T50-2025 - Notification regarding BIOVIA ENOVIA QUMAS EQMS 2026
We are providing this Technical Note to inform you about the release of BIOVIA ENOVIA QUMAS EQMS2026 which includes the following enhancements and fixed defects:
NOV | 5th, 2025
Program
BIOVIA ENOVIA QUMAS EQMS
Operating System
All supported operating systems
Description
We are providing this Technical Note to inform you about the release of BIOVIA ENOVIA QUMAS EQMS2026 which includes the following enhancements and fixed defects:
Enhancements
This release of BIOVIA ENOVIA QUMAS EQMS includes the following enhancements.
| User Story | Description |
|---|---|
| PROC-8876 | Upgraded SE to use Solr 9 instead of Solr 8 Replaced EQMS Delta service which used the Solr 8 data import handler with a new EQMS Data service Added new field to Query Config page to allow the last indexed date to be reset. |
Fixed Defects
This release of BIOVIA ENOVIA QUMAS EQMS includes the following fixed defects.
| User Story | Description |
|---|---|
| PROC-9560 | Vulnerability in Spring Security v5.7.2. To resolve the issue it was Upgraded to 6.4.2. |
| PROC-9562 | Vulnerability in Spring Boot v2.7.2. To resolve the issue it was Upgraded to 3.4.4. |
| PROC-9563 | Vulnerability in SnakeYAML v1.30. The jar file has been removed. |
| PROC-9565 | Vulnerability in Apache Commons Text v1.6. Commons text is no longer used so this issue is resolved. |
| PROC-9567 | Vulnerability in Apache Maven v3.3.9 has been resolved. |
| PROC-9568 | Vulnerability in Apache Portable Runtime v1.7.0 has been resolved by Tomcat upgrade. |
| PROC-9569 | Vulnerability in Apache Zookeeper v3.6.2 has been resolved. |
| PROC-9570 | Vulnerability in Calcite Core v1.27.0 as we are using 1.37.0 in the 2026 release.. |
| PROC-9571 | Vulnerability in Quartz Enterprise Job Scheduler v2.3.2 resolved. |
| PROC-9573 | Vulnerability in OpenSSL v1.1.1m has been resolved by removing the problematic dll. |
| PROC-9783 | Fixed the issue where Workflow Entry Condition Failed with Japanese Characters in Audit_Type Field. |
| PROC-9911 | Removed the vulnerability axis:axis:1.4 which was being used in ProcessWebservices |
| PROC-9912 | Vulnerability regarding org.springframework.boot:spring-boot:2.5.0 jar being used in SE Query Service has been resolved. |
| PROC-9921 | Upgraded to the latest version of netty-tcnative-boringssl-static (2.0.72.Final). Also upgraded to solrj 9.9.0 |
| PROC-9270 | Impacts the display of Process Instances when opened in View mode. |
| PROC-9410 | Database deadlock issue due to unnecessary CP_FORM_FIELDS updates has been resolved. Impacts saving of process instances. |
| PROC-9524 | Process type failed to open for i8n language is now resolved. The fix implemented was to check for null. |
| PROC-9531 | Impacts ability to edit Boolean fields on grids when there is editability conditions on the field. |
| PROC-9561 | Vulnerability in Spring Framework version 5.3.22 resolved by Upgrading to version 6.2.5. |
| PROC-9572 | Vulnerability in Jetty: Java based HTTP/1.x, HTTP/2, Servlet, WebSocket ServerEhcache resolved by upgrading encache to 3.10.8 and jetty to 10.0.22. |
| PROC-9627 | There was an issue where new Data service ignores timezone and hence not importing new processinstances/tasks if app server is not GMT/ To resolve the issue all SE indexing now converts to UTC timezone both for indexing and logging. |
| PROC-9633 | The issue with timezone not being displayed and total time displaying in seconds is now resolved as SE log records data in milliseconds and all dates are displayed in UTC. |
| PROC-9663 | There was an issue in the Search Function which "=" is not working, and only "<=" can get the expected result. This is resolved and users can now search for an Audit Schedule instance using the search condition '= '. The fix for this issue impacts process instance searching by custom date field. |
| PROC-9664 | Versioning Process Type caused Task Definition translations to be lost. When versioning a Process Type the Task Definition translations are now maintained for new instances. The fix impacts translations associated with Process type with saving new version of Process Type. |
| PROC-9706 | Issue which caused the Process Instance report to remain in "Running" state for long periods has been resolved. |
| PROC-9708 | When Searching and using ‘Roles’ as a parameter, some Roles were not displayed when Language was changed to Japanese. This issue is resolved. When updating the user for both English and Japanese the user gets the same results and have all of the Change Control roles. |
| PROC-9713 | The Grid Date field will no longer displays NAN. |
| PROC-9716 | Users were seeing an error in their MyTasks in MyQUMAS. Based on science cloud investigations from his app on it was identified that when an error was thrown that castor used by the ProcessCompliance SDK was the issue. Castor has now been removed. |
| PROC-9717 | The font change in Out-of-the-box reports made the datetime no longer fit correctly on the page. This issue is now resolved. |
| PROC-9718 | There was an issue when custom Lists exceeded 100, then rows 0-99 were no longer active. The issue is resolved and the user can can add over 100 items to a Custom list without seeing items begin blanked out |
| PROC-9720 | The issue where Translation Data ETL Tools failed to Export to Excel has been resolved. |
| PROC-9723 | Oracle dbDialect has been updated from Oracle10gDialect to OracleDialect |
| PROC-9728 | The following audit trail issues have been resolved: Audit trail is not recording Logins, Showed Logouts only even though user is currently logged in and active. Audit trail Sorting on ID [ |
| PROC-9735 | The issue has been resolved for the scenario where save after New Business Rule to update Field incorrectly ran on Value Change also. |
| PROC-9740 | Vulnerability in dom4j-1.6.1 in main Process Compliance App has been resolved by removing the venerable jar and upgrading it to om4j-2.1.4.jar. |
| PROC-9761 | Fixed issue viewing audit trail entries with a large number of updated fields.. |
| PROC-9768 | Reports with attachments are now performing as expected |
| PROC-9769 | After editing a row in the 'Product Details Grid' multiple times on the 'Deviation Release Report' process instance, the grid will remain editable |
| PROC-9776 | Duplicated "f" character no longer occurs in the export of the report "Process Instance Modification Audit Report |
| PROC-9780 | Resolved the issue where users were getting an Error when logging into EQMS. Impacts login to EQMS. Views are now read from database rather than cache. Impacts saving of process instances. |
| PROC-9781 | There was an issue Issue with Data Service because of enhanced spring security in main application. This is resolved as the application supports Solr login security and fixes SQL server connection issue. |
| PROC-9785 | System Runtime Error occurred after modifying the settings of Process Types and saving it. This is resolved and users with and without language settings can edit any Process Type and save without errors on save. |
| PROC-9790 | Vulnerability in Catalina.jar has been resolved by Upgrade=ing to Tomcat 11. |
| PROC-9806 | The issue unable to get SE working with SQL Server and errors in data service logs was resolved by Updating to db url format required in qpc-dataservice.properties. |
| PROC-9809 | Updated tomcat jars in data service and queryservice to 11.0.9 |
| PROC-9817 | Apply/Save an existing view is throwing error and causing application to use all active connections was fixed by allowing the user click the Apply button when adding child views to a parent view and then allowing the user to click save |
| PROC-9825 | A fix was implemented to allow users to connect to a client database with 26x code |
| PROC-9832 | Closed Resultset Error was displayed in Schema after login. The issue was resolved by fixing the code with resultset being closed when searching for Views. |
| PROC-9833 | GTS Approval Process" Process Type not functioning properly was not reproduced in 2026 build and may have been resolved by hibernate 6 upgrades. |
| PROC-9835 | Fix duplicate issue |
| PROC-9842 | A Runtime error occurred after login when using a copy of a clients Schema. A fix was added o allow access to this database and resolve the classification error. |
| PROC-9852 | Fixed the issue with the edit lock timeout decreasing incorrectly |
| PROC-9856 | Java Min/Max Heap needs to be updated to support indexing / query needs, Dataservice was refactored to index instances and tasks by type. No impact to end users. |
| PROC-9863 | Fix error with task not updating to Complete |
| PROC-9885 | Fixed issue with date field on grid |
| PROC-9887 | Fixes exception thrown with session transactions |
| PROC-9889 | When a hibernate error occurs the session was invalidated and is the application can now recover gracefully |
| PROC-9891 | Fixed an issue with not being able to move the CC beyond the initial stage of the workflow |
| PROC-9914 | BDBA : EQMS -commons-fileupload:commons-fileupload:1.4 used by SE and Proc installer |
| PROC-9917 | Vulnerability reported in org.json:json:20170516 used by Proc, SE and tools app. The issue is resolved as Upgraded to latest version. No impact to end users. |
| PROC-9918 | Vulnerability in libjpeg 6b has been removed from the build. The files are not required by ProcessCompliance. |
| PROC-9919 | Vulnerability reported in com.google.protobuf:protobuf-java:3.19.4 being used in Proc ess Compliance and tools . Protobuf is used by Drools. Upgraded to protobuf-java 3.25.8. |
| PROC-9927 | Upgraded to Apache ActiveMQ v6.1.7 |
| PROC-9928 | Vulnerability in ittle cms color engine v2.9 has been removed from the build. The files are not required by ProcessCompliance. |
| PROC-9932 | Removed code that exposes the endpoints as this file is no longer used |
| PROC-9944 | Solr JVM increased to 1024m |
| PROC-9948 | Issue where a blank value was returned when attachments were selected is now resolved. Attachments can now be added successfully. |
| PROC-9953 | Removed redundant code around updating user defined searches. This only impact the user defined searches after login. So if you add or remove a user defined search the view should look correct after login. It does not impact any other areas of user defined searches |
| PROC-9960 | Security issue. adding code to ensure that csv separator cannot be more than 2 characters to prevent css attacks. Default separator - comma - is used if configured value is invalid. |
| PROC-9967 | Updates angus-mail jar to remove vulnerability. |
| PROC-9321 | Fixed the issue where SDK passwords were saved in plain text when debug logging is turned on. |
| PROC-9640 | Issue resolved where the Form field displayed Datetime with wrong timezone when appserver and browser time zones are different. |
| PROC-9665 | There was an issue where the field 'Planned Start Date' could not be edited This is resolved and the user can now edit the field 'Planned Start Date' when editing 'Audit Schedule List' in 'Audit Schedule' when entered in the normal order. The fix for the issue Impacts populating data on grids. |
| PROC-9678 | CTU Import fails when XML file includes exclude fields which have data field constraints. |
| PROC-9679 | CTU Import fails if export contains virtual field information. |
| PROC-9699 | If a processtype has SE enabled SE returns instances created while the processtype had SE disabled |
| PROC-9710 | The issue has been resolved where the X day Integer in the ‘Task Reminder Days Field does not always send the Reminder on the correct day. (Sometimes it is a day early.)Notifications will now arrive on the day set. |
| PROC-9712 | Fixed the issue with the edit lock timeout decreasing incorrectly |
| PROC-9715 | There was an issue where Process ID Parameter allowed 10 digits while the Report only allowed 9 digits. This is resolved and you can now ou can enter up to 19 digits on the Process Instance Report. The restricting of 9 digits no longer exists. Reports can be generated successfully.. |
| PROC-9727 | Issue with first time login when ZAP is running in the background has been fixed as part of a spring security code change. |
| PROC-9736 | Processtype locked due to duplicate workflow section names. This issue is resolved. Duplicate section name 'XY' gets updated to 'Duplicate Name, XYsection0' as soon as Name field looses focus (without even clicking save. |
| PROC-9738 | Search view error has been resolved |
| PROC-9759 | Fix added to get Report with attachments working |
| PROC-9777 | An Unexpected system runtime error was received in Change Control. The issue was caused by the fact that when selecting a new field that the subfield value is no longer valid. The issue is resolved. |
| PROC-9778 | The issue where you were Unable to Add Department to Field(with comma) on Impact Assessment Tab is now resolved. |
| PROC-9782 | The issue where change evaluations were not displaying in the linked fields & are not searchable from parent instance has been resolved. |
| PROC-9789 | Older versions of vulnerable jars have been removed in the installer for Proc upgrade (SQL Server only) |
| PROC-9801 | The issue using tab to navigate between form fields scrolls the page bringing focus to the middle of the page has been resolved by ensuring form input boxes do not exceed screen width. |
| PROC-9807 | Fixed issue with symbol selector causing System Config not to be saved |
| PROC-9869 | Fixed XSS threat with uploading files that have content that can be a security threat |
| PROC-9874 | solr index status is displayed per type for processes and tasks. For example Full Indexing: 2000 of 2112 processes identified for indexing for type Action |
| PROC-9875 | Popup message appears immediately after clicking on Solr Re-index |
| PROC-9878 | After removing fields from a processtype page New Row checkboxes and Multiselect checkbox was cleared. This is now resolved and when Fields are removed and all config remains in place. |
| PROC-9883 | User details can now be updated without hibernate error |
| PROC-9888 | Fixed issue with creating draft templates |
| PROC-9901 | xstream was upgraded to 1.4.21 to resolve vulnerability |
| PROC-9906 | Configuration issue |
| PROC-9915 | Vulnerability regarding org.apache.lucene:lucene-core:9.11.1 used by SE has been resolved |
| PROC-9952 | Fixed Issue affects process types which do not have associated tasks. It is not related to sub process fields. |
| PROC-9481 | The issue Stored XSS through /qprocess/modules/editmodules/editItem.quaction via POST parameter "sessionScope.Rolex9538535169.name.value" has been resolved. |
| PROC-9703 | Issue in Science Cloud preventing administrators from being able to edit user accounts has been resolved. User with Admin privileges can update user accounts without error. |
| PROC-9719 | Reassignment of Task from Task Search caused the Actions buttons to clear. The issue has been resolved and the action buttons are now displayed. |
Resolution
BIOVIA ENOVIA QUMAS EQMS2026 was released in 31 October 2025 and is available for download at https://software.3ds.com under BIOVIA products and can be found under:
Product line: Lab, Scientific and Content Solutions
Release: >>DLPRelease<<
Level: QUMAS R2026x Golden
Fixes for this level: N/A
How to contact BIOVIA Support
If you have any questions, please contact BIOVIA Support.
Need Assistance?
Our support team is here to help you make the most of our software. Whether you have a question, encounter an issue, or need guidance, we've got your back.