Release 6.1.1

Fixes

• Fix an exception which caused remote validation of products to fail on the server.

Release 6.1.0

Features

• Apply System Templates via CLI. System Templates must be prepared espacially for applying via CLI, as there is no user input available.
• Transfer product versions between two BDeploy servers using the CLI.

Improvements

• Show a proper hint in case configuration file path names are rejected during update.
• Show a hint about potentially matching additional product versions on the MANAGED server for an instance. This hint renders the same as the current "Product update available", and show full hint in the product update panel.
• Optional boolean parameters will now receive a value of 'false' in case there is no defaultValue set. This will allow proper handling of boolean parameters without the need to interact with the checkbox once.
• Add the possibility to browse for files for all drop areas in the system, most notably the ones which are involved in associating CENTRAL and MANAGED server, and the administrative UI for attaching NODE servers.
• Improve the way the node name is rendered in the node table and details. Also the full node name is guaranteed to be shown in the node edit panel.
• During init, show problems with user creation (i.e. password rule violations) in an improved fashion.

Fixes

• Fix some issues with column widths being too narrow.
• Fix some log levels so the server is less verbose about standard use cases
• Fix layout issues with current Angular Material and Tailwind, resulting in artifacts in input controls.
• Fix adding and editing of custom parameters.
• Fix an issue which would lead to a broken instance history dialog when deleting a single instance version.
• Fix an issue where the server failed to push product version(s) to target server(s) in case of bulk install.
• Fix an issue which would lead to a situation where creating instances is impossible if the path to the root directory given on the command line is non-normalized (i.e. contains '..').
• Fix an issue where an unparsable lock file could lead to unrecoverable follow up errors where it should not.
• Fix an issue where the server failed to copy a template variable object during flattening of instance templates, leading to a situation where two instance templates could indirectly influence each other in an adverse way.
• Fix an issue where server event subscriptions were not reset correctly, leading to some events being dropped. Most notably, uploading a product would sometimes not refresh the list of products, especially in test environments.
• Fix an issue where software repositories were not properly respected in actions subscriptions, which could lead to odd behavior when displaying actions for the current scope.
• Fix an issue that would lead to native process details always being unavailable.
• Fix an issue in the server side condition validation to properly handle X-OR type parameter conditions, or more specifically, any condition that would require another parameter to be non-existant using BE_EMPTY.
• Fix an issue where process controllers would be re-initialized when replacing a node, even if the process controller was on an unaffected node.
• Add missing documentation for various small features.

Release 6.0.0

Note
BDeploy 6.x CENTRAL can be used with BDeploy 5.x MANAGED Servers. The minimum upgradeable server version for any server mode has been raised to 4.2.0. If you have a server version older than that, you need to update to any server version newer or equal to 4.2.0 but smaller than 6.0.0 before attempting an update to 6.0.0.

Features

• Bulk operations have been reworked from ground up to no longer trigger multiple requests, but instead all trigger only a single request for the whole batch. This avoids running out of available connections in the browser.
• Introduce 'Actions'. Actions are triggered by users or jobs and provide means of synchronization as well as reporting to the user frontend. This supersedes 'Activities', which was previously used to also do reporting to frontends - but was initially architected only for BHive internal operation tracking. Actions allow much improved synchronization between frontends, for instance disabling actions which are currently performed by a different user.
• Separate HTTPS certificate from the token certificate. This allows to update a BDeploy server with a properly signed HTTPS certificate whilst keeping existing tokens and client installations valid.

  Warning
  The HTTPS certificate is also used by the BDeploy launcher to connect to its BDeploy server. The certificate must be trusted by the JVM used by the BDeploy launcher, otherwise this connection will not be possible. This is usually the case for all certificates which are issued by a trusted certificate authority.

• Support parameter type ENVIRONMENT; Configured via normal process parameter configuration, those parameters will be set in the processes environment instead of being passed through the command line.
• Verify and Reinstall support allows to check application installations, both on the server and on clients using the client launcher browser. Verifying will make sure that all known files are present and unmodified. In case there are modified/missing files, the user has the option to reinstall the application from scratch to restore a clean state.

  Warning
  Applications can be pooled, i.e. the same installation directory might be used for multiple instances, depending on the applications pooling configuration. Be careful when reinstalling applications, as they might still be in use.

Improvements

• The gradle plugin for BDeploy 5.5.0+ supports local logins now. This removes the need for tedious token management.
• The server now logs its version and mode of operation during startup to have that information in the log files.
• When the server fails to start, it will now log the port it has tried to bind to, in case the port is blocked.
• When querying nodes, query them in parallel (up to four nodes in parallel) to improve response time.
• Avoid waiting (even if it was only 100ms) for nodes to come online when accessing them. If a node is known to be offline, skip connections all together from the start.
• Improve sequence and scope of process status and process detail requests to avoid re-querying certain information from nodes multiple times.
• Show a list of effective own permissions (own permissions plus all permissions from groups) on the user settings panel.
• Write audit logs for BHive operations which take longer than 250ms, as they hint to performance issues.
• When browsing BHive logs, only show a tab for nodes that actually have the selected BHive.
• Unify the handling of parallel running tasks to provide a uniform error handling and minimize code.
• Improve the handling of errors in parallel tasks on the backend to properly include a reason for any error.
• Debounce loading requests of certain data to reduce the load on the backend and frontend.
• Make sure that (almost all) recurring requests will properly cancel any still-running previous equivalent request (e.g. fetch process status, ...).
• Make sure that certain loading operations load all required data in a single query instead of (sometimes) requiring multiple requests.
• The node manager on the backend now keeps track of and reports response times of nodes in the node administration and also in the node details panel on the instance dashboard.
• Avoid re-reads of information on the backend for certain calls to improve overal loading performance.
• BDeploy updates can be pushed and installed on nodes in parallel now - applies when nodes are automatically updated through a server update.
• Provide a job to periodically synchronize LDAP information from accordingly configured LDAP servers.
• Added a CLI tool to inspect and manipulate user groups.
• Refactor all constructors and injection points in the frontend to follow recent guidelines about Angulars inject function.
• Regactor registration of available validators in the frontend to avoid memory leaks and usage of zombie objects.
• Improve rendering of IDs in the frontend to be more distinguishable from other text.
• Improve build to be capable of running server applications with a profiler attached for easier analysis using our UI tests.
• Avoid re-creation of encryption keys on the backend (expensive) on basically every request.
• Synchronize the writing of certain manifests, mostly all meta-manifests, to avoid race conditions and errors due to near-simultanous updates to the parent artifacts.
• Applications templates can now specify a name for the resulting process different from the template name.
• Update third party dependencies, most notably Angular 16.2 and Cypress 13.3

Fixes

• Rename certain components to avoid name collissions in the frontend source.
• Fix various smaller issues which could lead to unwanted warnings in the browser console.
• Fix handling of ngZone to properly re-enter the zone when updates are triggered from outside the zone.
• Fix an issue where accessing instance groups would ignore a properly set permission in a generic system token during authorization.
• Fix an issue where pasting previously copied applications was not possible in certain cases.
• Fix enabled state of bulk instance state fetch button.
• Fix an issue where users imported from LDAP would be kicked out of groups on first login.
• Fix minor layout issues throuout the application.
• Fix an issue that could lead to the configuration file editor to crash and not show anything at all.
• Fix an issue where an intermittent problem in monitoring data collection would stop collection all together.
• Fix an issue where proxying to an endpoint on application A might have loaded the configuration for the same endpoint on application B. Not an issue as long as they have similar configuration, as the final call is always done to the correct application.

Release 5.5.0

Features

• Manual LDAP Import for Users and Groups for a given server. This can be triggered on a properly configured LDAP server under Administration.

Improvements

• Vastly improve rendering performance of the terminal component, which has a massive positive impact on scrolling and searching.
• Multiple small improvements to the documentation based on user feedback.
• Instances are auto-started in parallel, which will avoid application process level deadlocks if instances logically refer to each other (outside of BDeploy).
• Introduce a --revert option to the bdeploy certificate command, which will not only restore the backup certificate but also update internal connection information.
• Add code which makes sure that product and application versions are consistent on saving an instance. This will prevent and enable us to analyze cases where those were inconsistent in the recent past.
• Add the hosting node name for each application in the exported CSV port list.
• Improve validation and error messages in case an Instance Group/Software Repository name is already in use when creating a new one.

Fixes

• Fix an issue with the managed server colum size and caption on the instance overview.
• Fix an issue which prevented the gravatar integration from working correctly.
• Fix an issue which prevented the builtin documentation from opening correctly.
• Fix multiple sonarcloud-found issues.
• Fix an issue where the output capture introduced in 5.4.0 would fail to capture the output of stop commands - which leads to hanging stop commands and ultimately to BDeploy killing the main process(es) instead of a clean stop.
• Fix an issue where process probes were incorrectly skipped on recovered processes (after BDeploy update or restart).
• Fix an issue where certain unset values would not be detected and lead to internal errors.
• Fix an issue where updates to instance groups which are not readable to the user would lead to permission related error messages in the frontend for things the user cannot even see.
• Fix some typos in the application.
• Fix an issue where users could not read software repositories, although all authenticated users should be allowed to do so.
• Fix an issue where instance variables would not be properly initialized to false in case of BOOLEAN type.
• Fix an issue where the node/port information on the instance dashboard would not be updated after pressing the synchronize button.
• Fix an issue which would potentially leave a BHive in a semi-damaged state after a failed transfer, leading to recurring errors until prune is performed once.

Release 5.4.0

Features

• Added the possibility to view compressed log files directly from the UI.
• Added support for authentication flows with Auth0 and Okta providers, enabling multi-factor authentication support. Feature Discovery
• Added support for manually maintained user groups, allowing assignment of permissions to multiple users in an easier fashion.
• Added support for rolling process output log files to prevent ever growing out.txt files in instances. This comes with the drawback that output can no longer be captured if BDeploy is restarted (but the target process keeps running). An according notice will be added to affected files.
• Complete overhaul of the session management in the frontend to further increase the security and prevent possibilities of out-of-bands session hijacking.
• Added support for conditional endpoints, which comes especially handy for optional features in an application.
• Added support for OWASP ASVS password policy with one exception: passwords are not verified against a DB of breached passwords due to potential network restrictions.

Warning
The stricter password policy will require you to use much better passwords than previously. This will not invalidate any existing insecure passwords - however we do suggest you change those to a more secure password.

Improvements

• Add the possibility to delete and instance from the CLI.
• Add explanatory captions to the diff viewer when merging configuration files.
• Improve handling of UI Endpoints in the client applications page.
• Further improve partial data updates from the backend to further reduce the traffic and load times for the UI.
• Further reduce unneeded reloads of data on unrelated events in the UI.
• Also list all software repositories in the user permission edit panel.
• Improve support for multiple background threads per user request on the backend.
• Add a show password toggle to all password fields.
• Add a password strength meter to the change password and add user panels.
• Further improvements related to anti-virus and malware scanners which might hold a lock on certain files at unexpected points in time.
• When bulk installing multiple latest instance versions, support performing this in parallel on each server.
• Improve the visibility and information about the managed server in control of an instance from the instance dashboard.
• Further restrict the supported cipher suites for TLS to further increase communication security.
• Provide Content-Security-Policy and a few related headers to further improve security of the frontend in general and protect the user from attack vectors outside of BDeploy itself.
• Improve handling of errors and internal issues to no longer unintentionally export internal information to unauthorized attackers.
• Update many, many third party dependencies.
• Fix a lot of static code analysis findings to prevent and fix smaller issues.

Fixes

• Make sure that a eager user cannot click the install button of a BDeploy system update multiple times.
• Fix an issue that would prevent READ users from viewing instance dashboards.
• Fix an issue that would lead to duplicated or missing output in the terminal components when viewing process consoles and output logs.
• Fix issues with dark text when using the dark theme in certain popups.
• Fix an issue where two download buttons would both go to busy state if either of them is clicked.
• Fix an issue where shifting network ports would not properly store shifted ports in URLs.
• Fix multiple issues that would occur if certain operations on the same hive would be performed in parallel with unlucky timing (delete/list/load).
• Fix an issue that would lead to an error if a user with proper permission tries to delete a product version from a software repository.
• Fix an issue where it would have been possible to sneak unsupported characters (whitespaces) in file uploads.
• Fix an issue that prevented client applications from being pasted to instance configurations.
• Fix an issue where fixed parameters with no default value would be reset on product update.
• Fix an issue which would allow manipulated requests to escape the defined data directories.
• Fix an issue that prevented the confirm button to enable when filling out template variables, and all template variables are already pre-filled by the template.

Release 5.3.0

Features

• Connectivity Check. This check will verify on init, config (when changing hostname) and on start that the configured self is reachable, i.e. that BDeploy can talk to itself. This avoids issues further down the road.

Warning
Just in case an issue pre-existed, for compatibility with previous releases, the start command will not fail if the check fails. It will start all auto-start instances, but will replace the Web UI with a static error page. Any issue must be corrected to re-gain access to the Web UI. Also a CENTRAL server will refuse synchronization with such a MANAGED server and show a proper error message.

Improvements

• Dynamic column widths for all CLI output. Any table rendered by the CLI will use this automatically, and scale each columns width according to its contents within set boundaries.
• Show human readable instance names in addition to IDs in activities where possible.
• Enable searching by grouping values in tables.
• Add bulk selection mode to card views.
• Add pinned parameters to the card view in the instance dashboard.
• Instance templates can now be applied via the CLI as well when creating instances, using a response file which uses the same format as system template instance references.
• Add possibility to upload instance data files using the existing remote-data-files CLI tool.
• Allow manipulation of configuration files for instances using the CLI.
• Allow manipulation of process parameters using the CLI.
• Automatically hide table columns which correspond to the currently selected grouping to avoid redundant data on screen (and free up some screen space).
• Hide the ID and Server columns in the instance browser to re-gain some screen space. Those columns will now only show when the window size is larger than 1080p.
• Properly align the content of small table columns in the instance browser.
• Add support for filtering by and showing process control groups in the remote-process CLI tool.
• The remote-instance CLI tool defaults to showing the best version of each instance, being the active version if available, the latest installed one if no active version exists, and the latest version only in case no installed version exists. This behaviour can be overridden using the --installed and --all arguments.
• Using the remote-process CLI tool, the status of STARTUP and LIFENESS probes is now shown uif such probes exist.
• When downloading a product or an external software package from the respective details panel, you can now choose between BHive and Content download. The first will give a format suitable for re-import on another server. The later will give you the actual content stored in the backing BHive.

Fixes

• Fix dirty state handling with drag & drop re-ordering processes in combination with undo.
• Another approach to per-session activities; no longer use ThreadLocal, use the request as data holder.
• Fix synchronization of client-usage data. The central server will only fetch this data on synchronization now.
• Fix the remote-group CLI tool to align required and optional parameters with the current state of the Web UI.
• Fix issues with the diff view for configuration files after product update.
• Adjust various log levels to debug & trace to avoid log flooding with (normally) irrelevant information.
• Fix a corner case where state.json could go missing if ther server loses power while writing the file. In this case, the last backup of this file will be used instead when starting the server.
• Fix an issue where the font color on the dark theme was black in certain scenarios.

Release 5.2.0

Improvements

• Migration to Angular 15 and Angular Material 15.
• Migrate from @angular/flex-layout (deprecated) to TailwindCSS for layouting.
• Add documentation regarding product validation.
• Various small documentation improvements.
• Add a shortcut to the process status panel on the dashboard to reach this process's configuration panel quickly.
• Allow deleting of instance versions to users with WRITE permission on the instance group.
• Further product validation has been added to the remote product validation service to validate application and instance templates.
• When converting a STANDALONE server to type NODE, update the target server and all its nodes prior to conversion to match the new masters version.
• Fetching instance status for multiple instances on a CENTRAL server will now synchronize servers in parallel to speed up the operation.
• Add replace functionality to configuration files, which is especially useful for binary files which cannot be edited online. Also the configuration file actions on the table have been consolidated into a single panel for easier use and less cluttered UI.

Fixes

• Fix a severe issue with ObjectMapper instances. In 5.0.0 we moved away from a single ObjectMapper instance to allow individual configurations where needed. Now we are caching those ObjectMappers aggressively to avoid the garbage collector from going crazy.
• Fix a severe issue where the user token obtained from the backend would include scoped permissions (in addition to global ones), which could cause the token to become larger than the maximum allowable size for cookies. This caused a complete failure to use the Web UI from that moment onwards until permissions where removed.
• Fixes regarding default grouping presets.
• Fix an issue where uninstalling the active version was possible.
• Fix an issue where many activities would overflow the activities panel without the possibility to scroll.
• Fix an issue where changing global permissions on a user would add an additional permission instead of replacing the existing one.
• Fix an issue where sorting the list of ports was not working correctly.
• Fix an issue where a failure while deleting an instance would lock up the instance settings panel.
• Fix problems in the permission handling for data files which unintentionally locked out some actions for people where it should not have.
• Fix an issue in the client launcher where configuration files would be left on the client where they should have been deleted after clearing the configuration whitelist.
• Fix an issue where it was not possible to edit the first instance variable.
• Fix an issue where a template variable was not detected as in-use (and thus discarded) when only used in the name of an application template.
• Fix an issue in the remote-ports tool which caused it to always fail.

Release 5.1.0

Features

• System Templates - allow creation of whole systems including multiple instances from a single template file.
• Possibility to override template variables from within templates when referencing other tempaltes.
• Remote product pre-validation - allow to send a bunch of YAML files to the server for logical content validation. This can happen before actually building the product, to allow fast failure in case the YAML files are not valid anyway.
• Remote product pre-validation support for the Gradle Plugin, using the BDeployValidationTask.

Improvements

• Massive performance improvements through various optimizations. These may lead to the UI not updating correctly in some corner cases. Please report if you find one of them.
• Code cleanup. Remove dead code, endpoints, etc.
• Avoid reusing of instance versions (tags) after deleting instance version(s).
• Allow command line tools to set an exit code value to communicate failure to the outside world.
• Dedicated internal model for templates allows for better and more performant template handling.
• Documentation rework based on Retype. The docuementation is now no longer a single page.
• Deprecation of global has been undone. It will stay around, as we found out that we are not ready to get rid of it.
• Better support for moving users from one authentication method to another.
• Allow direct synchronization with a MANAGED server from the process console panel on CENTRAL.
• Show a progress spinner while the Used in information is still loading in the product details panel.
• Properly cleanup meta manifests on all servers during normal cleanup operation.
• Improve logging for cleanup operations.
• The DATA directory is now allowed to contain symbolic links, and those are followed by BDeploy.
• Support for saving editors using CTRL+S.
• Saving an instance will de-duplicate parameters in all applications. This is to fix up issues that arose due to unknown problems in the past where parameters may have been duplicated unintentionally.

Fixes

• Improve handling of background task synchronization to avoid spurious errors in the logs.
• Fix issues related to permission handling on the backend and add according tests.
• Fix various issues detected by sonarcloud.
• Fix exporting manifests to an empty (but existing) directory.
• Fix importing of a previously exported instance where the names of nodes are different on the target master.
• Fix permissions on BHive backend.
• Fix adding a missing but required parameter in a group without any other parameter.
• Fix the link expression editor to properly switch to plain value mode in case the default value is a link expression and the current value cannot be resolved.
• Fix various issues with copy & paste of applications, e.g. if the source was on a different OS, fixed parameters require different values, etc.
• Fix stopping of a running process which was moved to another node in the configuration but is still running on the old node.

Release 5.0.1

Improvements

• Rework of confirmation messages for grouping panel and activities.
• By default, show only modified applications when comparing local changes in instance configurations.
• Add validation to add/edit instance configuration on CENTRAL to assure that the selected system is on the same MANAGED server as the instance.
• Properly decode HTML-Entity encoded HTTP status messages on in case a request fails.

Fixes

• Fix check for updated products in software repositories if source repository does not exist.
• Fix permission issues when viewing software repositories.
• Fix permission issues for administrators in global scope (e.g. BHive activities).
• Fix collecting of configuration file contained link expressions to not prevent saving instances in case of an issue.
• Fix logs related to link expression resolving in configuration files to improve traceability of issues.
• Fix compatibilty issues when pasting applications related to the uuid/uid/id refactoring.
• Fix invalid access to MANAGED server configuration on non-CENTRAL servers.
• Fix a spurious "unsaved changes" warning when modifying a system.
• Fix configuration validation on the backend to properly handle ENV and DELAYED variable expansions.

Release 5.0.0

Note
BDeploy 5.0 CENTRAL can be used with BDeploy 4.x MANAGED Servers. However updating a MANAGED Server to 5.0 will make it write data in a format incompatible with 4.x, so downgrading is not possible.

Warning
BDeploy 4.x CLI installations will not be able to properly process data received from 5.x servers. This is due to an incompatible data format.

Features

• Link Expressions and Content Assist Feature Discovery
  • Link Expression editors for parameters, endpoints, variables.
  • Content Assist for Link Expression editors.
  • Content Assist for Configuration File eidtors.
  • Expression preview on the Link Expression editor will do best-effort previewing of the fully expanded value resulting from an expression.
• Systems, System Variables, Instance Variables Feature Discovery
  • Support for Systems, System Variables and association of Instances to Systems, including grouping/filtering.
  • Instance Variables, including custom editor support from plugins.
  • Template support for Instance Variables. Templates for Systems are to be implemented in the future.
  • Global parameters are now officially deprecated, but still supported.
  • Support for migration from global parameters to Instance Variables for existing instances.
• Shared Parameter Definitions Feature Discovery
• YAML Schema and Validation Feature Discovery
  • YAML Schema CLI using bdeploy schema allows listing, exporting, validating against all supported schemas.
  • The new public remote schema API allows to fetch the current schema directly from a BDeploy server into a capable editor (e.g. using yaml-language-server).
• Internally, all historically uuid and uid named fields have been renamed to match the newer id naming. This change is kept as compatible as possible but will prevent downgrading from 5.0 to 4.x.

Improvements

• Better recovery on startup if MinionManifest has been corrupted (i.e. power outage during write).
• Various logs with low to zero value have been silenced or removed.
• No longer automatically add non-mandatory (optional) parameters having a condition once this condition is fulfilled to a process configuration.
• Error pages have been reworked (mostly used for UI endpoint proxying), and now include customized imagery.
• Allow bulk deletion of BDeploy system update versions.
• Introduce the ability to provide a regular expression per instance which filters eligible product versions presented to the user, and considered as potential update.
• Standalone servers will regularly check GitHub for new BDeploy releases and hint (administrator) users to it.
• If a product was imported from a software repository initially, show a notification to the user once a newer version of that product is available in the origin software repository.
• The client launcher now checks for appropriate permissions on directories and files, and displays according error messages.
• The client launcher now memorizes the concrete path to its installation directory and verifies that it did not change, as this causes problems on network drive installations for some applications.
• The client launcher now supports a fully unattended mode via the already existing /Unattended switch. The installation process will be silent now.
• The client launcher (as well as our demo products) are now fully branded using the 'new' icons which are already used in the Web UI for a while now.
• Allow importing of products through the Web UI even if runtimeDependencies need to be fetched from other software repositories on the same server.
• A reworked grouping panel provides better user experience and comprehensive preset management.
• The card view supports sorting now in addition to grouping.
• Conditions on parameters can now provide a Link Expression to expand instead of a parmeter whos value is used to match against.
• Conditional expansion allows to expand fixed values based on a boolean expression, e.g. {{IF:X:my-instance-var-boolean?YES:NO}}.
• For UI Endpoints, also show the hosting process name in the Client Application list to be able to distinguish similarly named endpoints on different processes.
• Update tons of third party dependencies, and get rid of some deprecated, unneeded and vulnerable dependencies.
• Improve performance of the groupForInstance public endpoint.
• Improved UI for importing products from software repositories into instance groups.

Fixes

• Various Fixes to avoid ExpressionChangedAfterItHasBeenCheckedErrors in Angular.
• Fix validation in Configure Parameters panel.
• Various Fixes related to updating the internal parameter contents when changes are performed through the UI or when updating the product.
• Fix parameter alignment when pasting applications.
• Fix endpoint proxying for endpoints using a slash ('/') in their ID.
• Fix searching in history
• Fix race conditions regarding user authentication in the Web UI, leading to spurious errors and redirects in some edge cases.
• Fix issues with the WebSocket connection to the backend when logging out and back in.
• Fix showing process output for OUTDATED and stopped processes.
• Fix issues with synchronization to a central server when deleting instance versions on a managed server. This fix will be re-visited in the future to further improve on the topic.
• Fix render scale issues in the client launcher on HiDPI screens with increased text scaling on Windows.
• Fix an issue with spurious history entry panel errors after deleting an instance version from the instance history.
• Fix the 'Install'/'Activate' banner being shown even if the instance is not synchronized on CENTRAL.
• Fix the 'Fetch instance states' button on CENTRAL to not fail is a single managed server is not reachable.
• Fix the Linux client launcher installer to show a better error message in case the remote server is not reachable at all.
• Fix a long-standing but undetected issue which prevented permission checks on backend APIs in certain scenarios.