Skip to main content

Upgrade Compatibility Checklist for InterSystems IRIS 2021.1.1

This article lists the features of the 2021.1.1 release of InterSystems IRIS® that, because of their difference in this version, affect the administration, operation, or development activities of existing systems.

Customers upgrading their applications from earlier releases are strongly urged to read the upgrade checklist for the intervening versions as well.

Container Files Ownership When Upgrading

All files in durable %SYS must be owned by 51773:51773 before upgrading to an IRIS/IRISHealth container with this change, for example. "chown -R 51773:51773 $ISC_DATA_DIRECTORY". However, the InterSystems Cloud Manager (ICM) and the InterSystems Kubernettes Operator (IKO) have been modified in this task so that upgrades are fully compatible.

Upgrades with IRIS-lockeddown and IRISHealth-lockeddown between versions pre- and post- this change are not supported and will not succeed.

SMTP Checks Server Identities

The SSLCheckServerIdentity property in %Net.SMTP now defaults to being on. This means that, when connecting to an SSL/TLS secured web server, %Net.SMTP will check that the certificate server name matches the DNS name used to connect to the server and fail if they don't match. This is the behavior specified in RFC 2818 section 3.1. This change is unlikely to cause compatibility issues, but it is possible that when using %Net.SMTP to send messages you might have issues connecting to an SSL/TLS enabled server. If this happens, and you understand the security trade-offs, you can set SSLCheckServerIdentity to 0 to restore the previous behavior.

%Zen.Dialog Cannot be Run by Default

%ZEN.Dialog classes can no longer be run on web applications that do not explicitly allow them. This means that if you have web applications that rely on %ZEN.Dialog classes and that are not Analytics-enabled or Interoperability-enabled, the applications now need to explicitly enable %ZEN.Dialog classes. You can enable %ZEN.Dialog classes by entering:

Set ^SYS("Security","CSP","AllowPrefix",application,"%ZEN.Dialog.")=1


With this change any web application that is enabled for analytics or interoperability will have %ZEN.Dialog enabled by default.

Using Both Delegated Authentication and Password Authentication

Customers who use both delegated authentication and password authentication enabled, and who require that ZAUTHENTICATE be called even for Password users, will need to set the option "Always try Delegated authentication".

32–Bit Processes and External Language Servers

External language servers that do not have "Exec 32" checked will change from executing as a 32-bit process to executing as a 64-bit process when started from the Management Portal. This will only affect you if you are loading external assemblies compiled for x86 and did not check the Exec 32 box of the server definition. The solution for this issue is to check the Exec 32 box of the server definition.

FeedbackOpens in a new tab