Release notes

Itential Automation Gateway changelog

Subscribe to our RSS Feed or by email to receive automatic notifications when new releases are published. Get notified when we ship new features and improvements.
May 15, 2026

Gateway Manager 1.0.9

Gateway Manager 1.0.9 is a maintenance release containing enhancements, bug fixes, and security updates.

FeatureDescription
Inspect cluster commands (ENG-22987)Added inspectCluster task that provides visibility into a gateway cluster’s activity and health.
FeatureDescription
sendCommand and sendConfig task status (ENG-19453)Fixed an issue where sendCommand and sendConfig tasks incorrectly returned an error status on successful execution.
FeatureDescription
Uncontrolled recursion (ENG-23039)Resolved an uncontrolled recursion security vulnerability.
Dynamically-determined object attribute modification (ENG-23037)Resolved a security vulnerability related to improperly controlled modification of dynamically-determined object attributes.
Prototype pollution (ENG-23035)Resolved a prototype pollution security vulnerability.
HTTP response splitting (ENG-23026)Updated axios to resolve an HTTP response splitting security vulnerability.
Unintended proxy behavior in axios (ENG-22842)Updated axios to resolve a security vulnerability related to unintended proxy behavior.
HTTP response splitting in axios (ENG-22896)Updated axios to resolve an HTTP response splitting security vulnerability.
Arbitrary code injection in lodash (ENG-22846)Updated lodash to resolve an arbitrary code injection security vulnerability.
Sensitive information exposure (ENG-22731)Updated follow-redirect package to resolve a security vulnerability related to improper removal of sensitive information before storage or transfer.
Unintended proxy behavior (ENG-22603)Updated itential-utils to resolve a security vulnerability related to unintended proxy behavior.
Arbitrary code injection (ENG-22377, ENG-22338, ENG-22336)Updated lodash and rodeo to resolve arbitrary code injection security vulnerabilities.
Infinite loop in brace-expansion (ENG-22239, ENG-22179, ENG-22120)Updated brace-expansion to resolve infinite loop security vulnerabilities.
May 15, 2026

IAG 5.4.0

IAG 5.4.0 is a minor release introducing new operational visibility commands, automated virtual environment lifecycle management, integration execution on gateway clusters, and targeted improvements for Python service authors and multi-cluster operators.

For an overview of the key features in this release, see the IAG 5.4.0 feature announcement.

FeatureDescription
runCode task (ENG-19350)Added support for executing inline Python code directly from a Platform workflow canvas through an IAG runner node, without a Git repository or service registration.
Inspect cluster commands (ENG-19091)Added iagctl inspect cluster commands to monitor live state of gateway clusters. These commands provide visibility into cluster health and active execution.
Virtual environment pruning (ENG-19097)Added automated cleanup for idle Python virtual environments on runner nodes. Configurable via venv_sweep_interval (default: 24h) and venv_retention_period (default: 30d) in the [application] section of gateway.conf.
Python service boolean flag support (ENG-18999)Added support for boolean flag arguments in Python script services. Properties typed as boolean in a decorator schema are passed using bare --set key syntax.
CLI config file profiles (ENG-19039)Added support for named connection profiles in gateway.conf using [client:profile_name] sections. Use the new --profile global flag to switch between gateway cluster connections.
Integration execution on gateway (ENG-21999)Gateway clusters now execute integration HTTP requests on behalf of Platform, enabling network-proximate execution and per-request proxy support.
OpenTofu remote backend configuration (ENG-18998)Added --backend-config flag to iagctl create service opentofu-plan for specifying remote state backend configuration at service creation time.
FeatureDescription
SSH keyscan non-standard port support (ENG-23483)Fixed an issue where ssh-keyscan did not correctly handle non-standard SSH ports.
Send Config task argument passing (ENG-22725)Fixed an issue in the built-in Send Config task where config lines were not being passed correctly to netsdk.
Executable service decorator (ENG-21562)Fixed an issue where executable services were not correctly using decorator information from Platform.
April 3, 2026

Gateway Manager 1.0.8

Gateway Manager 1.0.8 is a maintenance release containing quality improvements to Gateway Manager’s functionality and security updates.

FeatureDescription
Cluster ID dropdown for Automation Studio tasks (ENG-21261)The clusterId field in the sendConfig and sendCommand tasks in Studio has been changed from a freeform text field to a dropdown selector.
Version-based inventory population (ENG-20228)Implemented version-based inventory population.
IssueDescription
Updated axios to resolve Snyk vulnerability (ENG-22097)Bumped axios from version 1.13.4 to 1.13.5 to resolve a Snyk-reported vulnerability.
March 24, 2026

IAG 5.3.2

IAG 5.3.2 is a maintenance release containing bug fixes and security updates.

IssueDescription
Proxy settings not applied to Gateway Manager connectivity check (ENG-21908)Fixed an issue where the websocket connection to Gateway Manager was not being established through the proxy server because the initial connectivity check was not using the configured proxy settings.
Command quoting issues on send command task (ENG-21778)Fixed an issue that was causing quoting errors with certain commands executed via the sendCommand task.
IssueDescription
Updated golang gRPC package (ENG-21910)Resolved a high-severity security vulnerability (CVE-2026-33186) in the google.golang.org/grpc package.
March 6, 2026

Gateway Manager 1.0.7

Gateway Manager 1.0.7 is a maintenance release that includes security hardening and access control improvements for Gateway Manager. Key updates include resolution of multiple security vulnerabilities including ReDoS, prototype pollution, XSS, and algorithmic complexity issues. This release also enhances user access filtering for groups and tags, and fixes certificate management functionality in the UI.

FeatureDescription
Access control filtering (ENG-18514)Enhanced filtering to ensure viewable groups and tags are filtered by user access permissions.
Inventory table layout (ENG-19144)Fixed extra width issue on the Inventories table during layout updates.
FeatureDescription
Cross-site scripting (XSS) vulnerabilities (ENG-18232, ENG-18235)Resolved cross-site scripting (XSS) vulnerabilities.
Prototype pollution vulnerabilities (ENG-19178, ENG-19181, ENG-19182)Addressed prototype pollution vulnerabilities in dependencies.
Regular expression denial of service (ReDoS) vulnerabilities (ENG-19396, ENG-19401, ENG-19550, ENG-19551, ENG-19628)Fixed regular expression denial of service (ReDoS) vulnerabilities in multiple dependencies.
Inefficient algorithmic complexity (ENG-20186, ENG-20189, ENG-20190)Resolved inefficient algorithmic complexity issues in dependencies.
FeatureDescription
Certificate management buttons (ENG-14972)Fixed Certificate View/Delete buttons on the Gateway details view to function properly.
March 6, 2026

IAG 5.3.1

IAG 5.3.1 is a maintenance release containing enhancements, bug fixes, and security updates.

FeatureDescription
mTLS support via explicit web proxy (ENG-18944)Added support for routing connections to Gateway Manager through HTTP/HTTPS proxy server. For more information, see Configure proxy for Gateway Manager connections.
FeatureDescription
Secret description field (ENG-19078)Fixed an issue where the --description flag when creating a secret in torero was silently ignored, ensuring descriptions are now properly saved and displayed.
iagctl flag parsing with equals signs (ENG-19249)Fixed iagctl parsing issue where --set flag values containing equals signs (=) were incorrectly parsed, preventing users from passing key-value pairs with = in the value.
FeatureDescription
High-severity CVE resolutions (ENG-18049)Resolved three high-severity security vulnerabilities (CVE-2025-8959, CVE-2025-22868, CVE-2023-46402) affecting the tofu and iagctl binaries, addressing symlink attack, memory exhaustion, and ReDoS risks.
Go-Git security vulnerability (ENG-19325)Resolved go-git security vulnerability.
January 23, 2026

Gateway Manager 1.0.5

Gateway Manager 1.0.5 is a maintenance release that includes performance improvements and enhanced reliability for Gateway Manager. Key updates include optimized Inventory Manager query performance, improved error handling for Redis operations, and validation checks to prevent duplicate gateway connections. This release also includes UI improvements for better usability in development and production environments.

FeatureDescription
Gateway connection validation (ENG-13928)Added validation checks to prevent gateway connections with duplicate cluster_ids, ensuring only one gateway per cluster_id can be connected.
Redis error handling (ENG-14473)Improved error handling for Redis nodes being swapped in READONLY mode.
Local development mode warning (ENG-17308)Added a warning notification when the UI has been built for local development mode.
Broker service icons (ENG-18168)Added icon support for broker services.
Inventory Manager query performance (ENG-18985)Implemented performance improvements for Inventory Manager queries.
FeatureDescription
Service groups dropdown scrolling (ENG-15578)Fixed dropdown menu scrolling issue for service groups when the menu contains overflowed elements.
January 23, 2026

IAG 5.3.0

IAG 5.3.0 is a minor release that introduces support for Inventory Manager integration and HTTP basic authentication for Git repositories.

FeatureDescription
Inventory data ingestion via stdin (ENG-17017)Added capability for IAG to ingest inventory data via standard input (stdin), providing a new method for importing and managing device inventory information. This enhancement supports the Inventory Manager core functionality and enables more flexible inventory data workflows. For more information, see Inventory Manager.
HTTP basic authentication for Git clone and service execution (ENG-15494)Added HTTP basic authentication support for Git clone operations and service execution. This feature enables IAG to clone repositories from Git over HTTP using credentials, expanding options for secure Git integration and automated playbook deployment. Fore more information, see Configure access to private repositories.
November 6, 2025

IAG 5.2.1

IAG 5.2.1 is a maintenance release containing security updates.

FeatureDescription
go-git go-crypto dependency vulnerability (ENG-16161)Resolved a high-severity vulnerability in go-git by updating the go-crypto dependency version.
spf13/viper log handling vulnerability (ENG-16162)Updated the spf13/viper dependency to address a medium-severity improper output neutralization vulnerability in log handling.
openssl/libcrypto3 vulnerabilities (ENG-16163)Fixed three low-severity vulnerabilities in openssl/libcrypto3.
expat/libexpat vulnerability (ENG-16164)Fixed a low-severity vulnerability in expat/libexpat.
curl/libcurl vulnerabilities (ENG-16165)Fixed two low-severity vulnerabilities in curl/libcurl.
October 6, 2025

IAG 5.2.0

IAG 5.2.0 is a minor release that includes support to securely inject sensitive information into services and security updates. /

FeatureDescription
Inject secrets into services (ENG-13737)Added support for injecting secrets into services. For more information, see Inject secrets into services.
FeatureDescription
Path traversal security vulnerability (ENG-13805)Resolved a potential path traversal security vulnerability detected by Snyk’s code analysis.