Orchestrator
2021.10
False
- Notes de publication
Notes de publication d'Orchestrator
Dernière mise à jour 19 avr. 2024
2021.10.9
Date de publication : 12 décembre 2022
Ajouté le 12 janvier 2023: Modification de la version minimale d'Elasticsearch et de Kibana
À partir de cette version, la version minimale requise pour Elasticsearch et Kibana est la 7.16.3.
De plus, Elasticsearch 7.16.3 doit être installé via .zip package, car les packages d’installation Windows MSI de ce produit ne sont plus publiés après la version 7.16.2.
Problèmeconnu: versions d'Elasticsearch antérieures à la 7.16.3 empêcher la journalisation et renvoyer un
UnsupportedProductException. Ce problème sera résolu dans la prochaine mise à jour cumulative, vous permettant ainsi d'utiliser également des versions antérieures d'Elasticsearch.
- Nous avons corrigé un problème qui entraînait le stockage du mot de passe utilisé pour se connecter à un fournisseur de compartiments de stockage dans la base de données. Cela s'est produit lorsque vous avez créé ou modifié un compartiment de stockage. Le mot de passe pouvait être récupéré par un administrateur SQL disposant d'un accès en lecture à la base de données, ou par toute personne disposant de l'autorisation Consultation ( View ) pour l' audit via l'API.
- Nous avons corrigé un problème qui entraînait le stockage des mots de passe du magasin d’informations d’identification dans la base de données. Les mots de passe pouvaient être récupérés par un administrateur SQL disposant d'un accès en lecture à la base de données, ou par toute personne disposant de l'autorisation Consultation ( View ) pour l' audit via l'API.
- Nous avons corrigé un problème qui entraînait la visibilité des codes de licence dans la réponse renvoyée par les appels qui récupéraient toutes les données d’audit.
- Nous avons corrigé un problème qui entraînait le stockage des mots de passe des flux externes dans la base de données. Cela s'est produit lorsque vous avez créé un flux externe pour gérer les packages d'automatisation.
Utilisez ce script pour nettoyer tous les mots de passe affichés dans les journaux existants. Le script peut être exécuté avant la mise à niveau vers cette version.
DECLARE @serverVersion INT
SET @serverVersion = ISNULL(CAST(COALESCE(SERVERPROPERTY('ProductMajorVersion'),PARSENAME(CAST(SERVERPROPERTY('productversion') AS varchar(20)), 4)) as INT),0)
IF NOT EXISTS (SELECT 1 from [dbo].[Settings] WHERE [Name] = 'Migration.AuditCleanup.Buckets' AND [TenantId] IS NULL)
BEGIN
IF @serverVersion >= 13 -- SQL Server 2016
-- Remove just the password if json functions are supported
EXECUTE sp_executesql N'
UPDATE [dbo].[AuditLogs]
SET [Parameters] = JSON_MODIFY([Parameters], ''$.bucketDto.Password'', NULL)
WHERE
[TenantId] IN (SELECT DISTINCT TenantId FROM [dbo].[Buckets] WHERE [StorageProvider] IN (''Amazon'',''Azure'',''Minio'',''S3Compatible'')) AND
[ServiceName] = ''UiPath.Orchestrator.Web.Api.OData.Controllers.BucketsController'' AND
CHARINDEX(''Password'', [Parameters]) > 0 AND
NULLIF(JSON_VALUE([Parameters], ''$.bucketDto.Password''), '''') IS NOT NULL'
ELSE
-- Remove all parameters if json functions are not supported
EXECUTE sp_executesql N'
UPDATE [dbo].[AuditLogs]
SET [Parameters] = ''''
WHERE
[TenantId] IN (SELECT DISTINCT TenantId FROM [dbo].[Buckets] WHERE [StorageProvider] IN (''Amazon'',''Azure'',''Minio'',''S3Compatible'')) AND
[ServiceName] = ''UiPath.Orchestrator.Web.Api.OData.Controllers.BucketsController'' AND
CHARINDEX(''Password'', [Parameters]) > 0'
INSERT INTO [dbo].[Settings] ([TenantId],[UserId],[Name],[Value],[CreationTime])
VALUES (null,null,'Migration.AuditCleanup.Buckets','true',GETUTCDATE())
END
IF NOT EXISTS (SELECT 1 from [dbo].[Settings] WHERE [Name] = 'Migration.AuditCleanup.CredentialStores' AND [TenantId] IS NULL)
BEGIN
IF @serverVersion >= 13 -- SQL Server 2016
-- Remove just the password if json functions are supported
EXECUTE sp_executesql N'
UPDATE [dbo].[AuditLogs]
SET [Parameters] = JSON_MODIFY([Parameters], ''$.credentialStoreDto.AdditionalConfiguration'', NULL)
WHERE
[TenantId] IN (SELECT DISTINCT TenantId FROM [dbo].[CredentialStores] WHERE [Type] <> ''Database'') AND
[ServiceName] = ''UiPath.Orchestrator.Web.Api.OData.Controllers.CredentialStoresController'' AND
CHARINDEX(''AdditionalConfiguration'', [Parameters]) > 0 AND
ISJSON([Parameters]) = 1 AND
NULLIF(JSON_VALUE([Parameters], ''$.credentialStoreDto.AdditionalConfiguration''), '''') IS NOT NULL
-- Some records are truncated, so not valid JSON
UPDATE [dbo].[AuditLogs]
SET [Parameters] = ''''
WHERE
[TenantId] IN (SELECT DISTINCT TenantId FROM [dbo].[CredentialStores] WHERE [Type] <> ''Database'') AND
[ServiceName] = ''UiPath.Orchestrator.Web.Api.OData.Controllers.CredentialStoresController'' AND
CHARINDEX(''AdditionalConfiguration'', [Parameters]) > 0 AND
ISJSON([Parameters]) = 0'
ELSE
-- Remove all parameters if json functions are not supported
EXECUTE sp_executesql N'
UPDATE [dbo].[AuditLogs]
SET [Parameters] = ''''
WHERE
[TenantId] IN (SELECT DISTINCT TenantId FROM [dbo].[CredentialStores] WHERE [Type] <> ''Database'') AND
[ServiceName] = ''UiPath.Orchestrator.Web.Api.OData.Controllers.CredentialStoresController'' AND
CHARINDEX(''AdditionalConfiguration'', [Parameters]) > 0'
INSERT INTO [dbo].[Settings] ([TenantId],[UserId],[Name],[Value],[CreationTime])
VALUES (null,null,'Migration.AuditCleanup.CredentialStores','true',GETUTCDATE())
END
IF NOT EXISTS (SELECT 1 from [dbo].[Settings] WHERE [Name] = 'Migration.AuditCleanup.PackageFeedApiKey' AND [TenantId] IS NULL)
BEGIN
IF @serverVersion >= 13 -- SQL Server 2016
-- Remove just the password if json functions are supported
EXECUTE sp_executesql N'
UPDATE [dbo].[AuditLogEntities]
SET [CustomData] = JSON_MODIFY([CustomData], ''$.ApiKey'', NULL)
WHERE
[EntityId] IS NULL AND
[EntityName] = ''UiPackageFeed'' AND
CHARINDEX(''ApiKey'', [CustomData]) > 0 AND
JSON_VALUE([CustomData], ''$.ApiKey'') IS NOT NULL'
ELSE
-- Remove just the password if json functions are supported
EXECUTE sp_executesql N'
UPDATE [dbo].[AuditLogEntities]
SET [CustomData] = ''''
WHERE
[EntityId] IS NULL AND
[EntityName] = ''UiPackageFeed'' AND
CHARINDEX(''ApiKey'', [CustomData]) > 0'
INSERT INTO [dbo].[Settings] ([TenantId],[UserId],[Name],[Value],[CreationTime])
VALUES (null,null,'Migration.AuditCleanup.PackageFeedApiKey','true',GETUTCDATE())
END
IF NOT EXISTS (SELECT 1 from [dbo].[Settings] WHERE [Name] = 'Migration.AuditCleanup.PackageFeedBasicPassword' AND [TenantId] IS NULL)
BEGIN
IF @serverVersion >= 13 -- SQL Server 2016
-- Remove just the password if json functions are supported
EXECUTE sp_executesql N'
UPDATE [dbo].[AuditLogEntities]
SET [CustomData] = JSON_MODIFY([CustomData], ''$.BasicPassword'', NULL)
WHERE
[EntityId] IS NULL AND
[EntityName] = ''UiPackageFeed'' AND
CHARINDEX(''BasicPassword'', [CustomData]) > 0 AND
JSON_VALUE([CustomData], ''$.BasicPassword'') IS NOT NULL'
ELSE
-- Remove just the password if json functions are supported
EXECUTE sp_executesql N'
UPDATE [dbo].[AuditLogEntities]
SET [CustomData] = ''''
WHERE
[EntityId] IS NULL AND
[EntityName] = ''UiPackageFeed'' AND
CHARINDEX(''BasicPassword'', [CustomData]) > 0'
INSERT INTO [dbo].[Settings] ([TenantId],[UserId],[Name],[Value],[CreationTime])
VALUES (null,null,'Migration.AuditCleanup.PackageFeedBasicPassword','true',GETUTCDATE())
END
IF NOT EXISTS (SELECT 1 from [dbo].[Settings] WHERE [Name] = 'Migration.AuditCleanup.LicenseKey' AND [TenantId] IS NULL)
BEGIN
IF @serverVersion >= 13 -- SQL Server 2016
EXECUTE sp_executesql N'
UPDATE [dbo].[AuditLogs]
SET [Parameters] = JSON_MODIFY([Parameters], ''$.licenseKey'', NULL)
WHERE
[ServiceName] = ''UiPath.Orchestrator.Web.Api.OData.Controllers.SettingsController'' AND
CHARINDEX(''licenseKey'', [Parameters]) > 0 AND
ISJSON([Parameters]) = 1 AND
JSON_VALUE([Parameters], ''$.licenseKey'') IS NOT NULL
UPDATE [dbo].[AuditLogs]
SET [Parameters] = ''''
WHERE
[ServiceName] = ''UiPath.Orchestrator.Web.Api.OData.Controllers.SettingsController'' AND
CHARINDEX(''licenseKey'', [Parameters]) > 0 AND
ISJSON([Parameters]) = 0'
ELSE
EXECUTE sp_executesql N'
UPDATE [dbo].[AuditLogs]
SET [Parameters] = ''''
WHERE
[ServiceName] = ''UiPath.Orchestrator.Web.Api.OData.Controllers.SettingsController'' AND
CHARINDEX(''licenseKey'', [Parameters]) > 0'
INSERT INTO [dbo].[Settings] ([TenantId],[UserId],[Name],[Value],[CreationTime])
VALUES (null,null,'Migration.AuditCleanup.LicenseKey','true',GETUTCDATE())
ENDDECLARE @serverVersion INT
SET @serverVersion = ISNULL(CAST(COALESCE(SERVERPROPERTY('ProductMajorVersion'),PARSENAME(CAST(SERVERPROPERTY('productversion') AS varchar(20)), 4)) as INT),0)
IF NOT EXISTS (SELECT 1 from [dbo].[Settings] WHERE [Name] = 'Migration.AuditCleanup.Buckets' AND [TenantId] IS NULL)
BEGIN
IF @serverVersion >= 13 -- SQL Server 2016
-- Remove just the password if json functions are supported
EXECUTE sp_executesql N'
UPDATE [dbo].[AuditLogs]
SET [Parameters] = JSON_MODIFY([Parameters], ''$.bucketDto.Password'', NULL)
WHERE
[TenantId] IN (SELECT DISTINCT TenantId FROM [dbo].[Buckets] WHERE [StorageProvider] IN (''Amazon'',''Azure'',''Minio'',''S3Compatible'')) AND
[ServiceName] = ''UiPath.Orchestrator.Web.Api.OData.Controllers.BucketsController'' AND
CHARINDEX(''Password'', [Parameters]) > 0 AND
NULLIF(JSON_VALUE([Parameters], ''$.bucketDto.Password''), '''') IS NOT NULL'
ELSE
-- Remove all parameters if json functions are not supported
EXECUTE sp_executesql N'
UPDATE [dbo].[AuditLogs]
SET [Parameters] = ''''
WHERE
[TenantId] IN (SELECT DISTINCT TenantId FROM [dbo].[Buckets] WHERE [StorageProvider] IN (''Amazon'',''Azure'',''Minio'',''S3Compatible'')) AND
[ServiceName] = ''UiPath.Orchestrator.Web.Api.OData.Controllers.BucketsController'' AND
CHARINDEX(''Password'', [Parameters]) > 0'
INSERT INTO [dbo].[Settings] ([TenantId],[UserId],[Name],[Value],[CreationTime])
VALUES (null,null,'Migration.AuditCleanup.Buckets','true',GETUTCDATE())
END
IF NOT EXISTS (SELECT 1 from [dbo].[Settings] WHERE [Name] = 'Migration.AuditCleanup.CredentialStores' AND [TenantId] IS NULL)
BEGIN
IF @serverVersion >= 13 -- SQL Server 2016
-- Remove just the password if json functions are supported
EXECUTE sp_executesql N'
UPDATE [dbo].[AuditLogs]
SET [Parameters] = JSON_MODIFY([Parameters], ''$.credentialStoreDto.AdditionalConfiguration'', NULL)
WHERE
[TenantId] IN (SELECT DISTINCT TenantId FROM [dbo].[CredentialStores] WHERE [Type] <> ''Database'') AND
[ServiceName] = ''UiPath.Orchestrator.Web.Api.OData.Controllers.CredentialStoresController'' AND
CHARINDEX(''AdditionalConfiguration'', [Parameters]) > 0 AND
ISJSON([Parameters]) = 1 AND
NULLIF(JSON_VALUE([Parameters], ''$.credentialStoreDto.AdditionalConfiguration''), '''') IS NOT NULL
-- Some records are truncated, so not valid JSON
UPDATE [dbo].[AuditLogs]
SET [Parameters] = ''''
WHERE
[TenantId] IN (SELECT DISTINCT TenantId FROM [dbo].[CredentialStores] WHERE [Type] <> ''Database'') AND
[ServiceName] = ''UiPath.Orchestrator.Web.Api.OData.Controllers.CredentialStoresController'' AND
CHARINDEX(''AdditionalConfiguration'', [Parameters]) > 0 AND
ISJSON([Parameters]) = 0'
ELSE
-- Remove all parameters if json functions are not supported
EXECUTE sp_executesql N'
UPDATE [dbo].[AuditLogs]
SET [Parameters] = ''''
WHERE
[TenantId] IN (SELECT DISTINCT TenantId FROM [dbo].[CredentialStores] WHERE [Type] <> ''Database'') AND
[ServiceName] = ''UiPath.Orchestrator.Web.Api.OData.Controllers.CredentialStoresController'' AND
CHARINDEX(''AdditionalConfiguration'', [Parameters]) > 0'
INSERT INTO [dbo].[Settings] ([TenantId],[UserId],[Name],[Value],[CreationTime])
VALUES (null,null,'Migration.AuditCleanup.CredentialStores','true',GETUTCDATE())
END
IF NOT EXISTS (SELECT 1 from [dbo].[Settings] WHERE [Name] = 'Migration.AuditCleanup.PackageFeedApiKey' AND [TenantId] IS NULL)
BEGIN
IF @serverVersion >= 13 -- SQL Server 2016
-- Remove just the password if json functions are supported
EXECUTE sp_executesql N'
UPDATE [dbo].[AuditLogEntities]
SET [CustomData] = JSON_MODIFY([CustomData], ''$.ApiKey'', NULL)
WHERE
[EntityId] IS NULL AND
[EntityName] = ''UiPackageFeed'' AND
CHARINDEX(''ApiKey'', [CustomData]) > 0 AND
JSON_VALUE([CustomData], ''$.ApiKey'') IS NOT NULL'
ELSE
-- Remove just the password if json functions are supported
EXECUTE sp_executesql N'
UPDATE [dbo].[AuditLogEntities]
SET [CustomData] = ''''
WHERE
[EntityId] IS NULL AND
[EntityName] = ''UiPackageFeed'' AND
CHARINDEX(''ApiKey'', [CustomData]) > 0'
INSERT INTO [dbo].[Settings] ([TenantId],[UserId],[Name],[Value],[CreationTime])
VALUES (null,null,'Migration.AuditCleanup.PackageFeedApiKey','true',GETUTCDATE())
END
IF NOT EXISTS (SELECT 1 from [dbo].[Settings] WHERE [Name] = 'Migration.AuditCleanup.PackageFeedBasicPassword' AND [TenantId] IS NULL)
BEGIN
IF @serverVersion >= 13 -- SQL Server 2016
-- Remove just the password if json functions are supported
EXECUTE sp_executesql N'
UPDATE [dbo].[AuditLogEntities]
SET [CustomData] = JSON_MODIFY([CustomData], ''$.BasicPassword'', NULL)
WHERE
[EntityId] IS NULL AND
[EntityName] = ''UiPackageFeed'' AND
CHARINDEX(''BasicPassword'', [CustomData]) > 0 AND
JSON_VALUE([CustomData], ''$.BasicPassword'') IS NOT NULL'
ELSE
-- Remove just the password if json functions are supported
EXECUTE sp_executesql N'
UPDATE [dbo].[AuditLogEntities]
SET [CustomData] = ''''
WHERE
[EntityId] IS NULL AND
[EntityName] = ''UiPackageFeed'' AND
CHARINDEX(''BasicPassword'', [CustomData]) > 0'
INSERT INTO [dbo].[Settings] ([TenantId],[UserId],[Name],[Value],[CreationTime])
VALUES (null,null,'Migration.AuditCleanup.PackageFeedBasicPassword','true',GETUTCDATE())
END
IF NOT EXISTS (SELECT 1 from [dbo].[Settings] WHERE [Name] = 'Migration.AuditCleanup.LicenseKey' AND [TenantId] IS NULL)
BEGIN
IF @serverVersion >= 13 -- SQL Server 2016
EXECUTE sp_executesql N'
UPDATE [dbo].[AuditLogs]
SET [Parameters] = JSON_MODIFY([Parameters], ''$.licenseKey'', NULL)
WHERE
[ServiceName] = ''UiPath.Orchestrator.Web.Api.OData.Controllers.SettingsController'' AND
CHARINDEX(''licenseKey'', [Parameters]) > 0 AND
ISJSON([Parameters]) = 1 AND
JSON_VALUE([Parameters], ''$.licenseKey'') IS NOT NULL
UPDATE [dbo].[AuditLogs]
SET [Parameters] = ''''
WHERE
[ServiceName] = ''UiPath.Orchestrator.Web.Api.OData.Controllers.SettingsController'' AND
CHARINDEX(''licenseKey'', [Parameters]) > 0 AND
ISJSON([Parameters]) = 0'
ELSE
EXECUTE sp_executesql N'
UPDATE [dbo].[AuditLogs]
SET [Parameters] = ''''
WHERE
[ServiceName] = ''UiPath.Orchestrator.Web.Api.OData.Controllers.SettingsController'' AND
CHARINDEX(''licenseKey'', [Parameters]) > 0'
INSERT INTO [dbo].[Settings] ([TenantId],[UserId],[Name],[Value],[CreationTime])
VALUES (null,null,'Migration.AuditCleanup.LicenseKey','true',GETUTCDATE())
ENDLisez nos conseils en matière de sécurité pour UiPath Orchestrator - Exposition de données sensibles.
- Nous avons amélioré la sécurité de notre système en limitant l’exposition d’informations internes inutiles dans certaines réponses d’erreur.
- Les fichiers du compartiment de stockage ont été supprimés à tort en raison d'un problème lié à la suppression de dossiers. Plus précisément, lorsque vous dissociiez un compartiment de stockage d'un dossier, puis que vous supprimiez ce dossier, les fichiers inclus dans le compartiment de stockage dissocié étaient également supprimés. La même chose s'est produite lorsque vous avez supprimé le dossier sans d'abord dissocier le compartiment de stockage. Cela s'est produit bien que le compartiment de stockage soit toujours lié à d'autres dossiers.
Nous vous recommandons de vérifier régulièrement le calendrier d'obsolescence pour toute mise à jour concernant les fonctionnalités qui seront obsolètes et supprimées.
