Release notes

Itential Automation Gateway changelog

Subscribe to our RSS Feed or by email to receive automatic notifications when new releases are published. Get notified when we ship new features and improvements.
May 15, 2026

IAG 4.3.14

IAG 4.3.14 is a maintenance release containing enhancements, bug fixes, and security updates.

FeatureDescription
LDAP group search parameter (ENG-21922)Added ldap_search_for_groups parameter for LDAP settings to improve LDAP login speed.
FeatureDescription
Blank gNMI set task thread hang (ENG-22591)Fixed an issue where executing a gNMI set task with an empty config caused threads to hang indefinitely. IAG now returns a 200 response with a “nothing to do” message when update, replace, and delete are all absent or empty.
LDAP permission retention (ENG-19101)Fixed an issue where users logging in via LDAP retained group permissions from a previous session when the bind account lacked permission to search groups. Also fixed an unhandled error caused by LDAP user search filters referencing attributes not defined in the server’s schema.
FeatureDescription
Uncontrolled recursion (ENG-23053)Updated axios to resolve an uncontrolled recursion security vulnerability.
Unintended proxy behavior in axios (ENG-22709)Updated axios to resolve a security vulnerability related to unintended proxy behavior.
Sensitive information exposure (ENG-22696)Updated follow-redirect to resolve a security vulnerability related to improper removal of sensitive information before storage or transfer.
Arbitrary code injection in lodash (ENG-22383, ENG-22382)Updated lodash-related packages to resolve arbitrary code injection security vulnerabilities.
ComponentVersion
automation_gateway4.3.71
April 3, 2026

IAG 4.3.13

IAG 4.3.13 is a maintenance release containing bug fixes and security updates.

IssueDescription
Updated ruamel package for HSBC compliance (ENG-21356)Bumped the ruamel package to version 0.17.22 to align with HSBC compliance requirements.
IssueDescription
Updated brace-expansion to resolve infinite loop vulnerability (ENG-22127)Updated brace-expansion to versions 1.1.13 and 2.0.3 to resolve a Snyk-reported infinite loop vulnerability.
Updated ajv to resolve ReDoS vulnerability (ENG-21851)Bumped ajv to version 8.18.0 to resolve a Regular Expression Denial of Service (ReDoS) vulnerability.
Updated swagger-ui-react to resolve XSS and prototype pollution vulnerabilities (ENG-20690, ENG-21007, ENG-17041)Bumped swagger-ui-react to version 5.32.1 to resolve Cross-site Scripting (XSS) and Prototype Pollution vulnerabilities in the dompurify and js-yaml dependencies.
Updated protobuf to resolve uncontrolled recursion vulnerability (ENG-18673)Resolved a high-severity vulnerability (CVE-2026-0994) in the protobuf package where deeply nested google.protobuf.Any messages could bypass the max_recursion_depth limit and trigger a RecursionError.
ComponentVersion
automation_gateway4.3.64
March 6, 2026

IAG 4.3.12

IAG 4.3.12 is a maintenance release containing enhancements, bug fixes, and security updates.

FeatureDescription
Configurable caching system (ENG-11821)Added functionality to enable or disable the caching system with a configurable caching directory when enabled.
IssueDescription
LDAP username case sensitivity (ENG-9584)Fixed authorization issue where LDAP usernames containing uppercase characters caused all IAG modules to appear inaccessible by converting usernames to lowercase.
Ansible implicit localhost execution (ENG-9905)Fixed playbook execution to properly fall back to implicit localhost when no inventory is specified.
Device group cleanup on deletion (ENG-10212)Enhanced device deletion logic to ensure devices are removed from all associated groups upon deletion, preventing errors when executing roles through those groups.
Recursive group relationships and deletion validation (ENG-14249)Enhanced group management to prevent recursive group relationships and added validation to block deletion of groups containing child groups or devices.
Large Ansible playbook log handling (ENG-15049)Improved handling of large Ansible playbook logs by implementing proper response size calculation, correcting max size thresholds, and adding enhanced error handling to prevent UI crashes.
Device and group display performance (ENG-15984)Improved UI performance by adding pagination to device and group displays with a “Load more” button, and implemented infinite scrolling for dropdown menus in the execute tab.
IOS-XR device information retrieval (ENG-17173)Refactored the itential_get_info role to resolve type mismatch issues when running against IOS-XR devices.
LDAP authentication performance (ENG-17936)Improved LDAP authentication performance by optimizing group name lookup mechanism using a predefined LDAP Manager API, significantly reducing authentication delays from 90 seconds.
HTTPS client certificate authentication (ENG-19033)Fixed HTTPS client certificate authentication prompt by restoring original behavior and setting verify_mode to None by default when a certificate bundle is configured.
IssueDescription
Encrypted LDAP password storage (ENG-11716)LDAP bind passwords are now stored encrypted in the database instead of clear text.
Uncontrolled recursion vulnerability (ENG-18673)Resolved uncontrolled recursion vulnerability in dependencies.
Prototype pollution vulnerability (ENG-19184)Addressed prototype pollution vulnerability.
Regular expression denial of service (ReDoS) vulnerability (ENG-19400)Fixed regular expression denial of service (ReDoS) vulnerability.
Version rollback for stability (ENG-20497)Reverted IAG version from 4.4.11 back to 4.3.56 to address stability concerns.
ComponentVersion
automation_gateway4.3.58
December 19, 2025

IAG 4.3.11

IAG 4.3.11 is a maintenance release containing enhancements, bug fixes, and security updates.

FeatureDescription
Logging (ENG-16844)Enhanced logging capabilities in Itential Automation Gateway.
FeatureDescription
Patch version (ENG-17806)Updated patch version for Automation Gateway.
ComponentVersion
automation_gateway4.3.56
November 21, 2025

IAG 2023.2.21

IAG 2023.2.21 is a maintenance release containing bug fixes.

FeatureDescription
Read-only access to scripts and modules (ENG-10553)Fixed an issue where users could not view scripts, playbooks, roles, and other modules when write permissions were removed. The parameter panel component has been refactored to ensure proper visibility with read-only access.
Cache deletion and schema edit persistence (ENG-15530)Fixed multiple cache-related issues: modules, playbooks, and other resources now persist in the UI after cache file deletion; schema edits are immediately reflected in the UI; and manual modifications to modules and playbooks are properly detected and displayed after refresh.
ComponentVersion
automation_gateway2023.2.85
November 21, 2025

IAG 2023.3.14

IAG 2023.3.14 is a maintenance release containing bug fixes for permissions and cache-related issues.

FeatureDescription
Read-only access to scripts and modules (ENG-10553)Fixed an issue where users could not view scripts, playbooks, roles, and other modules when write permissions were removed. The parameter panel component has been refactored to ensure proper visibility with read-only access.
Cache deletion and schema sync issues (ENG-15530)Fixed multiple cache-related issues: modules, playbooks, and other resources now persist in the UI after cache file deletion; schema edits are immediately reflected in the UI; and manual modifications to modules and playbooks are properly detected and displayed after refresh.
ComponentVersion
automation_gateway2023.3.49
November 21, 2025

IAG 4.3.10

IAG 4.3.10 is a maintenance release containing enhancements, bug fixes, and security updates.

FeatureDescription
TLS 1.2 and 1.3 version configuration (ENG-16184)Added support for TLS 1.2 and 1.3 configuration. Deprecated parameters have been removed and replaced with new parameters that allow you to specify the exact TLS version.
FeatureDescription
Read-only access visibility for scripts, playbooks, and modules (ENG-10553)Fixed an issue where users could not view scripts, playbooks, roles, and other modules when write permissions were removed. The parameter panel component has been refactored to ensure proper visibility with read-only access.
Cache-related UI persistence and refresh issues (ENG-15530)Fixed multiple cache-related issues: modules, playbooks, and other resources now persist in the UI after cache file deletion, schema edits are immediately reflected in the UI, and manual modifications to modules and playbooks are properly detected and displayed after refresh.
FeatureDescription
Cookie secure attribute in response headers (ENG-14644)Enhanced cookie security by setting the secure attribute in response headers when setting cookies on the client side.
axios resource allocation vulnerability (ENG-15288)Upgraded axios to version 1.12.0 to address resource allocation vulnerabilities.
ComponentVersion
automation_gateway4.3.55
October 3, 2025

IAG 2023.2.20

IAG 2023.2.20 is a maintenance release containing performance improvements.

FeatureDescription
Updated recommended http_server_threads value (ENG-14985)Based on performance testing, the recommended http_server_threads value in properties.yml has been updated from 2-4 × NUM_CORES to 4 × NUM_CORES.
ComponentVersion
automation_gateway4.0.0+2023.2.82
October 3, 2025

IAG 2023.3.13

IAG 2023.3.13 is a maintenance release containing performance enhancements.

FeatureDescription
Updated recommended http_server_threads value (ENG-14985)Based on performance testing, the recommended http_server_threads value in properties.yml has been updated from 2–4 × NUM_CORES to 4 × NUM_CORES.
ComponentVersion
automation_gateway2023.3.46
October 3, 2025

IAG 4.3.9

IAG 4.3.9 is a maintenance release containing enhancements to improve the user experience in IAG.

FeatureDescription
http_server_threads recommended value update (ENG-14985)Based on performance testing, the recommended http_server_threads value in properties.yml has been updated from 2-4 × NUM_CORES to 4 × NUM_CORES.
ComponentVersion
automation_gateway4.3.48