Release notes

Itential Automation Gateway changelog

Subscribe to our RSS Feed or by email to receive automatic notifications when new releases are published. Get notified when we ship new features and improvements.
May 15, 2026

Gateway Manager 1.0.10

Gateway Manager 1.0.10 is a maintenance release containing enhancements, bug fixes, and security updates.

FeatureDescription
Inspect cluster commands (ENG-22987)Added inspectCluster task that provides visibility into a gateway cluster’s activity and health.
FeatureDescription
sendCommand and sendConfig task status (ENG-19453)Fixed an issue where sendCommand and sendConfig tasks incorrectly returned an error status on successful execution.
FeatureDescription
Uncontrolled recursion (ENG-23039)Resolved an uncontrolled recursion security vulnerability.
Dynamically-determined object attribute modification (ENG-23037)Resolved a security vulnerability related to improperly controlled modification of dynamically-determined object attributes.
Prototype pollution (ENG-23035)Resolved a prototype pollution security vulnerability.
HTTP response splitting (ENG-23026)Updated axios to resolve an HTTP response splitting security vulnerability.
Unintended proxy behavior in axios (ENG-22842)Updated axios to resolve a security vulnerability related to unintended proxy behavior.
HTTP response splitting in axios (ENG-22896)Updated axios to resolve an HTTP response splitting security vulnerability.
Arbitrary code injection in lodash (ENG-22846)Updated lodash to resolve an arbitrary code injection security vulnerability.
Sensitive information exposure (ENG-22731)Updated follow-redirect package to resolve a security vulnerability related to improper removal of sensitive information before storage or transfer.
Unintended proxy behavior (ENG-22603)Updated itential-utils to resolve a security vulnerability related to unintended proxy behavior.
Arbitrary code injection (ENG-22377, ENG-22338, ENG-22336)Updated lodash and rodeo to resolve arbitrary code injection security vulnerabilities.
Infinite loop in brace-expansion (ENG-22239, ENG-22179, ENG-22120)Updated brace-expansion to resolve infinite loop security vulnerabilities.
May 15, 2026

IAG 5.4.0

IAG 5.4.0 is a minor release introducing new operational visibility commands, automated virtual environment lifecycle management, integration execution on gateway clusters, and targeted improvements for Python service authors and multi-cluster operators.

For an overview of the key features in this release, see the IAG 5.4.0 feature announcement.

FeatureDescription
runCode task (ENG-19350)Added support for executing inline Python code directly from a Platform workflow canvas through an IAG runner node, without a Git repository or service registration.
Inspect cluster commands (ENG-19091)Added iagctl inspect cluster commands to monitor live state of gateway clusters. These commands provide visibility into cluster health and active execution.
Virtual environment pruning (ENG-19097)Added automated cleanup for idle Python virtual environments on runner nodes. Configurable via venv_sweep_interval (default: 24h) and venv_retention_period (default: 30d) in the [application] section of gateway.conf.
Python service boolean flag support (ENG-18999)Added support for boolean flag arguments in Python script services. Properties typed as boolean in a decorator schema are passed using bare --set key syntax.
CLI config file profiles (ENG-19039)Added support for named connection profiles in gateway.conf using [client:profile_name] sections. Use the new --profile global flag to switch between gateway cluster connections.
Integration execution on gateway (ENG-21999)Gateway clusters now execute integration HTTP requests on behalf of Platform, enabling network-proximate execution and per-request proxy support.
OpenTofu remote backend configuration (ENG-18998)Added --backend-config flag to iagctl create service opentofu-plan for specifying remote state backend configuration at service creation time.
FeatureDescription
SSH keyscan non-standard port support (ENG-23483)Fixed an issue where ssh-keyscan did not correctly handle non-standard SSH ports.
Send Config task argument passing (ENG-22725)Fixed an issue in the built-in Send Config task where config lines were not being passed correctly to netsdk.
Executable service decorator (ENG-21562)Fixed an issue where executable services were not correctly using decorator information from Platform.