WorkflowGen 7.15.2 requires .NET 4.6.1, so you must install it before proceeding with this upgrade. .NET Framework and ASP.NET 4.7.2 are supported for runtime and webform development.
As of version 7.15.0, the SMTP server account and Remote Approval incoming server account passwords are no longer encrypted in the
Before upgrading an existing WorkflowGen server, you must manually reset the passwords in cleartext for the
RemoteApprovalIncomingServerPassword parameters in the
web.config. Alternately, you can use the provided
convert-web-config-pwd.ps1 PowerShell script in
\wfgen to decrypt and convert the passwords in the
Microsoft SQL Server 2008 is no longer supported as of WorkflowGen version 7.10.0. While SQL Server 2008 will still be compatible with WorkflowGen, support for any performance issues or bugs resulting from using SQL Server 2008 will no longer be provided.
For clients currently hosting WorkflowGen on a database server older than MS SQL 2012 or Oracle 12c, we highly recommend upgrading to MS SQL Server 2016/2017 or Oracle 12c for the best performance and to support JSON native data fields that will be used in future WorkflowGen releases.
Important: This database compatibility upgrade is mandatory before migrating the WorkflowGen database from MS SQL Server 2005/2008 R2 to 2012 and above.
To do this, launch the
Update\Databases\MsSQLServer\Update_WFG-V7-0_SQL_Triggers_2012.sql database update script in your SQL Server Management Studio tool.
The Node.js modules include the GraphQL API, webhooks, SCIM, and Auth.
Upgrade Node.js to version 10.15.3 (see https://nodejs.org/download/release/v10.15.3/).
Using a command line tool, run
npm install --production in
\wfgen\auth, since there have been changes to dependencies.
Important: Make sure Node.js is installed and upgraded to version 10.15.3 (see the above section) before you do this, since
npm is a Node.js command.
When upgrading from version 7.x.x, you must remove the deprecated
\wfgen\graphql\models\resolvers\cancelactionsresult.js resolver file from the GraphQL API folder if it exists.
Important: Note that the file to be removed is
actions plural, NOT
As of WorkflowGen version 7.10.0, if you're using incoming webhooks or GraphQL to upload files when starting a new request or completing an action, you must set the
HooksMaxInputFileContentSize configuration parameters with the appropriate values (see the When upgrading from version 7.9.1 and earlier section).
HooksFileInputAllowedFolders: These parameters should contain the physical paths of folders that contain files used in uploads.
HooksMaxInputFileContentSize: These parameters should contain the maximum file size in kilobytes when uploading files using the file content method.
Note: We recommend limiting the file content size to small files under 1 megabyte.
If you are using custom web forms configured in .NET 2.0, you can keep using them in .NET 2.0 or migrate them to .NET 4.
WorkflowGen.My.dll in version 2.x.
Use a .NET 2.0 application pool.
Disable Web apps secure mode in the Security section on the General tab in the Configuration Panel.
Define or update the following nodes in the web form’s
<configuration><system.web><pages validatedRequest="false" enableSessionState="true" /></system.web></configuration>
If your web form’s authentication is configured to use the built-in WorkflowGen authentication mode, then the new password hashing mode (One-way Hashing) introduced in version 6.1 will not be compatible with your web form. There are two solutions:
Use Version 5 password management mode instead. Make sure to use the
Advantys.Security.dll files from version 5.x in the web form’s
Migrate your web form to .NET 4. Make sure to use the
Advantys.Security.dll files from WorkflowGen version 7.x in the in the web form’s
\bin folder. For instructions on how to do this, see the next section.
WorkflowGen.My.dll in version 4.x.
Use a .NET 4 application pool.
Define or update the following nodes in the web form’s
<configuration><system.web><httpRuntime requestValidationMode="2.0" /><pages validateRequest="false" enableSessionState="true" clientIDMode="AutoID" controlRenderingCompatibilityVersion="3.5" /></system.web></configuration>
If your web form’s authentication mode is configured with the built-in WorkflowGen authentication, then make sure to use the
Advantys.Security.dll files from version 7.x.x in the web form’s
Note: These instructions apply only to configuring web forms to run properly without configuration errors. They do not cover potential migration or compatibility issues that may arise due to changes in the latest version of WorkflowGen.My. You must fully retest all of your web forms before production.
The WorkflowGen.My and Workflow Web Controls assemblies are no longer strong-named in order to allow non-specific version dependency when referenced by other applications such as custom assembly SDK Workflow applications in WorkflowGen.
This simplifies the deployment procedure of an assembly SDK Workflow application to WorkflowGen 6.2.0 and later, and allows upgrading WorkflowGen to a newer version without having to rebuild the application's assembly that was referencing an older version of WorkflowGen.My.
There are some considerations when deploying a custom assembly SDK workflow application in WorkflowGen, namely the assembly location, the reference to WorkflowGen.My, and the reference to other software libraries.
There are two ways of deploying an assembly file in WorkflowGen.
The assembly file must be copied to the three bin folders containing the WorkflowGen executable files:
The assembly file can be copied to a custom folder such as
DRIVE:\MyWorkflowApps\Assembly.dll, and then use that specific path in the workflow application's definition.
WorkflowGen.My versions 3.1.0 and earlier are strong-named, which means your assembly must be built with and use the same version as your target WorkflowGen. This requires recompiling your assembly whenever you upgrade WorkflowGen to a newer version.
You can use one of the following workarounds to overcome this requirement:
Install the required WorkflowGen.My version in the system's Global Assembly Cache (GAC). For instructions on how to do this, see https://msdn.microsoft.com/en-us/library/6axd4fx6(v=vs.110).aspx.
Add a delegate to handle the assembly resolve event in order to load the current WorkflowGen.My version. For instructions on how to do this, see the How to add an assembly resolve event delegate to overcome WorkflowGen.My dependency issue when deploying custom assembly SDK workflow application WorkflowGen Knowledge Base article.
Add a web configuration setting to redirect the required version to the current version of WorkflowGen.My. For more information, see https://msdn.microsoft.com/en-us/library/twy1dw1e(v=vs.110).aspx.
Note: If your assembly is built with WorkflowGen.My version 3.1.0 or earlier, it can be used in WorkflowGen versions 6.2.0 and later if one of the above workarounds has been implemented.
As of version 3.2.0, WorkflowGen.My is no longer strong-named in order to allow non-specific version dependency when referenced by your assembly. You can simply deploy your assembly file using one of the two methods in the Assembly location section above in WorkflowGen version 6.2.0 and later.
Note: If your assembly is built with WorkflowGen.My versions 3.2.0 or later, it can be used in WorkflowGen versions prior to 6.2.0 if you have implemented either workaround 2 or 3 above.
If your assembly uses third-party libraries, then these must also be deployed into the three WorkflowGen executable
\bin folders. Alternatively, they can be installed into the system's Global Assembly Cache (GAC) if they are strong-named assemblies.
WorkflowGen is FIPS compliant as of version 7.10.0. If you want to enable FIPS compliance in your Windows environment, you have to configure the configuration password management and user password management modes beforehand.
In the Security section on the Configuration Panel General tab, set Configuration password management mode to AES (FIPS Compliant) and enter a 32-character encryption key. When you click Save, the application passwords will automatically be converted to the new symmetric encryption mode.
In the Authentication section on the Configuration Panel General tab, set Password management mode to One-way Hashing (SHA256 FIPS Compliant) mode.
If you're using applicative authentication in Version 5 (Legacy) password management mode, users' passwords will automatically be converted into One-way Hashing (SHA256 FIPS Compliant) the next time they log into WorkflowGen.
If you're using applicative authentication in One-way Hashing (SHA256) password management mode:
Select IIS authentication mode.
Select One-way Hashing (SHA256 FIPS Compliant) password management mode, then click Save.
Re-enter all user passwords.
Reset the authentication mode to applicative.
WorkflowGen no longer supports Internet Explorer 8, 9, or 10; Windows XP; or Windows Server 2003 or 2008.
MS SQL Server 2005 and Oracle 9 are no longer supported as of WorkflowGen version 6.2.0, and MS SQL Server 2008 is no longer supported as of WorkflowGen version 7.10.0.
The following applications are deprecated and are no longer provided as of WorkflowGen version 6:
However, if any of your processes still use these workflow applications, you can keep them declared under the WorkflowGen website as in version 5.
Edge document mode is required to properly display the WorkflowGen website in Internet Explorer 11.
<meta http-equiv="X-UA-Compatible" content="IE=edge"> meta tag is included in both
\wfgen\admin\default.aspx, which instructs Internet Explorer to render WorkflowGen in Edge document mode.
For more information, see the Specifying legacy document modes MSDN article.
Note: Internet Explorer users must add the WorkflowGen website to the Local intranet or Trusted site security zone.
To improve WorkflowGen database performance, check your database optimizer mode. If
optimizer_mode is set to
choose (the default in Oracle 10g), you have to frequently (weekly, for example)
ANALYZE all the tables of your databases. This operation will generate statistics used by the optimizer to select the best mode (
RULE instead of
all_rows) to run an SQL query. Another solution is to set the optimizer mode to
System.Data.OracleClient provider used by WorkflowGen generates SQL instructions against certain system tables (
all_constraints). When those tables contain a lot of records (such as when WorkflowGen database shares the same Oracle instance with other databases), performance can be affected when launching or completing a request or action.
One way to minimize issues with response times when launching new requests or actions is to redirect these SQL instructions to local scope views/tables, which are filtered copies of these system tables. These changes are transparent to WorkflowGen.
To do this, run the SQL instructions below (replacing
WFGEN_USER with your owner name) against your WorkflowGen database. (If the database owner has other tables used by other applications, you can still apply this procedure if those tables don’t use synonyms.)
Note: We suggest dropping these existing views and tables (
all_constraints) from your database before each WorkflowGen version upgrade, then recreating them after completing the upgrade procedure.
create or replace force view WFGEN_USER.all\_synonyms (owner, synonym_name, table_owner, table_name, db_link) as select null, null, null, null, null from dual;
create table WFGEN_USER.all_cons_columns as select * from sys.all_cons_columns where owner = 'WFGEN_USER';
create table WFGEN_USER.all_constraints as select owner, constraint_name, constraint_type, table_name, r_owner, r_constraint_name, delete_rule, status, deferrable, deferred, validated, generated, bad, rely, last_change, index_owner, index_name, invalid, view_related from sys.all_constraints where owner = 'WFGEN_USER'
The following software is distributed with WorkflowGen (Apache 2.0, BSD, MIT and other compatible licenses):
Ajax Cloud 9 Editor (see https://github.com/ajaxorg/ace/blob/master/LICENSE)
bluebird (see https://github.com/petkaantonov/bluebird/blob/master/LICENSE)
busboy (see https://github.com/mscdex/busboy/blob/master/LICENSE)
body-parser (see https://github.com/expressjs/body-parser/blob/master/LICENSE)
chai/chai-http/chai-fs/chai-things/chai-date-string (see https://github.com/chaijs/chai/blob/master/LICENSE)
change-case (see https://github.com/blakeembrey/change-case/blob/master/LICENSE)
cookie-parser (see https://github.com/expressjs/cookie-parser/blob/master/LICENSE)
dataloader (see https://github.com/facebook/dataloader/blob/master/LICENSE)
edge-js (see https://github.com/agracio/edge-js/blob/master/LICENSE)
eml-format (see https://github.com/papnkukn/eml-format/blob/master/LICENSE)
express (see https://github.com/expressjs/express/blob/master/LICENSE)
express-graphql (see https://github.com/graphql/express-graphql/blob/master/LICENSE)
file-uri-to-path (see https://github.com/TooTallNate/file-uri-to-path/blob/master/LICENSE)
file-url (see https://github.com/sindresorhus/file-url/blob/master/license)
format (see https://sjs.mit-license.org)
graphql-js (see https://github.com/graphql/graphql-js/blob/master/LICENSE)
graphql-relay-js (see https://github.com/graphql/graphql-relay-js/blob/master/LICENSE)
graphql-tools (see https://github.com/apollographql/graphql-tools/blob/master/LICENSE)
iisnode (see https://github.com/Azure/iisnode/blob/master/LICENSE.txt)
json-server (see https://github.com/typicode/json-server/blob/master/LICENSE)
jsonwebtoken (see https://github.com/auth0/node-jsonwebtoken/blob/master/LICENSE)
jwks-rsa (see https://github.com/auth0/node-jwks-rsa/blob/master/LICENSE)
lodash (see https://github.com/lodash/lodash/blob/master/LICENSE)
mockery (see https://github.com/mfncooper/mockery/blob/master/LICENSE)
Node.js (see https://github.com/nodejs/node/blob/master/LICENSE)
proper-lockfile (see https://github.com/moxystudio/node-proper-lockfile/blob/master/LICENSE)
pug (MIT License)
request (see https://github.com/request/request/blob/master/LICENSE)
request-promise-native (see https://github.com/request/request-promise-native/blob/master/LICENSE)
rimraf (see https://github.com/isaacs/rimraf/blob/master/LICENSE)
supertest (see https://github.com/visionmedia/supertest/blob/master/LICENSE)
valid-url (see https://github.com/ogt/valid-url/blob/master/LICENSE)