What's New in OpenEdge 12.6

Growing TDE security requirements for OpenEdge reflect increasing requirements for data confidentiality. TDE provides data confidentiality through the ability of its encryption key generation and storage to resist attacks. Access to TDE encrypted data requires opening the TDE keystore. While TDE uses strong external encryption key storage, data confidentiality depends on control of the database, its keystore, and the keystore passphrase.

TDE uses an external keystore system that is not part of the OpenEdge database. The TDE keystore system employs a strongly encrypted and access controlled .KS keystore file for encryption key storage.

An HSM is an enterprise-scale physical computing device that safeguards and manages digital keys, performs encryption and decryption functions for digital signatures, and provides strong authentication and other cryptographic functions. An HSM can be a hardware, firmware, software, or network device. To strengthen OpenEdge keystore security, you may add an external enterprise-managed HSM component to the OpenEdge TDE encryption key storage security. The HSM storage, which may be a local, network, or cloud service, provides client access using the PKCS #11 standard API, designed to comply with the FIPS 140-2 Level 2 certification requirements.

For more information, see Add HSM as a second layer of TDE authentication and PROUTIL EPOLICY MANAGE qualifier.

A separate utility, PROUTIL HSMVALIDATE, allows you to troubleshoot and validate the HSM environment. For more information, see PROUTIL HSMVALIDATE qualifier.

OIDC is an industry-standard authentication layer built on the OAuth2 authorization protocol. Using OIDC, Developers can perform remote validation of access tokens, both opaque and non-opaque, for identity management, making their applications more secure. OIDC provides a unique identity token to share common user data with clients. Developers can auto-fill standard fields like email, address, and phone number with the supplied data, improving the end-user experience.

PAS for OpenEdge supports the following:

• Remote validation of access tokens.
• Adding identity token data to a CLIENT-PRINCIPAL object.

PAS for OpenEdge leverages the existing oauth2 client login model and adds new security properties to support the OIDC functionality. The OESECTOOL utility includes support for testing the OIDC configurations.

For more information on how to configure remote validation, see Configure remote validation.

For more information on how to add identity token information to a CLIENT-PRINCIPAL object, see Add identity token data to a CLIENT-PRINCIPAL object.

In this release, the new -DisallowFatalSignalBlock parameter prevents pthread_sigmask() from blocking fatal signals. When you add this parameter to the agentStartupParam property in the openedge.properties file of a PAS for OpenEdge instance, the PAS for OpenEdge agent prevents calls to pthread_sigmask() from attempting to block fatal signals such as SIGSEGV, SIGBUS, SIGILL, and SIGFPE. However, it is effective for UNIX systems only and does not accept any arguments. This parameter also helps the IT Operations team to quickly diagnose the reason for the disappearance of the PAS for OpenEdge agent and thus saves time by achieving a faster MTTR (mean time to resolution).

For more information about agent startup parameter, see agentStartupParam property in the ABL session manager and session pool topic of the Manage Progress Application Server (PAS) for OpenEdge guide.

The OpenEdge.Messaging API now provides the ability to set Apache Kafka^® configuration properties on a per-topic basis. Previously, you could only provide limited configuration at the topic level, which meant you had to create and manage separate producers within the application to handle topics with different settings. Now, with this feature, you can apply configuration settings at the topic level, greatly reducing application complexity, overhead, and memory usage.

topicConfigBuilder:SetTopicOption("request.required.acks", "1").
topicConfigBuilder:SetTopicOption("request.timeout.ms", "10000"). 

For more information, see Topic configuration for a producer and Topic configuration for a consumer.

The OpenEdge.Messaging API now provides transactional control over sending messages to an Apache Kafka^® cluster. A transaction is a way to group messages, so that all the messages in the group remain invisible to consumers, until all have been sent successfully, and the transaction is completed. The transactional producer is an additional set of APIs that extend the existing message producer class.

For more information, see Kafka Transactional Producer.

OpenEdge now supports built-in SortedSet collections in Object Oriented ABL (OOABL). A SortedSet is a collection that maintains a unique set of elements (objects) in a specific order.

Earlier implementations for SortedSet included using temp-tables, the OpenEdge.Core.Collections package, or arrays. These implementations have limitations and are inefficient for a SortedSet use case. The new Progress.Collections classes and interfaces provide an efficient, built-in SortedSet construct that can be used by any ABL application. In addition, the built-in construct supports a type-safe, generic programming model that allows Developers to restrict the types of objects added to the set.

For more information, see Sorted set collections in object-oriented ABL.

In this release, the Progress Developer Studio for OpenEdge has been upgraded to use the Eclipse version 4.23 or Eclipse 2022-06.

For more information, download "OpenEdge 12.6 Documentation" from OpenEdge Documentation Archive and see "Parts of initialization process" in Progress Developer Studio for OpenEdge Online Help.

As of OpenEdge 12.6, the message group (if available) is no longer displayed when using the FULL_TEXT_FORMAT of the ABL logger. In its place, the logger short name is used.

To revert to the previous behavior and display the message group, use the TOKEN_FORMAT and REPLACE_TOKENS_FORMAT filters. For example, the following options produce output that includes the message group.

{
   "logger":{
      "myLogger":{
         "logLevel":"INFO",
         "filters":[
            {
               "name":"TOKEN_FORMAT",
               "format":"[${t.now}] ${msg.grp} ${msg.level}: ${msg}"
            },
            "REPLACE_TOKENS_FORMAT",
            {
               "name":"NAMED_FILE_WRITER",
               "fileName":"my_logs.log",
               "appendTo":true
            }
         ]
      }
   }
}

The REPLACE_TOKENS_FORMAT filter allows you to fine-tune your preferred message format.

For more information, see Log filters in Troubleshoot ABL Applications.

OpenEdge 12.6 introduces expanded annotation support in ABLUnit to align with modern testing practices and improve test clarity and maintainability.

• @BeforeAll and @AfterAll

  These preferred annotations supplement the legacy @Before and @After annotations. They execute once per test class—before and after all test methods, respectively. They are ideal for initializing and cleaning up shared resources.

• @BeforeEach and @AfterEach

  These preferred annotations supplement the legacy @Setup and @TearDown annotations. They execute before and after each test method, respectively, allowing for more granular test preparation and cleanup.

For more information, see Annotations supported with ABLUnit in Progress Developer Studio for OpenEdge Online Help.

The PROUTIL IDXCOMPACT qualifier is an online database utility that improves query performance by cleaning up unused index blocks. In this release, Database Administrators who have just performed a mass delete operation can improve query performance by specifying the new UNUSEDBLOCKS option. This option causes PROUTIL IDXCOMPACT to scan only the delete chain and clean up blocks if the index is a unique index. This option also improves OLTP performance and speeds up certain PROUTIL IDXCOMPACT operations.

For more information, see PROUTIL IDXCOMPACT qualifier.

Database Administrators typically use Enterprise-level licensing on their production databases because they have larger number of users, larger amounts of data, and require the functionality to manage both. Frequently, Database Administrators make a copy of their production database and use it on development and QA systems or for business reporting. These environments do not merit Enterprise-level functionality and are typically licensed with the Workgroup Edition. The problem arises when a Database Administrator makes a copy of their production database that uses large files and wants to use the copy in their development environment without the required Enterprise license.

In this release of OpenEdge, large file support is no longer restricted to users with Enterprise licenses.

For more information, see Database creation and large file support.

Database Administrators frequently encounter situations where the business no longer has use for historical or already processed data. Leaving the data in an area causes processing overhead as the data grows substantially, so Database Administrators need to remove data online and quickly. Prior to this release, Database Administrators could only truncate an area offline, after truncating the BI file and disabling after-imaging.

This feature lets Database Administrators use the existing PROUTIL TRUNCATE AREA <area-name> command to truncate Type I and Type II areas when the database is online, and the BI recovery and AI roll-forward are active. Before truncating an area online, use TABLE DROP or ONLINE TABLE TRUNCATION to clear the specified storage areas of tables and their associated indexes and LOBs. After using this feature, Database Administrators can run PROSTRCT REMOVE offline on empty data storage areas to remove them.

For more information, see Truncate data storage areas.

Under rare circumstances, when a failed database cannot be restarted, Database Administrators must examine the database, troubleshoot, and fix the issue, before restarting the database. Prior to this release, a Database Administrator had to run diagnostic utilities in single-user mode, which created a bottleneck for disaster recovery.

To expedite diagnosing issues, a new enhancement lets certain diagnostic utilities run concurrently. Running utilities concurrently while the database is stopped reduces the cost of checking for database corruption in a disaster scenario.

Supported utilities must have read-only connections to run concurrently.

Read-only database connections allow for any number of connections at once, limited by the maximum number of connections.

Scanning records in area 9 for missing keys:
Processing blocks of table 13 in area 9.
Phase 1, processing block number 16384 in area 9. (8365)
Phase 1, processing block number 16385 in area 9. (8365)
…

Processed 1953724 blocks of table 13.
Record scan in area 9 complete: 0 keys read,  1953724 total.
Scanning records in area 14 for missing keys:
Processing blocks of index 40 in area 14.
Phase 1, processing block number 249856 in area 14. (8365)
Phase 1, processing block number 249857 in area 14. (8365)
Phase 1, processing block number 249858 in area 14. (8365)
…

Phase 1, processing block number 250095 in area 14. (8365)
Processed 2338 blocks of index 40.
Record scan in area 14 complete: 400 keys read,  4000 total.

These performance improvements only apply to objects in Type II areas and do not affect Type I objects.

For more information, see PROUTIL IDXFIX qualifier.

The Index Fix utility (PROUTIL IDXFIX) is often used on a production database that is stopped due to index corruption. Option 6 lets the Database Administrators delete a record and all its indexes from the database.

If any part of the record and its index entries is missing, IDXFIX cannot continue. When IDXFIX is blocked, the fallback is to attempt the dump and load functionalities: binary, binary using table scan, and ABL dump and load. Each of these approaches takes successively longer to use and to proceed through the repair attempts. Expanding the scenarios that can be repaired by IDXFIX, rather than going to more costly repairs, reduces database downtime.

In this release, Option 6 can delete records without index entries and identify the table, index, and other objects affected by record removal.

For more information, see PROUTIL IDXFIX qualifier and Troubleshoot record and index fragmentation.

The binary dump utility and the binary dump specified utility handle certain kinds of record corruptions, such as a record continuation that cannot be found. This new behavior is expected to make the dump and load process smoother and enable customers to recover data more easily.

If a corrupt record is detected, the utilities display proper information, such as Row ID or table number of the record, which a Database Administrators can use to identify and fix the corruption.

These utilities also include an option to prevent themselves from continuing with numerous errors if too many records are corrupted. This option allows each utility to stop after a certain number of errors have been detected. By default, the utilities continue despite a high number of errors.

For more information, see PROUTIL DUMP qualifier and PROUTIL DUMPSPECIFIED qualifier.

After-Imaging (AI) files record the changes in the database. The amount of data in an AI file reflects the Create-Update-Delete (CUD) operations during the timeframe when the AI file was used. When AI Management is also used, AI files can be switched and archived automatically. When AI Management copies the AI file to the specified directory, it marks the file empty and all the information of that file is lost.

To monitor the database performance, customers need to know the number of bytes used in the AI file while AI Management is executing. When the AI file is switched, OpenEdge now writes the number of bytes in a new message to the database log (.lg) file.

For more information, see Switch to a new AI file.

For more information and sample dump and load codes, see Dump and load table data using Data Admin Utilities.

OpenEdge 12.6 is now supported on JDK 17. The supported Java version for different OpenEdge releases is mentioned in the OpenEdge 12 Platform Compatibility Guide.

For more information on how it may affect your OpenEdge installation, see Java 17 support for OpenEdge FAQ.