No XML file removed.

• The event EVENT_DB_LINKS_CHANGED is not fired anymore for the current object under creation/modification.
• For local creation/modification of the linksets the EVENT_DB_BEFORE_WRITE event should be used instead.
• New event EVENT_ENUM_TRANSITIONS added to manage allowed transitions on apply_stimulus to replace extensibility point DBObject::EnumTransitions().
• Previous events EVENT_DB_BEFORE_APPLY_STIMULUS, EVENT_DB_AFTER_APPLY_STIMULUS and EVENT_DB_APPLY_STIMULUS_FAILED were removed as they were not usable/useful/asked…

Since iTop 2.7.10 / 3.0.4 / 3.1.2 / 3.2.0, the X-Content-Type-Options HTTP header is sent with the nosniff value. This could trigger CORB protection for certain resources, preventing them from loading (see https://chromium.googlesource.com/chromium/src/+/master/services/network/cross_origin_read_blocking_explainer.md#determining-whether-a-response-is-corb_protected).

To mitigate the issue, sending this HTTP header is disabled in AjaxPage, JsonPage and XMLPage.

Since iTop 3.2.0, we're following the OWASP recommendations about Ajax API calls.

If you are making an Ajax call to iTop in your extension, we recommend using our CombodoHTTP.Fetch() method. You can also use jQuery's $.ajax function. In this way, “X-Combodo-Ajax” header will automatically be added to your request.

Alternatively, you can add the “X-Combodo-Ajax” header to your requests if you don't want to change the method you're using (if you're using XMLHttpRequest or if your code is included with add_early_script) :

fetch(route, {
    method: 'POST',
        headers: {
            'X-Combodo-Ajax': true
        },
    body: formData
}).then(...

var xhr = new XMLHttpRequest();
xhr.open('POST', road, true);
xhr.setRequestHeader('X-Combodo-Ajax', 'true');
xhr.onload = function () {
...
};
xhr.send(formData);

If you can't use any of these methods (e.g. you have to send form data parameters in Ajax), you can add the “transaction_id” field in the body of the request. You can create this transaction ID in PHP with the following iTop method :

utils::GetNewTransactionId()

• SetApprovalDate
• SetApprover
• SetLastPendingDate
• SetAssignedDate
• SetClosureDate
• SetResolveDate

public function SetResolveDate() {
        $this->Set('resolution_date', time());
        $iTimeSpent = time() - AttributeDateTime::GetAsUnixSeconds($this->Get('start_date'));
        $this->Set('time_spent', $iTimeSpent);
        return true;
}

• SetLastPendingDate
• SetAssignedDate
• SetClosureDate
• SetResolveDate (same code as in UserRequest)
• resolveChilds

• SetApprovalDate
• SetClosureDate
• ResetRejectReason

• SetAssignedDate
• SetClosureDate
• SetResolveDate

public function SetResolveDate() {
      $this->Set('resolution_date', time());
      return true;
}

The setup ContextTag is now correctly set. See PR #609

Before only timestamp or strings were allowed, so the consumers were forced to do a conversion.

See PR #618

The following files were moved to NPM, so files that were previously in /css and /js directories must now be linked to their counterparts in /node_modules :

• css/c3.min.css
• css/jquery.contextMenu.css
• css/magnific-popup.css
• js/ace/
• js/mousetrap/
• js/c3.js
• js/c3.min.js
• js/d3.js
• js/d3.min.js
• js/clipboard.min.js
• js/jquery.autocomplete.js
• js/jquery.contextMenu.js
• js/jquery.fileupload.js
• js/jquery.iframe-transport.js
• js/jquery-ui.custom.min.js
• js/jquery.min.js
• js/jquery.magnific-popup.js
• js/jquery.magnific-popup.min.js
• js/jquery-migrate.dev.js
• js/jquery-migrate.prod.min.js
• js/moment-with-locales.min.js
• js/showdown.min.js

List of files that were marked as deprecated, and are not used inside iTop core:

No deprecated APIs.

No removed files.

The following files were moved to NPM, so files that were previously in /css directory must now be linked to their counterparts in /node_modules :

• css/c3.min.css
• css/jquery.contextMenu.css
• css/magnific-popup.css