Platform Cloud May 2026 release features critical security updates, performance improvements, and new capabilities across Operations Manager, Studio, and Platform infrastructure. This release addresses customer-reported issues and introduces enhancements to improve user experience and system reliability.
| Component | Feature | Description |
|---|---|---|
| Gateway | Gateway runCode method (ENG-19351) | Implemented runCode method in Gateway Manager for executing custom code through gateway integrations. |
| Gateway | Gateway runCode RPC (ENG-19350) | Added runCode RPC endpoint in Gateway5 for remote code execution capabilities. |
| Gateway | Proxy logic for integration worker (ENG-21997) | Modified Integration worker to support proxy logic, enabling more flexible network configurations. |
| Operations Manager | Job duration toggle (ENG-19459) | Added job duration toggle option in Operations Manager Jobs Table View, allowing users to customize displayed metrics. |
| Operations Manager | Job execution path visibility (ENG-18253) | Enhanced Operations Manager with improved job execution path visualization, making it easier to trace and debug workflow executions. |
| Operations Manager | Task details panel resize (ENG-22691) | Added support for resizing the task details panel manually, allowing for a larger view of the code editor within the panel. |
| Platform | Itential Academy URL update (ENG-21935) | Updated the URL of Itential Academy in Platform from Learn Upon to the new Itential Academy portal. |
| Studio | Auto-generated key name visibility (ENG-22753) | Improved visibility of auto-generated key names when a form field label contains transformed characters such as spaces or hyphens. The Custom Key radio/text input has been replaced with a text input that displays the auto-generated key as its default value, with a tooltip describing its purpose. Applies to Checkbox, Text, Textarea, Number, Dropdown, Container, Table, and File Upload fields. |
| Studio | Code task template (ENG-19352) | Added code task template in Studio to streamline creation of custom code execution tasks. |
| Studio | Inline query on task input (ENG-22503) | Added support for configuring inline queries on task inputs when data comes from jobs or previous tasks. |
| Studio | Task focus indicators (ENG-18800) | Implemented visual focus indicators for tasks, improving accessibility and navigation in workflow canvas. |
| Workflow Engine | Inline query support (ENG-22689) | Added inline query support to Workflow Engine task variable resolution. |
| Component | Feature | Description |
|---|---|---|
| Integration | OAuth integration models (ENG-20194) | Fixed Integration Models not working with OAuth for Cisco Umbrella integrations. |
| Operations Manager | Actionable tasks CPU thrashing (ENG-22418) | Improved query performance on getting Actionable Tasks in Operations Manager to prevent CPU thrashing. |
| Operations Manager | Manual task retry (ENG-14413) | Fixed issue where users could not access the manual task dialog to retry adapter tasks. Users no longer see a blank screen element when accessing this functionality. |
| Operations Manager | Tasks stuck in errored state (ENG-19443) | Resolved issue with tasks getting stuck in “Errored” states, improving workflow reliability and error recovery. |
| Operations Manager | Triggers display limit (ENG-22024) | Fixed issue where Operations Manager only showed 10 triggers. Banners no longer cut off the bottom of Operations Manager’s screen. |
| Operations Manager | Warning for automation write groups (ENG-1765) | Added warning message when assigning write groups to automation to prevent permission issues. |
| NSO | NSO 6.4.8+ transaction comment support (ENG-22838) | Updated deprecation handling for transaction methods (set_comment, set_label) to maintain compatibility with NSO v6.4.8 and newer releases. |
| Platform | Auto keying JSON forms (ENG-22101) | Implemented auto keying when moving JSON form or template references into projects. |
| Platform | Global search templates (ENG-5894) | Fixed issue where global search was not working for templates and JSON Forms. |
| Platform | Resource model update blocked (ENG-22862) | Fixed an issue where updating a resource model was incorrectly blocked when all existing instances had been deleted via a canceled create action. The instance check now correctly recognizes both completed deletes and canceled creates as deleted states. |
| Platform | System search regex metacharacters (ENG-22349) | Fixed issue where system search failed when query contained regex metacharacters (e.g. +, *). |
| Platform | Vault startup hang (ENG-18458) | Fixed issue where Vault hangs Itential Platform on startup when no network access is available, with no logs and health check passing even if password is bad. |
| Projects | New folder from selected (ENG-4767) | Fixed issue where “New Folder From Selected” failed when selecting from multiple folders in Projects. |
| Projects | Template group concept (ENG-4883) | Resolved issue where Template Group was not properly supported as a concept in Projects. |
| Studio | Canvas search evaluation (ENG-6310) | Fixed issue where canvas search was not finding text in evaluation descriptions. |
| Studio | Canvas task copy/paste references (ENG-22882) | When copying or duplicating a task on the workflow canvas, variable references pointing to tasks outside the new task’s ancestry are now automatically cleared instead of being carried over verbatim from the source, preventing invalid variable bindings on the pasted task. |
| Studio | Deep Merge canvas task (ENG-2623) | Fixed an issue in the Deep Merge canvas task where entering an array value into the static input field did not display a validation error, causing the value to be silently discarded. Also fixed an issue where entering a quoted string (e.g. "hello") would strip the quotes on blur, producing invalid JSON in the editor. |
| Studio | JSON form dropdown clearing (ENG-23223) | Fixed issue where dynamic dropdown contents cleared themselves on interaction. |
| Studio | JSON form UI crash (ENG-22554) | Fixed issue where JSON Form UI crashed when populating post body. |
| Studio | JST function canvas comments (ENG-7897) | Fixed issue where Canvas comments added while viewing a function tab in JST Designer were being saved to the root transformation’s comments array instead of the active function’s. |
| Studio | JST function replace (ENG-2960) | Fixed missing function for ‘replacement’ parameter in JST function ‘replace’. |
| Studio | JST tabs incorrect data (ENG-22735) | Fixed issue where JST tabs showed incorrect data, ensuring consistent data display across transformation editor tabs. |
| Studio | JST undo/redo dirty state (ENG-1851) | Fixed issue where using undo/redo buttons in the JST editor did not put the UI into a dirty state, causing unsaved changes to go undetected. |
| Studio | MOP template special characters (ENG-7275) | Fixed issue where MOP Templates with special characters in name failed to import. |
| Studio | PHTreeMenu multiple context menus (ENG-9230) | Fixed issue where PHTreeMenu allowed multiple context menus to be open at once. |
| Studio | Schema combination element reordering (ENG-7961) | The “Schema Combination Layout” element is now draggable and reorderable in JSON Forms. Reordering now supports drag-and-drop in both directions (upward and downward). |
| Studio | Schema combinations rendering (ENG-22569) | Fixed issue where multiple schema combinations of the same type rendered incorrectly in form preview. |
| Studio | Swap task icon functionality (ENG-9371) | Fixed issue where swap task icon on task detail card did not work for tasks when required adapters were not installed on the system. |
| Studio | Swap task search bar (ENG-22677) | Fixed issue where Swap Task no longer worked following usage of the search bar twice in the Swap Task UI. |
| Studio | Transformation tab display name (ENG-10756) | Fixed incorrect display name in Transformation tab. |
| Studio | Workflow import with SLA fields (ENG-23004) | Added support for handling broken workflow payloads when importing workflows with newly added or updated sla or preAutomationTime fields. |
| Workflow Engine | Memory spike in child jobs (ENG-22494) | Addressed unexplained memory spikes in Workflow Engine leading to hung status of tasks, mainly affecting Child Jobs. |
This release includes important security updates that address vulnerabilities in third-party packages and platform components.
| Component | Feature | Description |
|---|---|---|
| NSO | Arbitrary code injection in lodash (Service Management) (ENG-22893) | Updated lodash in app-service_management to resolve Arbitrary Code Injection vulnerability. |
| NSO | Arbitrary code injection in lodash-es (NSO Gateway) (ENG-23370) | Fixed Arbitrary Code Injection security vulnerability in lodash-es. |
| NSO | Confused deputy in axios (NSO Manager) (ENG-22845) | Fixed Unintended Proxy or Intermediary (‘Confused Deputy’) vulnerability in axios for app-nso_manager. |
| NSO | Confused deputy in axios (Service Management) (ENG-22841) | Fixed Unintended Proxy or Intermediary (‘Confused Deputy’) vulnerability in axios for app-service_management. |
| NSO | Cross-site scripting (NSO Manager) (ENG-22489) | Fixed Cross-site Scripting (XSS) vulnerability in app-nso_manager. |
| NSO | HTTP response splitting in axios (NSO Manager) (ENG-23209) | Resolved HTTP Response Splitting vulnerability (CVE-2026-42035) by updating axios to a secure version inside app-nso_manager (SNYK-JS-AXIOS-16298058). |
| NSO | HTTP response splitting in axios (NSO Service Management) (ENG-23353) | Resolved security vulnerabilities (CVE-2026-42264 and CVE-2026-42044) related to request handling by updating axios to a secure version. |
| NSO | Improper index validation in UUID (NSO Manager) (ENG-23442) | Resolved a security vulnerability (CVE-2026-41907) related to improper validation of specified index, position, or offset in input by updating UUID to a secure version inside app-nso_manager. |
| NSO | Infinite loop (NSO Adapter) (ENG-22486) | Fixed Infinite loop vulnerability in adapter-nso. |
| NSO | Infinite loop (NSO Manager) (ENG-22487) | Fixed Infinite loop vulnerability in app-nso_manager. |
| NSO | Prototype pollution (NSO Manager) (ENG-22490) | Fixed Prototype Pollution vulnerability in app-nso_manager. |
| Platform | Arbitrary code injection in lodash (Itential Platform) (ENG-22665) | Updated lodash in Itential Platform to resolve Arbitrary Code Injection vulnerability. |
| Platform | Confused deputy in axios (Itential Platform) (ENG-22619) | Fixed Unintended Proxy or Intermediary (‘Confused Deputy’) vulnerability in axios for Itential Platform. |
| Platform | HTTP response splitting in axios (itential-utils) (ENG-23095) | Updated axios in itential-utils to resolve HTTP Response Splitting vulnerability (SNYK-JS-AXIOS-16298058). |
| Platform | Infinite loop in brace-expansion (Itential Platform) (ENG-22281) | Updated brace-expansion package in Itential Platform to resolve Infinite loop vulnerability. |
| Platform | Infinite loop in brace-expansion (itential-utils) (ENG-22132) | Updated brace-expansion package in itential-utils to resolve Infinite loop vulnerability. |
| Platform | XML injection in @xmldom/xmldom (ENG-22666) | Updated @xmldom/xmldom package to resolve XML Injection vulnerability. |
| Studio | ReDoS in JSON form validation (ENG-23377) | Replaced a ReDoS-susceptible regular expression in formatRegexError (app-automation-studio FormCanvas) with linear string operations, eliminating catastrophic backtracking exposure on user-controlled error message input. |
Improvements to existing Itential Cloud features provide better performance, usability, and workflow efficiency.
| Improvement | Description |
|---|---|
| ENG-18749 Canvas Debug Mode UI Updates | Updated Canvas Debug Mode color scheme and icon design in both Studio and Operations Manager for improved visibility and user experience. |
| ENG-18502 MOP Template Description Support | Enabled setting descriptions for Command Templates and Analytic Templates during asset creation in projects, improving documentation capabilities. |
| ENG-18189 NSO 6.5+ Transaction Comments | Added support for NSO 6.5+ transaction comments (set_trans_comment) to enhance integration capabilities with Cisco NSO. |
| ENG-18680 Principal Caching Enhancements | Implemented principal caching security improvements to enhance authentication performance and security posture. |
| ENG-16748 X-Forwarded-For Header Logging | Added X-Forwarded-For header logging in Platform Webserver logs to improve request tracing and security auditing. |
| ENG-19847 Project Description Field | Added optional description field to project creation flows in Studio, enabling better project documentation and organization. |
| ENG-18926 Lifecycle Management Action Descriptions | Enabled setting description field for Lifecycle Management Action assets to improve asset documentation and searchability. |
| ENG-18925 Golden Configuration Asset Descriptions | Enabled setting description field for Golden Configuration assets in Configuration Manager, enhancing configuration documentation capabilities. |
| ENG-19875 Asset Edit Details Modal Standardization | Implemented consistent Edit Details modal across all Studio assets for improved user experience and interface consistency. |
| ENG-19921 Auto Keying for Project Asset Migration | Enabled automatic keying when moving assets into projects, streamlining project organization and asset management workflows. |
| ENG-20100 Asset More Menu Options Update | Updated more menu options across assets to provide consistent and intuitive access to asset actions throughout the platform. |
| ENG-17515 NSO 6.5 and 6.6 Certification | Certified NSO Service Manager functions and NSO Adapter against NSO 6.5 and NSO 6.6, ensuring compatibility with the latest Cisco NSO versions. |
| ENG-16284 Platform 6 Index Management Enhancement | Enhanced index management for Platform 6 upgrades to improve database performance and reduce upgrade complexity. |
| ENG-15973 Vault Namespace Header Support | Implemented support for X-Vault-Namespace header for Vault integration, enabling multi-tenancy and namespace isolation. |
| ENG-8574 NSO fetchData Return Limit Adjustment | Adjusted NSO fetchData return limit to handle larger datasets and improve integration performance with Cisco NSO. |
| ENG-10644 Project Thumbnail File Size Configuration | Added configuration for project thumbnail file size in Settings to allow customization based on organizational requirements. |
Resolved issues improve stability and correct unexpected behavior in Itential Cloud.
| Improvement | Description |
|---|---|
| ENG-19162 LCM runAction Task Recursion | Fixed issue where using LCM’s runAction task in a workflow caused discover references to infinitely recurse, crashing Studio. Improved task reference handling to prevent infinite loops. |
| ENG-19075 Date Range Filter Crash | Resolved Operations Manager crash caused by invalid input in Date Range Filter. Enhanced input validation to prevent system crashes. |
| ENG-19016 Workflow Engine Scheduler Race Condition | Fixed race condition in Workflow Engine scheduler that could cause timing-related execution issues. Improved thread safety and synchronization. |
| ENG-19004 Run Windows Static Time Entries | Restored functionality for static time entries in Run Windows that were non-functional in version 6.3.1. |
| ENG-18970 Radix Argument Error | Fixed production error “toString() radix argument must be between 2 and 36” by implementing proper input validation for number conversion operations. |
| ENG-18953 Large File Import Size Limitation | Addressed issues with moving assets inside folders or importing large project files due to 15MB size limitation. Improved handling for large file operations. |
| ENG-18861 Zoom to Selection Context Menu | Restored missing Zoom to Selection option in task context menu on Operations Manager canvas. |
| ENG-18859, ENG-16346 Zoom to Selection Centering | Fixed issue where Zoom to Selection feature did not properly center the selected items on canvas in both Studio and Operations Manager. |
| ENG-18707 IAP UI Login Performance | Resolved slow login performance issue in IAP UI that persisted after upgrade to 6.3.0. Optimized authentication workflow for improved response times. |
| ENG-18501 MOP Template Metadata Dialog | Fixed issue where clicking the save button on metadata dialog for MOP Command Template or Analytic Template in projects caused import failures. |
| ENG-18500 MOP Template Description Export | Resolved issue where descriptions for MOP Command Templates and Analytic Templates were not included during project export. |
| ENG-18497 Workflow Description Persistence | Fixed issue where workflow description set during asset creation did not persist, and description field was missing in global space. |
| ENG-18486 Transformation Extract Output | Corrected issue where Transformation task did not properly set Extract Output when outgoing schemas were modified. Ensured proper output mapping. |
| ENG-18475 Workflow Promotion Issues | Fixed issue where workflows were missing after promoting a project from development to staging environment. Improved project promotion reliability. |
| ENG-18463 Studio Task Palette Filter | Resolved task palette filter misbehavior when palette was displayed in wide mode. Improved filter behavior across different display configurations. |
| ENG-18405 Generate Example Inputs Data Loss | Fixed issue where clicking “Generate Example Inputs” button wiped existing user data. Implemented proper data preservation logic. |
| ENG-18401 Project Folder Creation | Resolved inability to create folders within projects. Restored folder creation functionality. |
| ENG-18156 NSO 6.5+ Host Header Validation | Improved handling of HTTP 400 errors caused by strict Host header validation in NSO 6.5+. Enhanced compatibility with newer NSO versions. |
| ENG-17868 Studio Canvas Task Corruption | Fixed race condition that could place corrupted tasks on Studio canvas. Improved task placement synchronization. |
| ENG-17841 Workflow Start Error State | Resolved error state occurring on workflow Start node when variables were empty. Improved empty variable handling. |
| ENG-17838 SLA Duration Input Validation | Fixed issue where duration input in workflow SLA/Pre-Automation Fields broke on invalid inputs. Added proper input validation. |
| ENG-17639 JSON Forms Yang Widget Rendering | Resolved rendering failures for JSON Forms utilizing Yang Widget. Ensured proper widget initialization and display. |
| ENG-16755 Auth Methods Access Handling | Fixed improper failure behavior when attempting to access authentication methods without proper permissions. Improved error handling and messaging. |
| ENG-16304 JSON Form Builder Default Value | Fixed inability to set default value of 0 in number fields within JSON Form Builder. Corrected value validation logic. |
| ENG-15292 Event Listener Job Multi-Cluster | Resolved failures of eventListenerJob task in multi-IAP clusters depending on number of IAP instances. Improved cluster-aware task execution. |
| ENG-14421 Command Template Regex in Transformation | Fixed production issue with command template regex processing in transformations. Improved regex handling and validation. |
| ENG-13661 Run Templates Diff Task | Addressed issues preventing proper execution of Run Templates Diff task. Restored full task functionality. |
| ENG-12562 Child Job Data Inconsistency | Fixed inconsistent data display between canvas and Job Details view for P6 child jobs. Ensured consistent data representation. |
| ENG-12304 JST Schema Property Names | Resolved JST failure when schema property names contained the # character. Improved special character handling in schema properties. |
| ENG-12294 JST Step Context Order | Fixed JST errors occurring when step context order did not match data flow. Improved context resolution logic. |
| ENG-11251 JST Designer Infer Functionality | Resolved inconsistencies in JST Designer infer functionality including addition of empty property and data type mismatches. Improved schema inference accuracy. |
| ENG-10647 Transformation Corruption | Fixed production issue where transformations became corrupted and non-functional. Implemented safeguards against transformation corruption. |
| ENG-9078 Integration Thread Count Limit | Removed maximum threshold for IAP_INTEGRATION_THREAD_COUNT configuration to allow proper scaling for high-throughput scenarios. |
| ENG-7533 Schema Combination Option Renaming | Fixed issue where renaming an option in a schema combination cleared all added fields for that option. Preserved field data during rename operations. |
| ENG-7413 Transformation Canvas Scrollbar | Resolved production issue where transformation canvas scrollbar was not viewable. Improved UI layout and scrollbar visibility. |
| ENG-7269 Transformation Function Closure | Fixed issue where closing a function while parent transformation was open would offset transitions. Improved state management for nested transformations. |
| ENG-20126 Asset Movement from Project to Global | Fixed issue where moving an asset from project to global space did not update the asset correctly. Ensured proper asset metadata and reference updates during migration. |
| ENG-19989 Workflow Import Validation Errors | Resolved validation errors occurring when importing workflows in Platform 6.3.2. Improved import validation logic to handle edge cases. |
| ENG-19874 Custom Application Functionality | Fixed Custom Application not working properly in 6.3 and addressed additional issues that occurred when the application did work. Improved application initialization and runtime stability. |
| ENG-19709 Task Node Deselection | Fixed issue where task node was automatically deselected when opening task details. Maintained selection state for improved user experience. |
| ENG-19549 Asset Duplication in Projects | Resolved issue where assets were being duplicated within projects, causing import errors in Platform 6. Implemented proper asset uniqueness validation. |
| ENG-19433 Project Performance with External References | Improved project loading and performance when large numbers of external references exist. Optimized reference resolution and caching mechanisms. |
| ENG-19332 Project Loading COLLSCANS | Fixed issue where loading projects with many components caused spikes in database COLLSCANS leading to platform slowness. Added proper database indexes and optimized queries. |
| ENG-18622 JSON Form Data Binding Schema Error | Resolved issue where Data Binding in JSON Form gave incorrect schema error consistently. Corrected schema validation logic. |
| ENG-18487 Eval Null Value Handling | Fixed issue where Eval task incorrectly handled null values. Improved null checking and value coercion logic. |
| ENG-18187 Child JST Renaming on Import | Resolved issue where referenced child JST was renamed upon workflow import. Preserved original JST names during import operations. |
| ENG-17989 JST Designer User Function Cleanup | Fixed JST Designer failure to clean up assignments from user functions, which created irrecoverably broken JST documents. Implemented proper cleanup routines. |
| ENG-17802 Evaluation Task Job Variable Input | Corrected issue where Evaluation task job variable input was not functioning properly. Restored proper variable binding and evaluation. |
| ENG-17775 AGManager Adapter Discovery | Fixed AGManager error on discoverAll where automation gateway adapter could not be found. Improved adapter registration and discovery mechanisms. |
| ENG-17550 Task Summary Loading State | Resolved issue where Task Summary remained stuck in loading state on running workflows. Improved state management and error handling. |
| ENG-17240 LCM Special Character Sanitization | Fixed LCM failure to sanitize special characters when invalid regex exists in action names for workflows. Enhanced input validation and sanitization. |
| ENG-16926 Redis TLS Configuration | Resolved inability to configure Itential Platform to use TLS with Redis and Redis Sentinel. Implemented proper TLS configuration support. |
| ENG-16816 Operations Manager Job View Crash | Fixed Operations Manager (Job View) crash when viewing child iteration of cancelled jobs or jobs without valid Job object values. Added proper null checking and error handling. |
| ENG-15667 JST Import from Project | Resolved issue where Automation and JSON Form could not be imported if using a JST from a project. Fixed cross-scope JST reference resolution. |
| ENG-15611 Legacy Forms Export/Import | Fixed issue in 23.2 UAT where Legacy Forms failed to export/import. Ensured backward compatibility for form migration. |
| ENG-13749 renderJsonSchema Binding Schema | Fixed bindingSchema parameter in renderJsonSchema task that was not working correctly. Restored proper schema binding functionality. |
| ENG-12016 JSON Form Field Dependency Update | Resolved issue where JSON Form with field dependency did not update selected field properly. Improved dependency tracking and field updates. |
| ENG-11207 JST Designer Duplicate Schema IDs | Fixed JST designer not warning users about duplicate schema $id values, which allowed saves but caused misbehavior. Implemented duplicate ID detection and validation. |
| ENG-21971 Long Workflow Names in Project Automation References | Fixed issue where workflows with long names in projects could not be referenced in automations. Improved name length handling and reference resolution. |
| ENG-21853 Lifecycle Manager Schema Reference Error | Resolved issue where pronghorn.json generated by Lifecycle Manager contained references to non-existent schema definitions. Corrected schema generation logic. |
| ENG-21803 MOP Template Last Updated By Field | Fixed issue where Last Updated By field always displayed unknown for MOP Command/Analytic templates. Implemented proper user tracking for template modifications. |
| ENG-21768 Transformation Search with Dash Characters | Resolved issue where Transformations search did not work properly for names containing dash characters. Enhanced search query parsing. |
| ENG-21621 Workflow GBAC Restrictions in Global Space | Fixed issue in 6.3.3 where Workflow Group-Based Access Control (GBAC) no longer restricted users in global space. Restored proper access control enforcement. |
| ENG-21576 Operations Manager Automations Groups Display Limit | Resolved issue where Operations Manager Automations Read/Write Groups only displayed the first 100 groups. Implemented proper pagination and group listing. |
| ENG-21566 Form Validation enumNames Rejection | Fixed backend form validation incorrectly rejecting valid forms containing enumNames due to Ajv strict mode. Adjusted validation schema to support enumNames. |
| ENG-21383 Query Task JSON View Output Display | Corrected issue where Query Task Post Execution showed incorrect output when JSON View was turned off. Improved output formatting logic. |
| ENG-21256 Validate Form Task JSON Forms Service Crash | Fixed issue where Validate Form task would crash the JSON Forms service if validation failed. Implemented proper error handling and service recovery. |
| ENG-20828 Project Thumbnail Upload with Workflows | Resolved inability to upload project thumbnail when a workflow exists in the project. Fixed file upload validation logic. |
| ENG-20227 LCM RunAction Task Hang on Invalid Data | Fixed issue where LCM RunAction task hung when invalid instance data was provided. Added input validation and timeout handling. |
| ENG-20193 ValidateJsonSchema Single Document Limitation | Resolved issue where ValidateJsonSchema task only validated a single document per schema ID. Enabled multi-document validation support. |
| ENG-20147 Golden Configuration Identifier Key Data Loss | Fixed critical issue where server silently dropped Identifier Key entries on save in Golden Configuration. updateJSONConfigRules() now properly preserves all data. |
| ENG-20146 Golden Configuration Identifier Key Dropdown Blank | Resolved issue where Identifier Key dropdown was always blank on dialog re-open due to silent TypeError in async checkRuleSet(). Corrected async error handling. |
| ENG-20145 Golden Configuration Dialog Crash on Right-Click | Fixed blocker issue where showJSONDialog() crashed on right-click due to missing empty-string guard before JSON.parse. Added proper input validation and event listener cleanup. |
| ENG-19226 viewData Inconsistent Behavior | Resolved inconsistent behavior and unexpected behavior changes in viewData functionality. Standardized viewData handling across components. |
| ENG-18902 Workflow Loading Performance on P6 | Improved workflow loading performance on Platform 6 by optimizing data retrieval and rendering logic. |
| ENG-17866 Manual Trigger Form Crash with Duplicate Labels | Fixed page crash when clicking on forms containing items with same label name but different types in Manual Trigger dropdown. Enhanced form validation and conflict resolution. |
| ENG-16590 Job Deletion with Automation Read/Write Groups | Resolved issue where jobs could not be deleted when triggered by an automation with read/write groups. Corrected permission checking logic. |
| ENG-14982 JSON Form Text Input Binding | Fixed issue where binding for text input in JSON Forms did not work correctly. Restored proper data binding functionality. |
| ENG-4775 JSON Form Element Ordering | Resolved issue where JSON form elements appeared out of order when previewing and in the Automation trigger view. Ensured consistent element ordering. |
| ENG-4773 Project Builder Logo Display | Fixed issue where Itential logo did not display correctly in Project Builder. Corrected logo asset loading. |
| ENG-4712 JSON Form Builder Table Deletion Confirmation | Added confirmation prompt when deleting tables in JSON Form Builder to prevent accidental data loss. |
| ENG-4653 JSON Form Readonly Field Population | Resolved inability to populate readonly fields with values in JSON Forms. Enabled value assignment for readonly fields. |
| ENG-4259 Task Swap State Persistence | Fixed issue where Swap Task state persisted when opening other tasks. Properly cleared task state on task change. |
| ENG-3873 JST Schema Modification Variable Removal | Resolved issue where modifying schema of JST removed any outgoing variables set in workflow. Preserved variable assignments during schema updates. |
| ENG-3341 Duplicate Form Option Values | Fixed ability to create forms with duplicate values in options. Implemented duplicate value detection and validation. |
| ENG-2959 Workflow Count Display Accuracy | Corrected inaccurate workflow count on the Automation Studio workflow View All page. Fixed counting logic. |
| ENG-2950 Transformation Hotkey Save | Resolved issue where saving transformation using hotkeys did not work. Restored keyboard shortcut functionality. |
| ENG-2946 Child/Parent Workflow Visualization | Fixed child/parent workflow drill down visualization issue with zoom-to-fit and constellation view. Improved canvas rendering logic. |
| ENG-2293 JST Designer Task Execution Completion | Resolved issue where JST Designer did not complete execution of a task even when prior task produced valid output. Fixed task completion detection. |
Security patches and vulnerability fixes protect your Itential Cloud deployment.
| Improvement | Description |
|---|---|
| ENG-19229 Prototype Pollution in axios | Updated axios package in itential-utils to resolve prototype pollution vulnerability. Enhanced input validation to prevent prototype chain manipulation. |
| ENG-19223 Arbitrary Code Injection in jsonpath | Updated jsonpath package to address arbitrary code injection vulnerability. Implemented proper input sanitization for JSONPath expressions. |
| ENG-18855 Node.js Version Upgrade | Upgraded Node.js versions in Platform Image to address security vulnerabilities and improve runtime security posture. |
| ENG-18425 XSS in @remix-run/router | Updated @remix-run/router package to resolve Cross-site Scripting (XSS) vulnerability. Enhanced input sanitization in routing components. |
| ENG-17677 Incomplete Filtering in validator | Updated validator package to address incomplete filtering of special elements vulnerability. Improved input validation and sanitization. |
| ENG-19908 ReDoS in ajv (NSO Adapter) | Updated ajv package in NSO adapter to resolve Regular Expression Denial of Service (ReDoS) vulnerability. Enhanced regex validation patterns. |
| ENG-19907 ReDoS in minimatch (NSO Adapter) | Updated minimatch package in NSO adapter to address ReDoS vulnerability. Improved pattern matching performance. |
| ENG-19905 Prototype Pollution in lodash (Service Management) | Updated lodash package in app-service_management to resolve prototype pollution vulnerability. Enhanced object property validation. |
| ENG-19903 ReDoS in ajv (Service Management) | Updated ajv package in app-service_management to address ReDoS vulnerability. Improved schema validation performance. |
| ENG-19899 Prototype Pollution in lodash (NSO Manager) | Updated lodash package in app-nso_manager to resolve prototype pollution vulnerability. Implemented proper input sanitization. |
| ENG-19898 ReDoS in ajv (NSO Manager) | Updated ajv package in app-nso_manager to address ReDoS vulnerability. Enhanced validation efficiency. |
| ENG-19897 ReDoS in minimatch (NSO Manager) | Updated minimatch package in app-nso_manager to resolve ReDoS vulnerability. Improved glob pattern handling. |
| ENG-19473 Resource Allocation in axios (NSO Manager 2023.2) | Updated axios package to address Allocation of Resources Without Limits or Throttling vulnerability. Implemented proper request throttling. |
| ENG-19472 Prototype Pollution in axios (NSO Manager) | Updated axios package in app-nso_manager to resolve prototype pollution vulnerability. Enhanced HTTP request validation. |
| ENG-16644 Prototype Pollution in csvtojson | Updated csvtojson package to address prototype pollution vulnerability. Improved CSV parsing security. |
| ENG-15022 Predictable Value Range in form-data (NSO Manager) | Updated form-data package to address Predictable Value Range from Previous Values vulnerability. Enhanced boundary generation randomness. |
| ENG-21752 Data Amplification in undici | Updated undici package to resolve Improper Handling of Highly Compressed Data (Data Amplification) vulnerability. Implemented proper compression handling limits. |
| ENG-21364 Prototype Pollution in immutable | Updated immutable package to address prototype pollution vulnerability. Enhanced object mutation protection. |
| ENG-20534 ReDoS in ajv (JST) | Updated ajv package in JST to resolve ReDoS vulnerability. Improved regex validation performance. |
| ENG-20532 Resource Allocation in qs (JST Designer) | Updated qs package in JST Designer to address Allocation of Resources Without Limits or Throttling vulnerability. Implemented proper query string parsing limits. |
| ENG-20498 ReDoS in ajv (IAP) | Updated ajv package in IAP to resolve ReDoS vulnerability. Enhanced schema validation efficiency. |
| ENG-20475 Resource Allocation in qs (IAP) | Updated qs package in IAP to address Allocation of Resources Without Limits or Throttling vulnerability. Added proper resource constraints. |
| ENG-20376 Algorithmic Complexity in minimatch (IAP) | Updated minimatch package in IAP to resolve Inefficient Algorithmic Complexity vulnerability. Optimized pattern matching algorithms. |
| ENG-20366 ReDoS in ajv (itential-utils) | Updated ajv package in itential-utils to address ReDoS vulnerability. Improved validation pattern efficiency. |
| ENG-20365 Algorithmic Complexity in minimatch (itential-utils) | Updated minimatch package in itential-utils to resolve Inefficient Algorithmic Complexity vulnerability. Enhanced glob pattern processing. |
New capabilities added to Itential Cloud expand automation options and provide additional functionality for network operations.
| Improvement | Description |
|---|---|
| ENG-18005 Inventory Manager | The February release adds a new application, Inventory Manager, to the platform sidebar, providing integrated access to inventory management capabilities directly within the automation platform. This application is new and does not impact existing configurations. Benefits: • Seamless navigation between automation workflows and inventory data • Improved efficiency for operations requiring device and asset information • Unified user experience across platform modules |
| ENG-17257 Workflow Metadata Panel Deep Linking | Added support for URL parameters that enable direct navigation to workflow metadata panels, improving integration with external tools like Insights. New Capabilities: • URL parameter support for automatically opening workflow metadata panel • Works for both global and project-scoped workflows • Enhanced tooltip help text for Pre-Automation Time and SLA Per Workflow fields • Improved user guidance for workflow performance tracking Example URL: https://{instance}.itential.io/studio/workflows/{workflowId}?expandMetadataPanelOnFirstWorkflowOpen=trueUse Cases: • Navigate directly from Insights performance data to workflow settings • Quick access to edit Pre-Automation Time for ROI calculations • Streamlined workflow configuration updates |
Improvements to existing Itential Cloud features provide better performance, usability, and workflow efficiency.
| Improvement | Description |
|---|---|
| ENG-18555 Performance Optimization | Resolved critical performance issues affecting instances with large numbers of roles and methods, particularly impacting adapters with extensive method collections. Improvements: • Faster login times when using LDAP or local authentication • Improved UI responsiveness in Admin Essentials and Operations Manager • Optimized workflow execution performance • Reduced timeout incidents with load balancers Impact: Customers with gateway adapters containing thousands of allowed methods will experience significantly improved platform performance. |
| ENG-9417 Nested Indexed Array Support | Fixed issue where nested indexed array elements in JSON Schema Transformation schemas were not selectable, enabling proper transformation configuration for complex data structures. |
| ENG-11898, ENG-11954 Special Character Handling in JST | • Resolved issues with % symbol in property names causing transformation failures • Fixed schema corruption when renaming properties containing special characters • Improved URI validation and error handling |
| ENG-9088 Enhanced JST Error Reporting | Regular expression errors in transformations are now properly captured and displayed in the UI, providing clear feedback to users instead of silent failures. |
| ENG-3512 JST Schema Editability Improvements | Resolved inconsistencies in incoming schema editability, ensuring consistent behavior regardless of how transformations are accessed (via method card or sidebar navigation). |
| ENG-7907 JST Duplicate Name Handling | Fixed issue allowing transformation renaming to duplicate names, preventing data display inconsistencies and confusion between transformations with identical names. |
| ENG-18679 Workflow Engine Schema Validation | Fixed invalid JSON schemas in Workflow Engine that were causing error-level logging messages during platform startup, improving system diagnostics and reducing log noise. |
| ENG-18988 Job Viewer | Set default sort value on columns when clicking on them for the first time. |
Resolved issues improve stability and correct unexpected behavior in Itential Cloud.
| Improvement | Description |
|---|---|
| ENG-17545 AD-FS Identity Provider Authentication | • Fixed issue where AD-FS IdP login succeeded with empty username • Added validation to prevent login when UPN value is missing • Enhanced logging to identify missing identity provider values • Improved error messages for authentication failures |
| ENG-16734 CyberArk Reference Handling | • Resolved issue where CyberArk secret path references in adapter configurations were incorrectly encrypted • Reference paths now remain intact, preventing adapter authentication failures |
| ENG-11487 Scheduler Task Data References | • Updated scheduler to use new task data reference format • Ensures consistency with workflow engine task document structure • Aligns scheduled tasks with current data management architecture |
| ENG-4564 Job View Display | • Fixed issue where job variables appeared empty in the 2023.2+ job view interface • Restored proper display of job variable data |
| ENG-18195 Provision Workflow Task Schema | • Corrected input parameter schema definition from incorrect array type to proper object type • Resolves task execution failures due to schema validation mismatches • Ensures compatibility between API and task implementations |
| ENG-16275 Integration Deletion | • Fixed issue preventing integration deletion when confirmation dialog appeared • Resolved blank screen issue during integration deletion workflow |
| ENG-17839 Project Workflow Import | • Fixed issue where imported project workflows appeared in global scope instead of project space • Ensures proper workflow organization and namespace isolation |
| ENG-17772 JSON Forms Transformation Bindings | • Resolved mismatch between JSON form configuration view and runtime display • Ensures consistent form rendering across configuration and preview modes |
| ENG-9553 Project JST Export/Import | • Fixed issue where JSTs used in childJob tasks were duplicated during project export • Resolved JST renaming issues on project import • Eliminated orphaned JST copies in database after project operations |
| ENG-3435 Prebuilt Transformation Import | • Fixed issue where prebuilt import did not properly overwrite existing transformations with same name • Prevents duplicate transformations with different IDs |
| ENG-10557 Large Data in Editor | • Resolved issue where large data in workflow editor reformatted unexpectedly • Prevents unwanted “dirty state” triggering in workflows • Improves editor performance with large datasets |
| ENG-18885 API Token Authentication | • Fixed issue where API tokens and service accounts were incorrectly returning 403 Forbidden errors • Restored proper authentication for token-based API access • Resolved authentication failures impacting automated integrations and service accounts |
| ENG-18508 JSON Forms Dynamic Dropdowns | • Fixed issue where JSON Forms with dynamic dropdowns displayed “undefined” when opening the dropdown • Resolved discrepancy between successful API call in form settings and failed runtime display • Ensured proper data population for dynamic POST request dropdowns |
| ENG-18151 Job Variable Handling | • Fixed job error “Cannot destructure property ‘location’ of ‘_0x2f4fa8’ as it is undefined” • Improved handling of missing job variables in push to array tasks • Addressed sub-optimal missing variable behavior causing job failures |
| ENG-18068 Code Editor Component | • Fixed race condition in BackgroundTokenizer causing “Cannot read properties of null (reading ‘getLength’)” errors • Resolved issue where code editor component attempted to access document properties after unmounting • Improved editor component lifecycle management |
| ENG-17392 OAuth Client Visibility | • Fixed issue where OAuth Client creation option remained visible when ITENTIAL_ADMIN_AUTH_PAGES_ENABLED environment variable was set to false • Ensured proper UI behavior for Cloud customers managing service accounts through Hub interface • Aligned interface options with environment variable configuration |
| ENG-16320 OAuth2 Integration Models | • Fixed validation failure when creating OAuth2-capable Integration Models following documentation examples • Resolved issues preventing proper OAuth2 authentication configuration • Ensured compatibility with OAuth2-enabled API integrations |
| ENG-12011 JST Schema Editor | • Fixed JST Designer Schema Editor errors occurring when property names contained forward slash (/) characters with incorrect types • Resolved validation errors in betterAjv.js library when processing properties with special characters • Restored proper save button functionality in schema editor |
| ENG-11192 Masked Job Variables | • Fixed issue where renaming masked job variables left orphaned decorator entries in workflows • Resolved problem where old variable names appeared as masked in Operations Manager despite no longer being referenced • Ensured decorator array properly updates when job variable names change |
| ENG-10280 JST Pointer Connections | • Fixed issue where JST pointers did not connect as expected when building map functions • Improved pointer behavior and connection logic in transformation designer • Enhanced user experience when creating complex transformations |
| ENG-10021 JST Nested Functions Import | • Fixed issue where JSTs with nested functions imported incorrectly • Resolved ID conflict handling during function flattening process • Ensured proper reference resolution when moving nested functions to root level |
| ENG-8392 Transformation Scoping | • Fixed incorrect scoping when creating transformations directly from child job task panel in unsaved workflows within projects • Resolved URL routing issue that caused loss of unsaved workflow changes • Ensured transformations are properly scoped to their containing project |
| ENG-6498 Transformation Comment Timestamps | • Fixed issue where comments on transformations displayed dates one month earlier than actual creation date • Corrected date formatting logic for transformation comment timestamps • Ensured accurate timestamp display for all transformation comments |
Security patches and vulnerability fixes protect your Itential Cloud deployment.
| Improvement | Description |
|---|---|
| ENG-17654 js-yaml Prototype Pollution | • Type: Prototype Pollution vulnerability • CVSS Score: 6.9 • Impact: Addressed vulnerability that could allow attackers to alter object prototypes through specially crafted YAML documents • Status: Resolved through dependency update |
| ENG-18115 Package Resource Allocation | • Type: Allocation of Resources Without Limits or Throttling • CVSS Score: 8.7 • Impact: Fixed vulnerability that could cause server memory exhaustion through bracket notation parameter abuse • Status: Resolved through dependency update |
| ENG-18428 Out-of-bounds Write Vulnerability | Updated gnupg2/gpgv package to resolve the CWE-787 Out-of-bounds Write vulnerability (CVSS Score: 7.0). |