WorkflowGen v10.2.0

Announcements Release Notes & Downloads
1

This release includes new features, improvements, bug fixes, and security updates for the User Portal, Administration Module, AI and embeddings, workflow applications, PostgreSQL compatibility, and Node.js modules.

Important

Security

  • Bug (#4509): Hardened the Administration Module with CSRF token validation on all mutation endpoints (save, delete, update operations), preventing potential cross-site request forgery attacks.

  • Bug (#4591): Fixed a SQL query parameter validation issue in the portal comments module.

  • Bug (#4587): Fixed a SQL query parameter validation issue in the administration process management module.

  • Bug (#4589): Fixed a potential deadlock in OPENAICHAT HTTP requests under concurrent load.

Portal

  • New Feature (#4525): Enhanced self-service (PULL) action assignment to automatically manage data filter access when actions are assigned, ensuring the assigned user can always access the action.

  • Improvement (#4524): The full-width display mode preference is now stored server-side and syncs across all browsers and devices. New users default to full-width mode.

  • Bug (#4541): Fixed an issue on PostgreSQL where saving a search view without a process filter failed due to a foreign key constraint violation. Also cleans up invalid sentinel values on SQL Server.

  • Bug (#4533): Fixed an issue where saving user settings from the standard search results view crashed with a JavaScript error.

  • Bug (#4530): Fixed an issue on PostgreSQL where comments and favorites queries failed due to SELECT TOP syntax not being converted to LIMIT, causing a syntax error on the User Portal welcome page and paginated lists.

  • Bug (#4529): Fixed an issue where the default homepage preference could save an invalid value when the custom view dropdown had not finished loading.

  • Bug (#4522): Fixed a regression introduced in version 9.2.0 where the advanced search grid could display a blank page when handling many results, due to a missing null check on the grid container element.

  • Bug (#4513): Fixed a regression introduced in version 9.2.7 where error messages in the action follow-up form were displayed with encoded HTML entities due to double HTML encoding.

Administration

  • New Feature (#4566): Added Anthropic, Mistral AI, and Google Gemini API settings to the Configuration panel Applications tab, following the same pattern as the existing OpenAI section. Each provider’s section includes API key and API URL fields. The ExtractTextLogLevel setting has also been added to the tab.

  • New Feature (#4456): Added a new AI configuration tab to the Configuration panel with an Embeddings section exposing all 16 embedding/chunk settings (API provider, endpoint, authentication, model, dimensions, batch size, chunk size, etc.) and an Embedding status section showing chunk counts, pending/failed status, and last 10 errors. The tab also includes the PostgreSqlTextSearchLanguage setting.

  • Improvement (#4411): Added a Token usage section to the AI configuration tab displaying total API tokens consumed and a per-process breakdown table with chunk and token counts.

  • New Feature (#4408): Added an Apply to all form activities checkbox in the Form Designer (VALUE IN/OUT panels) and Workflow Designer (Edit parameter panel), enabling mass propagation of data mappings across all EFORMASPX activities in a process.

  • Improvement (#4410): Added Advanced search and Visibility columns to the process data list. Advanced search shows Indexing and Similarity tags when enabled; Visibility shows follow-up, search, lists, and home page tags.

  • Improvement (#4540): Admin slide-in panels are now resizable in width with a draggable handle on the left edge. Panel width preference is persisted per user in localStorage. Table columns in the Edit action panel adapt proportionally to the panel width.

  • Improvement (#4446): Improved the mapping editor UI with increased content area height, better dropdown positioning to prevent clipping, and normalized line-height for consistent rendering across macOS and Windows.

  • Improvement (#4521): Widened the process and participant columns in the user activity report, with columns that expand to fit content and a horizontal scrollbar when needed.

  • Improvement (#4519): Restored keyboard navigation in dropdown lists, allowing users to cycle through matching items by pressing the same letter key repeatedly and continuing from the current position after arrow-key navigation.

  • Improvement (#4520, #4447): Improved dropdown auto-scrolling in action parameter data OUT, theme selection, and startup page dropdowns to ensure all options are visible when opened.

  • Bug (#4535): Fixed an issue where navigating to a non-existent process in admin pages crashed with an unhandled .NET exception instead of displaying a managed error page.

  • Bug (#4539): Fixed an issue on PostgreSQL where the user activity report failed with a type mismatch error when the user belongs to groups, due to group ID parameters being passed as strings instead of integers.

  • Bug (#4450): Fixed an issue where the Neo style Form Designer could not display or resize fields wider than the viewport, by synchronizing the --content-width CSS variable with jQuery width changes and enabling horizontal scrolling.

Workflow Engine

  • New Feature (#4552): Added support for XML, HTML, and Markdown file content extraction for embedding generation. XML uses secure parsing with DTD/XXE prevention; HTML uses HtmlAgilityPack for tag stripping and entity decoding; Markdown is preserved as-is.

  • New Feature (#4554): Improved embedding quality with controlled normalization for extracted text. XML extraction now outputs structured elementName: value lines instead of concatenated text. HTML extraction preserves document structure with markdown-style headings, pipe-delimited tables, and form element values. Includes 65 unit tests.

  • Bug (#4555): Fixed an issue on PostgreSQL where embedding generation for PDF attachments failed due to null bytes in extracted text, which PostgreSQL’s TEXT type rejects. Null bytes are now stripped at the database boundary.

Workflow Applications

  • New Feature (#4511): Enhanced OPENAICHAT with native multi-provider support for Anthropic Claude, Mistral AI, and Google Gemini. The provider is auto-detected from the API URL or can be set explicitly via the new PROVIDER parameter. Each provider has dedicated API key and URL configuration in the web.config file.

  • New Feature (#4517): Added audio, document, and file input support to OPENAICHAT with new USER_AUDIO, USER_DOCUMENT_URL, USER_FILE_ID, and USER_FILE parameters, including indexed variants for multi-modal content. Supports provider-specific formats across OpenAI, Mistral, Gemini, and Anthropic.

  • New Feature (#4552): Enhanced EXTRACTTEXT with support for XML, HTML, and Markdown file content extraction, with configurable ExtractTextLogLevel logging.

  • Improvement (#4550): The MAX_TOKENS parameter in OPENAICHAT is now optional. When not set or set to 0, the AI provider’s default token limit is used instead of forcing 256 tokens. The Anthropic fallback default has been increased from 256 to 4096 tokens.

  • Bug (#4593): Fixed an issue where OPENAICHAT requests with extended thinking or high reasoning effort could time out prematurely due to an insufficient default HTTP timeout.

Node.js Apps

  • Update (#4557): Updated qs dependency override to >=6.14.2 across all Node.js modules to address a DoS vulnerability (CVE-2026-2391).

  • Update (#4599): Updated express-rate-limit to 8.0.2+ in the Auth and Hooks modules to fix a rate-limiting bypass vulnerability (CVE-2026-30827).

Infrastructure

  • Bug (#4561): Migrated Docker Linux SQL Server image from Ubuntu 22.04 to 24.04 to align with Microsoft’s updated mssql/server:2025-latest base image. Base image pinned to 2025-CU2-ubuntu-24.04 for build reproducibility.

Dependencies

  • Update (#4559): Updated .NET NuGet packages: PdfPig 0.1.10 → 0.1.13, Npgsql 8.0.7 → 8.0.8, DocumentFormat.OpenXml 3.3.0 → 3.4.1, DocuSign.eSign.dll 8.4.0 → 8.6.0, BouncyCastle.Cryptography 2.4.0 → 2.6.2, EWSoftware.SHFB 2025.12.18 → 2026.1.20, Obfuscar 2.2.29 → 2.2.50.

Notes

  • Node.js modules updated: GraphQL v5.4.1, Webhooks v6.3.1, Auth v3.3.1, and SCIM v3.3.1 (all require Node.js 22.22.0 LTS).

  • For background on earlier enhancements and major features, refer to the WorkflowGen v10 Official (10.0.3) and WorkflowGen 10.1.0 release notes.

Installation Packs

For PostgreSQL 17.6 and SQL Server 2025

WorkflowGen 10.2.0 (Upgrade)
WorkflowGen 10.2.0 (Clean Install - Manual)

For SQL Server 2025 only

WorkflowGen 10.2.0 (Clean Install - PowerShell)

Documentation

WorkflowGen 10.2.0 Upgrade Guide: English - Français
WorkflowGen 10.2 Manual Installation Guide: English - Français
WorkflowGen 10.2 PowerShell Installation: English - Français
WorkflowGen 10.2 Technical Guide: English - Français
WorkflowGen 10.2 Administration Guide: English - Français
WorkflowGen 10.2 User Portal Guide: English - Français
WorkflowGen 10.2 Integration Guide: English
WorkflowGen 10.2 for Azure: English - Français
WorkflowGen 10.x for Docker: English - Français
WorkflowGen Documentation: English - Français