Subscribe to our RSS feed or by email to receive automatic notifications when we ship new features and improvements.
Platform 2023.2.29 is a maintenance release containing enhancements, bug fixes, and security updates.
| Feature | Description |
|---|---|
| Inventory Manager to the Platform sidebar (ENG-18005) | Added Inventory Manager to the Platform sidebar navigation, making it accessible directly from the main Platform interface. |
| Feature | Description |
|---|---|
| Input parameter schema in the doProvision (ENG-18195) | Fixed: Input parameter schema in the doProvision workflow task now correctly defines the params property as an object instead of an array, resolving schema validation errors and task execution failures. |
| Integration deletion now works correctly. Resolved (ENG-16275) | Fixed: Integration deletion now works correctly. Resolved an issue where attempting to delete an integration caused the screen to go blank when the confirmation dialog appeared. |
| Updated Scheduler to use new task (ENG-11487) | Fixed: Updated Scheduler to use new task data references. The Scheduler now properly creates task documents with reference pointers to data collections, matching the updated task architecture implemented in 2023.2. |
| Job variables now display correctly in (ENG-4564) | Fixed: Job variables now display correctly in the job view UI. Resolved an issue where job variables appeared empty in the 2023.2 job view interface. |
| Feature | Description |
|---|---|
a security vulnerability in the qs (ENG-18115) | Resolved a security vulnerability in the qs package (CVE-2025-15284) within JST Designer. The vulnerability allowed attackers to bypass array limit protections and exhaust server memory through malicious HTTP requests containing excessive bracket notation parameters. Upgraded to patched version to enforce proper array limits and prevent denial-of-service attacks. For more information, see SNYK-JS-QS-14724253. |
a security vulnerability in the qs (ENG-18105) | Resolved a security vulnerability in the qs package (CVE-2025-15284) within Itential Platform core. The vulnerability allowed attackers to bypass array limit protections and exhaust server memory through malicious HTTP requests containing excessive bracket notation parameters. Upgraded to patched version to enforce proper array limits and prevent denial-of-service attacks. For more information, see SNYK-JS-QS-14724253. |
| Component | Version |
|---|---|
| adapter-automation_gateway | 4.31.4-2023.2.8 |
| adapter-azure_aaa | 1.7.5-2023.2.2 |
| adapter-email | 4.2.20-2023.2.0 |
| adapter-ldap | 2.14.3-2023.2.3 |
| adapter-local_aaa | 4.5.2-2023.2.0 |
| adapter-nso | 7.9.4-2023.2.20 |
| adapter-radius | 2.2.2-2023.2.0 |
| app-admin_essentials | 5.4.10-2023.2.25 |
| app-ag_manager | 1.20.3-2023.2.11 |
| app-automation_catalog | 2.13.7-2023.2.6 |
| app-automation_studio | 4.69.3-2023.2.247 |
| app-configuration_manager | 3.117.5-2023.2.32 |
| app-form_builder | 4.15.3-2023.2.8 |
| app-gateway_manager | 1.7.17 |
| app-json_forms | 1.42.3-2023.2.27 |
| app-jst | 1.15.11-2023.2.19 |
| app-lifecycle_manager | 1.38.4-2023.2.17 |
| app-mop | 6.21.1-2023.2.19 |
| app-nso_manager | 2.25.2-2023.2.5 |
| app-operations_manager | 1.215.10-2023.2.83 |
| app-service_catalog | 3.14.1-2023.2.3 |
| app-service_management | 3.0.2-2023.2.3 |
| app-template_builder | 2.9.1-2023.2.9 |
| app-workflow_builder | 5.55.2-2023.2.25 |
| app-workflow_engine | 11.9.6-2023.2.68 |
| database | 2.2.0 |
| iap-ui | 1.14.3-2023.2.12 |
| itential-utils | 3.3.7 |
| logger | 4.5.0 |
| network | 4.2.4 |
| pronghorn-core | 15.8.10-2023.2.113 |
| search | 1.3.3-2023.2.0 |
| service | 3.4.0 |
| tags | 3.2.2-2023.2.0 |