From af10e7a86ca276d943cf52ae501ec4cb4a64bd4f Mon Sep 17 00:00:00 2001 From: Emir Uner Date: Wed, 3 Dec 2025 10:37:10 +0100 Subject: [PATCH 1/5] Document changes for Amazon S3 SDK upgrade in migration guide --- .../installation/upgrading-from-10-to-11.md | 27 +++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/content/en/docs/refguide/installation/upgrading-from-10-to-11.md b/content/en/docs/refguide/installation/upgrading-from-10-to-11.md index 7faf0b1c9c1..285f94e6914 100644 --- a/content/en/docs/refguide/installation/upgrading-from-10-to-11.md +++ b/content/en/docs/refguide/installation/upgrading-from-10-to-11.md @@ -91,6 +91,33 @@ After the upgrade, your app may report the following new error: `A microflow tha You can resolve the error by enabling entity access for the microflow that calls the **ShowHomePage** microflow. However, this may not always align with your intended access control strategy. Alternatively, you can create a custom microflow that includes the [Show home page](/refguide/show-home-page/) activity without enabling entity access. You can then call this new microflow instead of the one in the **System** module. Another approach is to call the **Show home page** activity directly within your microflow. +### Amazon S3 SDK Upgrade + +With Mendix 10.6 we started using new version of AWS SDK for accessing S3 storage. New SDK has some differences which affects our S3 storage implementation. + +#### `com.mendix.storage.s3.Region` / `com.mendix.storage.s3.EndPoint` settings + +New SDK is stricter with these settings. `com.mendix.storage.s3.Region` setting should be always set to the region matching the region of the bucket. +`com.mendix.storage.s3.EndPoint` setting should be either not set or set to an endpoint matching the region, for example: `s3.eu-west-1.amazonaws.com`. + +When the region is not specified or there is incompatibility between above settings, error logs will contain entries similar to following: +- Unable to load region from any of the providers in the chain +- The bucket you are attempting to access must be addressed using the specified endpoint. +- The authorization header is malformed; the region 'us-east-1' is wrong + +#### AWS Signature V2 support (`com.mendix.storage.s3.UseV2Auth` setting) + +New SDK does not support AWS Signature v2 which is enabled by `UseV2Auth` setting. According to official docs this signature type is deprecated anyway and is not supported by new regions. We do not expect this have any effect when Amazon S3 is used. This will prevent use of S3 compatible solutions that only supports v2 signature type. For these cases you need to switch to either Amazon S3 or a compatible solution that supports newer signature types. + +#### Client Side Encryption Changes + +Client side encryption can be enabled by `com.mendix.storage.s3.EncryptionKeys` setting. Previously any encryption algorithm supported by JDK could be used. With the new SDK only AES is supported. + +The following error will be printed in logs when an algorithm other than AES is used: +- unsupported algorithm: DES + +If an encryption algorithm other than `AES` is used then all existing files should be migrated to use `AES` before upgrading to Mendix 10.6. This can be done by configuring a new `AES` key and rewriting all file documents. + ### Other * Studio Pro 10.21 and above requires your application to use Java 21. The Java version of an application can be configured in the runtime settings. Java 21 is available in 9.24.23 and above. Please consider the Java Version Migration guide for a list of changes between Java versions. For on-premises deployments, ensure that JDK 21 is installed in the environments where Mendix 10 applications are deployed. From ea479cf9ea02f4aa5f34df151bbb5127a1f985a2 Mon Sep 17 00:00:00 2001 From: ConnorLand Date: Fri, 5 Dec 2025 11:25:37 +0100 Subject: [PATCH 2/5] edit headers --- .../docs/refguide/installation/upgrading-from-10-to-11.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/content/en/docs/refguide/installation/upgrading-from-10-to-11.md b/content/en/docs/refguide/installation/upgrading-from-10-to-11.md index 285f94e6914..2a00305bc3d 100644 --- a/content/en/docs/refguide/installation/upgrading-from-10-to-11.md +++ b/content/en/docs/refguide/installation/upgrading-from-10-to-11.md @@ -93,11 +93,11 @@ You can resolve the error by enabling entity access for the microflow that calls ### Amazon S3 SDK Upgrade -With Mendix 10.6 we started using new version of AWS SDK for accessing S3 storage. New SDK has some differences which affects our S3 storage implementation. +With Mendix 10.6, we started using a new version of the AWS SDK for accessing S3 storage. The new SDK version has some differences which affects our S3 storage implementation. -#### `com.mendix.storage.s3.Region` / `com.mendix.storage.s3.EndPoint` settings +#### com.mendix.storage.s3.Region / com.mendix.storage.s3.EndPoint Settings -New SDK is stricter with these settings. `com.mendix.storage.s3.Region` setting should be always set to the region matching the region of the bucket. +SDK version ___ is stricter with these settings. `com.mendix.storage.s3.Region` setting should be always set to the region matching the region of the bucket. `com.mendix.storage.s3.EndPoint` setting should be either not set or set to an endpoint matching the region, for example: `s3.eu-west-1.amazonaws.com`. When the region is not specified or there is incompatibility between above settings, error logs will contain entries similar to following: @@ -105,7 +105,7 @@ When the region is not specified or there is incompatibility between above setti - The bucket you are attempting to access must be addressed using the specified endpoint. - The authorization header is malformed; the region 'us-east-1' is wrong -#### AWS Signature V2 support (`com.mendix.storage.s3.UseV2Auth` setting) +#### AWS Signature V2 support (com.mendix.storage.s3.UseV2Auth Setting) New SDK does not support AWS Signature v2 which is enabled by `UseV2Auth` setting. According to official docs this signature type is deprecated anyway and is not supported by new regions. We do not expect this have any effect when Amazon S3 is used. This will prevent use of S3 compatible solutions that only supports v2 signature type. For these cases you need to switch to either Amazon S3 or a compatible solution that supports newer signature types. From 7f64f83546e70dd54652fef8f69b793653d5d77f Mon Sep 17 00:00:00 2001 From: ConnorLand Date: Fri, 5 Dec 2025 11:29:10 +0100 Subject: [PATCH 3/5] fix link language --- .../refguide/installation/upgrading-from-10-to-11.md | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/content/en/docs/refguide/installation/upgrading-from-10-to-11.md b/content/en/docs/refguide/installation/upgrading-from-10-to-11.md index 2a00305bc3d..fbbd77c6bfc 100644 --- a/content/en/docs/refguide/installation/upgrading-from-10-to-11.md +++ b/content/en/docs/refguide/installation/upgrading-from-10-to-11.md @@ -97,17 +97,18 @@ With Mendix 10.6, we started using a new version of the AWS SDK for accessing S3 #### com.mendix.storage.s3.Region / com.mendix.storage.s3.EndPoint Settings -SDK version ___ is stricter with these settings. `com.mendix.storage.s3.Region` setting should be always set to the region matching the region of the bucket. -`com.mendix.storage.s3.EndPoint` setting should be either not set or set to an endpoint matching the region, for example: `s3.eu-west-1.amazonaws.com`. +SDK version ___ is stricter with these settings. The `com.mendix.storage.s3.Region` setting should be always set to the region matching the region of the bucket. +The `com.mendix.storage.s3.EndPoint` setting should be either not set or set to an endpoint matching the region, for example: `s3.eu-west-1.amazonaws.com`. When the region is not specified or there is incompatibility between above settings, error logs will contain entries similar to following: -- Unable to load region from any of the providers in the chain + +- Unable to load region from any of the providers in the chain. - The bucket you are attempting to access must be addressed using the specified endpoint. -- The authorization header is malformed; the region 'us-east-1' is wrong +- The authorization header is malformed; the region 'us-east-1' is wrong. #### AWS Signature V2 support (com.mendix.storage.s3.UseV2Auth Setting) -New SDK does not support AWS Signature v2 which is enabled by `UseV2Auth` setting. According to official docs this signature type is deprecated anyway and is not supported by new regions. We do not expect this have any effect when Amazon S3 is used. This will prevent use of S3 compatible solutions that only supports v2 signature type. For these cases you need to switch to either Amazon S3 or a compatible solution that supports newer signature types. +SDK version ___ does not support AWS Signature v2 which is enabled by `UseV2Auth` setting. This signature type is deprecated, and is not supported by new regions. For more information, see AWS's ____ Documentation. We do not expect this have any effect when Amazon S3 is used. This will prevent use of S3 compatible solutions that only supports v2 signature type. For these cases you need to switch to either Amazon S3 or a compatible solution that supports newer signature types. #### Client Side Encryption Changes From 48a35aa4a41446ef64a975b12203465e3c55a0cc Mon Sep 17 00:00:00 2001 From: ConnorLand Date: Fri, 5 Dec 2025 11:34:33 +0100 Subject: [PATCH 4/5] Edit --- .../installation/upgrading-from-10-to-11.md | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/content/en/docs/refguide/installation/upgrading-from-10-to-11.md b/content/en/docs/refguide/installation/upgrading-from-10-to-11.md index fbbd77c6bfc..e0933bd38e9 100644 --- a/content/en/docs/refguide/installation/upgrading-from-10-to-11.md +++ b/content/en/docs/refguide/installation/upgrading-from-10-to-11.md @@ -102,22 +102,29 @@ The `com.mendix.storage.s3.EndPoint` setting should be either not set or set to When the region is not specified or there is incompatibility between above settings, error logs will contain entries similar to following: +``` - Unable to load region from any of the providers in the chain. - The bucket you are attempting to access must be addressed using the specified endpoint. - The authorization header is malformed; the region 'us-east-1' is wrong. +``` -#### AWS Signature V2 support (com.mendix.storage.s3.UseV2Auth Setting) +#### AWS Signature V2 Support (com.mendix.storage.s3.UseV2Auth Setting) -SDK version ___ does not support AWS Signature v2 which is enabled by `UseV2Auth` setting. This signature type is deprecated, and is not supported by new regions. For more information, see AWS's ____ Documentation. We do not expect this have any effect when Amazon S3 is used. This will prevent use of S3 compatible solutions that only supports v2 signature type. For these cases you need to switch to either Amazon S3 or a compatible solution that supports newer signature types. +SDK version ___ does not support AWS Signature v2 which is enabled by `UseV2Auth` setting. This signature type is deprecated, and is not supported by new regions. For more information, see AWS's ____ Documentation. + +We do not expect this have any effect when using Amazon S3. This will prevent use of S3 compatible solutions which only support the v2 signature type. In situations like that, you need to switch to either Amazon S3 or a compatible solution that supports newer signature types. #### Client Side Encryption Changes Client side encryption can be enabled by `com.mendix.storage.s3.EncryptionKeys` setting. Previously any encryption algorithm supported by JDK could be used. With the new SDK only AES is supported. The following error will be printed in logs when an algorithm other than AES is used: -- unsupported algorithm: DES -If an encryption algorithm other than `AES` is used then all existing files should be migrated to use `AES` before upgrading to Mendix 10.6. This can be done by configuring a new `AES` key and rewriting all file documents. +``` +- Unsupported algorithm: DES +``` + +If you use an encryption algorithm other than `AES`, then all existing files should be migrated to use `AES` before upgrading to Mendix 10.6. This can be done by configuring a new `AES` key and rewriting all file documents. ### Other From f9b60c55b159b420f0d9b84c17247accdb87f131 Mon Sep 17 00:00:00 2001 From: Emir Uner Date: Mon, 8 Dec 2025 10:16:38 +0100 Subject: [PATCH 5/5] Review comments --- .../installation/upgrading-from-10-to-11.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/content/en/docs/refguide/installation/upgrading-from-10-to-11.md b/content/en/docs/refguide/installation/upgrading-from-10-to-11.md index e0933bd38e9..a05b6bb629b 100644 --- a/content/en/docs/refguide/installation/upgrading-from-10-to-11.md +++ b/content/en/docs/refguide/installation/upgrading-from-10-to-11.md @@ -93,11 +93,11 @@ You can resolve the error by enabling entity access for the microflow that calls ### Amazon S3 SDK Upgrade -With Mendix 10.6, we started using a new version of the AWS SDK for accessing S3 storage. The new SDK version has some differences which affects our S3 storage implementation. +With Mendix 11.6 we upgraded AWS SDK used for accessing S3 storage from version 1 to version 2. SDK version 2 has some [differences](https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/migration-s3.html) which affects our S3 storage implementation. #### com.mendix.storage.s3.Region / com.mendix.storage.s3.EndPoint Settings -SDK version ___ is stricter with these settings. The `com.mendix.storage.s3.Region` setting should be always set to the region matching the region of the bucket. +SDK version 2 is stricter with these settings. The `com.mendix.storage.s3.Region` setting should be always set to the region matching the region of the bucket. The `com.mendix.storage.s3.EndPoint` setting should be either not set or set to an endpoint matching the region, for example: `s3.eu-west-1.amazonaws.com`. When the region is not specified or there is incompatibility between above settings, error logs will contain entries similar to following: @@ -110,9 +110,9 @@ When the region is not specified or there is incompatibility between above setti #### AWS Signature V2 Support (com.mendix.storage.s3.UseV2Auth Setting) -SDK version ___ does not support AWS Signature v2 which is enabled by `UseV2Auth` setting. This signature type is deprecated, and is not supported by new regions. For more information, see AWS's ____ Documentation. +SDK version 2 does not support AWS Signature v2 which is enabled by `UseV2Auth` setting. This signature type is deprecated, and is not supported by new regions. For more information, see [AWS's Documentation](https://docs.aws.amazon.com/AmazonS3/latest/API/specify-signature-version.html). -We do not expect this have any effect when using Amazon S3. This will prevent use of S3 compatible solutions which only support the v2 signature type. In situations like that, you need to switch to either Amazon S3 or a compatible solution that supports newer signature types. +We do not expect this to have any effect when using Amazon S3. This will prevent use of S3 compatible solutions which only support the v2 signature type. In situations like that, you need to switch to either Amazon S3 or a compatible solution that supports newer signature types. #### Client Side Encryption Changes @@ -124,7 +124,7 @@ The following error will be printed in logs when an algorithm other than AES is - Unsupported algorithm: DES ``` -If you use an encryption algorithm other than `AES`, then all existing files should be migrated to use `AES` before upgrading to Mendix 10.6. This can be done by configuring a new `AES` key and rewriting all file documents. +If you use an encryption algorithm other than `AES`, then all existing files should be migrated to use `AES` before upgrading to Mendix 11.6. This can be done by configuring a new `AES` key and rewriting all file documents. ### Other @@ -135,7 +135,7 @@ If you use an encryption algorithm other than `AES`, then all existing files sho * The Task Queue setting `System context tasks` (**Runtime** tab in App Settings) is removed. This setting was deprecated in Mendix 9.6. Queued tasks are now always executed in a context equivalent to the one in which they were created. If an app still has this setting enabled, this results in a consistency check error. There is a quick fix option available in the error's context menu to disable the setting and resolve the error. * The `Core.getRuntimeVersion()` no longer contains the build number: * The format used to be `...` - * The current format is `..`. + * The current format is `..`. * The type parameter for `EventActionInfoclass` has been removed, as it was superfluous. This means `EventActionInfo<..> info = new EventActionInfo<..>(..)` will no longer compile. To fix this, remove the `<..>` code. * String concatenation in expressions for empty/null values has changed. These values are no longer concatenated as 'null', instead they are omitted from the string. The old behavior can be achieved by using an if-else expression (for example 'Value: ' + (if $value != empty then $value else 'null') instead of 'Value: ' + $value). * The default value of the custom runtime setting **DataStorage.OptimizeSecurityColumns** was changed to true. @@ -145,7 +145,7 @@ If you use an encryption algorithm other than `AES`, then all existing files sho * SELECT * in combination with UNION and ORDER BY is no longer allowed in runtime, as it leads to queries that are not accepted by most database engines. * We fixed the issue where SELECT * in combination with UNION and ORDER BY would fail on most database engines. * When COALESCE function in OQL has attributes of different numeric types, the result type is defined according to type precedence. Before, the result type would match the type of the first argument. -* Client API `mx.logger` is no longer supported. All calls to it should be replaced with standard `console.log`, `console.warn`, and other such standard calls. All widgets that use the `mx.logger` need to be updated. +* Client API `mx.logger` is no longer supported. All calls to it should be replaced with standard `console.log`, `console.warn`, and other such standard calls. All widgets that use the `mx.logger` need to be updated. * We no longer convert `empty` values sent to the client into empty strings. All client side expressions must be adjusted accordingly. * We no longer support the runtime API class `com.mendix.modules.email.EmailModule` which was deprecated in [Mendix 10.12](https://docs.mendix.com/releasenotes/studio-pro/10.12/#deprecate-email). We recommend using the [Email Connector](https://marketplace.mendix.com/link/component/120739) module instead. * The [Deep Link module](https://marketplace.mendix.com/link/component/43) is deprecated, and no longer receives active support starting with Studio Pro 11. The functionality this module offers has been replaced with built-in features of the Mendix Platform, such as Page URLs and Microflow URLs. Refer to the [Migrating to Page and Microflow URLs](/appstore/modules/deep-link/#migrate-page-micro) section in *Deep Link* for details on how to migrate to these built-in features.