Ataccama ONE Agentic ONE Desktop ONE DQ&C ONE MDM ONE RDM ONE Runtime Server
latest (17.1.0) 17.0.0 16.3.x 16.2.0 16.1.0 16.0.0 15.4.0 15.3.0 15.2.0 15.1.0 14.5.x 13.9.x 13.8.x 13.7.x 13.6.x 13.5.0 13.4.x 13.3.x 13.2.x
User Community Service Desk Downloads

MDM 17.1.0 Upgrade Notes

Java 25 and Spring Boot 4 upgrade

Version 17.1.0 upgrades the MDM Server and Web Application to Java 25 and Spring Boot 4. Before upgrading, confirm Java 25 is available in your deployment environment, review the renamed management.endpoints configuration property, and check whether your deployment relies on the OAuth 2.0 ROPC grant or customized security ACLs.

For details and an upgrade checklist, see Upgrade to Java 25 and Spring Boot 4.

Stricter SOAP envelope validation in MDM native services

SOAP request parsing for the /soapOverHttp/* endpoint is now stricter:

  • Requests must use a valid SOAP 1.1 envelope namespace: schemas.xmlsoap.org/soap/envelope/.

  • Requests with a missing or incorrect SOAP envelope namespace can be rejected.

If you are using standards-compliant SOAP 1.1 clients, no change is required. If your client uses a non-standard or missing envelope namespace, update it to use schemas.xmlsoap.org/soap/envelope/.

For an example of a valid SOAP request, see Native Services > Services.

rematchAll replaced by rematchStrategy on reprocess operations

The rematchAll Boolean attribute on FullReprocessBatchOperation`and `ReprocessBatchOperation has been replaced by the rematchStrategy attribute, which offers finer control over how records are rematched during reprocessing.

Existing configurations using rematchAll must be updated. To preserve the existing behavior, map old values to new values as follows:

Old value New value

rematchAll="false"

rematchStrategy="NO_REMATCH"

rematchAll="true"

rematchStrategy="REMOVE_MANUAL"

The new PRESERVE_MANUAL strategy has no equivalent in the old parameter. For details about the available strategies, see Rematch strategy.

For full configuration details, see Full reprocess operation and Partial reprocess operation.

rematchFlagColumn replaced by rematchTypeColumn

The rematchFlagColumn element in the matching configuration has been replaced by rematchTypeColumn. The column it points to is now of type STRING rather than BOOLEAN, and it controls how each record is handled during rematch.

The default column name has changed from rematch_flag to rematch_type.

Existing model configurations using rematchFlagColumn must be updated. Map old values to new values as follows:

Old value New value

true

REMATCH

false

NOMATCH

A new value PROPOSAL is also available, with no equivalent in the old Boolean parameter. It indicates that the record should be evaluated against matching rules and any potential matches captured as matching proposals, without changing the record’s master group identifier.

For details about the new column and its values, see Model.

Configuration changelog

This section provides information about the changes in the configuration files that need to be taken into account when upgrading the solution. In certain cases, the newly introduced default is used or some configuration is required.

The following table lists the configuration files that were added, changed, or removed.

Added files Changed files Removed files

/

  • MDM Server application.properties

/

The following sections list the changes in the files: added, changed, and removed properties.

MDM Server application.properties

Added properties

  • ataccama.authentication.keycloak.server-monitoring-url - Optional internal Keycloak management URL, for example, keycloak-http:9000/auth/ (the default internal URL used for Ataccama Cloud and Custom Ataccama Cloud deployments). When set, the Keycloak health check uses Keycloak’s HTTP /health endpoint instead of the legacy AdminClient.getRoles() method. For more information, see MDM Server Application Properties.

  • ataccama.authentication.keycloak.connect-timeout - Connection timeout for Keycloak health check requests. Default: 5s.

  • ataccama.authentication.keycloak.response-timeout - Response timeout for Keycloak health check requests. Default: 5s.

  • ataccama.one.mdm.mcp.server.enabled - Enables the MDM MCP Server. Default: false.

  • ataccama.one.mdm.mcp.server.issuer-uri - Keycloak issuer URI used for JWT validation.

  • ataccama.one.mdm.mcp.server.audience - Audience claim required in the client access token. Default: urn:ataccama:mdm:mcp-server.

  • ataccama.one.mdm.mcp.server.scopes - Optional scopes advertised to MCP clients, such as offline_access. Turned off by default.

  • spring.ai.mcp.server.name - Name of the MCP Server used during client discovery. Default: mdm-mcp.

  • spring.ai.mcp.server.streamable-http.mcp-endpoint - HTTP path where the MCP transport is mounted. Default: /mcp.

    In addition, you can register custom MCP resources and prompts using properties under the com.ataccama.mdm.mcp.resource.custom and com.ataccama.mdm.mcp.prompt.prompt prefixes. For more information, see MDM Server Application Properties.

Changed properties

  • management.endpoints.enabled-by-default - Renamed to management.endpoints.access.default as part of the Spring Boot 4 upgrade. The new property takes an access level (none, read-only, or unrestricted) instead of a Boolean. Replace enabled-by-default=false with access.default=none.

    See Upgrade to Java 25 and Spring Boot 4.

Removed properties

  • ataccama.one.mdm.inlist.db.settings.use-postgres-copy-command - The command is now applied by default and cannot be turned off.

Was this page useful?