case data is now correctly displayed in screens during parallel task execution.

  • Users can no longer interact with screens for self-service tasks before claiming them.

  • Improved Analytics to ensure proper display across all environments.

Version 4.11.4

  • Resolved an issue preventing super admins to reassign tasks via API without the "Allow Reassignment" option enabled.

  • Added a message and log-out prompt for logged-in users accessing anonymous Web Entry tasks, allowing them to log out and be redirected to the task. More info.

  • Corrected task assignment to sub-groups, ensuring tasks are properly assigned to all group and subgroup members.

  • Ensured screen changes are reflected in ongoing cases, so updates apply to both new and ongoing cases.

  • Resolved a PDF upload validation error, allowing safe PDFs without embedded JavaScript to be uploaded without being flagged as "dangerous content."

  • Fixed an issue with non-clickable links on completed screens for web entries, ensuring links are now functional as expected.

  • Added support for both PMQL filter syntaxes, ensuring compatibility with data.SRV_ACRONYM = "{{data.SRI_SERVICE}}" and data.SRV_ACRONYM = "{{SRI_SERVICE}}" in the current version.

Version 4.11.3

  • Screen or request variables accept both of these Mustache syntax formats, {{data.SRI_SERVICE}} and {{SRI_SERVICE}}, ensuring compatibility and proper filter functionality.

  • Importing a process completes smoothly without any unexpected redirects, allowing the user to continue without interruption.

  • The Task Source (Default) destination correctly redirects users back to the original form task screen as expected, ensuring smooth process execution.

Version 4.11.2

  • Resolved an issue where the slideshow icon would intermittently disappear in the modeler after process imports and page refreshes. The icon now consistently appears in all scenarios.

  • Fixed a problem where the script would crash during the PDF merge process. The script now runs smoothly, merging PDFs without any errors.

  • Restored missing key fields (such as title and country) in the _user magic variable, which previously caused calculated fields in screens to malfunction. Fields are now correctly populated, ensuring accurate data in calculated fields.

  • Improved file upload messaging by adding a more descriptive error message when a PDF containing malicious code fails to upload. Users now receive clear feedback, similar to the experience in the files/public section.

  • Enhanced security by securing the user_id field, preventing unauthorized modifications during process execution and ensuring the integrity of user identity.

  • Resolved an access control issue where users could view projects by changing the project ID in the navigation bar, even if they weren't the project owner. Now, only authorized users can access projects.

  • Addressed multiple warnings related to translations, ensuring that all translated content is displayed accurately, improving the overall localization experience for users.

  • Fixed an issue where documentation for Pool and Line objects was not displayed when hovering over the doc-circle in the process modeler. All objects now correctly display their documentation.

  • Strengthened security by restricting public access to application and API information at the /docs URL. Documentation is now only accessible to logged-in users or hidden from public access.

  • Ensured that unread tasks opened from the windows pane are correctly marked as read after interacting with them, providing accurate task status updates.

  • Corrected the screens completed counter, which previously showed more screens than were actually completed when viewing a case. The counter now accurately reflects the correct number of screens completed.

  • Resolved an issue with the ellipsis buttons in the "Menus" tab under Customize UI, ensuring they remain in a consistent position when navigating through pagination.

  • Fixed an issue where userB was unable to claim a task reassigned by userA if the task wasn’t claimed first. The reassign button is now disabled until the task is claimed, ensuring a smoother task reassignment process.

  • Date filters in case trays now display in the user’s local date and time format, as well as their time zone, replacing the previous ISO 8601 and UTC formats, for better clarity and user experience.

  • Improved privacy by preventing unnecessary calls to the /users endpoint from Requests/Cases and Tasks trays, which exposed user information. Sensitive data is now protected and only accessed when required.

  • Updated the "Robotic Process Automation" label to "UiPath" in the Admin Section and Modeler, providing consistent naming for UiPath integrations.

  • Errors generated during the execution of PHP, JavaScript, Java, Python, and C# scripts are now automatically deleted after the script completes, improving performance and maintaining a clean log.

  • Fixed an issue where email screens in Action By Email processes were not correctly imported. All email configurations are now imported properly with the process, ensuring seamless functionality.

  • Strengthened security by blocking attempts to upload PDFs containing XSS (cross-site scripting) vulnerabilities in the following areas:

    • File Manager (Public Folder)

    • API POST Endpoint (/requests/{{requestID}}/files)

    • File Control in Tasks This ensures that malicious files cannot be uploaded.

  • Standardized the display of the "Firma" control in the Spanish language interface to start with a capital letter, matching the format of other field controls.

Version 4.11.0

UI/UX

  • Watchers running scripts to clear text areas and input fields were malfunctioning, causing old data to reappear. Resolved to ensure fields are properly cleared.

  • "Null" displayed as a list label in email-type screens with empty List Labels. Now, nothing is displayed when no label is provided.

  • Deleted users remained active. Fixed to ensure users are inactive when moved to the "deleted users" list.

  • Screen changes were lost after renaming screens. Updated Save button to "Save and Publish" to preserve modifications.

Performance Optimization

  • Summary screens failed with large delegations. Resolved by preventing the loading of the process_request_token column for better performance.

  • Pagination added to summary screens for large data sets, ensuring correct loading.

  • Intermittent OOM failures in the api/1.0/tasks endpoint. Memory optimizations implemented to prevent exhaustion.

  • Line charts failed with multiple categories in saved searches. Issue confirmed and rendering accuracy improved.

  • Mismatch between chart data and saved searches. Resolved for accurate data plotting.

Security & Compliance

  • NPM IP Package v2.0.0 had an SSRF vulnerability (CVE 2023-42282). Upgrading to v2.0.1.

  • Domain validation in script direct API access corrected to properly verify URLs, focusing on domains.

Process & Task Management

  • Tasks assigned using "Rule Expression" and "Self Service" were not visible to group members. Fixed to ensure tasks are accessible for claim.

  • Incorrect task delegation when a user is set to Out of Office. Addressed to ensure tasks go to the designated delegation user.

  • PDF Generator failed with file names containing spaces. Now supports names with white spaces.

API & Integration

  • SCIM provisioning sync errors during user updates. Enhanced error handling for seamless synchronization.

  • Boundary signals in processes caused SQL errors during project addition. Fixed to prevent signals from being treated as individual assets.

Data Handling

  • Records with special characters weren't saved in searches. Fixed to ensure accurate data saving, even with special characters.

  • Inconsistent count numbers in saved searches and list charts. Resolved for accurate and consistent counts.

  • UTC time displayed in emails instead of the selected time zone. Fixed to match the sender's time zone and include time zone details.

Connectors

  • Send Email Connector name reverted when editing the Subject field. Resolved to maintain the connector's name as intended.

  • Discrepancies between form data and email content for selected times in date pickers. Resolved to ensure consistency.

Known Issues

The following issues are being investigated and will be addressed in a future update.

Version 4.11.2

  • Screen Changes Not Reflected in in-progress Cases (Resolved in 4.11.4): When editing and publishing changes to a screen used in a process, the updates are not visible in in-progress cases. The expected behavior is for the changes to be reflected in both new and in-progress cases. This will be resolved in a future release.

  • Task Destination Redirect: In certain cases when using Web Entry and Interstitial Screen in an End Event, the redirect feature may not function as expected. This occurs because the End Event has its own built-in redirect option, which takes precedence and operates as the default redirect. This will be resolved in a future release.

  • AI Assistant Help Text Not Displayed: After creating a new process, the placeholder help text in the AI Assistant is not displayed in the designer. The expected behavior is for the placeholder text to appear, guiding users on how to use the AI Assistant. This will be resolved in a future release.

  • Incorrect Screen Assignment in Send Email Task: When using the asset quick create option for a Send Email task, it is possible to assign a form screen to the task after closing the modal and selecting a screen. The expected behavior is that only email screens should be assignable to a Send Email task, preventing form screens from being selected. This will be resolved in a future release.

    Workaround: Users can manually select an email screen.

  • Incorrect Screen Assignment in Manual Task: When using the asset quick create option for a manual task, it is possible to assign a form screen after closing the modal and selecting a screen. The expected behavior is that only display screens should be assignable to manual tasks, ensuring form screens cannot be selected. This will be resolved in a future release.

    Workaround: Users can manually select a display screen.

  • Stay Connected Timer Not Resetting: When the "Stay Connected" option is enabled and the configured time elapses, the warning message appears as expected. However, clicking the "Stay Connected" button does not stop the timer, and the application logs off once the timer runs out. The expected behavior is that clicking the "Stay Connected" button should reset the timer, preventing the user from being logged off. This will be resolved in a future release.

Version 4.11.0

AI-Driven Process Documentation

  • In the documentation view of a process, the name of a PM Block disappears, leaving it unlisted.

Process Launchpad

  • In the Launchpad, tooltips are not displayed for tab names on the process-browser page, and text is prematurely truncated to 25 characters instead of the intended 35 characters. Workaround: Enter tooltips less than 35 characters.

  • The search field in the Guided Templates section on the process-browser page has a different UI compared to the search fields in the All Templates and Recent Cases sections

Smart Inbox

  • Unread tasks are not marked as read when opened through the preview pane on the Tasks page, even after refreshing the page.

Designers

  • The submit button is disabled when required fields, such as those in a Signature control, are hidden on web or mobile, blocking form submission. Workaround: Use a visibility rule instead of using the required setting.

  • When two users collaborate on a process and publish different alternatives, changes made by one user are not reflected for the other without a page reload.

  • Label style and size differ between the "Run Test" option in the modeler and process configuration.

  • When editing a user and assigning a Delegation or Manager, the selected user is not highlighted, causing confusion.

  • The Undo/Redo functionality does not work correctly with AI-generated content in screen forms.

  • Starting a process created from a template with Alternatives A and B results in a 500 error.

  • When a task is assigned by rule and sent to the default user, the system incorrectly shows the default user completed the task.

  • Using the "Go Back" button after modifying Alternative B causes the alternative to revert to its initial state. Workaround: Save alternative to avoid losing information.

  • When adding new tasks to the sequence flow between existing elements in a process, the flow is not saved correctly, leading to misconfigured connections.

  • When using a web entry, if the Task Destination is not properly configured, the system may redirect users back to the login page after the Completed screen is displayed.

    Workaround: To avoid this issue, ensure that the Task Destination is configured with a valid URL. This will prevent the system from redirecting to the login page and ensure that users are directed to the intended destination after completing the web entry.

Administration Settings

  • The ellipsis in the Dashboard and Menus sections under Customize UI is misaligned, appearing too far to the right and centered instead of being aligned to the right edge of the screen.