WaveMaker app security configuration has now migrated from XML-based configuration to Java-based configuration. In earlier versions, the Java beans generated during any security change, using security dialog, used to get saved in the project-security.xml file. With this release, WaveMaker 11.4, project-security.xml and securityService.properties files will be removed from the project and the Java beans will be generated dynamically in the WaveMaker runtime.

Enabling AA Compliance for web apps built with WaveMaker requires a concerted effort to implement various accessibility standards across our 100+ widget collection. By following WCAG guidelines, using semantic markup, prioritizing keyboard accessibility, ensuring color contrast, providing alternative text for images, and implementing ARIA attributes, developers can create an inclusive and accessible platform for users of all abilities. Continuous testing, documentation, and training further contribute to the platform's commitment to accessibility and enable a seamless and enriching experience for all users.

Although Accessibility is designed for people with disabilities, it helps everyone in general. Accessibility promotes usability. Everyone, in general, can benefit from clear instructions, opportunities to correct form errors, simple visual layouts, high color contrast, and the option to read a transcript or captions to a video or audio recording. Accessibility often describes hardware and software designed to help those who experience disabilities.

We are excited to announce the upcoming release of WaveMaker Version 11.4, which will introduce various new features and improvements. With this release, we end our support for WaveMaker 10 projects.

Upon launching WaveMaker 11.0 on June 6th, 2022, our users were provided with the flexibility to work on WaveMaker 10 projects while undertaking the upgrade process to WaveMaker 11, using our Multi-version Studio. With 11.4 release, we are disabling the support for the above facility and auto-upgrading the projects to WaveMaker 11.

TLS (Transport Layer Security) is an encryption protocol that encrypts all the information communicated between the client and the server. Mutual TLS is an additional configuration in which the server and client authenticate each other, and only then is the connection established. This blog explains in detail what MTLS (Mutual Transport Layer Security) is and why it is used.

In this blog we talk about how to make any WaveMaker application Observable by applying OpenTelemetry, Zipkin. While accelerating application development, WaveMaker's generated code allows easy integration with best of the breed tools and applying devops best practices while operating the app in production a cinch.

A new zero-day vulnerability was reported in the Spring library on 29th March 2022, affecting the library versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and older versions. The vulnerability impacts Spring MVC applications running on JDK 9+.

Spring has released a new version on 31st March 2022, 5.3.18, which fixes the vulnerability. The specific exploit requires the application to run on Tomcat as a WAR deployment. The blog post added by Spring has more details about the vulnerability.

Security Assertion Markup Language (SAML) is an XML-based open standard for exchanging authentication and authorization data between different parties. The SAML exchanges are usually between

• Identity provider (IdP) - producer of assertions, and
• A service provider (sp) - the consumer of assertions.

The identity provider could be any vendor like ADFS, OneLogin, Okta etc. which supports SAML-based Single Sign-On (SSO). The service provider is your WaveMaker application which makes use of Identity Provider to enable single sign-on across all your WaveMaker applications.

WaveMaker application encloses a pom.xml. It maintains the build resources, including filters, profiles, repositories, plugin management, dependencies, and user customizations.

You would have to edit pom.xml when changing the dependency versions or add custom configurations for immediate fixes when needed. When you keep adding these configurations, it lengthens the generated pom.xml with the details of the application configurations and the Studio configurations that the developers only sometimes need access to. For this reason, the pom structure has been remodeled to inherit from the parent pom, making it easy to read and manage the code.

Earlier in this blog, we announced ending support of WaveMaker 9 (WM) Projects. WaveMaker offered support to manage individual versions of your app with our multi-version control system so that you could simultaneously work on both WM 9 and WM 10 projects. One of the key differences between the WM 9 and WM 10 is moving from AngularJS to Angular 11.

Angular laid its plan in January 2018 for the final releases of AngularJS before entering long-term support (LTS) and extended the LTS due to the global pandemic until December 31, 2021. As we reach the end of life of AngularJS, we officially withdrew support of WM 9 projects starting WM 10.12 release planned for February 2, 2022. As a result, the existing WM 9 projects get archived.

In WaveMaker 10.10, Cordova-android is upgraded to 10.1.0. With that change, it is observed that third-party cookies are not getting stored on the WebView. Cookies are required for WaveMaker authentication. So, a plugin wm-cordova-plugin-advanced-http was used to make ajax calls instead of browser XHR. Following are the drawbacks of using the plugin.

• All network calls are logged into the console of chrome dev tools instead of the network tab.
• There are gaps between plugin API and XmlHttpRequest. Some of these gaps are addressed in the WaveMaker platform to make it work in WaveMaker without any changes in the existing code.

In WaveMaker 10.11, another method is implemented to solve the cookie problem.