Release notes

Itential Platform 6 changelog

Subscribe to our RSS feed or by email to receive automatic notifications when new releases are published. Get notified when we ship new features and improvements.
September 5, 2025

6.0.8

Platform 6.0.8 is a maintenance release containing enhancements, bug fixes, and security updates.

FeatureDescription
PEM-encoded TLS cert support (ENG-12771)Added support for PEM-encoded TLS certs for Redis, MongoDB, CyberArk, and Express webserver.
LDAP adapter custom group login restriction (ENG-13638)Added LDAP adapter property to restrict login to custom groups.
FeatureDescription
Project homepage table scrolling (ENG-5029)Fixed table scrolling on the projects homepage.
Project template large output view (ENG-10276)Fixed an issue viewing templates with large outputs in projects.
Project asset move corruption fix (ENG-14157)Fixed an issue where moving assets between projects could make projects unusable.
SSO login NameID null handling (ENG-14293)Fixed a bug where logging into Itential through an SSO provider that fails to provide a NameID value would result in incorrect login behavior.
CyberArk CCP secrets provider health status (ENG-14423)The /health/status API now correctly identifies CyberArk CCP as the secrets provider.
SLA zero value jobSlaBreach event (ENG-14521)Fixed jobs where SLA set to 0 incorrectly triggered jobSlaBreach events.
FeatureDescription
DOMPurify security update (ENG-11630)Updated DOMPurify dependency to address a security vulnerability.
Config Manager XSS in SearchDialog export (ENG-13132)Fixed XSS vulnerability in Configuration Manager SearchDialog by adding a secure download function, sanitizing remote data, and using setAttribute for DOM manipulation. Applied fixes to all six export functions.
Config Manager XSS in SearchDialog export (ENG-13133)Fixed XSS vulnerability in Configuration Manager SearchDialog by adding a secure download function, sanitizing remote data, and using setAttribute for DOM manipulation. Applied fixes to all six export functions.
Config Manager XSS in export function (ENG-13141)Fixed XSS vulnerability in Configuration Manager SearchDialog by adding a secure download function, sanitizing remote data, and using setAttribute for DOM manipulation. Applied fixes to all six export functions.
Config Manager XSS in export function (ENG-13143)Fixed XSS vulnerability in Configuration Manager SearchDialog by adding a secure download function, sanitizing remote data, and using setAttribute for DOM manipulation. Applied fixes to all six export functions.
Config Manager XSS in export function (ENG-13144)Fixed XSS vulnerability in Configuration Manager SearchDialog by adding a secure download function, sanitizing remote data, and using setAttribute for DOM manipulation. Applied fixes to all six export functions.
Config Manager exportJson XSS fix (ENG-13161)Fixed XSS vulnerability in Configuration Manager exportJson function by adding filename sanitization and using setAttribute instead of direct property assignment.
Config Manager PageContainer XSS fix (ENG-13162)Fixed XSS vulnerability in Configuration Manager PageContainer by sanitizing backup names and replacing object spread with direct prop assignment.
ConfirmInstances instance name XSS fix (ENG-13163)Fixed XSS vulnerability in ConfirmInstances.jsx by sanitizing instance.name rendering to prevent script execution.
Config Manager ComplianceRunReports XSS fix (ENG-13164)Fixed XSS vulnerability in Configuration Manager ComplianceRunReports by using setAttribute and adding filename sanitization.
Config Manager SearchGCCard XSS fix (ENG-13165)Fixed XSS vulnerability in Configuration Manager SearchDialog/SearchGCCard by using setAttribute and adding filename sanitization.
Config Manager exportJson XSS fix (ENG-13166)Fixed XSS vulnerability in Configuration Manager exportJson function by adding filename sanitization and using setAttribute instead of direct property assignment.
Studio notifications DOM-based XSS fix (ENG-13167)Fixed DOM-based XSS vulnerability in Automation Studio notifications by implementing URL origin validation.
Lifecycle Manager ActionTable XSS fix (ENG-13168)Fixed DOM-based XSS vulnerability in Lifecycle Manager ActionTable through explicit prop assignment.
Config Manager SearchDeviceTemplatesCard XSS fix (ENG-13169)Fixed XSS vulnerability in Configuration Manager SearchDeviceTemplatesCard by using setAttribute and adding filename sanitization.
SearchBackupCard filename XSS fix (ENG-13170)Fixed XSS vulnerability in SearchBackupCard by sanitizing filenames in export functionality.
InstanceGroupsTable XSS fix (ENG-13172)Fixed XSS vulnerability in InstanceGroupsTable component by replacing spread operator with explicit prop assignments.
ComplianceReportingCard filename XSS fix (ENG-13173)Fixed XSS vulnerability in ComplianceReportingCard by sanitizing filenames in export functionality.
Config Manager exportJson XSS fix (ENG-13175)Fixed XSS vulnerability in Configuration Manager exportJson function by adding filename sanitization and using setAttribute instead of direct property assignment.
StaticGroups XSS fix (ENG-13178)Fixed XSS vulnerability in StaticGroups component by removing dangerous object spread pattern and implementing sanitization utilities.
SearchCompliancePlanCard XSS fix (ENG-13179)Fixed XSS vulnerability in SearchCompliancePlanCard by sanitizing filename input before DOM manipulation.
ChildActionTable XSS fix (ENG-13180)Fixed XSS vulnerability in ChildActionTable component by removing spread operator that allowed unsanitized input injection.
setTimeout state variable naming conflict (ENG-13181)Renamed setTimeout state variable to setTimeoutValue to avoid naming conflict with global setTimeout() function.
DuplicateProjectDialog open redirect fix (ENG-13188)Fixed open redirect vulnerability in Automation Studio DuplicateProjectDialog through MongoDB ObjectId validation.
Centralized sanitization methods (ENG-13949)Centralized sanitization methods to resolve multiple vulnerabilities.
passport-saml security update (ENG-13956)Updated @node-saml/passport-saml dependency to address a security vulnerability.
swagger-ui-react security update (ENG-14460)Updated swagger-ui-react dependency to address a security vulnerability.