2023.1.29 Maintenance Release

Article summary

Did you find this summary helpful?

Thank you for your feedback!

Release Notes

This maintenance release of Itential Platform includes fixes for bugs that were reported to Itential Product Support.

Key ID	Release Note
ENG-2621	Fixed an issue in Automation Studio where the icons for Methods in JST Designer displayed as "network disconnect" clouds instead properly displaying as drag icons.
ENG-3799	Added `app-configuration_manager-maintenance` to the base distribution of Itential Platform to include all Configuration Manager features, except for Golden Configuration.
ENG-10673	Updated the `rodeo-ui` version to resolve a bug issue where the `/myTtl` API endpoint was being unnecessarily triggered multiple times when the Logout Warning Dialog was displayed.
ENG-10753	Resolved calculation errors in `nextRunAt` for schedule triggers that occurred under specific creation circumstances, ensuring that `nextRunAt` is now calculated accurately.
ENG-10758	Corrected the method by which the PHSpinner component was setting its current and default values in the UI.
ENG-11901	The `/health/status` endpoint, used to ping downstream services when performing a health check, caused timeouts when used with a readiness probe. Added a new optional query parameter `exclude-services` so that the endpoint only returns health information related to the Platform itself, and not the health of its connections to downstream systems.

This section highlights fixes and measures to prevent and minimize security risks and vulnerabilities.

Key ID	Release Note
ENG-9791	During security scans, it was discovered that certain versions of the `axios` package in Automation Catalog were vulnerable to Cross-Site Request Forgery (CSRF) risks. Upgraded the `rodeo-ui` dependency to address this security vulnerability.
ENG-10285	During security scans, it was discovered that the `markdown-it` parser in `pronghorn-core` was vulnerable to Infinite Loop risks. To address this vulnerability, the package dependency was removed as it is no longer used.
ENG-11172	During security scans, it was discovered the `dompurify` package dependency in `iap-ui` was vulnerable to Prototype Pollution. To address this vulnerability, updated the `swagger-ui-react` and `rodeo-ui` package dependencies.
ENG-11588	When running security scans, it showed affected versions of the `undici` package in Admin Essentials were vulnerable to Insecure Randomness risks. Upgraded the package dependency to 5.29.0 to resolve this vulnerability.

component	version
itential/adapter-automation_gateway	4.29.0-2023.1.16
itential/adapter-azure_aaa	1.5.1-2023.1.8
itential/adapter-email	4.2.16-2023.1.2
itential/adapter-ldap	2.13.12-2023.1.3
itential/adapter-local_aaa	4.4.1-2023.1.1
itential/adapter-nso	7.8.39-2023.1.35
itential/adapter-radius	2.1.10-2023.1.2
itential/app-admin_essentials	4.1.1-2023.1.56
itential/app-ag_manager	1.19.0-2023.1.8
itential/app-automation_catalog	2.13.0-2023.1.7
itential/app-automation_studio	4.15.0-2023.1.313
itential/app-configuration_manager	3.102.0-2023.1.62
itential/app-form_builder	4.12.0-2023.1.4
itential/app-json_forms	1.36.0-2023.1.46
itential/app-jst	1.11.0-2023.1.35
itential/app-lifecycle_manager	1.26.0-2023.1.44
itential/app-mop	6.12.0-2023.1.24
itential/app-nso_manager	2.23.7-2023.1.5
itential/app-operations_manager	1.178.0-2023.1.153
itential/app-service_catalog	3.13.0-2023.1.3
itential/app-service_management	2.25.0-2023.1.6
itential/app-template_builder	2.6.12-2023.1.12
itential/app-workflow_builder	5.46.0-2023.1.68
itential/app-workflow_engine	10.2.1-2023.1.120
itential/audit-trail	1.5.3
itential/database	1.11.11
itential/event-system	1.1.31
itential/iap-ui	1.9.1-2023.1.15
itential/itential-utils	2.10.1
itential/logger	2.1.17
itential/network	3.4.7
itential/pronghorn-core	14.2.1-2023.1.121
itential/search	1.2.3-2023.1.2
itential/service	2.11.10
itential/tags	3.1.16-2023.1.1

Was this article helpful?

Table of contents