Release Notes
Bug Fixes
This maintenance release of Platform 6.0.8 includes fixes for bugs that were reported to Itential Product Support.
| Key ID | Release Note |
|---|---|
| ENG-5029 | Fixed table scrolling on Projects homepage. |
| ENG-10276 | Fixed issue viewing Templates with large outputs in Projects. |
| ENG-14157 | Fixed issue where moving assets between Projects could make Projects unusable. |
| ENG-14293 | Fixed a bug where logging into Itential through an SSO provider that fails to provide a NameID value would result in incorrect login behavior. |
| ENG-14423 | /health/status API now correctly identifies CyberArk CCP as the secrets provider. |
| ENG-14521 | Fixed jobs where SLA set to 0 incorrectly triggered jobSlaBreach events. |
Improvements
This section highlights quality improvements to Itential Platform's functionality in this maintenance release.
| Key ID | Release Note |
|---|---|
| ENG-12771 | Added support for PEM-encoded TLS certs for Redis, MongoDB, CyberArk, and Express webserver. |
| ENG-13638 | Added LDAP adapter property to restrict login to custom groups. |
Security Changes
This section highlights fixes and measures to prevent and minimize security risks and vulnerabilities.
| Key ID | Release Note |
|---|---|
| ENG-11630 | Updated DOMPurify dependency to address security vulnerability. |
| ENG-13132 | Fixed XSS vulnerability in Configuration Manager SearchDialog by adding secure download function, sanitizing remote data, and using setAttribute for DOM manipulation. Applied fixes to all 6 export functions. |
| ENG-13133 | Fixed XSS vulnerability in Configuration Manager SearchDialog by adding secure download function, sanitizing remote data, and usingsetAttribute` for DOM manipulation. Applied fixes to all 6 export functions. |
| ENG-13141 | Fixed XSS vulnerability in Configuration Manager SearchDialog by adding secure download function, sanitizing remote data, and using setAttribute for DOM manipulation. Applied fixes to all 6 export functions. |
| ENG-13143 | Fixed XSS vulnerability in Configuration Manager SearchDialog by adding secure download function, sanitizing remote data, and using setAttribute for DOM manipulation. Applied fixes to all 6 export functions. |
| ENG-13144 | Fixed XSS vulnerability in Configuration Manager SearchDialog by adding secure download function, sanitizing remote data, and using setAttribute for DOM manipulation. Applied fixes to all 6 export functions. |
| ENG-13161 | Fixed XSS vulnerability in Configuration Manager exportJson function by adding filename sanitization and using setAttribute instead of direct property assignment. |
| ENG-13162 | Fixed XSS vulnerability in Configuration Manager PageContainer by sanitizing backup names and replacing object spread with direct prop assignment. |
| ENG-13163 | Fixed XSS vulnerability in ConfirmInstances.jsx by sanitizing instance.name rendering to prevent script execution. |
| ENG-13164 | Fixed XSS vulnerability in Configuration Manager ComplianceRunReports by using setAttribute and adding filename sanitization. |
| ENG-13165 | Fixed XSS vulnerability in Configuration Manager SearchDialog/SearchGCCard by using setAttribute and adding filename sanitization. |
| ENG-13166 | Fixed XSS vulnerability in Configuration Manager exportJson function by adding filename sanitization and using setAttribute instead of direct property assignment. |
| ENG-13167 | Fixed DOM-based XSS vulnerability in Automation Studio notifications by implementing URL origin validation. |
| ENG-13168 | Fixed DOM-based XSS vulnerability in Lifecycle Manager ActionTable through explicit prop assignment. |
| ENG-13169 | Fixed XSS vulnerability in Configuration Manager SearchDeviceTemplatesCard by using setAttribute and adding filename sanitization. |
| ENG-13170 | Fixed XSS vulnerability in SearchBackupCard by sanitizing filenames in export functionality. |
| ENG-13172 | Fixed XSS vulnerability in InstanceGroupsTable component by replacing spread operator with explicit prop assignments. |
| ENG-13173 | Fixed XSS vulnerability in ComplianceReportingCard by sanitizing filenames in export functionality. |
| ENG-13175 | Fixed XSS vulnerability in Configuration Manager exportJson function by adding filename sanitization and using setAttribute instead of direct property assignment. |
| ENG-13178 | Fixed XSS vulnerability in StaticGroups component by removing dangerous object spread pattern and implementing sanitization utilities. |
| ENG-13179 | Fixed XSS vulnerability in SearchCompliancePlanCard by sanitizing filename input before DOM manipulation. |
| ENG-13180 | Fixed XSS vulnerability in ChildActionTable component by removing spread operator that allowed unsanitized input injection. |
| ENG-13181 | Renamed setTimeout state variable to setTimeoutValue to avoid naming conflict with global setTimeout() function. |
| ENG-13188 | Fixed Open Redirect vulnerability in Automation Studio DuplicateProjectDialog through MongoDB ObjectId validation. |
| ENG-13949 | Centralized sanitization methods to resolve multiple vulnerabilities. |
| ENG-13956 | Updated @node-saml/passport-saml dependency to address security vulnerability. |
| ENG-14460 | Updated swagger-ui-react dependency to address security vulnerability. |