Skip to main content

[Feature]: This release introduces strict query parameter validation in the API Proxy to prevent query parameter injection into downstream SAP requests. The change addresses an issue where encoded characters (e.g., %26 for &) could be used to pass additional parameters.

Allows only below-listed query parameters, and any additional parameters passed on request are dropped

  • sap-client: Exactly 3 digits
  • sap-sessioncmd: Must be cancel
  • sap-language: Exactly 2 characters
  • link-function: Must be auth-payload
  • saml2: Must be disabled
  • tabs: Letters only
  • key: String or the literal $*$
  • expirationSeconds: Positive integer 1..2147483647
  • cid: Alphanumeric less than or equal to 10 characters

Enhancements

  • Override CID on Link API requests. Support has been added to specify a Customizing ID on proxied API requests. Specifying a cid query string parameter will override the x-enosix-cid extension of the Open API Specification for the endpoint.

Bug Fixes

  • Reading CID from Open API Specification. A bug causing API endpoints to ignore the configured x-enosix-cid extension in the Open API Specification.

Enhancements

Ability to pass CID as Query Param.

Added support for passing cid as a query parameter to the SAP backend. The following validation rules have been added for the cid parameter:

  • Alphanumeric characters only (a-z, A-Z, 0-9)
  • Length: 1-10 characters
  • No special characters or spaces allowed

Bug Fixes

  • Multiselect checkbox issue for Variant Configuration
    Fixed an issue where only one selection was saved when multiple configuration options were selected. Multiple selections now save correctly.

  • Default values from SAP not populating
    Fixed an issue where default values sent from SAP were not being applied. Default values now populate correctly as expected.

Get it here: v8.7.1

Enhancements

  • Swagger UI Configuration Control
    The API Proxy configuration now supports a SwaggerEnabled property that allows you to control whether the Swagger UI and OpenAPI Specification endpoints are exposed for each API Proxy. Setting SwaggerEnabled: true enables these documentation endpoints, which is useful for development and testing environments. By default, Swagger endpoints are disabled. See the Swagger UI for full details.

Feature

  • PDF generation for Sales Documents now provides a clear, localizable message when the PDF is not yet ready, improving user experience and supporting translation. PDF Output Message Screenshot

The enosix team has completed testing to ensure compatibility of the latest enosix apps with the Salesforce Spring ‘26 release. Below are the key details of the testing process and outcomes:

Testing Highlights

  • Regression Testing:

    • Tests were executed to validate functionality and compatibility.

  • Products Tested:

  • Mobile App Compatibility:

    • The Surface app was tested in the latest version of the Salesforce Mobile app.

Testing Scope and Outcomes

  1. Sync for Salesforce v1.3.4:

    • Validated real-time data synchronization between Salesforce and SAP.
    • Ensured consistent performance across core use cases, including object synchronization and data accuracy.

  2. Surface v2.8.1:

    • Confirmed compatibility with Sales app.
    • Verified Lightning components function in the Salesforce Mobile app.

  3. SDK v1.7 + Cloud-UI:

    • Verified ability to configure a material/product and update price on quote line item using Cloud-UI in CPQ.

Results

  • Compatibility Confirmed: All tested products are fully compatible with Salesforce Spring ‘26.
  • No Critical Issues Identified: Testing revealed no blockers or critical issues.

The enosix team remains committed to ensuring our solutions deliver seamless integration and superior performance. For any questions or support, please contact our team.

Salesforce has announced several certificate-related changes in 2026 that may generate questions from customers. enosix has reviewed these changes and assessed the impact across our product line. No customer-facing disruptions have been observed to date, and our architecture minimizes exposure to these changes. Below is a summary of each change and how it relates to enosix products.

1. Root Certificate Transition to DigiCert Global Root G2 (Effective February 5, 2026)

Salesforce has transitioned to issuing certificates chained from the DigiCert Global Root G2. Any certificate issued by Salesforce after February 5, 2026 will be chained to this new root in most environments. Salesforce recommends that organizations adopt the Mozilla Root Certificate Set to future-proof their trust stores.

Impact on enosix Products

  • Salesforce Apps (Surface, Transact, Commerce, SDK, Sync): enosix integrations with SAP are built on Named Credentials and Callouts, not direct API client connections. Salesforce manages the outbound TLS trust chain for Named Credential callouts, so no customer action is required for these products. Self-signed certificates and CA-signed certificates that you upload to your org are not in scope for this change.

  • enosix Link: The enosix Link appliance has been patched to include the latest root certificate updates, including DigiCert Global Root G2. Customers should review the Link release announcements and ensure they are running the latest version. Customers not using the stable (automatic update) channel should update to the latest release to ensure continued compatibility.

  • enosix Connect: The enosix Connect appliance has been patched to support the latest root certificate updates. Customers should review the Connect release announcements and ensure they are running the latest version. Customers not using the stable (automatic update) channel should update to the latest release to ensure continued compatibility.

2. Deprecation of Dual-use Certificates (Effective June 15, 2026)

Effective June 15, 2026, Chrome will mandate a strict separation between server and client authentication certificates ("dual-use" ban). This impacts customers using mutual TLS (mTLS) with Salesforce, requiring that client certificates are not sourced from the same public roots used for website trust.

Impact on enosix Products

enosix products do not use mTLS for connectivity between Salesforce and SAP. This change has no impact on enosix integrations. Customers who have implemented custom mTLS configurations outside of enosix products should review the Salesforce-supported CAs for Client Auth EKUs and audit their mTLS usage independently.

3. Certificate Lifespan Reductions (Starting March 15, 2026)

To align with industry standards, Salesforce is reducing maximum TLS server certificate lifespans in phases:

DateMaximum Lifespan
March 15, 2026200 days
March 15, 2027100 days
March 15, 202947 days

This means certificates will be renewed more frequently. Some CA vendors have already begun issuing 200-day certificates.

Impact on enosix Products

  • Salesforce Apps (Surface, Transact, Commerce, SDK, Sync): Certificate renewal is managed entirely by Salesforce for Named Credential connections. No customer action is required.

  • enosix Link & Connect: Appliance updates include support for more frequent certificate rotations. Customers should stay current on the latest releases to ensure their appliances handle renewed certificates seamlessly. Customers not using the stable (automatic update) channel should regularly check for and apply the latest updates.

Summary

ChangeEffective Dateenosix ImpactCustomer Action
Root Certificate → DigiCert Global Root G2Feb 5, 2026No disruption observedLink & Connect: update to latest release if not on stable channel
Dual-use Certificate Ban (mTLS)June 15, 2026No impact (enosix does not use mTLS)None for enosix products
Certificate Lifespan → 200 daysMarch 15, 2026No impact for Named Credential integrationsLink & Connect: stay current on releases

Additional Resources

For any questions or support, please contact the enosix team.

Addressing issues from G5 root certificate updates in SAP BTP, See : 3566727 - Root Certificate Replacement in the SAP BTP, Cloud Foundry Environment SAP note. As part of the rollout it was identified that the new G5 root certificates were not trusted by the Connect Console or Connect Application base image. This update addresses the certificate issues preventing authenticating to Cloud Foundry subaccount instances for deployment and Connect instances from reading destinations from environments with the G5 certificate update.

It is REQUIRED to re-build there packages to incorporate the 1.5.0.5001 Base Version patch into the latest package version and re-deploy. If you need assistance please contact support for help in upgrading your instances.

  • [Update]: Fixed issues with new BTP G5 certificates that were effecting deployments and accessing destinations.

Note: The G5 certificate update can also effect the SAP Cloud Connector, See: 3583377 - Cloud Connector will fail to connect to subaccount SAP note for details.