Merge remote-tracking branch 'origin/master' into feature/attributes-…

…as-polystrings # Conflicts: # infra/schema/src/main/java/com/evolveum/midpoint/schema/processor/ResourceAttributeDefinitionImpl.java # testing/story/testng-integration.xml
Evolveum · Jan 8, 2024 · 2aa298f · 2aa298f
2 parents f3ec4e5 + 890a3cf
commit 2aa298f
Show file tree

Hide file tree

Showing 216 changed files with 4,372 additions and 3,811 deletions.
diff --git a/config/false-positives.xml b/config/false-positives.xml
@@ -289,4 +289,34 @@
     </notes>
     <cve>CVE-2020-11023</cve>
   </suppress>
+  <suppress>
+    <notes>
+      False Positive. midPoint does not use LDAP CertStore for certificate validations. 
+    </notes>
+    <cve>CVE-2023-33201</cve>
+  </suppress>
+  <suppress>
+    <notes>
+      False Positive. Default tomcat application is not exposed.
+    </notes>
+    <cve>CVE-2023-41080</cve>
+  </suppress>
+  <suppress>
+    <notes>
+      False positive. Okio is not used in midPoint directly, Okio is used only in ninja tool
+    </notes>
+    <cve>CVE-2023-3635</cve>
+  </suppress>
+  <suppress>
+    <notes>
+      False Positive. MidPoint does not use xmlsec with debug logging enebaled.
+    </notes>
+    <cve>CVE-2023-44483</cve>
+  </suppress>
+  <suppress>
+    <notes>
+      False Positive. MidPoint does not use logback in a way leading to vulnerability.
+    </notes>
+    <cve>CVE-2023-6378</cve>
+  </suppress>
 </suppressions>
diff --git a/config/initial-objects/role/040-role-enduser.xml b/config/initial-objects/role/040-role-enduser.xml
@@ -275,6 +275,45 @@
                 <identifier>history</identifier>
                 <visibility>hidden</visibility>
             </panel>
+            <panel id="42">
+                <identifier>personas</identifier>
+                <visibility>hidden</visibility>
+            </panel>
+            <panel id="43">
+                <identifier>focusTriggers</identifier>
+                <visibility>hidden</visibility>
+            </panel>
+            <panel id="44">
+                <identifier>password</identifier>
+                <visibility>hidden</visibility>
+            </panel>
+            <panel id="45">
+                <identifier>assignments</identifier>
+                <panel id="46">
+                    <identifier>constructionAssignments</identifier>
+                    <visibility>hidden</visibility>
+                </panel>
+                <panel id="47">
+                    <identifier>indirectAssignments</identifier>
+                    <visibility>hidden</visibility>
+                </panel>
+                <panel id="48">
+                    <identifier>dataProtectionAssignments</identifier>
+                    <visibility>hidden</visibility>
+                </panel>
+                <panel id="49">
+                    <identifier>orgAssignments</identifier>
+                    <visibility>hidden</visibility>
+                </panel>
+                <panel id="50">
+                    <identifier>roleAssignments</identifier>
+                    <visibility>hidden</visibility>
+                </panel>
+                <panel id="51">
+                    <identifier>serviceAssignments</identifier>
+                    <visibility>hidden</visibility>
+                </panel>
+            </panel>
         </selfProfilePage>
     </adminGuiConfiguration>
 </role>
diff --git a/config/sql/generic/h2-4.6-all.sql → config/sql/generic/h2-4.9-all.sql b/config/sql/generic/h2-4.6-all.sql → config/sql/generic/h2-4.9-all.sql
diff --git a/config/sql/generic/h2-upgrade-4.5-4.6.sql b/config/sql/generic/h2-upgrade-4.5-4.6.sql
diff --git a/config/sql/generic/h2-upgrade-4.8-4.9.sql b/config/sql/generic/h2-upgrade-4.8-4.9.sql
diff --git a/config/sql/generic/oracle-4.6-all.sql → config/sql/generic/oracle-4.9-all.sql b/config/sql/generic/oracle-4.6-all.sql → config/sql/generic/oracle-4.9-all.sql
diff --git a/config/sql/generic/oracle-upgrade-4.5-4.6.sql b/config/sql/generic/oracle-upgrade-4.5-4.6.sql
diff --git a/config/sql/generic/oracle-upgrade-4.8-4.9.sql b/config/sql/generic/oracle-upgrade-4.8-4.9.sql
diff --git a/config/sql/generic/sqlserver-4.6-all.sql → config/sql/generic/sqlserver-4.9-all.sql b/config/sql/generic/sqlserver-4.6-all.sql → config/sql/generic/sqlserver-4.9-all.sql
diff --git a/config/sql/generic/sqlserver-upgrade-4.5-4.6.sql b/config/sql/generic/sqlserver-upgrade-4.5-4.6.sql
diff --git a/config/sql/generic/sqlserver-upgrade-4.8-4.9.sql b/config/sql/generic/sqlserver-upgrade-4.8-4.9.sql
diff --git a/docs/admin-gui/admin-gui-config/index.adoc b/docs/admin-gui/admin-gui-config/index.adoc
@@ -37,7 +37,7 @@ It can be used to point the user to other services in your deployment.
 
 * `*preferredDataLanguage*`: (since midPoint 3.6) Defines the data language that will use used by the user interface to display content of objects (XML, JSON or YAML)
 
-* `*feedbackMessagesHook*`: Script hook configuration which can be used to modify operation results shown in GUI.
+* `*feedbackMessagesHook*`: Configuration for modifying of feedback messages showed in GUI.
 
 Since midPoint 4.4, the look and feel of GUI has been significantly changed. The aim was to provide better user experience and more configuration options. The old look is still available in midPoint for preview. It can be turned on in adminGuiConfiguration setting `useNewDesign` property to _false_. However, bugs and improvements will be fixed and implemented only for the new look and the old look will be completely removed in release 4.6. Old look is no more supported in 4.4. Please, migrate your configuration as soon as possible.
 
@@ -1851,8 +1851,10 @@ However, the authorizations and the admin GUI configuration work together in sev
 E.g. end-users and administrators, both have the `basic` panel in the profile visible, but the attributes which are seen by end-users or administrators might differ.
 
 == Feedback Messages Hook
+Feedback messages hook configures operation result shown in GUI. Contains elements 'operationResultHook' and 'stackTraceVisibility'.
 
-Feedback messages hook configuration allows operation result preprocessing before it's shown in GUI.
+=== Operation Result Hook
+'operationResultHook' attribute allows operation result preprocessing before it's shown in GUI.
 Currently processed OperationResultType is set as "input" variable available in script.
 Script should return OperationResultType.
 If script returns null, then result is dropped and not shown on page.
@@ -1894,6 +1896,19 @@ To see changes made in this part of configuration, user needs to do logout/login
 </adminGuiConfiguration>
 ----
 
+=== Stack Trace Visibility
+'stackTraceVisibility' attribute configure visibility for stack trace in feedback messages of GUI.
+Relevant values are 'visible' and 'hidden'. Default value is 'visible'.
+
+[source,xml]
+----
+<adminGuiConfiguration>
+   <feedbackMessagesHook>
+      <stackTraceVisibility>hidden</stackTraceVisibility>
+   </feedbackMessagesHook>
+</adminGuiConfiguration>
+----
+
 == Customizing classpath scanning
 
 Different panels and pages are searched via annotations on classes, e.g. `@PageDescriptor`, `@PanelInstance`, and others.

diff --git a/docs/admin-gui/look-feel-customization-pre-4.6.adoc b/docs/admin-gui/look-feel-customization-pre-4.6.adoc
diff --git a/docs/admin-gui/look-feel-customization.adoc b/docs/admin-gui/look-feel-customization.adoc
@@ -32,7 +32,7 @@ Simple style and javascript changes can be done via maven overlay by adding cont
 
 These files are empty by default and are linked last on midPoint web pages.
 
-For more details see xref:../../devel/gui/gui-development-guide.adoc#styles-and-javascript[GUI development guide].
+For more details see xref:/midpoint/devel/gui/gui-development-guide.adoc#styles-and-javascript[GUI development guide].
 
 == Quick customization
 
@@ -105,4 +105,4 @@ AdminLTE supports few theme colors:
     <headerColor>#444</headerColor>
     <skin>secondary</skin>
 </deploymentInformation>
-----
+----
diff --git a/docs/cases/approval/index.adoc b/docs/cases/approval/index.adoc
@@ -10,7 +10,7 @@
 :page-upkeep-status: red
 :page-upkeep-note: Old approvals vs new approvals
 
-Approval is perhaps the most frequently used type of xref:/midpoint/reference/cases/workflow-3/[workflow] in the IDM solutions.
+Approval is perhaps the most frequently used type of workflow in the IDM solutions.
 It is used so often that the approval process has a special place in midPoint.
 The approval mechanisms are pre-defined and pre-configured in such a way that it is easy to implement majority of approval scenarios by simply using declarative approach.
 Workflow process modeling is almost never needed.
@@ -96,12 +96,10 @@ Although it was - in some form - present also in midPoint 3.4.1 and earlier (usi
 
 == See Also
 
-* xref:/midpoint/reference/cases/workflow-3/[Workflows (midPoint 3.x)]
-
 * xref:/midpoint/reference/roles-policies/assignment/[Assignment]
 
 * xref:/midpoint/reference/roles-policies/policy-rules/[Policy Rules]
 
 * xref:/midpoint/reference/roles-policies/role-lifecycle/[Role Lifecycle]
 
-* xref:/midpoint/reference/misc/deputy/[Deputy]
+* xref:/midpoint/reference/misc/deputy/[Deputy]