PolicyCenter 10.1.0 Release Notes

Major issues and changes

This section contains issues and major changes that may affect your installation. For more information on new features and major changes, see New and Changed Guide.

Using Oracle AutoTask to gather database statistics

Due to an Oracle bug, using Oracle AutoTask to gather database statistics can create certain issues in Guidewire PolicyCenter. Oracle has partially fixed the issue in Oracle Bug 20921713. However, some of the issue remains unresolved and is still outstanding as part of Oracle Bug 27818902.

The issues occur when PolicyCenter is using statistics preferences (useoraclestatspreferences=true). If you notice additional resources being used to gather statistics on non-stale tables, Oracle Support recommends the following workaround:

Disable autotask 'auto optimizer stats collection'.
Create a new Oracle database job to gather schema statistics or database statistics using the 'GATHER STALE' option. For example:
- dbms_stats.gather_schema_stats(ownname=>'PCUSER', options=>''GATHER STALE')
Note: Replace PCUSER with the actual PolicyCenter database user name.

Chinese language resources are for demonstration purposes only

This release includes Chinese language resources in the base configuration. These resources are provided only for demonstration purposes, and are not supported for production use.

Generated reports on changes

The following are generated reports of changes between releases.

Guidewire also provides a report detailing certain differences between the current release and your prior release. This report describes changes in display keys, entities, typelists, and the Gosu API. To obtain your custom Upgrade Diff report, visit the Guidewire Community and search for knowledge article 7898, "How to find reports detailing differences between earlier and later releases of Guidewire core products".

Changes between releases 10.0.3 and 10.1.0

The following are generated reports of changes in this release.

Base resources: To view a report of the changes to the base resources, click here.
Base PCF files: To view a report of the changes to the base PCF files, click here.

Improvements and resolved issues

Guidewire attempts to provide information for issues of primary importance to our customers. This list is not intended to be comprehensive.

PolicyCenter improvements and resolved issues

ID	Description
ISPC‑728	Made a fix so that the quote purging feature can now purge rewrite and renewal policy transactions.
ISPC‑767	Fixed an issue which caused assignment of typekeys to local variables to fail with a message that typekeys must be explicitly cast to `String` using the `as` keyword.
ISPC‑847	Fixed an issue that caused database upgrade to fail with exception “Illegal modifications detected in Product Model”, such as Businessowners product, delivered with the base configuration. This occurred when upgrading from 8.0 and 9.0 to 10.x when PolicyCenter was in production mode for both source and target.
ISPC‑912	`PolicyPeriod#getTaxAndSurchargesRPT` no longer attempts to update the `TaxSurchargesRPT` property if the branch is locked.
ISPC‑1038	Removed `ICPClassCodeSearchCriteriaFactory`. Use `ClassCodeSearchCriteria` instead.
ISPC‑1371	Changed the way external ids for contacts and addresses are generated. The new `config.xml` parameter, `ExternalIDPrefix`, specifies the prefix for external identifiers. This must be different than `PublicIDPrefix`.
ISPC‑1382	Removed an unnecessary commit in `AccountImpl#transferPolicies`.
ISPC‑1420	The `FormPatternImpl` and `AnswerContainerImpl` classes no longer use the global `TypeSystem` lock.
ISPC‑1468	Fixed an issue on SQL Server where producer code security verification failed on queries with a large number of query parameters. This was observed in common operations relating to producer code security, including but not limited to, viewing the account file and contact search.
ISPC‑1486	Added the following InsuranceSuite Behavior Testing Framework items for the homeowners line: `line/hop/job/cancellation/HO-AssessCancellationRisks-CancelReinstateRewriteTransaction` feature `line/hop/job/cancellation/PC-COM-ConfirmOfferReinstatement-QuoteTransaction` feature `line/hop/job/cancellation/PC-COM-IssueCancellation-EnterTransaction` feature `line/hop/job/cancellation/PC-COM-Re-Price-QuoteTransaction` feature `line/hop/job/issuance/HO-IssuePolicy-IssueTransaction` feature `line/hop/job/policychange/HO-AssessRisk-ChangeTransaction` feature `line/hop/job/policychange/PC-COM-PriceRisk-QuoteTransaction` feature `line/hop/job/renewal/HO-AssessRiskandClaimsExperience-RenewTransaction` feature `line/hop/job/rewrite/HO-AssessRisk-CancelReinstateRewriteTransaction` feature `line/hop/job/submission/HO-AssessRisk-QuoteTransaction` feature `line/hop/job/submission/HO-AssessRisk-ReviewTransaction` feature `line/hop/job/submission/HO-CaptureRiskDetails-EnterTransaction` feature `line/hop/job/submission/HO-CheckProductPreQualifyRisk-Underwriting` feature `line/hop/job/submission/HO-DefineProductForms-FormPatterns-HO8` feature Added the following InsuranceSuite Behavior Testing Framework items for the personal auto line: `line/pa/job/issuance/PA-IssuePolicy-IssueTransaction` feature `line/pa/job/submission/PA-AssessRisk-QuoteTransaction` feature `line/pa/job/submission/PA-DefineProductForms-FormsInference(SRS)` feature `line/pa/job/submission/PA-MultipleQuoteVersions-SidebySide` feature `line/pa/job/submission/PA-PriceRisk-QuoteTransaction` feature `line/pa/job/submission/PA-QuickQuote-QuickQuote` feature Added the following InsuranceSuite Behavior Testing Framework item for the workers' compensation line: `line/pa/job/submission/PC-COM-CaptureRiskDetails-EnterTransaction` feature
ISPC‑1492	Removed an unnecessary check on archive document references.
ISPC‑1497	Changed code to use array loader wherever both the left and right sides of the . operator denoted arrays. For example, `locations.Buildings*.Coverages`, which is all locations and all buildings at each location.
ISPC‑1512	Fixed an issue where periodic clearing of the rate table cache caused performance to decline. With this fix, active rate books are only removed from the cache when the cache is full and new entries need to be put into the cache. This can occur when a new rate book is added. Use the following `config.xml` parameters to control rate table caching: `RateBookCacheEntryLifetimeSecs` `RateTableDefinitionCacheUpdateIntervalSecs` `RateTableCacheMaxSize` `RateTableCacheEntryLifetimeSecs` `RateTableCacheUpdateIntervalSecs` `RateTableCacheConcurrency` `RateBookCacheUpdateIntervalSecs`
ISPC‑1513	Purges of `Job`, `PolicyTerm`, and `Worksheet` graphs no longer check to determine if archive documents are referencing any bean that is about to be purged.
ISPC‑1592	Log output has been changed to no longer show the display name of the Contact; instead the PublicID is output.
ISPC‑1614	Fixed an issue where `AccountContactRoleImpl` queried for a null primary key.
ISPC‑1616	For improved performance, added caching to the Side By Side quoting screen.
ISPC‑1617	Fixed an issue where the `sideHelper` variable in `SideBySideScreen.pcf` was recreated twice when the screen was refreshed.
ISPC‑1717	When using the precompile rate routines JAR feature, only rate routines in preloaded rate books returned by `RateBookPreloadPlugin#getRateBooksToPreload` were accessible when rating. With this fix, all rate routines in rate books returned by `RateBookPreloadPlugin#getRateBooksToExportToJAR` are available for rating.

ContactManager improvements and resolved issues

ID	Description
ISCM‑125	To prevent PII data from being transmitted, Contact names are now excluded from ContactManager log data. Instead, `Contact.PublicID` is passed to logs.

Platform improvements and resolved issues

ID	Description
ISGOSU‑259	Updated Gradle to version 6.0.1.
ISGOSU‑282	Fixed an issue that caused a slow memory leak by changing the implementation of an internal cache. This change also provides a minor performance improvement.
ISGOSU‑284	Fixed an issue that caused a deadlock for double-check locking.
ISPL‑425	Fixed a problem with the (Server Tools) Database Table Info report download that caused the download to fail if an entity subtype and a typelist shared the same name.
ISPL‑539	Added an example implementation of the `ExternalConfigurationProviderPlugin` plugin that can retrieve an externalized property values file from an Amazon AWS S3 bucket.
ISPL‑2011	Fixed an issue where some Solr configuration files, particularly `solrconfig.xml`, were incorrectly marked as read-only in Guidewire Studio. These files are now editable.
ISPL‑2338	SQLServer database only. Fixed an issue where importing more than 2100 contacts through the administrative data import failed with the exception, "The incoming request has too many parameters."
ISPL‑2423	InsuranceSuite now supports Amazon Relational Database Service (RDS) for Microsoft SQL Server. For information about supported releases, visit the Guidewire Community and search for knowledge article 1005, "Supported Software Components".
ISPL‑2438	The initial page under the Query Store report in the (Server Tools) SQL Server Performance report download now contains top queries. The default order is time. It is possible to sort the page using other metrics, as well.
ISPL‑2882	Fixed the following issues within list views: For a `CheckBoxCell` and `BooleanRadioCell`, a confirmation dialog did not appear. For a `RangeCell` with a confirmation dialog, clicking on the range cell did not reliably display the list of options. For a `RadioButtonCell` with a confirmation dialog, if you canceled the confirmation, the update proceeded regardless.
ISPL‑2901	Redis broadcast transport and database-based broadcast transport now expose broadcast message size and latency percentiles (95%, 99%, 99.9%) in their MBeans.
ISPL‑2914	Added support for the following OpenJDKs: Amazon Corretto on Linux, in addition to Windows. RedHat distribution of OpenJDK for Microsoft Windows, in addition to Linux. For details, visit the Guidewire Community and search for knowledge article 1005, "Supported Software Components".
ISPL‑3027	Improved the performance of the internal method `EntityInternalAccess.getEntityFriendAccess` by using `java.util.concurrent.ConcurrentHashMap`. This method obtains the implementations of entity classes.
ISPL‑3052	Added support for Amazon Relational Database Service (RDS) for Oracle. For information about supported releases, visit the Guidewire Community and search for knowledge article 1005, "Supported Software Components".
ISPL‑3188	REST API operations that use a default handler method can now be individually profiled.
ISPL‑3189	InsuranceSuite now allows changes to `.updater.json` and `.apiconfig.yaml` files during rolling upgrade.
ISPL‑3299	Added the `numberOfMessagesReceivedUnderThreshold` field to Redis broadcast MBean. This field returns the number of received messages with latency under the 100ms threshold. 100ms is a default threshold. You can change the default using the Java system property `gw.cluster.bbts.msg_latency_threshold.msecs`.
ISPL‑3336	Certified Apache Tomcat 9.0.31 in addition to the versions that were previously certified. For details, visit the Guidewire Community and search for knowledge article 1005, "Supported Software Components".
ISPL‑3337	InsuranceSuite now supports the Chromium-based Microsoft Edge browser. For information about supported releases, visit the Guidewire Community and search for knowledge article 1005, "Supported Software Components".
ISPL‑3394	Fixed an issue in which the Japanese Imperial Calendar would not reset its era if the date text was highlighted and the backspace or delete key was pressed.
ISPL‑3395	Fixed an issue that caused the Japanese Imperial Date picker to make an unexpected date conversion if the user entered an invalid date and the invalid date had a logical equivalence to another date. For example, in the Gregorian calendar, this would be equivalent to the user entering February 29 in a non-leap year and the date converter automatically converting the date to the logically equivalent March 1 date. This situation now causes a validation error.
ISPL‑3408	Modified method `MessagingUtil.getDestinationStatus` to return `TC_UNKNOWN` if the ownership or status is in flux. For example, this can happen in the case of the destination actively being migrated between servers.
ISPL‑3409	Modified method `MessagingUtil.getDestinationStatus` to return the operational status (which can be up to `REFRESH_INTERVAL_IN_MILLISECONDS` seconds stale) of the specified destination. `REFRESH_INTERVAL_IN_MILLISECONDS` has a default of 5000. Use JVM parameter `-Dgw.messaging.destination.status.refresh.intervalInMillis=...` while starting the application server to override this if needed. This method returns a cached value if it has been called within the last `REFRESH_INTERVAL_IN_MILLISECONDS` seconds. The use of caching here avoids overwhelming the destination nodes with frequent requests, as these nodes incur a network call if the current server is not the owner of the destination in a clustered deployment.
ISPL‑3426	Fixed an issue that would occur if an entity with the `final` attribute set to `true` and a typelist had the same name. If you tried to programmatically get the value of the `Description` property of a typecode, then the `Name` property was returned instead. The correct value is now returned.
ISPL‑3462	To guarantee a cleaner application shutdown, PolicyCenter shuts down the Intentional Logging component before the Database Service component.
ISPL‑3487	Fixed a persistent or stored cross-site (XSS) scripting security vulnerability. For related information, visit the Guidewire Community and search for knowledge article 15952, "InsuranceSuite 10: XSS Vulnerability".
ISPL‑3548	Fixed an issue in which `.arrays()` on an `EffDated` bean could give wrong results
ISPL‑3552	Fixed a DOM XSS (Document Object Model-based Cross-Site Scripting) security vulnerability. For related information, visit the Guidewire Community and search for knowledge article 15952, "InsuranceSuite 10: XSS Vulnerability".
ISPL‑3589	CSV exports of list views are vulnerable to CSV injection: https://owasp.org/www-community/attacks/CSV_Injection CSV Injection, also known as Formula Injection vulnerability, arises when untrusted input is embedded directly into comma- separated-values (CSV) files as data for subsequent import into a spreadsheet. Such input can be maliciously crafted to break the data/code barrier in spreadsheet software and result in unintended command and program execution. InsuranceSuite now escapes such values with a special Excel constant-string format: ="<value>". For example, =foo becomes ="=foo". While this format successfully prevents Excel from trying to invoke a function called `foo`, it still likely triggers tools that are scanning for CSV injection vulnerability. Unfortunately, the standard CSV quote format, for example, `"=foo"`, still causes Excel and similar spreadsheets to invoke a function.
ISPL‑3627	Removed an older, duplicate version of the `com.google.protobuf` library.
ISPL‑3636	Fixed an issue that permitted two different versions of the Woodstox StAX XML parser to be packaged in the WAR file. With this fix, only the newer version is packaged in the WAR file.
ISPL‑3637	Fixed an issue in which the `jakarta.activation` JAR was not included in the WAR file if building with Java 11. JavaMail requires this jar, which is used by the `EmailMessageTransport` implementation.
ISPL‑3655	Fixed an incorrect error message when an unsupported JDBC driver was in use.
ISPL‑3752	Made the following changes to the implementations of the `DefaultDatabaseBroadcastTransportFactory` plugin and the `RedisBroadcastTransportFactory` cluster transport plugin: Added new optional parameter `maxBatchWriteInterval` - If a broadcast transport generates an error while trying to send the current batch of messages, the plugin performs a retry with exponential backoff, meaning that the delay (wait period) doubles after each consecutive error, up to the value of this parameter. This value is the maximum retry interval (in milliseconds). The default `DefaultDatabaseBroadcastTransportFactory` value is 16000 (16 seconds), RedisBroadcastTransportFactory is 8000 (8 seconds). Changed the default value of existing `batchWriteAttempts` parameter from 30 to 10.
ISPL‑3837	Upgraded Amazon Web Service APIs from 1.11.714 to 2.11.11.
ISPL‑3877	Fixed the `preProcess` and `postProcess` methods in the `InboundFileHandler` interface. These methods can be used for non-parallel processing only, with the `chunkSize` parameter set to 0. Fixed an issue with the inbound file framework in which some internal classes that implement the `InboundFileHandler` interface would fail validation and throw a `ClassNotFoundException` exception.
ISPL‑3887	Removed the third-party library `org.apache.pdfbox.fontbox` as it was unused and triggering false positive CVE reports.
ISPL‑3910	Fixed an issue in which availability reflection did not work fully for date inputs/cells. Date controls contain multiple HTML elements. If a date control includes both date and time, then a date control contains a date input, a time input, an AM/PM selector, and an icon/button to bring up the date picker. If availability was changed by reflection, most of the elements changed appropriately, but the date picker icon did not. For example, if a date control started out enabled, then using reflection to disable it would grey out and disable the date input, time input and AM/PM selector, but it would leave the date picker icon enabled.
ISPL‑3912	Improved the performance of the `DelegateLoader` class.
ISPL‑3956	The archive reference tracking table now excludes all `EffDated` entities. An archived `PolicyPeriod` must never reference an `EffDated` entity. An exception is made for the `BasedOn` reference, but that is managed by the order in which PolicyCenter archives `PolicyPeriod` entities. There is no reason to maintain these references in the archive reference tracking table, which could otherwise get quite large as a result.
ISPL‑3959	Improved the performance of the query used to determine whether an object is referenced by any archive document. This change includes the addition of a new index on the `ReferencedEntity` and `ReferencedEntityPublicID` fields of the `ArchiveDocumentReferenceItem` entity.
ISPL‑3980	Fixed an issue in which large lists or maps of PCF variables could cause performance issues while navigating between PCF pages.
ISPL‑3984	A personal data purge cannot occur until the archive reference tracking tables are synchronized with the archive. As long as the `ArchiveReferenceTrackingEnabled` configuration parameter is set to `true`, then these tables normally are in sync with the archive. The query to determine whether the tables are in sync with the archive is expensive to run, and, previously, this query was being run on every personal data purge. Now, the query runs only until the process determines that the archive reference tracking tables are in sync with the archive. After the tables are in sync with the archive (at which point, the tables will never get out of sync), there is no longer a reason to run the query.
ISPL‑3996	Archive reference tracking, which is required to implement personal data protection features, is now always enabled. The value of the `ArchiveReferenceTrackingEnabled` parameter no longer has any effect.
ISPL‑4058	Fixed an issue that prevented JMS inbound integration from starting on a clustered system on returning to multiuser mode from maintenance mode.
ISPL‑4076	Fixed an issue with the archived log file being corrupted after server restart on servers running Microsoft Windows.
ISPL‑4194	Improved the accuracy of the measurement of elapsed time of cache `RarelyChangingBeanDataCache`.
ISPL‑4268	Added the third-party library `io.netty.netty-all 4.1.48`.
ISPL‑4333	Commented out the AJP connector from the Tomcat server configuration file `server-tomcat9.xml`. The connector is disabled by default to prevent exposure as a security vulnerability.