Release notes

Itential Automation Gateway changelog

Subscribe to our RSS Feed or by email to receive automatic notifications when new releases are published. Get notified when we ship new features and improvements.
April 3, 2026

IAG 4.3.13

IAG 4.3.13 is a maintenance release containing bug fixes and security updates.

IssueDescription
Updated ruamel package for HSBC compliance (ENG-21356)Bumped the ruamel package to version 0.17.22 to align with HSBC compliance requirements.
IssueDescription
Updated brace-expansion to resolve infinite loop vulnerability (ENG-22127)Updated brace-expansion to versions 1.1.13 and 2.0.3 to resolve a Snyk-reported infinite loop vulnerability.
Updated ajv to resolve ReDoS vulnerability (ENG-21851)Bumped ajv to version 8.18.0 to resolve a Regular Expression Denial of Service (ReDoS) vulnerability.
Updated swagger-ui-react to resolve XSS and prototype pollution vulnerabilities (ENG-20690, ENG-21007, ENG-17041)Bumped swagger-ui-react to version 5.32.1 to resolve Cross-site Scripting (XSS) and Prototype Pollution vulnerabilities in the dompurify and js-yaml dependencies.
Updated protobuf to resolve uncontrolled recursion vulnerability (ENG-18673)Resolved a high-severity vulnerability (CVE-2026-0994) in the protobuf package where deeply nested google.protobuf.Any messages could bypass the max_recursion_depth limit and trigger a RecursionError.
ComponentVersion
automation_gateway4.3.64
March 6, 2026

IAG 4.3.12

IAG 4.3.12 is a maintenance release containing enhancements, bug fixes, and security updates.

FeatureDescription
Configurable caching system (ENG-11821)Added functionality to enable or disable the caching system with a configurable caching directory when enabled.
IssueDescription
LDAP username case sensitivity (ENG-9584)Fixed authorization issue where LDAP usernames containing uppercase characters caused all IAG modules to appear inaccessible by converting usernames to lowercase.
Ansible implicit localhost execution (ENG-9905)Fixed playbook execution to properly fall back to implicit localhost when no inventory is specified.
Device group cleanup on deletion (ENG-10212)Enhanced device deletion logic to ensure devices are removed from all associated groups upon deletion, preventing errors when executing roles through those groups.
Recursive group relationships and deletion validation (ENG-14249)Enhanced group management to prevent recursive group relationships and added validation to block deletion of groups containing child groups or devices.
Large Ansible playbook log handling (ENG-15049)Improved handling of large Ansible playbook logs by implementing proper response size calculation, correcting max size thresholds, and adding enhanced error handling to prevent UI crashes.
Device and group display performance (ENG-15984)Improved UI performance by adding pagination to device and group displays with a “Load more” button, and implemented infinite scrolling for dropdown menus in the execute tab.
IOS-XR device information retrieval (ENG-17173)Refactored the itential_get_info role to resolve type mismatch issues when running against IOS-XR devices.
LDAP authentication performance (ENG-17936)Improved LDAP authentication performance by optimizing group name lookup mechanism using a predefined LDAP Manager API, significantly reducing authentication delays from 90 seconds.
HTTPS client certificate authentication (ENG-19033)Fixed HTTPS client certificate authentication prompt by restoring original behavior and setting verify_mode to None by default when a certificate bundle is configured.
IssueDescription
Encrypted LDAP password storage (ENG-11716)LDAP bind passwords are now stored encrypted in the database instead of clear text.
Uncontrolled recursion vulnerability (ENG-18673)Resolved uncontrolled recursion vulnerability in dependencies.
Prototype pollution vulnerability (ENG-19184)Addressed prototype pollution vulnerability.
Regular expression denial of service (ReDoS) vulnerability (ENG-19400)Fixed regular expression denial of service (ReDoS) vulnerability.
Version rollback for stability (ENG-20497)Reverted IAG version from 4.4.11 back to 4.3.56 to address stability concerns.
ComponentVersion
automation_gateway4.3.58
December 19, 2025

IAG 4.3.11

IAG 4.3.11 is a maintenance release containing enhancements, bug fixes, and security updates.

FeatureDescription
Logging (ENG-16844)Enhanced logging capabilities in Itential Automation Gateway.
FeatureDescription
Patch version (ENG-17806)Updated patch version for Automation Gateway.
ComponentVersion
automation_gateway4.3.56
November 21, 2025

IAG 2023.2.21

IAG 2023.2.21 is a maintenance release containing bug fixes.

FeatureDescription
Read-only access to scripts and modules (ENG-10553)Fixed an issue where users could not view scripts, playbooks, roles, and other modules when write permissions were removed. The parameter panel component has been refactored to ensure proper visibility with read-only access.
Cache deletion and schema edit persistence (ENG-15530)Fixed multiple cache-related issues: modules, playbooks, and other resources now persist in the UI after cache file deletion; schema edits are immediately reflected in the UI; and manual modifications to modules and playbooks are properly detected and displayed after refresh.
ComponentVersion
automation_gateway2023.2.85
November 21, 2025

IAG 2023.3.14

IAG 2023.3.14 is a maintenance release containing bug fixes for permissions and cache-related issues.

FeatureDescription
Read-only access to scripts and modules (ENG-10553)Fixed an issue where users could not view scripts, playbooks, roles, and other modules when write permissions were removed. The parameter panel component has been refactored to ensure proper visibility with read-only access.
Cache deletion and schema sync issues (ENG-15530)Fixed multiple cache-related issues: modules, playbooks, and other resources now persist in the UI after cache file deletion; schema edits are immediately reflected in the UI; and manual modifications to modules and playbooks are properly detected and displayed after refresh.
ComponentVersion
automation_gateway2023.3.49
November 21, 2025

IAG 4.3.10

IAG 4.3.10 is a maintenance release containing enhancements, bug fixes, and security updates.

FeatureDescription
TLS 1.2 and 1.3 version configuration (ENG-16184)Added support for TLS 1.2 and 1.3 configuration. Deprecated parameters have been removed and replaced with new parameters that allow you to specify the exact TLS version.
FeatureDescription
Read-only access visibility for scripts, playbooks, and modules (ENG-10553)Fixed an issue where users could not view scripts, playbooks, roles, and other modules when write permissions were removed. The parameter panel component has been refactored to ensure proper visibility with read-only access.
Cache-related UI persistence and refresh issues (ENG-15530)Fixed multiple cache-related issues: modules, playbooks, and other resources now persist in the UI after cache file deletion, schema edits are immediately reflected in the UI, and manual modifications to modules and playbooks are properly detected and displayed after refresh.
FeatureDescription
Cookie secure attribute in response headers (ENG-14644)Enhanced cookie security by setting the secure attribute in response headers when setting cookies on the client side.
axios resource allocation vulnerability (ENG-15288)Upgraded axios to version 1.12.0 to address resource allocation vulnerabilities.
ComponentVersion
automation_gateway4.3.55
October 3, 2025

IAG 2023.2.20

IAG 2023.2.20 is a maintenance release containing performance improvements.

FeatureDescription
Updated recommended http_server_threads value (ENG-14985)Based on performance testing, the recommended http_server_threads value in properties.yml has been updated from 2-4 × NUM_CORES to 4 × NUM_CORES.
ComponentVersion
automation_gateway4.0.0+2023.2.82
October 3, 2025

IAG 2023.3.13

IAG 2023.3.13 is a maintenance release containing performance enhancements.

FeatureDescription
Updated recommended http_server_threads value (ENG-14985)Based on performance testing, the recommended http_server_threads value in properties.yml has been updated from 2–4 × NUM_CORES to 4 × NUM_CORES.
ComponentVersion
automation_gateway2023.3.46
October 3, 2025

IAG 4.3.9

IAG 4.3.9 is a maintenance release containing enhancements to improve the user experience in IAG.

FeatureDescription
http_server_threads recommended value update (ENG-14985)Based on performance testing, the recommended http_server_threads value in properties.yml has been updated from 2-4 × NUM_CORES to 4 × NUM_CORES.
ComponentVersion
automation_gateway4.3.48
September 5, 2025

IAG 4.3.8

IAG 4.3.8 is a maintenance release containing bug fixes and security updates.

FeatureDescription
Queue Item Not Found errors with throttle enabled (ENG-11882)Fixed “Queue Item Not Found” errors when throttle is enabled on the IAG Adapter by resolving queue management issues during throttling operations.
Adapter crashes with large responses (ENG-14572)Fixed IAG adapter crashes when processing large responses or large batches of smaller responses. The adapter now handles high-volume data without requiring manual restarts.
FeatureDescription
prismjs vulnerability via swagger-ui-react and react-syntax-highlighter (ENG-12230)Upgraded swagger-ui-react and react-syntax-highlighter to address a prismjs vulnerability, improving security and stability.
form-data predictable value range vulnerability (ENG-14587)Updated form-data to v4.0.4 to fix a predictable value range issue from previous values.
ComponentVersion
automation_gateway4.3.47