TIBCO Spotfire Server Release Notes

TIBCO Spotfire Server Release NotesSoftware Release 10.3.8

ii

Contents

Important Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

TIBCO Documentation and Support Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

TIBCO Spotfire Server Release Notes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

New Features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Changes in Functionality. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Deprecated and Removed Features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Migration and Compatibility. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Third Party Software Updates. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Closed Issues. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Known Issues. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

TIBCO Spotfire Server Release Notes

3

Important Information

SOME TIBCO SOFTWARE EMBEDS OR BUNDLES OTHER TIBCO SOFTWARE. USE OF SUCH EMBEDDED OR BUNDLEDTIBCO SOFTWARE IS SOLELY TO ENABLE THE FUNCTIONALITY (OR PROVIDE LIMITED ADD-ON FUNCTIONALITY)OF THE LICENSED TIBCO SOFTWARE. THE EMBEDDED OR BUNDLED SOFTWARE IS NOT LICENSED TO BE USED ORACCESSED BY ANY OTHER TIBCO SOFTWARE OR FOR ANY OTHER PURPOSE.

USE OF TIBCO SOFTWARE AND THIS DOCUMENT IS SUBJECT TO THE TERMS AND CONDITIONS OF A LICENSEAGREEMENT FOUND IN EITHER A SEPARATELY EXECUTED SOFTWARE LICENSE AGREEMENT, OR, IF THERE IS NOSUCH SEPARATE AGREEMENT, THE CLICKWRAP END USER LICENSE AGREEMENT WHICH IS DISPLAYED DURINGDOWNLOAD OR INSTALLATION OF THE SOFTWARE (AND WHICH IS DUPLICATED IN THE LICENSE FILE) OR IFTHERE IS NO SUCH SOFTWARE LICENSE AGREEMENT OR CLICKWRAP END USER LICENSE AGREEMENT, THELICENSE(S) LOCATED IN THE “LICENSE” FILE(S) OF THE SOFTWARE. USE OF THIS DOCUMENT IS SUBJECT TO THOSETERMS AND CONDITIONS, AND YOUR USE HEREOF SHALL CONSTITUTE ACCEPTANCE OF AND AN AGREEMENT TOBE BOUND BY THE SAME.

ANY SOFTWARE ITEM IDENTIFIED AS THIRD PARTY LIBRARY IS AVAILABLE UNDER SEPARATE SOFTWARE LICENSETERMS AND IS NOT PART OF A TIBCO PRODUCT. AS SUCH, THESE SOFTWARE ITEMS ARE NOT COVERED BY THETERMS OF YOUR AGREEMENT WITH TIBCO, INCLUDING ANY TERMS CONCERNING SUPPORT, MAINTENANCE,WARRANTIES, AND INDEMNITIES. DOWNLOAD AND USE OF THESE ITEMS IS SOLELY AT YOUR OWN DISCRETIONAND SUBJECT TO THE LICENSE TERMS APPLICABLE TO THEM. BY PROCEEDING TO DOWNLOAD, INSTALL OR USEANY OF THESE ITEMS, YOU ACKNOWLEDGE THE FOREGOING DISTINCTIONS BETWEEN THESE ITEMS AND TIBCOPRODUCTS.

This document is subject to U.S. and international copyright laws and treaties. No part of this document may be reproduced inany form without the written authorization of TIBCO Software Inc.

TIBCO, the TIBCO logo, the TIBCO O logo, TIBCO Spotfire, TIBCO Spotfire Analyst, TIBCO Spotfire Automation Services,TIBCO Spotfire Server, TIBCO Spotfire Web Player, TIBCO Spotfire Developer, TIBCO Enterprise Message Service, TIBCOEnterprise Runtime for R, TIBCO Enterprise Runtime for R - Server Edition, TERR, TERR Server Edition, TIBCO Hawk, andTIBCO Spotfire Statistics Services are either registered trademarks or trademarks of TIBCO Software Inc. in the United States and/or other countries.

Java and all Java based trademarks and logos are trademarks or registered trademarks of Oracle and/or its affiliates.

All other product and company names and marks mentioned in this document are the property of their respective owners andare mentioned for identification purposes only.

This software may be available on multiple operating systems. However, not all operating system platforms for a specificsoftware version are released at the same time. Please see the readme.txt file for the availability of this software version on aspecific operating system platform.

THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED,INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULARPURPOSE, OR NON-INFRINGEMENT.

THIS DOCUMENT COULD INCLUDE TECHNICAL INACCURACIES OR TYPOGRAPHICAL ERRORS. CHANGES AREPERIODICALLY ADDED TO THE INFORMATION HEREIN; THESE CHANGES WILL BE INCORPORATED IN NEWEDITIONS OF THIS DOCUMENT. TIBCO SOFTWARE INC. MAY MAKE IMPROVEMENTS AND/OR CHANGES IN THEPRODUCT(S) AND/OR THE PROGRAM(S) DESCRIBED IN THIS DOCUMENT AT ANY TIME.

THE CONTENTS OF THIS DOCUMENT MAY BE MODIFIED AND/OR QUALIFIED, DIRECTLY OR INDIRECTLY, BY OTHERDOCUMENTATION WHICH ACCOMPANIES THIS SOFTWARE, INCLUDING BUT NOT LIMITED TO ANY RELEASE NOTESAND "READ ME" FILES.

This and other products of TIBCO Software Inc. may be covered by registered patents. Please refer to TIBCO's Virtual PatentMarking document (https://www.tibco.com/patents) for details.

Copyright © 1994-2020. TIBCO Software Inc. All Rights Reserved.


https://www.tibco.com/patents

4

TIBCO Documentation and Support Services

How to Access TIBCO Documentation

Documentation for TIBCO products is available on the TIBCO Product Documentation website, mainlyin HTML and PDF formats.

The TIBCO Product Documentation website is updated frequently and is more current than anyother documentation included with the product. To access the latest documentation, visit https://docs.tibco.com.

TIBCO Spotfire Documentation

Documentation for Spotfire Server and related products is available on the Spotfire Server ProductDocumentation page.

The following documents relevant for this product can be found on the Spotfire Server Documentationsite:

● TIBCO Spotfire® Server and Environment - Quick Start

● TIBCO Spotfire® Server and Environment - Installation and Administration

● TIBCO Spotfire® Server and Environment Security

● TIBCO Spotfire® Server Release Notes

● TIBCO Spotfire® Business Author and TIBCO Spotfire® Consumer Release Notes

● TIBCO Spotfire® Business Author and Consumer User's Guide

● TIBCO Spotfire® Cobranding

● TIBCO Spotfire® Qualification Installation and Configuration Manual

● TIBCO Spotfire® Qualification User's Guide

● Deploying and Using a TIBCO Spotfire® Language Pack

● TIBCO Spotfire® Automation Services User's Guide

● TIBCO Drivers® - Connecting to an ODBC Data Source Using Spotfire® Analyst

● TIBCO Spotfire® Automation Services API Reference

● TIBCO Spotfire® Automation Services REST API Reference

● TIBCO Spotfire® Server Information Services API Reference

● TIBCO Spotfire® Server Library REST API Reference

● TIBCO Spotfire® Server Platform API Reference

● TIBCO Spotfire® Server Web Services API Reference

● TIBCO Spotfire® Server License Agreement

Release Version Support

Some release versions of TIBCO Spotfire products are designated as long-term support (LTS) versions.LTS versions are typically supported for up to 36 months from release. Defect corrections will typicallybe delivered in a new release version and as hotfixes or service packs to one or more LTS versions. Seealso https://docs.tibco.com/pub/spotfire/general/LTS/spotfire_LTS_releases.htm.


https://docs.tibco.com

https://docs.tibco.com

https://docs.tibco.com/products/tibco-spotfire-server


https://docs.tibco.com/pub/spotfire/general/LTS/spotfire_LTS_releases.htm

5

How to Contact TIBCO Support

You can contact TIBCO Support in the following ways:

● For an overview of TIBCO Support, visit http://www.tibco.com/services/support.

● For accessing the Support Knowledge Base and getting personalized content about products you areinterested in, visit the TIBCO Support portal at https://support.tibco.com.

● For creating a Support case, you must have a valid maintenance or support contract with TIBCO.You also need a user name and password to log in to https://support.tibco.com. If you do not have auser name, you can request one by clicking Register on the website.

System Requirements for Spotfire Products

For information about the system requirements for Spotfire products, visit http://spotfi.re/sr.

How to join TIBCO Community

TIBCO Community is the official channel for TIBCO customers, partners, and employee subject matterexperts to share and access their collective experience. TIBCO Community offers access to Q&A forums,product wikis, and best practices. It also offers access to extensions, adapters, solution accelerators, andtools that extend and enable customers to gain full value from TIBCO products. In addition, users cansubmit and vote on feature requests from within the TIBCO Ideas Portal. For a free registration, go tohttps://community.tibco.com.

For quick access to TIBCO Spotfire content, see https://community.tibco.com/products/spotfire.


http://www.tibco.com/services/support

https://support.tibco.com

https://support.tibco.com

http://spotfi.re/sr

https://ideas.tibco.com/

https://community.tibco.com

https://community.tibco.com/products/spotfire

6


The release notes for this product version are provided to inform you of new features, known issues,and issues from previous releases that have been closed.

These release notes are for TIBCO Spotfire® Server version 10.3. They cover Microsoft Windows andLinux installations.

Spotfire® Server is a Tomcat web application that runs on Windows and Linux operating systems. It isthe administrative center of any TIBCO Spotfire® implementation. In addition to providing the toolsfor configuring and administering the Spotfire® environment, Spotfire Server facilitates the servicesthat make it possible for users to access, blend, and visualize their data, creating analyses that provideactionable insight.

New Features

The following new features are available in version 10.3 LTS of TIBCO Spotfire® Server.

For details about new Spotfire features, see What's New in TIBCO Spotfire® in the TIBCO Community.

Third-party software is updated with each release. See Third Party Software Updates on page 12 formore information.

New features in version 10.3.7, February 2020

New requirements for communication to the Active Directory serverWith the Microsoft advisory ADV190023 | Microsoft Guidance for Enabling LDAP Channel Binding andLDAP Signing, new requirements for communication to the Active Directory (AD) server will beintroduced. If you use AD server with LDAP, see the section Changes in Functionality for detailedinstructions.

New features in version 10.3.6, February 2020

Spotfire Server has a configuration property for controlling the SameSite cookie attribute for cookiesgenerated by the Spotfire Server.

You might need to change this value in scenarios where the Spotfire Server cookies are used as thirdparty cookies. For example, when using the TIBCO Spotfire JavaScript API. Use the server command-line configuration tool to specify the property.

Example:

config export-config --forceconfig set-config-prop --name="security.cookies.same-site" --value="None"config import-config -c "Cookies SameSite=None"

Valid values for the property are:

● None

● Lax

● Unset

The default is Unset, which is a special Tomcat value, and which preserves previous behavior.

The values None and Lax are defined by rfc6265bis.


https://community.tibco.com/wiki/whats-new-tibco-spotfire?_ga=2.216836630.1824599218.1515533468-970363359.1496870511

7

New features in version 10.3.4, October 2019

Support for Microsoft Windows Server 2019Support for Microsoft Windows Server 2019 has been added. See System requirements for details.

New features in version 10.3.3, August 2019

Support for Oracle 19cSupport for Oracle 19c has been added. See System requirements for details.

New features in version 10.3.0, May 2019

Updated trust mechanism, including trust for data functions

● Spotfire now provides a trust mechanism that verifies that data functions and TERR expressionfunctions are trusted before allowing them to execute. This is the same trust mechanism used forJavaScript and IronPython scripts and also for data connection custom queries.This means that if users should be able to execute a particular data function, the data functionmust be trusted. See the Script and Data Function Trust topic in the Spotfire Analyst User's Guide formore information.

● Spotfire now uses the SHA-512 algorithm to generate the checksum for ensuring that scripts anddata functions are identical to when they were trusted. This is to verify that they have not beentampered with by an unauthorized user.

● A new server command, find-analysis-scripts, locates all scripts and data functions in all files inthe library, and provides information about the analysis files that contain scripts or data functions,the trust status of the scripts or data functions, and so on.The command can be used to trust all scripts or selected types of scripts, in either selected locationsor in the entire library. For more information, see find-analysis-scripts in the server help.

The above changes require a few additional steps when upgrading to Spotfire 10.3. The exactsteps to take depend on your use case and environment. For more information about the stepsto consider, see https://community.tibco.com/wiki/script-and-data-function-trust-spotfire-103-and-later in the TIBCO Community.

Manage licenses in the administration interfaceYou can now set and change licenses in the Spotfire administration interface. Licenses determine thefeatures that members of a particular group can access. For more information, see Groups and licensesin the server help.

Calling the REST and SOAP APIs on behalf of end usersIt is now possible to use an OAuth2 Authorization Code Grant flow with the Spotfire Server REST andSOAP APIs in order to make the API calls on behalf of end users.

Upgrading

● Upgrading the Spotfire Server is now easier. The structure of scripts, configuration files, andcustom extensions has been remodeled, and more of your settings are kept during server upgrade.

● The upgrade tool can now be used for upgrades between service packs.● The performance for upgrading and deleting services has been improved.These improvements have led to important changes in server directories and files; for details,see Changes in Functionality.

Set purge interval for scheduled updates job historyThere is a new configuration option for setting the interval between purges of the scheduledupdates job history. The purge-history-interval option appears in the "scheduled-jobs" section of theconfiguration.xml file. The default value is 12 hours.For information on editing the configuration file, see Manual configuration in the server help.


http://spotfi.re/sr

http://spotfi.re/sr

https://docs.tibco.com/pub/sfire-analyst/10.3.0/doc/html/en-US/TIB_sfire-analyst_UsersGuide/index.htm#t=vis%2Fvis_script_and_data_function_trust.htm

https://docs.tibco.com/pub/spotfire_server/10.3.0/doc/html/TIB_sfire_server_tsas_admin_help/GUID-552E2A4A-CD61-4917-A970-A30B7E668C52.html

https://community.tibco.com/wiki/script-and-data-function-trust-spotfire-103-and-later

https://community.tibco.com/wiki/script-and-data-function-trust-spotfire-103-and-later

https://docs.tibco.com/pub/spotfire_server/10.3.0/doc/html/TIB_sfire_server_tsas_admin_help/GUID-173A78E9-CA98-4912-B7CD-52C012DD699B.html

https://docs.tibco.com/pub/spotfire_server/10.3.0/doc/html/TIB_sfire_server_tsas_admin_help/GUID-C584A115-D1A5-4940-904F-C9A9E8F4F425.html

8

Support for custom display namesSpotfire Server now supports custom display names as an alternative to the URL to the server. Thedisplay name will be visible in the following locations:

● Spotfire Analyst.● The server list in the login dialog.● The About dialog.● The progress indicator.On a Spotfire Server, you can specify the display name by setting a display name for a Site.You can also specify a display name, on a per-user basis, on the Manage Servers page in the logindialog.A display name that was specified in Manage Servers overrides a display name that wasspecified on the server.

Search for group membersIn Users & Groups, it is now possible to search for group members.

Monitoring and Diagnostics

● It is now possible to configure a web player to capture either small or large dumps when it is non-responsive.

● There is a new action log category for licenses: exclude_license. It indicates that the license featurewas removed from the group's enabled license.

CobrandingThe custom header capability has been reintroduced for Spotfire web clients. For more information,see the Cobranding help.

Changes in Functionality

These are the changes in functionality in version 10.3 of Spotfire Server.

Version 10.3.7, February 2020

New requirements for communication to the Active Directory serverWith the Microsoft advisory ADV190023 | Microsoft Guidance for Enabling LDAP Channel Binding andLDAP Signing, new requirements for communication to the Active Directory server will be introduced.You can avoid these new requirements by changing certain registry settings on the Active Directoryservers. Otherwise, communication between Spotfire Server and the Active Directory servers mustuse SSL. They should use the LDAPS protocol, and the URI scheme in the configuration should bechanged from LDAP to LDAPS.

Certificates for SSL communicationWhen a communication is made over SSL, the issuer of the certificate is verified by Spotfire Server. If itis an officially issued certificate, the communication works without changes. In the bundled Java, thefollowing file contains official root certificates:<installation root> /jdk/jre/lib/security/cacerts

If a bespoke certificate needs to be issued, then the certificate chain is not to one of these official rootcertificates. Instead, Spotfire Server must be told to trust this certificate. For earlier releases of SpotfireServer, the only way to make this possible was to import the new certificate into the above-mentionedfile, cacerts. This method is described in the manual and can still be used.To facilitate the use of bespoke certificates, you can now use an alternative, easier method, which isdescribed in this section.Every SSL certificate that is to be trusted can have its own keystore file (in Java Keystore-format, withthe suffix jks). These files should be placed in the directory <installation root>/tomcat/certs.


https://docs.tibco.com/products/tibco-spotfire-server-10-3-0

9

From Spotfire Server 10.3.0 and later, the contents of this directory is copied during anupgrade.The same password (default changeit) is used for the file cacerts as for any extra keystore file intomcat/certs. If you must change this password, then you should change the password for all files,including the file cacerts.

It is not the private certificate that is needed in these files, so changing the password is notcritical, because anyone who can connect to the server can retrieve the public certificate.The file cacerts has the default password changeit, and it is assumed that the extra keystorefiles have the same password. If you must set a new password, the Java startup parameterjavax.net.ssl.trustStorePassword should be added, either to the start script or to the service.Depending on how Spotfire Server is started, this new password must be set in start scripts or asa parameter for the Windows parameter. For more information on performing this task, in TIBCOSpotfire® Server and Environment - Installation and Administration , review the section on changingmemory settings. (The steps are the same, even though here it is a startup parameter and not amemory setting.)

Retrieve and create a JKS-fileBelow are some hints on how to create a JKS-file. This information works for both Linux andWindows.Use the forward slash for Linux and the backslash for Windows.

This method works for Spotfire Server version 7.11.10, version 10.3.7, and version 10.6 and later.The following example shows how to get the certificate for the server foo.company.com, which hasLDAPS enabled and listens on port 636.

To get the needed certificates installed on Spotfire Server, in the following example, changefoo.company.com to the server name from which you want to get the certificate, and change-alias foo to the alias that should receive the certificate in the keystore. You can run thiscommand toward several servers, and the certificates will be imported and appended to thekeystore trust_foo.jks, or you can create a new one for each server.

<installation root> /jdk/jre/bin/keytool -printcert -sslserver foo.company.com :636 -rfc | <installation root> /jdk/jre/bin/keytool -import -noprompt -alias foo -keystore " <installation root> /tomcat/certs/trust_foo.jks" -storepass changeit -storetype jks

Any readable file with the suffix jks should be picked up by the server and the CLI tools.The relocatable, remote CLI tool does not pick up certificates using this method.

Importing to the cacerts file within the JDK installationThe following command is the only option available for versions of Spotfire Server earlier than version10.6, except for version 7.11.10 and version 10.3.7.<installation root> /jdk/jre/bin/keytool -printcert -sslserver foo.company.com :636 -rfc | <installation root> /jdk/jre/bin/keytool -import -noprompt -alias foo -keystore " <installation root> /jdk/jre/lib/security/cacerts" -storepass changeit -storetype jks

The relocatable, remote CLI tool does not pick up certificates installed on the Spotfire Server.

Version 10.3.5, December 2019

New credentials profile settingIn credentials profiles, a new setting, <allowed-usages>, is available. With this setting, you can specifyconditions for when you can use the credentials profile.


10

Version 10.3.3, August 2019

In version 10.3.3, the default failure detection timeout for Apache Ignite was increased to 60 seconds tohelp prevent server restart due to cache failures for larger systems.

Version 10.3.2, July 2019

As of Spotfire Server version 10.3.0, server hotfixes can be applied only on the specific service packversion that they were created for. Example: If you currently have version 10.3.1, you can apply serverhotfixes only for the 10.3.1 version, such as 10.3.1 HF-001, 10.3.1 HF-002, and so on. If you want a hotfixof a different service pack level, such as 10.3.2 HF-001, you must first make sure to upgrade to thatservice pack (10.3.2) before applying the hotfix.

Version 10.3.0, May 2019

Server directories and filesThe improvements done to the upgrade process have required changes to where certain serverconfiguration files are located.

● The scripts config.bat, config.sh, SetComputerPassword.vbs, SetupWizard.vbs, uiconfig.bat,and uiconfig.sh have been moved from the <installation_dir>/tomcat/bin directory to the<installation_dir>/tomcat/spotfire-bin directory.

● Previously, in a Windows server installation, there were three executable files (kinit.exe, klist.exe,and ktab.exe) bundled with the JDK in the <installation_dir>/jdk/jre/lib/security folder. Now,there are three new scripts (kinit.bat, klist.bat, and ktab.bat) in the <installation_dir>/tomcat/spotfire-bin/ folder that do the same things as the old executable files.

● JDBC drivers, API implementations, and other custom components that were previously stored ineither the <installation_dir>/tomcat/lib folder or the <installation_dir>/tomcat/webapps/spotfire/WEB-INF/lib folder should now be stored in the <installation_dir>/custom-ext folder. Any nativelibraries (.dll or .so) should also be placed in this directory (and will be automatically added to thepath).

● The names of two JAR files have changed:

API Pre-10.2 file name 10.2 and future versions file name

Server Platform API server.jar spotfire-public-java-api.jar

Information Services API server-is.jar spotfire-server-is.jar

● Previously, the Kerberos configuration file krb5.conf had to be placed in the <installation_dir>/jdk/jre/lib/security/ folder for Kerberos authentication to work. Now, the krb5.conf file is placedin the <installation_dir/tomcat/spotfire-config/ folder of an installed Spotfire Server.

● Previously, the default location of the Kerberos keytab file was <installation_dir>/jdk/jre/lib/security/. Now, the default location of the keytab file is <installation_dir>/tomcat/spotfire-config/.

● The upgrade tool now copies Kerberos configurations, keystores, custom login pages, logs, andlibrary exports.

● The way to change the default location of server logs has changed. For more information, seeChanging the default location of server logs.

Logging customizationCertain logging customizations can now be made that will be carried over during subsequentupgrades. Logging levels will now also be persisted at upgrade. For more information, see Log4j2configuration properties.The Tomcat Valves for access logging that could previously be configured in <installation_dir>/tomcat/conf/context.xml are now configured in <installation_dir>/tomcat/conf/Spotfire/localhost/spotfire.xml.


https://docs.tibco.com/pub/spotfire_server/10.3.3/doc/html/TIB_sfire_server_tsas_admin_help/GUID-E1F047D3-0EB4-4564-8BEF-2B1F80D9D389.html

https://docs.tibco.com/pub/spotfire_server/10.3.3/doc/html/TIB_sfire_server_tsas_admin_help/GUID-13ABE3AD-1B9E-4896-AD47-4AF2E6702DE3.html

https://docs.tibco.com/pub/spotfire_server/10.3.3/doc/html/TIB_sfire_server_tsas_admin_help/GUID-13ABE3AD-1B9E-4896-AD47-4AF2E6702DE3.html

11

purge-history-older-than defaultIn the configuration.xml file, the default value of the configuration option purge-history-older-than inthe "scheduled-jobs" section has changed from 7 days to 3 days.

CobrandingCustom headers are now added to web clients through a cobranding package. For instructions,see "Adding Custom Headers to Spotfire UIs" in the Cobranding Manual, available with the serverdocumentation: https://docs.tibco.com/products/tibco-spotfire-server.

NTLM authentication with SQL Server DataDirect driverThe included DataDirect JDBC driver for SQL Server has been updated, and the use of NTLMauthentication with the driver is changed.In the updated driver, DLL-based NTLM is no longer supported. This means you can no longer usethe JDBC connection property AuthenticationMethod with the value AuthenticationMethod=ntlm . Also it isno longer required that you use the property LoadLibraryPath in the connection string.To continue to use NTLM authentication with this driver, in the JDBC connection string, set the valueof the AuthenticationMethod property to either ntlmjava or ntlm2java.This also requires that you provide a username and password. If you are using the DataDirect SQLServer driver with NTLM for data access in Information Services, you must update your data sourcesin Information Designer to include a username and password.

Deprecated and Removed Features

These are the deprecated or removed features as of version 10.3 of Spotfire Server.

Legacy SOAP APIThe legacy (non-OAuth2) SOAP API has been removed. It is replaced by the SOAP Web Service API.The User and Impersonator groups are no longer created during a fresh installation. On upgradedsystems they remain but are renamed to "API User (obsolete)" and "Impersonator (obsolete)". Theycan be removed at will.

Java User Directory APIThe existing Java User Directory API (com.spotfire.server.userdir) is deprecated and willbe removed in a future version. That API has been replaced by the new user directory API(com.spotfire.server.api.userdir.UserDirectory).

Migration and Compatibility

Spotfire Server version 10.3 contains detailed instructions for migrating from a previous release.

Spotfire Server

See "Upgrading Spotfire" in the Spotfire Server and Environment - Installation and Administrationhelp.

As of Spotfire Server version 10.3.0, server hotfixes can be applied only on the specific servicepack version that they were created for. Example: If you currently have version 10.3.1, you canapply server hotfixes only for the 10.3.1 version, such as 10.3.1 HF-001, 10.3.1 HF-002, and so on.If you want a hotfix of a different service pack level, such as 10.3.2 HF-001, you must first makesure to upgrade to that service pack (10.3.2) before applying the hotfix.

Newer and older versions of Spotfire Analyst client can be used to connect to the current version ofSpotfire Server in order to upgrade or downgrade the client packages. However, it is recommendedto always run the same version of client and server in production environments. See SystemRequirements.





http://spotfi.re/sr

http://spotfi.re/sr

12

Spotfire Automation Services

For instructions on how to upgrade to version 10.3 Spotfire Automation Services, see "UpdatingServices" in the Spotfire Server and Environment - Installation and Administration help.

There were major architectural changes introduced in version 7.5.0. If you are upgrading froma version earlier than 7.5.0, refer to the Spotfire Automation Services 7.5.0 Release Notes for moreinformation.

Spotfire Qualification

Version 10.3 of Spotfire Qualification should be installed for compatibility with version 10.3 of TIBCOSpotfire.

For instructions on how to upgrade to version 10.3of Spotfire Qualification, see the SpotfireQualification - Installation Guide.

Third Party Software Updates

The following third party software (TPS) components have been added or updated for Spotfire Serverversion 10.3.

10.3.7, February 2020

TPS New Version

Apache CXF Core 3.3.5

Apache Log4j 2.13.0

AspectJ Weaver 1.9.5

Jackson Core 2.10.1

Jetty 9.4.25.v20191220

Progress DataDirect Connect for JDBC SQL Server Driver 6.0.0.263

Quartz Enterprise Job Scheduler 2.3.2

RSyntaxTextArea 3.0.8

Simple Logging Facade for Java 1.7.30

Spring Framework 5.2.3

10.3.6, February 2020

TPS New Version

AWS SDK for Java 1.11.691

AngularJS 1.7.9.


Oracle Server JRE 8u241




13

TPS New Version

Jetty 9.4.24.v20191120

Spring Framework 5.2.2

Apache Tomcat 9.0.30

Byte Buddy 1.10.5

Apache Log4j 2.12.1

Mybatis 3.5.3

Mybatis-Spring 2.0.3


Simple Logging Facade for Java 1.7.29

10.3.5, December 2019

TPS New Version

Bouncy Castle 1.64

Jackson Annotations 2.10.0

Jackson Core 2.10.0

Jackson Databind 2.10.0

Nimbus JOSE+JWT 8.2

10.3.4, October 2019

TPS New Version

AWS SDK For Java 1.11.630

Amazon JMES Path Query Library 1.11.630

Apache Commons Text 1.8

Apache HttpComponents Client 4.5.10

Apache HttpComponents Core 4.4.12

Apache Ignite 2.7.6



Jackson Core 2.9.10



14

TPS New Version

Java Server JRE 8.u.231

Jetty 9.4.21.v20190926

Lodash 4.17.15

Microsoft JDBC Driver for SQL Server 7.4.1

MyBatis 3.5.2

MyBatis-Spring 2.0.2

Nimbus JOSE+JWT 7.8

Spring Framework 5.1.9.RELEASE

Windows Service Wrapper 2.2.0

toastr 2.1.4

10.3.3, September 2019

TPS New Version


Apache Ignite 2.7.5

Apache Log4j 2.12.0


Bouncy Castle 1.62

Jackson Databind 2.9.9.1

Jetty 9.4.19.v20190610

Oracle Java Server JRE 8u221


10.3.2, July 2019

TPS New Version

AngularJS 1.7.8


Apache Commons FileUpload 1.4

Apache Commons Lang 3.9

Apache Commons Text 1.6


15

TPS New Version


Apache Log4j 2.11.2


AspectJ Weaver 1.9.4

Byte Buddy 1.9.13


Jackson Core 2.9.9


Jaxen 1.2.0

Jetty 9.4.18.v20190429

Bouncy Castle 1.61

MyBatis 3.5.1

MyBatis-Spring 2.0.0

Quartz Enterprise Job Scheduler 2.3.1



Yammer Metrics Core Library 4.1.0

jQuery 3.4.1

10.3.1, June 2019

TPS New Version


Oracle Java Server JRE 8u212

Windows Service Wrapper (added) 2.1.1

jQuery 3.4.0

10.3.0, May 2019

TPS Version Change

ANTLR 2.7.7 No Change

ASM 7 Updated


16

TPS Version Change

ASM Based Accessors Helper Used byJSON Smart

1.2 No Change

AWS SDK For Java 1.11.429 No Change

Amazon Ion Java 1.0.2 No Change

Amazon JMES Path Query Library 1.11.429 No Change

Amazon Redshift JDBC driver 1.2.20.1043 Updated

AngularJS 1.7.5 No Change

Apache Ant 1.10.5 Added

Apache CXF Core 3.3.0 Updated

Apache Commons BeanUtils 1.9.2 No Change

Apache Commons CLI 1.4 No Change

Apache Commons Codec 1.11 Added

Apache Commons Collections 3.2.2 No Change

Apache Commons Daemon 1.0.15 No Change

Apache Commons Digester 1.8.1 No Change

Apache Commons FileUpload 1.3.3 No Change

Apache Commons IO 2.6 No Change

Apache Commons Lang 3.8.1 No Change

Apache Commons Lang 3.5 Added

Apache Commons Logging 1.2 No Change

Apache Commons Text 1.4 No Change

Apache Commons Validator 1.6 No Change

Apache HttpComponents Client 4.5.7 Updated

Apache HttpComponents Core 4.4.11 Updated

Apache Ignite 2.7.0 No Change

Apache Log4j 2.11.1 No Change

Apache Lucene 7.4.0 No Change

Apache Neethi 3.1.1 No Change


17

TPS Version Change

Apache Standard TaglibImplementation

1.2.5 No Change

Apache Tomcat 9.0.17 Updated

Apache XML-Commons Resolver 1.2 No Change

Apache XmlSchema Core 2.2.4 Updated

AspectJ Weaver 1.9.1 No Change

Azure Active Directory Library for Java 1.3.0 Added

Bootstrap 3.4.1 Updated

Bouncy Castle 1.6 No Change

Byte Buddy 1.8.12 No Change

DTD Parser 1.4.1 Added

Extended stAX API 1.8.1 Added

FasterXML Woodstox 5.0.3 Updated

Google Fonts Unspecified No Change

Google Fonts Montserrat master20170913 No Change

Google Fonts Open Sans Unspecified No Change

Google Gson 2.2.4 Added

Guava: Google Core Libraries for Java 20 No Change

H2 Database Engine 1.4.197 No Change

Ignite Shmem 1.0.0 No Change

JAXB API 2.3.2 Added

JCIP Annotations Under ApacheLicense

1.0-1 No Change

JDOM 2.0.6, 1.1.3 No Change

JSON Small and Fast Parser 1.3.1 Added

JSON Small and Fast Parser 2.3 No Change

Jackson Annotations 2.9.8 Updated

Jackson Core 2.9.8 Added

Jackson Databind 2.9.8 Updated


18

TPS Version Change

Jackson Dataformat: CBOR 2.6.7 No Change

Jakarta XML Bind API 2.3.2 Added

Java ClassMate 1.4.0 No Change

Java Servlet API 4.0.1, 3.1.0 No Change

JavaBeans Activation Framework APIJAR

1.2.1 Added

JavaMail API JAR 1.4.7 Added

Jaxen 1.1.6 No Change

Jespa 1.2.5 No Change

JetBrains Java Annotations 13 No Change

Jetty 9.4.15.v20190215 Updated

Joda-Time 2.8.1 No Change

LMAX Disruptor Framework 3.4.2 No Change

Lodash 4.17.11 Updated

Log4Jdbc Log4j2 JDBC 1.16 No Change

MapStruct 1.2.0 Final No Change

Microsoft JDBC Driver for SQL Server 7.0.0 No Change

MigLayout 4.2 No Change

MyBatis 3.4.6 No Change

MyBatis-Spring 1.3.2 No Change

Nimbus JOSE + JWT 6.1 , 5.1 Updated

OAuth 2.0 SDK with OpenID ConnectExtensions

5.24.1 Added

Oracle Server JRE 8u201 No Change

Oracle Sun FastInfoset 1.2.16 Added

Oracle Sun Istack Common UtilityCode

3.0.8 Added

PostgreSQL JDBC Driver 42.2.5 No Change

Progress DataDirect Connect for JDBCDB2 Driver

5.1.4.250 , 5.1.4.0231 Updated


19

TPS Version Change

Progress DataDirect Connect for JDBCMySQL Driver

5.1.4.0231 Added

Progress DataDirect Connect for JDBCSQL Server

6.0.0 Added

Progress DataDirect Connect for JDBCSybase Driver

5.1.4.0231 Added

Progress DataDirect for JDBC forOracle Driver

6.0.0 Added

Quartz Enterprise Job Scheduler 2.3.0 No Change

RELAX NG Datatype API 2.3.2 Added

RSyntaxTextArea 2.6.1 No Change

Simple Logging Facade for Java 1.7.26 Updated

Simple Logging Facade for Java 1.7.5 Added

Spring Framework 5.1.5 RELEASE Updated

Spring Plugin 1.2.0.RELEASE No Change

Spring Security Removed

SpringFox 2.9.2 No Change

Stax2 API 3.1.4 Updated

Swagger Annotations 1.5.20 No Change

Swagger Models 1.5.20 No Change

TIBCO Drivers 1.7.0 Added

Web Services Description Language forJava Toolkit

1.6.3 No Change

Yammer Metrics Core Library 4.0.3 No Change

jQuery 3.3.1 Updated

javax.cache JSR107 API and SPI 1.0.0 No Change

rngom 2.3.2 Added

toastr 2.1.3 No Change

Closed Issues

The following table lists important closed issues in version 10.3 of Spotfire Server.


20

10.3.8, March 2020

Key Summary

TSS-26630 When an external update (load/update analysis) for anexisting rule was triggered, the request was processed thesame as a scheduled update rule (it considered both load andunload cases).

TSS-26730 Spotfire Server could trigger many DNS requests in certainscenarios. If DNS resolving was temporarily slow orotherwise unstable, this issue could cause many threads to beused and potentially make Spotfire Server unresponsive forcertain operations.

TSS-26734 In some cases, idle connections in database connection poolswould not expire, leading to the size of the connection poolremaining high, even if the server load decreased.

TSS-26735 To improve performance and reduce the negative effects of adatabase with poor performance, locking has been reducedin the database connection pool.

TSS-26741 In Scheduling and routing, the Activity view could failto show activities and fail with the error Cannot readproperty 'toLowerCase' of null.

10.3.7, February 2020

Key Summary

TSS-26542 The Ignite working directory is now set to <installationdir>/tomcat/temp/ignite.

TSS-26577 After upgrading to Spotfire version 7.11.x or 10.x, theconfiguration tool could not connect to LDAPS servers. Thisissue has been fixed.

TSS-26579 Spotfire Server has improved handling certificates forSSL/TLS communication. Instead of adding everything toone trust store, each server to be trusted can have its ownkeystore file. See the TIBCO Spotfire Server Administrationand Configuration Guide for more information. See"Changes in Functionality" for more information.

TSS-26586 An analysis in Spotfire Web Player failed to trust scripts orqueries if the analysis contained a large number of scripts orqueries. This issue has been fixed.

TSS-26594 The configuration parameter --referral-mode-root-dsehas been added to the configuration commands create-ldap-config and update-ldap-config. This parameterspecifies how LDAP referrals should be handled whenlooking up the RootDSE.

TSS-26659 Scheduling and Routing Saved Schedules did not showcorrectly-checked days between sessions.


21

10.3.6, February 2020

Key Summary

TSS-26479 The Scheduled Update cache cleared in less than thespecified time when it was triggered externally using theUpdateAnalysisService web service. This issue has beenfixed.

TSS-26485 Previously, a rule without a schedule would not allow ananalysis file to open if the set-config-prop configurationoption deny-open-when-not-scheduled was enabled. Thisissue has been fixed.

TSS-26586 An analysis in Spotfire Web Player failed to trust scripts orqueries if the analysis contained a large number of scripts orqueries. This issue has been fixed.

10.3.5, December 2019

Key Summary

TSS-26166 The memory consumption of the command find-analysis-scripts has been reduced.

TSS-26215 Service status change communication was incorrectly failingqueued jobs even when the service status was not stopped orrestarted. This issue has been fixed.

TSS-26219 In some cases, for scheduled updates, the end time did notcorrespond to the right time of failure.

TSS-26287 The find-analysis-scripts command would previouslynot list files that contained inline scripts but no other scripts,data functions, or customer queries. It now lists these files.

TSS-26292 Fixed issue where scheduled updates were not triggereddue to previous cancel/unload requests that did not finishprocessing.

TSS-26309 When you imported an Information Services data sourcetogether with a cached information link with a cachevalidation query, and the data source had changed ID (dueto conflicts) during the import, then the reference from thecache validation query was not properly remapped. Thisissue has been fixed.

TSS-26314 The sort icons in the Library Browser displayed the reverseof the sort order.

10.3.4, October 2019

Key Summary

TS-26139 Concurrent requests in a unauthenticated session (forexample after an absolute session timeout) could fail due toinsufficient synchronization.


22

Key Summary

TSS-25893 Previously, you could search for users only by display namewhen adding members to a group. You can now also searchby user name.

TSS-25913 Upgrade logs are now included in the troubleshootingbundle.

TSS-25943 The User Action Log example analysis contained a faultycalculation of the size and retrieval time for informationlinks.

TSS-25946 Searching for rules in the Scheduling & Routing app beforeall rules had been loaded resulted in an error message.

TSS-25972 In some circumstances, an error could occur when theoverview in Scheduling and Routing was listed.

TSS-25988 In some cases, processing automation services jobs couldbe paused if scheduled updates were running at the sametime. This issue was addressed by ensuring that automationservices jobs and scheduled updates could run in parallel.

TSS-26022 When a server appeared offline but did not go completelyoffline, scheduled jobs/scheduled updates were triggeredtwice: one request from the old server that had the job, andanother request, from the other server, that picked up the job.This issue has been fixed.

TSS-26033 If your server used a DataDirect driver to connect to aSpotfire Server database, and if you had either NTLM orKerberos authentication on that database, then the Upgradetool would construct an invalid URL when upgrading theserver.

TSS-26034 If an invalid refresh token was supplied to the OAuth2 TokenEndpoint, then a "server error" (HTTP status 500) would bereturned instead of a "client error" (HTTP status 400) with thecorrect error information.

TSS-26037 Filtering on dates in Scheduling & Routing Activity tab in theAdmin UI sometimes gave wrong results depending on thetime zone of the user.

TSS-26060 Canceling a scheduled update through the Spotfire WebServer could fail. This issue has been fixed.

TSS-26065 The status of services could become incorrect due to loststatus messages, potentially leading to uneven distribution ofload or service outages.

TSS-26073 Information about sessions.log has been added to thelogging documentation.

TSS-26083 Spotfire Server and Node Manager certificates (used forbackend communication) are now renewed more readily (ifless than half of the certificate's validity period remains), toreduce the risk of service outages.


23

10.3.3, August 2019

Key Summary

TSS-25735 An issue with the Linux startup scripts that caused a failureto load native libraries from spotfire-ext/ was fixed.

TSS-25747 The find-analysis-scripts command in some cases used morememory than necessary during the initialization phase.

TSS-25790 Characters were not properly displayed in the configurationtool for Japanese, Korean, and Chinese.

10.3.2, July 2019

Key Summary

TSS-25558 Occasionally, scheduled update jobs were queued to run butwere never processed.

TSS-25560 As of Spotfire version 10.0, the action log documentationincorrectly indicated that for the category 'routing_rules',action 'delete', entry 'arg1', the rule name was displayed. Theentry 'arg1' is currently unused for the 'delete' action.

TSS-25601 When upgrading to version 10.3.1, the upgrade tool failed(with an exception in the log) when a server from which tocopy the configuration was not specified.

TSS-25634 When connecting to a Microsoft SQL Server configured forNTLM authentication using the Microsoft JDBC driver, theupgrade tool failed with the message "Unable to connect tothe database: This driver is not configured for integratedauthentication".

10.3.1, June 2019

Key Summary

TSS-25267 Web Player users who did not have the library permissionsnecessary to complete their task were not informed of this ina timely manner.

TSS-25364 When the server health URL was enabled, load balancersin the Spotfire implementation were not informed of servershutdowns in a timely manner.

TSS-25395 Paged out attachments consumed too much memory.

10.3.0, May 2019

Key Summary

TSS-9978 The upgrade tool did not copy all data source drivers fromthe previous version of Spotfire Server to the new version.

TSS-21020 It was possible to accidentally disable built-in systemaccounts, which could cause communication problemsbetween a Spotfire Server and backend services.


24

Key Summary

TSS-21982 During an upgrade, the server logging level from theprevious version was not retained.

TSS-22367 In the library browser on the web client, clicking Delete ona data file did not delete the file if the data was linked to ananalysis file.

TSS-23931 Enabling the customHeader setting in theSpotfire.Dxp.Worker.Web.config file did not take effecton the Web Player.

For more information, see Changes in Functionality.

TSS-24556 The instructions for upgrading the server now indicate thatthe Spotfire upgrade tool should be run before a hotfix isapplied.

TSS-24557 Some delete operations failed when two or more scheduledupdate rules were deleted in succession, or two or moreadministrators deleted scheduled update rules in separateinstances of the administration UI at the same time.

TSS-24606 Job requests were not being sent because the previousrequest was not being processed correctly.

TSS-24631 During the server shutdown process, warning messages mayhave appeared in the logs if a user was trying to work on theserver.

TSS-24879 Services did not start if the node manager installation pathcontained spaces.

TSS-24890 The instructions for using the config-ntlm-auth commandto create a global NTLM configuration without serviceaccount credentials specified did not work. The tool has beencorrected and the documentation has been updated.

TSS-25051 The server stopped accepting TLS handshakes (on thefrontend) after a troubleshooting bundle was generated.

TS-58871 Pages shown when using web authentication (externalauthentication or OAuth2 authentication) were not alwaysshown in the correct language.

TS-59583 For an unresponsive web player, a large troubleshootingdump was captured by default, instead of a small dump.

TS-59628 When web authentication (OpenID/OAuth2) is used onSpotfire Server, clients were not able to log in if FIPScompliance was enabled on Windows.

Known Issues

The following table lists known issues in version 10.3 of Spotfire Server.


25

Key Summary

none When upgrading from a 7.0 implementation that includesSpotfire Server and Spotfire Web Player, there is nobackward compatibility for the web client URL to RSS.ashx.

none If your Spotfire implementation uses Web authenticationthrough OpenID Connect or custom web authentication,Spotfire Package Builder cannot be used to deploy extensionsto the server.

Workaround: Deploy the extension package by using theDeployments & Packages area of Spotfire Server.

TSS-16445 In Monitoring & Diagnostics, the Automation Services pagedisplays a maximum of 300 jobs, beginning with the mostrecent.

Workaround: To view older jobs, use the Search box.

TSS-21408 In Spotfire environments with an Oracle database, Spotfireoccasionally uses more cursors than are available. This canoccur in a variety of situations, but in all cases the followingerror appears in the server log: ORA-01000 maximum opencursors exceeded, and the server stops functioning. If thisoccurs, try setting the OPEN_CURSORS property in Oracle to atleast 500, and then restart the server.

TSS-23602 In the Automation Services area of the administrationinterface, if an Automation Services job is in theIN_PROGRESS state, and all of the servers in the clusterstop running or are restarted, the job will remain in theIN_PROGRESS state in the Activity view even after theservers are back online.

Workaround: Clear the job activity from the Activity viewby selecting the activity and then clicking Actions > Clearselected activity.

TSS-25194 When setting up Kerberos authentication, the configurationoptions that are documented in the help topic "Disablingthe username and password fields in the Spotfire Analystlogin dialog" prevent Spotfire Analyst users from beingable to log in. (The procedure directs the administrator toenter --allow-user-provided-credentials=false inthe command-line tool, or to select the Never display logindialog check box option in the configuration tool.)

Workaround: If you are using the command-line tool, entera different value for the --show-login-dialog=valueoption. If you are using the configuration tool, select adifferent option for the Display login dialog field.

To access the Display login dialog field, follow these steps:

1. In the configuration tool, go to the Configuration page.

2. In the left pane, click Login Dialog.


26

Key Summary

TS-58033 In the following situation, Spotfire users cannot view certainanalysis files in the web client:

● The user is authenticated using Kerberos withdelegation.

● The user wants to view an analysis that accesses a TERRnode.

Workaround: Load the MMC snap-in and give Readpermission to users.

Procedure:

1. On the computer running the TERR node manager, opena command window as an administrator.

2. Enter mmc.

3. In the Console dialog that opens, click File > Add/Remove Snap-ins.

4. In the Add or Remove Snap-ins dialog, selectCertificates and click Add.

5. In the Certificates snap-in dialog, select Computeraccount and click Next.

6. In the Select Computer dialog, click Finish.

7. In the Add or Remove Snap-ins dialog, click OK.

8. In the Console Root window, click Certificates (LocalComputer) to view the certificate stores for thecomputer.

9. Go to Certificates (Local Computer)\Personal\Certificates, and then right-click the certificate that wasissued by "TIBCO Spotfire Signing CA".

10. Select All Tasks > Manage Private Keys.

11. In the Permissions dialog, under Group or user names,select a group that contains all Spotfire users that need torun analyses using the TERR service.

12. Under Permissions for Name, select the Allow checkbox in the Read row, and then click OK.

13. In the Spotfire administration interface or in theWindows Services dialog, restart the Web Player node.


TIBCO Spotfire Server Release Notes

Documents