Zum Hauptinhalt springen

36 Posts getaggt mit "LTS"

Alle Tags anzeigen

Patch 2024.2.7 / CVE-2025-41234

The Spring project has published a Security Advisory concerning Spring Framework, an open-source library used by INFOMOTION Data Management Center.

Based on our analysis and the available information, the relevant vulnerability CVE-2025-41234 does not affect INFOMOTION Data Management Center since our application does not prepare headers using org.springframework.http.ContentDisposition.

Nonetheless, we are publishing a Patch Release of Data Management Center with an updated & fixed version of Spring Framework.

Dependency Upgrades

  • Upgrade to Spring Framework from 6.2.5 to 6.2.8 to avoid potential issues with CVE-2025-41234

(since 2024.2.6)

Docker-Image: infomotiondmc.azurecr.io/dmc:2024.2.7

Patch 2024.2.6

Bugfixes

  • Properly load previously defined triggers on application startup
  • Execute scheduled tasks as system user to avoid permissions errors
  • Fix behaviour for very-high-precision numbers on MSSQL
Check Task Triggers

Please verify the Tasks & associated Triggers after installing the update. Due to a bug in previous versions, customers may have been led to define multiple redundant triggers for the same task!

(since 2024.2.5)

Docker-Image: infomotiondmc.azurecr.io/dmc:2024.2.6

Patch 2024.2.5 / CVEs CVE-2025-31650 & CVE-2025-31651

Two separate vulnerabilities CVE-2025-31650 and CVE-2025-31651 have been disclosed, affecting the Tomcat Web Application Server.

A version of Tomcat is included in the INFOMOTION Data Management Center package and used for the containerized and standalone deployment options. We are now releasing an updated version 2024.2.5 of Data Management Center that includes a patched version of Apache Tomcat.

Please note that this patch only secures containerized or standalone DMC deployments. When deployed within a custom Tomcat installation, that installation should be patched as well.

Dependecy Upgrades

(since 2024.2.4)

Docker-Image: infomotiondmc.azurecr.io/dmc:2024.2.5

Patch 2024.2.4

Bugfixes

  • Upgrade to Spring Boot 3.4.4 including embedded Tomcat 10.1.39 to avoid potential issues with CVE-2025-24813

(since 2024.2.3)

Docker-Image: infomotiondmc.azurecr.io/dmc:2024.2.4

Patch 2024.2.3

Bugfixes

  • Allow users to choose .xlsm files for upload

  • Use base image containing shell & mkdir for DMC container build

(since 2024.2.2)

Docker-Image: infomotiondmc.azurecr.io/dmc:2024.2.3

Patch 2024.2.2

Bugfixes

  • Properly report all columns if multiple required columns are missing

(since 2024.2.1)

Docker-Image: infomotiondmc.azurecr.io/dmc:2024.2.2

Patch 2024.2.1

Bugfixes

  • Avoid error message when uploading files with duplicate (case-insensitive) column name
  • Fix error when displaying all QS violations with QS rules containing placeholders
  • Container Image only: Update included Java Runtime Environment (JRE) to 17.0.14 fixing CVE-2025-21502

(since 2024.2.0)

Docker-Image: infomotiondmc.azurecr.io/dmc:2024.2.1

Release 2024.2 (LTS)

Bugfixes

  • Proper validation of empty primary keys during file import
  • Fix rare frontend error when editing table properties with empty description
  • Revert paginator to show row numbers instead of page numbers
  • Avoid potential deadlocks when deleting many cached objects at once...
  • Avoid various (transient) error messages when deleting many tables at once
  • Remove swagger-ui due to CVE-2024-45801
  • Apply default column mappings case-insensitive
  • Fix an error occurring when sorting by hist_from in specific cases for MSSQL database
  • Fix permissions check when editing table/data permissions
  • Increase maximum number of decimal digits when using embedded H2 database

Improvements

  • Allow copying table columns
  • Ensure usernames are only logged at DEBUG or TRACE level
  • Built-in database ("db") authentication disabled by default
  • Frontend improvements for long-running operations (delete multiple tables, import deployment set)
  • Additional logging for file imports
  • Allow at least partial startup & debug output when configuration is missing
  • Allow removal of the last filter
Built-in Database Authentication

Please note that built-in database authentication does not enforce password policies and support multi-factor authentication - both which are strongly recommended for production use.

Due to this, database authentication will not be enabled by default starting with release 2024.2

If you want to continue using this functionality, you will need to explicitly enable it by setting DMC_AUTH. For details see the Documentation"documentation".

(since 2024.1.6)

Docker-Image: infomotiondmc.azurecr.io/dmc:2024.2.0

Patch 2023.2.8

Bugfixes

  • Avoid potential deadlocks when deleting many cached objects at once...
  • Avoid various (transient) error messages when deleting many tables at once
  • Fix NG0100 'changed after checked' frontend error in certain conditions

Improvements

  • Frontend improvements for long-running operations (delete multiple tables, import deployment set)

(since 2023.2.7)

Docker-Image: infomotiondmc.azurecr.io/dmc:2023.2.8

Patch 2023.2.7

Bugfixes

  • Remove unneccessary swagger-ui dependency due to CVE-2024-45801

  • Make default column mappings case-insensitive (like all column mappings)

(since 2023.2.6)

Docker-Image: infomotiondmc.azurecr.io/dmc:2023.2.7

Patch 2023.2.6

Bugfixes

  • Fix permissions check when editing table/data permissions

  • Fix displaying deleted records with very long texts in historical view

  • Correct import of tables with names ending in digits

  • Update to Spring 5.3.38 because of CVE-2024-38809

(since 2023.2.5)

Docker-Image: infomotiondmc.azurecr.io/dmc:2023.2.6

Patch 2023.2.5

Docker-Image: infomotiondmc.azurecr.io/dmc:2023.2.5

Bugfixes

  • Deadlock-Vermeidung durch sequentielles Löschen mehrere Tabellen

Patch 2023.2.4

Docker-Image: infomotiondmc.azurecr.io/dmc:2023.2.4

Bugfixes

  • Update auf Spring 5.3.34 wegen CVE-2024-22259
  • Zu kurze VARCHAR-Felder verlängert (insbes. QS-Regel-SQL)..")
  • Fehlerhafter Metadaten-Cache nach fehlgeschlagenem Import bereinigt

Verbesserungen

  • Verbesserte Fehlermeldungen beim Import

Patch 2023.2.3

Docker-Image: infomotiondmc.azurecr.io/dmc:2023.2.3

Bugfixes

  • Fehler bei der Migration alter Metadaten auf Oracle verhindern (Verdoppelung,...
  • Historisierungs-Fehler beim Kopieren von Datensätzen behoben
  • Vergangene Uploads mit ungültiger Dateiendung von Verarbeitung ausnehmen, um Fehler zu vermeiden
  • Uploads mit ungültiger Dateiendung direkt abweisen

Patch 2023.2.2

Docker-Image: infomotiondmc.azurecr.io/dmc:2023.2.2

Änderungen

  • Löschen historischer Daten beim Tabellen-Import konfigurierbar
  • Korrekte Reihenfolge für neue DB-Spalten beim Import
  • Automatische Release-Notes & Angepasst CI-Regeln für Builds
  • Bugfix: Neu angelegte Spalten nicht inline bearbeitbar

Patch 2023.2.1

Docker-Image: infomotiondmc.azurecr.io/dmc:2023.2.1

Bugfixes

  • Bugfix für CSV-Import
  • Fix für Demo-Content-Import
  • Abhängigkeit "Logback" aktualisiert