Upgraded PDF encryption to AES 256-bit, with a configuration option available to revert to the old RC4 128-bit scheme (more info on config option).
Enabled PDF exports for Stories.
Implemented the ability to execute exports in the background and email the export when it’s ready.
Simplified the configuration of PDF export so that the External Base URL is no longer required.
Dashboards
Enabled content approval for dashboards and presentations.
Re-implemented linked data on dashboards and streamlined the process so that all possible fields are already enabled and listed into a single dropdown list.
Reinstated the option to toggle how a multi-chart canvas report displays (as chart or table) on a published dashboard.
Data
Added Kerberos support for Oracle databases.
Resolved an issue where users with older JDBC drivers, including Oracle ojdbc5.jar, could not see the Schema dropdown list.
Enabled support for Redshift Spectrum tables.
Added support for GEOGRAPHY and GEORGRAPHYPOINT in MemSQL data sources.
Infrastructure
Enabled groups defined at the Primary Org to be used for securing content at Client Orgs. Group membership defined by role or LDAP will give access at the Client Orgs where those users have access.
Enabled the display of members of client-visible Primary Org groups in the Admin Console at Client Orgs.
Added a Super User role that allows users with the role to view, edit and delete all content (learn more here and here).
Added a role function to optionally disable file uploads in discussion comments.
Added functionality to allow guest users to read Stories.
Upgraded performance for loading access level information when a system has tens of thousands of users.
Improved security through validation to prevent potential SQL injections in Freehand SQL calculated fields.
Improved security for XML-related processes to avoid XXE attacks.
Improved email security by adding an option to allow password resets via email links, avoiding potential DoS, and by modifying the on-screen confirmation message to prevent username enumeration.
Added a cooling-down period between emails sent from Yellowfin to avoid denial of service.
Implemented a new security parameter to prevent URL titles from being fetched when sharing links in a discussion.
Upgraded log4j, the library used for logging, from 1.2.17 to 2.13.3. The minimum supported Servlet spec has been changed from 2.3 to 3.0 (learn more here and via this KB article).
Added error logging to identify corrupt data in the contentmanagement table.
Improved file type validation for the Add Reference Code feature which allows for CSV file uploads.
Added a background task to clean up thumbnails of deleted reports.
JS API
Added functionality to embed a Story externally.
Added functionality to allow developers to add custom loaders through the JavaScript API (learn more).
REST API
Added an API info endpoint to the REST API for version info and better navigation to some previously-unlinked endpoints and top-level resources.
Added API version info to the System Information page in the UI.
Improved the REST API refresh token and single sign on responses so they now return token identifiers in the security token response model.
Improved error handling for the REST API to return error messages in standard JSON format.
Added handling for reading the requested REST API Version from custom header X-API-Accept, for clients who are not able to set/modify the Accept header.
Updated REST API version to 1.2.
UI
Improved UI text by:
wrapping the View field details in the Select View area of the New Report dialog box;
displaying long filter values via tooltips rather than overlapping text; and
Improving the Table Summaries fields text in reports.
Enhanced bookmarks for dashboard filter sets to align with the functionality of bookmarks for reports.
Improved the distinction between the icons for draft and active Themes.
Views
Added new indexes and made performance improvements to the View Import and View Activation processes.
Web Services
Added datasource UUID to the resources returned by the GETCONTENT web service.