CIB seven 2.1.2 CE+ - Release Notes

Release Notes

Release Date: December 17, 2025

Highlights

  • Initial setup page for creating the first admin user when no users exist
  • Switch between legacy Quartz cron expressions and Spring 5.3 cron syntax
  • Direct filtering in task list by writing parameters in the URL
  • Enhanced security with resolved critical vulnerabilities
  • Improved component architecture with unified @cib/common-frontend interface

New Features

Initial Setup & User Management

  • Initial setup page appears when no users exist in the system
  • Backend support for creating initial admin user with admin rights
  • Setup restricted to internal user provider only
  • Automatic detection of missing authentication
  • Initial user creation only occurs if no admin group exists

Task Management

  • Direct filtering in task list by writing parameters in the URL

Cron Expression Migration

  • Support for migration of Quartz 2.5.0 cron expressions to Spring 5.3 syntax
  • Quartz syntax support with automatic patching warnings
  • Configurable cronType and supportLegacyQuartzSyntax parameters to switch between QUARTZ and SPRING53 syntax in run, Tomcat, and Wildfly cofiguration files
  • Default cronType is QUARTZ

User Experience Improvements

  • Helper text added to deployments search
  • Enhanced variable scope output in variables table
  • Removed old Camunda link when URL is not set

Bug Fixes

  • Fixed sub-process scope of variables not always being shown
  • Fixed authorization inconsistency in Tomcat distribution
  • Fixed ACCESS permissions for application
  • Resolved issues with checkCockpitRights method in REST services
  • Fixed multiple @cib/bootstrap-components embedding issue across stack of projects

Technical Updates

Dependency Updates

  • Update Spring Boot to 3.5.7
  • Update Logback to 1.2.13
  • Update Tomcat to 10.1.48
  • Update @cib/bootstrap-components to 1.0.2
  • Update @cib/common-frontend to 1.0.2
  • Update React from 19.1.0 to 19.1.2 in documentation generator

Resolved CVE Vulnerabilities

High Severity
  • CVE-2025-55182 - CVSS 10.0. Critical React vulnerability with maximum severity rating. Note: This React package is only used for documentation page generation and is not present in the production code of the CIB seven platform deployed at customer sites.
Medium Severity
  • One vulnerability resolved in documentation generator third-party dependencies
Low Severity
  • One vulnerability resolved in documentation generator third-party dependencies

Testing & Quality

  • Added mandatory no-duplicate-imports, no-var, and prefer-const ESLint rules
  • Enhanced package and utils tests
  • Resolved specific issues reported by SonarQube analysis
  • Consolidated type conversion tests for AddVariableModalUI
  • Improved test performance with parallel builds

Build & Configuration

  • Improved cib-bootstrap-components, cib-common-frontend and cibseven-components CI/CD pipelines
  • Added ability to deploy cibseven-sql-scripts artifact to Maven Central
  • Authorization check camunda.bpm.authorization.enabled defaulted as true in webclient-core
  • Cleaned up references to deprecated cib-common-components

On this Page: