🚀 v5.17
This changelog provides a detailed overview of technical changes, including new features, bug fixes, and maintenance updates. It is intended for developers, DevOps engineers, and technical teams to track system improvements and API modifications.
Each update is categorized into:
- ✨ Added – New features and functionality improvements
- 🛠️ Fixed – Bug fixes and stability enhancements
- 🔧 Chore – Code refactoring, performance optimizations, and internal updates
- ⚠️ Breaking change – Changes that modify existing system behavior or require adjustments in configuration, calculations, templates, or integrations
[5.17.6] - 2026-06-24
🛠️ Fixed
- tas-3526 AuthorizationAuthController - restore authority fallback on login: when the default authority is used and rejects the credentials, the other enabled credential-based authorities (
password/ldap) are retried inauthOrder, so a user can still sign in through whichever one accepts them
Note: Fallback only runs for the default-authority path (no explicitauth_id); an explicitly selected authority is not silently retried elsewhere.AuthorityFactory.getSortedFallbacks(excludeAuthId?)returns the enabledpassword/ldapauthorities ordered byauthOrder, excluding the already-tried one. - tas-3201 [Emails] MailUsageStatisticsCron: fix the
finishedTasksStatisticsattachment filename, which was sent asfinishedTasficsStatisticson(missing.jsonextension) and could be misinterpreted by mail clients as a binary file; the email body and the attachment now derive the reported month/year from a singlepreviousMonthsource so they can no longer drift apart - tas-3486 [Calculations] Transpilation - change
Array.map()andArray.flatMap()transpilation fromPromise.all()to a sequential for-loop so calculation scripts run their async callbacks in deterministic order; the callback is now invoked directly, preserving the element, index and array parameters as well as destructuring patterns and function references, andflatMapflattens one level (spread arrays, push scalars)
Note: Callbacks now run sequentially instead of in parallel, which is intentional but may run slower for scripts that relied on parallelism. Existing transpiled calculations keep the oldPromise.allpattern until they are re-transpiled; use the system console commandssys.retranspileCalculationsByProcessId(tprocId),sys.retranspileCalculationsByTaskId(ttaskId)orsys.retranspileGlobalScripts()to re-transpile them. - tas-3509 FirebaseConnector - fix startup verification: replace the auth
listUsers+ dry-run messagingsend(which always threw on the deliberately invalid token and proved nothing) with a side-effect-freecredential.getAccessToken()credential check, wrapinitin try/catch, and log the actual error viaconsole.erroron init failure - tas-3510 Fix cronRun failing to find error on heartbeat monitor
[5.17.5] - 2026-06-18
✨ Added
- tas-3432 [Emails] EWS removal safeguard - migration now logs the stored configuration of any remaining legacy EWS email cron (
EwsCreateProcessesFromMailCron/EwsCheckUnprocessedMailsCron) during the update, so it can be recovered from the update log before the orphan-cron cleanup deletes the row
Note: If an EWS mailbox configuration needs to be migrated to the MS Graph cron after the update, retrieve it from the update log line tagged[tas-3432], which contains the fullCRON_PARAMETERSof each EWS cron that existed at update time.
🛠️ Fixed
- tas-3479 [Prints] PDF print - fix
net::ERR_BLOCKED_BY_RESPONSEwhen rendering over internal container URLs; backend resources embedded in the print page (logos, asset/file images) are no-cors loads governed by Cross-Origin-Resource-Policy, which helmet'ssame-sitedefault blocked once the page runs on the internal frontend origin. Default CORP changed tocross-origin - tas-3479 [Prints] PDF print over internal container URLs - fix the "Unable to connect to server" overlay /
Navigating frame was detachedfailure. When the print page runs on the internal frontend origin it calls the internal backend cross-origin, which madebrowser.require.jsbootstrap the legacyxdomainCORS-proxy; its/proxy/iframe is blocked by the backend CSPframe-ancestors 'self', so xdomain timed out and replaced the app. Skip xdomain on the internal print origin and rely on direct CORS (headless Chrome supports it and the internal origin is already in the backend CORS allowlist). Normal users on the external frontend URL are unaffected - tas-3479 [Prints] Internal URLs are no longer exposed in
window.configfor every client - the frontend server now injectsfrontendInternalUrl/backendInternalUrlonly when the page is served on the internal frontend origin (the PDF render), so internal container DNS is not leaked to normal external clients - tas-3428 [Emails] MailUsageStatisticsCron: monthly report date range now shows the last day of the previous month (e.g.
01. 04. 2026 - 30. 04. 2026) instead of the first day of the current month; display-only fix, gathered data unchanged - tas-3480 cron-runs - populate cron relation in GET /cron-runs so cron history table displays cron name
- tas-3496 [Calculations] AxiosCalculationAbstraction - add optional
ciphersoption toapplySslConfigso HTTPS calls to peers whose certificate chain uses a weak signing digest (OpenSSLca md too weak) can succeed
Note: Forward theciphersstring to the underlyinghttps.Agent. Passciphers: 'DEFAULT@SECLEVEL=0'to lower the OpenSSL security level for a connection whose CA/server cert is signed with MD5/SHA-1. This is independent ofrejectUnauthorized, which does not affect the weak-digest check. Re-issuing the certificate with SHA-256 remains the recommended long-term fix. - tas-3107 [DMS] AssetService - ensure the configured asset root folder exists before any read/write operation, so document scenarios (manuals, logos, visual-identity, images, documents, ai-content, csv) no longer fail when a root folder was never created;
getRootnow performs an idempotent recursivemkdir
[5.17.4] - 2026-06-12
✨ Added
- tas-3412 Ollama smart event plugin - add OllamaSmartEvent plugin for running AI prompts against locally hosted Ollama models (supports custom host configuration)
- tas-3388 SmartEvent default-platform-ai - add Default Platform AI smart event that uses the configured system AI without requiring additional setup, allowing prompts and optional context to be sent directly to the platform AI
- tas-3396 OpenAISmartEvent - extend configuration with optional custom OpenAI API endpoint URL (e.g., for Azure OpenAI or proxies)
- tas-3204 System notification redesign
🛠️ Fixed
- tas-3479 [Prints] PDF print - route BE↔FE traffic over internal container URLs;
- tas-3401 Licenses - reload the whole app after adding or removing a license so newly licensed features/modules/limits take effect immediately instead of only refreshing the licenses grid
[5.17.3] - 2026-06-10
✨ Added
- tas-3464 [Calculations] Axios - support for SSL client certificates (mutual TLS) via
applySslConfig()method; accepts raw strings/buffers or file system reads withfs.readFileSync()for SOAP services and other SSL-certificate-requiring endpoints
Note: Axios calculation abstraction supports SSL/TLS client authentication. Pass CA bundle, client certificate, and private key as raw content or Buffer. Optional passphrase andrejectUnauthorizedcontrol (defaults to true).
🛠️ Fixed
- tas-3304 Migration - fix secret-store data migration failing when pre-existing secrets exist;
📦 [5.17.2] - 2026-06-02
🛠️ Fixed
- Overview settings — tooltip for the "Name" field was not displayed
- tas-3399 Fix of the
setEventFilterfunction in EvalMathApi 🛠️
Note: Fixed incorrect behavior ofsetEventFilterin EvalMathApi so event filtering now evaluates as expected.
📦 [5.17.1] - 2026-05-28
✨ Added
-
tas-2991 Licenses — admin grid extended with license ID, note, issuer name, validity dates, active-only filter, and a delete action ✨
Note: The license admin grid now shows more details per license and lets you filter active licenses and delete entries directly. -
tas-3327 Licenses — key validation before saving ✨
Note: An invalid key is now rejected with a reason on hostname mismatch or an invalid/expired key. Domain comparison ignores the http/https protocol and ignores the port for localhost. The key input field is now multi-line. -
tas-2926 Template export/import — case overview sections are now included ✨
Note: Exporting and importing templates now carries the case overview sections along with the template. -
tas-3159 CO Builder — step 5 (Dr. Max friendly builder) ✨
-
tas-2930 CO Builder — step 4 ✨
-
tas-3097 AI chat — finetuning v1 ✨
-
tas-3177 AI chat — generation of short conversation titles and persistence of LLM runs used for title generation ✨
Note: Conversations now get auto-generated short titles, and the LLM runs that produce them are persisted. -
tas-3231 Dynamic config — full AI provider settings are now exposed; the host field is required only for Ollama ✨
-
tas-3243 GenerateThumbnailsCron — added parameters
offset,startFromNewest,continueOnItemError, andsuppressItemErrorLogs✨
Note: The thumbnail generation cron can now be paged withoffset, processed newest-first viastartFromNewest, and made resilient to per-item failures withcontinueOnItemErrorandsuppressItemErrorLogs. -
tas-2982 Loading of user information in the Dynamic Conditions Builder ✨
-
tas-3284 Plugins — KSeF plugin for API V2 ✨
🛠️ Fixed
-
tas-3200 template-task-calculations — debugging of the new calculations v2 design 🛠️
-
tas-3276 Moved the Template Logs tab button to the right
-
tas-3329 Dynamic Conditions Builder — wrapped the "Operation with numbers", "Dynamic link", and "Dynamic date" expressions in an arrow function 🛠️
Note: These expressions are now evaluated when the dependent variable changes instead of at script parse time. -
tas-3330 Number variable — alignment setting is now respected in the task form 🛠️
-
Hotfix DatabaseConnector — fixed MSSQL NTLM connection handoff 🛠️
-
tas-3339 DataGrid — pressing Enter in the delete confirmation modal no longer triggers opening the row in the grid 🛠️
-
tas-3277 [DMS] FileEncryptionServiceModule — fixed
createLegacyDecipher🛠️
Note: Key/IV derivation now follows OpenSSLEVP_BytesToKey, restoring decryption of legacy-encrypted files. -
tas-3240 Process history — added
featureFlag.processHistory.createTechnicalCaseHistoryEntry -
tas-3243 GenerateThumbnailsCron — skips missing files, prevents the batch from getting stuck, and fixes a missing
em.flush🛠️ -
tas-3243 ImageMagickConnector — memory/disk limit per invocation 🛠️
-
[Calculations] Fixed
lib.convertDmsFile()returningundefined🛠️ -
tas-3252 Fixed the fullscreen keyboard shortcut (Shift+F)
-
tas-3157 Mobile app —
getDomainWhitelistnow returns theshouldActivatePushNotificationsflag 🛠️ -
tas-3153 5.17 — Variable assignment — scroll
-
tas-3005 AI backend — removed the legacy AI client and the
/ai/chatroute 🛠️ -
tas-3221 Mobile devices — DataGrid touch on a row (fix)
-
tas-3225 Overviews — fullscreen and landscape (fix)
-
tas-3070 5.15 — Attachments tab in CO — height (tuning)
-
tas-3203 AI chat — title generation for conversations without a persisted ID 🛠️
-
tas-3284 ZipApi — skips non-existent files during extraction 🛠️
-
tas-3244
getCachedUserused forgetUserHrMetawith the parameteronlyIfUserIsActive = false -
tas-3102 xml-process-import — import and attachment paths restricted to allowed sources 🛠️
Note: Import and attachment paths are now limited to allowed sources, preventing reads from arbitrary locations. -
tas-3122 Status controllers — now return HTTP 503 in the CRITICAL state (instead of always 200) 🛠️
-
tas-2984 Overview filter — fixed filtering of values containing quotation marks 🛠️
-
tas-3128 SmartEventHttpRequester — auth fields are no longer required, and headers are always synchronized before saving 🛠️
Updated
by Frantisek Brych