Configuration and database changes

As a result of an upgrade, you might need to consider configuration or database changes that are new or different compared with previous versions of the software. Depending on the default behavior, you might want to modify the configuration to meet your requirements after you upgrade the deployment.

Version 4.4.4

The following changes are introduced at i2 Analyze version 4.4.4:

Java

The minimum supported version of Java for Liberty, Solr, and ZooKeeper is now 17.0.11. Any extensions that you create and deploy for i2 Analyze 4.4.4 must be compatible with this Java version.

Important: The RC4-HMAC Kerberos encryption type was deprecated at Java 11.0.17. If your deployment uses SPNEGO with Kerberos authentication, you must update your Kerberos configuration. See the Java release notes for more information.

User and group management

i2 Analyze 4.4.4 introduces new features for managing users and groups. Administrators have more control over the users and groups that are provisioned from user registries and identity providers, and they can also create and edit custom user groups through the admin console. See User provisioning for more details.

Save and share feature

Users can save and share artifacts such as visual query definitions with other users and groups. See Saving and sharing for more information.

i2 Notebook importer

This is the initial release of the importer for charts in the i2 Notebook web client.

Minimum supported version for upgrade

The minimum version of i2 Analyze that you can upgrade from is now 4.4.0.

Supported component versions

  • Postgres version 16 is now supported.

  • The minimum supported version for Liberty is now 24.0.0.6.

  • The minimum supported version for Solr is now 9.6.1.

  • The minimum supported version for ZooKeeper is now 3.9.2.

New command access control permissions

Permission for users to share saved artifacts through the new sharing feature is controlled by a new permission:

i2:Share:Artifacts

Users with this permission can share artifacts with other users. Users without this permission can still see artifacts that have been shared with them, and save artifacts for themselves.

The existing i2:Administrator permission has been extended with new sub-permissions to provide more fine-grained access control, and to control access to new functionality:

i2:Administrator:Indexing

Controls access to the REST API endpoints for viewing the status of the Information Store index, and for clearing and rebuilding it if necessary.

i2:Administrator:Connectors

Controls access to the REST API endpoints for managing connectors, and to the gateway status and type conversion apps in the admin console. Users with this permission are automatically granted the i2:Connectors permission.

i2:Administrator:Groups

Controls access to the user group management app in the admin console.

i2:Administrator:SavedArtifacts

Users with this permission are granted full access to all the saved artifacts in the system.

Database table changes

  • Added new tables to support importing to web charts in i2 Notebook.

  • Added new tables to support user and group management in i2 Analyze.

  • Added new tables to support sharing saved artifacts in i2 Analyze.

  • Removed the IS(_Core).User_Principals table, which is no longer used for user management.

Behavior changes

  • The "sensitive" headers provided by the i2 Connect SPI now include two new headers: one that contains the user's ID, and (when available) one that contains the user's OIDC access token.

  • The application now supports a timeout for long-running Visual Queries. By default, the timeout is set to 240 minutes (four hours). See Controlling Visual Query timeout for details on configuring the timeout.

  • When validating schema files, duplicate display names in the property types of an item type now produce a warning, because Analyst's Notebook uses the display name to identify the property type.

Version 4.4.3

The following changes are introduced at i2 Analyze version 4.4.3:

Java

The minimum supported version of Java for Liberty, Solr, and ZooKeeper is now 17.0.9. Any extensions that you create and deploy for i2 Analyze 4.4.3 must be compatible with this Java version.

Important: The RC4-HMAC Kerberos encryption type was deprecated at Java 11.0.17. If your deployment uses SPNEGO with Kerberos authentication, you must update your Kerberos configuration. See the Java release notes for more information.

Apache Solr

The minimum supported version of Apache Solr is now 9.4.0. This is a major version change from Solr 8, which was included with previous releases.

Important: In Windows deployments, the Solr password can no longer contain any of the following special characters: <, >, |, &, ^, !, %, ". If your deployment uses any of these characters, you must change the password before you upgrade. For more information, see Specifying the deployment credentials.

Among other changes, the Solr autoscaling framework has been removed, and shard placement is now configured through replica placement plugins. For further details, see Reindexing data after a major version Solr upgrade.

Apache ZooKeeper

The minimum supported version of ZooKeeper is now 3.8.3. Among other changes, ZooKeeper now uses the Logback logging framework. Any Log4j configuration for ZooKeeper is ignored.

Open Liberty

The minimum supported version of Open Liberty is now 23.0.0.9.

Improvements to the indexing pipeline

For i2 Analyze deployments that include the Information Store, the robustness of the indexing pipeline has been improved.

If a batch of data cannot be indexed because of invalid data, that batch is skipped and added to a separate queue so that indexing can continue. If indexing fails, you can find the details of faulty data in the Information Store view named IS_Public.Indexing_Failed_Batches. Note that failed batches can cause inconsistent result counts until you repair and reindex the data.

The REST API also introduces endpoints for clearing the search index and for dealing with failed indexing batches. See the documentation for the clean and retryfailed endpoints for more information.

Database changes

The Information Store's upgrade views now provide more information about the progress of ongoing upgrades. See Information Store processing after you upgrade i2 Analyze for more information.

Deployment display names

The application can now be configured with an optional display name that will be displayed in Analyst's Notebook Premium and the i2 Notebook web client, making it easier for users and administrators to distinguish between different deployments.

The display name is configured through the DeploymentDisplayName setting in DiscoServerSettingsCommon.properties.

Custom types in Analyst's Notebook

The latest version of Analyst's Notebook Premium supports the creation of custom i2 Analyze item and property types for charts. In order for users to benefit from this functionality, you must grant them the i2:CustomTypes command access control permission. See Configuring command access control for more information.

Security schema validation

Empty <Permissions> elements in the security schema now result in validation errors.

Version 4.4.2

The following changes are introduced at i2 Analyze version 4.4.2:

Java

The minimum supported version of Java for Liberty, Solr, and ZooKeeper is now 11.0.19. Any extensions that you create and deploy for i2 Analyze 4.4.2 must be compatible with this Java version.

Important: The RC4-HMAC Kerberos encryption type was deprecated at Java 11.0.17. If your deployment uses SPNEGO with Kerberos authentication, you must update your Kerberos configuration. See the Java release notes for more information.

Minimum supported version for upgrade

The minimum version of i2 Analyze that you can upgrade from is now 4.3.3.0.

PostgreSQL Collation_Locale

If your deployment uses PostgreSQL, and you are upgrading from version 4.4.1.0, be aware that the default Collation_Locale setting was incorrect. This issue can only be resolved by dropping the database, changing the setting, re-creating the database, and re-ingesting the data.

If your deployment was initially created with the 4.4.1.1 fix pack, or you have already applied the fix pack and re-created your database, then you do not need to take any action.

Information Store schema validation

In i2 Analyze deployments that include the Information Store, the server performs additional validation on deployment and upgrade of the schema. Specifically, it checks for the case where two property types in the same item type have been assigned the same semantic property type.

At this version, this invalid state generates a warning in the output from the deploy, upgrade, and updateSchema toolkit tasks. In the future, the warning will become an error. For information about fixing the problem, see Resolving deployment errors.

Note: Previous versions of i2 Analyze included example schemas that suffered from the problem described above. For deployments that use those schemas - or schemas that were originally based upon them - the server repairs the schema dynamically, at runtime.

Information Store security schema changes

i2 Analyze supports a greater range of changes to the security schema after deployment, and there are new extension points that allow dynamic modification of the security schema.

NONE access level warning

In a security schema, specifying the NONE access level in a permission has no effect, because "no access" is the default state.

At this version, specifying NONE is invalid. Using it generates a warning in the output from the deploy, upgrade, and updateSchema toolkit tasks, and from the server. In the future, the warning will become an error. For information about fixing the problem, see Resolving deployment errors.

Removal of dimension values allowed

Dimension values can now be removed from security dimensions without requiring data to be re-ingested or re-indexed. For more details of permitted changes, see Configuring the security schema.

Extension points added

SPI extension points have been added that enable dimension values and permission assignments to be configured in code, as well as in the security schema XML file. For more details and an example of how to implement these SPIs in Java, see the dynamic security example in i2 Analyze Developer Essentials.

Support for Microsoft SQL Server 2022 and recent operating systems

i2 Analyze now supports Information Store deployments on Microsoft SQL Server 2022 as well as 2019 and 2017.

Note: For Windows installations only, the default data directory is version-specific. For SQL Server 2022, it is C:/Program Files/Microsoft SQL Server/MSSQL16.MSSQLSERVER/MSSQL/DATA; earlier versions use MSSQL15 and MSSQL14 in the same path. In a new deployment, ensure that the db.database.location.dir property in environment.properties is set correctly for the version of SQL Server you're targeting.

i2 Analyze also adds support for being deployed on Windows Server 2022 and Red Hat Enterprise Linux (RHEL) v9.

Support for record sharing

This release of i2 Analyze introduces the ability for users to share groups of selected records with their peers. On the server, this feature requires the creation of a new Solr collection named recordshare_index, and introduces new Command Access Control permissions.

The deployment toolkit automatically configures the Solr collection with default settings as part of upgrade.

By default, users are not able to share records with each other. Instead, they must be granted permission to do so. For details of how to grant permission, see The command access control file.

Apache Solr

The version of Apache Solr included in the release is still 8.11.2, but it has been patched to update the versions of Apache Commons Text and Apache Commons Configuration to address CVE-2022-42889 and CVE-2022-33980.

Note: The CVEs were not exploitable in Solr, but still caused vulnerability scan warnings. The toolkit identifies the version of Solr as 8.11.2-patch-1 and installs it as part of upgrading. You can also install it manually by running setup -t installSolr.

Highlight query categories

This release of i2 Analyze adds optional categories to the definitions of highlight queries. You can use these categories to restrict the visibility of highlight queries to specific groups of users. For more details, see Highlight queries.

No changes are necessary to continue to allow all users to see all highlight queries.

Information Store Visual Query configuration

This release of i2 Analyze allows you to control the contents of the Visual Query palette for Information Store searches. This aligns with palette configuration for external Visual Queries, and enables you to include or exclude specific item types from the palette.

These settings are additive, and no changes are required to existing Visual Query configurations. If you do make changes, you can reload the configuration live, through the admin reload endpoint.

Version 4.4.1

The following changes are introduced at i2 Analyze version 4.4.1:

Open Liberty

The Liberty application server installed by the toolkit is now the Open Liberty distribution, rather than IBM® WebSphere® Liberty.

IBM HTTP Server

Toolkit support for configuring the IBM HTTP Server is now deprecated, and might be removed in a future release. If the topology.xml file in your deployment sets http-server-host="true", then then toolkit displays a warning message.

Using an HTTP server or proxy for i2 Analyze is optional. If you do want to use one, you can use any modern HTTP server.

Version 4.4.0

No changes are introduced at i2 Analyze version 4.4.0 that affect upgrade.