Release notes and changelog
info
For user-facing changes, refer to the What’s New
page.
For information on upgrading from previous versions, see the
Atoti Market Risk Migration Notes.
5.3.0
2023-11-08
Download the distribution files here
The distribution files comprise the following zipped artifacts:
- UI source code.
- UI build that does not require an installation and can be directly deployed.
- Source files that can be used to build the module.
- Maven repository required to build the project and run the tests.
note
The Atoti Server 6.0.9 Maven repository files have been removed from this zip, so you’ll need to download them separately. Click here to locate them.
- Offline documentation that can be served by the module.
Summary
- Java 17 upgrade: The Atoti Market Risk is now compatible with, and requires, Java 17.
- Spring Security upgrade: We have upgraded Spring Security to version 5.8.7 to resolve vulnerabilities and prepare for the upgrade to Spring Security 6.0 (via Spring Boot 3).
- Solutions Tools BOM: The Solutions Tools BOM has been upgraded to 2.0-AS6.0
- Removed Sign-Off hierarchies - Fixed a bug that caused the Sign-off Adjustment dimension to be included in summary cubes and Sign-Off fields expected in summary input files and stores, even when Sign-Off was not enabled.
- Merged unfiltered pre-aggregated sensitivity measures: Unfiltered, pre-aggregated technical sensitivity measures (e.g.
Delta.Native.Vector.SUM.Technical,Gamma.Ladder.Native.Vector.SUM.Technical) are no longer split by sensitivity type. Generic replacement measures are provided:Sensitivities.Native.SUM.Technical/Sensitivities.Native.Vector.SUM.Technical,Sensitivities.Ladder.Native.Vector.SUM.Technical. - Defined stores against the GLOBAL schema: All stores in the application are now defined against the
GLOBALschema. - Store and reference configuration classes are appropriately named: Store
@Configurationclasses are now named*StoreConfigand reference@Configurationclasses are now named*ReferenceConfig. - Removed ActiveMonitor module and dependency: The
mr-activemonitormodule is no longer part of the MR modules, and the associated dependencies have been removed. For limit monitoring functionality, see How to integrate Atoti Limits. - Migration to ConfigurationProperties: The majority of MR properties have been migrated to Spring @ConfigurationProperties classes and the properties files have been consolidated.
- Virtual hierarchies: You can now use the virtual hierarchy feature on Atoti Market Risk directly from the configuration.
- Simplified market data API: A preview version of a market data API has been introduced. It covers several features of the current market data API, while reducing complexity. The implementation and configuration classes of the current market data API have been marked as deprecated. For details, see Market Data APIs.
- New SimpleQuantile implementation: Added a new implementation of IVaRQuantile: SimpleQuantile.
Known issues
| Issue Key | Details |
|---|---|
| Updated 2023-11-16: MR-1626 | Trying to log in with a user that does not have admin rights throws a 403 HTTP error. In some of the SecurityFilterChain objects defined in the security configuration, the securityMatcher is missing. As a consequence, only users with admin role are authorized in the application. See workaround |
| MR-1616 | The CVE https://nvd.nist.gov/vuln/detail/CVE-2016-1000027 can only be fully fixed with an upgrade to Spring 6. |
| MR-1520 | Querying the PnLExplain measure on the Sensitivity Cube is slower than on previous versions, by approximately 15%. This only applies when the Sensitivity Cube is in scalar mode, that is, when the mr.enable.data-model.scalar-sensitivities property is set to true. This is being investigated to find a resolution. |
Workaround for security configuration issue (MR-1626 )
To fix this issue, place the following code snippet in the file MRSecurityFilterChainsConfig for the beans managementFilterChain,
dqRestServiceFilterChain and dqMigrationHelperFilterChain:
@Bean
@Order(6)
public SecurityFilterChain managementFilterChain(HttpSecurity http, JwtAuthenticationConfigurer jwtAuthenticationConfigurer) throws Exception {
return http
// Only these URLs must be handled by this HttpSecurity
.securityMatcher(url("/actuator", WILDCARD))
.authorizeHttpRequests(
auth -> auth.requestMatchers(HttpMethod.OPTIONS, url("/actuator", WILDCARD))
.permitAll()
.anyRequest()
.hasAuthority(ROLE_ADMIN))
.apply(jwtAuthenticationConfigurer)
.and()
.build();
}
@Bean
@Order(7)
public SecurityFilterChain dqRestServiceFilterChain(HttpSecurity http, JwtAuthenticationConfigurer jwtAuthenticationConfigurer) throws Exception {
return http
// Only these URLs must be handled by this HttpSecurity
.securityMatcher(url("/directquery", WILDCARD))
.authorizeHttpRequests(
auth -> auth.requestMatchers(HttpMethod.OPTIONS, url("/directquery", WILDCARD))
.permitAll()
.anyRequest()
.hasAuthority(ROLE_ADMIN))
.apply(jwtAuthenticationConfigurer)
.and()
.build();
}
@Bean
@Order(8)
public SecurityFilterChain dqMigrationHelperFilterChain(HttpSecurity http, JwtAuthenticationConfigurer jwtAuthenticationConfigurer) throws Exception {
return http
// Only these URLs must be handled by this HttpSecurity
.securityMatcher(url("/migrationHelper", WILDCARD))
.authorizeHttpRequests(
auth -> auth.requestMatchers(HttpMethod.OPTIONS, url("/migrationHelper", WILDCARD))
.permitAll()
.anyRequest()
.hasAuthority(ROLE_ADMIN))
.apply(jwtAuthenticationConfigurer)
.and()
.build();
}
Dependency versions
| Component | Version |
|---|---|
| Adjustments Services API | 2.2.0 |
| Atoti Server | 6.0.9 |
| Atoti UI | 5.1.x |
| Data Connectors | 4.0.3-AP6.0 |
| Datastore Helper | 3.2.0-AS6.0 |
| Java | JDK17 |
| Sign-Off API | 2.1.0 |
| UI Components | 5.0.27 |
| What-If | 2.1.1-AS6.0 |
Added
| Issue Key | Details |
|---|---|
| MR-1554 | Preview market data API. For details about the new market data API, see Market Data APIs. |
| MR-1606 | Added a new implementation of IVaRQuantile: SimpleQuantile. |
Changed
| Issue Key | Details |
|---|---|
| BAS-1346 | A test framework is now available, allowing targeted measure testing. Feedback from the first version has been addressed. |
| BAS-1371 | All store and reference @Configuration classes are now named *StoreConfig and *ReferenceConfig. |
| BAS-1372 | All store @Configuration classes are now named *StoreConfig. |
| MR-1284 | The majority of MR properties have been migrated to Spring @ConfigurationProperties classes and the properties files have been consolidated. |
| MR-1487 | The mr-activemonitor module is no longer part of the MR modules, and the associated dependencies have been removed. |
| MR-1533 | Type-specific pre-aggregated, unfiltered sensitivity and ladder measures are now removed. A single measure per datastore field is now created, with all measures that filter by type using the appropriate underlying measure. |
| MR-1535 | All stores in the application are now defined against the GLOBAL schema. This simplifies the customization of stores and reduces the number of calls required to add a store or a reference to all run modes of the application. |
| MR-1605 | Quantile type and rounding method display names can now be set with properties. |
| MR-1624 | Upgraded to Java 17. |
Fixed
| Issue Key | Details |
|---|---|
| GENACL-952 | Support for “O/N” and “T/N” strings in LegacyTenorConverter and SimpleTenorConverter. |
| MR-1527 | Fixed a bug where the Sign-off Adjustment dimension was included in Summary Cubes, and Sign-Off fields were expected in summary input files and stores, even when Sign-Off was not enabled. Now they are only present when Sign-Off is enabled. |
| MR-1539 | Matching the available stores and fields to the selection for testing purposes is now done using AliasedField#getAlias instead of FieldPath#getField. |
| MR-1585 | Added beans for day count convention and tenor converter instead of enforcing them in the maturity converter configuration. |
| MR-1611 | Removed deprecated calls to AnalysisHierarchy. |