Enterprise (7.20.1)

Explorer Widget: Added Ability to Delete Files [m112563]

Added the ability to delete a file via the Explorer Widget.

Explorer Widget: Advanced File Search Does Not Give Results for Files that Have No File Date [m145502]

The Advanced File Search in the Explorer widget would never return files with a FILE_DATE = null. This has been fixed by allowing files with a FILE_DATE = null to return if no date range is selected in the search dialog. If any given date is selected, either via the dynamic date picker or selecting dates manually, files with FILE_DATE = null will not be returned.

New BETA Boring Log Widget and EnviroInsite Report Viewer Widget [m164278]

Created a Boring Log widget and an EnviroInsite Report Viewer widget. The Boring Log widget facilitates the viewing of PDF files while the EniroInsite Report Viewer can load SVG files. Both of these widgets are "beta" versions and will have enhancements in future releases.

Map Widget: Migrated Layers Have Opacity Multiplied Beyond 100% [m167727]

A bug has been fixed that caused Map Widget layer opacity values and symbology to be displayed incorrectly after migrating from Enterprise 6.6 to Enterprise 7 for layers with an opacity property.

For clients requiring users to login via Azure Active Directory, added the ability to hide basic user authentication (i.e., EQuIS username and password). To achieve this, a new entry in the ST_CONFIG table needs to be added with the CONFIG_SECTION = 'LoginWidget', CONFIG_KEY = 'DisableFormsAuthentication', and STRING_VALUE = 'true'.

Time Series Chart Widget: "Clear" All Series User Confirmation Needs Material Makeover [m173025]

Updated the "Clear All Series" dialog in the Widget Editor to have material design.

User Profile Editor: Impersonate User Confirmation Needs Material Makeover [m173119]

Updated the "Impersonate User" dialog for administrative users to a material design dialog.

Explorer Widget: User Prompts Need Material Makeover [m173206]

Updated the "Rename Folder" and "Delete Folder" dialogs to material design.

Explorer Widget: "New Folder" User Prompt Needs Material Makeover [m173208]

Updated the "New Folder" dialog to material design.

Time Series Chart Widget: "Apply" User Confirmation for Bulk Edit Option Needs Material Makeover [m173256]

Updated the "Apply Bulk Edit Options" dialog in the Widget Editor to have material design.

Drilldown Widget: Unresponsive After Re-edit Without Page Reload [m173961]

A bug has been fixed that was causing the Drilldown widget to be unresponsive after editing and saving two consecutive times without a widget refresh.

Widget Editor: JSON Dialog Updated to Match Dashboard Editor JSON Dialog [m174380]

The confirmation button in the Widget Object Editor (JSON) has been updated to use the text "OK" so as to match the text of the confirmation button in the Advanced Dashboard Editor (JSON).

Workflow: FollowUpTask Loops on GetRegisteredFile Exception [m174450]

Resolved a bug where workflow tasks were not getting correctly marked as stuck.

Two Progress Bars in Enterprise Choosers (Dashboard, Facility, Widget, Report) [m174780]

The extra loading bar at the top of the Report, Facility, Dashboard, and Widget Choosers has been removed.

REST API: Support Chunked File Upload via POST api/edp [m174964]

Implemented Resumable upload for EDDs in REST API. The route POST api/edp now supports a broad range of use case scenarios including Content-Type multipart/form-data, application/x-www-form-urlencoded, and application/vnd.equis+json uploads. Other Content-Type requests are assumed to be EDD data files. Resumable (chunked) uploads are supported with X-Content-Range headers to upload EDD files in chunks directly to ST_FILE_REGISTRATION. This is an adaptation of RFC-7233 that interprets X-Content-Range in the request, returning a Location header with a unique upload URL and X-Content-Range header indicating the bytes transmitted so far. See Swagger documentation for additional information or contact EarthSoft Support for full documentation of this feature.

Explorer Widget: Advanced Search Date Pickers Not Wired Up [m175802]

The dates set in the date pickers of the Advanced File Search would not be included in the search if they were not selected via the date filter. This has been fixed by allowing a user to select a date from the picker or type in a date. If a date has been selected or typed, the date filter now shows a new option, Custom, that is not an option by default but appears upon setting a custom date range.

Vertical Profile Chart Widget: Change Vertical Axis Label to Horizontal Axis Label [m175949]

The axis label on the Add Report Data tab in the Vertical Profile Chart Widget Editor now displays the text "Horizontal Axis" rather than "Vertical Axis".

REST API : Update to Allow CORS Requests [m176693]

The REST API has been updated to allow for Cross-Origin Resource Sharing (CORS) requests.

REST API: POST api/notices/ [m176827]

REST API route POST api/notices now supports creation of EQuIS notices with attachments and symbolic routing. See the revised Swagger documentation for details.

EDD Task Stuck in Endless Loop If Format License Not Found [m176974]

A bug has been fixed that occurred when an EDD was being processed and there was no license for the format. A task will be marked stuck in ST_TASK and a notice will now be generated if a license exception is thrown, without becoming stuck in an endless loop.

Explorer Widget: Set Focus When Creating a New Folder [m177006]

Creating new folders in the Explorer widget will set the widget focus to the newly created folder.

Map Widget: Unique Values Symbology Cannot Be Added if Unique Value > Attribute Field is Blank [m177429]

A bug has been fixed in the Map widget that resulted in errors when using a Class Breaks or Unique Value renderer without populating the Attribute Field drop-down. Selecting an Attribute Field is now required prior to creating symbology.

Data Grid Widget: Editor Fails if Report Does Not Contain @facility_id Parameter [m177495]

Fixed an issue where users were unable to view SQL reports without a FACILITY_ID parameter in the Data Grid widget.

Deployment: Make Overwriting Facility Specific Dashboards More Difficult [m178296]

A bug has been fixed in the deployment process where dashboards were overwritten by a new dashboard that had the same URL, containing only the FACILITY_ID.

Save Dashboard to Selected Folder [m178838]

Added the ability to specify a destination folder for dashboards when creating a new dashboard or making a copy of one.

API Token Generation: Need Referrer Property Added to Token Model [m179005]

This feature will enable the user to manually input the referrer that will be embedded within the API token.

Explorer Widget: Folder Tree Improvements [m179009]

The Explorer Tree user interface has been updated to display collapse/expand arrows instead of the previous folder icons. Functionality remains the same, in that, clicking on the arrow will expand/collapse the folder view and clicking on the label will display the folder's contents in the grid view. A new interactive Folder Path has also been added above the Advanced File Search, New File, and New Facility buttons.

Map Widget: Feature Layer Renderer Not Working in Build 19300 [m179035]

The Outline Style options on the Symbology tab in the Map Widget Editor have been corrected to remove invalid entries.

Evaluate Esri JS API 4.13 [m179162]

The Esri JS API version has been updated from 4.12 to 4.13.

Map Widget: Bring Back The "Show All Facilities" Option [m179169]

A new feature has been added to the Map widget for displaying all facilities. The layer is added in the "Layers" tab of the Map editor and is titled "My EQuIS Facilities". The URL is automatically populated and a simple renderer can be set up to display the facilities.

Tabbed Dashboard Column Width Not Respected [m179228]

Fixed an issue where resizing the columns on a dashboard with sections configured to tabs was not being respected after clicking save.

Map Widget: Differentiate Renderer Symbology Between Points and Polygons in Widget Editor [m179508]

A change has been made in the Map Widget Editor when a user report layer is added. By default, when adding a new user report, the Layer Geography drop-down is set to "Location Points" for the layer. With the user report's Layer Geography set to "Location Points", the default symbol type will only display options that are valid for point geometry. If the user report's Layer Geography is changed to "Location Polygons" or "Facility Polygons", all default symbol type options are displayed.

Traffic Light Map Widget: Upgrades from EQuIS 6 to EQuIS 7 Retains Basemap in User Settings [m179624]

A bug has been fixed for the Traffic Light Map widget. When migrating a Traffic Light Map widget from Enterprise 6.6 to Enterprise 7, certain basemap values are set as a URL, which causes the Traffic Light Map in Enterprise 7 to not display the basemap. If this scenario occurs, the Enterprise 7 Traffic Light Map widget will use the basemap that is stored as the default basemap in the ST_CONFIG database table.

Map Widget: Upgrades from EQuIS 6 to EQuIS 7 Retains Basemap in User Settings [m179719]

A bug has been fixed for the Map widget. When migrating a Map widget from Enterprise 6.6 to Enterprise 7, certain basemap values are set as a URL, which causes the Map in Enterprise 7 to not display the basemap. If this scenario occurs, the Enterprise 7 Map widget will use the basemap that is stored as the default basemap in the ST_CONFIG database table.

Drilldown Widget: Changes to Labels Made on Advanced Tab in Widget Editor Are Overwritten on Widget Load [m179727]

Fixed a bug in the Drilldown Widget that was preventing changes made to the Label property on the Advanced Tab in the Widget Editor from persisting.

Facility Chooser: Add Map-based View [m179860]

The Facility Chooser component has been updated to have a Map view from which to select a facility.

EZView Widget: JSON Output Option for Reports and EIAs [m180007]

IGrid grid reports and EIAs can be configured to download as JSON file type in the EZView widget.

User Profile Editor: Remove Referrer Column from API Token Grid [m180111]

The "Referrer" column was removed from the User Profile Editor Security tab as it was not being used.

Vertical Profile Chart Widget: Advanced Tab Issues When Data Grid Widget Added to Same Dashboard [m180232]

Resolved a bug that caused the Vertical Profile Chart widget to load with unintended parameters displayed on the Advanced Tab in the Widget Editor.

Explorer Widget: Drag/Drop Functionality [m180265]

Introduced drag and drop capability to the Explorer Widget.

ArcEQuIS: Cannot Add Location to New Facility [m180307]

A bug has been fixed in the REST API that was incorrectly setting the facility spatial reference in some instances.

Map Widget: Zoom to Layer Broken for Facility with Null "Bounding Box" [m180451]

The "zooming to a facility layer" function was not properly zooming to the layer. This has been fixed.

EDP EDD Upload Widget: Option in Widget Editor to Add Message Text and Check Box [m180671]

The EDP EDD Upload Widget Editor now contains a text area where a user can enter a message to be displayed on the widget surface. This message is limited to 1,000 characters and will be displayed as a check box label. This check box must be clicked to enable the Format selection drop-down. If no text is entered in the Widget Editor, the check box will not be displayed.

Facility Chooser: Direct Search Displaying Facilities with STATUS_FLAG other than 'A' [m180828]

Facilities with a STATUS_FLAG other than 'A' will not show up in a Facility Chooser search.

REST API: Add EQuIS API Versioning to Swagger Documents [m180850]

Swagger docs have been modified to show the EQuIS 7 Build Number rather than just "v7".

User Profile Editor: Indicator for Inability to Save Permissions [m180882]

If an error occurs while saving, the User Profile Editor will now tab back to the side menu tab that contains the error.

Reduce Unnecessary IGrid Report Output [m181068]

Added the ability to have an output type of 'none' to reduce calls for output type when output type is not needed or consumed.

Client Side Caching: GetFilterValues Endpoint [m181069]

The GetFilterValues endpoint now caches filters for 8 hours.

Client Side Caching: Cache Dashboard, Facility, and Report Chooser Endpoints [m181070]

The Dashboard, Facility, and Report Choosers now cache results for 15 minutes, 1 hour, and 15 minutes respectively to help with load times.

EDD Upload: EDD Uploads to a Facility With STATUS_FLAG = 'R' [m181073]

EDD submissions are prevented when they contain a facility with a STATUS_FLAG = R.

Traffic Light Map Widget: No Custom Extent Option Available [m181295]

A change was made to the Traffic Light Map widget that changes how a custom extent is selected. If a custom extent is added in the Widget Editor, that custom extent no longer overrides the previously set extent. Now, a "Custom Extent" option has been added to the extent drop-down list, which must be selected for the map to zoom to the custom extent.

REST API: Support for 'PUT' File Content [m181350]

Added the ability to send a file's content as a byte array via the api/files/{fileId} endpoint.

Time Series Chart Widget: Equalize Value Range Across All Charts Requires Chart Tab Selection Before Action Level Recognized [m181401]

Time Series Charts now correctly equalize action levels across all charts and by chart/tab upon initial load and when switching between chart tabs.

EDP EDD Status Widget: Want Ability to Set a Date Range [m181428]

Implemented the ability to set a 'Custom' date range in the EDP EDD Status widget.

User Registration: Getting Started Form Not Populating Remark Field [m181511]

Data entered into Company Name, City Name, and Postal Code in the Getting Started Form now connects to the Remark column in the ST_USER table. The data will be saved as JSON.

Traffic Light Map Widget: Legend and Tooltip Display Rounded Values [m181518]

A bug has been fixed in the Traffic Light Map widget that caused numeric values with more than three decimal places to be rounded to the nearest thousandth. Now the value displayed in the legend matches the value set in the Widget Editor without being rounded.

Traffic Light Map Widget: Blue Icons Do Not Appear on Map [m181555]

A bug has been fixed in the Traffic Light Map widget that resulted in blue icons not being displayed on the map, under conditions when blue icons should have been rendered.

Upgrade SharpZipLib to v1.2 [m182001]

EQuIS uses a third party component, ICSharpCode.SharpZipLib, to read and write compressed files (e.g., zip files). Previous versions of EQuIS included version 0.85.1.271. Starting with this release, the ICSharpCode.SharpZipLib.dll has been upgrade to version 1.2.0.246. If you have any custom code that directly references SharpZipLib, be aware that the ICSharpCode.SharpZipLib.Checkums namespace has been renamed to ICSharpCode.SharpZipLib.Checksum (singular instead of plural).

REST API: POST API/Groups Does Not Populate FACILITY_ID [m182600]

The POST api/groups endpoint now populates FACILITY_ID.

REST API: POST api/facilities Additional Mappings [m182602]

POST api/facilities now populates the following DT_FACILITY table columns: COORD_UNIT, ELEV_UNIT, SYS_REGION_CODE, and CUSTOM_FIELD_5.

REST API: POST api/facilities Incorrectly Mapping PROJECT_MANAGER [m182603]

POST api/facilities endpoint now correctly populates DT_FACILITY.PROJECT_MANAGER

REST API: Expand Swagger Descriptions [m182728]

Extended Swagger documentation for api/edp and api/notices as part of an ongoing effort to expand the Swagger documentation for all of the EQuIS REST API.

Filter List and Times Series Chart Widgets: Not Filtering Correctly If SYS_LOC_CODE Not Set as Group by Series or Chart [m182811]

Time Series Charts configured without SYS_LOC_CODE set as the grouping for either the series or the chart, would not respect the filter when a Filter List widget was filtering on Location. As a result, the Time Series Chart would be blank. This has been fixed and the Time Series Chart will filter as expected.

REST API: api/edp/save/{format}/{facilityId} Deprecated [m182847]

The REST API route POST api/edp/save/{format}/{facilityId} is deprecated. This route will remain available and continue to work though 2020. Developers are encouraged to migrate to the new route POST api/edp as soon as possible.

Prevent XSS Attacks in User Input (#PT3101_1, #PT3101_3, #PT3101_5) [m183019]

The Enterprise web application has been made more secure through code changes that prevent a malicious user from executing a Cross-Site Scripting (XSS) attack.

Add Secure HTTP Response Headers (#PT3101_4) [m183200]

With this release, each web response will include additional security-related HTTP headers. These headers are defined in the <system.webServer> section of the ./Enterprise7/Web.config file. When installing this build of Enterprise, please be mindful of the following headers:

Strict-Transport-Security: This header tells the browser that this site should only be used with HTTPS. If you are using HTTP (not recommended), you need to remove this header.

Content-Security-Policy: This header tells the browser the various sources that are allowed for content in the site. If you are using any third party content providers (e.g., in an HTML widget), you will need to update this header to include your content provider(s).

X-Frame-Options: This header tells the browser that content from this site may only be embedded in other sites of the same origin.

Remove Open Redirection via Redirect Query Parameter (#PT3101_2) [m183201]

To improve security, this release removes the open redirection that was previously supported in the "redirect" query parameter. The "redirect" query parameter will now work only for dashboard IDs and dashboard URLs.

Session Header to Prevent CSRF (#PT3101_6) [m183202]

This release includes an additional session header to protect against CSRF (cross-site request forgery). As this header is not included in requests made from the Swagger UI, POST/PUT/DELETE requests will no longer be allowed. A future build will disable the "Try it out" option for these endpoints. Customers using the REST API directly should continue using REST API tokens for authentication (they should not use session cookies/headers that are used by the EQuIS Enterprise web application).

VLA Dashboards Not Working with Enterprise 7 [m183327]

Public dashboards configured via Viewer Licensing Agreements (VLA) were not loading and displaying a session ended popup. This has been fixed and these dashboards should now load properly.

Adjust Default Proxy.config File to Limit Target URLs [m183524]

This release changes the default Proxy.config file by removing some obsolete target URLs and limiting the proxy to only the target URLs listed. If you have customized your Proxy.config, please review your changes and adjust the new Proxy.config file accordingly. When updating to new versions of EQuIS Enterprise, changes to Proxy.config will need to be propagated to the newer version of the file.

Fix Data Discovery Vulnerability in FacilityHelper [m183758]

A very obscure data discovery vulnerability was found during internal testing. This vulnerability could only be exploited by an authenticated user on a few specific endpoints with detailed knowledge of the code behind those endpoints. This vulnerability has been fixed in this release (Build 20.1).

SupportRequest.aspx: Now Only Available to Administrators [m183786]

Starting with this release (Build 20.1), the SupportRequest.aspx page is now only available to administrators.

Reduce Information Disclosure in Error Responses [m183879]

When an error occurs on the server, the details about that error are typically logged on the server. In many endpoints, that same information was returned in the HTTP response. To reduce unnecessary information disclosure, the HTTP responses no longer contains the full technical information about the error. If desired (e.g., during troubleshooting), the full technical information may be made available by modifying the customErrors setting in the Web.config file.

REST API Server Side Caching Security Issue [m184402]

We recently discovered a security vulnerability in a few of the EQuIS Enterprise REST API endpoints in Build 19300 (see https://forum.earthsoft.com/communities/1/topics/4808-). This vulnerability is fixed in Build 7.20.1. For security purposes, and per policy, the exact details of the vulnerability are not being disclosed.