Migrating from 9.3 to 9.4

Primefaces 11

tag-project-changed tag-project-removed tag-project-deprecated tag-project-auto-convert

We upgraded the Primefaces library from version 7 to version 11. Unfortunately, Primefaces made some breaking changes in its latest versions. Therefore, your user interfaces are most likely broken. To mitigate the migration pain, we have built a project converter that fixes most breaking changes. See Primefaces 11 Migration for more information.

Old Themes removed

Instead of modena, primefaces-ivy, or all-themes, use freya-ivy or serenity-ivy. You may need to adjust your hand-crafted CSS rules to the new theme.

Java 17

tag-project-changed tag-project-auto-convert

We updated Java to version 17:

  • Convert your Axon Ivy projects to the latest version to use the new Java 17 features.

  • You may have to update third-party libraries that do not yet support Java 17 to newer versions.

  • Use Java 17 to run your Maven project builds.

  • Use an Adoptium / Eclipse Temurin JDK or JRE to run Axon Ivy on Linux or macOS.

Multi Application Security System

tag-ops-wizard

Users and roles are no longer attached to a single application, but can be shared across multiple applications in a security system. Now, different applications can be developed and installed with their own release cycles, and the end user receives one single task list for all applications. This enables independent feature-driven development.

Details

Most engine installations will only have the predefined security context default. By default, new applications end up in this context. There are two use cases for multiple security contexts on one engine:

  • you want to isolate applications against each other - each application has its own security context.

  • you implement multi-tenancy by having one security system per tenant.

For both use cases, we suggest using multiple engines in order to make accidental security breaches impossible.

During migration, however, the status quo is maintained. The migrated applications are placed in an isolated security system with the name of the application. It is no longer possible to change the security system at runtime, this must always be done when the application is created.

Refer to Application Lifecycle for further details.

  • Users are no longer attached to the application, but to the Security System. This means that the user is unique over several applications.

  • Roles are still defined in projects. The roles are deployed into a security system. Now, the roles must not only be unique in the application, but in the security system.

  • Business Data has not been scoped. Now, it is scoped to the security system.

  • Standard process default pages are now automatically determined at runtime. You don’t have to define them anymore. If there are multiple implementations of a default process, one is simply selected. But you can fix this using settings.

  • EmailNotification Settings are no longer part of the application configuration. They are part of the security system and can be found there.

User id and role id deprecated

IUser#getId() and IRole#getId` are obsolete and should not be used any further. Always use getSecurityMemberId(). For now, user id and role id are still fully supported and are also unique. But these will be completely removed in upcoming versions also from the database (IWA_User.UserId` and IWA_Role.RoleId).

Standard mail notification process still support the parameter notificationUserId but you should already change to notificationSecurityMemberId`.

Language

tag-ops-wizard

There is a new global language concept. The content language as well as the formatting language can be defined per security system in ivy.yaml, which are considered as default languages. Users can overwrite these two language settings in their user profiles.

The existing EMailNotification.Language is automatically migrated to Language.Content in ivy.yaml.

Read more here: Language and Content resolution.

Role Mapping moved to ivy.yaml

tag-ops-wizard

The external name of a role that can be set in the Engine Cockpit is no longer stored in the System Database. It has been moved from IWA_Role.ExternalSecurityName to ivy.yaml. This change allows you to easily automate the role mapping configuration, which is now located in ivy.yaml.

Elasticsearch 7.17

Elasticsearch has been upgraded from 7.3 to 7.17. If you use an external Elasticsearch server you need to upgrade to version 7.17.

IvyScript Validation is Enabled by Default

tag-project-changed

The ivy.script.validation.skip compilation parameter of our Project Build Plugin is now set to false. This validates IvyScript code within Ivy processes by default during compilation. Therefore, errors and warnings related to the IvyScript code will be reported.

Read more about the compilation parameters and their default values here: https://axonivy.github.io/project-build-plugin/release/9.4/compileProject-mojo.html#skipScriptValidation

Programmable Process Elements

tag-project-changed

We changed the UI technology to build custom inscription editors for programmable process elements. Therefore, existing programmable elements, built with AWT, will show deprecation warnings.

Affected elements are: Program Start Event, Program Interface (PI) Activity and Wait Intermediate Event

Details

To make your custom editors compliant, change your internal Editor implementation to extend from UiEditorExtension, and create widgets using the new ExtensionUiBuilder.

Here are some valid examples:

ui.label("seconds to wait").create()
scriptEditor = ui.scriptField().requiredType(Integer.class).create();
textArea = ui.textField().multiline().create();

Call & Wait intermediate event

tag-project-removed

The Call&Wait intermediate process element is no longer supported.

It will be automatically removed from existing processes where it has been present.

In most cases the ‘call’ aspect implementation can be replaced with a normal PI (Programming Interface) Activity which subsequently is connected to a Wait Program Intermediate Event element that implements the ‘wait’ aspect.

TLS 1.0 and TLS 1.1 disabled

tag-ops-changed

We disabled TLS 1.0 and 1.1 by default because they are outdated and should no longer be used. This can break communication links with legacy databases or other external services that still use the old TLS protocols. Have a look at our community blog post if you experience such problems to find out how to enable those protocols again.

Tag Legend:

tag-ops-wizard

This migration is handled either by the Migration Wizard or by the System Database conversion. The wizard will interact with you if you are affected by this change.

tag-ops-changed

This migration will change something in the engine operation. If you are responsible for the operation of an engine, check if this change affects you.

tag-ops-deprecated

This migration highlights behaviors or features that are deprecated. That functionality will be removed soon. If you are responsible for the operation of an engine, you should check if this change affects you.

tag-ops-removed

This migration will remove a behavior or feature that has been available for the engine operation. If you are responsible for the operation of an engine, check if this change affects you.

tag-project-auto-convert

This migration is handled by the Project Conversion automatically.

tag-project-changed

This migration will change a certain behavior in the projects. If you are a project developer, check if this change affects you.

tag-project-deprecated

This migration will mark features or APIs as deprecated in projects. That functionality will be removed soon. If you are a project developer, check if this change affects you.

tag-project-removed

This migration will remove a behavior or feature of a project. If you are a project developer, check if this change affects you.