4.7.1 Release

Date: May 17th 2022, (Replaces 4.7 released Apr 7th 2022)

Hotfix ID: wff471


Installation instructions here

The 4.7 release contains some important security and performance fixes that we highly recommend installing. There are also important browser and device compatibility fixes, and several new features. 

The 4.7.1 release added some fixes for changes in 4.7 (relating to the calendar view), and includes aesthetic enhancements including animations for menus and pop-ups.


In Assignment Options, you can now specify a Notify Condition. This is a DbfScript expression that must evaluate to true for the assignment email to be sent out. This can be useful to suppress email notifications in certain circumstances where you know the user would not need to be notified of the assignment.

Fixed an issue where occasionally the workflow designer would not appear (due to a connection issue with Google's API).

Fixed some instances where default or unset values would still show in workflow emails, even with the Hide If Unset flag set. 

When enabling filter roles in Assignment Options (under Features), you now have the option of whether to apply that filter for administrator also. Previously admins would not have filters applied.

Change Management no longer requires the effective date to be entered on an update. It now presumes the change is dated the day of entry.

Change Management will now apply the same flags to fields in the Update form and Changes list that are on the main record.

Change Management now has a condition that lets you specify if approval will be required. If it evaluates to false, then the change will be applied without approval.

Search Engine

A new flag "Exclude from Find" can be added to a form, and the user will not be able to use the magnifying glass to search for items in that list.

Various fixes to the search engine, to:

  • Support stemmings on words (meaning: search for security, will also search for secure, securities etc.), 
  • Highlights the found words in the returned abstract
  • Prioritize titles. 

Fixed various issues with the Similar link in search results.

The search engine now treats hashags uniquely, so that you can search for a hashtag and it will find entries that have that hashtag rather than words without the hashtag prefix. You can use a double hashtag to avoid this functionality.

Search engine performance fix for situation where it would do extraneous processing for types that have search indexing disabled. Also where it would query additional records when a single record had been modified, causing a performance degradation.


Performance enhancements made to situations where a user may have hundreds or thousands of assignments. A more limited amount of data is now retrieved in this situation, and various indexes were fixed to accommodate the queries. 

Deep queries (which are expensive, from a performance perspective) are now always logged in the system log, to ensure the developer is aware of where/how often they are made for performance reasons.

Performance enhancements made for custom view processing, to avoid unnecessary DbfScript execution. 

Fixed some performance issues with View By filters (such as the Assigned XXX permission filters). This would cause a general slowness in the system when viewing records that make heavy use of View By entries.

Made a fix to web server responsiveness related to the system not closing connections early enough. 

When creating a custom view, there is now a Cache Condition that can be specified. If it evaluates to true, the result will always be cached rather than regenerated.


Important security fixes to SQL adapter for cases where SQL injection was possible. All queries properly parameterized, both for security and performance.

A new "Disallow Orphan Access" flag in Advanced tells the system to check that you have permission to access the parent (ancestor) records of any record, to ensure you are properly authorized. It also enforces visibility conditions as security.

A user record can now have a _Disabled field name added, and if this is set then WorkflowFirst will not allow that user to login, and will kick them off the system once the credentials are verified in the background if they are already logged in.

Fixed an issue where default roles were sometimes applied after user-selected roles. Now default roles are always applied first, letting user roles override them if necessary.

The DbfScript function LoadUrlLarge now always enforces TLS 1.2 for security reasons.

Fixes to the license verification to use a secure connection. This means you must open port 443 for access to workflowfirst.com if you have WorkflowFirst on premise.

The real-time pub sub API now throttles wait commands to stop excessive resource usage. It can only be requested once every 2 seconds max. 

If the Disallow Change Password option is set, it now hides the Forgotten Password link in the login screen.


Fixed an issue with visible conditions in Quick Reports, where an empty value was not considered zero. 

Increased the header size in Quick Report sections. 

We now support images inside tables in Quick Reports.

Quick Report line charts and bar charts now have a more reasonable font size. 

Report Subscriptions now honor the holiday schedule correctly.

API / Integration

The JSON API now allows you to request the fields __Title and it will always include the title field of the record. 

Fixed a spreadsheet import issue introduced in the last release. 

The meta API now lets you specify a type name to retrieve the type data for. Previously it would always return all types.

Fixes with authentication to support Office365 SSO (through Azure Active Directory).

Fixes made to uploading web data (in various places) to ensure that TLS 1.2 is selected prior to the upload, if the system doesn't use TLS 1.2 by default. 

Fixed multiple issues with importing XML that already has counter fields in it, to stop duplicates occurring or failing to import. 

User Interface

Forms now have a sticky OK and CANCEL button, such that it will always display at the footer of the window, even in long forms that require scrolling. This change was made to make longer forms with optional fields faster to fill in. 

A dynamic navigator has been added for every record view, allowing you to switch records by clicking the navigator (folder) icon at the end of the record title, showing a pop-up navigator. This navigator also allows you to run actions and navigate around the database through the pop-up window without having to switch screens, for easier accessibility. 

The top header of lists is now "sticky", in that it will stay showing at the top even when scrolled out of view.

The paging links at the bottom of links are now "sticky", they will stay showing at the bottom even if not in view. 

Tabs below a record are now loaded dynamically when they are clicked, rather than refreshing the whole page. 

General UI improvements in form buttons. 

The mobile view has been improved to increase the screen real-estate (usable area). 

Pop-up forms are now sized more appropriately on very high resolution displays. 

Improvements to the search UI. 

Fixed a bug where embedded form expanders were hidden if they were below a collapsible group. 

Fixed an issue where pressing CTRL+F5 on a webmode page would actually cause the page to fail to load.


When creating pre-defined filters, the values can now start with = to specify DbfScript expressions that determine the value to use for the filter.

Fixed an issue where a redirect in script that occurs when deleting the current record would not correctly redirect in all circumstances.

Fix to str:ToBase64 where certain UTF8 encodings would not work correctly.

New function str:CreateChecksumSimple(txt, outputSize) that takes given text and creates a checksum out of it (of the given size).

The DbfScript function MakeID now works even with non-ascii names, where it will synthesize an encoded ID instead.

New DbfScript function FileLinkWithHost, is the same as FileLink but includes the host name (domain name).

New DbfScript function CopyFieldsUntyped(source, destination) allows you to copy all the fields in a source record that has no type information (eg. created with NewRecord()).

A new DbfScript function FlattenNode(node, list, recursThrough) will search through the record, through recursThrough field, adding all the found nodes into one flat list.

The str:FindMentionsEx function now ignores double symbols (eg. @@ rather than @person).

GetCTypeFieldDetails now also returns the field position. 

Any errors with sending emails are now sent to the central error handler script (set in Advanced / System Events / Error Handler). 


Fixed an issue where deleting a record that has sub-records, but the user does not have permission to access the sub-records, would cause those records to remain in the system even though the parent record is deleted. In particular if the sub-records had assignments, those assignments would then become inaccessible to the user. Now, when records are deleted all sub-records are deleted even if the user has no access to those records.

A new setting in Advanced under a form called Extra Depth allows the form to have more than 25 levels deep.

Improved error messages for where sub-refs of predicates were mistyped. eg. /Users[Roles/RoleID=xxx], RoleID is a sub-ref.

We now retain files during a clipboard move, rather than downloading/uploading them, for memory usage purposes. 

When adding inherited types to a form, you can now specify whether it should just copy the fields, or copy the events also. 

Fixed a problem with overriding the DatabaseName in sqlserver.cfg.

Fixed an issue where certain queries run in the same session would occasionally fail with a SELECT error because of internal caching of the query plan.


Custom Views that start with an underscore will now be hidden from the user, allowing it to be used in special circumstances only through changing the URL. 

Limits are now enforced on log statements to ensure too much data isn't being logged at a time.

The diffing engine now better handles HTML diffs, ensuring the output text is legal HTML 

Fixed issues with email parsing where addresses would contain spaces 

A fix was made for pickup/drop (moving) data so it now checks if you are attempting to move data into itself, to stop an endless loop. 

Fixed the IP address reported for users when using WorkflowFirst Launcher instead of IIS. This previously contained port information when it shouldn't. 

Next Topic:
v4.2.0.956 (beta)
Up Since 5/21/2024 1:33:38 PM