Release Notes for SAP HANA Cloud Platform

SAP HANA Cloud Platform offers a new role: Application User Admin. Members with this role can maintain the permissions of users for accessing Java and HTML5 applications. Application user admins can assign users to the roles of the application or to the groups which are assigned to the roles of the application.

The Git service now supports the account member roles Administrator, Developer, and Support User. For more information, see Working with Git.

You can specify environment variables for configuring the environment in which a Java application runs. Use the console client commands deploy and set-application-property, or use the lifecycle REST API.

The Product Availability Matrix (PAM) is now extended with additional OS versions for the new Cloud connector versions (2.5.1 and higher). For more information, see Prerequisites.

• In the Members section, the new History button opens a list of changes made to account members (for example, added/removed account members, or changed role assignments).
• The cockpit icons are redesigned in high-contrast mode.

• HTML5 application versions can now be created and activated on a single screen in the cockpit.
• A required destination from the neo-app.json file can now be mapped to an existing account destination. For more information, seeAccessing REST Services.

SAP HANA revision 92 (SPS 09) is now available.

• In a production environment or planned Go-live in less than 6 weeks,we recommend that you stay on the current SAP HANA SPS 08 until the next SAP HANA Datacenter Service Point is reached.
• In a non-production environment or planned initial system setup, you can update to the new SPS 09 via request to SAP HANA Cloud Platform operators.

For more information, see:SAP Note 2021789 - SAP HANA Revision and Maintenance Strategy

• Thehome pageis improved.
• Breadcrumbs are included for better navigation.
• The documentation structure is simplified and optimized by categories which reflect the programming models offered by the platform - Java, SAP HANA, HTML5, and SAPUI5.

• Thedownload site is now served viaAkamai CDNto optimize latency and throughput in all geographical regions.
• There is better throughput when downloading cloud tools, HCI, or AppBuilder with the speed of your local ISP.
• The installation time of the Eclipse tools is significantly reduced.

Applications called via HTTP destinations of authentication type ApplicationToApplicationSSO now support principal propagation.

SAP HANA Cloud connector 2.5.1 is released. Fixes:

• The Connect/Disconnect operations in Account Dashboard now behave correctly.
• After restarting the Cloud connector, both the principal propagation and the trust configuration work properly for existing sessions.
• After restarting the Cloud connector or in case of failover, the Service Channels function is started automatically. 
• If there is a SAP JVM installed via RPM on Linux OS, the Cloud connector will prefer this SAP JVM to other available JVMs .
• Previously, if an account was deleted in the Master instance, the deletion was propagated to the Shadow one, but the account configuration remained in the Shadow. This wrong behavior is now fixed.

You can now set SuccessFactors as the role provider for extension applications. This allows you to manage the roles of such applications only in the SuccessFactors system. For more information, seeChanging the Default Role Provider.

Only the main links (Settings, Help, and Feedback) remain in the cockpit header. All the other links were moved to the new footer.

SAPUI5 distribution 1.26.5 for Java and HTML5 applications (including runtime 1.26.4 & documentation) has been released.

• Тhe OAuth tokens of HTTP destinations with authentication type OAuth2SAMLBearerAssertion are now auto-renovated. When a token is about to expire, a new token is created shortly before the expiration of the old one.
• To allow parallel usage of HTTP client instances, HTTP clients created by HTTP destinations will now use ThreadSafeClientConnManager.

By default, the FORM and SAML2 login methods used to fall back to user name and password authentication (HTTP basic authentication) in case of failure of the trusted SAML identity provider. This default fallback is now removed. To preserve the behavior, in Authentication Configuration create for your application a custom login method, in which you select the User name and password option. The change requires application restart. For more information, seeConfiguring Authentication for Your Application.

Breadcrumbs show the full object hierarchy in the pattern:

Data Center> Account> application> process

The interface com.sap.core.connectivity.api.configuration.ConnectivityConfiguration is extended with a new clearCache() method. It allows each application to clear its local cache to ensure that the next configuration will be taken from a central storage. The method also clears the configuration cache used by HTTP destinations. For more information, seeConnectivity Javadoc.

SAPUI5 distribution 1.26.3 for Java and HTML5 applications (including runtime 1.26.3 & documentation) has been released.

SAP HANA revision 91 (SPS 09) is now available.

• In a production environment or planned Go-live in less than 6 weeks,we recommend that you stay on the current SAP HANA SPS 08 until the next SAP HANA Datacenter Service Point is reached.
• In a non-production environment or planned initial system setup, you can update to the new SPS 09 via request to SAP HANA Cloud Platform operators.

For more information, see:SAP Note 2021789 - SAP HANA Revision and Maintenance Strategy

Virtual roles are now available for HTML5 applications.

• AccountAdministrator– account members with Administrator role.
• AccountDeveloper– account members with Developer or Administrator role.
• Everyone– all authenticated users of the configured identity provider.

You can map virtual roles to HTML5 application permissions. AccountAdministrator and AccountDeveloper require SAP IDP to be configured as identity provider. In case a custom IDP is configured, you can manually create these roles in the corresponding account.

By default, every permission required to access a protected resource of an application is granted to members of the AccountDeveloper role. As long as no other role is assigned to the permission, only account members with the Developer or Administrator role have access to the protected resource. This is also true for the default permission NonActiveApplicationPermission, which is required to access a non-active version of an HTML5 application.

• The Subscribed Java Applications table now has columns State and Start Time, so you can see the run state and start time of your subscribed Java applications.
• Every row in the log viewer has a View button that opens the respective log line in text-only format.

The rolling-update command is now available for productive use. For more information, seerolling-update.

SAPUI5 distribution 1.24.6 for Java and HTML5 applications (including runtime 1.24.5 & documentation) has been released.

New version of SAP JVM Tools is released. For more information about the new major features, seeWhat is New in SAP JVM Tools 2.2.

• JCoDestination.ping() times out after <rfc.client_connect_timeout>  seconds. It also throws a JCoException with error group JCO_ERROR_TIMEOUT if the system does not respond in that time.
• When using a destination with pooling, you can configure the destination to check the validity of a connection before using the connection for a function call. This way you can avoid zombie connections that may lead to error-prone situations.
• Traffic traces are added, which allows analyzing transferred data amounts.

Connectivity Service

• JCoRecord.isInitialized(name|index) no longer returns wrong "false" for nested tables or structures.
• Performance improvement is done for client calls that do not use AbapClassException.

Platform Infrastructure

The Safari browser no longer blocks iFrame-embedded applications.