Upgraded PDF encryption to AES 256-bit, with a configuration option available to revert to the old RC4 128-bit scheme (learn more).
Data
Added Kerberos support for Oracle databases.
Resolved an issue where users with older JDBC drivers, including Oracle ojdbc5.jar, could not see the Schema dropdown list.
Enabled support for Redshift Spectrum tables.
Added support for GEOGRAPHY and GEORGRAPHYPOINT in MemSQL data sources.
Infrastructure
Enabled groups defined at the Primary Org to be used for securing content at Client Orgs. Group membership defined by role or LDAP will give access at the Client Orgs where those users have access.
Enabled the display of members of client-visible Primary Org groups in the Admin Console at Client Orgs.
Added a Super User role that allows users with the role to view, edit and delete all content (more info here and here).
Added a role function to optionally disable file uploads in discussion comments.
Added functionality to allow guest users to read Stories.
Upgraded performance for loading access level information when a system has tens of thousands of users.
Improved security through validation to prevent potential SQL injections in Freehand SQL calculated fields
Improved security for XML-related processes to avoid XXE attacks.
Improved email security by adding an option to allow password resets via email links, avoiding potential DoS, and by modifying the on-screen confirmation message to prevent username enumeration.
Added a cooling-down period between emails sent from Yellowfin to avoid denial of service.
Implemented a new security parameter to prevent URL titles from being fetched when sharing links in a discussion (more info).
Upgraded log4j, the library used for logging, from 1.2.17 to 2.13.3. The minimum supported Servlet spec has been changed from 2.3 to 3.0.
Added error logging to identify corrupt data in the contentmanagement table.
Improved file type validation for the Add Reference Code feature which allows for CSV file uploads.
Added a background task to clean up thumbnails of deleted reports.
Updated the Pitney Bowes Geocode step to use the new Precisely APIs endpoints and branding. Also fixed token request failed error in Pitney Bows Transform step plugin.
REST API
Added an API info endpoint to the REST API for version info and better navigation to some previously-unlinked endpoints and top-level resources.
Added API version info to the System Information page in the UI.
Improved the REST API refresh token and single sign-on responses so they now return token identifiers in the security token response model.
Improved error handling for the REST API to return error messages in standard JSON format.
Added handling for reading the requested REST API Version from custom header X-API-Accept, for clients who are not able to set/modify the Accept header.
Updated REST API documentation for API version 1.2 and made some improvements for clarity of some file upload parameters.
UI
Improved the UI for dashboards by wrapping the View field details in the Select View area of the New Report dialog box.
Modified the UI text for Table Summaries.
Views
Added new indexes and made performance improvements to the View Import and View Activation processes.
Web services
Added datasource UUID to the resources returned by the GETCONTENT web service.