IAG 4.3.12 delivers important security updates and performance improvements for Automation Gateway. Key enhancements include encrypted LDAP password storage, improved LDAP authentication performance, and better UI handling for large datasets. This release also addresses multiple security vulnerabilities and resolves issues with certificate authentication, group management, and device deletion workflows.
Automation Gateway Versions
| component | version |
|---|---|
| automation_gateway | 4.3.58 |
Improvements
| Feature | Description |
|---|---|
| Configurable Caching System (ENG-11821) | Added functionality to enable or disable the caching system with a configurable caching directory when enabled. |
Security Fixes
| Issue | Description |
|---|---|
| Encrypted LDAP Password Storage (ENG-11716) | LDAP bind passwords are now stored encrypted in the database instead of clear text. |
| Uncontrolled Recursion Vulnerability (ENG-18673) | Resolved uncontrolled recursion vulnerability in dependencies. |
| Prototype Pollution Vulnerability (ENG-19184) | Addressed prototype pollution vulnerability. |
| Regular Expression Denial of Service (ReDoS) Vulnerability (ENG-19400) | Fixed regular expression denial of service (ReDoS) vulnerability. |
| Version Rollback for Stability (ENG-20497) | Reverted IAG version from 4.4.11 back to 4.3.56 to address stability concerns. |
Bug Fixes
| Issue | Description |
|---|---|
| LDAP Username Case Sensitivity (ENG-9584) | Fixed authorization issue where LDAP usernames containing uppercase characters caused all IAG modules to appear inaccessible by converting usernames to lowercase. |
| Ansible Implicit Localhost Execution (ENG-9905) | Fixed playbook execution to properly fall back to implicit localhost when no inventory is specified. |
| Device Group Cleanup on Deletion (ENG-10212) | Enhanced device deletion logic to ensure devices are removed from all associated groups upon deletion, preventing errors when executing roles through those groups. |
| Recursive Group Relationships and Deletion Validation (ENG-14249) | Enhanced group management to prevent recursive group relationships and added validation to block deletion of groups containing child groups or devices. |
| Large Ansible Playbook Log Handling (ENG-15049) | Improved handling of large Ansible playbook logs by implementing proper response size calculation, correcting max size thresholds, and adding enhanced error handling to prevent UI crashes. |
| Device and Group Display Performance (ENG-15984) | Improved UI performance by adding pagination to device and group displays with a "Load more" button, and implemented infinite scrolling for dropdown menus in the execute tab. |
| IOS-XR Device Information Retrieval (ENG-17173) | Refactored the itential_get_info role to resolve type mismatch issues when running against IOS-XR devices. |
| LDAP Authentication Performance (ENG-17936) | Improved LDAP authentication performance by optimizing group name lookup mechanism using a predefined LDAP Manager API, significantly reducing authentication delays from 90 seconds. |
| HTTPS Client Certificate Authentication (ENG-19033) | Fixed HTTPS client certificate authentication prompt by restoring original behavior and setting verify_mode to None by default when a certificate bundle is configured. |