Itential Automation Gateway changelog

Subscribe to our RSS Feed or by email to receive automatic notifications when new releases are published. Get notified when we ship new features and improvements.

March 6, 2026

Gateway Manager 1.0.7

Gateway Manager 1.0.7 is a maintenance release that includes security hardening and access control improvements for Gateway Manager. Key updates include resolution of multiple security vulnerabilities including ReDoS, prototype pollution, XSS, and algorithmic complexity issues. This release also enhances user access filtering for groups and tags, and fixes certificate management functionality in the UI.

Enhancements (2)

Feature	Description
Access control filtering (ENG-18514)	Enhanced filtering to ensure viewable groups and tags are filtered by user access permissions.
Inventory table layout (ENG-19144)	Fixed extra width issue on the Inventories table during layout updates.

Bug fixes (4)

Feature	Description
Cross-site scripting (XSS) vulnerabilities (ENG-18232, ENG-18235)	Resolved cross-site scripting (XSS) vulnerabilities.
Prototype pollution vulnerabilities (ENG-19178, ENG-19181, ENG-19182)	Addressed prototype pollution vulnerabilities in dependencies.
Regular expression denial of service (ReDoS) vulnerabilities (ENG-19396, ENG-19401, ENG-19550, ENG-19551, ENG-19628)	Fixed regular expression denial of service (ReDoS) vulnerabilities in multiple dependencies.
Inefficient algorithmic complexity (ENG-20186, ENG-20189, ENG-20190)	Resolved inefficient algorithmic complexity issues in dependencies.

Security fixes (1)

Feature	Description
Certificate management buttons (ENG-14972)	Fixed Certificate View/Delete buttons on the Gateway details view to function properly.

March 6, 2026

IAG 5.3.1

IAG 5.3.1 is a maintenance release containing enhancements, bug fixes, and security updates.

Enhancements (1)

Feature	Description
mTLS support via explicit web proxy (ENG-18944)	Added support for routing connections to Gateway Manager through HTTP/HTTPS proxy server. For more information, see Configure proxy for Gateway Manager connections.

Bug fixes (2)

Feature	Description
Secret description field (ENG-19078)	Fixed an issue where the `--description` flag when creating a secret in torero was silently ignored, ensuring descriptions are now properly saved and displayed.
iagctl flag parsing with equals signs (ENG-19249)	Fixed iagctl parsing issue where `--set` flag values containing equals signs (`=`) were incorrectly parsed, preventing users from passing key-value pairs with `=` in the value.

Security fixes (2)

Feature	Description
High-severity CVE resolutions (ENG-18049)	Resolved three high-severity security vulnerabilities (CVE-2025-8959, CVE-2025-22868, CVE-2023-46402) affecting the tofu and iagctl binaries, addressing symlink attack, memory exhaustion, and ReDoS risks.
Go-Git security vulnerability (ENG-19325)	Resolved go-git security vulnerability.