2022.1.30 Maintenance Release

Release Notes

This maintenance release of Itential Platform includes fixes for bugs that were reported to Itential Product Support.

Key ID	Release Note
ENG-338	Customers were not able to select the copy menu item button to copy a backup configuration to their clipboard. Changes to the Rodeo-UI editor fixes the issue by allowing customers to copy backup configurations to their clipboard and not throwing an error in the browser console.
ENG-2881	When editing a JST, an uncaught exception is encountered and the editor becomes unresponsive. Updated the function selection check on load of a transformation to include a check for if the wrapping element was found. This prevents the editor from crashing due to missing DOM elements.
ENG-4858	Itential Platform would crash in some scenarios when sent invalid SNMP requests. Unexpected session errors and invalid SNMP requests are now gracefully handled, and will not cause a crash.

This section highlights featured improvements to functionality in this maintenance release.

Key ID	Release Note
ENG-3912	Integration Models with an `apiKey` schema now support dynamic retrieval via custom extension `x-itential-dynamic-retrieval`. This enhancement gives Itential Platform the ability to execute workflows that authenticate integrations via dynamic API keys rather than static keys.

This section highlights fixes and measures to prevent and minimize security risks and vulnerabilities.

Key ID	Release Note
ENG-352	When using `axios` version under "1.77" and `rodeo` version "21.33.7-2022.1.94" in Configuration Manager, these libraries will cause a security issue (Prototype Pollution). Updated `axios` library to version "1.77" and `rodeo` to "21.33.7-2022.1.228" to remove the security issue.
ENG-355	When using `react-query` version "3.391" in Configuration Manager, this library will cause a security issue (Missing Release of Resource after Effective Lifetime). Updated library to `@tanstack/react-query` version "4.36.1" to remove the security issue.
ENG-358	When using `axios` version under "1.77" in Configuration Manager, this library will cause a security issue (Regular Expression Denial of Service). Updated `axios` library to version "1.77" to remove the security issue.
ENG-5026	Versions of `axios` prior to 1.7.4 are susceptible to SSRF (Server-Side Request Forgery) in some scenarios. The version of axios installed to the Itential Platform UI library has been upgraded to 1.7.7 to resolve this issue.
ENG-5627	Versions of AJV prior to 6.12.3 are susceptible to prototype pollution. The version of AJV installed to Configuration Manager has been upgraded to 6.12.6 to resolve this issue.

component	version
@itential/adapter-automation_gateway	4.26.1-2022.1.22
@itential/adapter-azure_aaa	1.4.2-2022.1.9
@itential/adapter-email	4.2.8-2022.1.7
@itential/adapter-ldap	2.13.8-2022.1.5
@itential/adapter-local_aaa	4.3.6-2022.1.3
@itential/adapter-nso	7.8.20-2022.1.48
@itential/adapter-radius	2.1.7-2022.1.3
@itential/app-admin_essentials	3.13.12-2022.1.68
@itential/app-ag_manager	1.18.3-2022.1.11
@itential/app-automation_catalog	2.12.11-2022.1.8
@itential/app-automation_studio	4.1.2-2022.1.151
@itential/app-configuration_manager	3.97.6-2022.1.58
@itential/app-form_builder	4.11.26-2022.1.5
@itential/app-json_forms	1.34.12-2022.1.39
@itential/app-jst	1.8.5-2022.1.50
@itential/app-mop	6.11.25-2022.1.22
@itential/app-nso_manager	2.23.3-2022.1.3
@itential/app-operations_manager	1.171.4-2022.1.196
@itential/app-service_catalog	3.12.0-2022.1.3
@itential/app-service_management	2.24.9-2022.1.10
@itential/app-template_builder	2.6.7-2022.1.11
@itential/app-workflow_builder	5.44.64-2022.1.81
@itential/app-workflow_engine	9.13.31-2022.1.133
@itential/audit-trail	1.5.2
@itential/database	1.11.11
@itential/event-system	1.1.31
@itential/itential-utils	2.10.1
@itential/logger	2.1.17
@itential/network	3.4.7
@itential/pronghorn-core	13.28.27-2022.1.150
@itential/search	1.1.25-2022.1.2
@itential/service	2.11.9
@itential/tags	3.1.12-2022.1.4