Orchestrator Release Notes
2023.4
Release date: 26 April 2023
We now offer a central location for managing the tags you use throughout our services. The aptly named Tags page is available in the administration section of your organization, at the tenant level. It allows you to add, edit, and remove tags from one single location, eliminating the need to repeatedly access individual objects for tagging purposes.
You can now benefit from an extra layer of efficiency when troubleshooting jobs. This is due to our new video recording feature, which is available at the process level for all unattended executions (currently only available as preview).
You can choose to either record all jobs or only those that are failed, and you have access to these recordings for up to 7 days.
The release of this feature brings about a change in the existing screenshot option: it is now available to all users, not only to those on the Enterprise plan.
Remote debugging of job executions is now a friendlier affair with the help of our new one-stop-shop solution: live streaming and remote control. This allows you to watch an unattended execution while it is happening, and, if problems arise and debug is needed, to take remote control of the execution and try to fix it.
This new feature helps save time when identifying and resolving issues, and it reduces the number of manual interventions needed for debugging and unblocking unattended automation processes.
In October 2021, we announced the deprecation of classic folders.
In April 2022, we announced their removal.
In October 2022, we launched a wizard which assists in the migration of classic folder objects to modern folders, while keeping the existing structures and hierarchies.
We are now continuing this process by disabling executions in classic folders, along with a few other changes. It is hence more important than ever that you migrate your classic folders to modern folders, so as to ensure uninterrupted service.
-orchestratorUrl
parameter has been added to the MigrateTo-ResourceCatalog.ps1
script.
MigrateTo-ResourceCatalog.ps1
script must now be run when upgrading Orchestrator and Resource Catalog Service.
Administrators can now configure fine-grained tenant or folder permissions for external apps by assigning them to folders or tenants in Orchestrator. An external app gets the permissions required to perform particular operations in a folder or tenant through one or more roles.
The app gets the union of all scopes defined for it at the organization level and in Orchestrator. Deleting either of these scopes, leaves the app with access levels according to the remaining scope.
You can also use groups to simplify external app management, as groups allow you to manage objects with similar needs together.
We have introduced two new options that grant Orchestrator administrators control over stopping the exploration of personal workspaces:
-
Automatically stop exploring Personal Workspaces after - The process of exploring personal workspaces can now be stopped automatically after a configurable amount of time.
-
Stop all active sessions for exploring Personal Workspaces - All currently active exploration sessions can be stopped.
Both options are available via the tenant settings (General tab > Personal Workspaces section).
You can now store your Orchestrator credentials in AWS Secrets Manager. For details about the newly added credential store, see AWS Secrets Manager integration.
You can now add an extra layer of security over your already secure credential stores. To that end, we have created the Orchestrator Credentials Proxy, which allows you to avoid creating a direct connection between Orchestrator and the credential store of your choice, and instead connect them through a proxy.
Features.CredentialStoreHost.Enabled
parameter in the UiPath.Orchestrator.dll.config
file, which is false
by default.
Plugins.SecureStores.CyberArkCCP.KeyStorageFlags
parameter has been added to the Orchestrator configuration file, allowing you to choose where to store and how to import
the private key of the client certificate configured for a CyberArk CCP credential store. This helps prevent any read/write
restrictions or issues related to access rights.
The applications used by Studio packages are now retrieved by Orchestrator. You can therefore see them listed in the following places:
-
In the Applications section of the process window for the underlying package.
-
In the Show release notes window for each package version.
We have switched to a new date and time formatting library, aiming to provide more unity around formats across locales. While this change has no impact on your experience whatsoever, you might notice the following improvements as compared to our previous library:
-
Date and time formats are now consistent across all locales, i.e. the same digit/letter combination is used throughout. For example, the English
2/24/2023, 4:48:25 PM
is displayed as2023/2/24 16:48:25
in Japanese, whereas you would see2022年7月5日 09時20分37秒
before this change. -
The elapsed time in seconds is now displayed as a precise number rather than an estimate, i.e.
10 seconds ago
instead ofa few seconds ago
.
We've tamed Orchestrator to identify the event triggers activities as package requirements at process-creation time. Associate them to an Integration Service connection, and make further configurations to comply with your business needs, all for the greater good of triggered automations.
Declutter your Orchestrator database and set a retention policy that either permanently deletes old queue items, or moves them to a designated storage. If you need more time to decide, there’s also the option to keep your queue items data in your database indefinetely, which is the default applied policy. Doing so, you free up the database in an organized manner and your Orchestrator performs better.
Discover the retention policy tips and tricks on our documentation page.
We have improved the way you can test Automation Suite Robots. We have introduced the possibility of choosing between your Production (Unattended) license and your Testing license to run unattended jobs. Just like before, you can continue to use your Production (Unattended) license to run unattended processes in production environments. What has changed is that the Testing license now allows you to run test sets and test cases, while also enabling you to run unattended processes.
You simply need to allocate the desired license to an Automation Suite Robot machine template in Orchestrator. Just keep in mind that the number of allocated licenses dictates the number of jobs that the backend can execute in parallel.
Wondering how this is reflected in the Orchestrator UI? First, you will see that the runtime details are displayed for both production and testing when configuring your machine. Second, when executing automations, you now need to specify whether you want to use Production (Unattended) or Testing as a runtime license.
Additional details for Automation Suite robots
Automation Suite robot jobs and test case executions now provide details on the robot size.
Nothing stops you from interacting with Orchestrator anymore, not even exporting grids! Exporting grids takes place in the background now, so it no longer prevents you from using Orchestrator until the export finishes. We optimized the experience, and we inform you in real-time about the successful outcome of the export. Moreover, you can find all of your exports centralized in the new My reports page.
Learn more about Exporting grids in the background.
New alerts for exporting operations
With great exports comes great responsibility. Therefore, a new alert informs you about the outcome of an export. If the export you initiated was successful, the alert logs the export with the Info severity, whereas for unsuccessful exports, the alert logs as Error. Navigating to the alert source by clicking the See more link in the alert email redirects you to the My reports page, highlighting the exact failed export. You will receive this new alert in your alert emails by default, but you can unsubscribe from it if it becomes too spamy.
UiPath.ConfigProtector.exe
tool can now be used to encrypt and decrypt Resource Catalog Service sensitive information.
See the dedicated section for detailed instructions.
This improvement brings about some additional updates:
-
The
UiPath.ConfigProtector.exe
tool has been upgraded to ASP.NET Core 6.0. -
Two new parameters have been added:
-
--signing-settings
- this allows you to add a configuration section of your choice to the tool's settings. -
--keys
/k
- this allows you to encrypt/decrypt keys that are not hardcoded.
-
See the commands table for details on the new parameters.
-
Identify your webhooks more rapidly! We have added the Name (mandatory) and Description (optional) fields to the create and edit webhook flows in the user interface. Existing webhooks receive a name based on their GUID, such as
Webhook-c42b72b1-17fb-4643-ab9c-1bd2102f0ff6
.These parameters are available in the API as well, plus a mandatory Key parameter, with the following mentions:
-
The Name parameter will be optional until the 2023.4 on-prem release. After 2023.4, you'll be required to provide name for webhooks created via the POST
odata/Webhooks
endpoint. -
The mandatory Key parameter is a unique identifier of the webhook in our system, therefore it cannot be changed.
-
If you do not provide a name for your webhook using the POST method, a name will be automatically generated for it, by appending the Key value to
Webhook
.Read more details in our documentation.
-
-
Webhook events for jobs and queue items now include more properties:
-
SpecificPriorityValue for job events
-
ProcessingExceptionTimestamp and CreatorUserId for queue item events
-
Jobs
-
The Job Details window now includes the Package Version field, that indicates which version of a package was used to run the job.
-
We have added two new time columns to the Jobs grid, displaying either the relative or the absolute time of when a job was created. Make sure to select these columns on the Columns filter, as they are not visible by default.
-
You can now start a job on multiple account-machine pairs. To do that, you simply need to enable the Select valid account-machine mappings option on the Start Job page, and click Add Account-Machine mapping. Once you add the desired pairs, a Pending job is created for each of them.
Alerts
Accessing an alert from the alert dropdown automatically marks it as read, while redirecting you to the alert source.
User interface
-
The More Actions menu of several Automations pages has been redesigned to group similar actions together. Additionally, we renamed the labels for View Logs and View all logs for his process to View logs of this job and View logs of all jobs for this process, respectively.
-
We added two new time columns to the Jobs grid, displaying either the relative or absolute time of when a job was created. Make sure to select these columns on the Columns filter, as they are not visible by default.
-
Error messages pertaining to AWS Secrets Manager policy verifications now include more details.
Security
The parameters you enter as part of Orchestrator operations are no longer saved in our database. This eliminates the risk of sensitive information being accessed via audit, and, as such, enhances the security of your data.
Application
-
The Orchestrator version is now visible at application start/restart in the Event Viewer logs for standalone Orchestrator, and in Docker container logs for Automation Suite Orchestrator.
Triggers
We have removed the restriction to only create non-working days calendars on time triggers that had the same time zone as the tenant they belong to. From now on, any calendar you add to a trigger is interpreted as being aligned to the trigger's time zone.
Updates
-
Deleted tenants are now ignored by the operation that updates queue items statuses. This prevents scenarios where queue item transitions could be blocked when a tenant without a feed is detected.
-
When no update policy is configured in Orchestrator (i.e. the update module is disabled), the server no longer requests any Studio or Robot updates to be performed, even if the module is enabled in these services.
The Create option for the Execution Media permission is now enabled by default within the tenant-level Automation User role.
Logs
We know logs are the core of debugging and identifying faulty behaviors. This improved Orchestrator functionality allows you to access the logs across all job executions of a particular process. See how in our documentation.
-
A
400 Bad Request
response with theInvalidTimeZoneId = 1614
error code is now returned when a process schedule created via the API includes an invalid time zone ID. -
You can now upload a process package from an external feed via the
/odata/Processes/UiPath.Server.Configuration.OData.SetArguments
endpoint. Just make sure the arguments displayed on the Processes page and the ones in the package are the same, as Orchestrator does not perform any validation on packages from external feed. -
You can now assign licensing scopes to external applications. Find the newly added scopes in the Platform Management API Access resource list.
-
The Automation Hub URL is now returned via calls to the
/odata/Processes
endpoint.
- If the SAML integration at the host level was configured to use an external user mapping strategy with either the username or the external provider key, users that belonged to more than one organization were unable to log in.
- The SAML SSO Configuration page displayed an incorrect Assertion Customer Service URL. As a workaround, you had to manually configure the Assertion Customer Service URL in the IDP without the partition ID. The Assertion Customer Service URL is now correctly displayed, and the manual workaround is no longer necessary. Upon upgrading to 2023.4+ you will need to change the Assertion Customer Service URL to include the partition ID.
- When you uploaded a new custom logo, the preview functionality no longer worked. Now, you can preview the new logo in the header, just like before.
- We have fixed an issue that caused the password used for connecting to a storage bucket provider to be stored in the database.
This occurred when you created or edited a storage bucket. The password could be retrieved by an SQL administrator with read
access to the database, or by anyone with View permission on Audit via API.
Use this script to clean up any passwords displayed in the existing logs. The script can be run before upgrading to this version.
DECLARE @serverVersion INT SET @serverVersion = ISNULL(CAST(COALESCE(SERVERPROPERTY('ProductMajorVersion'),PARSENAME(CAST(SERVERPROPERTY('productversion') AS varchar(20)), 4)) as INT),0) IF NOT EXISTS (SELECT 1 from [dbo].[Settings] WHERE [Name] = 'Migration.AuditCleanup.Buckets' AND [TenantId] IS NULL) BEGIN IF @serverVersion >= 13 -- SQL Server 2016 -- Remove just the password if json functions are supported EXECUTE sp_executesql N' UPDATE [dbo].[AuditLogs] SET [Parameters] = JSON_MODIFY([Parameters], ''$.bucketDto.Password'', NULL) WHERE [TenantId] IN (SELECT DISTINCT TenantId FROM [dbo].[Buckets] WHERE [StorageProvider] IN (''Amazon'',''Azure'',''Minio'',''S3Compatible'')) AND [ServiceName] = ''UiPath.Orchestrator.Web.Api.OData.Controllers.BucketsController'' AND CHARINDEX(''Password'', [Parameters]) > 0 AND NULLIF(JSON_VALUE([Parameters], ''$.bucketDto.Password''), '''') IS NOT NULL' ELSE -- Remove all parameters if json functions are not supported EXECUTE sp_executesql N' UPDATE [dbo].[AuditLogs] SET [Parameters] = '''' WHERE [TenantId] IN (SELECT DISTINCT TenantId FROM [dbo].[Buckets] WHERE [StorageProvider] IN (''Amazon'',''Azure'',''Minio'',''S3Compatible'')) AND [ServiceName] = ''UiPath.Orchestrator.Web.Api.OData.Controllers.BucketsController'' AND CHARINDEX(''Password'', [Parameters]) > 0' INSERT INTO [dbo].[Settings] ([TenantId],[UserId],[Name],[Value],[CreationTime]) VALUES (null,null,'Migration.AuditCleanup.Buckets','true',GETUTCDATE()) END IF NOT EXISTS (SELECT 1 from [dbo].[Settings] WHERE [Name] = 'Migration.AuditCleanup.CredentialStores' AND [TenantId] IS NULL) BEGIN IF @serverVersion >= 13 -- SQL Server 2016 -- Remove just the password if json functions are supported EXECUTE sp_executesql N' UPDATE [dbo].[AuditLogs] SET [Parameters] = JSON_MODIFY([Parameters], ''$.credentialStoreDto.AdditionalConfiguration'', NULL) WHERE [TenantId] IN (SELECT DISTINCT TenantId FROM [dbo].[CredentialStores] WHERE [Type] <> ''Database'') AND [ServiceName] = ''UiPath.Orchestrator.Web.Api.OData.Controllers.CredentialStoresController'' AND CHARINDEX(''AdditionalConfiguration'', [Parameters]) > 0 AND ISJSON([Parameters]) = 1 AND NULLIF(JSON_VALUE([Parameters], ''$.credentialStoreDto.AdditionalConfiguration''), '''') IS NOT NULL -- Some records are truncated, so not valid JSON UPDATE [dbo].[AuditLogs] SET [Parameters] = '''' WHERE [TenantId] IN (SELECT DISTINCT TenantId FROM [dbo].[CredentialStores] WHERE [Type] <> ''Database'') AND [ServiceName] = ''UiPath.Orchestrator.Web.Api.OData.Controllers.CredentialStoresController'' AND CHARINDEX(''AdditionalConfiguration'', [Parameters]) > 0 AND ISJSON([Parameters]) = 0' ELSE -- Remove all parameters if json functions are not supported EXECUTE sp_executesql N' UPDATE [dbo].[AuditLogs] SET [Parameters] = '''' WHERE [TenantId] IN (SELECT DISTINCT TenantId FROM [dbo].[CredentialStores] WHERE [Type] <> ''Database'') AND [ServiceName] = ''UiPath.Orchestrator.Web.Api.OData.Controllers.CredentialStoresController'' AND CHARINDEX(''AdditionalConfiguration'', [Parameters]) > 0' INSERT INTO [dbo].[Settings] ([TenantId],[UserId],[Name],[Value],[CreationTime]) VALUES (null,null,'Migration.AuditCleanup.CredentialStores','true',GETUTCDATE()) END IF NOT EXISTS (SELECT 1 from [dbo].[Settings] WHERE [Name] = 'Migration.AuditCleanup.PackageFeedApiKey' AND [TenantId] IS NULL) BEGIN IF @serverVersion >= 13 -- SQL Server 2016 -- Remove just the password if json functions are supported EXECUTE sp_executesql N' UPDATE [dbo].[AuditLogEntities] SET [CustomData] = JSON_MODIFY([CustomData], ''$.ApiKey'', NULL) WHERE [EntityId] IS NULL AND [EntityName] = ''UiPackageFeed'' AND CHARINDEX(''ApiKey'', [CustomData]) > 0 AND JSON_VALUE([CustomData], ''$.ApiKey'') IS NOT NULL' ELSE -- Remove just the password if json functions are supported EXECUTE sp_executesql N' UPDATE [dbo].[AuditLogEntities] SET [CustomData] = '''' WHERE [EntityId] IS NULL AND [EntityName] = ''UiPackageFeed'' AND CHARINDEX(''ApiKey'', [CustomData]) > 0' INSERT INTO [dbo].[Settings] ([TenantId],[UserId],[Name],[Value],[CreationTime]) VALUES (null,null,'Migration.AuditCleanup.PackageFeedApiKey','true',GETUTCDATE()) END IF NOT EXISTS (SELECT 1 from [dbo].[Settings] WHERE [Name] = 'Migration.AuditCleanup.PackageFeedBasicPassword' AND [TenantId] IS NULL) BEGIN IF @serverVersion >= 13 -- SQL Server 2016 -- Remove just the password if json functions are supported EXECUTE sp_executesql N' UPDATE [dbo].[AuditLogEntities] SET [CustomData] = JSON_MODIFY([CustomData], ''$.BasicPassword'', NULL) WHERE [EntityId] IS NULL AND [EntityName] = ''UiPackageFeed'' AND CHARINDEX(''BasicPassword'', [CustomData]) > 0 AND JSON_VALUE([CustomData], ''$.BasicPassword'') IS NOT NULL' ELSE -- Remove just the password if json functions are supported EXECUTE sp_executesql N' UPDATE [dbo].[AuditLogEntities] SET [CustomData] = '''' WHERE [EntityId] IS NULL AND [EntityName] = ''UiPackageFeed'' AND CHARINDEX(''BasicPassword'', [CustomData]) > 0' INSERT INTO [dbo].[Settings] ([TenantId],[UserId],[Name],[Value],[CreationTime]) VALUES (null,null,'Migration.AuditCleanup.PackageFeedBasicPassword','true',GETUTCDATE()) END IF NOT EXISTS (SELECT 1 from [dbo].[Settings] WHERE [Name] = 'Migration.AuditCleanup.LicenseKey' AND [TenantId] IS NULL) BEGIN IF @serverVersion >= 13 -- SQL Server 2016 EXECUTE sp_executesql N' UPDATE [dbo].[AuditLogs] SET [Parameters] = JSON_MODIFY([Parameters], ''$.licenseKey'', NULL) WHERE [ServiceName] = ''UiPath.Orchestrator.Web.Api.OData.Controllers.SettingsController'' AND CHARINDEX(''licenseKey'', [Parameters]) > 0 AND ISJSON([Parameters]) = 1 AND JSON_VALUE([Parameters], ''$.licenseKey'') IS NOT NULL UPDATE [dbo].[AuditLogs] SET [Parameters] = '''' WHERE [ServiceName] = ''UiPath.Orchestrator.Web.Api.OData.Controllers.SettingsController'' AND CHARINDEX(''licenseKey'', [Parameters]) > 0 AND ISJSON([Parameters]) = 0' ELSE EXECUTE sp_executesql N' UPDATE [dbo].[AuditLogs] SET [Parameters] = '''' WHERE [ServiceName] = ''UiPath.Orchestrator.Web.Api.OData.Controllers.SettingsController'' AND CHARINDEX(''licenseKey'', [Parameters]) > 0' INSERT INTO [dbo].[Settings] ([TenantId],[UserId],[Name],[Value],[CreationTime]) VALUES (null,null,'Migration.AuditCleanup.LicenseKey','true',GETUTCDATE()) END
DECLARE @serverVersion INT SET @serverVersion = ISNULL(CAST(COALESCE(SERVERPROPERTY('ProductMajorVersion'),PARSENAME(CAST(SERVERPROPERTY('productversion') AS varchar(20)), 4)) as INT),0) IF NOT EXISTS (SELECT 1 from [dbo].[Settings] WHERE [Name] = 'Migration.AuditCleanup.Buckets' AND [TenantId] IS NULL) BEGIN IF @serverVersion >= 13 -- SQL Server 2016 -- Remove just the password if json functions are supported EXECUTE sp_executesql N' UPDATE [dbo].[AuditLogs] SET [Parameters] = JSON_MODIFY([Parameters], ''$.bucketDto.Password'', NULL) WHERE [TenantId] IN (SELECT DISTINCT TenantId FROM [dbo].[Buckets] WHERE [StorageProvider] IN (''Amazon'',''Azure'',''Minio'',''S3Compatible'')) AND [ServiceName] = ''UiPath.Orchestrator.Web.Api.OData.Controllers.BucketsController'' AND CHARINDEX(''Password'', [Parameters]) > 0 AND NULLIF(JSON_VALUE([Parameters], ''$.bucketDto.Password''), '''') IS NOT NULL' ELSE -- Remove all parameters if json functions are not supported EXECUTE sp_executesql N' UPDATE [dbo].[AuditLogs] SET [Parameters] = '''' WHERE [TenantId] IN (SELECT DISTINCT TenantId FROM [dbo].[Buckets] WHERE [StorageProvider] IN (''Amazon'',''Azure'',''Minio'',''S3Compatible'')) AND [ServiceName] = ''UiPath.Orchestrator.Web.Api.OData.Controllers.BucketsController'' AND CHARINDEX(''Password'', [Parameters]) > 0' INSERT INTO [dbo].[Settings] ([TenantId],[UserId],[Name],[Value],[CreationTime]) VALUES (null,null,'Migration.AuditCleanup.Buckets','true',GETUTCDATE()) END IF NOT EXISTS (SELECT 1 from [dbo].[Settings] WHERE [Name] = 'Migration.AuditCleanup.CredentialStores' AND [TenantId] IS NULL) BEGIN IF @serverVersion >= 13 -- SQL Server 2016 -- Remove just the password if json functions are supported EXECUTE sp_executesql N' UPDATE [dbo].[AuditLogs] SET [Parameters] = JSON_MODIFY([Parameters], ''$.credentialStoreDto.AdditionalConfiguration'', NULL) WHERE [TenantId] IN (SELECT DISTINCT TenantId FROM [dbo].[CredentialStores] WHERE [Type] <> ''Database'') AND [ServiceName] = ''UiPath.Orchestrator.Web.Api.OData.Controllers.CredentialStoresController'' AND CHARINDEX(''AdditionalConfiguration'', [Parameters]) > 0 AND ISJSON([Parameters]) = 1 AND NULLIF(JSON_VALUE([Parameters], ''$.credentialStoreDto.AdditionalConfiguration''), '''') IS NOT NULL -- Some records are truncated, so not valid JSON UPDATE [dbo].[AuditLogs] SET [Parameters] = '''' WHERE [TenantId] IN (SELECT DISTINCT TenantId FROM [dbo].[CredentialStores] WHERE [Type] <> ''Database'') AND [ServiceName] = ''UiPath.Orchestrator.Web.Api.OData.Controllers.CredentialStoresController'' AND CHARINDEX(''AdditionalConfiguration'', [Parameters]) > 0 AND ISJSON([Parameters]) = 0' ELSE -- Remove all parameters if json functions are not supported EXECUTE sp_executesql N' UPDATE [dbo].[AuditLogs] SET [Parameters] = '''' WHERE [TenantId] IN (SELECT DISTINCT TenantId FROM [dbo].[CredentialStores] WHERE [Type] <> ''Database'') AND [ServiceName] = ''UiPath.Orchestrator.Web.Api.OData.Controllers.CredentialStoresController'' AND CHARINDEX(''AdditionalConfiguration'', [Parameters]) > 0' INSERT INTO [dbo].[Settings] ([TenantId],[UserId],[Name],[Value],[CreationTime]) VALUES (null,null,'Migration.AuditCleanup.CredentialStores','true',GETUTCDATE()) END IF NOT EXISTS (SELECT 1 from [dbo].[Settings] WHERE [Name] = 'Migration.AuditCleanup.PackageFeedApiKey' AND [TenantId] IS NULL) BEGIN IF @serverVersion >= 13 -- SQL Server 2016 -- Remove just the password if json functions are supported EXECUTE sp_executesql N' UPDATE [dbo].[AuditLogEntities] SET [CustomData] = JSON_MODIFY([CustomData], ''$.ApiKey'', NULL) WHERE [EntityId] IS NULL AND [EntityName] = ''UiPackageFeed'' AND CHARINDEX(''ApiKey'', [CustomData]) > 0 AND JSON_VALUE([CustomData], ''$.ApiKey'') IS NOT NULL' ELSE -- Remove just the password if json functions are supported EXECUTE sp_executesql N' UPDATE [dbo].[AuditLogEntities] SET [CustomData] = '''' WHERE [EntityId] IS NULL AND [EntityName] = ''UiPackageFeed'' AND CHARINDEX(''ApiKey'', [CustomData]) > 0' INSERT INTO [dbo].[Settings] ([TenantId],[UserId],[Name],[Value],[CreationTime]) VALUES (null,null,'Migration.AuditCleanup.PackageFeedApiKey','true',GETUTCDATE()) END IF NOT EXISTS (SELECT 1 from [dbo].[Settings] WHERE [Name] = 'Migration.AuditCleanup.PackageFeedBasicPassword' AND [TenantId] IS NULL) BEGIN IF @serverVersion >= 13 -- SQL Server 2016 -- Remove just the password if json functions are supported EXECUTE sp_executesql N' UPDATE [dbo].[AuditLogEntities] SET [CustomData] = JSON_MODIFY([CustomData], ''$.BasicPassword'', NULL) WHERE [EntityId] IS NULL AND [EntityName] = ''UiPackageFeed'' AND CHARINDEX(''BasicPassword'', [CustomData]) > 0 AND JSON_VALUE([CustomData], ''$.BasicPassword'') IS NOT NULL' ELSE -- Remove just the password if json functions are supported EXECUTE sp_executesql N' UPDATE [dbo].[AuditLogEntities] SET [CustomData] = '''' WHERE [EntityId] IS NULL AND [EntityName] = ''UiPackageFeed'' AND CHARINDEX(''BasicPassword'', [CustomData]) > 0' INSERT INTO [dbo].[Settings] ([TenantId],[UserId],[Name],[Value],[CreationTime]) VALUES (null,null,'Migration.AuditCleanup.PackageFeedBasicPassword','true',GETUTCDATE()) END IF NOT EXISTS (SELECT 1 from [dbo].[Settings] WHERE [Name] = 'Migration.AuditCleanup.LicenseKey' AND [TenantId] IS NULL) BEGIN IF @serverVersion >= 13 -- SQL Server 2016 EXECUTE sp_executesql N' UPDATE [dbo].[AuditLogs] SET [Parameters] = JSON_MODIFY([Parameters], ''$.licenseKey'', NULL) WHERE [ServiceName] = ''UiPath.Orchestrator.Web.Api.OData.Controllers.SettingsController'' AND CHARINDEX(''licenseKey'', [Parameters]) > 0 AND ISJSON([Parameters]) = 1 AND JSON_VALUE([Parameters], ''$.licenseKey'') IS NOT NULL UPDATE [dbo].[AuditLogs] SET [Parameters] = '''' WHERE [ServiceName] = ''UiPath.Orchestrator.Web.Api.OData.Controllers.SettingsController'' AND CHARINDEX(''licenseKey'', [Parameters]) > 0 AND ISJSON([Parameters]) = 0' ELSE EXECUTE sp_executesql N' UPDATE [dbo].[AuditLogs] SET [Parameters] = '''' WHERE [ServiceName] = ''UiPath.Orchestrator.Web.Api.OData.Controllers.SettingsController'' AND CHARINDEX(''licenseKey'', [Parameters]) > 0' INSERT INTO [dbo].[Settings] ([TenantId],[UserId],[Name],[Value],[CreationTime]) VALUES (null,null,'Migration.AuditCleanup.LicenseKey','true',GETUTCDATE()) END - Using the latest version of the BeyondTrust Server or upgrading to it would sometimes cause integration issues. Now, everything works as expected.
- Load balancing and SignalR would sometimes cause performance issues. These are now fixed.
- When you deleted a machine that was assigned to a folder, the assignment was kept, and the machine was still displayed within that folder. This no longer occurs.
- After the migration, account-machine mappings were sometimes not generated, rendering you unable to run jobs. This is no longer the case.
- We have fixed a deadlock that was preventing new jobs from being created in classic folders, while using specific robots.
- We have improved the security of our system by restricting unnecessary internal information from being exposed in certain error responses.
- When you changed the name of a trigger, the Search in tenant page still displayed its previous name. Now, the updated name of the trigger is listed in the search results.
- We have fixed an issue that caused credential store passwords to be stored in the database. The passwords could be retrieved by an SQL administrator with read access to the database, or by anyone with View permission on Audit via API.
- Timestamps displayed for jobs in Orchestrator database logs were incorrect.
- When you exported a folder role, the tenant-level permissions of that role were also exported. This issue is now fixed.
- Editing a postpone date for a queue item used the UTC value instead of the tenant time zone value.
- Storage bucket files were incorrectly deleted due to an issue related to folder deletion. Specifically, when you unlinked a storage bucket from a folder, then you deleted that folder, the files included in the unlinked storage bucket were also deleted. The same occurred when you deleted the folder without first unlinking the storage bucket. This happened despite the storage bucket still being linked to other folders.
- When you enabled account-machine mappings and started a job with the Allocate dynamically option set to the number of robots available, at least one job remained in a Pending state. Now, all jobs are correctly executed by all robots that are available to retrieve them.
- Executions were not properly assigned to available robots. This happened when a large number of robots were called for the same template, and assigned to the same job.
- Active Directory Domains load more rapidly now. This is due to the caching and the configurable cache expiration value of
the
GetTrustedDomainNames
method. - Editing a postpone date for a queue item used the UTC value instead of the tenant timezone value.
- Requests to get storage bucket files that have the extension .svg, .js, .css, .ttf, .woff, .woff2, or .map failed if the extension was at the end of the request.
- When a user tried to access Orchestrator using a URL that they received from another user, and the received URL included user-specific data, a blank page was displayed and the user was unable to access Orchestrator. Now, in such cases, users are redirected to the login page.
- The process version included in the Job Details window was incorrect, displaying the latest version uploaded to Orchestrator. Now, the Process Version field correctly renders the version used to run the job.
- Filtering by host identity on the Jobs and Logs pages did not work correctly for jobs executed via accounts without credentials. When running jobs on Windows machines, the Host Identity column was populated with the actual identity of the robots (domain\username), however, filtering by this value returned no jobs. When running jobs on Linux machines, jobs were executed under Root, but this value was not available for filtering.
- The OK and Cancel buttons in the upgrade warning window were not properly displayed in the Japanese version of the application. They are now visible.
/api/UserPartition/users/{partitionGlobalId}
endpoint.
Added on 24 April 2023
The Jobs History and Transactions graphs in the Overview section of the Monitoring page are sometimes not displayed properly when using Mozilla Firefox. If this happens, refreshing the browser should solve the problem.
This issue will be fixed in our next cumulative update.
Added on 28 April 2023
There is a disconnect between external apps permissions and the Identity Server, preventing you from adding external apps to a tenant or a folder.
identity-service
config map in ArgoCD:IdentityFeatureFlags__PublicApps__ApplicationDirectoryMembershipEnabled: 'true'
IdentityFeatureFlags__PublicApps__EnableDefaultScope: 'true'
IdentityFeatureFlags__PublicApps__ApplicationDirectoryMembershipEnabled: 'true'
IdentityFeatureFlags__PublicApps__EnableDefaultScope: 'true'
Once added, simply save the changes.
This issue will be fixed in our next cumulative update.
Added on 6 November 2023
In versions 2023.4.0 through 2023.4.2, if you have an Active Directory (AD) integrated environment, you will see sporadic failures from the product leading to the IIS application pool restarting. This issue has been fixed in version 2023.4.3, but it still affects the aforementioned versions. As such, if you use AD, we highly recommend that you directly install or upgrade to 2023.4.3. Otherwise, you will encounter functionality issues.
Added on 3 October 2024
UiPath.Orchestrator.Logs.Elasticsearch.dll
is not compatible
with the new version of Orchestrator. To avoid this issue, you should always use the
latest patch version.
We recommend that you regularly check the deprecation timeline for any updates regarding features that will be deprecated and removed.
- What's new
- Tag management portal
- Video job recording
- Live streaming and remote control
- Restricting classic folders
- Resource Catalog Script changes
- Fine-grained permissions for external apps
- Personal workspace exploration updates
- New credential store
- Custom credential hosts and stores
- New configuration parameter
- Viewing Studio package applications in Orchestrator
- New date formatting library
- Event triggers as package requirements
- Retention policies for queue items
- Improvements
- Testing runtime for Automation Suite Robots
- Exporting grids in the background
- UiPath.ConfigProtector.exe tool and Resource Catalog Service
- Webhooks improvements
- Usability improvements
- Feature improvements via API
- Bug fixes
- Breaking changes
- Last Login column
- Known issues
- Monitoring page issue
- External apps permissions issue
- Identity known issue
- Using the latest patch version when upgrading
- Deprecation timeline