Deprecations and Breaking Changes

WorkerLogin modes to be deprecated

WorkerLogin modes "authentication" and "authorization" are being deprecated. These modes were used when the user logged in through SVS. Before deprecation is final, a warning will appear during startup for instances that are still using these modes.

Changes to getProperty method of VariableAPI

If the getProperty method of the integrator groovy VariableAPI is called, it now respects values set by external calls (for example, executing an execution with "Run with options" or Jedox Web actions). Previously, it would return the default value of the variable, from its definition.

Workaround: to maintain the previous behavior, create an additional variable that does not get overwritten by external calls, and then pass the name of this variable to getProperty instead.

Change in SVS Drillthrough

Jedox drillthrough capabilities have now become a native functionality outside of the SVS scripts. Compared to previous versions, this eliminates any potential need for maintenance after a Jedox upgrade. The new configuration offers four different modes and can only be managed by Jedox Support:

• drilldown: drills down on cube base level
• integrator: drills through to reveal relational data from ETL
• automatic: drills through if ETL is available, or else drills down
• custom: uses the same logic as older Jedox versions and performs a drillthrough according to the OnDrillThroughExt function, which is part of the SVS script. Note that we do not recommend this mode as it may require maintenance by the customer when upgrading the Jedox environment.

If enabled, the default mode for every environment is automatic.

An update to version 2023.4 will set any environment to the default drillthrough-mode automatic. Environments with customized drillthrough capabilities should adjust their processes and, if necessary, switch to custom mode.

Disabling Groovy Sandbox

Starting with Jedox 2023.4, Groovy Sandbox will be enabled in new Jedox environments. Customers will have access to the allowed libraries only. Generally, static checks are performed on all instances (independent of the runtime checks). These checks prevent, among other things, the usage of the following classes of the package java.lang: Process, ProcessBuilder, ProcessHandle, System, Runtime, SecurityManager.

For existing Cloud customers: customers must transfer their scripts to a supported platform feature by November 1, 2024. If there is no supported platform feature available, contact Jedox Support. If a new feature is necessary to accommodate the transfer, the Integrator team will support this process.

Customers migrating from On-Prem to Cloud: Groovy Sandbox will be enabled by default. If the customer has a Groovy script with a forbidden Java class or package, the Sandbox can be disabled for one year from the date of migration. If there is no native solution for forbidden scripts, the Integrator team will provide their support with alternative solutions. After the grace period of one year, the Sandbox will be enabled again.

Several methods in Java API

These methods are mainly used for internal API calls and have been replaced with other functionality. If any of the deprecated methods have been used, replace them with the recommended new method. See Java API for Jedox In-Memory DB (OLAP) for details.

Restricting PHP functions in Supervision Server

Some PHP functions have been disabled in SVS, as they can pose a threat when used with malicious intention. These functions are not typically required as part of a Jedox solution. The functions that will be disabled are:

chdir, dl, eval, exec, get_defined_constants, get_defined_functions, get_defined_vars, mail, passthru, phpinfo*, popen, posix_mkfifo, proc_open, putenv, shell_exec, system, unserialize

*If you are using phpinfo, you can replace it with phpversion.

If you have customized SVS scripts, please ensure that they do not include any of the stated functions. If your Jedox instance requires any of the deprecated functions, please get in touch with Jedox Support.

Passwords cannot be changed without providing the last used password (old_password)

This is a security enhancement which affects the In-Memory DB (OLAP). Add old_password in the API call. Note that Admin users (password role right W) can still change / reset passwords without providing the old password.

Some OLAP HTTP API functions

The OLAP HTTP API functions for loading and unloading server/databases/cubes/dimensions will be deprecated from the Server Browser, as they can lead to unpredictable and dangerous behavior if used fraudulently. These functions are generally not needed as part of a Jedox solution.

SFTP access to be disabled by default

This is a resource efficiency measure. All cloud instances that have not used SFTP recently must enable the option from the Connection section of the Cloud Console.

Certain PHP functions in Supervision Server

Some PHP functions have been disabled in SVS, as they can pose a threat when used with malicious intention. These functions are not typically required as part of a Jedox solution. The functions that will be disabled are:

system, exec, shell_exec, passthru, popen, proc_open, dl, eval, unserialize, putenv, posix_mkfifo, get_defined_functions, get_defined_vars, get_defined_constants

Savepoint directory in SFTP

This directory will not be available anymore. If your savepoint folder contains any files, migrate them to any of the other directories.

Upgrade to PHP 8.1 in Supervision Server

PHP 7.4 ran out of support on November 26, 2022. Supervision Server PHP Scripts need to be modified. See Migrating SVS scripts from PHP 7 to PHP 8.

Change to Integrator FileSystem location

This is a technology update. In FileSystem locations, only use paths relative to etl_data/files folder. You can also use FILE API to work with files on the local file system in Groovy scripts.

Jedox Plan & Forecast App

Following the release of the new Jedox Mobile App for iOS and Android in Qtr 4 2022, which offers improved features and performance. Migration to the new app must be done manually. All existing Jedox Plan & Forecast App users will need to download the new Jedox Mobile App to their devices and connect to their Jedox Web server. For more information on the product requirements, see Getting started with the Jedox Mobile App .

New Canvas within Web Spreadsheet

The New Canvas option within a web Spreadsheet will not be available anymore. See Creating a Canvas for more information on how to build a new Canvas.

Existing Canvas reports within web Spreadsheet workbooks will continue to work, but it is recommended to migrate these reports to the new dedicated Canvas report type. You can do this using the move sheet functionality within the web Spreadsheet. When a Canvas sheet is moved from a Spreadsheet into a new Canvas report type, the links to source objects will remain intact.

Changes to width and scrolling in Canvas reports

To improve the experience of viewing Canvas reports on mobile devices. Canvas reports to be consumed on mobile devices should be reviewed. The stack groupings / stack scrolling options should be updated as required to ensure the best possible mobile experience for end users.

Changes to Macro Engine Integrator wrapper library

Removal of Integrator SOAP API in Jedox 2022.4. Protocol-specific versions of the Macro Engine Integrator wrapper library have been fully removed in 23.1. Only the standard "integrator" library is now available (using REST API of Integrator). Using either the specific REST or SOAP variant (e.g. by "require library('integrator-soap');") will result in an error.

OLAP connections require HTTPS

To prevent unencrypted communication to the server. Change existing OLAP connections to use HTTPS instead of HTTP.

SAPBIHierarchy option "Extract mode"

The "Extract mode" options "noMasterdata" and "masterWithoutText" will no longer be supported due to inconsistent results depending on very technical aspects. Since only the "masterWithText" option remains available, a special selection in the extract component is no longer required. Consequently, all new and existing SAPBIHierarchy extracts will have the "masterWithText" behavior by default.

Database encryption

Database files can be encrypted using the "crypt" configuration option. While this can be beneficial in an on-premise environment, it has the downside of not being compatible with audit functions. Additionally, database encryption becomes obsolete in our cloud environments, as the whole storage is encrypted securely (see Jedox Cloud FAQ).

If you have not used your own encryption key, no further action is required, as migration of existing encrypted databases happens automatically once this option is removed. If you are using your own encryption key, contact Jedox Support to discuss your options.

HTTP Connections to OLAP

Connections from Excel, Integrator, and Jedox Web to Jedox OLAP servers will only be possible over HTTPS. Connections over HTTP will be disabled. When trying to access OLAP over HTTP in 22.3, the connection will be redirected to HTTPS. However, in some places the connections need to be manually changed from HTTP to HTTPS to support this change.

Hive Connection

A Hive connection will not be available anymore due to the lack of a stable JDBC driver and missing backwards compatibility. To connect to Hadoop files, the WebHDFS location can be used in file-based connections.

palo_goal_seek mode "complete"

Our API function palo_goal_seek is represented as "Reallocate" in planning assistant. There are several modes to be used for goal seeking. One of them, mode "complete" is not exposed via planning assistant and returns results that are often not comprehensive for a Jedox user due to algorithms that might seem very random to users. If you use this mode in custom scripts, please adjust it to utilize one of the other modes like "Equal" or "Relative".