Download DataFlex Studio

Release date: October 16, 2024

New in this release DataFlex 23.0.60.105

• Fixed Leaking handles in WebApp Server in the process pool logic.
• Fixed a Security issue in the DataFlex WebApp Framework.
• (DF24.0) Fixed a SPLF license check issue causing one WebApp less to be allowed than the license permits.

New in previous release DataFlex 23.0.60.102

• Security update

New in previous release DataFlex 23.0.60.101

To address issues with Windows Defender incorrectly flagging temporary files created by the DataFlex compiler as false positives, a solution has been implemented. A new linker has been developed that eliminates the need for temporary files. This updated release incorporates this new linker.

New in previous release DataFlex 23.0.53.92

• FlexTron
• Embedded SQL API
• Web Grid Layout
• WebList Grouping

And many more. Go to the What’s New in DataFlex page for a complete overview!

Changes in DataFlex 2023/23.0

• FlexTron
• Embedded SQL API
• Web Grid Layout
• WebList Grouping

And many more. Go to the What’s New in DataFlex page for a complete overview!

Release date: August 21, 2024

New in this release DataFlex 20.1.40.93

• Security update

New in previous release DataFlex 20.1.40.88

To address issues with Windows Defender incorrectly flagging temporary files created by the DataFlex compiler as false positives, a solution has been implemented. A new linker has been developed that eliminates the need for temporary files. This updated release incorporates this new linker.

New in previous release DataFlex 20.1.39

• Set_Attribute DF_FILE_USE_DUMMY_ZERO_DATE caused memory violation.
• SQL drivers crashed after long error from backend.
• There was a memory overwrite in error handling when the backend returned long error text (> 500) in all SQL drivers.
• Embedded SQL Setting SQLSTMTATTRIB_CURSOR_TYPE broken in DF20.x.
• This was a 64-bit issue where the cursor would not change type when using Send SQLSetStmtAttribute of hstmt SQLSTMTATTRIB_CURSOR_TYPE SQL_CURSOR_STATIC.
• WString null terminator issue:
• After Including Windows.pkg a following of Repeat on a WString and AddressOf causes an access violation.
• Uppercase crashes on invalid strings.
• Memory violation on large strings in replaces().
• Pressing Enter in cWebSuggestionForm with cWebList does not trigger OnRowClick.
• Adding a WebColumnCheckbox to a cWebGrid breaks focus rotation.
• WebAppServer sometimes get stuck when start / stopping processes.
• WebServices XmlHandle bug:
• When returning custom xml from a web-service by returning an XmlHandle, it sometimes adds garbage to the response.
• Scalar variable SQL restructure error.
• Fixed issue where a Find after Fill_Field DF_LOW/DF_HIGH would in some circumstances find wrong record.
• cWebDynamicObjectContainer forgets the order of child objects (columns).
• GPF in SortArray on non-initialized members in string array
• Append behavior change between 19.x and 20.x:
• when the first argument of append is an integer instead of a string, it performs a numeric append (addition) instead of a string concatenation.
• Finds on indexes having NULL not working correct.
• The generated WHERE clause was not correct when there were NULL values in an index segment.
• ReadLn does not read more than 65535 characters.
• A Security patch was included that fixes potential data leakage in the cWebCombo and cWebParentCombo

For a full list of changes visit the online docs.

Changes in DataFlex 2021/20.0

Unicode and 64-bit

Web Framework

• Dynamic Web Objects
• cWebTagsForm
• cWebGeoLocation
• Security

More

• Connectivity
• WebApp Server
• Studio Dark Theme

Go to the What’s new in DataFlex page, and scroll down to DataFlex 2021/20.0, for a complete overview.

Release date: August 21, 2024

New in this release DataFlex 19.1.58.173

• Security update

New in previous release DataFlex 19.1.58.169

To address issues with Windows Defender incorrectly flagging temporary files created by the DataFlex compiler as false positives, a solution has been implemented. A new linker has been developed that eliminates the need for temporary files. This updated release incorporates this new linker.

New in previous release DataFlex 19.1.58.167

Web

• HTTP Request Handler
• Meaningful URL’s and History Management
• Expandable Lists
• Horizontal Scrolling
• Material Design Theme
• Basic Web Applications
• Connectivity

Windows

• Enhanced DPI Awareness
• Improved and Configurable Form Heights

More

• Installer
• Embedded Manifest Files
• Code Cleanup
• DataFlex Reports Examples

Go to the What’s New in DataFlex page, and scroll down to DataFlex 2019/19.0, for a complete overview.

Security Patch: Cross-Session Contamination

The Issue

Under certain circumstances web property values from one session could leak into another session. This bug does not affect the usability of applications and regular users would not see these values. Hackers can potentially exploit the behavior making it a security risk that needs to be addressed. This issue affects DataFlex 19.0 and higher.

The Fix

To fix this issue we have created updated versions of several source packages of the web framework. For all affected revisions, these files will be made available in a zip file so that developers can manually update their installations. Updated installers will be made available for the DataFlex revisions that are still supported. Note that it is recommended to use the updated installer whenever possible.

DataFlex 2022 – 20.1

Fixed packages are available in the zip file. These have been tested on the latest release build of 20.1.31.70.

A new installer (20.1.33.77) is available which also contains several other stability improvements. We strongly encourage all developers to use the latest installer.

DataFlex 2021 – 20.0

Fixed packages are available in the zip file. These have been tested on build 20.0.7.156.

A new installer (20.0.7.159) is available.

DataFlex 2019 – 19.1

Fixed packages are available in the zip file. These have been tested on build 19.1.58.159.

A new installer (19.1.58.167) is available.

DataFlex 2017 – 19.0

Fixed packages are available in the zip file. These have been tested on build 19.0.33.4 with WebApp Framework build 19.0.8.55 (in 19.0 this had its own build number).

No new installer will be made available.

Applying the Fix Using the Installer

• Uninstall DataFlex Studio
• Install the updated DataFlex Studio
• Recompile your web applications
• Deploy the updated web applications
  • It is recommended to also update the Web Application Server (although not mandatory for 20.0 and 19.1)

Applying the Fix Manually

• Unzip the zip file
• Copy the files for your revision to the Pkg folder of your DataFlex installation
  • Note that cWebApp.pkg contains a version number that needs to match your JavaScript Engine. The supplied package contains the build numbers mentioned above.
• Recompile your system packages
  • Run the studio
    • Note that depending on your installation location you might need to run the studio as administrator
  • Open a workspace
  • Project > Precompile > Precompile system packages
• Recompile your web applications
• Deploy the updated web applications

Note that the packages will only work with the stated base revisions, which are the latest released builds for each revision. If you are currently using a build earlier than the stated base revision and attempt to apply the fix manually, you will see the following:

• When you open a workspace in the Studio, the JavaScript Engine Version Mismatch error will be displayed
• The system packages will not recompile without errors

To address these issues, you must update. Therefore, we recommend that developers use the newly published installers to apply the fix.

Recently, two issues were brought to our attention that we have addressed with in-line updates to DataFlex 18.x. Other than the information below, there are no changes to these releases.

1. Windows 10 Creators Update Bug

As part of the Windows 10 Creators Update, Microsoft introduced an operating system bug that halts program execution when using the GetWindowLong function to retrieve information from a window that is not processing its message queue. This bug is not DataFlex specific, it was reported to Microsoft using test programs written in C.

Microsoft has acknowledged this bug and has stated their intention to address it in a future Windows 10 update. To respond to this issue in the shortest possible time for the benefit of our developers, we have created a work around in DataFlex for this operating system bug. We eliminated the use of the GetWindowLong call during initialization as it was a legacy technique to look for other DataFlex instances that is no longer used. This workaround is implemented in the DataFlex Virtual Machine (runtime) component (vdfvm18.dll).

2. Web Services Updates

DataFlex developer Raphael Theiler identified the potential for External XML Entity Injections (XXE) and exponential entity expansions to be exploited in DataFlex Web Services. We confirmed his findings and have addressed both vulnerabilities in an update to our Web Services engine.

During the same time period, we discovered that sending HTTP POST requests without a body to a JSON web service could cause a crash and have hardened Web Application Server against that scenario. There are three changes in the update to the DataFlex Web Application Server Web Service Endpoint (waswsvc.dll) to address these issues.

• Fix for XXE vulnerability of web services parser
• Fix for exponential entity expansion vulnerability of web services parser
• Fixed a bug where HTTP POST requests without a body to a JSON Web Service would cause a crash

Updates are available now...

The new components have been published for DataFlex 18.2 (original release date of July 2016).

As an alternative, a ZIP file (DataFlex18.2Update.zip) that contains the two changed components that can be applied to existing installations.

Recently, two issues were brought to our attention that we have addressed with in-line updates to DataFlex 18.x. Other than the information below, there are no changes to these releases. 

1. Windows 10 Creators Update Bug

As part of the Windows 10 Creators Update, Microsoft introduced an operating system bug that halts program execution when using the GetWindowLong function to retrieve information from a window that is not processing its message queue. This bug is not DataFlex specific, it was reported to Microsoft using test programs written in C.

Microsoft has acknowledged this bug and has stated their intention to address it in a future Windows 10 update. To respond to this issue in the shortest possible time for the benefit of our developers, we have created a work around in DataFlex for this operating system bug. We eliminated the use of the GetWindowLong call during initialization as it was a legacy technique to look for other DataFlex instances that is no longer used. This workaround is implemented in the DataFlex Virtual Machine (runtime) component (vdfvm18.dll).

2. Web Services Updates

DataFlex developer Raphael Theiler identified the potential for External XML Entity Injections (XXE) and exponential entity expansions to be exploited in DataFlex Web Services. We confirmed his findings and have addressed both vulnerabilities in an update to our Web Services engine.

During the same time period, we discovered that sending HTTP POST requests without a body to a JSON web service could cause a crash and have hardened Web Application Server against that scenario.
There are three changes in the update to the DataFlex Web Application Server Web Service Endpoint (waswsvc.dll) to address these issues.

• Fix for XXE vulnerability of web services parser
• Fix for exponential entity expansion vulnerability of web services parser
• Fixed a bug where HTTP POST requests without a body to a JSON Web Service would cause a crash

Updates are available now...

The new components have been published for DataFlex 18.1 (original release date of July 2015) as ZIP file. The ZIP file (DataFlex18.1Update.Zip) contains the two changed components that can be applied to existing installations.

Data Access Worldwide Recommends...

We recommend updating to the latest SQL drivers at the same time. You can obtain the SQL Driver update at: https://www.dataaccess.eu/resources/downloads/download-category/download-subcategory-842?dagapsg=80

Recently, two issues were brought to our attention that we have addressed with in-line updates to DataFlex 18.x. Other than the information below, there are no changes to these releases. 

1. Windows 10 Creators Update Bug

As part of the Windows 10 Creators Update, Microsoft introduced an operating system bug that halts program execution when using the GetWindowLong function to retrieve information from a window that is not processing its message queue. This bug is not DataFlex specific, it was reported to Microsoft using test programs written in C.

Microsoft has acknowledged this bug and has stated their intention to address it in a future Windows 10 update. To respond to this issue in the shortest possible time for the benefit of our developers, we have created a work around in DataFlex for this operating system bug. We eliminated the use of the GetWindowLong call during initialization as it was a legacy technique to look for other DataFlex instances that is no longer used. This workaround is implemented in the DataFlex Virtual Machine (runtime) component (vdfvm18.dll).

2. Web Services Updates

DataFlex developer Raphael Theiler identified the potential for External XML Entity Injections (XXE) and exponential entity expansions to be exploited in DataFlex Web Services. We confirmed his findings and have addressed both vulnerabilities in an update to our Web Services engine.

During the same time period, we discovered that sending HTTP POST requests without a body to a JSON web service could cause a crash and have hardened Web Application Server against that scenario.
There are three changes in the update to the DataFlex Web Application Server Web Service Endpoint (waswsvc.dll) to address these issues.

• Fix for XXE vulnerability of web services parser
• Fix for exponential entity expansion vulnerability of web services parser
• Fixed a bug where HTTP POST requests without a body to a JSON Web Service would cause a crash

Updates are available now...

The new components have been published for DataFlex 18.0 (original release date of August 2014) as ZIP file. The ZIP file (DataFlex18.0Update.Zip) contains the two changed components that can be applied to existing installations.

Data Access Worldwide Recommends...

We recommend updating to the latest SQL drivers at the same time. You can obtain the SQL Driver update at: https://www.dataaccess.eu/resources/downloads/download-category/download-subcategory-842?dagapsg=80