This section contains the Bug fixes description of Aptify 6.2 release with the different categories as given below:
- Security Fixes
- Application Server Fixes
- Viewing System Fixes
- Accounting System Fixes
- Order Entry Fixes
- Report System Fixes
- Messaging System Fixes
- Framework Fixes
- Setup Fixes
- Product Management Fixes
- Customer Management Fixes
- Classic e-Business Fixes
- Fundraising Fixes
- e-Business 6 Fixes
- Integration Fixes
SQL Injection Vulnerability in LinkboxData Endpoint
As a part of PCI compliance, a security threat found in LinkBoxData Endpoint has been fixed in Aptify 6.2. The problem found during SQL injection testing on Aptify APIs under ‘’/AptifyServicesAPI/services/LinkBoxData’’ has been addressed.
(Issue 4846 & 4844)
SQL Injection Vulnerability in Views service
As a part of PCI compliance, a security threat found in Views services has been fixed in Aptify 6.2. The problem found during SQL injection testing on Aptify APIs under ‘’/AptifyServicesAPI/services/AptifyViews’’ has been addressed.
SQL Injection Vulnerability in DataObjects
As a part of PCI compliance, a security threat found in DataObjects has been fixed in 6.2. It was found that there are few exec incorrectly used within a stored procedure. All such stored procedures with exec or dynamic SQL calls were updated to correctly parameterize their inputs.
SQL Injection Vulnerability in FormTemplatePartDynamicData
As a part of PCI compliance, a security threat found in FormTemplatePartDynamicData has been fixed in 6.2. The problem found during SQL injection testing on Aptify APIs under ‘’/AptifyServicesAPI/services/ FormTemplatePartDynamicData’’ has been addressed.
HTTP Security Headers Missing
As a part of Security testing, the analyst identified the lack of HTTP security header, which can be a potential for client-side attacks. Fixes have been done in the identified headers via web.config and confirmed that they are present in both service requests and static resource requests.
The following security headers have been added in frontend web config file:
(…\inetpub\wwwroot\Aptify\web.config) under <customHeaders> tag
<add name="Access-Control-Allow-Origin" value="https://YOURSERVER.com" />
<add name="Access-Control-Allow-Headers" value="Content-Type" />
<add name="Access-Control-Allow-Credentials" value="true" />
<remove name="X-Powered-By" />
<add name="Strict-Transport-Security" value="max-age=31536000; includeSubDomains" />
<add name="X-Xss-Protection" value="1; mode=block" />
<add name="X-Content-Type-Options" value="nosniff" />
<add name="X-Frame-Options" value="SAMEORIGIN" />
<add name="Content-Security-Policy" value="default-src 'self' https://YOURSERVER.com https://secure.bluepay.com 'unsafe-inline' 'unsafe-eval';
connect-src 'self' https://YOURSERVER.com https://eligibility.wootric.com https://production.wootric.com https://wootric-eligibility.herokuapp.com https://secure.bluepay.com https://graph.microsoft.com https://communitybrands-my.sharepoint.com 'unsafe-inline' 'unsafe-eval' ;
script-src 'self' https://YOURSERVER.com https://secure.bluepay.com https://communitybrands-my.sharepoint.com 'unsafe-inline' 'unsafe-eval' ;
script-src-elem 'self' https://YOURSERVER.com 'unsafe-inline' 'unsafe-eval' ;
img-src 'self' https://YOURSERVER.com https://p.sfx.ms https://communitybrands-my.sharepoint.com data: 'unsafe-inline' 'unsafe-eval' ;
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com" />
- If you had integrated any third-party site, that needs to be added in tag "Content-Security-Policy"
- If Aptify integrates with any external site, then the Site URL need to be mentioned in the security headers for browsing it.
Below key has been updated in SOA Web config file:
<add key=”Aptify.Services.CORS.AllowedDomains” value = ”https://example.aptify.com”/>
Wildcard setting for CORS.AllowedDomains header
As a part of Security testing, it was identified that the CORS policy with wildcardsenabled is not a good choice. Though the use of the wildcard(*)is restricted in the CORS specification and the wildcard cannot be combined with the cross-origin transfer of credentials (authentication, cookies or client-side certificates), it is still a potential security risk. Hence with Aptify 6.2 release, the ‘’ Access-Control-Allow-Origin’’ in frontend web.config file has been updated to explicitly specify the security header details instead of *. Example: Access-Control-Allow-Origin: https://example.aptify.com.
<add key=”Aptify.Services.CORS.AllowedHeaders” value = ”https://example.aptify.com”/>
Application Server Fixes
Version 10.0.3 of Newtonsoft.json Prevents Windows Task From Being Created
With Aptify 6.1, the version of Newtonsoft.json.DLL deployed in the repository by the service pack installers was 10x. After updating the AptifyAsyncProcessor and AptifyCreateProcessFlowRun executables, confirming the latest version of AptifyProcessFlowEngine.DLL and reactivating the Async service, it was observed that Process Flow Runs were stuck in status "In-Process" and Newonsoft.json error was appearing in the log, requesting version 9x of the DLL. After replacing v10x with v9x in the app server folder, jobs began to run again. As a part of post installation steps, the AptifyShell config file, AptifyAsyncProcessor config file and AptifyCreateProcessFlowRun config file needs to be updated to mention the new version “10.0.0.0” for Newtonsoft.Json assembly.
For more information on troubleshooting the app server issues, please refer Upgrading the App Server with 6.2
Application Server Issues - Need EnableCaptureViewStatistics Attribute
Aptify 6.1 introduced a dependency on a config file attribute named EnableCaptureViewStatistics. This config file attribute, however, is not automatically added to AptifyAsyncProcessor.exe.config or AptifyCreateProcessFlowRun.exe.config as part of the service pack installer. Without this attribute, the Application Server also fails to process jobs. Please set a new key in AptifyAsyncProcessor.exe.config and AptifyCreateProcessFlowRun.exe.config to set the value of
EnableCaptureViewStatistics Attribute to True.
Viewing System Fixes
ELV sizing Logic at different Zoom Levels
With Aptify 6.2, Fixes has been done to correct the ELV sizing logic to display the ELV records correctly at different Zoom levels.
Go Button on Prompted Pivot Grid Remains Inactive
With earlier versions of Aptify, the Go button on the Prompted Pivot Grid view only worked the first time and then remained inactive. The user had to open another view and return to the Pivot Grid to “refresh” the Go button and allow another search. This behaviour has been corrected in 6.2 release.
Viewing System List View with Prompt and Grouping Does Not Load
Aptify 6.2 corrected behaviour in the viewing system wherein List view with Prompt and Grouping was not loading in 6.1 version.
Auto-Resize Columns Broken in Web 6.1
Aptify 6.2 corrected the column auto-resizing behaviour on list views of the web application.
Improvement in view Performance in Web
Performance Improvements have been done while accessing a large number of View records in Aptify 6.2 Web.
List View with Prompt and Grouping Does Not Load
Aptify 6.2 correct a behaviour in viewing system where List view with Prompt and Grouping was not loading.
Accounting System Fixes
Currency Flow down fixes in Aptify 6.2
This issue fixes a problem in the Aptify Desktop application where the order currency was not flowing down correctly when the associated person and company preferred currency was different.
GL Batch Wizard fails when batching Large Number of Records from a Prompt View
With Aptify 6.2, fixes have been done to correct a GL batching scenario where the GL Batch wizard was failing when batching a large number of records from a prompt view.
Does not allow to save Cash batch record for the un-match file with Resolved status
After importing a lockbox file with at least one unmatched records and then matching the record and setting the status to Resolved, the Cash Control batch record was not getting saved. Fixes have been done in Aptify 6.2 release to fix the behaviour.
GL Batch Wizard Broken in 6.1 Desktop and Web for non-numeric characters in GL Account Number.
GL Batch Wizard (Orders, Payments) stopped working correctly in Aptify 6.1 (Desktop or Web) when GL Account numbers contained non-numeric characters. The failure occurred as the wizard attempted to calculate/generate BatchAccountEntries on the Create Batch Entries step. This behaviour has been corrected in Aptify 6.2.
GL Flow down on Product throwing conversion error in specific scenarios
In Aptify 6.2, a conversion error was fixed which populated during GL flow down on the product. This happened only for specific GL accounts like ‘13000-1100’ which had a hyphen.
Order Entry Fixes
Unable to load 'Orders' having a kit product in multiple order lines in Aptify Web
With Aptify 6.2, fixes have been done in the Order load scenario, due to which an Order having multiple 'Orderlines' using one kit product will load correctly now in Aptify.
Orders Entity RelatedProductsEnabled Attribute Does Not Function in Web
With earlier versions of Aptify, even if the ‘RelatedProductsEnabled’ attribute in the Orders entity is set to 0 , the Related Products still appear when placing orders in Aptify Web. This behaviour has been corrected in the 6.2 version of Aptify Web.
New Payment DLLs Missing from Script Types
In Aptify 6.1, there were specific scenarios when compilations errors were produced for existing scripts that call Orders/Payments functionality. Related fixes have been done in Aptify 6.2 release to add the RemotePayments and RemotePaymentService objects as Repository References to the Process Pipeline and Pricing Rule Script Types to avoid the compilation errors.
Prevent New Orders from Saving with Non-Taken Status
In previous versions of Aptify, if you save a new Order as Back-Ordered, it initially shows an error. But if you then try to save it again, it saves successfully but clears the Shipping/Handling fields. This behaviour has been corrected in Aptify 6.2 release.
Order Line Price Selector Shows Expired Prices in Web
Aptify 6.2 release fixed a scenario in web where Price drop-down menu on Order was showing expired price records. It currently shows only current active price options.
Aptify Web Order Cancellation Wizard Can Generate Two Cancellation Orders If Finish Is Clicked Multiple Times
Aptify 6.2 fixes a problem where multiple cancellation order was generated if user clicked the Finish button on Cancellation wizard multiple times.
Saved Payment Method Still Used After Changing Order Payment Information
In Aptify 6.0 desktop application, if a user selects a Saved Payment Method on an order, and then change the payment to a different credit card, the SPM was still used instead of the new payment information. This behaviour has been corrected in Aptify 6.2 release.
Cannot manually create cancellation orders in Aptify Web
In previous versions of Aptify, when creating a cancellation order manually, the quantity and amount fields were not accepting negative numbers. If I enter negative amounts they change to positive amounts when update the order line.
Company only order can't get save in Aptify 6.2
Until the Aptify 6.0 version, the CompanyOrderDefaultPerson attribute in Orders Entity is set to the [Not Specified]. Aptify 6.1 introduced a new logic that actually checks configuration files (Aptify Shell.exe.config) to determine whether or not the company only default person should flow down.
Fixes have been done in Aptify 6.2 to make attribute CompanyOrderDefaultPerson entity attribute in Orders entity to ‘true’ by default and the attribute key in Aptify.Shell.Config for “Aptify.Application.OrderEntity.FlowdownCompanyOrderDefaultPerson” to false. This will now allow to save Company only order correctly with the default settings in 6.2
Report System Fixes
SSRS Report Print Button Doesn't Print Entire Report
With Aptify 6.1, when we run an SSRS report from the report wizard in the Aptify web and click the print button in the upper left of the page, it only printed the first and last page regardless of how many pages it was. This problem has been fixed in Aptify 6.2 release version.
Aptify Web: Apostrophes In ELV New Record Params Cause Input Parameter Text to be Truncated
Suppose if there is an apostrophe in the Data Combobox control of an Entity Value field or if the ELV New Record Parameter has an apostrophe, then the ELV was not loading correctly. This issue has been fixed in Aptify 6.2 to correct this behaviour.
Messaging System Fixes
Unable to View HTML or Plain Text on Message Templates
In Web, the HTML and Plain Text tabs on Message Templates were not displaying their contents or allowing the user to edit the information. This has been corrected in 6.2 version of Aptify Web.
"Cannot find table 29" Event Viewer Error After Logging into Web
With Aptify 6.1, when logging in Aptify Web, the event viewer was reporting an error “Cannot find table 29”. This error has been fixed and will no more appear in version 6.2 of Aptify.
Deleting List from Persons List Tab Deletes Entire List Record and Not List Item
In the desktop application of Aptify 6.0, when a new list was added and then deleted from the Persons List tab, the entire List record was deleted instead of the new list record itself for specific scenarios. This behaviour has been corrected in 6.2 version of the desktop application.
Silent Error 'No AptifyTypeResolver has been found in the GlobalContext.' when the user logged in to Desktop
In Aptify 6.1 Desktop, loading a view (not a Find results view or view on the dashboard) or opening any record, causes Aptify to log the following error: “No AptifyTypeResolver has been found in the GlobalContext. IGEObjectDataCacheCoordinator will be given an empty implementation.”
With Aptify 6.2, the silent error is disabled with the below new appSettings key in the configuration file.
<add key="Aptify.Framework.GenericEntity.AptifyTypeResolver.DisableWarning" value="true" />
Can't Add Field to Products Entity After e-Business Upgrade
On Aptify 6.1, adding a new field to the Products entity caused an index error. This problem has been corrected in Aptify 6.2.
Aptify Web: Aptify 6.1 Event Log Errors for Csrf protection is disabled
On Aptify Web for 6.1, there are many entries added to the Event Log. These are Warnings from AptifyServicesMessage that state: Csrf protection is disabled. The site works correctly but it just fills the event log which makes it difficult to troubleshoot the actual problems. Improvements were done in Aptify 6.2 Web installer to control the Event log errors for CSRF protection.
To avoid multiple CSRF warning messages, the following web config file attribute has been added :
<add key="Aptify.Services.Csrf.DisableWarning" value="false"/>
This attribute allows users to Switch off the Event viewer warnings when CSRF protection is disabled.
(Issue 4932 & Issue 4607)
Secondary installers and secondary startup routines executed twice
Both of these concepts have a primary and secondary interface. Primary interfaces are implemented by Aptify. Secondary interfaces are implemented by customers. Fixes have been made in Aptify 6.2 release as there was a bug where instances of ISecondaryStartupRoutine and ISecondaryUnityInstaller are executed twice. The goal is to have all Aptify code executes first, then all customer code executes.
Test Removing AppCache (Chrome Subsetting Feature)
Lately, Browsers are deprecating the functionality of the applicationCache feature. This is a breaking change for all applications still using the applicationCache API. This browser feature was leveraged in older versions of Aptify Web to provide a path towards working offline in the product. The feature was never fully completed and customers did not leverage it. Support for offline mode was removed but the applicationCache references remained. In Web console, following message logged: [Deprecation] Application Cache API use is deprecated and will be removed in M82, around April 2020.
Now that Chrome browsers have removed the feature entirely, Aptify Web 6.2 has been updated to remove the Appcache features. AppCache warning should no more be displayed from Chrome console
Who is affected?
Any customer running Aptify Web on 18.104.22.16800 or newer.
Quick/Universal Search Requires Attachments Full-Text-Index w/ Blob Data
Many clients do not require the ability to search through attachments as part of Aptify Web’s quick/universal search however by default it’s enabled in the stock product and for many of those clients, the Full-Text Index on attachment takes a lot of database space. We have addressed this issue in Aptify 6.2. For more information, please refer Disabling attachment records for global search.
Aptify 6.1 Installer Changes Default Country Fields on Addresses Entity
Aptify 6.1 upgrade introduced a problem that the default CountryCodeID, CountryCode, and Country on the Addresses entity was reset to US. This caused new addresses to show up as in the ‘United States’ by default, if the default country was not US. This behaviour has been corrected in 6.2 release.
Product Management Fixes
Product Prerequisite Function Fails if Product Type Differs from Previously Purchased Product
Aptify 6.2 has corrected the Product pre-requisites failure scenarios reported with earlier versions of Aptify. The scenarios reported are as follows:
- When using Product Prerequisites, if the Product requires two prerequisite Products, using two filter statements joined by an AND operator, the Product cannot be added to the Order and the user receives the Prerequisites Failure Message.
- When using Product Prerequisites, if the required Product’s Type differs from that of the Product being purchased, the Order will not allow the Product to be added and displays the Prerequisites Failure Message. For example, if the required Product’s Type is General and the Product being purchased has a Type of Meeting, the Meeting cannot be added to the Order.
(Issue 4708 & 4740)
Prices Record Filter Rule Does Not Respect Registrant Service Filters
Aptify 6.2 corrected the scenario where the pricing rule was not working correctly, if the "registrant" service is selected.
Search results only showing one item per page
Aptify 6.2 fixed a problem in which doing a find on a Category within a Product record, the results were displayed as one per page.
Customer Management Fixes
Contact Log - Blank Value Error
With previous versions of Aptify, users faced errors while creating a contact log record in Aptify web when adding two attachments to the contact log (one before first save and one before second save). This behaviour was corrected in Aptify 6.2 release.
Save Times Out After Adding Topic Code to Contact Log with Attachment
Aptify 6.2 fixed a problem found in earlier versions of Aptify, where adding Topic Code to Contact Log with an attachment was not working.
Companies Form's All Persons Tab Shows No Data on Aptify Web 6.1
In 6.1 Aptify Web, no records appeared in the grid for the All Persons tab in Companies form. This has been corrected in Aptify 6.2 Web version.
Classic e-Business Fixes
e-Business session state set to StateServer and got an error when view shopping cart
With these fixes, Aptify 6.2 corrects a behaviour found in classic e-Business wherein the Session State set to StateServer option was not working well when viewing the shopping cart.
Performance E-business Cart Changes
Aptify 6.2 integrated the Performance improvement fixes done on e-Business Cart scenarios.
Cannot Take a Credit Card Payment in the Contribution Payment Wizard with Aptify 6.1
Aptify 6.2 corrected the Credit Card Payment processing problem found in the Contribution Payment Wizard on the Fundraising application.
e-Business 6 Fixes
Aptify 6.0 with e-Business 6.0: Credit Card Payments Fail For CVVs Starting with 0
In e-Business 6.0 application, if a user entered a credit card with a CVV that begins with "0", For example, "012", the “0” at the beginning was not getting included and the credit card attempted to authorize with "12" and failed. This behaviour has been corrected in eBusiness in Aptify 6.2 release.
Adding new field in AddGeneralProduct endpoint
In earlier e-Business released version, a user can't add a new field to AddGeneralProduct endpoint action. This behaviour was corrected in e-Business 6.2 release.
Event Registration-Badge Information
In earlier e-Business version, when we add an attendee on the Event Registration page the badge information pulls the information of the user who is logged in and not of the person selected in the list. . This behaviour was corrected in e-Business 6.2 release.
Profile Page load issue for multiple phone numbers
In earlier e-Business version, when person record with additional phone numbers were added , the profile load did not load in e-Business . This behaviour was corrected in e-Business 6.2 release.
Hosted Payment Page - Limit Cards Used and No Saving Cards
As a part of the Hosted payment page for Bluepay, the following fixes were done in Aptify 6.2 release:
- Limiting the display of supported card types using the Web config attributes.
<add key="Aptify.FrameWork.Payment.showAcceptAmex" value="false" />
<add key="Aptify.FrameWork.Payment.showAcceptDiscover" value="false" />
- In Aptify 6.1, even though the Credit Card Hosted Payment Reference Transaction payment type has the Allow “Save for Future Use” box unchecked, the Save for Future option showed up on the hosted payment page at Checkout page. This problem has been fixes in Aptify 6.2 release.
Hosted Payment Page Should Allow Transactions over $1,000
In Aptify 6.2 release, we updated the Hosted Payment form to remove the comma from amounts greater than $999.99. So, a $1,000.00 charge is now displayed as $1000.00. This fix was done as the amount with commas was not processing correctly on the Hosted payment page.
Twilio SML Log
Twilio Co-pilot integration with Aptify corrected the behaviour of create entries in the Twilio SMS Log service when send messages from bulk messaging using Twilio co-pilot.
Port changes for adding missing field (IDPDataAttributesObject)
Aptify 6.2 corrected the missing field (IDPDataAttributesObject) in SAML Configuration entity for SAML Integration.
Performance Improvement Fixes
Performance improvement for services on GE output
With Aptify 6.2, performance improvements have been done in specific services where attachment categories or date/time conversion(for different cultures) were initiated multiple times.
Improvements were done to control the attachment categories block in Aptify Web End Point response using the following attribute in Web.Config file. By default, the flag is set to false.
<add key="Aptify.Services.GeSerialization.ReduceAttachmentCategoryInformation" value="false" />
If flag set to false then no changes will be performed related to attachment category block in GE output. The attachment categories block will display for top-level entity, embedded object level and subtypes record level (default behaviour)
<add key="Aptify.Services.GeSerialization.ReduceAttachmentCategoryInformation" value="false" />
If the flag is set to true, then attachment categories block will only display for top-level entity and subtypes entity level
<add key="Aptify.Services.GeSerialization.ReduceAttachmentCategoryInformation" value="true" />
(Issue 4716 & 4717)
AppSettingFeatureFlag has poor performance when settings not present in config file
With previous versions of Aptify, when the application is retrieving a new boolean setting through AppSettingFeatureFlag, and the flag is missing from the application's config file, the path we execute on is slower than is acceptable. For example, when a flag is checked 500 times, which is not unreasonable in production scenarios, it can add 7 seconds of overhead to the operation.
Fixes have been done in Aptify 6.2 to correct this behaviour by code changes.