Login
Contents x
IAP Bug Fixes & Improvements - ReleaseNotes/3
  • 29 Oct 2024
  • Dark
    Light
  • PDF
Contents

IAP Bug Fixes & Improvements - ReleaseNotes/3

  • Updated on 29 Oct 2024
  • Dark
    Light
  • PDF
Article summary

October 2024 Maintenance Release

IAP Versions

Consolidated Release Notes

Bug Fixes

This maintenance release of IAP includes fixes for bugs that were reported to Itential Product Support.

Key ID Release Note Release Versions Implemented
ENG-338 Customers were not able to select the copy menu item button to copy a backup configuration to their clipboard. Changes to the Rodeo-UI editor fixes the issue by allowing customers to copy backup configurations to their clipboard and not throwing an error in the browser console. IAP/2023.2.10
IAP/2023.1.21
IAP/2022.1.30
ENG-2881 When editing a JST, an uncaught exception is encountered and the editor becomes unresponsive. Updated the function selection check on load of a transformation to include a check for if the wrapping element was found. This prevents the editor from crashing due to missing DOM elements. IAP/2023.2.10
IAP/2023.1.21
IAP/2022.1.30
ENG-3888 When creating a callback function in JST Designer via method card, connecting a constant value input to a non-constant value parameter causes the function to be generated incorrectly. Consequently, the function's incoming schema is incorrect and is deselected from the method as incompatible. Applied a fix in JST Designer to ensure the function is generated correctly. IAP/2023.2.10
ENG-4352 When using the RenderJsonSchema task to render a large JSON Form, the form would render successfully at first and then go blank after selecting form options and scrolling. Modified the scrollTop dialog component to prevent the form from going out of view. Large JSON Forms now function normally and remain viewable. IAP/2023.2.10
ENG-4645 If multiple childJob tasks with the same variable types are open on the canvas, and the task window is kept open, the tasks will not hold their Input Job Variable selection when the user switches between tasks. Added unique keys to the task variable mapping component to ensure state persistence and prevent this issue. IAP/2023.2.10
IAP/2023.1.21
ENG-4858 IAP would crash in some scenarios when sent invalid SNMP requests. Unexpected session errors and invalid SNMP requests are now gracefully handled, and will not cause a crash. IAP/2023.2.10
IAP/2023.1.21
IAP/2022.1.30
ENG-5755 In scenarios where an IAP cluster is not fully shut down during an upgrade, the new version of app and adapter service models would not take effect. Cluster-wide service model declarations where enhanced to ensure the most up-to-date version is applied whenever an IAP service comes online. IAP/2023.2.10
ENG-5780 The MongoDB driver for Node.js contained a memory leak in its implementation of collection watchers. IAP has upgraded the 5.7.0 driver to 5.9.0, the version which contains the fix for the memory leak. IAP/2023.2.10

Improvements

This section highlights featured improvements to functionality in this maintenance release.

Key ID Release Note Release Versions Implemented
ENG-3912 Integration Models with an apiKey schema now support dynamic retrieval via custom extension x-itential-dynamic-retrieval. This enhancement gives IAP the ability to execute workflows that authenticate integrations via dynamic API keys rather than static keys. IAP/2023.2.10
IAP/2023.1.21
IAP/2022.1.30

Security Changes

This section highlights fixes and measures to prevent and minimize security risks and vulnerabilities.

Key ID Release Note Release Versions Implemented
ENG-352 When using axios version under "1.77" and rodeo version "21.33.7-2022.1.94" in Configuration Manager, these libraries will cause a security issue (Prototype Pollution). Updated axios library to version "1.77" and rodeo to "21.33.7-2022.1.228" to remove the security issue. IAP/2022.1.30
ENG-353 When using axios version under "1.77" and rodeo version "21.33.7-2022.1.94" in Configuration Manager, these libraries will cause a security issue (Improper Input Validation). Updated axios library to version "1.77" and rodeo to "21.33.7-2022.1.228" to remove the security issue. IAP/2023.1.21
ENG-355 When using react-query version "3.391" in Configuration Manager, this library will cause a security issue (Missing Release of Resource after Effective Lifetime). Updated library to @tanstack/react-query version "4.36.1" to remove the security issue. IAP/2022.1.30
ENG-358 When using axios version under "1.77" in Configuration Manager, this library will cause a security issue (Regular Expression Denial of Service). Updated axios library to version "1.77" to remove the security issue. IAP/2022.1.30
ENG-359 When using react-query version "3.391" in Configuration Manager, this library will cause a security issue (Missing Release of Resource after Effective Lifetime).Updated library to @tanstack/react-query version "4.36.1" to remove the security issue. IAP/2023.1.21
ENG-361 When using axios version under "1.77" and rodeo version "21.33.7-2022.1.94" in Configuration Manager, these libraries will cause a security issue (Prototype Pollution). Updated axios library to version "1.77" and rodeo to "21.33.7-2022.1.228" to remove the security issue. IAP/2023.1.21
ENG-364 When using axios version under "1.77" in Configuration Manager, this library will cause a security issue (Regular Expression Denial of Service). Updated axios library to version "1.77" to remove the security issue. IAP/2023.2.10
IAP/2023.1.21
ENG-5023 Versions of AJV prior to 6.12.3 are susceptible to prototype pollution. The version of AJV installed to Configuration Manager has been upgraded to 6.12.6 to resolve this issue. IAP/2023.1.21
ENG-5026 Versions of axios prior to 1.7.4 are susceptible to SSRF (Server-Side Request Forgery) in some scenarios. The version of axios installed to the IAP UI library has been upgraded to 1.7.7 to resolve this issue. IAP/2023.2.10
IAP/2023.1.21
IAP/2022.1.30
ENG-5627 Versions of AJV prior to 6.12.3 are susceptible to prototype pollution. The version of AJV installed to Configuration Manager has been upgraded to 6.12.6 to resolve this issue. IAP/2022.1.30
ENG-5838 Versions of semver prior to 7.0.0 are susceptible to ReDos (Regular Expression Denial of Service). The version installed to Adapter NSO has been upgraded to 7.5.2 to resolve this issue. IAP/2023.1.21
Was this article helpful?
What's Next
Privacy Policy
Cookie Policy
Terms of Use
EULA
Copyright © 2024 Itential for Developers
Change password!
Changing your password will log you out immediately. Use the new password to log back in.
Change profile
Success!
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.
Logout