InterSystems IRIS® Upgrade Checklist (2025.2)

DP-441283: Disable AutoCompile by default for /csp/user, /isc/studio/templates and new CSP application; Tighten privileges for pre-login code

Category: CSP / ZEN
Platforms: All
Versions: 2023.1.7, 2024.1.5, 2025.1.1, 2025.2.0

The autocompile option automatically compiles tag-based CSP pages when a user accesses the page. In previous versions, this was enabled by default. In previous versions, the autocompile option for tag-based CSP pages has been disabled, and the privileges the compile runs with have been reduced accordingly. The former change does not affect existing web applications, but the latter does. To restore the old behavior, grant the CSPSystem user the necessary privileges for compiling classes, including the write privilege on the routine database of the web application's namespace. InterSystems discourages enabling autocompile or granting CSPSystem additional privileges. If it must be enabled, autocompile should only ever be used in development environments; the privileges required for compilation are wide-reaching and introduces unnecessary risk for production systems.

DP-440115: New permission required for use of DataMove

Category: DataMove
Platforms: All
Versions: 2025.1.1, 2025.2.0

The DataMove utility now requires the %Admin_Manage:USE permission.

DP-440718: [Interoperability] Amend FunctionSet class container identification

Category: Interoperability
Platforms: All
Version: 2025.2.0

If a Custom Utility Function class that mistakenly extends superclasses other than Ens.Rule.FunctionSet (and those super classes themselves do not extend Ens.Rule.FunctionSet) has been created, then any class methods in those superclasses cannot be used in Rules.

Code generated for Rules now uses the class where the class method is defined, not a subclass.

DP-440887: Deprecate EnsLib managed Gateways

Category: Interoperability
Platforms: All
Version: 2025.2.0

The server and port properties of the EnsLib.Gateway.*, EnsLib.JavaGateway.*, and EnsLib.DotNetGateway.* classes are now deprecated, so users should instead migrate to interact with gateway services through an External Language Server.

DP-435478: %Net.SSH.Session:Connect to use SHA256 for default hostkey hash

Category: Networking
Platforms: All
Version: 2025.2.0

New %Net.SSH.Session objects by default have a SHA256 hostkey. If you need a different size, you must pass "SHA1" or "MD5" as an argument to the Connect() method manually.

DP-441221: Export methods should respect /createdirs qualifier

Category: Object Library
Platforms: All
Version: 2025.2.0

This change modifies the behavior of ExportXMLList^%apiOBJ and ExportXMLPackage^%apiOBJ so that they explicitly check for the /createdirs qualifier before calling CreateDirectoryChain() to create a directory. Any usage of these routines that do not use the /createdirs qualifier may have some commands fail.

DP-437848: Enforce BufferLength in SQLBindParameter function

Category: ODBC
Platforms: All
Version: 2025.2.0

When binding parameters with the SQLBindParameter function, the system previously ignored the BufferLength parameter. Now that the parameter is enforced, any invocations of the SQLBindParameter function that use the BufferLength parameter will truncate data to the specified length.

DP-436066: Log changing system database resources on upgrade

Category: Security
Platforms: All
Version: 2025.2.0

If you have changed the resources protecting access to the system databases (IRISAUDIT, IRISLOCALDATA, and IRISSYS) from their initial installation defaults (%DB_IRISAUDIT, %DB_IRISLOCALDATA, and %DB_IRISSYS respectively), when you upgrade to a version with this change, the resources are set back to the initial installation defaults. In short, the resources that protect access to system databases cannot be modified from the system default.

DP-437965: remove deprecated pre-AES standardization (2001) encryption functions that were used for AES

Category: Security
Platforms: All
Version: 2025.2.0

This change removes a number of deprecated functions including:

$SYSTEM.Encryption.AESCRCEncode $SYSTEM.Encryption.AESCRCDecode $SYSTEM.Encryption.AESBase64Encode $SYSTEM.Encryption.AESBase64Decode $SYSTEM.Encryption.AESEncode $SYSTEM.Encryption.AESDecode $SYSTEM.Encryption.RijndaelCRCEncode $SYSTEM.Encryption.RigndaelCRCDecode $SYSTEM.Encryption.RijndaelBase64Encode $SYSTEM.Encryption.RijndaelBase64Decode

DP-440360: Don't require %Admin_Operate for Service modification

Category: Security
Platforms: All
Version: 2025.2.0

%Admin_Operate:USE no longer controls the ability to start and stop a service. The ability to perform such an action now requires exclusively %Admin_Secure:USE. Any users that previously only had %Admin_Operate:USE and need to be able to start and stop a service now require %Admin_Secure:USE.

DP-438389: Optionally preserve start date in the past via %SYS.TaskSuper.ImportTasks()

Category: SMP - System Management Portal
Platforms: All
Version: 2025.2.0

Previously, if you imported a task with a "LastScheduled" date in the past using the %SYS.TaskSuper.ImportTasks() method, then the "LastScheduled" date would be ignored and the task would be scheduled to run without accounting for the specified "LastScheduled" date. Now, by default, tasks imported in this way take the "LastScheduled" date into account.

If you previously relied on the old behavior, you may set the runPastTasksTomorrow argument of %SYS.TaskSuper.ImportTasks() to 1.

DP-422287: Update CREATE FOREIGN TABLE behavior

Category: SQL
Platforms: All
Version: 2025.2.0

The point of failure for some ill-formed foreign tables has been moved from query-time to create-time. As a result, some CREATE FOREIGN TABLE statements that previously succeeded could now fail. However, these failures typically indicate that a SELECT statement against the foreign table would have failed anyway.

To prevent the possibility of these validation runtime errors during a CREATE FOREIGN TABLE statement, use the NOVALIDATE keyword.

This change in behavior only applies to foreign tables that use other database management systems as their external source; schema validation is not performed when creating file-based foreign tables.

DP-434312: inherit the CALCSELECTIVITY parameter from the super field

Category: SQL
Platforms: All
Version: 2025.2.0

If you add CALCSELECTIVITY=0 on a property that is an embedded object, the system no longer calculates statistics both for that property and for the corresponding serial object properties. For example, if you have a class Sample.Person with a field Home, which is of type Sample.Address, and assign the Home field CALCSELECTIVITY=0, then no stats will be collected for Home or any of the serial object properties for Home.

DP-439031: $IsVector(null string) will be True

Category: SQL
Platforms: All
Version: 2025.2.0

$IsVector("") now returns 1, rather than 0. The new behavior better conforms to expectations set by other $vector functions, which treat "" as a valid vector.

DP-440592: Object could be closed with incorrect roles

Category: System
Platforms: All
Version: 2025.2.0

Previously, if an object in a REST application went out of scope while I/O redirection was active, its %OnClose method could be run with different roles than when it was created. That issue has been resolved, but the fix may cause an application with very deep nesting (large $STACK value) to encounter a error. If necessary, the frame stack size can be increased by getting the current size with $SYSTEM.Util.GetFrameStackSize() and setting a larger value with $SYSTEM.Util.SetFrameStackSize(). The new value will be in effect for all new processes, not just the current one.

DP-440651: IRISTEMP database is no longer a sparse database

Category: System
Platforms: All
Versions: 2025.1.1, 2025.2.0

In prior versions, the IRISTEMP database on non-Windows platforms was internally expanded as a sparse file to allow for rapid expansion; disk space would be consumed if and when the IRISTEMP blocks were written by the system. When the IRISTEMP grows very large in this way, it is possible that the writes to it may eventually leave vast numbers of "holes" in the file. While that behavior is expected, it has occasionally been observed to cause an unpredictable amount of overhead due to the operating system's management of unwritten extents, and in rare cases this could have a destabilizing effect. Since expansion for all databases has been made much faster in general starting in 2025.1, the sparse feature of IRISTEMP is no longer a valuable tradeoff and has been disabled.  

With this change, IRISTEMP will consume file system space as it expands rather than as the system writes the blocks.  As long as IRISTEMP is left to expand automatically (recommended), the extra space consumed on the system as a result of this change is limited by the size of the database cache, since as the database cache becomes largely consumed by newly allocated IRISTEMP blocks, they would have been written either way.  Any site that pre-expands IRISTEMP to a very large size expecting that space to remain unused at the filesystem level should reconsider that practice. 

Note that on non-Windows platforms, IRISTEMP is re-initialized at startup at a virtual initial size of 20MB rather than the previous value of 240MB.  As before, the real size of the IRIS.DAT file is left unchanged so the expansions from 20MB up to its previous size are virtual only and the configuration parameter 'MaxIRISTempSizeAtStart' can be used to cause this old file to be truncated.

DP-441122: Correct $THIS value in a class method

Category: System
Platforms: All
Version: 2025.2.0

Previously, the $THIS value in a class method could sometimes be an object reference, instead of the class name. If you wrote any class methods that used $THIS to refer to an object reference, you must change your code to access the object reference a different way.

DP-441271: Use correct path for iris.ids check in shutdown

Category: System
Platforms: All
Version: 2025.2.0

Application startup code in SYSTEM^%ZSTOP, SYSTEM^%ZSTART, ^ZSTU, and ^ZSHUTDOW that expects the process's working directory ($system.Process.CurrentDirectory()) to be something other than the manager directory will need to be adjusted.

DP-441528: Changes to Integrity Check APIs and Utilities

Category: System
Platforms: All
Version: 2025.2.0

The interactive ^Integrity utility has changed significantly. Users should be aware that it now offers to run in multi-process mode by default, and integrity check results persist until purged. The interactive entry points Multiple^Integrity(), Exclude^Integrity(), and guiInteg()^Integrity() have been removed, since the options they offered are now supported through the main entry point.

Silent^Integrity(), SilentGlobalCheck^Integrity(), SYS.Database:SilentIntegrityCheck(), and the SYS.Database:Integrity() query are considered deprecated, but have not been removed. However, their behavior changes in a few key ways. They now run with the system default number of processes instead of running in a single process (which can be modified via the Advanced Settings option of ^Integrity). As a result, they will generally run faster than before, but use more resources. Additionally, they no longer append to the output file while running but instead write all results after the check completes. If you use these functions with the intent to interactively examine the output file as it runs, use the now-improved interactive ^Integrity utility instead. The format of the error information at the end of the output file has changed and more closely mimics the "Details of Errors Found" section in output of the integrity check from Management Portal or Task Manager; all errors are included in that section, beyond the old summary limit.

The integrity check-related APIs in SYS.Database are now marked deprecated. CheckList^Integrity() and Display^Integrity() are, as before, recommended for programmatic needs and the ^Integrity utility is recommended for interactive use and monitoring.

DP-438419: ODBCGateway. Add Catalog name to GetTablePrivileges

Category: xDBCGateway
Platforms: All
Version: 2025.2.0

The method signatures for the %XDBC.Gateway.ODBC.Connection.GetTablePrivileges() and %XDBC.Gateway.ODBC.Statement.GetTablePrivileges() methods have changed to add a CatalogName as the first argument. Any invocations of these methods must add the new argument (even just an empty string) to ensure correct functionality.