Migrating from 9.3 to 9.4
Primefaces 11
We upgraded the Primefaces library from version 7 to version 11. Unfortunately, Primefaces made some breaking changes in its latest versions. Therefore, your user interfaces are most likely broken. To mitigate the migration pain, we have built a project converter that fixes most breaking changes. See Primefaces 11 Migration for more information.
Old Themes removed
Instead of modena, primefaces-ivy, or all-themes, use freya-ivy or serenity-ivy. You may need to adjust your hand-crafted CSS rules to the new theme.
Java 17
We updated Java to version 17:
Convert your Axon Ivy projects to the latest version to use the new Java 17 features.
You may have to update third-party libraries that do not yet support Java 17 to newer versions.
Use Java 17 to run your Maven project builds.
Use an Adoptium / Eclipse Temurin JDK or JRE to run Axon Ivy on Linux or macOS.
Multi Application Security System
Users and roles are no longer attached to a single application, but can be shared across multiple applications in a security system. Now, different applications can be developed and installed with their own release cycles, and the end user receives one single task list for all applications. This enables independent feature-driven development.
Details
Most engine installations will only have the predefined security context default. By default, new applications end up in this context. There are two use cases for multiple security contexts on one engine:
you want to isolate applications against each other - each application has its own security context.
you implement multi-tenancy by having one security system per tenant.
For both use cases, we suggest using multiple engines in order to make accidental security breaches impossible.
During migration, however, the status quo is maintained. The migrated applications are placed in an isolated security system with the name of the application. It is no longer possible to change the security system at runtime, this must always be done when the application is created.
Refer to Application Lifecycle for further details.
Users are no longer attached to the application, but to the Security System. This means that the user is unique over several applications.
Roles are still defined in projects. The roles are deployed into a security system. Now, the roles must not only be unique in the application, but in the security system.
Business Data has not been scoped. Now, it is scoped to the security system.
Standard process default pages are now automatically determined at runtime. You don’t have to define them anymore. If there are multiple implementations of a default process, one is simply selected. But you can fix this using settings.
EmailNotification Settings are no longer part of the application configuration. They are part of the security system and can be found there.
User id and role id deprecated
IUser#getId()
and IRole#getId`
are obsolete and should not be used any further.
Always use getSecurityMemberId()
. For now, user id and role id are still fully
supported and are also unique. But these will be completely removed in upcoming
versions also from the database (IWA_User.UserId`
and IWA_Role.RoleId)
.
Standard mail notification process still support the parameter notificationUserId
but you should already change to notificationSecurityMemberId`
.
Language
There is a new global language concept. The content language as well as the formatting language can be defined per security system in ivy.yaml, which are considered as default languages. Users can overwrite these two language settings in their user profiles.
The existing EMailNotification.Language
is automatically migrated to Language.Content
in ivy.yaml.
Read more here: Language and Content resolution.
Role Mapping moved to ivy.yaml
The external name of a role that can be set in the Engine Cockpit is no longer stored in the System Database.
It has been moved from IWA_Role.ExternalSecurityName
to ivy.yaml.
This change allows you to easily automate the role mapping configuration, which is now located in ivy.yaml.
Elasticsearch 7.17
Elasticsearch has been upgraded from 7.3 to 7.17. If you use an external Elasticsearch server you need to upgrade to version 7.17.
IvyScript Validation is Enabled by Default
The ivy.script.validation.skip
compilation parameter of our Project Build Plugin is now set to false
.
This validates IvyScript code within Ivy processes by default during compilation.
Therefore, errors and warnings related to the IvyScript code will be reported.
Read more about the compilation parameters and their default values here: https://axonivy.github.io/project-build-plugin/release/9.4/compileProject-mojo.html#skipScriptValidation
Programmable Process Elements
We changed the UI technology to build custom inscription editors for programmable process elements. Therefore, existing programmable elements, built with AWT, will show deprecation warnings.
Affected elements are: Program Start Event, Program Interface (PI) Activity and Wait Intermediate Event
Details
To make your custom editors compliant, change your internal Editor implementation to extend from UiEditorExtension, and create widgets using the new ExtensionUiBuilder.
Here are some valid examples:
ui.label("seconds to wait").create() scriptEditor = ui.scriptField().requiredType(Integer.class).create(); textArea = ui.textField().multiline().create();
Call & Wait intermediate event
The Call&Wait intermediate process element is no longer supported.
It will be automatically removed from existing processes where it has been present.
In most cases the ‘call’ aspect implementation can be replaced with a normal PI (Programming Interface) Activity which subsequently is connected to a Wait Program Intermediate Event element that implements the ‘wait’ aspect.
TLS 1.0 and TLS 1.1 disabled
We disabled TLS 1.0 and 1.1 by default because they are outdated and should no longer be used. This can break communication links with legacy databases or other external services that still use the old TLS protocols. Have a look at our community blog post if you experience such problems to find out how to enable those protocols again.
Tag Legend:
This migration is handled either by the Migration Wizard or by the System Database conversion. The wizard will interact with you if you are affected by this change.
This migration will change something in the engine operation. If you are responsible for the operation of an engine, check if this change affects you.
This migration highlights behaviors or features that are deprecated. That functionality will be removed soon. If you are responsible for the operation of an engine, you should check if this change affects you.
This migration will remove a behavior or feature that has been available for the engine operation. If you are responsible for the operation of an engine, check if this change affects you.
This migration is handled by the Project Conversion automatically.
This migration will change a certain behavior in the projects. If you are a project developer, check if this change affects you.
This migration will mark features or APIs as deprecated in projects. That functionality will be removed soon. If you are a project developer, check if this change affects you.
This migration will remove a behavior or feature of a project. If you are a project developer, check if this change affects you.