#28698 Executability rule is checked on deleted object

Enhancement

Major

#28593

Baumselektions-Modell mit Teilbaum-Selektionslogik

#28695

Selektionsfilter für (Tree-)tables und -grids im Layout-Editor einstellen

#28704

Optimized access to table FLEX_DATA for some DBs

Detail

#28613

"DefaultFor" Konfigurationsoption im "advanceProcess"-Template für BPE

#28679

Dynamic labels for FormTableDefinition

#28705

Close Formlar dialogs on Cancel

#28712

Test can set whether warnings lead to failure

Nice to have

#28588

Option to mark tables in forms as non-selectable

Bugfix

Major

#28673

Vulnerability in commons-beanutils (CVE-2025-48734)

#28675

Opening Excel-Scripts in Script Recorder fails when starting from command line

#28676

Securing Kafka client configuration against SSRF and file reads (CVE-2025-27817)

#28684

DoS vulnerability in Apache Commons FileUpload (CVE-2025-48976)

#28692

ClassCastException in the ActiveTaskComponent

#28700

Security gap in workflow transitions - Unauthorized processing after task completion

#28739

TL script method filterPermission must not be evaluated at compile time

Detail

#28331

Incorrect update type creation in tUpdate leads to ignoring of hidden attribute changes

#28617

Bug: Post-Create-Actions fehlen bei Prozess-Start ohne Prüfung

#28640

Mandatory Multiline fields do not have a blue line

#28665

Calculated attributes are not updated when tables are changed

#28666

Fehlender DisplayContext nach BinaryDataSource-Conversion

#28667

Pipe closed Error when sending mail due to double rendering of content without EncodingAware interface

#28671

ExcelWriter methods are missing

#28686

REST routing: Shorter paths are prioritized over longer paths and cause incorrect route matching

#28690

Create in currency administration has wrong command group

#28698

Executability rule is checked on deleted object

#28706

Form tables exceed container width

#28707

Falsches Dirty-Handling im SelectTransitionDialog (BPE)

#28724

Selection filter must not be evaluated on deleted objects

#28726

Unique-Constraint-Violation bei mehrfacher Anwendung des MoveObjectsProcessor

Nice to have

#28458

Falsche Abfrage, ob Komponente Multi-Selektion unterstützt

Bugfix

Detail

#28698

Executability rule is checked on deleted object

ContextMenu DeleteCommand

If you call a delete command from the context menu without a confirmation dialog with an executability rule that accesses the object to be deleted, this generates an error because the executability rule is evaluated again on the deleted object after deletion.

Analysis

Commands in the context menu are permanently bound to the object on which the context menu was opened. Although the execution of a command in the context menu closes the context menu, the browser window control delays closing it until the command has been finally validated. This means that all commands in the context menu remain registered in the command model registry until the final validation. If you are unlucky, the command model registry is validated in the final validation before the browser window control and evaluates the executability rules again on the now deleted object (which causes the crash).

Solution

When closing a popup dialog, it must be logged off immediately so that the commands contained in it are also logged off from the command model registry. Only the final removal from the UI can be delayed until the final validation of the browser window control.

Test

Configure table with delete command on the rows.
Switch off query for the delete command.
Configure an executability rule for the delete command that decides whether it can be deleted or not, e.g. based on the name of the object.
Execute the delete command via the context menu of the table.
No error may occur due to access to a deleted object.