Itential Automation Gateway changelog

Subscribe to our RSS Feed or by email to receive automatic notifications when new releases are published. Get notified when we ship new features and improvements.

IAG 4.3.13

IAG 4.3.13 is a maintenance release containing bug fixes and security updates.

Bug fixes (1)

Issue	Description
Updated ruamel package for HSBC compliance (ENG-21356)	Bumped the ruamel package to version 0.17.22 to align with HSBC compliance requirements.

Security fixes (4)

Issue	Description
Updated brace-expansion to resolve infinite loop vulnerability (ENG-22127)	Updated brace-expansion to versions 1.1.13 and 2.0.3 to resolve a Snyk-reported infinite loop vulnerability.
Updated ajv to resolve ReDoS vulnerability (ENG-21851)	Bumped ajv to version 8.18.0 to resolve a Regular Expression Denial of Service (ReDoS) vulnerability.
Updated swagger-ui-react to resolve XSS and prototype pollution vulnerabilities (ENG-20690, ENG-21007, ENG-17041)	Bumped swagger-ui-react to version 5.32.1 to resolve Cross-site Scripting (XSS) and Prototype Pollution vulnerabilities in the dompurify and js-yaml dependencies.
Updated protobuf to resolve uncontrolled recursion vulnerability (ENG-18673)	Resolved a high-severity vulnerability (CVE-2026-0994) in the protobuf package where deeply nested `google.protobuf.Any` messages could bypass the `max_recursion_depth` limit and trigger a `RecursionError`.

Component version

Component	Version
automation_gateway	4.3.64