2023.1.27 Maintenance Release

Release Notes

This maintenance release of Itential Platform includes fixes for bugs that were reported to Itential Product Support.

Key ID	Release Note
ENG-9018	In a JSON Form with a table that has a custom key, adding a form element to the table and then changing the custom key no longer removes the added element.
ENG-9268	When collapsing a schema in JST Designer, any nested assignments disappear which allows users to create invalid duplicate assignments. Fixed the schema collapse issue to ensure assignments persist and prevent invalid assignments.
ENG-9478	Added ancestor-checking in the cancel jobs endpoint to only cancel the greatest ancestor within a batch, and removing any unnecessary compute without affecting cancellation results. This also mitigates the likelihood of runaway recursive looping into high memory usage.
ENG-10179	Added a type check to the JSON form dropdown to confirm source items are valid and prevent search issues in the Render JSON Schema task.
ENG-10263	Updated the `axios` dependency across Itential Platform to resolve XSS and SSRF vulnerabilities.

This section highlights quality improvements to Itential Platform's functionality in this maintenance release.

Key ID	Release Note
ENG-8269	Improved device count functionality to fix an issue that caused no devices to be returned on the API call to retrieve device counts where devices did exist, as well as an issue that caused device counts of `0` to not be recorded in certain cases.
ENG-9897	Improved display of the Task Palette when initialized on the canvas. A "Load More" button is displayed when an Integration or Adapter has more than 100 tasks.

This section highlights fixes and measures to prevent and minimize security risks and vulnerabilities.

Key ID	Release Note
ENG-9964	When running security scans, it showed affected versions of `jsonpath-plus` in Studio were vulnerable to Remote Code Execution (RCE) risks. Upgraded the `jsonpath-plus` dependency to 10.3.0 or higher to resolve security vulnerability.
ENG-10011	When running security scans, it showed affected versions of the `axios` package in Job Manager were vulnerable to Cross-Site Request Forgery (CSRF) risks. Updated `axios` dependency to version 0.29.0 to remove CSRF vulnerability.
ENG-10286	When running security scans, it showed affected versions of the `axios` package in Pronghorn Core were vulnerable to Server Side Request Forgery (SSRF) risks. Updated `axios` to version 1.7.4 or higher to resolve security vulnerability.

component	version
itential/adapter-automation_gateway	4.29.0-2023.1.16
itential/adapter-azure_aaa	1.5.1-2023.1.8
itential/adapter-email	4.2.16-2023.1.2
itential/adapter-ldap	2.13.12-2023.1.3
itential/adapter-local_aaa	4.4.1-2023.1.1
itential/adapter-nso	7.8.39-2023.1.33
itential/adapter-radius	2.1.10-2023.1.2
itential/app-admin_essentials	4.1.1-2023.1.55
itential/app-ag_manager	1.19.0-2023.1.7
itential/app-automation_catalog	2.13.0-2023.1.6
itential/app-automation_studio	4.15.0-2023.1.310
itential/app-configuration_manager	3.102.0-2023.1.61
itential/app-form_builder	4.12.0-2023.1.4
itential/app-json_forms	1.36.0-2023.1.46
itential/app-jst	1.11.0-2023.1.35
itential/app-lifecycle_manager	1.26.0-2023.1.43
itential/app-mop	6.12.0-2023.1.24
itential/app-nso_manager	2.23.7-2023.1.5
itential/app-operations_manager	1.178.0-2023.1.150
itential/app-service_catalog	3.13.0-2023.1.3
itential/app-service_management	2.25.0-2023.1.6
itential/app-template_builder	2.6.12-2023.1.12
itential/app-workflow_builder	5.46.0-2023.1.67
itential/app-workflow_engine	10.2.1-2023.1.118
itential/audit-trail	1.5.3
itential/database	1.11.11
itential/event-system	1.1.31
itential/iap-ui	1.9.1-2023.1.13
itential/itential-utils	2.10.1
itential/logger	2.1.17
itential/network	3.4.7
itential/pronghorn-core	14.2.1-2023.1.115
itential/search	1.2.3-2023.1.2
itential/service	2.11.10
itential/tags	3.1.16-2023.1.1