6.30 release notes

May 30, 2023

This page describes release information for all Matrix 6.30 versions, including patch releases.

New features

The following new features were introduced in this Matrix release.

Update Squiz DXP Component asset types using Asset Management API CRUD methods

The Matrix Asset Management API now supports creating, reading, and updating the content of Component Service DXP Component asset types in Matrix instances.

Important updates

The following important updates were introduced in this Matrix release.

Render ?a= query parameters in frontends using the ?external-uuid= query parameter

The ?a= query parameter can be used as a direct object reference for asset IDs. In certain situations, it can brute force arbitrary asset contents in the frontend on form submissions if public view permissions are applied.

To protect direct object reference access to sensitive information, Matrix now renders frontend facing ?a= query parameters as a universally unique identifier (UUID) using the new ?external-uuid= query parameter.

The query parameter switch is managed automatically by Matrix. Matrix still supports ?a= usage to prevent breaking changes to customer implementations.

Align CDP Segmentation assets' interface in Matrix UI

The Segmentation codes field in the Segmentation user group asset interface was renamed Segment IDs to reflect the Customer Data Platform service terminology.

Bug fixes

The following bugs were resolved in this version of Matrix.

6.30.0

Metadata fields with numeric names cannot be edited (MATRIX-5437)

How metadata field assets were handled in the backend code caused type coercion when the asset name included a primitive type like integer. When a customer attempted to edit the metadata field value, it resulted in them seeing a 500 or critical error message in the UI and an error log A code change was made to prevent the asset field name from being handled as part of the primitive type. Metadata fields with a name that includes a primitive type can now be edited and saved.

Enabling SAML SP certificates causes ?showMetadata to produce a fatal error (MATRIX-5582)

Matrix attempted to use SimpleSAMLphp objects as arrays when service provider (SP) certificates were enabled. When SP certificates were available, the ?showMetadata endpoint would produce a fatal error. Matrix was adjusted to use SimpleSAMLphp correctly in this and future contexts, and tests were modified to validate that the showMetadata endpoint works with SP certificates if SimpleSAMLphp changes in the future.

Dynamic groups are lost when administrator mode is accessed (MATRIX-5591)

If a user logged in through the frontend, then accessed the Admin UI, any session-scoped group memberships added through triggers up to that point would be lost. The cache rebuild was removed from the method that gathered Admin UI feature restrictions. Group memberships dynamically allocated for a session (for example, by a trigger) now persist in admin mode.

HIPO process may time out when editing large numbers of schema assets (MATRIX-5594)

When a user selected Save after editing a large collection of schema assets, the HIPO window did not immediately appear. This delay caused users to believe the system was not processing the updates in the UI. The prepare steps identified as slow-running were moved to the processing phase, which shows the running HIPO job process more transparently. The HIPO screen now promptly appears when applying schema changes across several assets.

The backup.sh script does not preserve errors (MATRIX-5616)

The backup.sh script did not preserve exit statuses from tar and other utilities it called. If the backup.sh script was used in other scripts, failed backups might not be detected. When failures occur, the backup.sh script now uses bash error detection to pass more errors to the parent process. Backup failures now cause backup.sh to present a non-zero exit status, as other scripts would expect.