Kofax MarkView 10.2.0 Fix Pack 5
Build Date: January 10, 2023
© 2023 Kofax. All rights reserved.
Use is subject to license terms.
Introduction
You can install Kofax MarkView 10.2.0.5 to resolve the issues listed below.
Note: Install Kofax MarkView 10.2.0.5 only after a full installation of Kofax MarkView 10.2.0 or on top of any previously installed 10.2.0 fix packs.
For a full product installation, see the Kofax MarkView Installation Guide.
List of Issues Resolved in This Fix Pack
1908989: In mv_document table and other related MarkView tables, document_id values were too large for the column
1901513: When using the latest version of Google Chrome and Microsoft Edge, the Viewer did not always show Quick Info
1837361: Parameter checking added to improve security
1837347: Verification of incoming HTTP request and cookies attribute added to improve security
List of Issues Resolved in Previous Fix Packs
Issues Resolved in Fix Pack 4
1837338: Security Issue: Reflected cross-site scripting (High)
1837327: Security Issue: Blind SQL injection (High)
Issues Resolved in Fix Pack 3
1775786: Viewer does not display all layers of certain PDF files ingested through Import Server
1734105: AUSS experiencing major performance issues with synchronization
1734089: After applying Oracle patch for Log4j vulnerability, MarkView is negatively impacting core Oracle functionality
1700396: Errors When Approving An Invoice Via MarkView Mobile Link
1698723: 500 Internal Server error trying to update or create user record (Also typo 'comor' is being added to url in referrer)
1617511: After setting the preference MVERP_DFM_DEFAULT_AMOUNT to FALSE you can no longer add lines in the viewer
1599476: JBoss failing to start deployments after 10.1.0.3 is applied in SAML environment
1564109: Encountering an issue when coding an invoice with NON billable project coding
1515464: Need to convert the "mvap_ipa_pkg.RefreshPOTables" dbms job to Scheduler job
1447254: The wrong time is saved in the Date of Expenditure field
Issues Resolved in Fix Pack 2
1632114: Customer would like to have an option for MarkView Viewer to disable the delete (and edit) for distribution lines
1604453: Security Assessment - Cross-Site Request Forgery (527036)
1604447: Security Assessment - Privilege Escalation (527133, 527134)
1604440: Security Assessment - Privilege Escalation - Prev Entered Working Folder (527132)
1604438: Security Assessment - Cross-Site Scripting (XSS): Persistent (527049)
1589960: Markup Viewer Tool/Action Icons not displayed in the Viewer
1588877: Enhancement Request to add TLS 1.2 Support for Mail Gateway
1587250: MarkView Workflow Exception: The page needs to be refreshed because user updated the page error caused by mv_document.creation_timestamp updated to batch creation local time
1586839: When adding project details for an invoice line in MarkView, the ap_invoice_distributions_all.PA_ADDITION_FLAG flag in Oracle is not set correctly
1585959: End Users Who Click in Exp Type field without first entering a value in Project field cause a blind query
1584334: Import Server fails to import PDFs with embedded images or signed with Docusign
1583436: MarkView 10.2.0.2 Fix Pack Installer includes an option to select "Install Wildfly"
1580973: Auto escalations not working due to error ORA-01722: invalid number
1580935: User who is not owner experiences long delays opening document in viewer when workitem has had many actions / transitions
1580912: Accounting content does not load after deleting the line
1573032: Double copying occurs when multiple lines are selected using only the left mouse button held down
Issues Resolved in Fix Pack 1
1567860: Account coding - could not code using project details in MarkView Viewer
1567232: Added aliases were not displayed in the table in the Configure Accounting Aliases window
1559632: C&O: Support for RDBMS 19c (19.3) and Windows 2019 was to be added
1559297: The dependency on Oracle Java Advanced Imaging (JAI) was eliminated
1556527: Upgrading to MarkView 10.2 in an environment without Document Library resulted in broken packages MV_ADMIN_EXP_SERVER and MV_ADMIN_EXP_QUEUE
1554640: The httpclient library included vulnerabilities
1553594: Opening MV Home in the Chrome browser caused an error due to unacceptable characters in the input
1553592: GL Accounts could not be ordered by frequently or recently used
1547577: R12 Tax Field - MV Tax Regime LOV values were not similar to Oracle LOV values
1545503: When a user had an alternate user and then their work items were reassigned to a third user, that user could not save accounting line data after editing
1540323: MarkView users could not copy information from tables in Viewer
1538782: KTM Validation screen 'Match Receipt Lines' was showing the Fully Invoiced Releases
1538778: KTM Validation screen 'Match Receipt Lines' was showing 'CLOSED' releases
1538736: Invoices with 'Misc Costs' in their amount after the queue 'Waiting for Interface Processing' got stuck in 'Interface Processing Error'
1530143: AUSS was running slowly
1530138: An error handling vulnerability was detected
1530135: The jQuery library included vulnerabilities
1530087: Support for SAML using SHA256 was to be added
1530084: Users with the LOCALE_de group assigned could not assign an alternate user
1530080: When entering an OU into the invoice workbench in R12, after clicking Get Next an error was thrown
1530077: Oracle user names (USER_ID) longer than 30 characters resulted in error when opening the SFXRTINV form in Oracle Apps as that user
1530074: Oracle user names (USER_ID) longer than 30 characters resulted in error when opening the SFXPNDQS form in Oracle Apps as that user
1530071: Oracle user names (USER_ID) longer than 30 characters resulted in error when opening the Workflow Role Select form in Oracle Apps as that user
1530068: Oracle user names (USER_ID) longer than 30 characters resulted in error when opening the SFXWKFDR form in Oracle Apps as that user
1524675: Barcode Server and Mail Gateway did not support ODAC 19
1488665: The bcprov-ext-jdk15on library included vulnerabilities
1488622: The log4net library included vulnerabilities
Applies To
This fix pack is based on Kofax MarkView for Accounts Payable 10.2.0.
Only apply this fix pack to the MarkView 10.2.0 application server; do not run the fix pack installer on a MarkView Oracle Objects installation or on a Kofax Capture Output installation.
Verify that the version of all installed MarkView components (such as Self-Service Invoices, Document Library, Expenses) is 10.2.0.
For information about system requirements, see the Kofax MarkView 10.2.0 Planning Guide and the Technical Specifications document on the Kofax MarkView Product Documentation website.
Applying this fix pack multiple times on the same system causes no harm. Also, fix packs are cumulative for a release, so Kofax expects you to apply the latest fix pack on top of any previously installed 10.2.0 fix packs.
This fix pack includes files that are staged on the application server and that require manual steps, which are included in the sections that follow.
Files Included
This fix pack includes the following files:
File name | Version |
---|---|
KofaxMarkView-10.2.0.5.zip | 10.2.0.5 |
ReadMe-KofaxMarkView-10.2.0.5.htm | 10.2.0.5 |
Install This Fix Pack
Use the following procedures to install the fix pack.
MarkView Application Server Installation (includes Database Components)
Only apply this fix pack to the MarkView 10.2.0 application server.
Before starting the following procedure, read this entire ReadMe file.
Silent Installation Preparation
If you used the silent installation method to install MarkView 10.2.0 and you plan to use the same method to install the fix pack, do the following:
Go to the distribution > conf folder.
Open the preliminary_interview.properties file.
Complete the properties file information, but leave the SelectedProducts.selected_products parameter blank.
Run the generateInterviewTemplate script to create or update the installer_interview.properties file.
Open the installer_interview.properties file.
Complete the properties file information according to the Kofax MarkView 10.2.0 Upgrade Guide.
Apply the Fix
Log in to the application server as the user who installed MarkView 10.2.0.
Ensure that the environment variables required for installing MarkView 10.2.0 are defined.
See the Kofax MarkView 10.2.0 Upgrade Guide for information about setting environment variables and about settings required to run the installer.Locate the base MarkView directory where MarkView is installed. Use this pathname when prompted for the "Install Directory" during installation.
The base MarkView install directory includes the following files:- target_registry.properties
- thirdparty.txt
Extract the KofaxMarkView-10.2.0.5.zip file into a new directory on the application server where MarkView 10.2.0 is installed.
Verify that the system is quiet to ensure that the data remains synchronized.
Log in to an SQL*Plus command window as the MarkView schema user.
Stop the currently running database user jobs by executing the breakDBJobs.sql script, which is included in the following MarkView 10.2.0 installation distribution directory:
<MARKVIEW-10.2.0-INSTALLER>/modules/installer-dist-10.2.0/installer-db
where <MARKVIEW-10.2.0-INSTALLER> is the base directory of the MarkView 10.2.0 installation distribution.To run the installer, invoke the installation script in the bin directory of the fix pack distribution (install.bat|sh or install_silent.bat|sh).
See the Kofax MarkView 10.2 Upgrade Guide for information about running the installer.
The installer shows a list of all 10.2.0 fixes in the fix pack.Provide answers to any unspecified values in the installer windows.
Use values that match those provided during version 10.2.0 installation.
(If available, use the installation worksheet that was completed for MarkView 10.2.0.)
Note: Install the fix pack in the same target directory specified for the MarkView 10.2.0 installation.
If you run the installer and see pre-populated information for the wrong environment, such as production URLs when running against a non-production environment, update the fields manually in the installation window.
If you install this fix pack on WildFly, do one of the following:
For standalone mode:
In the Enter App Server information for MarkView applications, leave the Domain field blank.For domain mode:
In the Enter App Server information for MarkView applications, enter your domain name in the Domain field.
When the installation is completed, follow any on-screen instructions that appear in the installation summary window.
Restart the application server.
To ensure that all database objects are compiled successfully, follow the instructions in "Check for Invalid Packages" in the Kofax MarkView 10.2 Upgrade Guide.
Log in to an SQL*Plus command window as the MarkView schema user.
Start database user jobs by executing the startDBJobs.sql script found in the following MarkView 10.2.0 installation distribution directory:
<MARKVIEW-10.2.0-INSTALLER>/modules/installer-dist-10.2.0/installer-db
where <MARKVIEW-10.2.0-INSTALLER> is the base directory of the MarkView 10.2.0 installation distribution.
In a clustered environment, point to one server, then propagate to other nodes in the cluster using the appropriate process for your application server.If you plan to install the Import Server or you have Import Server 10.2, verify that you clear the Verify Upload option on the Import tab of the MarkView Import Server Preferences window.
Capture and Output components for MarkView 10.2.0
The following Capture and Output components for MarkView were updated as part of 10.2.0.2 Fix Pack.
Skip configuring these components if you have them set up during MarkView 10.2.0 Fix Pack 2 installation:
MarkView Import Server:
To install or upgrade the MarkView Import Server, run the msi file from:
<MARKVIEW-INSTALL-DIR>/misc/10.2.0/MVImport/MVImport.Installer.msi
Configure MarkView Import Server on a machine with KTM installed.MarkView Mail Gateway:
To install or upgrade the MarkView Mail Gateway, run the msi file from:
<MARKVIEW-INSTALL-DIR>/misc/10.2.0/MailService/sfMailService.Installer.msi
Configure MarkView Mail Gateway on a machine with KTM installed.
Skip this procedure if you have MarkView 10.2.0 Fix Pack 1 installed.
Perform the following steps to provide the required support only for the scenario where Capture and Output components for Kofax MarkView work with RDBMS 19c and at the same time run on Windows Server 2019:
Install the ODAC1931_x64;
Install the Oracle Database 19c Client (19.3) for Microsoft Windows (32-bit):
Run the installer.
Select the Custom installation type.
On the Available Product Components page, select the following components:
Oracle ODBC Driver
Oracle Provider for OLE DB
Oracle Data Provider for .NETInstall the product.
Register the Oracle.DataAccess.dll in the GAC by running the following commands in the CMD (use 32-bit CMD):
cd <Oracle Database 19c Client (32-bit) installation directory>\odp.net\bin\4
OraProvCfg.exe /action:ungac /providerpath:<Oracle Database 19c Client (32-bit) installation directory>\odp.net\bin\4\Oracle.DataAccess.dll
OraProvCfg.exe /action:ungac /providerpath:<Oracle Database 19c Client (32-bit) installation directory>\odp.net\PublisherPolicy\4\Policy.4.112.Oracle.DataAccess.dll
OraProvCfg.exe /action:ungac /providerpath:<Oracle Database 19c Client (32-bit) installation directory>\odp.net\PublisherPolicy\4\Policy.4.121.Oracle.DataAccess.dll
cd <Oracle Database 19c Client (32-bit) installation directory>\odp.net\bin\4
OraProvCfg.exe /action:gac /providerpath:<Oracle Database 19c Client (32-bit) installation directory>\odp.net\bin\4\Oracle.DataAccess.dll
OraProvCfg.exe /action:gac /providerpath:<Oracle Database 19c Client (32-bit) installation directory>\odp.net\PublisherPolicy\4\Policy.4.112.Oracle.DataAccess.dll
OraProvCfg.exe /action:gac /providerpath:<Oracle Database 19c Client (32-bit) installation directory>\odp.net\PublisherPolicy\4\Policy.4.121.Oracle.DataAccess.dll
cd <Oracle Database 19c Client (32-bit) installation directory>\odp.net\bin\2.x
OraProvCfg.exe /action:ungac /providerpath:<Oracle Database 19c Client (32-bit) installation directory>\odp.net\bin\2.x\Oracle.DataAccess.dll
OraProvCfg.exe /action:ungac /providerpath:<Oracle Database 19c Client (32-bit) installation directory>\odp.net\PublisherPolicy\2.x\Policy.2.102.Oracle.DataAccess.dll
OraProvCfg.exe /action:ungac /providerpath:<Oracle Database 19c Client (32-bit) installation directory>\odp.net\PublisherPolicy\2.x\Policy.2.111.Oracle.DataAccess.dll
OraProvCfg.exe /action:ungac /providerpath:<Oracle Database 19c Client (32-bit) installation directory>\odp.net\PublisherPolicy\2.x\Policy.2.112.Oracle.DataAccess.dll
OraProvCfg.exe /action:ungac /providerpath:<Oracle Database 19c Client (32-bit) installation directory>\odp.net\PublisherPolicy\2.x\Policy.2.121.Oracle.DataAccess.dll
cd <Oracle Database 19c Client (32-bit) installation directory>\odp.net\bin\2.x
OraProvCfg.exe /action:gac /providerpath:<Oracle Database 19c Client (32-bit) installation directory>\odp.net\bin\2.x\Oracle.DataAccess.dll
OraProvCfg.exe /action:gac /providerpath:<Oracle Database 19c Client (32-bit) installation directory>\odp.net\PublisherPolicy\2.x\Policy.2.102.Oracle.DataAccess.dll
OraProvCfg.exe /action:gac /providerpath:<Oracle Database 19c Client (32-bit) installation directory>\odp.net\PublisherPolicy\2.x\Policy.2.111.Oracle.DataAccess.dll
OraProvCfg.exe /action:gac /providerpath:<Oracle Database 19c Client (32-bit) installation directory>\odp.net\PublisherPolicy\2.x\Policy.2.112.Oracle.DataAccess.dll
OraProvCfg.exe /action:gac /providerpath:<Oracle Database 19c Client (32-bit) installation directory>\odp.net\PublisherPolicy\2.x\Policy.2.121.Oracle.DataAccess.dll- To install or upgrade MarkView Bar Code Server, run the msi file from:
<MARKVIEW-INSTALL-DIR</misc/10.2.0/FIX14539/MVBarcodeServer.Installer.msi
Configure MarkView BarCode Server on a machine with KTM installed.
MarkView Post-Installation Steps
Oracle Forms Integration
Apply FIX18102
Starting from version 10.2.0.5, the fix pack contains FIX18102 for the folowing bug:
Bug 1908989: In mv_document table and other related MarkView tables, document_id values are too large for the column
If you already applied this fix, skip the steps.
To apply FIX18102:
Log in to the operating system where the Oracle ERP server is installed as the owner of the Oracle ERP system.
Copy the MVOAUTIL.pll file from:
<MARKVIEW-INSTALL-DIR>/misc/10.2.0/FIX18102
To:
$c_MARKVIEW_TOP/MVOA/6.1.0.0/libraries
where <MARKVIEW-INSTALL-DIR> is the base directory where MarkView is installed.Back up the previous version of $c_MARKVIEW_TOP/MVOA/<version_number>/libraries/MVOAUTIL.plx.
Compile MVOAUTIL.pll into MVOAUTIL.plx using your valid connection string value:
frmcmp userid=apps/apps-pw@connectstring module=$c_MARKVIEW_TOP/MVOA/<version_number>/libraries/MVOAUTIL.pll module_type=LIBRARY compile_all=YES
Note: If you copy and paste from this file, remove any line breaks.Back up the previous version of $AU_TOP/resource/MVOAUTIL.plx.
Copy the MVOAUTIL.plx file from:
$c_MARKVIEW_TOP/MVOA/<version_number>/libraries
To:
$AU_TOP/resource
Apply FIX16695
Starting from version 10.2.0.3 the fix pack contains FIX16695 for the following bug:
Bug 1734089: After applying Oracle patch for Log4j vulnerability, MarkView is negatively impacting core Oracle functionality
If you already applied this fix, skip the steps.
To apply FIX16695:
Log in to the operating system where the Oracle ERP server is installed as the owner of the Oracle ERP system.
Change the directory to <MARKVIEW-INSTALL-DIR>/misc/10.2.0/FIX16695:
cd <MARKVIEW-INSTALL-DIR>/misc/10.2.0/FIX16695
where <MARKVIEW-INSTALL-DIR> is the base directory where MarkView is installed.Extract the files from mvoa_patch.zip archive into $JAVA_TOP directory:
unzip -o -d $JAVA_TOP mvoa_patch.zip
Change the directory to $JAVA_TOP:
cd $JAVA_TOP
Optionally, remove log4j classes from $JAVA_TOP if they exist:
rm -f log4j.jar log4j.properties
rm -rf org/apache/log4j
rmdir --ignore-fail-on-non-empty org/apache orgFor Oracle EBS 12.2.x only:
Back up the previous version of $JAVA_TOP/customall.jar file.
Run adcgnjar utility to recreate and sign $JAVA_TOP/customall.jar file:
adcgnjar
(Enter APPS schema name and password when prompted.)
Restart the Oracle ERP system.
Apply FIX12715
Starting from version 10.2.0.1, the fix pack contains FIX12715 for the following bugs:
Bug 1530068: Update SFXWKFDR form to allow for longer user names
Bug 1530071: 170 Workflow Role Select form no data found error is raised when opening if user name greater than 30 characters
Bug 1530074: Update SFXPNDQS form to allow for longer user names
Bug 1530077: Update SFXRTINV form to allow for longer user names
If you do not experience any of these issues or if you already applied this fix, skip
the steps. You may skip the steps for any form which you do not use.
To apply FIX12715:
Log in to the operating system where the Oracle ERP server is installed as the owner of the Oracle ERP system.
Copy SFXWKFDR.fmb, SFXURSEL.fmb, SFXPNDQS.fmb, SFXRTINV.fmb files from:
<MARKVIEW-INSTALL-DIR>/misc/10.2.0/FIX12715
To:
$c_MARKVIEW_TOP/MVOA/6.1.0.0/forms
where <MARKVIEW-INSTALL-DIR> is the base directory where MarkView is installed.Back up the previous versions of $c_MARKVIEW_TOP/MVOA/6.1.0.0/forms/*.fmx files.
Important: Add the AU_TOP/forms/US path to the FORMS_PATH variable:
FORMS_PATH=$FORMS_PATH:$AU_TOP/forms/US
Note: If you skip this step, the forms may be still successfully compiled but they may not work correctly.Compile SFXWKFDR.fmb into SFXWKFDR.fmx using your valid connection string value:
frmcmp userid=apps/apps-pw@connectstring module=$c_MARKVIEW_TOP/MVOA/6.1.0.0/forms/SFXWKFDR.fmb module_type=FORM compile_all=YES
Note: If you copy and paste from this file, remove any line breaks.Compile SFXURSEL.fmb into SFXURSEL.fmx using your valid connection string value:
frmcmp userid=apps/apps-pw@connectstring module=$c_MARKVIEW_TOP/MVOA/6.1.0.0/forms/SFXURSEL.fmb module_type=FORM compile_all=YES
Note: If you copy and paste from this file, remove any line breaks.Compile SFXPNDQS.fmb into SFXPNDQS.fmx using your valid connection string value:
frmcmp userid=apps/apps-pw@connectstring module=$c_MARKVIEW_TOP/MVOA/6.1.0.0/forms/SFXPNDQS.fmb module_type=FORM compile_all=YES
Note: If you copy and paste from this file, remove any line breaks.Compile SFXRTINV.fmb into SFXRTINV.fmx using your valid connection string value:
frmcmp userid=apps/apps-pw@connectstring module=$c_MARKVIEW_TOP/MVOA/6.1.0.0/forms/SFXRTINV.fmb module_type=FORM compile_all=YES
Note: If you copy and paste from this file, remove any line breaks.Back up the previous versions of $c_MARKVIEW_TOP/forms/US/*.fmx files.
Copy the compiled SFXWKFDR.fmx, SFXURSEL.fmx, SFXPNDQS.fmx, SFXRTINV.fmx forms from:
$c_MARKVIEW_TOP/MVOA/6.1.0.0/forms
To:
$c_MARKVIEW_TOP/forms/US
Apply FIX8627
Starting from version 10.2.0.1, the fix pack contains FIX8627 for the following bug:
Bug 1530080: Connector invoices and MOAC responsibility - When entering an OU into the invoice workbench in R12
and then clicking Get Next, an error message pops up saying 'FRM-402020: Field must be entered'
If you do not experience the same issue or if you already applied this fix, skip the steps.
To apply FIX8627:
Log in to the operating system where the Oracle ERP server is installed as the owner of the Oracle ERP system.
Copy the MVOAUTIL.pll file from:
<MARKVIEW-INSTALL-DIR>/misc/10.2.0/FIX8627
To:
$c_MARKVIEW_TOP/MVOA/6.1.0.0/libraries
where <MARKVIEW-INSTALL-DIR> is the base directory where MarkView is installed.Back up the previous version of $c_MARKVIEW_TOP/MVOA/6.1.0.0/libraries/MVOAUTIL.plx.
Compile MVOAUTIL.pll into MVOAUTIL.plx using your valid connection string value:
frmcmp userid=apps/apps-pw@connectstring module=$c_MARKVIEW_TOP/MVOA/6.1.0.0/libraries/MVOAUTIL.pll module_type=LIBRARY compile_all=YES
Note: If you copy and paste from this file, remove any line breaks.Back up the previous version of $AU_TOP/resource/MVOAUTIL.plx.
Copy the MVOAUTIL.plx file from:
$c_MARKVIEW_TOP/MVOA/6.1.0.0/libraries
To:
$AU_TOP/resource
WildFly and FileNet Only
If you are installing this fix pack on a WebLogic Application Server, or if you do not use the FileNet server, skip this section.
If you are installing this fix pack on a WildFly Application Server and you use the FileNet server, perform the following post-installation steps:
Back up $JBOSS_HOME/standalone/configuration/standalone.xml.
Open $JBOSS_HOME/standalone/configuration/standalone.xml and locate the following tag:
<subsystem xmlns="urn:jboss:domain:security:1.2">
-
Within
<subsystem xmlns="urn:jboss:domain:security:1.2">
, locate the<security-domains>
tag and add the following strings:<security-domain name="FileNetP8WSI" cache-type="default">
<authentication>
<login-module code="com.filenet.api.util.WSILoginModule" flag="required"/>
</authentication>
</security-domain> Save the file and restart the WildFly Application Server.
Issues Resolved in This Fix Pack
FIX18102 addresses COD18102
Bug 1908989: In mv_document table and other related MarkView tables, document_id values were too large for the column
Summary of changes: Changed type for some fields from NUMBER(8) to NUMBER(11).
Impact of changes: No additional impact.
Patch testing: It has been verified by modifying document ID with valid and invalid values.
FIX17893 addresses COD17893
Bug 1901513: When using the latest version of Google Chrome and Microsoft Edge, the Viewer did not always show Quick Info
Summary of changes: When using the latest version of Google Chrome and Microsoft Edge, the Viewer now always shows Quick Info.
Impact of changes: No additional impact.
Patch testing: It has been verified by opening, reloading, refreshing and redirecting to the Quick Info section in different browsers.
FIX17824 addresses COD17824
Bug 1837361: Parameter checking added to improve security
Summary of changes: Added checking of incoming request parameters.
Impact of changes: No additional impact.
Patch testing: It has been verified by sending valid and invalid request input values. All invalid input values are filtered out.
FIX17822 addresses COD17822
Bug 1837347: Verification of incoming HTTP request and cookies attribute added to improve security
Summary of changes: Added verification of incoming HTTP request for validity Origin and Referer headers. Added SameSite cookies attribute for MarkViewCookie.
Impact of changes: No additional impact.
Patch testing: It has been verified by using links in mails from external mailboxess and buttons from Oracle EBS to MarkView.
Issues Resolved in Previous Fix Packs
Issues Resolved in Fix Pack 4
FIX17821 addresses COD17821
Bug 1837338: Security Issue: Reflected cross-site scripting (High)
Summary of changes: The second parameter is forced to be validated by checking against the whitelist of the supported rule names. Now it is impossible to enter a JS snippet to build it into the response page and pass it over to the user. If the ruleName parameter shows up with an invalid value, an error page opens.
Impact of changes: No additional impact.
Patch testing: It has been verified that it is impossible to enter a JavaScript snippet to build it into the response page and pass it over to the user.
FIX17820 addresses COD17820
Bug 1837327: Security Issue: Blind SQL injection (High)
Summary of changes: As per the security recommendations, the input is validated and all invalid request input values are filtered out and not used in the underlying SQL queries.
Impact of changes: No additional impact.
Patch testing: It has been verified that all invalid request input values are filtered out and not used in the underlying SQL queries.
Issues Resolved in Fix Pack 3
FIX16837 addresses COD16837: "mvap_ipa_pkg.RefreshPOTables" dbms job converted to Scheduler job
Bug 1515464: Need to convert the "mvap_ipa_pkg.RefreshPOTables" dbms job to Scheduler job
Summary of changes: Changed the job creation script.
Impact of changes: No additional impact.
Patch testing: MVAP_REFRESH_IPA_PO_TABLES_JOB is present in Scheduler > Jobs and absent in Scheduler > DBMS jobs.
If the MVAP_APA_ENABLE_INTEGRATION preference is set to false, the MVAP_IPA_PO_HEADER and MVAP_IPA_PO_LINES tables are empty.
If the MVAP_APA_ENABLE_INTEGRATION preference is set to true, the MVAP_IPA_PO_HEADER and MVAP_IPA_PO_LINES tables are filled in with data.
FIX16695 addresses COD16695: MarkView classes in EBS JAVA_TOP do not directly depend on log4j library
Bug 1734089: After applying Oracle patch for Log4j vulnerability, MarkView is negatively impacting core Oracle functionality
Summary of changes: Changed MVFrameworkUtils.class and added Logger.class not to directly depend on the log4j library.
Impact of changes: No additional impact.
Patch testing: The impacted Oracle pages (Suppliers, Expenses) are opened without errors even if log4j classes are not on the EBS class path.
FIX16614 addresses COD16614: AUSS synchronization performance was improved
Bug 1734105: AUSS experiencing major performance issues with synchronization
Summary of changes: Updated several sql requests that impacted AUSS synchronization performance.
Impact of changes: No additional impact.
Patch testing: The AUSS synchronization (including first-time sync, all SS groups sync, force full sync, and one user sync) now takes much less time than earlier.
FIX16421 addresses COD16421: No errors when approving an invoice via MarkView Mobile link
Bug 1700396: Errors When Approving An Invoice Via MarkView Mobile Link
Summary of changes: Clearing messages at the end of the session.
Impact of changes: No additional impact.
Patch testing: No errors occur when approving an invoice via MarkView Mobile link.
FIX16326 addresses COD16326: Viewer displays all layers of certain PDF files ingested via Import Server
Bug 1775786: Viewer Does Not Display All Layers of Certain PDF Files Ingested via Import Server
Summary of changes: Added library for processing images with the JBIG compression.
Impact of changes: No additional impact.
Patch testing: Attached PDF files ingested via Import Server render correctly in MarkView.
Also, the regression testing was performed: TIFF and PDF files ingested via Import Server render correctly in MarkView.
FIX16125 addresses COD16125: Date of Expenditure now uses the UTC time
Bug 1447254: The wrong time is saved in the Date of Expenditure field
Summary of changes: Date of Expenditure is transformed from local time to the UTC format.
Impact of changes: No additional impact.
Patch testing:
- Lines are added/edited/deleted and saved correctly without Date of Expenditure (when project fields are absent).
- Date of Expenditure is added/edited/deleted and saved correctly and Ńorresponds to the value in Oracle.
The Line and Date of Expenditure behavior in Markview 10.2.0.5 is the same as in Markview 10.0.0.8.
FIX15464 addresses COD15464: Unexpected server error on User Profile update was resolved
Bug 1698723: 500 Internal Server error trying to update or create user record (Also typo 'comor' is being added to url in referrer)
Summary of changes: Added new filter to verify Origin/Referer http headers for the configured request. The previous fix for Bug 1501730 was removed as it was incorrect and caused a lot of issues.
Impact of changes: No additional impact.
Patch testing: A user can be created/deleted and the User Profile settings can be changed/saved on all supported browsers without any issues (FireFox 97.0, IE11, Google Chrome 98.0.4758.102).
FIX151255 addresses COD15255: It is possible to add lines if the preference MVERP_DFM_DEFAULT_AMOUNT is set to FALSE
Bug 1617511: After setting the preference MVERP_DFM_DEFAULT_AMOUNT to FALSE you can no longer add lines in the viewer
Summary of changes: If default amount settings are not set, the default amount is 0, not undefined.
Impact of changes: No additional impact.
Patch testing: Now a user can successfully add lines in MarkView Viewer when the preference MVERP_DFM_DEFAULT_AMOUNT is set to FALSE.
FIX14859 addresses COD14859: Specifying the dependency for core-apps.ear (JBoss)
Bug 1599476: JBoss failing to start deployments after 10.1.0.3 is applied in SAML environment
Summary of changes: Adding jboss-all.xml with the dependency on core-apps.ear/META_INF.
Impact of changes: No additional impact.
Patch testing: No errors occur after restarting Jboss EAP7.2 several times. Also, META-INF/jboss-all.xml exists in /projects/mvhome/markview/applications/core-apps.ear with the following contents:
<jboss xmlns="urn:jboss:1.0">
<jboss-deployment-dependencies xmlns="urn:jboss:deployment-dependencies:1.0">
<dependency name="frameworks.ear" />
</jboss-deployment-dependencies>
</jboss>
FIX14578 addresses FIX14578: Passing Distribution Flexfield data to the procedure that derives Invoice Account for Project data
Bug 1564109: Encountering an issue when coding an invoice with NON billable project coding
Summary of changes: Passed Distribution Flexfield data into the Oracle pa_acc_gen_wf_pkg.ap_inv_generate_account.
Impact of changes: No additional impact.
Patch testing: Checked the proposed scenario and related areas.
Issues Resolved in Fix Pack 2
FIX15259 addresses COD15259: Customer has an option for MarkView Viewer to disable Delete and Edit for distribution lines
Bug 1632114: Customer would like to have an option for MarkView Viewer to disable the delete (and edit) for distribution lines
Summary of changes: A new preference VIEWER_DISABLE_DISTRIBUTION_ACTION was added. If the preference is set to TRUE, then edit, delete, and copy actions will be disabled for distributions in MarkView Viewer.
Impact of changes: No additional impact.
Patch testing: When the MarkView preference is set to TRUE on the system or user level, then Delete, Edit, and Copy buttons are disabled for distribution lines.
FIX15113 addresses COD15113: Several security vulnerability issues are resolved
Bug 1604438: Security Assessment - Cross-Site Scripting (XSS): Persistent (527049)
Bug 1604440: Security Assessment - Privilege Escalation - Prev Entered Working Folder (527132)
Bug 1604447: Security Assessment - Privilege Escalation (527133, 527134)
Bug 1604453: Security Assessment - Cross Site Request Forgery (527036)
Summary of changes:
- A prevention mechanism is added to avoid malicious submission of the Unassign Alternate User form.
- Verification of the user privileges is added for the Previously Entered Invoices page.
- The 'IsAuthorized' flag is reset to FALSE in the GET_SECURITY joint points for APINVOICE and MVAP_RPT_SUPPLIER_WO_ATTACH inquires to disable access to these inquires for users who are not allowed to have the respective menu items.
- Ensured that encoding of AUSS field values is not interpreted by the Sencha framework as part of the HTML code.
Impact of changes: No additional impact.
Patch testing: The following features have been verified:
- A session-unique identifier was added to the unassign alternate user request to prevent cross-site request forgery.
- Users not assigned to the MODULE ADMINISTRATOR, WEB INQUIRY, INTERACTIVE QUERIES, or MARKVIEW WEB ADMINISTRATOR groups have no access to the "AP Invoices" and "Suppliers with no MarkView Attachment During the Specified Period" inquires.
- Users not included in the MODULE ADMINISTRATOR or PREVIOUSLY ENTERED INVOICES groups cannot open Previously Entered Working Folder.
- HTML encoding is enabled on AUSS pages to avoid a potential user input execution.
FIX14860 addresses COD14860: Markup Viewer Tool/Action icons are displayed in the Viewer
Bug 1589960: Markup Viewer Tool/Action Icons not displayed in the Viewer
Summary of changes: Now the Viewer model includes base64 encoded EOT Kofax-Action-Icons font.
Impact of changes: No additional impact.
Patch testing: All icons are successfully displayed in MarkView Viewer when using a newly added font file
with the Internet Explorer 11 browser.
Regression testing was performed for the Google Chrome and Microsoft Edge browsers.
FIX14857 addresses COD14857: PLSQL code does not update the creation_timestamp value in the mv_document table after it was initially set
Bug 1587250: The page needs to be refreshed because user updated the page error caused by mv_document.creation_timestamp updated to batch creation local time
Summary of changes: PLSQL code does not update the creation_timestamp value in the mv_document table after it was initially set.
Impact of changes: No additional impact.
Patch testing: Batch creation local time no longer updates the document creation timestamp.
FIX14849 addresses COD14849: When adding project details for an invoice line in MarkView, the ap_invoice_distributions_all.PA_ADDITION_FLAG flag in Oracle is set correctly
Bug 1586839: When adding project details for an invoice line in MarkView, the ap_invoice_distributions_all.PA_ADDITION_FLAG flag in Oracle is not set correctly
Summary of changes: "pa_addition_flag" is set to the correct value in the MarkView code.
Impact of changes: No additional impact.
Patch testing: The ap_invoice_distributions_all.PA_ADDITION_FLAG flag in Oracle is now set correctly when a user adds project details for an invoice line in MarkView.
FIX14841 addresses COD14841: Unnecessary Project blind queries on requesting ACD Project fields are eliminated
Bug 1585959: End Users Who Click in Exp Type field without first entering a value in Project field cause a blind query
Summary of changes: Unnecessary Project blind queries upon requesting ACD Project fields were eliminated.
Impact of changes: No additional impact.
Patch testing: No blind query is sent when a user clicks other project fields without filling in the "Project" field first.
FIX14823 addresses COD14823: The Import Server successfully imports PDF files with embedded images or signed with Docusign
Bug 1584334: Import Server fails to import PDFs with embedded images or signed with Docusign
Summary of changes: Implemented a repair for PDF files with errors.
Impact of changes: No additional impact.
Patch testing: The Import Server successfully imports PDF files from the customer.
Regression testing of the Import Server was also provided.
FIX14736 addresses COD14736: Auto escalations work under all conditions
Bug 1580973: Auto escalations not working due to error ORA-01722: invalid number
Summary of changes: Query predicate is updated to use to_char instead of problematic to_number.
Impact of changes: No additional impact.
Patch testing: No errors occur after running automatic escalations.
FIX14563 addresses COD14563: Some document loading delay is eliminated
Bug 1580935: User who is not owner experiences long delays opening document in viewer when workitem has had many actions / transitions
Summary of changes: Improved the performance of an SQL request for calculating document tools rights.
Impact of changes: No additional impact.
Patch testing: No performance problems occur when a user who is not an owner opens a document with numerous actions.
FIX13443 addresses COD13443: TLS 1.2 support for MailGateway is enabled
Bug 1588877: Enable TLS 1.2 support for MailGateway
Summary of changes: Third-party email library is replaced with Aspose Email for .NET, which supports TLS 1.2.
Impact of changes: No additional impact.
Patch testing: It has been verified that:
TLS1.2 is supported for MailGateway.
Smoke testing has been performed and the following features have been verified:
- Approve/Reject action works correctly on the IMAP, POP3, and SMTP servers both with or without SSL on a proper address with proper credentials and with TLS and TLS1.2.
- Approve/Reject action also works correctly with IMAP servers using different mailboxes, both with and without authentication, and with different preferred formats.
- Connection has been tested for different servers.
- New logging has been verified for the Outbound and Inbound service.
- Regression testing has been performed: Approve/Reject action works correctly with TLS1.2 and IMAP with authentication.
Issues Resolved in Fix Pack 1
FIX14688 addresses FR14688: The possibility to copy information in Viewer was returned
Bug 1540323: MarkView users could not copy information from tables in Viewer
Summary of changes: The possibility to copy from main tables on the left side was added in MarkView Viewer.
Patch testing: It has been verified that a line or lines in all tables in the Viewer, including the Additional Details window, can be copied to clipboard. The functionality has been verified in all supported browsers (IE11, Chrome, FireFox, Edge).
FIX14663 addresses COD14663: The Configure Accounting Aliases window shows previously added aliases
Bug 1567232: Added aliases were not displayed in the table in the Configure Accounting Aliases window
Summary of changes: The SQL request was updated to support Oracle Database 11g.
Impact of changes: No additional impact.
Patch testing: It has been verified that now a user can see all the aliases added in the table in the Configure Accounting Aliases window.
FIX14650 addresses COD14650: Import Server: log4net.dll was updated to the 2.0.12.0 version to remove the vulnerabilities
Bug 1488622: The log4net library included vulnerabilities
Summary of changes: log4net.dll was updated (for Import Server).
Impact of changes: No additional impact.
Patch testing: It has been verified that the Import Server is installed and operates properly; the file log4net.dll has the correct version.
FIX14634 addresses COD14634: Coding GL Accounts using Project fields was restored
Bug 1567860: Account coding - could not code using project details in MarkView Viewer
Summary of changes: Calculating GL Account for items with Project fields was restored.
Impact of changes: No additional impact.
Patch testing: It has been verified that after entering/changing Project fields and saving a line/distribution, GL Account field is filled with the Project calculated account.
FIX14613 addresses FR14613: The dependency on Oracle Java Advanced Imaging (JAI) was eliminated
Bug 1559297: The dependency on Oracle Java Advanced Imaging (JAI) was to be eliminated
Summary of changes: Oracle Java Advanced Imaging (JAI) was changed to the Twelvemonkeys library.
Patch testing: It has been verified that MarkView can function without using JAI.
Regression testing in scope of image importing, loading and displaying for
images with different resolution has been provided, including performance
testing.
FIX14539 addresses COD14539: C&O: Support for RDBMS 19c (19.3) and Windows 2019 was added
Bug 1559632: C&O: Support for RDBMS 19c (19.3) and Windows 2019 was to be added
Summary of changes: The support for RDBMS 19c and Windows 2019 was added to MarkView Mail Gateway and Kofax MarkView Bar Code Server.
Impact of changes: No additional impact.
Patch testing: It has been verified that Capture and Output components installed on Windows 2019 connect to RDBMS 19c and work correctly.
FIX13502 addresses COD13502: Now you can upgrade to MarkView 10.2 without breaking packages MV_ADMIN_EXP_SERVER and MV_ADMIN_EXP_QUEUE, even if your environment does not have Document Library
Bug 1556527: Upgrading to MarkView 10.2 in an environment without Document Library resulted in broken packages MV_ADMIN_EXP_SERVER and MV_ADMIN_EXP_QUEUE
Summary of changes: Using functions from Document Library packages was removed.
Impact of changes: No additional impact.
Patch testing: It has been verified that there are no invalid packages in the environment that do not include Document Library.
FIX13433 addresses COD13433: Now MV Home can be reached in the Chrome browser
Bug 1553594: Opening MV Home in the Chrome browser caused an error due to unacceptable characters in the input
Summary of changes: Now request header parameters can be wrapped with double quotes.
Impact of changes: No additional impact.
Patch testing: Using Chrome, tried to reach the MarkView Home URL.
FIX13428 addresses COD13428: DFM User accounts are now ordered by most frequently or most recently used
Bug 1553592: GL Accounts could not be ordered by frequently or recently used
Summary of changes: The default sorting by the "Account" field for the GL Account list has been removed.
Impact of changes: No additional impact.
Patch testing: It has been verified that DFM User Frequent Accounts are now ordered by most frequently or most recently used GL Account codes by default.
FIX13352 addresses COD13352: The Alternate User functionality was improved
Bug 1545503: When a user had an alternate user and then their work items were reassigned to a third user, that user could not save accounting line data after editing
Summary of changes: The Alternate User functionality was improved; the "Reassign Document" action was updated to handle cases with Alternate Users.
Impact of changes: No additional impact.
Patch testing: It has been verified that invoices assigned to an alternate user and then reassigned are still successfully coded and distributed by the user they were reassigned to.
FIX13146 addresses COD13146: The AUSS performance issue was resolved
Bug 1530143: AUSS was running slowly
Summary of changes: The incorrect changes were reverted back.
Impact of changes: no additional impact.
Patch testing: Regression testing was performed.
FIX13082 addresses COD13082: A new preference allows selecting the statuses of receipt that should be shown in the MVAP_RECEIPTS_MV table
Bug 1538782: KTM Validation screen 'Match Receipt Lines' was showing the Fully Invoiced Releases
Summary of changes: A new preference MVERP_RECEIPTS_FILTER_CONDITION was added.
It contains a boolean expression to filter the list of receipt lines in the
MVAP_RECEIPTS_MV table returned by the MVERP_RECEIPTS.RefreshReceiptsTable
procedure. The preference is limited by 2000 characters.
The following set of predefined fields can be used in the expression:
po_number, po_header_id, line_num, po_release_num, material_doc_num,
material_doc_line_num, material_doc_year, movement_type, posting_date,
document_date, material_number, description, quantity, unit_of_measure,
receipt_total, delivery_note, bill_of_lading, ses_num, ses_line_num,
invoicing_status.
By default, the preference value is empty.
For example, if you want to additionally exclude any OVER INVOICED and FULLY
INVOICED receipts lines from the result set, you can use the following value:
"INVOICING_STATUS not in ('FULLY INVOICED','OVER INVOICED')".
Impact of changes: No additional impact.
Patch testing: It has been verified that:
- A new preference MVERP_RECEIPTS_FILTER_CONDITION was added and works correctly;
- The performance of the MVAP_RECEIPTS_MV table has not significantly decreased.
FIX13080 addresses COD13080: KTM Validation screen 'Match Receipt Lines' is not showing 'CLOSED' releases any more
Bug 1538778: KTM Validation screen 'Match Receipt Lines' was showing 'CLOSED' releases
Summary of changes: The SQL query was changed to get the list of receipts without receipts for 'CLOSED' releases.
Impact of changes: No additional impact.
Patch testing: It has been verified that closed releases of a blanket PO have become unavailable for matching in KTM.
FIX12963 addresses COD12963: An error handling vulnerability was resolved
Bug 1530138: An error handling vulnerability was detected
Summary of changes: The HTTP response was changed to hide private data.
Impact of changes: No additional impact.
Patch testing: It has been verified that the HTTP responses do not disclose private data.
FIX12962 addresses COD12962: jQuery libraries were updated to the 3.5.0 version
Bug 1530135: The jQuery library included vulnerabilities
Summary of changes: All jQuery libraries were updated to the 3.5.0 version.
Impact of changes: No additional impact.
Patch testing: Regression testing of the following modules was passed: SSI, Invoice Audit, Mobile, Migration Utility, Authentication Configuration, Print from Viewer.
FIX12884 addresses COD12884: Users with LOCALE_de group assigned can assign an alternate user
Bug 1530084: Users with the LOCALE_de group assigned could not assign an alternate user
Summary of changes: UserID parameter was added to the standard header script for legacy UI generated in pl/sql - MVT_Web_Display_JS.DataValidation. Dates are validated considering the current user locale.
Impact of changes: No additional impact.
Patch testing: It has been verified that now a user with any locale can complete an
alternate user assignment.
Also regression testing in scope of date validation in forms for Interactive
Queries, Web Inquiry, SSI, Doc Library was provided with the German locale.
FIX12836 addresses COD12836: SAML was configured to use the Sha-256 algorithm instead of Sha-1
Bug 1530087: Support for SAML using SHA256 was to be added
Summary of changes: SAML was configured to use the Sha-256 algorithm.
Impact of changes: No additional impact.
Patch testing: It has been verified that the SAML still works in a local environment.
FIX12715 addresses COD12715: 170 Workflow forms now allow user names greater than 30 characters
Bug 1530068: Oracle user names (USER_ID) longer than 30 characters resulted in error when opening the SFXWKFDR form in Oracle Apps as that user
Bug 1530071: Oracle user names (USER_ID) longer than 30 characters resulted in error when opening the Workflow Role Select form in Oracle Apps as that user
Bug 1530074: Oracle user names (USER_ID) longer than 30 characters resulted in error when opening the SFXPNDQS form in Oracle Apps as that user
Bug 1530077: Oracle user names (USER_ID) longer than 30 characters resulted in error when opening the SFXRTINV form in Oracle Apps as that user
Summary of changes: Enlarged user name limit for 170 Workflow forms to 150 characters.
Impact of changes: No additional impact.
Patch testing: It has been verified that Working Folder, Pending, Role Select, and Returned Invoices work fine with big user names.
FIX10910 addresses COD10910: R12 Tax Field - MV Tax Regime LOV values are similar to Oracle LOV values
Bug 1547577: R12 Tax Field - MV Tax Regime LOV values were not similar to Oracle LOV values
Summary of changes: A new preference MVOA_ENABLE_TAXATION_COUNTRY_FILTER is created to
control Taxation Country filtering with the default value set to TRUE.
If it is FALSE, Tax Regimes are not filtered by country code.
Impact of changes: No additional impact.
Patch testing: It has been verified, that the MVOA_ENABLE_TAXATION_COUNTRY_FILTER preference was added and works correctly:
- if the MVOA_ENABLE_TAXATION_COUNTRY_FILTER = true (by default), Tax Regime LOV in MarkView is the same as it is on the Lines Tab and is filtered by Country Code;
- if the MVOA_ENABLE_TAXATION_COUNTRY_FILTER = false, Tax Regime LOV in MarkView is the same as in Tax Details (a button below the list of lines) and is not filtered by Country Code;
- Tax Jurisdictions LOV corresponds to Tax Regime and also depends on the MVOA_ENABLE_TAXATION_COUNTRY_FILTER.
FIX9760 addresses COD9760: Invoices with 'Misc Costs' in their amount are now processed properly
Bug 1538736: Invoices with 'Misc Costs' in their amount after the queue 'Waiting for Interface Processing' got stuck in 'Interface Processing Error'
Summary of changes: Dummy lines are deleted before validation to avoid double validation of dummy lines.
Impact of changes: No additional impact.
Patch testing: It has been verified that invoices with dummy lines after "Waiting for
receipt" queue are validated correctly.
Smoke testing for KC/KTM was also provided: Several invoices of different types
were imported from KTM to MarkView.
FIX8627 addresses COD8627: OU's are now entered the invoice workbench in R12 properly
Bug 1530080: When entering an OU into the invoice workbench in R12, after clicking Get Next an error was thrown
Summary of changes: MVOAUTIL library was updated to eliminate the error.
Impact of changes: No additional impact.
Patch testing: It has been verified that the Invoice workbench Get Next action loads the next invoice image and data correctly in case Multi-Org Access Control is enabled.