Version 5.11.0




Welcome to V5.11.0.


Click here to read the installation and upgrade instructions.


Functional changes in V5.11.0


1.      Gateway Tunnels. Configured in the Gateway, Gateway Tunnels allow remote Applications running on trusted On-Premises environments and Service Plans access to databases and services that would otherwise be inaccessible outside of the Gateway’s private network.


Gateway Tunnels work with any TCP/IP application or service that can be accessed by specifying a hostname and port number, including: Databases, Email, LDAP, HTTP(s), REST, SOAP and FTP services.


2.      Upgrade to tomcat 9.0.63 that fixes:


CVE-2022-29885 – Tomcat documentation fix for the EncryptInterceptor that incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was incorrect and has been resolved in this release.


Bugs fixed in V5.11.0





Server side validation event not triggered when date is selected using popup window.


Creating a new Presentation Template should enable CSP as default.


Server Admin: Clicking the Data Source information button for a Database connection throws an error or does not show any information.




Functional changes in V5.10.2


This release includes an upgrade to Tomcat to version 9.0.55 and various bug fixes.


  1. Upgrade to Tomcat 9.0.55 that fixes to important security fixes:
    1. The bug fix to the Denial of Service introduced a memory leak. This is fixed in version 9.0.54.
    2. Request Smuggling issue where Tomcat did not correctly parse the HTTP transfer encoding request header in some circumstances leading to the possibility of request smuggling used in a reverse proxy.


  1. Replaced logging API Log4J 1.2 with Log4J 2.17.1. This update will enable customers to customize their logging with all the latest security vulnerabilities addressed in Log4J2.


The log4J2.xml configuration file will be automatically copied post upgrade after the server is has restarted. If not changes were applied to the log4J.xml file, then the following note can be ignored.


Log4J2 Migration Note


If you have configured your own logging appenders or any other configuration (for example JDBC Appender or JMS Appender configuration) to the log4j.xml file:




These changes will need to be applied to the log4j2.xml configuration file as shown below. Please reference the Log4J2 Migration guide for the appropriate Log4J2 syntax:







Bugs fixed in V5.10.2





Setting a breakpoint on a Web Resource JavaScript file and clicking the debug icon locks/crashes the Studio.


Error Script setField: Invalid fieldname mycontrolfield.displayonly in command >SET mycontrolfield.displayonly = true when setting control property from FPL.


Server side validation event not triggered when the date is selected using the popup window.


Incorrect path to Server Resources folder in PWA manifest.


Deploy and Run on server does not run the form after the deployment has completed.


WebServiceResource doubles the WSSecurity headers when more than one header is added to the SOAP request




Bugs fixed in V5.10.1





Some operating systems resolve the mime-type for JavaScript files incorrectly when using the prefix $ws. This prevents the browser loading the client script web resource.


Public RESTFul Web Service cannot resolve the endpoint if it contains both Path and URL parameters.


Losing concatenated properties in object return values from executeFunction. The value is returned as {"empty": false}


Using the Workflow API worlkflow.getFilteredJobs() throws an exception when using a POSTGRES database for the UFSRepository.


Running an event script in a part page component causes an error when testing the component by pressing the Test Part Page Component from the studio.


Search Files does not find all the JQuery events bound to a control in the Studio.




Functional changes in V5.10.0


This release includes support for configuring Content Security Policy (CSP) headers, a new set of file upload controls, and permissions configuration for web resources.


1.      The Content Security Policy (CSP) header can now be enabled and edited in Form Properties and the Form Property Defaults section of a Presentation Template. CSP provides an additional layer of security that helps to detect and mitigate certain types of attacks, including Cross-Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement to distribute malware. CSP support is disabled by default and can be activated in Form Properties or the Presentation Template.

The output from all controls, layouts and presentation templates is CSP compliant by default. However, developers should be aware that the configuration of inline CSS and inline Javascript can cause CSP violations which will prevent a page being displayed.

2.      Several new File Upload controls have been added and these provide an alternative to the existing file upload mechanism using the form.uploadFileFromBrowser() functions. The new controls provide better customisation and more functionality with events and API methods, to make it easier to create a seamless user experience.

3.      A new Web Resource Access section has been added to the Server Admin App which provides an interface to define a set of permissions required to access Web Resources. This allows more nuanced control over access to files within a web application, utilising existing security permissions.

4.      The Studio now allows the developer to customize their own Controls Palette. The Custom Palette allows the developer to organize their most used controls into a tree structure for convenience and efficiency.

5.      The authentication, authorization and general error pages have been changed to .JSP files. They will automatically replace the previous .HTM files when upgrading to 5.10 unless the web.xml file has been modified locally, in which case the web.xml will need to be manually changed in order to point at the new files.

6.      The HttpHeaderSecurityFilter provides protection against XSS and some other attacks. This is included into the web.xml supplied with the product. The filter is not enabled as default, but should be configured for your environment if your server is exposed directly to the internet. See here for more information.

7.      Security Fixes:

· Server JQuery version updated to v3.5.1 which includes fixes to XSS vulnerabilities. Click here for more details.

·         Http Cookie security updates when using server scripting client.addCookie():

·         If the connection is secure (HTTPS), the cookie is automatically set to Secure. The cookie value is only sent over a secure connection.

·         The cookie attribute HttpOnly is automatically added to the cookie. This attribute prevents XSS attacks by preventing scripting API’s from accessing the cookie value. This attribute can be overridden and switched off in the Server Admin App (Server Properties -> General Properties).

·         The LDAP protocol using LDAPServices defaults to using LDAPS unless otherwise specified in the Server Admin App (Server Properties -> Security Properties).

8. Studio memory and performance fixes.

9.      And many other bug fixes and enhancements



Bugs fixed in V5.10.0





Text Controls lose their "Contains HTML" setting - only seems to effect controls that have no content (set programmatically).


CornerImage and ErrorPage sevlets wont work with the HTTP header X-Content-Type-Options: "nosniff".


Upload document does not work after the upgrade.


Error checking or releasing a workflow process with escalators.


Problems styling background colour of form header text after upgrade to V5.4.


Error in CSS file causes an infinite loop in the studio and studio locks up.


Ebase calendar widget always included in rendered page source.


Form will not open and generates a designer lock in form field when a dynamic list is on a print formàprint page as displayed as a ticklist.


Table current row not retained when clicking something in a repeater. This is inconsistent with table controls.


Table not displayed when initially empty when using Ajax.


Cloud Platform Issue testing RESTful endpoints.


Server-side functions cannot be called from lists within repeaters.


RESTful Web Services do not handle Content-Type headers correctly.


Deploying from the Studio to a server that uses a redirect does not work.


Workflow API getFilteredJobs() does not take into account timezone.


Controls within Repeaters add styles multiple times for the same selector causing large duplicated styles.


Nested repeaters generate excessive update controls JSON in the Ajax calls.


RESTful web service - onError event does not execute when the restful event fails.


Installer doesn't perform upgrade when installation directory already exists.



Functional changes in V5.9.0


  1. This release includes a number of features that enable compliance with the Web Content Accessibility Guidelines (WCAG) 2.1. The new features include:


·         New landmark controls Main Control, Aside Control, Article Control have been added. Together with the existing landmark Nav, Section, Header and Footer controls, these form a family that can be used to bring structure to web pages. This helps screen reader users navigate each page.

·         A new Heading Control has been added which enables the use of HTML heading tags <h1> - <h6>. As well as representing a simple header text, a Heading Control can also contain Text and Image child controls to build more complex headings.

·         A new ARIA section has been added to all controls that support ARIA properties. ARIA is a formal specification that allows developers to add markup that will be interpreted by Alternative Technologies (including screen readers).

·         Button Controls have been enhanced to support Text and Image child controls. One reason for introducing this feature is to try and discourage the use of onClick events on HTML elements that don’t natively support clicks e.g. a <div> using a Panel Control, which causes accessibility problems.

·         A new option to render radio button and checkbox lists using an HTML <fieldset> has been added. This is the recommended technique for displaying these lists.

·         HTML for field labels is now always generated and written to the browser, even when the label text is not visible. This change allows form fields to always be correctly labelled so labels can be read out by a screen reader. This does not affect the visible page presented to sighted users.

·         HTML for field help texts is always generated if a help text is configured, even when the help text is not visible. The help text is then linked to the field using the aria-describedBy attribute. A screen reader will then read out the help text after the label e.g. “Field password, passwords must have at least 8 characters including…”. This change does not affect the visible page presented to sighted users.

·         ARIA roles are now added to all error, warning and info messages sent to the user. This allows a screen reader to alert the user when a message is received.

·         The ARIA “presentation” role is added to all layout tables. This enables a screen reader to effectively ignore these tables.

·        A number of HTML syntax problems have been fixed involving the removal of unsupported and deprecated attributes.


  1. Change of behaviour: The server property Focus to first field configured using the Server Admin App (Server Properties -> General Properties) is now moved. By default, focus to first field is disabled and focus will not be applied to the first field on the page when a page loads or it is navigated to.


If this property was previously enabled on your server you can enable the property by doing either of the following:


    • Configure at the Presentation Template level by selecting Form Property Defaults under property sets and select the Focus to first field checkbox.
    • Configure on a per Form level by opening the Form Properties and selecting the Presentation tab. Under the Focus to Field section: uncheck the Use template setting and select the Focus to first field checkbox.




Bugs fixed in V5.9.0





CY_GB language (Welsh) formats dates as yyyy-mm-dd instead of dd/mm/yyyy. Upgraded the ICU4J regional formatter to the latest release.


Deployment Package does not work – The tree icon shows as a black dot in the Studio


Unable to edit property sets in a presentation template that supports ARIA properties


LDAP User Attributes do not work when logging in via IIS/AJP


It is not possible to configure the ARIA role on the property in the presentation template for controls that support ARIA role


The CSS styling for some of the container layouts is incorrect and the containers are not formatted correctly. This results in the output of the page looking different from previous versions


When Windows User Authentication is enabled and the request comes from a public facing URL with no user id a blank screen is displayed


Windows Authentication Populate User Credentials configuration in is ignored


Aria properties (role, custom atts) do not appear on a Hyperlink Control when configured as an external link.


Table sorting links produce error on WCAG 2.1 checker


Security Exposure - Local File Inclusion vulnerability - It is possible to read files from outside the Server workspace



Functional changes in V5.8.0


  1. An interactive script debugger has been introduced for Javascript scripts. All server-side Javascript scripts can be debugged regardless of how a script is invoked including forms, SOAP and REST Web Services, system services, scheduled tasks, workflow processes etc. In most cases you will be debugging something running in your local development environment, but it is also possible to debug a script running on a remote server, subject to security.


  1. Security between a Studio and its test server has been improved (in support of the new script debugger). All test servers are now defined using Designer Preferences > Servers tab, and the current server the studio is using (to test or debug forms/services/workflow processes) can be changed using the Manage Servers dropdown in the top right-hand corner of the Studio window.


Change of behaviour: connection to any server other than the Embedded Server supplied with the studio now requires configuration of a user/password with the appropriate role on the target server and this needs to be configured in Designer Preferences > Servers on the studio. 



Bugs fixed in V5.8.0





Repeater Row Control layout type cannot be set to none


Referenced SCSS files not automatically included in deployment


Rest Service authentication does not re-use the refresh token when the access token fails


OAuth Rest does not resume correctly and just refreshes the original page


Security API OpenID Connect does not exchange token for an access token with the same configuration



Functional changes in V5.7.0


1.      This release introduces a new Gateway Server product. Its purpose is to assist with the migration of in-house systems to the cloud. In particular it provides:

·         Single Sign On (SSO) from a cloud server to any in-house security system including Active Directory

·         Access from a cloud server to in-house databases and other resources

·         A portal application that runs in-house and provides links to the cloud applications

·         A programming API

These facilities are all based on a secure framework using industry best practice.


  1. User Authentication improvements. Many options, including Active Directory authentication, can now be selected at the click of a button without the need to write a Logon Service. This also includes authentication using third-party Open Id Connect providers e.g. Google Identity Platform, Salesforce, ADFS etc.




Bugs fixed in V5.7.0





Cannot generate a PDF document using Microsoft Edge


Saving a form using Save/Restore functionality displays an error message “An invalid character [32] was present in the Cookie value”


Scheduled task logs in the server admin app cannot be displayed when there are hundreds of them as it takes too long to show the results and they are difficult to navigate



Functional changes in V5.6.0


1. V5.6 is a landmark release in that it introduces a new file system layout for the installation that will enable future upgrades to be performed automatically. This new file system layout provides separation between the distribution files which should not be changed by customers (the installation file system), and any customer configurable files (the userdata file system). Future upgrades will work by replacing the distribution files. This change applies to both the Studio and Server components.


2.      The level of Rhino, which provides server-side Javascript, has been upgraded to level 1.7.11 which includes support for many ES6 features.


3.      Logon Services have been enhanced to support the ability to add Authorizations to a user, in addition to roles and credentials. Authorizations provide more granularity than a simple role, enabling more sophisticated security checks, and can be checked using SecurityManager.isAuthorized().



Bugs fixed in V5.6.0





An exception is thrown when JSON.stringify() is called on an Java String Array


Table Field Column Mandatory Check - Client Ajax call fails with mandatory field needs to be entered even though column is hidden


Ajax Javascript - previously hidden field is shown again when an onChange event is fired from a dropdown field control

336265 Studio locks on MacOS when the studio regains focus when editing a Form or the Resource Hub is open e.g minimised and maximized


The Mac OS look and feel shows very dark blue tabs on the dockable panels which makes it very hard to read the labels


Repeating weekly schedule task does not reset to the correct day for the new execution time after a task is run.



Bugs fixed in V5.5.1





An outdated version of Jquery is used - jquery-1.6.4.min.js


Can't add more than one linked text file to a form


Multiple SaveRestore servlet errors appearing in log


Javadoc incorrect for $eb.getComponentPrefix() and $eb.executeFunction()


Problem adding shared function scripts with components


Radio Button lists don’t work with Bootstrap


Cannot add a legacy print form to a form if one does not already exist


Cannot install a widget from the resource hub when you right click on a control


Changing presentation template from a script fails


PDF Header and footer styles can't be edited for a Page Control property set in a template when this is the default property set


Calendar popup icon missing with IE with display type set to HTML 5 date


Issuing set template command twice in scripts causes a java.lang.RuntimeException: java.lang.ClassNotFoundException


HTML 5 with IE 11 - Required field validation does not work


Client callable script associations appear multiple times with linked components


NullPointerException printing from a before form event


Database connection problems can occur when one of the server properties files is updated


Sortable property can't be set on table columns in some circumstances


Print Page Landscape orientation is ignored if the page size is set to A4


Renaming a Form/Component can cause an exception and form corruption.


Licence check fails throwing an exception when run on a Microsoft Hyper-V Virtual machine with a tunnel adapter.


Print Page does not apply the correct PDF Margin properties to the print pages and looks different from version 5.2.


Atomikos transaction manager limits the server to 50 simultaneous transactions.




Functional changes in V5.5.0

  1. Addition of widgets: these represent discrete pieces of UI functionality such as charts, maps, trees, confirmation popups etc. They consist of visual elements displayed to the user plus optionally additional entities such as client-side or server-side scripts, CSS etc. Available widgets are displayed in a separate Widget View that sits alongside the Palette View, and widgets are dragged onto a page in much the same way as controls, and can then be configured. The widgets themselves are sourced from the Resource Hub and this will be updated regularly to add new content as it’s developed. It is also possible to create/install widgets in the local workspace.

  2. SCSS (“Sassy” CSS) files are supported as an alternative to regular CSS files. SCSS extends CSS and adds a number of really useful features such as variables, nesting, extensions, operators etc. SCSS files are compiled into CSS which is then sent to the browser – the system performs this compilation automatically whenever necessary, so SCSS files can be used in the Studio as direct replacements for CSS files.

  3. Java 11 is included in this release as an option. It is our intention that the following release will mandate using Java 11. If Java 11 is used, Atomikos (next item) is also required.

  4. The server components providing transaction management (JOTM) and database connection pooling (Xapool) have been replaced with Atomikos.  The main driving force for this change has been the move to Java 11 but Atomikos represents a much better option as it is actively developed and supported, whereas both JOTM and Xapool have been inactive for a number of years. This change is optional in this release but it is our intention that it will be mandatory in the next release.

  5. Before control events have been extended to all controls – previously these were only available with Field Controls and Table Controls. Also before control events will now execute every time the system moves to a new page (using goto page or a configured next page button), and will be executed immediately after the before page event. This represents a change in behaviour: in previous releases before control events, with the exception of event fields, were only executed the first time any given page was displayed. If this change causes problems, the behaviour of previous releases can be reinstated by adding the following Java property to the server startup:  –DrunBeforeControlEventsOnceOnly=true

  6. Table Controls can be configured to “collapse” when displayed on narrow devices (phones). This means that each table row will be displayed vertically down the page instead of horizontally across the page. The breakpoint can be configured using the Collapse breakpoint property of Table Control.

  7. Placeholder texts can be specified for Field Controls and Table Column Controls – this is configured using the Place holder property

  8. The Fields View, Tables View and Resources Views have been changed to separate the display of form level elements from component or widget elements.

  9. When entering a field name, camel case names are now recognised and used to construct default label texts e.g. a field name of firstName will result in a label of First Name etc.

  10. A number of changes have been made to facilitate using client-side events with components or widgets:

·        The component prefix can be specified as the last parameter of the client API $eb.executeFunction() function. In most cases the system will determine when a component context should be applied to a server function called using $eb.executeFunction() but there are some circumstances where this doesn’t work and then this new parameter is required e.g. when a ready event is used to bind another jQuery event.

·        A new method $eb.getComponentPrefix() has been added to the client API

·        A data attribute data-eb-component-prefix has been added to all HTML elements generated for component or widget controls. This can be used to extract the component prefix for an HTML element using jQuery.

  1. The display of configured style sheets, client scripts, client callable event scripts and shared function scripts has been expanded to show elements configured in components/widgets installed into a form.

  2. The component name of an embedded component is now displayed in the Outline View.




Functional changes in V5.4.0


  1. Support for Progressive Web Applications (PWAs) has been added. PWAs represent an exciting new technology that aims to make web applications indistinguishable from native applications when used on mobile devices: phones and tablets. As a result, a web application can be used for all devices without the need to develop separate native apps. PWA features include:


·         Make a web app page look exactly the same as a native app page e.g. by removing the URL bar

·         Automatically add a start icon to the device’s home page

·         Caching of HTML pages and web resources by a service worker so the app can start even when offline

·         Downloading of web apps from an app store

·         Support for push notifications


Please note that support for PWAs varies for each browser provider and not all browsers currently support all the features listed above. Ebase support for PWAs will continue to be developed in future releases as further browser capabilities are announced and released.


Click here for more information.


  1. The WYSIWYG View used to display form pages has been changed to use JavaFX as the underlying software component – previously this was using Flying Saucer. The main advantage of using JavaFX is that CSS3 styling is now fully supported, whereas in the previous release many styling attributes were not supported. JavaFX also provides future proofing as it is a fully supported Java component and will continue to support new aspects of HTML and CSS as they are developed in the future.


  1. A new PDF generation engine wkhtmltopdf has been added which supports HTML5 and CSS3. This is available for use when generating a PDF using the Javascript form.generatePdf() function or the FPL outputpage command. This is in addition to the existing Flying Saucer engine which mostly only supports CSS2. A global property PDF Engine is used to switch between these two options. This property can be changed using the Server Admin App on the Server Properties page. By default this property is set as follows:


·         New installations: wkhtmltopdf

·         Upgraded systems: Flying Saucer


Please note that changing the PDF engine may result in some changes to existing print pages.


  1. Support for Domain Keys Identified Mail (DKIM) has been added to email accounts. This is configured via email account properties using the Server Admin App.


  1. It’s now possible to see how a page will look on any device by selecting the appropriate device from the toolbar at the top of the WYSIWYG View - a dropdown of named devices is available including most common devices and this can be edited to add new devices.


  1. Support for many Web Forms 2.0 features has been added. Using these features it’s possible to eliminate the input validation popup alert boxes and replace these with browser-provided input validation:


The following Web Forms 2.0 input types are supported and can be selected as display type for a form field or table column: 


color, date, datetime_local, email, month, number, range, search, tel, time, url, week


Some of these types will result in browser widgets being displayed to help the user enter the data e.g. date, number. The implementation of these widgets varies between browsers.  Also, some of these types invoke browser validation of the data entered e.g. email, range. Any validation messages issued by the browser can be customized using the Validation Message Field Control property. Click here for more information.


The Mandatory Field Control property has been renamed to Required, and required fields are now implemented using native browser validation. This applies only when the form document type in Form Properties > Presentation is set to HTML 5. The message displayed (e.g. “Please fill in this field”) can be changed using the Required Message attribute of Field Control.


  1. New Server Resources folders can be created in the workspace.  These folders are mapped to the root of the web application and provide a means of configuring static web resources and including these in the workspace. In previous releases, static server web resources had to be added to the server’s file system and were therefore difficult to manage. With this change, these web resources can be included in the workspace and can be deployed in the usual way. Click here for more details.


  1. When a client API $eb.executeFunction() call is made, the server will now be aware of the control which initiated the event – most importantly this includes setting the current row of any tables. For example, you might have a table or repeater with a delete button that first displays a confirmation popup and then invokes a server function via eb.executeFunction(). With this change the server code to delete the table row is simply tables.myTable.deleteRow() whereas prior to this change a row identifier had to be extracted on the client then passed to the server.


  1. Images can now be dragged from the tree directly onto a page. The project that the image is dragged from needs to be accessible from the target project.


  1. Resources can now be dragged from the tree into the Resources View of a form, component etc. The project that the resource is dragged from needs to be accessible from the target project.


  1. The tree is now sorted so that any folders are shown before entities.


  1. Custom attributes within HTML Element Properties can now contain &&fieldname substitutable variables.


  1. Aria label texts can be configured for all appropriate controls. This property is typically used to provide a screen reader with a label for an otherwise anonymous control.


  1. Client browsers with Javascript disabled are no longer supported. Javascript support on the client is required to execute an Ebase form.


  1. A change has been made to the way Javascript arrays and/or objects are stored as session attributes which may affect applications using client.request.session.setAttribute(“xxx”, value) or client.request.session.getAttribute(“xxx”). The getAttribute() and setAttribute() methods are now intercepted and Javascript arrays and objects are saved in serialized form – this is to prevent excessive use of memory which can result when Rhino objects representing arrays and objects are saved directly. The impact of this change is that session attributes must now be explicitly saved (using setAttribute()) each time they are changed. It is no longer true that getting an attribute, then changing the retrieved object, will update the saved session attribute.


  1. The Workflow Administration application (form WORKFLOW_ADMINISTRATOR distributed in the VerjSamples project of the default workspace) now requires a user sign-on. Any user with access to the Server Administration application will also have access to the Workflow Administration application.



Bugs fixed in V5.4.0





Rest response content-length issue


Server admin app fails in V5.3.2 when called over SSL


NumberFormatException during updatetable of nested table when rows have been deleted


Copying a scheduled task generates a duplicate runtime id


Rhino script variables stored in session context or other similar contexts use excessive memory


Server proxy password on the server is not encrypted and fails to decrypt at runtime


Cancelling a workflow job gives message "Cannot cancel from state Cancelled" if tasks have been cancelled


Workflow pause node script fails with "Cannot have any pending top calls when executing a script with continuations"


Copying a folder with many inter-related entities does not correctly refactor the relationships




Functional changes in V5.3.2


This release provides integration with the new Platform as a Service (PaaS) system which offers fully supported Ebase Xi servers running in the cloud and is also the new home for the Ebase website; the Ebase Xi Designer has been re-branded as the Studio. The studio provides the ability to deploy to either a server in the cloud (known as a service plan) or a non-cloud server (these are now known as on-premise servers); similarly you can run forms and test web services and workflow processes against either cloud or on-premise servers.


  1. After upgrading to V5.3 you will be initially presented with a logon screen when you first start the studio; if you have not previously registered on the portal, click on the Sign up link at the bottom of the logon panel. If you are already registered then enter your credentials - any service plans to which you have access will automatically appear as deployment targets. If you have previously registered with the Ebase Customer Portal you should be able to use the same userid/password combination for the new portal. Once you have logged on successfully to the studio, your credentials will be remembered and you should not need to logon again unless you explicitly logout of the Portal (see below).


The Vault has been replaced by the Resource Hub. This contains tutorials, samples, templates and other technical content that provide advice and can be imported directly into the studio. The Resource Hub will become the major source of technical help and will be expanded in the future.


A new Verj menu item has been added to the main menu. This provides the ability to logout/login from/to the portal plus the ability to change the privacy settings. In the current release these settings make very little difference – they are used only when deploying to a service plan in the cloud or when connecting to the Resource Hub. However, in the future the studio will be enhanced to collect information on how the studio is used, detect any problems, and offer advice based on this. When this functionality is added, you will have the ability to disable it via the privacy settings.


  1. A new tabbing framework to contain multiple open entities has been added and many of the toolbars have been restructured

·         Icons from the old tab headers have been moved to a new toolbar at the top of the page

·         Icons from the old tree toolbar have been moved to the new toolbar at the top of the page

·         The Form Editor toolbar and page toolbar have been re-structured

·         The Run button has been renamed to Test and moved to the main toolbar and a test history has been introduced. This makes it possible to run forms from any editor at any time.


  1. A number of new controls have been added:


Container Controls:

·         Footer Control – same as a Panel Control but encloses content in a <footer> HTML tag

·         Header Control – same as a Panel Control but encloses content in a < header > HTML tag

·         Nav Control – same as a Panel Control but encloses content in a <nav> HTML tag

·         Section Control – same as a Panel Control but encloses content in a <section> HTML tag


List Controls – these provide the ability to display content in an ordered or unordered list and within list item HTML tags <li>:

·         List Panel Control – provides the ability to lay out any static content as a list

·         List Control – used to display dynamic list content e.g. from a database (Dynamic List) or a Static List or a list set via a script

·         List Text Control – used with a List Control to display a list item text

·         List Hyperlink Control – used with a List Control to display a list item text as a hyperlink

·         List Item Control – represents a <li> tag

·         Repeating List Control – provides the ability to display a table as a list


Click here for more details on using the new list controls.


  1. A new List Layout has been added which lays out the content of any container control as a list.


  1. A new Class property has been added to the properties panel of most controls. This makes it easier to add CSS classes to a control – without the need to first display the styling assistant, click on Advanced properties etc.


  1. A new external API has been introduced that allows non-Ebase apps to make stateful calls to an Ebase server by including a small amount of Javascript. This can be used by any non-Ebase app including mobile apps. Stateful in this context means that information is kept on the Ebase server between calls from any given client. Click here for details.


There are now three ways that an Ebase service can be called from an external (non-Ebase) application:


·         REST Web Service stateless REST calls

·         SOAP Web Service (integration Service) call – stateless SOAP calls

·         Using the new External API – when stateful calls are required


  1. Support for information messages has been added. There are now three levels of message that can be added to a page and individually styled: info, warning, error. Information messages are added by Javascript scripts using one of the addInfoMessage() methods, and for FPL scripts via the message command.


  1. Javascript API Changes:


·         New methods encryptAES() and decryptAES() have been added to EncryptionServices to provide encryption using the AES algorithm with 128 bit keys. The existing encrypt() and decrypt() methods have been deprecated as they use the DES algorithm with 64 bit keys; this DES algorithm is now considered as potentially vulnerable and customers are recommended to use the new AES methods instead.


·         New methods appendToFile() have been added to FileServices. These should be used when appending text to a file instead of the writeFile() methods that replace the file contents.


·         It is now possible to exclude some Java classes from the automatic conversion that occurs for server-side Javascript scripts when Java objects are transferred into the Javascript environment. This conversion behaviour is mostly beneficial but can occasionally cause problems; it includes the conversion of all Java lists (java.util.List) to Javascript arrays [] and the conversion of all Java maps (java.util.Map) to Javascript objects {}.  Individual Java classes or interfaces can be excluded from this conversion by using system.addWrapFactoryExcludedClass() and system.removeWrapFactoryExcludedClass() e.g.




The scope of changes made by these methods applies to the currently executing form, web service, workflow job etc.


·         New methods addCssClass() and removeCssClass() have been added for all controls. These methods allow classes to be added and removed dynamically without affecting other classes assigned to the control.


·         The ability to iterate through items in a list has been added. This can be used when a list is associated with either a field or a List Control:


var items = controls.listControl.list.items;

while (


var val = items.listValue;

if (val == "danger")


controls.listItem1.backgroundColor = "red";




  1. The ability to monitor the number of database connections in a connection pool has been added. In the Server Admin App, click on Database Connections then click the  icon for an individual database to display information about the current usage of the connection pool. This can also be used to restart the connection pool in the event of problems. Click here for more details.


  1. The ability to run an HTML entity file has been added.


  1. Creation of a new project now allows you to select a pre-configured folder structure or model the folder structure on an existing project. This behavior can be disabled in designer preferences.


  1. A new Save All icon has been added to the main toolbar (next to the Save icon) – this saves all open entities that have been changed.


  1. The Getting Started option has been removed from the Help menu – the tutorials provided by this option have been revamped and are now included in the Resource Hub


  1. A small change has been made to the HTML generated for a Table Control. This might have any impact on existing forms which have been styled using CSS which is dependent on the HTML structure.


  1. A Bootstrap presentation template has been developed and is available for download from the Resource Hub. This is based on Bootstrap 4.0.0 beta.


  1. Designer Preferences contains a new Privacy tab. This allows you to disable the link between the studio and the portal.




Bugs fixed in V5.3.2





Added character encoding to RestOptions when invoking a REST call to specify the response message character encoding type.


Problem deleting table columns in the Ebase designer that contains percentages in their style width values.

335864 and


Fixed the security vulnerability to change the epd parameter to change the page. If could open a page that does not contain a security check.


NullPointerException when inserting a row into a table, deleting it and then issuing an update table when the resource is backed by an Integration Resource.


Fixed that REST service resource response headers do not substitute the value in fields (fields with && in them).


V4 repository that contains duplicate mapping when upgraded creates duplicate mappings.


Importing an Ebase export file that contains special UTF-8 characters (for example £ sign) corrupts the character.


SOAP web service calls that require maintaining of sessions cookies are lost between execution of different Ebase forms.


OAuth Access Grant scopes and User Resource parameters can be overridden from the Rest Resource OAuth authentication configuration or these can be overridden at runtime using the OAuth authentication object in scripts.


Adding a shared or client callable script to a component and then running the form causes an error stating that the shared script does not exist.


Set a table column value to include HTML and set it to be a Hyperlink, at run time the html is not rendered.


Using the server admin app to edit the non proxy hosts configuration truncates the entry to 255 characters.


A reference to form.getElementName() or system.variables.$FORM_ID fails with a NullPointerException when calling within an Integration Service script.


After inserting a row using a database resource to a Derby or Postgres database does not return the auto increment column value.


Searching workflow jobs by process attribute name/value using the jobs list resource doesn't work.


NullPointerException after importing a database resource and trying to open in the designer.


Numbers without decimal points get .0 added when assigned to character fields.




Functional changes in V5.2.0


1.      Support for publishing REST web services has been added. Together with the changes introduced with V5.1, full support is now provided for calling and publishing both REST and SOAP web services.


2.      Many icons and panels have been changed to introduce a fresher look into the designer.


3.      Javascript API Changes:


·         A new technique for executing SQL statements has been added without the need to create a Database Resource and mappings. This is accessed via the new DatabaseServices class e.g. services.database.executeSelectStatement(…). All SQL statements are supported.


·         Property files can be loaded using one of the new system.loadPropertiesXxx methods.



Bugs fixed in V5.2.0





Error calling a SOAP web service: Could not invoke service. java.util.ConcurrentModificationException


Workflow process tester fails when using SQL Server repository database


Error running large forms: CannotCompileException java.lang.ClassFormatError: Invalid method Code length 74999 in class file TEXTS_xxx.


ClassCastException using print resource from workflow




Functional changes in V5.1.1


1.      Support for calling RESTful web services has been extended:

  • Support for Client Credentials Grant has been added to OAuth support
  • It is now possible to specify username, password and scope dynamically when using OAuth


Bugs fixed in V5.1.1





Error “Cannot modify a property of a sealed object” changing a Javascript prototype object



Functional changes in V5.1.0


1.      Support for calling RESTful web services has been added which can be achieved using the new REST Web Service Resource or directly via the programming API.


2.      A link to the Ebase Xi Vault application on the Ebase website is available via Help > Ebase Xi Vault. Ebase Xi Vault provides many samples, videos, complete apps etc and these can be viewed from the designer and/or downloaded directly into the workspace (to the Vault folder in the ebaseSamples project) by clicking the Download button at the top of each item page. The Ebase Xi Vault will continue to be expanded in the future and is intended to be a major source of advice and samples covering all aspects of Ebase Xi.


3.      New variable services has been added to the Javascript API. This provides access to all the xxxServices classes within the script API e.g. DateServices, EncryptionServices etc. Previously these xxxServices class names had to be included within a script statement e.g. DateServices.formatDate(x, y) whereas this can now be coded as, y). This makes it easier to understand which services classes are available.


4.      The ability to exclude folders from the entity tree has been added. By default this includes .svn, .cvs and .git. These folder types are configured using Designer Preferences.


5.      A new template xiDefault is supplied.




Bugs fixed in V5.1.0





Styling Assistant does not show labels when a language other than English is used


XSL Adapter: text editor window does not scroll


Resettable documentation is not clear


PDF generation hangs


Can't call upload via the client API


Exception if user manipulates the ebz URL parameter part way through form execution


Custom lists and Static lists display return value instead of display value when field is a hyperlink


Passing an object which contains an array back to the calling form crashes the form


Workflow decision node - get error clicking OK so can't change it in any way


Some dialogs use black text when highlighted - makes it difficult to see on a dark b/g


Subversion control (.svn) folders are visible / searched in Designer


Clicking Browser back button after returning from a called form causes runtime error


Date in Language File: results in Version Control checking it in although the texts have not changed


Barcode control needs server to render image on the designer


Getting Started resource centre has illegal href links


Unable to run forms in a Linux installation unless Firefox is installed


form.generatePdf() gives NPE when image has blank / invalid url


Save button in style sheet editor is always enabled


Deployment of multiple server email files fails


Styling the final page using classes doesn't work


Form cacheloader fails to find the form in workspace


Incorrect behaviour of mandatory column in Tabset when ajax is enabled


Documentation for "Change Ebase Repository to a different database" is out of date


References to a default property set doesn't work


Client response headers are lost due a server redirect


Uses panel and data dictionary are not updated when a form is renamed


Database connection changes within the Server Admin App. require a server restart


Server Admin App: saving email server port number fails


A message issued from an event on page_1, but against a control on page_2 is not rendered


Renaming / moving scripts fails to refactor associated events


Add ability to rename integrated test server web app


NullPointerException accessing event.eventDescription in a callable function


NullPointerException generating PDF from scheduled form


Page cannot be displayed error and NullPointerExceptionafter removing a list from a table column


css and client script editors mess up LF and CR


Refreshing Entities takes too long


Server Admin App when using Oracle repository - error listing users


Renaming a folder to a different case causing problems


Server Admin App logon page - cursor goes to the password field


Saving entities in the designer is very slow


Form calls itself, upon return any reference to a field causes NullPointerException error


Making a change in Designer preferences causes unsaved changes being undone