.png?sv=2022-11-02&spr=https&st=2025-02-20T19%3A30%3A51Z&se=2025-02-20T19%3A40%3A51Z&sr=c&sp=r&sig=XxL1e4lEZ3YSLMbTfd6NVRPpk3BEgXFBDMTliRnfyNk%3D){kind=logo}
February 2025 IAG Maintenance Release
- 07 Feb 2025
-
DarkLight
-
PDF
February 2025 IAG Maintenance Release
- Updated on 07 Feb 2025
-
DarkLight
-
PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
IAG Versions
Consolidated Release Notes
Bug Fixes
This maintenance release of Itential Automation Gateway (IAG) includes fixes for bugs that were reported to Itential Product Support.
| Key ID | Release Note | Release Version Implemented |
|---|---|---|
| ENG-6097 | When using gNOI reboot/cancel_reboot, the subcomponents object holds an unexpected key. Applied a fix to the params definition within reboot/cancel_reboot.reboot_status, the GRPC execute panel, and APIs to ensure the input is validated as a proper JSON object to match requirements. |
IAG/4.3.2 IAG/2023.3.7 IAG/2023.2.14 |
| ENG-7702 | Fixed an issue where the browser window would stop working when opening the Execution History tab with large result sets. Added a feature that allows customers to download large results directly to a log, thereby preventing display errors. | IAG/4.3.2 IAG/2023.3.7 IAG/2023.2.14 IAG/2023.1.17 |
| ENG-8925 | When upgrading the rodeo package to the latest version, IAG encountered several UI styling issues. Applied fixes to address UI inconsistencies, ensuring a correct and consistent display of the UI. |
IAG/4.3.2 IAG/2023.3.7 IAG/2023.2.14 IAG/2023.1.17 |
Security Changes
This section highlights fixes and measures to prevent and minimize security risks and vulnerabilities.
| Key ID | Release Note | Release Version Implemented |
|---|---|---|
| ENG-7441 | When running security scans, it showed known vulnerabilities in the rodeo-ui package. Updated rodeo-ui to version 21.33.7-2022.1.230 to resolve security vulnerabilities. |
IAG/4.3.2 IAG/2023.3.7 IAG/2023.2.14 IAG/2023.1.17 |
| ENG-7481 | When running security scans, it showed the axios package was vulnerable to Server-Side Request Forgery (SSRF). Updated axios to version 1.7.4 or higher to resolve security vulnerability. |
IAG/4.3.2 |
| ENG-7482 | Fixed security issue related to Cross-site Request Forgery (CSRF) in axios package by updating to version 0.28.0, 1.6.0 or higher. |
IAG/2023.1.17 |
| ENG-7483 | When running security scans, it showed the axios package was vulnerable to Prototype Pollution via the formDataToJSON function. Updated axios to version 0.29.0, 1.6.4 or higher to resolve security vulnerability. |
IAG/2023.3.7 |
| ENG-7484 | When running security scans, it showed the axios package was vulnerable to Server-Side Request Forgery (SSRF). Updated axios to version 1.7.4 or higher to resolve security vulnerability. |
IAG/2023.1.17 |
| ENG-7486 | When running security scans, it showed the web-app/package.json was vulnerable to Prototype Pollution. Upgraded dompurify to version 2.5.4, 3.1.3 or higher to resolve vulnerability. |
IAG/2023.1.17 |
| ENG-7487 | Fixed a security issue related to Improper Handling of Extra Parameters in follow-redirects in the web-app/package.json. Upgraded follow-redirects to version 1.15.4 or higher to resolve vulnerability. |
IAG/2023.1.17 |
| ENG-7488 | Fixed a security issue related to Inefficient Regular Expression Complexity in the micromatch.braces() function. |
IAG/2023.2.14 |
| ENG-7583 | Updated the swagger-ui-react package and refactored web-app to resolve UI build errors and address security vulnerabilities. |
IAG/4.3.2 IAG/2023.3.7 IAG/2023.2.14 IAG/2023.1.17 |
Was this article helpful?
