The following is the list of changes in the latest release of WorkflowFirst:

Overview

• Many enhancements have been made to make WorkflowFirst's security more robust to help prevent unauthorized access, after a thorough outside security audit


• You can now make individual fields accessible only to someone of a particular role. They will be hidden if the user doesn't have that role.


• Several enhancements have been made to provide greater flexibility in the layout of forms.


• A new PDF report engine, EVO, has been integrated into WorkflowFirst providing lots of new reporting features.


• Lots of DbfScript functions have been added, including several that enable you to retrieve messages from an inbox to start workflow from an email.


• Notification emails from workflow can now be customized in the Configuration tab.

More details:

General

• You can now create custom views for the edit mode of a record.
• Now only fields that have the "Allow HTML" flag to be set will show HTML. Otherwise they will show codes for the HTML. This was changed for security reasons.
• If a nested list is set to "single Item" and is mandatory, it will now be expanded in the form by default.
• You can now restart the server and set the installation path (used to locate the license files) in Admin Tools.
• The maximum size in the field's Advanced section is now applied to file attachments in forms, if specified. The size would then be in kilobytes. Any attachment larger than that amount will be rejected.
• The temporary folder for WorkflowFirst is now held in the Windows temporary folder, not the Temp folder of the application's files folder.

Form / Look and Feel:

• A new field data type, "Static Label", lets you insert adhoc labels into forms.
• Boolean fields are now shown as a toggle-switch buttons. Dropdown lists can be shown as radio buttons, by setting it in the Advanced section of the field definition.
• The number of field 'columns' in a form, which defaults to 4, can now be overridden in the type's field definition advanced section.
• Nested lists' visible conditions are now honored in the form, they will only show if the visible condition is met.
• Form and application footer text can be displayed for all forms, specified in the Application's Advanced section.
• Fields can now have a "Span" specified, that lets them span more than one field in width. Fractions of halves can also be specified. When combined with the ability to override the total form columns, and static labels, this provides great flexibility in how forms are laid out.
• The form can now be laid out in 2 columns (fields on the left and values on the right) by setting the form layout variation in the Advanced section.

QuickReports

• WorkflowFirst now uses the EVO PDF engine to generate PDF files, which allows page numbers, footer images and footer text and corrects issues with repeating table headers.
• QuickReports can now have a Render Template and Render Script defined in a section that lets you override the HTML generated for the report, either in a script that will return a list of HTML strings, or a template that can have tilde-surrounded field names.
• QuickReports now let you specify whether there will be page numbers, footer text and footer images.

Workflow

• Workflow stages can now be set to 'Manually Progress', which means it will not progress to the next stage by itself, but only through script.
• The email notifications can now be customized through templates, if they're defined in the Configuration / Notification Templates area. The templating allows the use of field names in the record, when surrounded by tilde (~) symbols.

Security

• Fields can now have "Required Roles" defined that let you control which roles users must have to view those fields. If the user doesn't have that role, the field will be hidden from view.
• The Configuration tab now lets you override the session timeout for user sessions. If the user doesn't use the application for this amount of time, they will automatically be logged out.
• Any File type fields that will be used in reports as images must now be set as being publically accessible in the field's Advanced section, for security purposes.
• You can now specify the roles that are required to view the Audit Trail, if desired. This is specified in Audit Trail Options in the Features area.
• Various security enhancements have been made to the web server to stop browser side caching of sensitive data, to stop script injection and patch various other vulnerabilities that were found during an outside security audit.

Deployment

• The sqlserver.cfg file can contain DisableUpgrades=true if you don't want that specific server to apply upgrades to the database. This is important if two or more servers are running on the same database for redundancy. Only one server should apply upgrades.

DbfScript

• The POP3 interface in DbfScript lets you poll an email inbox and let those messages start or interact with workflow. The POP3 functions in DbfScript have been enhanced in this release. The Pop3:GetMessages function now also reads any email attachments, into a Files list in the message. The Pop3:GetHeaders(server, login, password, lastMessageID, maxNumToRetrieve) now takes lastMessageID to only retrieve messages up to the given message ID. The function Pop3:GetMessages(server, login, password, lastMessageID, maxNumToRetrieve, allowHtml) lets you optionally include HTML information. A new function Pop3:DecodeMessages(&path, messages) will take the result of GetMessages and add a Path field to each message with the path of the record that corresponds to the encoded record number in the subject. The encoded record number must be of the format [#XXX], where XXX is the record number.
• The new DbfScript function CloneFile(file) makes a copy of a file.
• Two new DbfScript functions str:Encrypt(string, password) and str:Decrypt(string, password) will encrypt and decrypt a string.
• The new DbfScript function str:ReplaceIgnoreCase(string, toFind, toReplace) will replace toFind in string regardless of its case.
• The new DbfScript function RemoveFromList(list, record) removes record from list and returns a new list.
• The new DbfScript function NodeToXmlStream(node, path) exports the given record to a streamed-XML format which is more optimized for large records.
• ListToJSON(list) will convert the given list to JSON.
• DbfScript function GetTime(date) returns just the time portion of a date. SetMonth(date, month) sets the month of a date.
• The DbfScript function GetCTypeFields(typeName) returns field information about the given type.
• The DbfScript function SortEx(list, field1, ascDesc1, field2, ascDesc2, field3, ascDesc3) can sort a list by up to 3 fields, with ascDesc set to true to sort ascending, or false for descending.
• When specifying predicates in queries in DbfScript, you can now put a colon after a field name to 'tag' that field. All fields with the same tag name will be OR'd together, giving you more control over query groups. The same can be applied in security filters in permissions when specifying fields.
• The new function DbfScript str:StartsWith(string, term) will return true if string starts with 'term'.
• Two new functions in DbfScript GetAgentString() and GetBrowserReferrer() return the browser agent string and referrer respectively.
• Added some new image processing functions to DbfScript: image:ExtractImage(file, x1, y1, x2, y2) will extract the given rectangle of the image into a new image file. image:CropImage(file, width, height, center) crops the image and optionally centers it. image:CropToEdges(file) tries to find the edges of an interior image and crops to it. image:OverlayImages(file1, file2) will overlay the image in file2 onto file1 and return a new image file.
• In DbfScript you can now run "delete noevents at &path" to delete records without raising any events.
• In DbfScript you can now force a notification by using the function Notify(&path, #data, notificationName, message, optionalUserList).

Advanced

• You can now override the script that's run when the user requests that their password be reset in the login page. You can specify the script in the application's Advanced / System Events area. #input will be a record with EMail set, and the path will be the path to user.
• QuickReports can now have a Render Template and Render Script defined in a section that lets you override the HTML generated for the report, either in a script that will return a list of HTML strings, or a template that can have tilde-surrounded field names.
• The JSON API now allows you to run a task as well, with actionID of task.
• You can now specify a central error handling function in System Events (Application's Advanced section). All errors raised in the system will be sent through that script if it's enabled.
• When adding indexes to nested lists, you can now specify it's optimized for deep queries. This will ensure that any load with deep statements are run efficiently.