Release notes and changelog
info
For user-facing changes, refer to the What’s New
page.
For information on upgrading from previous versions, see the
Atoti Sign-Off Migration Notes.
6.0.1
2025-04-17
Download the distribution files here
You can download the following zipped distribution files:
- UI source code.
- UI build that does not require an installation and can be directly deployed.
- Source files that can be used to build the module.
- Maven repository required to build the project and run the tests.
note
The Atoti Server 6.1.4 Maven repository files have been removed from this zip, so you’ll need to download them separately. Click here to locate them.
- Offline documentation that can be served by the module.
Summary
- Customized sign-off status feed: The sign-off status feed member for “in review” representation can be customized on the application server.
- Restarting tasks: Fixed an issue preventing the application server from being notified when restarting a task without adjustments in default workflows.
- Connection to custom application servers: Fixed an issue preventing Sign-Off from connecting to custom application servers.
- Slicing hierarchies as a scope: Fixed an issue preventing the creation of Sign-Off definitions using a slicing hierarchy as the scope.
- Overlapping scopes: Fixed an issue with the overlapping scope validation that would prevent creating two definitions on the scopes with the same member but different hierarchies.
- Recurring adjustments: Fixed an issue where recurring adjustments were not visible in the task screen.
- Sticky headers: Fixed an issue preventing the headers in custom screens from being sticky whilst scrolling.
Known issues
None.
Dependency versions
| Component | Version |
|---|---|
| Adjustments Services API | 4.1.0 |
| Atoti Server | 6.1.4 |
| Atoti UI | ~5.2.6 |
| Audit Service | 1.0.0 |
| Common Dependencies BOM | 2.2.1 |
| Common Parent POM | 2.2.1 |
| Datastore Helper | 3.4.0-AS6.1 |
| Java | JDK21 |
| Notification Service | 1.0.0 |
| Sign-Off API | 4.2.0 |
| UI Components | 5.2.7 |
| Workflow Common Library | 2.5.0 |
Added
| Issue Key | Details |
|---|---|
| SO-857 | Added a property to allow the “in review” feed member to be customized on the application server. |
Fixed
| Issue Key | Details |
|---|---|
| SO-856 | Fixed an issue where snapshots were not being taken when restarting tasks with adjustments. |
| SO-858 | Fixed an issue where definitions could not be created on servers other than Atoti Market Risk. |
| SO-859 | Fixed an issue where definitions could not be created on slicing hierarchies. |
| SO-862 | Fixed an issue where definitions could not be created if a scope member was equal to an existing definition’s scope member under a different hierarchy. |
| SO-865 | Fixed an issue where recurring adjustments were not visible in the task screen. |
| SO-867 | Fixed an issue where adjustments were not being re-applied on the server when restarting tasks. |
6.0.0
2025-03-19
Download the distribution files here
You can download the following zipped distribution files:
- UI source code.
- UI build that does not require an installation and can be directly deployed.
- Source files that can be used to build the module.
- Maven repository required to build the project and run the tests.
note
The Atoti Server 6.1.4 Maven repository files have been removed from this zip, so you’ll need to download them separately. Click here to locate them.
- Offline documentation that can be served by the module.
Summary
- Dedicated Sign-Off Task Configuration Screen: A dedicated screen for creating, managing, and performing actions on sign off task definitions. See Task Configuration screen.
- Dedicated Sign-Off Tasks Screen: A dedicated screen to complete all of your daily tasks. See Tasks screen.
- Streamlined adjustments: Sign-off tasks can be selected within the adjustment modal to streamline the adjustment process.
- Interactions with Sign-Off workflows: The way workflows change state (
APPROVED,PENDING, and so on) has been updated to make customization easier. - Workflow services moved: Both
SignOffProcessInstanceWorkflowService.javaandSignOffProcessDefinitionWorkflowService.javahave been migrated fromsignoff-startertosignoff-activeviammodule, along with their dependency classes. - Adjustments-related classes: Adjustments are now using
Lists instead ofSets to keep thelocationsfields ordered. This allows the UI to properly construct dashboards. - Artifact relocation: The released artifacts are now released under the group id
com.activeviam.solutions.signoff. - Bulk Adjustment upload/download: Adjustments can now be created by uploading CSV files via the UI. Please see the Upload Adjustments section. In addition, you can export adjustments into a CSV file.
- Definition upload/download: Definitions can now be created by uploading CSV files. In addition, you can export definitions into a CSV file. See Upload tasks.
- Restart tasks with adjustments: Tasks can now be restarted while maintaining adjustments that were previously executed.
- More Spring Boot compliance: Atoti Sign-Off now aligns more closely with Spring Boot best practices in our aim to move towards using Spring Boot Starters to ease migrations.
- Dependency Upgrades: Atoti Sign-Off has been upgraded to Atoti Server version 6.1.4. Please see the Dependency versions section for more upgrade details.
Known issues
| Issue Key | Details |
|---|---|
| SO-858 | Creating a definition only works with Atoti Market Risk servers. |
Dependency versions
| Component | Version |
|---|---|
| Adjustments Services API | 4.1.0 |
| Atoti Server | 6.1.4 |
| Atoti UI | ~5.2.6 |
| Audit Service | 1.0.0 |
| Common Dependencies BOM | 2.2.1 |
| Common Parent POM | 2.2.1 |
| Datastore Helper | 3.4.0-AS6.1 |
| Java | JDK21 |
| Notification Service | 1.0.0 |
| Sign-Off API | 4.2.0 |
| UI Components | 5.2.6 |
| Workflow Common Library | 2.5.0 |
Added
| Issue Key | Details |
|---|---|
| SO-449 | The newly developed Audit screen has been added to Atoti Sign-Off by default. |
| SO-575 | Add the required logic to send available actions related to a given process. The Atoti UI fetches the task or task definition and collect the available action at time. |
| SO-578 | Error responses are now reported as ProblemDetails. |
| SO-625 | A dedicated screen to complete all of your tasks daily tasks. |
| SO-630 | Upgraded the Workflow Common Library dependency to 2.4.1, which fixes a number of CVEs in dependencies. |
| SO-648 | A button to the Tasks screen that generates a dashboard to show the before and after value of each adjustment. |
| SO-658 | The default sign-off-process-definition workflow now creates JPA entities on creation. Previously, the entities were created on publish. |
| SO-661 | The IRestApiConfiguration now includes two new methods to get the MDX query endpoint and the as-of-date levels for each cube on the application server. |
| SO-675 | Added a workflow status manager service to characterize the different workflow statuses, including custom ones. |
| SO-682 | A linked dashboard to each sign-off definition |
| SO-699 | Atoti Sign-Off now embeds an H2 console for investigating connections to H2 databases, which is disabled by default. You can enable it using the spring.h2.console.enabled property in application.yml. |
| SO-707 | Added the Notification Service to Atoti Sign-Off. |
| SO-714 | Added a linkedDashboardId field for task definitions for linking a dashboard to a definition. |
| SO-715 | A button to the Tasks screen that generates a dashboard to show the before and after value of each task. |
| SO-725 | Added a feature to bulk upload definitions via CSV files. In addition, you can now export definitions into a CSV file from the Task configuration screen. |
| SO-726 | You can now export adjustments into a CSV file from the Tasks screen. |
| SO-727 | Added a feature to bulk upload adjustments via CSV files. Please see the Upload Adjustments section. |
| SO-737 | Approvals for the default four-eyes workflows cannot be approved by the previous user in the workflow. This can be changed by setting sign-off.workflow.approver-can-be-same-as-previous-user=true. |
| SO-748 | The newly developed Audit Service has been added and updated the version of workflow-core. |
| SO-753 | Users can now restart tasks maintaining adjustments that were previously executed. |
| SO-772 | Added Jakarta validation via ISignOffAdjustmentValidator for creating adjustments via IAdjustmentService. |
Changed
| Issue Key | Details |
|---|---|
| SO-590 | Updated the project artifact’s group id. |
| SO-608 | Task selection for an adjustment is now within the adjustment modal. |
| SO-645 | Fetch available workflow actions from the server instead of UI settings. |
| SO-646 | AWorkflowProcessDefinitionEntity JPA columns are now updatable. |
| SO-654 | Data transfer objects (DTOs) and JPA entities have been updated to use Lombok. |
| SO-679 | The adjustment modal can only be opened when there is a valid sign-off task for the scope of the selection. |
| SO-688 | Converted locations and input fields of adjustment DTOs into Lists. |
| SO-692 | The default schema for databases has been changed to sign-off to support multiple Activiti connections. |
| SO-698 | The default sign-off-process-definition workflow makes definitions visible to users with the ROLE_USERS once saved or published. Previously, SAVED or PUBLISHED definitions were only visible to users with the ROLE_MANAGERS. |
| SO-713 | Users are now prevented by default from creating definitions on overlapping scopes. |
| SO-738 | Deleted adjustments are no longer retrieved. They can still be found in the Audit Service. |
| SO-751 | Adjustments can only be performed on tasks with a valid scope. |
| SO-780 | The version of tomcat-embed-core was bumped to version 10.1.39 and exclusions were made on json-smart, netty-handler, netty-common and xmlunit-core to address CVEs. |
| SO-782 | Users are now prevented by default from creating definitions on top-of-house and same member overlapping scopes. |
Removed
| Issue Key | Details |
|---|---|
| SO-553 | Sign-off dashboard widgets have been removed. |
| SO-775 | The SignOffProcessDefinitionDTO::getMeasures and SignOffProcessDefinitionDTO::setMeasures methods have been removed as they are not used |
| SO-801 | The signoff-activeviam source code has been removed from the released artifacts in an effort to ease client migrations. The javadoc sources are still available for download. |
Open CVEs
| Issue | Status | Details | Impacting | Product impact | Workaround | Fix expected |
|---|---|---|---|---|---|---|
| GHSA-pr98-23f8-jwxv | Medium | ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core up to and including version 1.5.12 in Java applications allows attackers to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program execution. Malicious logback configuration files can allow the attacker to execute arbitrary code using the JaninoEventEvaluator extension. A successful attack requires the user to have write access to a configuration file. Alternatively, the attacker could inject a malicious environment variable pointing to a malicious configuration file. In both cases, the attack requires existing privilege. |
ch.qos.logback:logback-core |
Low. The attacker requires existing privilege. | Ensure existing users have appropriate privileges. | Yes, once Atoti Server is updated to a version of Spring Boot using logback-core version 1.5.13 or higher. |
| GHSA-6v67-2wr5-gvf4 | Low | Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback version 1.5.12 on the Java platform, allows an attacker to forge requests by compromising logback configuration files in XML. The attacks involves the modification of DOCTYPE declaration in XML configuration files. |
ch.qos.logback:logback-core |
Low. The severity is low. | Ensure existing users have appropriate privileges. | Yes, once Atoti Server is updated to a version of Spring Boot using logback-core version 1.5.13 or higher. |