automation-suite
2024.10
true
  • Automation Suite on Linux Release Notes
    • 2024.10.0
  • Automation Suite on EKS/AKS Release Notes
    • 2024.10.0
  • Automation Suite on OpenShift release notes
UiPath logo, featuring letters U and I in white

Automation Suite Release Notes

Last updated Nov 26, 2024

2024.10.0

Release date: November 11, 2024

What's new

Document Understanding modern projects onboarded to Automation Suite

We are happy to announce the addition of Document Understanding modern projects to our Automation Suite product portfolio. This expansion aligns with our aim to maintain parity with the functionalities offered via Automation Cloud.

If you plan to enable Document Understanding modern projects, make sure to check out the cross-product dependencies and that you meet all the prerequisites. Note that Document Understanding modern projects require additional resources, so make sure to take that into account when enabling this product.

All the details about the installation and configuration of these newly onboarded products are available in the Automation Suite on Linux Installation Guide. For details on how make the most out of the functionality of these products, refer to Document Understanding Modern Projects User Guide.

Introducing lite mode

In an attempt to make your start with Automation Suite easier and cost-effective, we are now introducing the lite mode. With it, you can start with fewer infrastructure requirements and when ready, transition to high availability for specific services.

By default, in lite mode, all services are non-high availability to save resources. However, if you want to enable high availability for certain services, you can do it by configuring the profile parameter in the cluster_config.json file or through the use of our interactive installer.

A key benefit of lite mode is its resource efficiency. It offers full functionality without the need for high availability across all services. Consequently, the lite profile needs fewer resources, a value-added feature for infra-budget-conscious organizations.

Notably, lite mode is not just for small-scale operations. This mode is designed with scalability in mind, so as your needs grow, lite mode grows with you.

Lite mode is versatile, accommodating a wide array of scenarios, such as the following:

  • You plan to explore the Automation Suite functionality without a significant infrastructural commitment.

  • You start with a minimal setup but want the flexibility and ease of scaling up as the need arises.

  • You aim to manage infrastructure cost by customizing the availability of services to your unique needs.

  • You aim at smaller-scale use cases and prefer a system that operates efficiently with non-high availability services.

Unifying command line operations with uipathctl

We are thrilled to share that uipathctl extends its role in Automation Suite, as part of our initiative to unify our CLI tools. uipathctl heads toward becoming a stronger and a more convenient single entry point for all your tasks within Automation Suite.

This streamlines your installation and configuration of Automation Suite and creates a more integrated experience.

As a result, uipathctl replaces the following scripts and assimilates their functionalities:
  • install-uipath.sh, previously used to install and customize Automation Suite .
  • configureUiPathAS.sh, previously used to perform operations within the Automation Suite cluster, such as the certificate management, as well as the configuration of objectstore, registry, and monitoring tools.
  • configureUiPathDisks.sh, previously used to configure disks and mounting points for your new Automation Suite cluster, as well as resize data disks post-installation.
  • validateUiPathReadiness.sh, previously used to validate and install the RPM packages and to validate the prerequisite checks required when installing Automation Suite.
  • orchestrator_configurator.sh, previously used to configure files and settings within the Orchestrator deployment in Automation Suite, such as adding storage files, credential store plugins, NLog extensions, and changing appSettings.

We look forward to sharing further enhancements with you.

For more details on the commands you can run, see uipathctl.

RHEL supported versions

Erratum - added November 21, 2024: We have expanded our OS support to include RHEL 8.8, 8.9, 8.10, 9.2, and 9.4 versions.

Red Hat no longer supports RHEL 8.6. As a result, we have removed it from the list of compatible RHEL versions.

AWS Signature Version 4 support

Automation Suite now uses AWS Signature Version 4 for all S3 API requests. This impacts the use of Automation Suite with S3 servers that do not support AWS Signature Version 4.

SSE-KMS support

Automation Suite now supports server-side encryption with Key Management Service (SSE-KMS) on AWS S3 buckets.

For more information on SSE-KMS, see the AWS documentation.

Support for TLS 1.3

We now support Transport Layer Security (TLS) 1.3. This new TLS version brings several key improvements, being more secure than its predecessor, TLS 1.2, and offering speedier connections and improved performance.

For details on how to upgrade from TLS 1.2 to TLS 1.3, refer to How to address weak ciphers in TLS 1.2.

Support for external registries that require projects

We are happy to announce that Automation Suite now supports Harbor and other external registries that require you to create a project before pushing or pulling images from the registry.

New prerequisite checks

We have added more prerequisite checks to optimize the overall experience of installing and configuring Automation Suite and to catch missing requirements earlier. Here are some highlights:

  • Automation Suite now checks if the external objectstore supports POST requests to buckets via pre-signed URLs. Document Understanding requires POST request support to download files from the buckets.

  • We have introduced a new prerequisite check for configurations using a single node RKE2 with in-cluster storage. An additional disk of a minimum 512GB is now required to store Ceph data backups. To partition the disk for Ceph, you must use the following command:

    ./bin/uipathctl rke2 disk --backup-disk-name <disk-name>./bin/uipathctl rke2 disk --backup-disk-name <disk-name>
  • A new prerequisite check validates that you have enough disk space to enable Document Understanding modern projects. This check verifies disk space availability on the /datadisk/registry and /var/lib/rancher disks.

Instance Metadata Service Version 2 support

We now support Instance Metadata Service Version 2 (IMDSv2) in high-availability deployments for AWS. For more information on IMDSv2, see the AWS documentation.

Apps subdomain requirement

To take full advantage of the features that Apps offers, you now must provide a unique subdomain with a Fully Qualified Domain Name (FQDN). You must make the following changes:

  • Update your certificate with a Subject Alternative Name (SAN) entry for Apps. Details...

  • Adjust your DNS server to accommodate the new Apps subdomain. Details...

Automatic rotation for identity token-signing certificates

Automation Suite 2024.10 introduces automatic identity token-signing certificate rotation. This feature automates the lifecycle of your signing keys, offering enhanced security and reducing the need for manual certificate management.

If you're deploying Automation Suite 2024.10 for the first time, this feature is enabled by default. The option for manual management of signing certificates remains available, and those who prefer manual control or have specific operational requirements can disable automatic certificate rotation.

For users upgrading to 2024.10 from an older version, automatic management is disabled by default but can be enabled if desired.

For details on how to enable or disable automatic certificate rotation, see Automatic certificate rotation in the Automation Suite on Linux documentation, or Automatic certificate rotation in the Automation Suite on AKS/EKS documentation.

Licensing news

New consumables monitoring option

You can now monitor license allocation in a more granular fashion, with the help of the new Consumables tab. It is available in the administration section, at the organization and the tenant level, and it breaks down the allocation and the usage of licensed consumption units, such as AI Units, Robot Units, and API calls.

Introducing SAP Transport Units

A new type of service consumption unit, named SAP Transport Units, is now available. It is used to license the SAP Change Impact Analysis feature within Test Manager.

Changes to license-related tenant limitations

If you have a license that includes any of the following services, you will be happy to know that they can now be enabled on an unlimited number of tenants:
  • Automation Hub
  • Process Mining
  • Test Manager
  • Insights

Removing the license overallocation banner

Up until now, when the number of licenses allocated to your services exceeded the number of licenses available for your organization, a warning banner was displayed. However, it did not provide any clear overallocation information, nor did it offer action items for solving the issue.

As such, in an effort to enhance user experience and eliminate any distractions, we have decided to remove it. You can still find all relevant details by checking the allocation drawer.

Licensing Process Mining through AI units

Process Mining is now licensed through AI units, just like several of our AI products.

For details on consumption, see the License page in the Process Mining guide.

Deprecating license activation from the host portal

We are striving to better support the ever evolving commercial offering of the UiPath® platform, and, as part of that, we are deprecating the option to activate licenses from the host portal. To help ease the transition, we have added a warning banner notifying administrators of the deprecation, and providing best practices for license activation.

Please rest assured that this in no way affects the functionality, and that you can still activate licenses from the host portal until the feature is removed.

Personal access tokens (PATs)

We are excited to introduce personal access tokens (PATs). PATs provide developers with an efficient and secure method to obtain tokens with user-scoped access. PATs can limit risk when working with applications or automations that do not allow for other authentication mechanisms, or where you do not want to provide your credentials. If the app is compromised, you simply revoke the PAT.

Note:

Personal Access Tokens are only available for local users.

The core capabilities:

  • Users removed from an organization will have their associated PATs automatically revoked to prevent unauthorized access.
  • Organization administrators can manage issued PATs, enabling easy revocation of access when necessary.

For detailed information on implementing PATs, please refer to the docs on personal access tokens.

Managing personal access tokens

Personal access tokens (PATs) can be managed by organization administrators. PATs can limit risk when working with applications or automations that do not allow for other authentication mechanisms, or where you do not want to provide your credentials. If the app is compromised, you simply revoke the PAT.

Note:

Personal Access Tokens are only available for local users and managed by organization administrators.

Organization administrators can manage issued PATs, enabling easy revocation of access when necessary.

For detailed information on managing PATs, please refer to Managing PATs.

Improvements

In-place upgrade enhancements

To ensure a more secure stack and minimize common vulnerabilities and exposures, we’ve increased the frequency of Kubernetes updates.

Typically, Kubernetes requires sequential version upgrades, which can mean multiple intermediate steps to upgrade to your target Automation Suite version. In Automation Suite 2024.10, we’ve introduced chained Kubernetes upgrades, allowing you to reach your target Automation Suite version directly, without intermediate jumps. The entire process is handled seamlessly in the background.

You can now upgrade from, for instance, Automation Suite 2023.10.2 to 2024.10.0, progressing through multiple Kubernetes versions automatically. The enhancement ensures a secure stack, with an even smoother upgrade experience.

To accommodate this improvement, you should know that we have made several modifications in the upgrade workflow. These changes include updates to existing steps or new additions, such as the following ones:

  • Running the prerequisite checks, separately for infrastructure and services;

  • Migrating Longhorn workloads to local PV, shifting MongoDB data to SQL, and moving Ceph to a Helm-based deployment, before the actual upgrade;

  • Installing the services and shared components to their target version.

Also, one additional change is that, where applicable, you now use uipathctl for the in-place upgrade commands.

For more details, see Performing an in-place upgrade.

Extended support for Active/Active deployments

We have extended the list of products that you can deploy in Active/Active mode. Previously, this feature was only available for Orchestrator, but we have now also included the following products to give you more flexibility:

  • Action Center

  • AI Center

  • Apps

  • Automation Ops

  • Automation Suite Robots

  • Computer Vision

  • Data Service

  • Document Understanding

  • Test Manager

Simplified installation process for enhanced efficiency

We have improved our installation experience by reducing the number of steps required by the installation process. Now, this process involves two main parts, namely the infrastructure installation and the cluster installation. With these improvements to the installation flow, you can expect considerably reduced installation time.

Enhanced shared components management using OSS base

We are excited to announce a significant improvement focused on the management of shared components.

In previous versions, we relied heavily on a component delivery system provided by Rancher. While effective, this approach has its challenges, notably dealing with inconsistent component versions.

Now, we have shifted towards an Open-Source Software (OSS) base for our component management. Furthermore, we leverage uipathctl for installing and upgrading components.

This strategic shift not only simplifies the shared components installation process but also provides the ability to manage each component individually. Moreover, you can also expect improved time efficiency in the reinstallation process for individual components.

Enhanced backup and restore flow

We have enhanced the configuration instructions for the external NFS server to ensure a smoother backup and restore experience. We now include guidance to create a subdirectory at the /asbackup/asetcdbackup location or your equivalent NFS mount path, in order to prevent any potential mounting issues. For details on the updated commands, refer to Configuring the mount path.

Images cleanup for in-cluster Docker registry

You can now effortlessly remove obsolete images post-upgrade. This capability is specifically designed for offline setups with an in-cluster Docker registry. For more details, see Performing post-upgrade operations.

UiPath Automation Suite Install Sizing Calculator enhancements

We're happy to announce various fixes and improvements that ensure an even more accurate estimate of the hardware requirements for any Automation Suite deployment. The tool now takes into account the additional data disk required by Document Understanding and AI Center. Also, it now takes a single click to share the UiPath Automation Suite Install Sizing Calculator URL along with your currently selected configuration.

If you want to take the UiPath Automation Suite Install Sizing Calculator for a spin, see Capacity planning.

FQDN update enhancement

We are thrilled to announce an enhancement in our Fully Qualified Domain Name (FQDN) update process. Now, you can update the cluster FQDN from a single machine, replacing the previous multi-step procedure. This update is aimed at simplifying the process, making it more user-friendly and efficient.

For more on the FQDN update process, see Configuring the FQDN post-installation.

Istio dashboards management

The Istio-related dashboards are switched off by default. If you need to use these dashboards, you must enable them through additional configuration steps within the ArgoCD UI. However, be aware that enabling these dashboards could impact Istio performance.

For more details about Istio dashboards, see Monitoring the network.

Enhanced prerequisites check output

The prerequisites check output generated by uipathctl is now more user-friendly. The simplified and organized display enhances readability and gives more control over the type of info you get.
If you need more detailed information, you can use the --verbose flag to access the full, detailed output. If more concise information suits your needs better, simply skip the --verbose flag for a clear, easy-to-understand output.

For more details about prerequisites check, see Prerequisite checks.

Security enhancements

We continue to provide security updates and patches to address Common Vulnerabilities and Exposures (CVEs).

SAML SSO improvements

We've rolled out some significant updates geared towards improving SAML SSO. Here's a quick overview of what's new:

  1. Switching between entity ID formats: When getting the UiPath details for the identity provider setup, you can now change between the legacy entity id format (without the organization ID), and the new format that includes the organization ID.

  2. Custom unique identifier: We've introduced the option to set custom attributes for unique identification. This feature is particularly beneficial if :

    • An email address is not allocated to your users.

    • An email address cannot serve as a unique identifier (they are not unique in the identity provider).

    Important:

    Once you've set a Unique Identifier, changing it can result in a loss of previously recognized users, as the system might not be able to identify them anymore.

  3. Signing authentication requests: This feature allows UiPath sign all SAML authentication requests. This is useful if your identity provider requires signed authentication requests.

  4. Single logout: Our SAML configuration now includes Single Logout (SLO) capabilities, which enable simultaneous logouts across all your applications unified under your identity provider.

High contrast theme option

We have introduced a high contrast theme that ensures enhanced contrast for a set of UI elements.

For more information, refer to Selecting the theme.

Service visibility in the UI

You can now manage the visibility of three new services in the left navigation bar, in order to customize the UI for each user:

  • Automation Hub

  • AI Center

  • Process Mining

For more information, see the Hide unused services documentation.

Bug fixes

  • We fixed an issue that caused the uipathctl binary to ignore any SQL connection string you provided in the orchestrator.testautomation section of the cluster configuration file.
  • We fixed an issue where the installation or upgrade failed on AWS machines where only IMDSv2 was enabled.

  • In a proxy environment, if the proxy server used the same port as the TCP port of any other service in the Istio service mesh, such as port 8080, pods could not communicate with the FQDN, and an error message was displayed. The behavior no longer occurs.
    Note: If you previously created a service entry according to the workaround in Pods cannot communicate with FQDN in a proxy environment, we recommend that you delete the service entry after you upgrade to Automation Suite 2024.10.0 or later. To delete the service entry, use the following command:
    kubectl delete serviceentry proxy -n uipathkubectl delete serviceentry proxy -n uipath
  • We have fixed a uipathctl-related issue that caused registry configuration corruption during upgrades. Previously, a port in the helm URL of cluster_config.json was treated as an external registry, leading to an omission in registries.yaml. Now,insecure_skip_verify: true is correctly included inregistries.yaml, regardless of whether or not a port is present in the helm URL.
  • We have fixed an issue where shutting down therke2-server service without executing rke2-killall.sh could lead to intermittent not ready reports from agent machines.
  • We have fixed an issue causing upgrades from Automation Suite 2023.10.x to fail due to the Longhorn storage classes still being present after uninstalling Longhorn.
  • We have fixed an issue that caused the support bundle to not include historical logs and to not upload to the configured external object store. This issue occured in offline environments using an external OCI registry.
  • We have fixed an issue causing the snapshot-controller-crds pod to remain in the CrashLoopBackOff state after an RKE2 upgrade. This issue occurred due to a conflict between the newly installed snapshot-controller and the existing one during the RKE2 upgrade.
  • We have fixed an issue that prevented you from enabling SSO for ArgoCD due to a Dex image version discrepancy.
  • We have fixed an issue that prevented licenses from being allocated at the organization level.
  • We have fixed an issue that caused problems during the upgrade process if you had resized the Docker-registry PVC used by your in-cluster Docker registry. Now, the new size is accurately recognized and considered during the upgrade process.

Known issues

Unintended RKE2 service upgrade on additional nodes

Erratum - added November 26, 2024: We have identified an issue where exclude= rke2-* is not added to the /etc/yum.conf file on nodes other than the first server. In specific environments, particularly online ones, an attempt to upgrade all components can cause an unintentional upgrade of the RKE2 service on nodes other than the first server.
To fix this issue, you must manually add exclude=rke2-* to the /etc/yum.conf file on all the nodes of your Automation Suite cluster.

Full migration from standalone products to Automation Suite not supported

You cannot currently perform a full migration from standalone products version 2024.10 to Automation Suite 2024.10 using the UiPath.OrganizationMigrationApp tool. We are actively working on introducing support for this scenario.

In the meantime, you can perform a single-tenant migration. For details on this migration option, refer to Single tenant migration.

Document Understanding limitations and known issues

In this release, Document Understanding modern projects are not supported in Automation Suite offline deployments and Azure Government environments.

Generative AI features, including Generative Annotation and Generative Extraction, are not currently available in Document Understanding in Automation Suite.

If Document Understanding is enabled on your tenant without the activation of Document Understanding modern projects, the Document Understanding application (accessible from the list on the left side) will not work.

For more information, refer to the Document Understanding Release Notes guide.

Split as.tar.gz not available

Split as.tar.gz is currently not available. You can use full as.tar.gz in the meantime.

Enabling Connaisseur causes installation or upgrade failures

An issue causes installation or upgrade failures when enabling Connaisseur during the configuration of an external OCI-compliant registry. The issue occurs when you set the registries.trust.enabled parameter to true in the cluster_config.json file.

Forwarding logs to Splunk is currently unavailable

Forwarding infrastructure logs to Splunk is currently not possible in Automation Suite 2024.10 because the Splunk Connect plugin for Kubernetes is no longer supported. The OpenTelemetry Collector, which you can use to gather logs, is also not supported in this Automation Suite version.

For more information on managing external tools, refer to Responsibility matrix.

Custom directory for pod logs not working

You cannot currently use custom directories for storing your pod logs. This is due to the switch to kube-logging.

External service monitoring not enabled by default

When using kube Prometheus for service monitoring, the ServiceMonitor file is not tracked by default. This issue specifically affects services such as Redis or Istio when attempting to enable the monitoringConfigure.enableEnhancedMonitoring field.
To address the issue, you must manually add an explicit release: monitoring label to the ServiceMonitor YAML configuration file, as shown in the following configuration sample.
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
  name: istio-component-monitor
  namespace: {{ .Values.monitoringConfigure.namespaces.istio }}
  labels:
    monitoring: istio-components
    release: monitoring
spec:
  jobLabel: istio
  targetLabels: [app]
  selector:
    matchExpressions:
    - {key: istio, operator: In, values: [pilot]}
  namespaceSelector:
    any: true
  endpoints:
  - port: http-monitoring
    interval: 15sapiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
  name: istio-component-monitor
  namespace: {{ .Values.monitoringConfigure.namespaces.istio }}
  labels:
    monitoring: istio-components
    release: monitoring
spec:
  jobLabel: istio
  targetLabels: [app]
  selector:
    matchExpressions:
    - {key: istio, operator: In, values: [pilot]}
  namespaceSelector:
    any: true
  endpoints:
  - port: http-monitoring
    interval: 15s

Deprecation timeline

We recommend that you regularly check the deprecation timeline for any updates regarding features that will be deprecated and removed.

Bundling details

Product versions

To find out what has changed on each Automation Suite product, visit the following links.

If the product is greyed out, this new Automation Suite version does not bring any changes to it.

DISCOVERBUILDMANAGEENGAGE
AI Center 2024.10.0Action Center 2024.10.0
Task Mining 2024.10.0AI Computer Vision 2024.10.0Insights 2024.10.0Apps 2024.10.0
Orchestrator 2024.10.0 
  Test Manager 2024.10.0 
    

Internal third-party component versions

This Automation Suite release bundles the following internal components:

Component

Version

RKE2

1.30.5

ArgoCD

2.11.3

gatekeeper

3.17.0

rook

1.14.6

ceph

17.2.6

prometheus-pushgateway

2.12.0

cert-manager

1.14.5

Istio

1.23.0

kube-logging/logging-operator

4.9.1

Prometheus

2.54.1

Grafana

11.1.5

velero

6.2.0

redis-operator

7.4.6-2

redis-cluster

7.4.6-22

oauth2-proxy

7.6.0

Was this page helpful?

Get The Help You Need
Learning RPA - Automation Courses
UiPath Community Forum
Uipath Logo White
Trust and Security
© 2005-2024 UiPath. All rights reserved.