Company: Link Technologies
Case No: L12816. Project: 14.30: LinkSOFT Version 14.30 - December 2022
Logged By: Sanjay (Link Technologies) on 08 Nov 2022 11:18AM
Priority: High
Product: Framework
Group: Enhancement
Time Taken: 30.00 (Weight: 30.00)
Assigned To: Sanjay (Link Technologies)
Circulation: Sanjay
Resolve By: Tuesday, 15 November 2022 12:00 AM [531 days since logged date]
Status: Closed
Subject: Framework and Security Updates as at November 2022
Summary:    

Framework and security updates as of 8th November 2022.

  1. Forecourt Enabler
  2. Devexpress
  3. WEB API
  4. Javascript Plugin frameworks
Audit Notes:Edited by sanjay on 10/11/22 13:06. 
08 Nov 202211:20AM Comment 1 by Sanjay (Link Technologies) Assigned To: Sanjay (Link Technologies) Followup Date: 10-11-2022 03:18 PM Time Taken: 8.00 Notes: Edited by sanjay on 08/11/22 11:35. 

***Forecourt Enabler update to 4.10.1
Enabler Release Notes

Known Issues

  • After a system has resumed from a Sleep/Hibernation state, the Enabler Card driver is unable to resume correctly and requires a pump server restart (#9067).
    These Power Options are now automatically disabled during installation of Enabler v4.5.5 and above, but could be activated again by the user or other software.

Enabler v4.10.1

Summary

  • Added Log Collection and Software Installation Pages to the Enabler Web Application.
  • Fixes and Improvements to the ActiveX API and Sample Applications.
  • Includes Pump Update 2022-07-15 and 2022-09-30:
    • Added support for Censtar 6200, Censtar 6400, Eaglestar SPD, HongYang MPD and Gilbarco UK Extended pump types.
    • Resolved site issues for EMR3, Gilbarco, HongYang SPD, HongYang MPD, IFSF, NZ Protocol, Sanki MPD, Somo and Tokheim pumps.
    • Updated Enabler Card firmware to support Enabler Express V3 without IFSF/LON support.

Details of Changes

  • Pump Server (Psrvr4.exe) v4.7.1

    • Added event logging for ExpressV3 cards without IFSF/LON support (EP-5777).
    • Added support for new Enabler hardware revision (EP-5353, EP-5513).
    • Internal changes (EP-5801, EP-5816, EP-5758).
  • Enabler Web Applications

    • Enabler Web (EnbWeb.exe, DataAccess.dll, DataEntity.dll, PageResources.dll, WebPages.dll) v2.2.66

      • Added Logs page to support log collection via Enabler Web Application (EP-5837).
      • Added Software page to support installation of Pump Driver Updates via Enabler Web Application (EP-5935).
      • Redirect back to the requested web page once logged in after a session timeout (EP-5965).
      • Updated EnbWeb to retry binding the service to the web port if unsuccessful during startup (EP-6012).
      • Internal changes (EP-5965).
    • Utilities (Utilities.dll, Installer.dll) v1.5.19

      • Internal changes (EP-5727, EP-5767, EP-5830, EP-5837, EP-5935).
  • Database

    • Fix: Prevent errors when clearing an attendant delivery if there is no attendant logged onto the pump (ES-5327, EP-5799).
    • Fix: Prevent database connection failure after installing Enabler to non-English Windows (ES-5316, ES-5392, EP-5945).
  • API

    • EnbSessionX2 ActiveX Control (EnbSessionX2.ocx) v4.10.7

      • Fix: Ensure Pump states are fired correctly on startup (ES-5157).
      • Fix: Update Pump profile properties when updating Site profile (EP-5931).
      • Fix: Prevent blank pump popup caption when pump description text is not provided by API (EP-1960, EP-5968).
      • Fix: Ensure Pump.MaxStackSize property is populated (EP-5968).
      • Added Chinese (Traditional) translation strings (EP-5898).
    • EnbPumpX2 ActiveX Control (EnbPumpX2.ocx) v3.42.2

      • Fix: Display the caption text properly (ES-5200, EP-5798).
      • Added touch-friendly layout option for pump popup and error dialogs (EP-5968).
      • Added support for Unicode text for Grade name and Display text (ES-5200, EP-5798).
  • SDK

    • ITL MPP Simulator (mppsim.exe) v2.37.0.4

      • Internal changes (EP-5814, EP-5873).
    • Java Pump Demo (PumpDemo.jar) v2.1.5

      • Fix: Clear the sale window after logon/re-connection to prevent errors when clearing old items and items getting stuck in the sale window (EP-5941).
    • Developer Documentation

      • Enabler ActiveX Developers Reference v1.24.0
    • User Documentation

      • Enabler Ethernet Getting Started Guide v1.2
      • Enabler Embedded Site Installation Checklist v1.4
      • Enabler Ethernet Site Installation Checklist v1.2
      • Enabler Site Installation Checklist v2.3
  • Installer (Enabler4Setup.exe) v4.10.1.2291

    • Fix: Schedule database backup script to run daily using time specified in the database (ES-5402).
    • Added additional components to support Log Collection and Software Installation Pages (EP-5837, EP-5935).
    • Removed Enabler Data REST API Reference. Already included in Enabler Developers Reference (EP-5765).
  • Utilities

    • AutoSupport Utility (AutoSupport.exe) v2.18.0

      • Internal changes (EP-5830, EP-5839).
    • Enabler Ethernet Utility (EnbEthernet.exe) v1.1.10

      • Improved Static IP address validation (EP-5966).
      • Internal changes (EP-5790, EP-5983).
  • User Documentation

    • Enabler Web Applications Reference Manual v1.56

Enabler v4.10.0

Summary

  • Improved and enhanced security of the Enabler:
    • Resolved detected vulnerabilities in the Enabler Web Applications.
    • Added SSL configuration options for the Enabler Web Applications and Pump Server.
  • Added support for additional data endpoints in the REST Data API:
    • Added Cards, Table_Stats and WetStock Tank Movements tables.
  • Added REST Data API documentation to the Enabler SDK Reference Manual.
  • Includes Pump Update 2022-03-11 and 2021-12-17:
    • Resolved site issues for Gilbarco, NZ Protocol, IFSF, Sanki and Wayne DART protocol pumps.
    • Resolved site issues for Veeder Root protocol tank gauges.
    • Simplified logging for Pump Server compatibility checks on startup for selected pump protocols.

Details of Changes

  • Enabler Web Applications

    • Enabler Web (EnbWeb.exe, DataAccess.dll, DataEntity.dll, PageResources.dll, WebPages.dll) v2.2.43

      • Fix: Site Settings changes fail to save when legacy terminals are disabled (ES-4839, EP-5514).
      • Fix: Prevent out of memory errors due to REST API memory leaks (ES-4350, ES-5016, EP-5657).
      • Fix: Prevent out of memory errors due to web page memory leaks (EP-5382).
      • Fix: Prevent webpage error when a Grade's Price Profile is configured incorrectly (ES-5006, EP-5651).
      • Fix: Prevent SQL Injection vulnerabilities (EP-5639).
      • Fix: Prevent Cross-Site Scripting (XSS) vulnerabilities (EP-5669).
      • Fix: Ensure Administrator Role access rights cannot be changed (EP-5717).
      • Added support for Tank Deliveries and Movements (EP-5402, EP-5602, EP-5603, EP-5604, EP-5605, EP-5740).
      • Added Network page to support SSL configuration (EP-2242).
      • Updated jQuery library and improved JavaScript code (EP-5670).
      • Internal changes (EP-5616, EP-5639).
    • Utilities (Utilities.dll, Installer.dll) v1.5.9

      • Fix: Prevent SQL Injection vulnerabilities (EP-5639).
      • Improved error handling for SSL configuration changes (EP-2242).
      • Internal changes (EP-5402, EP-5602, EP-5603, EP-5604, EP-5605, EP-5606, EP-5608).
    • Padarn Web Server (OpenNETCF.web.dll) v1.6.16171.18

      • Fix: Prevent ROBOT vulnerability by removing support for RSA key exchange (EP-5641)
      • Added HTTP Strict Transport Security header for secure connections (EP-5643).
      • Internal changes (EP-5669)
  • Pump Server (Psrvr4.exe) v4.6.49

    • Fix: Pump can get stuck if a client logs on at the same time as Prepay delivery ends (ES-4905, EP-5582).
    • Fix: Last prepay details incorrectly sent to the client when next prepay is a zero delivery (ES-4944, EP-5618).
    • Fix: Reject authorisation limits that are negative or larger than the database can handle (EP-5659).
    • Fix: Prevent unexpected warnings when preset deliveries are going slightly over the limit (ES-5072, EP-5723).
    • Improved support for secure API connections to allow TLS1.2 and TLS1.3 (EP-5553, EP-5554).
  • OpenSSL (OpenSSL.exe) v1.1.1L

    • Update to version 1.1.1L (EP-5554).
  • Database

    • Added Table_Stats table to track statistics (i.e. LastConfigUpdate) for the Enabler tables (ES-4655, EP-4782, EP-5640).
  • API

    • EnbSessionX2 ActiveX Control (EnbSessionX2.ocx) v4.10.2

      • Added support for SSL connection to Pump Server (EP-5526).
      • Added support for Chinese (Traditional) translation (CR432-107, EP-5695).
    • EnbPumpX2 ActiveX Control (EnbPumpX2.ocx) v3.41.2

      • Added Chinese (Traditional) translation strings for Pump pop-up dialog (CR432-107, EP-5695).
    • Enabler Java API (enabler-api-1.0.jar) v1.4.5

      • Added support for SSL connection to Pump Server, including new Forecourt methods get/setConnectionMode() (EP-4501).
        Refer to setConnectionMode() documetation for more details.
      • Use configuration file with .properties extension. Refer to API Javadoc (EP-4501, EP-5586).
      • Internal changes (EP-4501).
    • Java Pump Controls (enabler-pmp-ctrl-2.0.jar) v2.0.7

      • Various improvements to Pump Controls (EP-5329).
      • Internal changes (EP-4501).
    • Enabler .Net API (ITL.Enabler.Api.dll, ITL.Enabler.Api_pcl.dll, ITL.Enabler.API.TLB) v1.3.10

      • Added support for secure API connections using TLS1.2 (EP-5554).
    • Enabler REST API (RestData.dll) v2.2.43

      • Fix: Pump deletion now checks for linked Pump Profile and Loop (EP-5631).
      • Remove unnecessary logging for REST API requests (EP-5367).
      • Added TableStatsData endpoint to track statistics for the Enabler tables (ES-4655, EP-4782).
      • Added support for Tank_Delivery, Tank_Loss, Tank_Movement_Type and Tank_Transfer data tables (EP-5402, EP-5602, EP-5603, EP-5604, EP-5605, EP-5740).
      • Added validation of Price Profile when updating the Grades data table (ES-5006, EP-5651).
      • Improved REST API performance (EP-5674).
      • Added Close Period support to Desktop (ES-4802, EP-5472).
      • Added support for Cards Data table (EP-4246).
  • SDK

    • ITL MPP Simulator (mppsim.exe) v2.36.0.27

      • Fix: Ensure final running total is equal to delivery value when limit is reached and nozzle is returned (EP-5508).
      • Internal changes (EP-5355, EP-5215, EP-5621, EP-5630).
    • Java Pump Demo (PumpDemo.jar) v2.1.4

      • Fix: Manual Transaction for Mechanical pumps only worked on first entry (EP-5329).
      • Support .properties file for storing application preferences (EP-4501, EP-5586).
      • Added support for SSL connection to Pump Server (EP-4501).
      • General UI improvements (EP-4501, EP-5329):
        • Restore window size and position when app opened
        • Disable logon dialog while connecting
        • Improved Auto Reconnect behaviour on server disconnection
        • Improved Prepay dialog layout
      • Include library dependencies with source code (EP-4501).
    • REST API Sample Application (RESTApiSample.exe) v1.0.5.0

      • Sample .NET WPF application for the REST Data API (EP-4757, EP-5617).
    • Developer Documentation

      • Enabler SDK Reference Manual v4.0.66
      • Enabler Java API Javadoc v4.0.6
      • Enabler ActiveX Developers Reference v1.23.0
    • User Documentation

      • Enabler Ethernet Getting Started Guide v1.1
      • Enabler Embedded Getting Started Guide v1.17
  • Installer (Enabler4Setup.exe) v4.10.0.2104

    • Added HTTPS support for Enabler Web start menu shortcuts (EP-5622).
  • Utilities

    • AutoSupport Utility (AutoSupport.exe) v2.13.0

      • Added more site database configuration in EnablerInfo.txt and EnablerInfo.csv (EP-4563).
      • Internal changes (CR426-189).
    • Enabler Ethernet Utility (EnbEthernet.exe) v1.1.7

      • Improved console output of Ethernet version number (EP-5417).
    • EnbKick Utility (EnbKick.exe) v2.2.1

      • Fix: Improved reliability of logging into Enabler API (ES-4930).
    • Enabler SSL Utility (EnbSSL.exe) v1.1.1

      • New utility for configuring SSL settings for Enabler Pump Server and Web Applications (EP-5446).
    • Enabler Client Utility (EnbClient.exe) v1.4.2

      • Added SSL option for Enabler Web start menu shortcuts (EP-5622).
  • User Documentation

    • Enabler Web Applications Reference Manual v1.53
    • Enabler Demonstration POS Application Reference Manual v3.5

08 Nov 202211:25AM Comment 2 by Sanjay (Link Technologies) Assigned To: Sanjay (Link Technologies) Followup Date: 10-11-2022 03:20 PM Time Taken: 8.00

DEVExpress upgrade from 22.1.3 to 22.1.6. Changes at this link: https://supportcenter.devexpress.com/versionhistory


08 Nov 202211:35AM Comment 3 by Sanjay (Link Technologies) Assigned To: Sanjay (Link Technologies) Followup Date: 10-11-2022 03:25 PM Time Taken: 2.00
Web Config Changed - Added "AllowCustomFTP" Flag to prevent users from taking data out unless Web Administrator grants permission.

09 Nov 202203:48PM Comment 4 by Sanjay (Link Technologies) Assigned To: Sanjay (Link Technologies) Followup Date: 11-11-2022 07:47 PM Time Taken: 12.00
Performed standard tests for Forecourt Controller, EFT and API operations.

If you have any queries regarding this support incident, please email admin@linktechnologies.com.au and include the Case No: L12816 in the subject line of all emails regarding this issue.

Document size: 18.6 KB
For call complaints, please contact the Managing Director of the company using this form