Automation Suite
2023.10
false
  • Automation Suite on Linux Release Notes
    • 2023.10.0
    • 2023.10.1
    • 2023.10.2
  • Automation Suite on EKS/AKS Release Notes
    • 2023.10.0
    • 2023.10.1
    • 2023.10.2
Banner background image
Automation Suite Release Notes
Last updated Feb 28, 2024

2023.10.0

Release date: November 22, 2023

New UiPath.OrganizationMigrationApp version released

We have released a new version of UiPath.OrganizationMigrationApp, the tool helping you migrate from a standalone product to Automation Suite. The new version of the tool now enables you to migrate to Automation Suite 2023.10.0.

Release date: November 3, 2023

What's new

Migration from Automation Suite on Linux to Automation Suite on EKS/AKS

If you are already using Automation Suite on Linux, but you now think that Automation Suite on EKS/AKS would better cater to your needs, we have good news for you. Migrating to a new installation of Automation Suite on EKS/AKS is now possible.

Note that currently you cannot migrate from Automation Suite embedded to an existing installation of Automation Suite on EKS/AKS.

For details on the requirements, required data migration operations, and step-by-step instructions, see Migrating from Automation Suite on Linux to Automation Suite on EKS/AKS.

Support for offline installations

We are happy to announce that you can install Automation Suite on EKS/AKS in offline environments. That means that you can completely isolate your setup, and no internet access is needed to perform an installation.

While most of the installation flow is the same as the one for online deployments, there is one additional requirement that you must meet to carry out an offline installation. You need an OCI-compliant registry to store all the container images and binaries of the UiPath products.

For detailed installation instructions, see Installing Automation Suite on EKS/AKS.

For details on the deployment types and architecture, see Deployment scenarios.

Support for enabling FIPS 140-2 on AKS nodes

If you must comply with the Federal Information Processing Standard 140-2 (FIPS 140-2), we are happy to announce that you can now install Automation Suite on AKS nodes with FIPS 140-2 enabled.

We have prepared a set of instructions for you to easily enable FIPS 140-2 on the Security and compliance page.

Enhanced features for external Docker registry

We have made substantial enhancements to the external Docker registry. You can now benefit from these new functionalities:

  • Your external Docker registry can be equipped with its private certificate, giving you an additional layer of security.

  • In addition to the usage of a mirror registry script, which requires internet access to copy the Automation Suite artifacts, we now support the hydrate-registry.sh script. This script will take an offline tar bundle, unpack it, and upload its content directly to the external Docker registry, providing more flexibility and options for managing your registry.

Objectstore access without pre-signed URLs

You can configure your external objectstore in a way that does not allow access via pre-signed URLs. To do that, you just need to set the external_object_storage.disable_pre_signed_url flag to true in the input.json file during installation. Note that changing the value of this flag at a later point is not possible.

Before disabling pre-signed URL access, take into account that this is a global configuration, and you cannot override it at the product level. Aside from that, Task Mining and a series of activities do not support this configuration.

For more details, see External object store configuration.

Bring your own Istio

You can now choose who provisions and manages the Istio component. While previously it was us that bundled Istio in Automation Suite, you can now bring the component yourself. If you choose the latter, you are responsible for ensuring the Istio component is supported. For details, see the Compatibility matrix.

Custom namespace labels

You can now define your own labels in the namespace created by the uipathctl installer. For configuration instructions, see Configuring input.json.

Custom taints and tolerations

We now support custom taints and tolerations on the cluster nodes in Automation Suite on EKS/AKS. For configuration instructions, see Configuring input.json.

New requirements for running prerequisite and health checks/tests

The prerequisite and health checks/tests run in the uipath-check namespace. You must either allow the creation of the uipath-check namespace or create it yourself before running the checks/tests. In addition to this, some checks/tests require that you allow the communication between the uipath-check and uipath namespaces, or that you enable the use of hostNetwork.

IMDSv2 support

We now support IMDSv2 for connecting with the AWS S3 using the instance profile.

Custom attribute mapping for AAD

While our existing AAD integration offers automatic attribute mapping, this release introduces the ability for organizations to use custom attribute mappings.

We're launching with custom mapping support for the Business unit attribute which allows you to map attributes like organization divisions with the Business Unit field in the UiPath platform. This mapping can enhance the contextual understanding of users in your organization and can help integrate user identities with services such as Automation Hub.

You can map the Business unit attribute based on Azure AD attributes or via SAML.

Licensing news

Audit log messages change

The audit data message displayed when a user is removed by an administrator, and their licenses are consequently deallocated, has been improved for clarity. You can now expect to see this in such cases: User <administrator_name> deallocated all licenses of user(s) <user_names>.

AI Units allocation

AI units can now also be allocated at the tenant level. This is done from the license allocation window corresponding to the desired tenant in the Admin section.

License allocation endpoints

Two new endpoints are available for allocating licenses from the API:

  • GET/api​/account​/{accountId}​/user-license​/group​/{groupId} - call this endpoint to retrieve a list of all available user licenses for creating or editing a group.
  • You need View permission on License to use this endpoint.
  • PUT/api/account/{accountId}/user-license/group/{groupId} - call this endpoint to allocate or update a group rule.
  • You need Write permission on License to use this endpoint.

Introducing the Citizen Developers user group

We're excited to announce the latest enhancement to our platform's access control capabilities — the introduction of a new user group: Citizen Developers. This new group is defined at the organization level and will be seamlessly integrated across all services within the platform.

With the Citizen Developers group, citizen developers can access resources pertinent to their work without any unnecessary access clutter, leading to reduced overhead for your administrators.

To learn more about how the user group is integrated into the various services within the platform, refer to the product documentation.

Improvements

Improved troubleshooting experience

We have introduced a new CLI tool helping you troubleshoot and debug Automation Suite. The new tool is called uipathtools and contains a subset of uipathctl capabilities specific to health commands. To make sure you have access to mitigation steps in a timely manner, we plan to provide updates to uipathtools at a higher cadence than our standard releases.

uipathctl certification

The uipathctl binaries for Windows and MacOS are now signed with the uipath.com certificate, and no warning is shown when running them.

Prerequisites and health check enhancements

We have made significant improvements in the area of prerequisites and health checks. These enhancements are designed to make your experience smoother and more efficient. Here's what's new:

  • Improved Storage Class prerequisite: The StorageClass prerequisite, which previously took a considerable amount of time, has been significantly optimized. You will now experience faster execution, reducing setup time for your deployments.

  • Streamlined tests and checks: All tests and checks have been consolidated into the "uipath-check" namespace, providing a more organized and efficient testing environment.

  • Enhanced post-test handling: Following test execution, the namespace and pods may remain active for a brief period. This is done to ensure you have ample time to review logs in case of any failures, enabling more effective troubleshooting.

  • New Kube-API connectivity check: We have introduced a new check to verify kube-api connectivity from every node, enhancing the reliability of your environment. We have introduced a check that verifies continuous connectivity for 15 seconds by retrieving server version from the kube-api server from each node.

  • Improved capacity checks: Capacity checks have been optimized to provide a more accurate representation of your cluster's capacity by disregarding pending pods when calculating pod limits. This ensures that the reported capacity aligns with your actual operational resources.

Admin bug fixes

  • Automation Express licenses were available for allocation in on-premises deployments, despite them being solely intended for cloud environments. The issue is now fixed.

  • Data Service units were not granted to organizations that had Action Center - Named User licenses. The issue is now fixed.

  • When you deleted an organization, its licenses were not released. Now, any licenses allocated to an organization go back to the license pool once the organization is deleted.

  • The minLevel NLog setting in the config map was not being honored. The default minLevel is "Info" indicating that logs of "Info" severity and above should have been logged. However, the minLevel was not being considered, and logs with lower severity levels, specifically "Trace" and "Debug," were also being written to the logs.
  • Previously, there was an issue where well-known SIDs were inadvertently included when retrieving security groups, leading to unexpected behavior. Well-known SIDs are no longer included when fetching security groups, ensuring smoother and more predictable functionality.

  • After upgrading to version 2022.10.1 or later, logging into the host tenant, then logging out, and subsequently switching to a different tenant resulted in redirection back to the previous log-out location instead of the selected tenant. Now, after logging out and switching tenants, you will be correctly redirected to the selected tenant's page instead of the previous log-out location.

Known issues

Issues affecting log forwarding to government cloud storage

Erratum December 19, 2023: You cannot forward Fluentd and Fluent Bit logs to Azure and AWS government cloud storage.

We recommend using Splunk and forwarding application logs there.

Task Mining and Automation Suite Robots in degraded state after restore from a backup

Occasionally, performing a restore operation in Automation Suite on AKS might cause Task Mining and Automation Suite Robots applications to go in degraded state with the following error:

Warning  FailedAttachVolume  106s (x30 over 46m)  attachdetach-controller  AttachVolume.Attach failed for volume "pvc-358781ec-d9be-4b54-9099-4a44bdc59294" : rpc error: code = NotFound desc = Volume not found, failed with error: Retriable: false, RetryAfter: 0s, HTTPStatusCode: 403, RawError: {"error":{"code":"AuthorizationFailed","message":"The client '29683acd-8bb9-4041-a725-5afc5804535c' with object id '29683acd-8bb9-4041-a725-5afc5804535c' does not have authorization to perform action 'Microsoft.Compute/disks/read' over scope '/subscriptions/b65b0225-ce9b-4a79-9dd9-c00071d40d64/resourceGroups/MC_ci-asaks4489877_ci-asaks4489877_centralus/providers/Microsoft.Compute/disks/restore-755f25c3-ddf0-4d7f-b81c-5379ec6b4720' or the scope is invalid. If access was recently granted, please refresh your credentials."}}  Warning  FailedAttachVolume  106s (x30 over 46m)  attachdetach-controller  AttachVolume.Attach failed for volume "pvc-358781ec-d9be-4b54-9099-4a44bdc59294" : rpc error: code = NotFound desc = Volume not found, failed with error: Retriable: false, RetryAfter: 0s, HTTPStatusCode: 403, RawError: {"error":{"code":"AuthorizationFailed","message":"The client '29683acd-8bb9-4041-a725-5afc5804535c' with object id '29683acd-8bb9-4041-a725-5afc5804535c' does not have authorization to perform action 'Microsoft.Compute/disks/read' over scope '/subscriptions/b65b0225-ce9b-4a79-9dd9-c00071d40d64/resourceGroups/MC_ci-asaks4489877_ci-asaks4489877_centralus/providers/Microsoft.Compute/disks/restore-755f25c3-ddf0-4d7f-b81c-5379ec6b4720' or the scope is invalid. If access was recently granted, please refresh your credentials."}}

To fix the issue, provide the mentioned client the necessary permissions to access your environment.

After Disaster Recovery Dapr is not working properly for Process Mining and Task Mining

After a Disaster Recovery, Dapr is not restored properly, and the certificates needed by dapr to provide services for Process Mining and Task Mining are incorrect. The dapr, processmining, and taskmining applications appear to be healthy first, but will then go back to progressing state and the environment becomes unstable. When logging in to Process Mining or Task Mining, the application may not load, or return unexpected errors.

See Process Mining troubleshooting for a description of the steps you should take to resolve the issue.

Document Understanding Out of the Box Packages versions missing

In certain situations, the Out of the Box Packages installer can fail. If this happens, some ML Package versions will be missing in Document Understanding. To fix this, you can either trigger the ArgoCD sync, or wait until the ArgoCD sync triggers the installer automatically to reinstall the packages.

Character not allowed when setting connection string for Document Understanding

When setting the connection strings manually in the configuration file, Document Understanding database passwords cannot start with { for PYODBC.

Unable to launch Automation Hub and Apps with proxy setup

If you are using a proxy setup, you may run into issues when trying to launch Automation Hub and Apps.

See Automation Suite on EKS/AKS troubleshooting for a description of the steps you should take to resolve the issue.

AI Center provisioning failure after upgrading to 2023.10

When upgrading from 2023.4.3 to 2023.10, you run into issues with provisioning AI Center.

The system shows the following exception, and the tenant creation fails: "exception":"sun.security.pkcs11.wrapper.PKCS11Exception: CKR_KEY_SIZE_RANGE
To resolve this issue, you need to perform a rollout restart of the ai-trainer deployment. To do this, run the following command:
kubectl -n uipath rollout restart deploy ai-trainer-deploymentkubectl -n uipath rollout restart deploy ai-trainer-deployment

Deprecation timeline

We recommend that you regularly check the deprecation timeline for any updates regarding features that will be deprecated and removed.

Bundling details

Product versions

To find out what has changed on each Automation Suite product, visit the following links.

If the product is greyed out, this new Automation Suite version does not bring any changes to it.

Internal third-party component versions

Component

Version

Istio

1.18.0
ArgoCDv2.7.7
Prometheusv2.42.0
Grafana10.1.1
Fluentd & Fluent-bit

logging-operator : 4.1.0

logging-operator-logging : 4.1.0

Gatekeeper3.12.0
Cert-Managerv1.12.3
Velero3.1.6

Was this page helpful?

Get The Help You Need
Learning RPA - Automation Courses
UiPath Community Forum
Uipath Logo White
Trust and Security
© 2005-2024 UiPath. All rights reserved.