Oracle REST Data Services 18.2.0.r1831332

Release Notes

Date: July 2018

Oracle REST Data Services on OTN | Downloads | Forum

Support

• You are supported by Oracle Support under your current Oracle Database Support license for Oracle REST Data Services production releases .

• Log Oracle REST Data Services bugs and issues using My Oracle Support.

  • For problems specific to SODA for REST, file a service request using "Oracle XML Developers Kit" as the product.
  • For all other problems, use "Oracle REST Data Services" as the product.

Documentation

• Documentation for this release is provided on the OTN web site. Click here to view the documentation.
• Documentation on using SODA for REST is provided on OTN here.

Getting Started

• A tutorial on getting started with developing RESTful Services is included in the product documentation , in the book titled 'Oracle® REST Data Services Quick Start Guide'.

Feedback

• You can discuss issues on the forums.
  • Be sure to use clear subject lines to initiate a thread. Provide a complete and clear description of the issue, including steps to reproduce the issue.
  • Try to avoid using old, unrelated threads for a new issue.

Important Changes to Note

Supported WebLogic Version

Oracle REST Data Services is compatible with Oracle WebLogic 12.2.1.3 and later. It is not compatible with older versions of Oracle WebLogic.

Improved PDB URL Mapping for ORDS_PUBLIC_USER pools

In previous releases automatic URL mapping to each PDB connected to a CDB could be achieved using the db.serviceNameSuffix setting. However this approach requires between 1 and 4 pools per PDB, meaning that it does not scale to large numbers of PDBs. In this release ORDS will detect when it is connected to a CDB and use a single pool to switch between each PDB connected to the CDB. Note this feature only works for ORDS_PUBLIC_USER pools. ORDS_PUBLIC_USER must be installed as a common user in the CDB.

Authenticate Application Express Users with ORDS based REST Services

For APEX based REST Services it has always been possible to authenticate requests using users in the relevant APEX workspace's user repository. This release introduces the same ability for any ORDS based REST Services defined in the database schema associated with the APEX workspace.

HTTP Basic dynamic authentication for PL/SQL Gateway requests

To facilitate customers migrating from Oracle mod_plsql to Oracle REST Data Services, this release introduces support for authentication of database users using HTTP Basic Authentication. This functionality is equivalent to the Basic authentication mode in mod_plsql where the database user name and password are omitted from the mod_plsql DAD.

For performance and security reasons we strongly advise customers not to use database authentication in general. The only way to validate a database password is by creating a connection to the database, which is very expensive. Database passwords are often weak and poorly chosen on the assumption that they are not accessible from the web. The HTTP Basic Authentication scheme lacks a mechanism for terminating (logging out) a user session. The only way to end the session is to close the Browser window/tab.

The only scenario where using database authentication is acceptable is for migrating existing applications from mod_plsql that are reliant on database authentication, and the database is appropriately configured with a strong password strength and expiration policy.

You can learn more about this feature in the tutorial located here.

Changes to Installation in CDB$ROOT

As of release 18.2.0, ORDS no longer installs it's ORDS_METADATA schema into the CDB$ROOT container. Now only the ORDS_PUBLIC_USER common user is installed in the CDB$ROOT (and ALL PDBs connected to the CDB). The ORDS_METADATA schema is installed in each PDB connected to the CDB. This aids future upgrades of ORDS, minimizing downtime as the CDB and PDBs will no longer need to be all taken offline at the same time for an ORDS upgrade.

The installation changes are supported for Oracle database 12.1.0.2 and later in this release.

Disabling/enabling PDB Lockdown Profile during install/upgrade

For Oracle database 12.2.0.1 or later, the installer will check if the PDB initialization parameter PDB_LOCKDOWN contains a PDB lockdown profile. If a PDB lockdown profile exists, then it will disable the PDB lockdown profile during ORDS install or upgrade, and will enable it when the install or upgrade completes.

If you do not want the ORDS installer disabling the PDB lockdown profile during ORDS install or upgrade, then you can set the pdb.disable.lockdown property to false in the ORDS parameter file:

pdb.disable.lockdown=false

Removal of Oracle NoSQL Support

Support for Oracle NoSQL Database has been removed in this release.

Supported Java Version

Oracle REST Data Services requires Java 8 or later. Java 7 is no longer supported. Please consult the documentation for the minimum supported Application Server versions for ORDS.

Changes in 18.2.0

The following changes and enhancements have been made since 18.1.1:

Issues Fixed in 18.2.0

• BUG:28225327 - Update the examples in examples/soda/getting-started/ for the SODA feature
• BUG:28207743 - Fix resource leaks during AutoREST procedure invocation
• BUG:28094268 - Fix problem with serving of refreshed APEX static resources on Firefox & Edge
• BUG:28071398 - Address issue in ICAP functionality causing interoperability problem with McAfee virus scanner
• BUG:28207044 - Remove the previously deprecated ords-scripts command
• BUG:27916398 - Fix regression preventing dispatching of ORDS REST Services in APEX workspace where schema name not same as workspace name
• BUG:28000102 - Gracefully shutdown Standalone Mode, by waiting a short period to complete in flight requests when shutting down
• BUG:27992366 - Fix regression causing unintended Basic Authentication browser prompt during OAuth Token approval flow
• BUG:28000102 - Gracefully shutdown Standalone Mode, by waiting a short period to complete in flight requests when shutting down
• BUG:27994227 - Uptake version 9.4.10 of third party Jetty Library
• BUG:27994221 - Uptake version 2.9.5 of third party Jackson library
• BUG:27916570 - Handle migration of APEX based REST services with null URI prefix
• BUG:24941023 - Change what kind of URL paths are rejected by ORDS, only path traversal attacks are rejected now
• BUG:28043792 - Support RAW data type for REST Enabled SQL
• BUG:28086691 - Fix regression that prevents PL/SQL Gateway file uploads working (with NoClassDefFoundError)
• BUG:27882996 - Fix regression that prevented db.password values prefixed with ! being encrypted
• BUG:28072133 - Fix issue with OAuth client icons not displaying in approval prompt
• BUG:27987547 - Fix premature removal of deprecated db.serviceNameSuffix related functionality
• BUG:28130669 - Ensure ORDS_METADATA schema password matches Oracle Database 18.1 complexity rules
• BUG:28130678 - Disable/Enable PDB lockdown profile during install
• BUG:28130669 - ORA-28003 Error during install on Oracle Database 18.1
• BUG:27832443 - Reduce size of Error Page by eliminating unused CSS

New Features in 18.2.0

• ENH:28180268 - Require Migration of ORDS_METADATA schema in CDB to PDB
• ENH:28149866 - Enable APEX workspace users to authenticate against ORDS based REST services
• ENH:28069808 - Detect when pool is pointing at a CDB service and auto enable URL mapping to each PDB connected to CDB

Changes in 18.1.1

The following changes and enhancements have been made since 18.1.0:

Issues Fixed in 18.1.1

• BUG:27165873 - Fix issue with ORDS.DELETE_CLIENT failing
• BUG:27540028 - Migrate CDB install to PDB install
• BUG:27505895 - Multithreading issue when dispatching resource modules under load
• BUG:27456593 - Issue with first part token session not expiring correctly
• BUG:27391040 - APEX OAuth Clients are forced to Token Response type when edited and saved
• BUG:26881221 - Fix regression preventing authentication of Tomcat based users

New Features in 18.1.1

• ENH:27741103 - Support HTTP Basic dynamic authentication for PL/SQL Gateway calls

Changes in 18.1.0

The following changes and enhancements have been made since 17.4.1:

Issues Fixed in 18.1.0

• BUG:27375052 - Eliminate need for --add-modules javax.xml.bind when running ORDS on JDK 9
• BUG:27374997 - Fix regression causing ORDS not to function on WebLogic 12C out of the box

New Features in 18.1.0

None

Changes in 17.4.1

The following changes and enhancements have been made since 17.4.0:

Issues Fixed in 17.4.1

• BUG:27282496 - Fix regression causing error during install: ERROR DURING COMPILATION: PACKAGE ORDS_MIGRATE ORA-24344

New Features in 17.4.1

None

Changes in 17.4.0

The following changes and enhancements have been made since 3.0.11:

Issues Fixed in 17.4.0

• BUG:27153303 - Change installer to prompt for SYS user password, instead of misleading prompt for any SYSDBA user, which only works on 11.2 or earlier
• BUG:27122800 - Rework OAuth UI to use Oracle JET
• BUG:26992910 - Include APEX REST Services migration logic in schema install
• BUG:26839669 - Address handling of CLOB strings in REST Enabled SQL
• BUG:26830673 - Ensure error message is displayed on startup if a pool is misconfigured
• BUG:26800638 - Fix regression introduced in 17.3 Beta that prevented PDF functionality in APEX working
• BUG:26790372 - Fix issue with result values in REST Enabled SQL
• BUG:26731570 - Upgrade to Apache XML Graphics 2.2
• BUG:26731475 - Upgrade to Apache FOP 2.2
• BUG:26718269 - Address ORA-01000: Maximum Open Cursors Exceeded when using Application Express 4.2
• BUG:26720712 - Fix regression introduced in 17.3 Beta that caused a stacktrace to be displayed when shutting down ORDS in standalone mode
• BUG:26735250 - Fix regression introduced in 17.3 Beta that caused some describes links in metadata-catalog to give 404 Not Found status
• BUG:26735352 - Fix regression introduced in 17.3 Beta that caused describedby links in resources to give 404 Not Found status
• BUG:26723675 - Fix regression introduced in 17.3 Beta that caused an empty document to be produced for describedby link of AutoREST enabled table/view items

New Features in 17.4.0

• ENH:26718429 - REST Enabled SQL Service. Provides a secure mechanism to POST SQL scripts to be executed in the context of an ORDS enabled database schema
• ENH:26718645 - Open API (aka Swagger) support for metadata catalog.

Known Issues

NoSQL Database Support

Support for Oracle NoSQL Database has been removed in this release.

SODA

• None

JDK Support

• ORDS will run and is supported on JDK 9 however the only supported way to use ORDS on JDK 9 is by running it in standalone mode, as currently neither Oracle WebLogic or Glassfish are certified for use with JDK 9, and ORDS has not yet been certified on Apache Tomcat on JDK 9.

• From ORDS 18.1.0 and later you can launch ORDS on JDK 9 by just typing:

  java -jar ords.war <command-name>

  • The requirement in 17.4 to use the --add-modules java.xml.bind command line argument has been eliminated

Autogenerated REST Endpoints

• AutoRest resources support the OAuth 2.0 Client Credentials flow only.

RESTful Services

• Application Express workspaces do not support first party authentication, and therefore do not support the /sign-in/ interactive sign in form. Accessing /sign-in/ in APEX workspaces will produce a 404 status.