Release Notes
Bug Fixes
This maintenance release of Platform 6.0.7 includes fixes for bugs that were reported to Itential Product Support.
| Key ID | Release Note |
|---|---|
| ENG-7955 | When importing a pre-built, a "duplicate key error collection" error returned. Fixed a race condition in the processAutomations method that occurred if multiple workflows in the imported pre-built contain the same group. This fix ensures the pre-built will no longer error the import API. |
| ENG-8372 | The "out of sync" banner no longer persists when an application is "in sync" after a user selects an application within the Application section of Admin Essentials and refreshes the page. |
| ENG-8589 | Created a new getTimeByTimezone task that presents timezones by location to accommodate for time variations caused by Daylight Savings Time. Additionally, timezone input is now optional and will default to the system's timezone if not present, also accounting for Daylight Savings Time. |
| ENG-8815 | Fixed a bug in which child job loops remained stuck in a running state when all child jobs were cancelled. |
| ENG-8999 | Fixed an issue where jobs that had reverts in parallel could trigger an infinite loop that saturated the CPU. |
| ENG-10315 | Fixed an issue where the convertTimezone task and other time tasks would default to using the current date and time as opposed to the correct input time. |
| ENG-10848 | A bug was fixed where the internal functions of transformation would disappear upon pressing the backspace key, improving user experience. |
| ENG-11043 | An issue was fixed where a service (application/adapter) crashed due to running out of memory and could not be restarted, ensuring better service reliability. |
| ENG-12350 | The task palette has been updated to set default keys for incoming and outgoing variables specifically for transformation assets, based on the asset's schema. |
| ENG-12865 | A fix was made to address an issue where tasks that utilized deeply nested objects or large arrays of objects as inputs could become stuck in a running state, resulting in a "Maximum Call Stack" error being logged. |
| ENG-13023 | The strict mode for Studio workflow run validation has been disabled to improve flexibility and usability during workflow execution and prevent workflow error. |
| ENG-13035 | Resolved an issue that exposed passwords in mongo_url. The mongo_url property is now effectively masked in the Admin Essentials Configuration view to enhance security and prevent unauthorized access. |
| ENG-13291 | An issue was resolved in JST Transformations where adding conditionals to a step that had multiple assignments from the return would lead to a broken reference. Additionally, a fix was implemented to ensure that a new context would properly propagate from a step with multiple assignments. |
| ENG-13377 | A bug was fixed concerning the adapter properties, which were previously unencrypted upon import when the propertySchema did not explicitly declare the property as encrypted. |
| ENG-13405 | Resolved issue where anchors incorrectly remained marked as assigned when drawing invalid transitions from context variables to parameters across different tasks. |
| ENG-14383 | Fixed an issue where creating a new gateway would succeed, but result in a bad service-group state. |
Improvements
This section highlights quality improvements to Itential Platform's functionality in this maintenance release.
| Key ID | Release Note |
|---|---|
| ENG-10705 | Removed all unused files, code, and dependencies in Platform 6. |
| ENG-12003 | A new UUID property has been added to workflow data to enhance data management and identification. |
| ENG-12675 | Updates were made in the Platform to fix cookie escaping and hashing, addressing low vulnerabilities that were previously identified. |
| ENG-12772 | The Itential user within Docker images has now been assigned a group/user id of 1001:1001 to standardize user management. |
| ENG-12789 | Added support for CyberArk CCP as a secrets provider. |
| ENG-13401 | A new network dependency was added to enhance the functionality and fix issues related to the Platform pipeline. |
| ENG-13928 | Gateway Manager connection validation now ensures only one connection exists per clusterId during new connection handling. |
Security Changes
This section highlights fixes and measures to prevent and minimize security risks and vulnerabilities.
| Key ID | Release Note |
|---|---|
| ENG-11009 | Packages have been updated to ensure a non-vulnerable version of semver is utilized across the Platform, enhancing overall security. |
| ENG-11611 | Updated the swagger-client and swagger-ui-react dependency versions to resolve a security vulnerability. |
| ENG-11626 | Updated the axios dependency version to fix a security vulnerability that was detected in previous versions. |
| ENG-11629 | Updated the prismjs dependency version to resolve a security vulnerability. |
| ENG-11631 | Updated the path-to-regexp dependency version to address a security vulnerability. |
| ENG-11634 | Updated the cookie-parser and express-session versions to mitigate a security vulnerability. |
| ENG-13135 | Implemented XSS prevention measures by adding proper input sanitization and character escaping in the Automation Studio Command component. |
| ENG-13136 | Applied additional XSS vulnerability remediation with enhanced input validation and character escaping in Automation Studio components. |
| ENG-13771 | Updated the form-data dependency version to address a security vulnerability. |