Automation Suite Release Notes
2024.10.0
Release date: November 11, 2024
We are happy to announce the addition of Document Understanding modern projects to our Automation Suite product portfolio. This expansion aligns with our aim to maintain parity with the functionalities offered via Automation Cloud.
If you plan to enable Document Understanding modern projects, make sure to check out the cross-product dependencies and that you meet all the prerequisites. Note that Document Understanding modern projects require additional resources, so make sure to take that into account when enabling this product.
All the details about the installation and configuration of these newly onboarded products are available in the Automation Suite on Linux Installation Guide. For details on how make the most out of the functionality of these products, refer to Document Understanding Modern Projects User Guide.
In an attempt to make your start with Automation Suite easier and cost-effective, we are now introducing the lite mode. With it, you can start with fewer infrastructure requirements and when ready, transition to high availability for specific services.
profile
parameter in the cluster_config.json
file or through the use of our interactive installer.
A key benefit of lite mode is its resource efficiency. It offers full functionality without the need for high availability across all services. Consequently, the lite profile needs fewer resources, a value-added feature for infra-budget-conscious organizations.
Notably, lite mode is not just for small-scale operations. This mode is designed with scalability in mind, so as your needs grow, lite mode grows with you.
Lite mode is versatile, accommodating a wide array of scenarios, such as the following:
-
You plan to explore the Automation Suite functionality without a significant infrastructural commitment.
-
You start with a minimal setup but want the flexibility and ease of scaling up as the need arises.
-
You aim to manage infrastructure cost by customizing the availability of services to your unique needs.
-
You aim at smaller-scale use cases and prefer a system that operates efficiently with non-high availability services.
uipathctl
extends its role in Automation Suite, as part of our initiative to unify our CLI tools. uipathctl
heads toward becoming a stronger and a more convenient single entry point for all your tasks within Automation Suite.
This streamlines your installation and configuration of Automation Suite and creates a more integrated experience.
uipathctl
replaces the following scripts and assimilates their functionalities:
-
install-uipath.sh
, previously used to install and customize Automation Suite . -
configureUiPathAS.sh
, previously used to perform operations within the Automation Suite cluster, such as the certificate management, as well as the configuration of objectstore, registry, and monitoring tools. -
configureUiPathDisks.sh
, previously used to configure disks and mounting points for your new Automation Suite cluster, as well as resize data disks post-installation. -
validateUiPathReadiness.sh
, previously used to validate and install the RPM packages and to validate the prerequisite checks required when installing Automation Suite. -
orchestrator_configurator.sh
, previously used to configure files and settings within the Orchestrator deployment in Automation Suite, such as adding storage files, credential store plugins, NLog extensions, and changingappSettings
.
We look forward to sharing further enhancements with you.
For more details on the commands you can run, see uipathctl.
Erratum - added November 21, 2024: We have expanded our OS support to include RHEL 8.8, 8.9, 8.10, 9.2, and 9.4 versions.
Red Hat no longer supports RHEL 8.6. As a result, we have removed it from the list of compatible RHEL versions.
Automation Suite now uses AWS Signature Version 4 for all S3 API requests. This impacts the use of Automation Suite with S3 servers that do not support AWS Signature Version 4.
Automation Suite now supports server-side encryption with Key Management Service (SSE-KMS) on AWS S3 buckets.
For more information on SSE-KMS, see the AWS documentation.
We now support Transport Layer Security (TLS) 1.3. This new TLS version brings several key improvements, being more secure than its predecessor, TLS 1.2, and offering speedier connections and improved performance.
For details on how to upgrade from TLS 1.2 to TLS 1.3, refer to How to address weak ciphers in TLS 1.2.
We are happy to announce that Automation Suite now supports Harbor and other external registries that require you to create a project before pushing or pulling images from the registry.
We have added more prerequisite checks to optimize the overall experience of installing and configuring Automation Suite and to catch missing requirements earlier. Here are some highlights:
-
Automation Suite now checks if the external objectstore supports POST requests to buckets via pre-signed URLs. Document Understanding requires POST request support to download files from the buckets.
-
We have introduced a new prerequisite check for configurations using a single node RKE2 with in-cluster storage. An additional disk of a minimum 512GB is now required to store Ceph data backups. To partition the disk for Ceph, you must use the following command:
./bin/uipathctl rke2 disk --backup-disk-name <disk-name>
./bin/uipathctl rke2 disk --backup-disk-name <disk-name> -
A new prerequisite check validates that you have enough disk space to enable Document Understanding modern projects. This check verifies disk space availability on the
/datadisk/registry
and/var/lib/rancher
disks.
We now support Instance Metadata Service Version 2 (IMDSv2) in high-availability deployments for AWS. For more information on IMDSv2, see the AWS documentation.
To take full advantage of the features that Apps offers, you now must provide a unique subdomain with a Fully Qualified Domain Name (FQDN). You must make the following changes:
-
Update your certificate with a Subject Alternative Name (SAN) entry for Apps. Details...
-
Adjust your DNS server to accommodate the new Apps subdomain. Details...
Automation Suite 2024.10 introduces automatic identity token-signing certificate rotation. This feature automates the lifecycle of your signing keys, offering enhanced security and reducing the need for manual certificate management.
If you're deploying Automation Suite 2024.10 for the first time, this feature is enabled by default. The option for manual management of signing certificates remains available, and those who prefer manual control or have specific operational requirements can disable automatic certificate rotation.
For users upgrading to 2024.10 from an older version, automatic management is disabled by default but can be enabled if desired.
For details on how to enable or disable automatic certificate rotation, see Automatic certificate rotation in the Automation Suite on Linux documentation, or Automatic certificate rotation in the Automation Suite on AKS/EKS documentation.
New consumables monitoring option
You can now monitor license allocation in a more granular fashion, with the help of the new Consumables tab. It is available in the administration section, at the organization and the tenant level, and it breaks down the allocation and the usage of licensed consumption units, such as AI Units, Robot Units, and API calls.
Introducing SAP Transport Units
A new type of service consumption unit, named SAP Transport Units, is now available. It is used to license the SAP Change Impact Analysis feature within Test Manager.
Changes to license-related tenant limitations
- Automation Hub
- Process Mining
- Test Manager
- Insights
Removing the license overallocation banner
Up until now, when the number of licenses allocated to your services exceeded the number of licenses available for your organization, a warning banner was displayed. However, it did not provide any clear overallocation information, nor did it offer action items for solving the issue.
As such, in an effort to enhance user experience and eliminate any distractions, we have decided to remove it. You can still find all relevant details by checking the allocation drawer.
Licensing Process Mining through AI units
Process Mining is now licensed through AI units, just like several of our AI products.
For details on consumption, see the License page in the Process Mining guide.
Deprecating license activation from the host portal
We are striving to better support the ever evolving commercial offering of the UiPath® platform, and, as part of that, we are deprecating the option to activate licenses from the host portal. To help ease the transition, we have added a warning banner notifying administrators of the deprecation, and providing best practices for license activation.
Please rest assured that this in no way affects the functionality, and that you can still activate licenses from the host portal until the feature is removed.
We are excited to introduce personal access tokens (PATs). PATs provide developers with an efficient and secure method to obtain tokens with user-scoped access. PATs can limit risk when working with applications or automations that do not allow for other authentication mechanisms, or where you do not want to provide your credentials. If the app is compromised, you simply revoke the PAT.
Personal Access Tokens are only available for local users.
The core capabilities:
- Users removed from an organization will have their associated PATs automatically revoked to prevent unauthorized access.
-
Organization administrators can manage issued PATs, enabling easy revocation of access when necessary.
For detailed information on implementing PATs, please refer to the docs on personal access tokens.
Personal access tokens (PATs) can be managed by organization administrators. PATs can limit risk when working with applications or automations that do not allow for other authentication mechanisms, or where you do not want to provide your credentials. If the app is compromised, you simply revoke the PAT.
Personal Access Tokens are only available for local users and managed by organization administrators.
Organization administrators can manage issued PATs, enabling easy revocation of access when necessary.
For detailed information on managing PATs, please refer to Managing PATs.
To ensure a more secure stack and minimize common vulnerabilities and exposures, we’ve increased the frequency of Kubernetes updates.
Typically, Kubernetes requires sequential version upgrades, which can mean multiple intermediate steps to upgrade to your target Automation Suite version. In Automation Suite 2024.10, we’ve introduced chained Kubernetes upgrades, allowing you to reach your target Automation Suite version directly, without intermediate jumps. The entire process is handled seamlessly in the background.
You can now upgrade from, for instance, Automation Suite 2023.10.2 to 2024.10.0, progressing through multiple Kubernetes versions automatically. The enhancement ensures a secure stack, with an even smoother upgrade experience.
To accommodate this improvement, you should know that we have made several modifications in the upgrade workflow. These changes include updates to existing steps or new additions, such as the following ones:
-
Running the prerequisite checks, separately for infrastructure and services;
-
Migrating Longhorn workloads to local PV, shifting MongoDB data to SQL, and moving Ceph to a Helm-based deployment, before the actual upgrade;
-
Installing the services and shared components to their target version.
uipathctl
for the in-place upgrade commands.
For more details, see Performing an in-place upgrade.
We have extended the list of products that you can deploy in Active/Active mode. Previously, this feature was only available for Orchestrator, but we have now also included the following products to give you more flexibility:
-
Action Center
-
AI Center
-
Apps
-
Automation Ops
-
Automation Suite Robots
-
Computer Vision
-
Data Service
-
Document Understanding
-
Test Manager
For details, refer to Disaster recovery - Active/Passive and Active/Active.
We have improved our installation experience by reducing the number of steps required by the installation process. Now, this process involves two main parts, namely the infrastructure installation and the cluster installation. With these improvements to the installation flow, you can expect considerably reduced installation time.
We are excited to announce a significant improvement focused on the management of shared components.
In previous versions, we relied heavily on a component delivery system provided by Rancher. While effective, this approach has its challenges, notably dealing with inconsistent component versions.
uipathctl
for installing and upgrading components.
This strategic shift not only simplifies the shared components installation process but also provides the ability to manage each component individually. Moreover, you can also expect improved time efficiency in the reinstallation process for individual components.
/asbackup/asetcdbackup
location or your equivalent NFS mount path, in order to prevent any potential mounting issues. For details on the updated
commands, refer to Configuring the mount path.
You can now effortlessly remove obsolete images post-upgrade. This capability is specifically designed for offline setups with an in-cluster Docker registry. For more details, see Performing post-upgrade operations.
We're happy to announce various fixes and improvements that ensure an even more accurate estimate of the hardware requirements for any Automation Suite deployment. The tool now takes into account the additional data disk required by Document Understanding and AI Center. Also, it now takes a single click to share the UiPath Automation Suite Install Sizing Calculator URL along with your currently selected configuration.
If you want to take the UiPath Automation Suite Install Sizing Calculator for a spin, see Capacity planning.
We are thrilled to announce an enhancement in our Fully Qualified Domain Name (FQDN) update process. Now, you can update the cluster FQDN from a single machine, replacing the previous multi-step procedure. This update is aimed at simplifying the process, making it more user-friendly and efficient.
For more on the FQDN update process, see Configuring the FQDN post-installation.
The Istio-related dashboards are switched off by default. If you need to use these dashboards, you must enable them through additional configuration steps within the ArgoCD UI. However, be aware that enabling these dashboards could impact Istio performance.
For more details about Istio dashboards, see Monitoring the network.
uipathctl
is now more user-friendly. The simplified and organized display enhances readability and gives more control over the type
of info you get.
--verbose
flag to access the full, detailed output. If more concise information suits your needs better, simply skip the --verbose
flag for a clear, easy-to-understand output.
For more details about prerequisites check, see Prerequisite checks.
We continue to provide security updates and patches to address Common Vulnerabilities and Exposures (CVEs).
We've rolled out some significant updates geared towards improving SAML SSO. Here's a quick overview of what's new:
-
Switching between entity ID formats: When getting the UiPath details for the identity provider setup, you can now change between the legacy entity id format (without the organization ID), and the new format that includes the organization ID.
-
Custom unique identifier: We've introduced the option to set custom attributes for unique identification. This feature is particularly beneficial if :
-
An email address is not allocated to your users.
-
An email address cannot serve as a unique identifier (they are not unique in the identity provider).
Important:Once you've set a Unique Identifier, changing it can result in a loss of previously recognized users, as the system might not be able to identify them anymore.
-
-
Signing authentication requests: This feature allows UiPath sign all SAML authentication requests. This is useful if your identity provider requires signed authentication requests.
-
Single logout: Our SAML configuration now includes Single Logout (SLO) capabilities, which enable simultaneous logouts across all your applications unified under your identity provider.
We have introduced a high contrast theme that ensures enhanced contrast for a set of UI elements.
For more information, refer to Selecting the theme.
You can now manage the visibility of three new services in the left navigation bar, in order to customize the UI for each user:
-
Automation Hub
-
AI Center
-
Process Mining
For more information, see the Hide unused services documentation.
-
We fixed an issue that caused the
uipathctl
binary to ignore any SQL connection string you provided in theorchestrator.testautomation
section of the cluster configuration file. -
We fixed an issue where the installation or upgrade failed on AWS machines where only IMDSv2 was enabled.
-
In a proxy environment, if the proxy server used the same port as the TCP port of any other service in the Istio service mesh, such as port 8080, pods could not communicate with the FQDN, and an error message was displayed. The behavior no longer occurs.Note: If you previously created a service entry according to the workaround in Pods cannot communicate with FQDN in a proxy environment, we recommend that you delete the service entry after you upgrade to Automation Suite 2024.10.0 or later. To delete the service entry, use the following command:
kubectl delete serviceentry proxy -n uipath
kubectl delete serviceentry proxy -n uipath -
We have fixed a
uipathctl
-related issue that caused registry configuration corruption during upgrades. Previously, a port in the helm URL ofcluster_config.json
was treated as an external registry, leading to an omission inregistries.yaml
. Now,insecure_skip_verify: true
is correctly included inregistries.yaml
, regardless of whether or not a port is present in the helm URL. -
We have fixed an issue where shutting down the
rke2-server
service without executingrke2-killall.sh
could lead to intermittent not ready reports from agent machines. - We have fixed an issue causing upgrades from Automation Suite 2023.10.x to fail due to the Longhorn storage classes still being present after uninstalling Longhorn.
- We have fixed an issue that caused the support bundle to not include historical logs and to not upload to the configured external object store. This issue occured in offline environments using an external OCI registry.
- We have fixed an issue causing the
snapshot-controller-crds
pod to remain in the CrashLoopBackOff state after an RKE2 upgrade. This issue occurred due to a conflict between the newly installedsnapshot-controller
and the existing one during the RKE2 upgrade. - We have fixed an issue that prevented you from enabling SSO for ArgoCD due to a Dex image version discrepancy.
- We have fixed an issue that prevented licenses from being allocated at the organization level.
-
We have fixed an issue that caused problems during the upgrade process if you had resized the Docker-registry PVC used by your in-cluster Docker registry. Now, the new size is accurately recognized and considered during the upgrade process.
exclude= rke2-*
is not added to the /etc/yum.conf
file on nodes other than the first server. In specific environments, particularly online ones, an attempt to upgrade all
components can cause an unintentional upgrade of the RKE2 service on nodes other than the first server.
exclude=rke2-*
to the /etc/yum.conf
file on all the nodes of your Automation Suite cluster.
You cannot currently perform a full migration from standalone products version 2024.10 to Automation Suite 2024.10 using the UiPath.OrganizationMigrationApp tool. We are actively working on introducing support for this scenario.
In the meantime, you can perform a single-tenant migration. For details on this migration option, refer to Single tenant migration.
In this release, Document Understanding modern projects are not supported in Automation Suite offline deployments and Azure Government environments.
Generative AI features, including Generative Annotation and Generative Extraction, are not currently available in Document Understanding in Automation Suite.
If Document Understanding is enabled on your tenant without the activation of Document Understanding modern projects, the Document Understanding application (accessible from the list on the left side) will not work.
For more information, refer to the Document Understanding Release Notes guide.
as.tar.gz
is currently not available. You can use full as.tar.gz in the meantime.
registries.trust.enabled
parameter to true
in the cluster_config.json
file.
Forwarding infrastructure logs to Splunk is currently not possible in Automation Suite 2024.10 because the Splunk Connect plugin for Kubernetes is no longer supported. The OpenTelemetry Collector, which you can use to gather logs, is also not supported in this Automation Suite version.
For more information on managing external tools, refer to Responsibility matrix.
You cannot currently use custom directories for storing your pod logs. This is due to the switch to kube-logging.
ServiceMonitor
file is not tracked by default. This issue specifically affects services such as Redis or Istio when attempting to enable
the monitoringConfigure.enableEnhancedMonitoring
field.
release: monitoring
label to the ServiceMonitor
YAML configuration file, as shown in the following configuration sample.
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: istio-component-monitor
namespace: {{ .Values.monitoringConfigure.namespaces.istio }}
labels:
monitoring: istio-components
release: monitoring
spec:
jobLabel: istio
targetLabels: [app]
selector:
matchExpressions:
- {key: istio, operator: In, values: [pilot]}
namespaceSelector:
any: true
endpoints:
- port: http-monitoring
interval: 15s
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: istio-component-monitor
namespace: {{ .Values.monitoringConfigure.namespaces.istio }}
labels:
monitoring: istio-components
release: monitoring
spec:
jobLabel: istio
targetLabels: [app]
selector:
matchExpressions:
- {key: istio, operator: In, values: [pilot]}
namespaceSelector:
any: true
endpoints:
- port: http-monitoring
interval: 15s
We recommend that you regularly check the deprecation timeline for any updates regarding features that will be deprecated and removed.
To find out what has changed on each Automation Suite product, visit the following links.
If the product is greyed out, this new Automation Suite version does not bring any changes to it.
This Automation Suite release bundles the following internal components:
Component |
Version |
---|---|
RKE2 |
1.30.5 |
ArgoCD |
2.11.3 |
gatekeeper |
3.17.0 |
rook |
1.14.6 |
ceph |
17.2.6 |
prometheus-pushgateway |
2.12.0 |
cert-manager |
1.14.5 |
Istio |
1.23.0 |
kube-logging/logging-operator |
4.9.1 |
Prometheus |
2.54.1 |
Grafana |
11.1.5 |
velero |
6.2.0 |
redis-operator |
7.4.6-2 |
redis-cluster |
7.4.6-22 |
oauth2-proxy |
7.6.0 |
- What's new
- Document Understanding modern projects onboarded to Automation Suite
- Introducing lite mode
- Unifying command line operations with uipathctl
- RHEL supported versions
- AWS Signature Version 4 support
- SSE-KMS support
- Support for TLS 1.3
- Support for external registries that require projects
- New prerequisite checks
- Instance Metadata Service Version 2 support
- Apps subdomain requirement
- Automatic rotation for identity token-signing certificates
- Licensing news
- Personal access tokens (PATs)
- Managing personal access tokens
- Improvements
- In-place upgrade enhancements
- Extended support for Active/Active deployments
- Simplified installation process for enhanced efficiency
- Enhanced shared components management using OSS base
- Enhanced backup and restore flow
- Images cleanup for in-cluster Docker registry
- UiPath Automation Suite Install Sizing Calculator enhancements
- FQDN update enhancement
- Istio dashboards management
- Enhanced prerequisites check output
- Security enhancements
- SAML SSO improvements
- High contrast theme option
- Service visibility in the UI
- Bug fixes
- Known issues
- Unintended RKE2 service upgrade on additional nodes
- Full migration from standalone products to Automation Suite not supported
- Document Understanding limitations and known issues
- Split as.tar.gz not available
- Enabling Connaisseur causes installation or upgrade failures
- Forwarding logs to Splunk is currently unavailable
- Custom directory for pod logs not working
- External service monitoring not enabled by default
- Deprecation timeline
- Bundling details
- Product versions
- Internal third-party component versions