Overview of all update notes

1.9

Deprecation of ArcGIS Enterprise 10.8.1

Please note that ArcGIS Enterprise versions up to 10.8.1 are no longer supported.

Deprecation of Node.js 18 and npm 9

Please use Node.js 20 and npm 10 for the npm-based installation of the CLI.

1.8

Update Tomcat and Java

Please update you Tomcat instance to version 10. In case you have been using Java 11 so far, please update to version 17 or 21.

Breaking change for queries used in feature restrictions and spatial restrictions (since 1.8.1)

Policies allow to define feature restrictions and spatial restrictions to limit access to features of a layer. Both types of restrictions require you to define a query that may contain references to attributes of the requesting user like this:

Referencing the user attribute 'level' in a query
{
    ...
    "restrictions": {
        "user_level_only": {
            "type": "feature",
            "query": "LEVEL <= ${user.level}"
        }
    }
}

security.manager now checks that user attributes only resolve to SQL literal values when they are replaced in query expressions. If you have to accept user attribute values resolving to anything else than SQL literals, you must now explicitly mark them as insecure inside the query. Otherwise user requests will fail with errors. See section Accepted User Attributes for details.

1.7

Breaking change for queries used in feature restrictions and spatial restrictions (since 1.7.1)

Policies allow to define feature restrictions and spatial restrictions to limit access to features of a layer. Both types of restrictions require you to define a query that may contain references to attributes of the requesting user like this:

Referencing the user attribute 'level' in a query
{
    ...
    "restrictions": {
        "user_level_only": {
            "type": "feature",
            "query": "LEVEL <= ${user.level}"
        }
    }
}

security.manager now checks that user attributes only resolve to SQL literal values when they are replaced in query expressions. If you have to accept user attribute values resolving to anything else than SQL literals, you must now explicitly mark them as insecure inside the query. Otherwise user requests will fail with errors. See section Accepted User Attributes for details.

Policy JSON Schema Update

If you edit policies in a JSON editor with the help of the policy JSON schema, and you want to make use of the new policy features, the schema needs to be updated. To do so, please update the URL to https://raw.githubusercontent.com/conterra/policies-json/1.7.0/schema/policies.schema.json, or use the schema provided in folder [SECMAN_DIR]/resources/policies.schema.json of the security.manager NEXT distribution.

Policies should begin with

{
    "$schema": "https://raw.githubusercontent.com/conterra/policies-json/1.7.0/schema/policies.schema.json",
    ...
}

or

{
    "$schema": "[SECMAN_DIR]/resources/policies.schema.json",
    ...
}

Property fallbackPolicy deprecated

Please use the new fallbackPolicies array property to define fallback policies from now on. The fallbackPolicy property has been marked as deprecated and will no longer be supported in one of the future versions of security.manager NEXT.

We therefore recommend that you convert existing fallback policies to the new syntax as described below:

Old

{
    "fallbackPolicy": {
        "layers": ["1"]
    }
}

New

{
    "fallbackPolicies": [
        {
            "layers": ["1"]
        }
    ]
}

1.6

Changed configuration options

proxy.cors.trustedServers

This option is renamed to cors.request.trustedServers. In your application.properties, replace proxy.cors.trustedServers by the new name cors.request.trustedServers. The old name will not work anymore.

1.3

Depriction of ArcGIS Enterprise 10.8.0 support

Please note that ArcGIS Enterprise versions up to 10.8.0 are no longer supported.

1.2

WMS access

For services with the WMS capability activated in ArcGIS Server, the WMS interface will be accessible for permitted users after the update. If this is not intended, please deactivate the WMS capability in ArcGIS Server Manager, where necessary.

1.1

Renaming of SOE files

The shipped SOE files were renamed to support automatic SOI update workflow for the following releases. For this update, however, it is required to delete the old SOI files manually via the ArcGIS Server Manager before uploading the new version of the SOI.

When deleting the old SOE files, existing policies will get lost! The policies must be backed up and restored via the security.manager NEXT CLI as part of the upgrade. Please make sure, you have upgraded the CLI before upgrading the SOI. In Update of an existing installation you can find a step by step documentation how to perform the update without losing existing policies.