2022.1.43 Maintenance Release

Security Changes

This section highlights fixes and measures to prevent and minimize security risks and vulnerabilities.

Key ID Release Note

ENG-18115 Resolved a security vulnerability in the qs package (CVE-2025-15284) within JST Designer. The vulnerability allowed attackers to bypass array limit protections and exhaust server memory through malicious HTTP requests containing excessive bracket notation parameters. Upgraded to patched version to enforce proper array limits and prevent denial-of-service attacks. For more information, see SNYK-JS-QS-14724253.

ENG-18105 Resolved a security vulnerability in the qs package (CVE-2025-15284) within Itential Platform core. The vulnerability allowed attackers to bypass array limit protections and exhaust server memory through malicious HTTP requests containing excessive bracket notation parameters. Upgraded to patched version to enforce proper array limits and prevent denial-of-service attacks. For more information, see SNYK-JS-QS-14724253.

Key ID	Release Note
ENG-18115	Resolved a security vulnerability in the `qs` package (CVE-2025-15284) within JST Designer. The vulnerability allowed attackers to bypass array limit protections and exhaust server memory through malicious HTTP requests containing excessive bracket notation parameters. Upgraded to patched version to enforce proper array limits and prevent denial-of-service attacks. For more information, see SNYK-JS-QS-14724253.
ENG-18105	Resolved a security vulnerability in the `qs` package (CVE-2025-15284) within Itential Platform core. The vulnerability allowed attackers to bypass array limit protections and exhaust server memory through malicious HTTP requests containing excessive bracket notation parameters. Upgraded to patched version to enforce proper array limits and prevent denial-of-service attacks. For more information, see SNYK-JS-QS-14724253.

Automation Platform Versions

Component	Version
@itential/adapter-automation_gateway	4.26.1-2022.1.22
@itential/adapter-azure_aaa	1.4.2-2022.1.11
@itential/adapter-email	4.2.8-2022.1.7
@itential/adapter-ldap	2.13.8-2022.1.6
@itential/adapter-local_aaa	4.3.6-2022.1.3
@itential/adapter-nso	7.8.20-2022.1.53
@itential/adapter-radius	2.1.7-2022.1.3
@itential/app-admin_essentials	3.13.12-2022.1.77
@itential/app-ag_manager	1.18.3-2022.1.13
@itential/app-automation_catalog	2.12.11-2022.1.10
@itential/app-automation_studio	4.1.2-2022.1.182
@itential/app-configuration_manager	3.97.6-2022.1.66
@itential/app-form_builder	4.11.26-2022.1.7
@itential/app-json_forms	1.34.12-2022.1.47
@itential/app-jst	1.8.5-2022.1.53
@itential/app-mop	6.11.25-2022.1.23
@itential/app-nso_manager	2.23.3-2022.1.4
@itential/app-operations_manager	1.171.4-2022.1.213
@itential/app-service_catalog	3.12.0-2022.1.3
@itential/app-service_management	2.24.9-2022.1.10
@itential/app-template_builder	2.6.7-2022.1.11
@itential/app-workflow_builder	5.44.64-2022.1.85
@itential/app-workflow_engine	9.13.31-2022.1.146
@itential/audit-trail	1.5.3
@itential/database	1.11.11
@itential/event-system	1.1.31
@itential/itential-utils	2.10.1
@itential/logger	2.1.17
@itential/network	3.4.8
@itential/pronghorn-core	13.28.27-2022.1.167
@itential/search	1.1.25-2022.1.2
@itential/service	2.11.10
@itential/tags	3.1.12-2022.1.4