Subscribe to our RSS Feed or by email to receive automatic notifications when new releases are published. Get notified when we ship new features and improvements.

Gateway 4.3.15

Itential Gateway 4.3.15 is a maintenance release containing bug fixes and security updates.

IssueDescription
Inventory list loading spinner stuck indefinitely (ENG-23915)Fixed an issue where the gRPC inventory list failed to populate in the UI, leaving the progress spinner running indefinitely. The fix resolves stuck loading spinners in useGRPC, useREST, useNetmiko, and useNetconf modes.
Nested groups displayed in main UI (ENG-11962)Fixed an issue where child groups appeared in the main UI, causing confusion with certain naming conventions. Child groups no longer display at the top level of the UI.
IssueDescription
Directory traversal vulnerability in fast-uri (ENG-23907)Resolved a directory traversal security vulnerability in the fast-uri package included in web-app/package.json.
ComponentVersion
automation_gateway4.3.74
maintenance-releasebug-fixsecuritygateway/4.3

Gateway 4.3.14

Gateway 4.3.14 is a maintenance release containing enhancements, bug fixes, and security updates.

FeatureDescription
LDAP group search parameter (ENG-21922)Added ldap_search_for_groups parameter for LDAP settings to improve LDAP login speed.
FeatureDescription
Blank gNMI set task thread hang (ENG-22591)Fixed an issue where executing a gNMI set task with an empty config caused threads to hang indefinitely. Gateway now returns a 200 response with a “nothing to do” message when update, replace, and delete are all absent or empty.
LDAP permission retention (ENG-19101)Fixed an issue where users logging in via LDAP retained group permissions from a previous session when the bind account lacked permission to search groups. Also fixed an unhandled error caused by LDAP user search filters referencing attributes not defined in the server’s schema.
FeatureDescription
Uncontrolled recursion (ENG-23053)Updated axios to resolve an uncontrolled recursion security vulnerability.
Unintended proxy behavior in axios (ENG-22709)Updated axios to resolve a security vulnerability related to unintended proxy behavior.
Sensitive information exposure (ENG-22696)Updated follow-redirect to resolve a security vulnerability related to improper removal of sensitive information before storage or transfer.
Arbitrary code injection in lodash (ENG-22383, ENG-22382)Updated lodash-related packages to resolve arbitrary code injection security vulnerabilities.
ComponentVersion
automation_gateway4.3.71
maintenance-releaseenhancementbug-fixsecuritygateway/4.3

Gateway 4.3.13

Gateway 4.3.13 is a maintenance release containing bug fixes and security updates.

IssueDescription
Updated ruamel package for HSBC compliance (ENG-21356)Bumped the ruamel package to version 0.17.22 to align with HSBC compliance requirements.
IssueDescription
Updated brace-expansion to resolve infinite loop vulnerability (ENG-22127)Updated brace-expansion to versions 1.1.13 and 2.0.3 to resolve a Snyk-reported infinite loop vulnerability.
Updated ajv to resolve ReDoS vulnerability (ENG-21851)Bumped ajv to version 8.18.0 to resolve a Regular Expression Denial of Service (ReDoS) vulnerability.
Updated swagger-ui-react to resolve XSS and prototype pollution vulnerabilities (ENG-20690, ENG-21007, ENG-17041)Bumped swagger-ui-react to version 5.32.1 to resolve Cross-site Scripting (XSS) and Prototype Pollution vulnerabilities in the dompurify and js-yaml dependencies.
Updated protobuf to resolve uncontrolled recursion vulnerability (ENG-18673)Resolved a high-severity vulnerability (CVE-2026-0994) in the protobuf package where deeply nested google.protobuf.Any messages could bypass the max_recursion_depth limit and trigger a RecursionError.
ComponentVersion
automation_gateway4.3.64
maintenance-releasebug-fixsecuritygateway/4.3

Gateway 4.3.12

Gateway 4.3.12 is a maintenance release containing enhancements, bug fixes, and security updates.

FeatureDescription
Configurable caching system (ENG-11821)Added functionality to enable or disable the caching system with a configurable caching directory when enabled.
IssueDescription
LDAP username case sensitivity (ENG-9584)Fixed authorization issue where LDAP usernames containing uppercase characters caused all Gateway modules to appear inaccessible by converting usernames to lowercase.
Ansible implicit localhost execution (ENG-9905)Fixed playbook execution to properly fall back to implicit localhost when no inventory is specified.
Device group cleanup on deletion (ENG-10212)Enhanced device deletion logic to ensure devices are removed from all associated groups upon deletion, preventing errors when executing roles through those groups.
Recursive group relationships and deletion validation (ENG-14249)Enhanced group management to prevent recursive group relationships and added validation to block deletion of groups containing child groups or devices.
Large Ansible playbook log handling (ENG-15049)Improved handling of large Ansible playbook logs by implementing proper response size calculation, correcting max size thresholds, and adding enhanced error handling to prevent UI crashes.
Device and group display performance (ENG-15984)Improved UI performance by adding pagination to device and group displays with a “Load more” button, and implemented infinite scrolling for dropdown menus in the execute tab.
IOS-XR device information retrieval (ENG-17173)Refactored the itential_get_info role to resolve type mismatch issues when running against IOS-XR devices.
LDAP authentication performance (ENG-17936)Improved LDAP authentication performance by optimizing group name lookup mechanism using a predefined LDAP Manager API, significantly reducing authentication delays from 90 seconds.
HTTPS client certificate authentication (ENG-19033)Fixed HTTPS client certificate authentication prompt by restoring original behavior and setting verify_mode to None by default when a certificate bundle is configured.
IssueDescription
Encrypted LDAP password storage (ENG-11716)LDAP bind passwords are now stored encrypted in the database instead of clear text.
Uncontrolled recursion vulnerability (ENG-18673)Resolved uncontrolled recursion vulnerability in dependencies.
Prototype pollution vulnerability (ENG-19184)Addressed prototype pollution vulnerability.
Regular expression denial of service (ReDoS) vulnerability (ENG-19400)Fixed regular expression denial of service (ReDoS) vulnerability.
Version rollback for stability (ENG-20497)Reverted Gateway version from 4.4.11 back to 4.3.56 to address stability concerns.
ComponentVersion
automation_gateway4.3.58
maintenance-releasebug-fixsecuritygateway/4.3

Gateway 4.3.11

Gateway 4.3.11 is a maintenance release containing enhancements, bug fixes, and security updates.

FeatureDescription
Logging (ENG-16844)Enhanced logging capabilities in Itential Gateway.
FeatureDescription
Patch version (ENG-17806)Updated patch version for Automation Gateway.
ComponentVersion
automation_gateway4.3.56
maintenance-releasebug-fixgateway/4.3

Gateway 2023.2.21

Gateway 2023.2.21 is a maintenance release containing bug fixes.

FeatureDescription
Read-only access to scripts and modules (ENG-10553)Fixed an issue where users could not view scripts, playbooks, roles, and other modules when write permissions were removed. The parameter panel component has been refactored to ensure proper visibility with read-only access.
Cache deletion and schema edit persistence (ENG-15530)Fixed multiple cache-related issues: modules, playbooks, and other resources now persist in the UI after cache file deletion; schema edits are immediately reflected in the UI; and manual modifications to modules and playbooks are properly detected and displayed after refresh.
ComponentVersion
automation_gateway2023.2.85
maintenance-releasebug-fixgateway/2023.2

Gateway 2023.3.14

Gateway 2023.3.14 is a maintenance release containing bug fixes for permissions and cache-related issues.

FeatureDescription
Read-only access to scripts and modules (ENG-10553)Fixed an issue where users could not view scripts, playbooks, roles, and other modules when write permissions were removed. The parameter panel component has been refactored to ensure proper visibility with read-only access.
Cache deletion and schema sync issues (ENG-15530)Fixed multiple cache-related issues: modules, playbooks, and other resources now persist in the UI after cache file deletion; schema edits are immediately reflected in the UI; and manual modifications to modules and playbooks are properly detected and displayed after refresh.
ComponentVersion
automation_gateway2023.3.49
maintenance-releasebug-fixgateway/2023.3

Gateway 4.3.10

Gateway 4.3.10 is a maintenance release containing enhancements, bug fixes, and security updates.

FeatureDescription
TLS 1.2 and 1.3 version configuration (ENG-16184)Added support for TLS 1.2 and 1.3 configuration. Deprecated parameters have been removed and replaced with new parameters that allow you to specify the exact TLS version.
FeatureDescription
Read-only access visibility for scripts, playbooks, and modules (ENG-10553)Fixed an issue where users could not view scripts, playbooks, roles, and other modules when write permissions were removed. The parameter panel component has been refactored to ensure proper visibility with read-only access.
Cache-related UI persistence and refresh issues (ENG-15530)Fixed multiple cache-related issues: modules, playbooks, and other resources now persist in the UI after cache file deletion, schema edits are immediately reflected in the UI, and manual modifications to modules and playbooks are properly detected and displayed after refresh.
FeatureDescription
Cookie secure attribute in response headers (ENG-14644)Enhanced cookie security by setting the secure attribute in response headers when setting cookies on the client side.
axios resource allocation vulnerability (ENG-15288)Upgraded axios to version 1.12.0 to address resource allocation vulnerabilities.
ComponentVersion
automation_gateway4.3.55
maintenance-releasebug-fixsecuritygateway/4.3

Gateway 2023.2.20

Gateway 2023.2.20 is a maintenance release containing performance improvements.

FeatureDescription
Updated recommended http_server_threads value (ENG-14985)Based on performance testing, the recommended http_server_threads value in properties.yml has been updated from 2-4 × NUM_CORES to 4 × NUM_CORES.
ComponentVersion
automation_gateway4.0.0+2023.2.82
maintenance-releasegateway/2023.2

Gateway 2023.3.13

Gateway 2023.3.13 is a maintenance release containing performance enhancements.

FeatureDescription
Updated recommended http_server_threads value (ENG-14985)Based on performance testing, the recommended http_server_threads value in properties.yml has been updated from 2–4 × NUM_CORES to 4 × NUM_CORES.
ComponentVersion
automation_gateway2023.3.46
maintenance-releasegateway/2023.3

Gateway 4.3.9

Gateway 4.3.9 is a maintenance release containing enhancements to improve the user experience in Gateway.

FeatureDescription
http_server_threads recommended value update (ENG-14985)Based on performance testing, the recommended http_server_threads value in properties.yml has been updated from 2-4 × NUM_CORES to 4 × NUM_CORES.
ComponentVersion
automation_gateway4.3.48
maintenance-releasegateway/4.3

Gateway 4.3.8

Gateway 4.3.8 is a maintenance release containing bug fixes and security updates.

FeatureDescription
Queue Item Not Found errors with throttle enabled (ENG-11882)Fixed “Queue Item Not Found” errors when throttle is enabled on the Automation Gateway Adapter by resolving queue management issues during throttling operations.
Adapter crashes with large responses (ENG-14572)Fixed Gateway adapter crashes when processing large responses or large batches of smaller responses. The adapter now handles high-volume data without requiring manual restarts.
FeatureDescription
prismjs vulnerability via swagger-ui-react and react-syntax-highlighter (ENG-12230)Upgraded swagger-ui-react and react-syntax-highlighter to address a prismjs vulnerability, improving security and stability.
form-data predictable value range vulnerability (ENG-14587)Updated form-data to v4.0.4 to fix a predictable value range issue from previous values.
ComponentVersion
automation_gateway4.3.47
maintenance-releasebug-fixsecuritygateway/4.3

Gateway 4.3.7

Gateway 4.3.7 is a maintenance release containing bug fixes.

FeatureDescription
Device search dropdown disappearing (ENG-12396)Fixed an issue where the search dropdown menu in device search disappeared briefly after appearing.
Ansible Collections tab performance and DB locking (ENG-13026)Resolved an issue where navigating to or refreshing the Ansible Collections tab with a large number of collections caused loading delays, and performing other database operations during that time occasionally resulted in a “DB is locked” error. Refactored the loaders and useAnsible components to enhance performance and minimize unnecessary database access.
Over-broad deserialization in Gateway config model (ENG-13524)Fixed over-broad deserialization in the Gateway config model by restricting deserialization to correct keys, resolving errors that occurred on certain execution paths in customer environments.
ComponentVersion
automation_gateway4.3.38
maintenance-releasebug-fixgateway/4.3

Gateway 2023.2.19

Gateway 2023.2.19 is a maintenance release containing bug fixes reported to Itential Product Support.

FeatureDescription
Search dropdown flicker in device search (ENG-12396)Fixed an issue where the search dropdown menu in device search disappears briefly after appearing.
Ansible collections tab performance (ENG-13026)Refactored the loaders and useAnsible components to reduce unnecessary database access, fixing delays and occasional “DB is locked” errors when navigating to or refreshing the Ansible → Collections tab with a large number of collections.
Config model deserialization restriction (ENG-13524)Fixed over-broad deserialization in the Gateway config model by restricting deserialization to correct keys, resolving errors on certain execution paths in customer environments.
ComponentVersion
automation_gateway4.0.0+2023.2.81
maintenance-releasebug-fixgateway/2023.2

Gateway 2023.3.12

Gateway 2023.3.12 is a maintenance release containing bug fixes.

FeatureDescription
Search dropdown disappears briefly (ENG-12396)Fixed an issue where the search dropdown menu in device search disappears briefly after appearing.
Ansible collections tab loading delay (ENG-13026)Fixed a delay when navigating to or refreshing the Ansible → Collections tab with a large number of collections, which occasionally caused a “DB is locked” error. Refactored the loaders and useAnsible components to improve performance and reduce unnecessary database access.
Over-broad Gateway config deserialization (ENG-13524)Fixed over-broad deserialization in the Gateway config model by restricting deserialization to the correct keys, resolving errors on certain execution paths in customer environments.
ComponentVersion
automation_gateway4.2.22+2023.3.45
maintenance-releasebug-fixgateway/2023.3

Gateway 2023.2.18

Gateway 2023.2.18 is a maintenance release containing bug fixes and security updates.

FeatureDescription
Broken pylibssh install in Alpine container (ENG-11878)Fixed a warning about a broken pylibssh install when running Ansible playbooks in a container. Modified the container so that ansible-pylibssh can be imported correctly into the Alpine container environment.
FeatureDescription
werkzeug RCE vulnerability remediation (ENG-11012)Upgraded werkzeug to 3.0.3 or higher to resolve a Remote Code Execution (RCE) vulnerability identified in affected versions of the package dependency during security scans.
ComponentVersion
automation_gateway4.0.0+2023.2.78
maintenance-releasebug-fixsecuritygateway/2023.2

Gateway 2023.3.11

Gateway 2023.3.11 is a maintenance release containing bug fixes and security updates.

FeatureDescription
Broken pylibssh warning in Alpine container (ENG-11878)Fixed an issue where running an Ansible playbook in a container displayed a warning about a broken pylibssh install. Modified the container so that ansible-pylibssh imports correctly into the Alpine container environment.
FeatureDescription
werkzeug RCE vulnerability remediation (ENG-11012)Upgraded werkzeug to 3.0.3 or higher to resolve a Remote Code Execution (RCE) vulnerability identified in affected versions during security scans.
ComponentVersion
automation_gateway4.2.22+2023.3.42
maintenance-releasebug-fixsecuritygateway/2023.3

Gateway 4.3.6

Gateway 4.3.6 is a maintenance release containing bug fixes and security updates.

FeatureDescription
ansible-pylibssh import in Alpine container (ENG-11878)Fixed an issue where running an Ansible playbook in a container displayed a warning about a broken pylibssh install. Modified the container so that ansible-pylibssh can be imported correctly into the Alpine container environment.
FeatureDescription
werkzeug Remote Code Execution vulnerability (ENG-11012)Upgraded werkzeug to version 3.0.3 or higher to resolve a Remote Code Execution (RCE) vulnerability.
ComponentVersion
automation_gateway4.3.34
maintenance-releasebug-fixsecuritygateway/4.3

Gateway 2023.2.17

Gateway 2023.2.17 is a maintenance release containing bug fixes.

FeatureDescription
Stuck HTTP connections causing unresponsiveness (ENG-9568)Fixed an issue where HTTP connections could become stuck, causing the system to become unresponsive. Connections are now properly closed even if errors occur.
Inventory playbook targets only the specified device (ENG-11646)Improved performance of the get_inventory function in groups.py by ensuring playbooks only process the target device, rather than iterating over all devices in a group.
Restored jmespath package dependency (ENG-11657)Resolved an issue where customers needed to manually install the jmespath package for json_query functionality. The jmespath package has been restored to the Python dependency file.
ComponentVersion
automation_gateway4.0.0+2023.2.76
maintenance-releasebug-fixgateway/2023.2

Gateway 2023.3.10

Gateway 2023.3.10 is a maintenance release containing bug fixes.

FeatureDescription
Stuck HTTP connections causing unresponsiveness (ENG-9568)Fixed an issue where HTTP connections could become stuck, causing the system to become unresponsive. Connections are now properly closed even if errors occur.
Inventory fetch targets only specified device (ENG-11646)Improved performance of the get_inventory function in groups.py by ensuring playbooks only process the target device, rather than iterating over all devices in a group.
Restored jmespath package for json_query (ENG-11657)Resolved an issue where customers needed to manually install the jmespath package for json_query functionality. The jmespath package has been restored to the Python dependency file.
ComponentVersion
automation_gateway4.2.22+2023.3.40
maintenance-releasebug-fixgateway/2023.3