Orchestrator

2023.4

false

Release notes
- 2023.4
- 2023.4.1
- 2023.4.2
- 2023.4.3
- 2023.4.4
- 2023.4.6
- 2023.4.7

Orchestrator Release Notes

Last updated Apr 19, 2024

2023.4

Release date: 26 April 2023

What's new

Tag management portal

We now offer a central location for managing the tags you use throughout our services. The aptly named Tags page is available in the administration section of your organization, at the tenant level. It allows you to add, edit, and remove tags from one single location, eliminating the need to repeatedly access individual objects for tagging purposes.

Video job recording

You can now benefit from an extra layer of efficiency when troubleshooting jobs. This is due to our new video recording feature, which is available at the process level for all unattended executions (currently only available as preview).

You can choose to either record all jobs or only those that are failed, and you have access to these recordings for up to 7 days.

The release of this feature brings about a change in the existing screenshot option: it is now available to all users, not only to those on the Enterprise plan.

Live streaming and remote control

Remote debugging of job executions is now a friendlier affair with the help of our new one-stop-shop solution: live streaming and remote control. This allows you to watch an unattended execution while it is happening, and, if problems arise and debug is needed, to take remote control of the execution and try to fix it.

This new feature helps save time when identifying and resolving issues, and it reduces the number of manual interventions needed for debugging and unblocking unattended automation processes.

Restricting classic folders

In October 2021, we announced the deprecation of classic folders.

In April 2022, we announced their removal.

In October 2022, we launched a wizard which assists in the migration of classic folder objects to modern folders, while keeping the existing structures and hierarchies.

We are now continuing this process by disabling executions in classic folders, along with a few other changes. It is hence more important than ever that you migrate your classic folders to modern folders, so as to ensure uninterrupted service.

Resource Catalog Script changes

The mandatory -orchestratorUrl parameter has been added to the MigrateTo-ResourceCatalog.ps1 script.

Additionally, the MigrateTo-ResourceCatalog.ps1 script must now be run when upgrading Orchestrator and Resource Catalog Service.

Fine-grained permissions for external apps

Administrators can now configure fine-grained tenant or folder permissions for external apps by assigning them to folders or tenants in Orchestrator. An external app gets the permissions required to perform particular operations in a folder or tenant through one or more roles.

The app gets the union of all scopes defined for it at the organization level and in Orchestrator. Deleting either of these scopes, leaves the app with access levels according to the remaining scope.

You can also use groups to simplify external app management, as groups allow you to manage objects with similar needs together.

Personal workspace exploration updates

We have introduced two new options that grant Orchestrator administrators control over stopping the exploration of personal workspaces:

Automatically stop exploring Personal Workspaces after - The process of exploring personal workspaces can now be stopped automatically after a configurable amount of time.
Stop all active sessions for exploring Personal Workspaces - All currently active exploration sessions can be stopped.

Both options are available via the tenant settings (General tab > Personal Workspaces section).

New credential store

You can now store your Orchestrator credentials in AWS Secrets Manager. For details about the newly added credential store, see AWS Secrets Manager integration.

Custom credential hosts and stores

You can now add an extra layer of security over your already secure credential stores. To that end, we have created the Orchestrator Credentials Proxy, which allows you to avoid creating a direct connection between Orchestrator and the credential store of your choice, and instead connect them through a proxy.

The use of this proxy is controlled by the Features.CredentialStoreHost.Enabled parameter in the UiPath.Orchestrator.dll.config file, which is false by default.

New configuration parameter

The Plugins.SecureStores.CyberArkCCP.KeyStorageFlags parameter has been added to the Orchestrator configuration file, allowing you to choose where to store and how to import the private key of the client certificate configured for a CyberArk CCP credential store. This helps prevent any read/write restrictions or issues related to access rights.

Viewing Studio package applications in Orchestrator

The applications used by Studio packages are now retrieved by Orchestrator. You can therefore see them listed in the following places:

In the Applications section of the process window for the underlying package.
In the Show release notes window for each package version.

New date formatting library

We have switched to a new date and time formatting library, aiming to provide more unity around formats across locales. While this change has no impact on your experience whatsoever, you might notice the following improvements as compared to our previous library:

Date and time formats are now consistent across all locales, i.e. the same digit/letter combination is used throughout. For example, the English 2/24/2023, 4:48:25 PM is displayed as 2023/2/24 16:48:25 in Japanese, whereas you would see 2022年7月5日 09時20分37秒 before this change.
The elapsed time in seconds is now displayed as a precise number rather than an estimate, i.e. 10 seconds ago instead of a few seconds ago.

Event triggers as package requirements

We've tamed Orchestrator to identify the event triggers activities as package requirements at process-creation time. Associate them to an Integration Service connection, and make further configurations to comply with your business needs, all for the greater good of triggered automations.

Note: In our 2023.4 release notes, we mistakenly stated that Event triggers were available in on-premises Orchestrator instances. Contrary to that announcement, the feature is not available. We apologize for the confusion.

Retention policies for queue items

Declutter your Orchestrator database and set a retention policy that either permanently deletes old queue items, or moves them to a designated storage. If you need more time to decide, there’s also the option to keep your queue items data in your database indefinetely, which is the default applied policy. Doing so, you free up the database in an organized manner and your Orchestrator performs better.

Discover the retention policy tips and tricks on our documentation page.

Improvements

Testing runtime for Automation Suite Robots

We have improved the way you can test Automation Suite Robots. We have introduced the possibility of choosing between your Production (Unattended) license and your Testing license to run unattended jobs. Just like before, you can continue to use your Production (Unattended) license to run unattended processes in production environments. What has changed is that the Testing license now allows you to run test sets and test cases, while also enabling you to run unattended processes.

You simply need to allocate the desired license to an Automation Suite Robot machine template in Orchestrator. Just keep in mind that the number of allocated licenses dictates the number of jobs that the backend can execute in parallel.

Wondering how this is reflected in the Orchestrator UI? First, you will see that the runtime details are displayed for both production and testing when configuring your machine. Second, when executing automations, you now need to specify whether you want to use Production (Unattended) or Testing as a runtime license.

Additional details for Automation Suite robots

Automation Suite robot jobs and test case executions now provide details on the robot size.

Exporting grids in the background

Nothing stops you from interacting with Orchestrator anymore, not even exporting grids! Exporting grids takes place in the background now, so it no longer prevents you from using Orchestrator until the export finishes. We optimized the experience, and we inform you in real-time about the successful outcome of the export. Moreover, you can find all of your exports centralized in the new My reports page.

Learn more about Exporting grids in the background.

New alerts for exporting operations

With great exports comes great responsibility. Therefore, a new alert informs you about the outcome of an export. If the export you initiated was successful, the alert logs the export with the Info severity, whereas for unsuccessful exports, the alert logs as Error. Navigating to the alert source by clicking the See more link in the alert email redirects you to the My reports page, highlighting the exact failed export. You will receive this new alert in your alert emails by default, but you can unsubscribe from it if it becomes too spamy.

UiPath.ConfigProtector.exe tool and Resource Catalog Service

The UiPath.ConfigProtector.exe tool can now be used to encrypt and decrypt Resource Catalog Service sensitive information.

See the dedicated section for detailed instructions.

This improvement brings about some additional updates:

The UiPath.ConfigProtector.exe tool has been upgraded to ASP.NET Core 6.0.
Two new parameters have been added:
- --signing-settings - this allows you to add a configuration section of your choice to the tool's settings.
- --keys / k - this allows you to encrypt/decrypt keys that are not hardcoded.

See the commands table for details on the new parameters.

Webhooks improvements

Identify your webhooks more rapidly! We have added the Name (mandatory) and Description (optional) fields to the create and edit webhook flows in the user interface. Existing webhooks receive a name based on their GUID, such as Webhook-c42b72b1-17fb-4643-ab9c-1bd2102f0ff6.

These parameters are available in the API as well, plus a mandatory Key parameter, with the following mentions:
- The Name parameter will be optional until the 2023.4 on-prem release. After 2023.4, you'll be required to provide name for webhooks created via the POST odata/Webhooks endpoint.
- The mandatory Key parameter is a unique identifier of the webhook in our system, therefore it cannot be changed.
- If you do not provide a name for your webhook using the POST method, a name will be automatically generated for it, by appending the Key value to Webhook.
  
  Read more details in our documentation.

Webhook events for jobs and queue items now include more properties:
- SpecificPriorityValue for job events
- ProcessingExceptionTimestamp and CreatorUserId for queue item events

Usability improvements

Jobs

The Job Details window now includes the Package Version field, that indicates which version of a package was used to run the job.
We have added two new time columns to the Jobs grid, displaying either the relative or the absolute time of when a job was created. Make sure to select these columns on the Columns filter, as they are not visible by default.
You can now start a job on multiple account-machine pairs. To do that, you simply need to enable the Select valid account-machine mappings option on the Start Job page, and click Add Account-Machine mapping. Once you add the desired pairs, a Pending job is created for each of them.

Alerts

Accessing an alert from the alert dropdown automatically marks it as read, while redirecting you to the alert source.

User interface

The More Actions menu of several Automations pages has been redesigned to group similar actions together. Additionally, we renamed the labels for View Logs and View all logs for his process to View logs of this job and View logs of all jobs for this process, respectively.
We added two new time columns to the Jobs grid, displaying either the relative or absolute time of when a job was created. Make sure to select these columns on the Columns filter, as they are not visible by default.
Error messages pertaining to AWS Secrets Manager policy verifications now include more details.

Security

The parameters you enter as part of Orchestrator operations are no longer saved in our database. This eliminates the risk of sensitive information being accessed via audit, and, as such, enhances the security of your data.

Application

The Orchestrator version is now visible at application start/restart in the Event Viewer logs for standalone Orchestrator, and in Docker container logs for Automation Suite Orchestrator.

Triggers

We have removed the restriction to only create non-working days calendars on time triggers that had the same time zone as the tenant they belong to. From now on, any calendar you add to a trigger is interpreted as being aligned to the trigger's time zone.

Updates

Deleted tenants are now ignored by the operation that updates queue items statuses. This prevents scenarios where queue item transitions could be blocked when a tenant without a feed is detected.
When no update policy is configured in Orchestrator (i.e. the update module is disabled), the server no longer requests any Studio or Robot updates to be performed, even if the module is enabled in these services.

Permissions

The Create option for the Execution Media permission is now enabled by default within the tenant-level Automation User role.

Logs

We know logs are the core of debugging and identifying faulty behaviors. This improved Orchestrator functionality allows you to access the logs across all job executions of a particular process. See how in our documentation.

Feature improvements via API

A 400 Bad Request response with the InvalidTimeZoneId = 1614 error code is now returned when a process schedule created via the API includes an invalid time zone ID.
You can now upload a process package from an external feed via the /odata/Processes/UiPath.Server.Configuration.OData.SetArguments endpoint. Just make sure the arguments displayed on the Processes page and the ones in the package are the same, as Orchestrator does not perform any validation on packages from external feed.
You can now assign licensing scopes to external applications. Find the newly added scopes in the Platform Management API Access resource list.
The Automation Hub URL is now returned via calls to the /odata/Processes endpoint.

Bug fixes

If the SAML integration at the host level was configured to use an external user mapping strategy with either the username or the external provider key, users that belonged to more than one organization were unable to log in.
The SAML SSO Configuration page displayed an incorrect Assertion Customer Service URL. As a workaround, you had to manually configure the Assertion Customer Service URL in the IDP without the partition ID. The Assertion Customer Service URL is now correctly displayed, and the manual workaround is no longer necessary. Upon upgrading to 2023.4+ you will need to change the Assertion Customer Service URL to include the partition ID.
When you uploaded a new custom logo, the preview functionality no longer worked. Now, you can preview the new logo in the header, just like before.

We have fixed an issue that caused the password used for connecting to a storage bucket provider to be stored in the database. This occurred when you created or edited a storage bucket. The password could be retrieved by an SQL administrator with read access to the database, or by anyone with View permission on Audit via API.

Use this script to clean up any passwords displayed in the existing logs. The script can be run before upgrading to this version.

DECLARE @serverVersion INT
SET @serverVersion = ISNULL(CAST(COALESCE(SERVERPROPERTY('ProductMajorVersion'),PARSENAME(CAST(SERVERPROPERTY('productversion') AS varchar(20)), 4)) as INT),0)

IF NOT EXISTS (SELECT 1 from [dbo].[Settings] WHERE [Name] = 'Migration.AuditCleanup.Buckets' AND [TenantId] IS NULL)
BEGIN
    IF @serverVersion >= 13 -- SQL Server 2016
        -- Remove just the password if json functions are supported
        EXECUTE sp_executesql N'
            UPDATE [dbo].[AuditLogs]
            SET [Parameters] = JSON_MODIFY([Parameters], ''$.bucketDto.Password'', NULL)
            WHERE 
                [TenantId] IN (SELECT DISTINCT TenantId FROM [dbo].[Buckets] WHERE [StorageProvider] IN (''Amazon'',''Azure'',''Minio'',''S3Compatible'')) AND
                [ServiceName] = ''UiPath.Orchestrator.Web.Api.OData.Controllers.BucketsController'' AND
                CHARINDEX(''Password'', [Parameters]) > 0 AND
                NULLIF(JSON_VALUE([Parameters], ''$.bucketDto.Password''), '''') IS NOT NULL'
    ELSE
        -- Remove all parameters if json functions are not supported
        EXECUTE sp_executesql N'
            UPDATE [dbo].[AuditLogs]
            SET [Parameters] = ''''
            WHERE 
                [TenantId] IN (SELECT DISTINCT TenantId FROM [dbo].[Buckets] WHERE [StorageProvider] IN (''Amazon'',''Azure'',''Minio'',''S3Compatible'')) AND
                [ServiceName] = ''UiPath.Orchestrator.Web.Api.OData.Controllers.BucketsController'' AND
                CHARINDEX(''Password'', [Parameters]) > 0'
    INSERT INTO [dbo].[Settings] ([TenantId],[UserId],[Name],[Value],[CreationTime])
         VALUES (null,null,'Migration.AuditCleanup.Buckets','true',GETUTCDATE())
END

IF NOT EXISTS (SELECT 1 from [dbo].[Settings] WHERE [Name] = 'Migration.AuditCleanup.CredentialStores' AND [TenantId] IS NULL)
BEGIN
    IF @serverVersion >= 13 -- SQL Server 2016
        -- Remove just the password if json functions are supported
        EXECUTE sp_executesql N'
            UPDATE [dbo].[AuditLogs]
            SET [Parameters] = JSON_MODIFY([Parameters], ''$.credentialStoreDto.AdditionalConfiguration'', NULL)
            WHERE 
                [TenantId] IN (SELECT DISTINCT TenantId FROM [dbo].[CredentialStores] WHERE [Type] <> ''Database'') AND
                [ServiceName] = ''UiPath.Orchestrator.Web.Api.OData.Controllers.CredentialStoresController'' AND
                CHARINDEX(''AdditionalConfiguration'', [Parameters]) > 0 AND
                ISJSON([Parameters]) = 1 AND
                NULLIF(JSON_VALUE([Parameters], ''$.credentialStoreDto.AdditionalConfiguration''), '''') IS NOT NULL
            -- Some records are truncated, so not valid JSON
            UPDATE [dbo].[AuditLogs]
            SET [Parameters] = ''''
            WHERE 
                [TenantId] IN (SELECT DISTINCT TenantId FROM [dbo].[CredentialStores] WHERE [Type] <> ''Database'') AND
                [ServiceName] = ''UiPath.Orchestrator.Web.Api.OData.Controllers.CredentialStoresController'' AND
                CHARINDEX(''AdditionalConfiguration'', [Parameters]) > 0 AND
                ISJSON([Parameters]) = 0'
    ELSE
        -- Remove all parameters if json functions are not supported
        EXECUTE sp_executesql N'
            UPDATE [dbo].[AuditLogs]
            SET [Parameters] = ''''
            WHERE 
                [TenantId] IN (SELECT DISTINCT TenantId FROM [dbo].[CredentialStores] WHERE [Type] <> ''Database'') AND
                [ServiceName] = ''UiPath.Orchestrator.Web.Api.OData.Controllers.CredentialStoresController'' AND
                CHARINDEX(''AdditionalConfiguration'', [Parameters]) > 0'
    INSERT INTO [dbo].[Settings] ([TenantId],[UserId],[Name],[Value],[CreationTime])
         VALUES (null,null,'Migration.AuditCleanup.CredentialStores','true',GETUTCDATE())
END

IF NOT EXISTS (SELECT 1 from [dbo].[Settings] WHERE [Name] = 'Migration.AuditCleanup.PackageFeedApiKey' AND [TenantId] IS NULL)
BEGIN
    IF @serverVersion >= 13 -- SQL Server 2016
        -- Remove just the password if json functions are supported
        EXECUTE sp_executesql N'
            UPDATE [dbo].[AuditLogEntities] 
            SET [CustomData] = JSON_MODIFY([CustomData], ''$.ApiKey'', NULL)
            WHERE
                [EntityId] IS NULL AND
                [EntityName] = ''UiPackageFeed'' AND 
                CHARINDEX(''ApiKey'', [CustomData]) > 0 AND 
                JSON_VALUE([CustomData], ''$.ApiKey'') IS NOT NULL'
    ELSE
        -- Remove just the password if json functions are supported
        EXECUTE sp_executesql N'
            UPDATE [dbo].[AuditLogEntities] 
            SET [CustomData] = ''''
            WHERE
                [EntityId] IS NULL AND
                [EntityName] = ''UiPackageFeed'' AND 
                CHARINDEX(''ApiKey'', [CustomData]) > 0'
    INSERT INTO [dbo].[Settings] ([TenantId],[UserId],[Name],[Value],[CreationTime])
        VALUES (null,null,'Migration.AuditCleanup.PackageFeedApiKey','true',GETUTCDATE())
END

IF NOT EXISTS (SELECT 1 from [dbo].[Settings] WHERE [Name] = 'Migration.AuditCleanup.PackageFeedBasicPassword' AND [TenantId] IS NULL)
BEGIN
    IF @serverVersion >= 13 -- SQL Server 2016
        -- Remove just the password if json functions are supported
        EXECUTE sp_executesql N'
            UPDATE [dbo].[AuditLogEntities] 
            SET [CustomData] = JSON_MODIFY([CustomData], ''$.BasicPassword'', NULL)
            WHERE
                [EntityId] IS NULL AND
                [EntityName] = ''UiPackageFeed'' AND 
                CHARINDEX(''BasicPassword'', [CustomData]) > 0 AND 
                JSON_VALUE([CustomData], ''$.BasicPassword'') IS NOT NULL'
    ELSE
        -- Remove just the password if json functions are supported
        EXECUTE sp_executesql N'
            UPDATE [dbo].[AuditLogEntities] 
            SET [CustomData] = ''''
            WHERE
                [EntityId] IS NULL AND
                [EntityName] = ''UiPackageFeed'' AND 
                CHARINDEX(''BasicPassword'', [CustomData]) > 0'
    INSERT INTO [dbo].[Settings] ([TenantId],[UserId],[Name],[Value],[CreationTime])
        VALUES (null,null,'Migration.AuditCleanup.PackageFeedBasicPassword','true',GETUTCDATE())
END

IF NOT EXISTS (SELECT 1 from [dbo].[Settings] WHERE [Name] = 'Migration.AuditCleanup.LicenseKey' AND [TenantId] IS NULL)
BEGIN
    IF @serverVersion >= 13 -- SQL Server 2016
        EXECUTE sp_executesql N'
            UPDATE [dbo].[AuditLogs]
            SET [Parameters] = JSON_MODIFY([Parameters], ''$.licenseKey'', NULL)
            WHERE
                [ServiceName] = ''UiPath.Orchestrator.Web.Api.OData.Controllers.SettingsController'' AND 
                CHARINDEX(''licenseKey'', [Parameters]) > 0 AND
                ISJSON([Parameters]) = 1 AND
                JSON_VALUE([Parameters], ''$.licenseKey'') IS NOT NULL
                
            UPDATE [dbo].[AuditLogs]
            SET [Parameters] = ''''
            WHERE
                [ServiceName] = ''UiPath.Orchestrator.Web.Api.OData.Controllers.SettingsController'' AND 
                CHARINDEX(''licenseKey'', [Parameters]) > 0 AND
                ISJSON([Parameters]) = 0'
    ELSE
        EXECUTE sp_executesql N'
            UPDATE [dbo].[AuditLogs]
            SET [Parameters] = ''''
            WHERE
            [ServiceName] = ''UiPath.Orchestrator.Web.Api.OData.Controllers.SettingsController'' AND 
            CHARINDEX(''licenseKey'', [Parameters]) > 0'
    INSERT INTO [dbo].[Settings] ([TenantId],[UserId],[Name],[Value],[CreationTime])
        VALUES (null,null,'Migration.AuditCleanup.LicenseKey','true',GETUTCDATE())
ENDDECLARE @serverVersion INT
SET @serverVersion = ISNULL(CAST(COALESCE(SERVERPROPERTY('ProductMajorVersion'),PARSENAME(CAST(SERVERPROPERTY('productversion') AS varchar(20)), 4)) as INT),0)

IF NOT EXISTS (SELECT 1 from [dbo].[Settings] WHERE [Name] = 'Migration.AuditCleanup.Buckets' AND [TenantId] IS NULL)
BEGIN
    IF @serverVersion >= 13 -- SQL Server 2016
        -- Remove just the password if json functions are supported
        EXECUTE sp_executesql N'
            UPDATE [dbo].[AuditLogs]
            SET [Parameters] = JSON_MODIFY([Parameters], ''$.bucketDto.Password'', NULL)
            WHERE 
                [TenantId] IN (SELECT DISTINCT TenantId FROM [dbo].[Buckets] WHERE [StorageProvider] IN (''Amazon'',''Azure'',''Minio'',''S3Compatible'')) AND
                [ServiceName] = ''UiPath.Orchestrator.Web.Api.OData.Controllers.BucketsController'' AND
                CHARINDEX(''Password'', [Parameters]) > 0 AND
                NULLIF(JSON_VALUE([Parameters], ''$.bucketDto.Password''), '''') IS NOT NULL'
    ELSE
        -- Remove all parameters if json functions are not supported
        EXECUTE sp_executesql N'
            UPDATE [dbo].[AuditLogs]
            SET [Parameters] = ''''
            WHERE 
                [TenantId] IN (SELECT DISTINCT TenantId FROM [dbo].[Buckets] WHERE [StorageProvider] IN (''Amazon'',''Azure'',''Minio'',''S3Compatible'')) AND
                [ServiceName] = ''UiPath.Orchestrator.Web.Api.OData.Controllers.BucketsController'' AND
                CHARINDEX(''Password'', [Parameters]) > 0'
    INSERT INTO [dbo].[Settings] ([TenantId],[UserId],[Name],[Value],[CreationTime])
         VALUES (null,null,'Migration.AuditCleanup.Buckets','true',GETUTCDATE())
END

IF NOT EXISTS (SELECT 1 from [dbo].[Settings] WHERE [Name] = 'Migration.AuditCleanup.CredentialStores' AND [TenantId] IS NULL)
BEGIN
    IF @serverVersion >= 13 -- SQL Server 2016
        -- Remove just the password if json functions are supported
        EXECUTE sp_executesql N'
            UPDATE [dbo].[AuditLogs]
            SET [Parameters] = JSON_MODIFY([Parameters], ''$.credentialStoreDto.AdditionalConfiguration'', NULL)
            WHERE 
                [TenantId] IN (SELECT DISTINCT TenantId FROM [dbo].[CredentialStores] WHERE [Type] <> ''Database'') AND
                [ServiceName] = ''UiPath.Orchestrator.Web.Api.OData.Controllers.CredentialStoresController'' AND
                CHARINDEX(''AdditionalConfiguration'', [Parameters]) > 0 AND
                ISJSON([Parameters]) = 1 AND
                NULLIF(JSON_VALUE([Parameters], ''$.credentialStoreDto.AdditionalConfiguration''), '''') IS NOT NULL
            -- Some records are truncated, so not valid JSON
            UPDATE [dbo].[AuditLogs]
            SET [Parameters] = ''''
            WHERE 
                [TenantId] IN (SELECT DISTINCT TenantId FROM [dbo].[CredentialStores] WHERE [Type] <> ''Database'') AND
                [ServiceName] = ''UiPath.Orchestrator.Web.Api.OData.Controllers.CredentialStoresController'' AND
                CHARINDEX(''AdditionalConfiguration'', [Parameters]) > 0 AND
                ISJSON([Parameters]) = 0'
    ELSE
        -- Remove all parameters if json functions are not supported
        EXECUTE sp_executesql N'
            UPDATE [dbo].[AuditLogs]
            SET [Parameters] = ''''
            WHERE 
                [TenantId] IN (SELECT DISTINCT TenantId FROM [dbo].[CredentialStores] WHERE [Type] <> ''Database'') AND
                [ServiceName] = ''UiPath.Orchestrator.Web.Api.OData.Controllers.CredentialStoresController'' AND
                CHARINDEX(''AdditionalConfiguration'', [Parameters]) > 0'
    INSERT INTO [dbo].[Settings] ([TenantId],[UserId],[Name],[Value],[CreationTime])
         VALUES (null,null,'Migration.AuditCleanup.CredentialStores','true',GETUTCDATE())
END

IF NOT EXISTS (SELECT 1 from [dbo].[Settings] WHERE [Name] = 'Migration.AuditCleanup.PackageFeedApiKey' AND [TenantId] IS NULL)
BEGIN
    IF @serverVersion >= 13 -- SQL Server 2016
        -- Remove just the password if json functions are supported
        EXECUTE sp_executesql N'
            UPDATE [dbo].[AuditLogEntities] 
            SET [CustomData] = JSON_MODIFY([CustomData], ''$.ApiKey'', NULL)
            WHERE
                [EntityId] IS NULL AND
                [EntityName] = ''UiPackageFeed'' AND 
                CHARINDEX(''ApiKey'', [CustomData]) > 0 AND 
                JSON_VALUE([CustomData], ''$.ApiKey'') IS NOT NULL'
    ELSE
        -- Remove just the password if json functions are supported
        EXECUTE sp_executesql N'
            UPDATE [dbo].[AuditLogEntities] 
            SET [CustomData] = ''''
            WHERE
                [EntityId] IS NULL AND
                [EntityName] = ''UiPackageFeed'' AND 
                CHARINDEX(''ApiKey'', [CustomData]) > 0'
    INSERT INTO [dbo].[Settings] ([TenantId],[UserId],[Name],[Value],[CreationTime])
        VALUES (null,null,'Migration.AuditCleanup.PackageFeedApiKey','true',GETUTCDATE())
END

IF NOT EXISTS (SELECT 1 from [dbo].[Settings] WHERE [Name] = 'Migration.AuditCleanup.PackageFeedBasicPassword' AND [TenantId] IS NULL)
BEGIN
    IF @serverVersion >= 13 -- SQL Server 2016
        -- Remove just the password if json functions are supported
        EXECUTE sp_executesql N'
            UPDATE [dbo].[AuditLogEntities] 
            SET [CustomData] = JSON_MODIFY([CustomData], ''$.BasicPassword'', NULL)
            WHERE
                [EntityId] IS NULL AND
                [EntityName] = ''UiPackageFeed'' AND 
                CHARINDEX(''BasicPassword'', [CustomData]) > 0 AND 
                JSON_VALUE([CustomData], ''$.BasicPassword'') IS NOT NULL'
    ELSE
        -- Remove just the password if json functions are supported
        EXECUTE sp_executesql N'
            UPDATE [dbo].[AuditLogEntities] 
            SET [CustomData] = ''''
            WHERE
                [EntityId] IS NULL AND
                [EntityName] = ''UiPackageFeed'' AND 
                CHARINDEX(''BasicPassword'', [CustomData]) > 0'
    INSERT INTO [dbo].[Settings] ([TenantId],[UserId],[Name],[Value],[CreationTime])
        VALUES (null,null,'Migration.AuditCleanup.PackageFeedBasicPassword','true',GETUTCDATE())
END

IF NOT EXISTS (SELECT 1 from [dbo].[Settings] WHERE [Name] = 'Migration.AuditCleanup.LicenseKey' AND [TenantId] IS NULL)
BEGIN
    IF @serverVersion >= 13 -- SQL Server 2016
        EXECUTE sp_executesql N'
            UPDATE [dbo].[AuditLogs]
            SET [Parameters] = JSON_MODIFY([Parameters], ''$.licenseKey'', NULL)
            WHERE
                [ServiceName] = ''UiPath.Orchestrator.Web.Api.OData.Controllers.SettingsController'' AND 
                CHARINDEX(''licenseKey'', [Parameters]) > 0 AND
                ISJSON([Parameters]) = 1 AND
                JSON_VALUE([Parameters], ''$.licenseKey'') IS NOT NULL
                
            UPDATE [dbo].[AuditLogs]
            SET [Parameters] = ''''
            WHERE
                [ServiceName] = ''UiPath.Orchestrator.Web.Api.OData.Controllers.SettingsController'' AND 
                CHARINDEX(''licenseKey'', [Parameters]) > 0 AND
                ISJSON([Parameters]) = 0'
    ELSE
        EXECUTE sp_executesql N'
            UPDATE [dbo].[AuditLogs]
            SET [Parameters] = ''''
            WHERE
            [ServiceName] = ''UiPath.Orchestrator.Web.Api.OData.Controllers.SettingsController'' AND 
            CHARINDEX(''licenseKey'', [Parameters]) > 0'
    INSERT INTO [dbo].[Settings] ([TenantId],[UserId],[Name],[Value],[CreationTime])
        VALUES (null,null,'Migration.AuditCleanup.LicenseKey','true',GETUTCDATE())
END

Using the latest version of the BeyondTrust Server or upgrading to it would sometimes cause integration issues. Now, everything works as expected.
Load balancing and SignalR would sometimes cause performance issues. These are now fixed.
When you deleted a machine that was assigned to a folder, the assignment was kept, and the machine was still displayed within that folder. This no longer occurs.
After the migration, account-machine mappings were sometimes not generated, rendering you unable to run jobs. This is no longer the case.
We have fixed a deadlock that was preventing new jobs from being created in classic folders, while using specific robots.
We have improved the security of our system by restricting unnecessary internal information from being exposed in certain error responses.
When you changed the name of a trigger, the Search in tenant page still displayed its previous name. Now, the updated name of the trigger is listed in the search results.
We have fixed an issue that caused credential store passwords to be stored in the database. The passwords could be retrieved by an SQL administrator with read access to the database, or by anyone with View permission on Audit via API.
Timestamps displayed for jobs in Orchestrator database logs were incorrect.
When you exported a folder role, the tenant-level permissions of that role were also exported. This issue is now fixed.
Editing a postpone date for a queue item used the UTC value instead of the tenant time zone value.
Storage bucket files were incorrectly deleted due to an issue related to folder deletion. Specifically, when you unlinked a storage bucket from a folder, then you deleted that folder, the files included in the unlinked storage bucket were also deleted. The same occurred when you deleted the folder without first unlinking the storage bucket. This happened despite the storage bucket still being linked to other folders.
When you enabled account-machine mappings and started a job with the Allocate dynamically option set to the number of robots available, at least one job remained in a Pending state. Now, all jobs are correctly executed by all robots that are available to retrieve them.
Executions were not properly assigned to available robots. This happened when a large number of robots were called for the same template, and assigned to the same job.
Active Directory Domains load more rapidly now. This is due to the caching and the configurable cache expiration value of the GetTrustedDomainNames method.
Editing a postpone date for a queue item used the UTC value instead of the tenant timezone value.
Requests to get storage bucket files that have the extension .svg, .js, .css, .ttf, .woff, .woff2, or .map failed if the extension was at the end of the request.
When a user tried to access Orchestrator using a URL that they received from another user, and the received URL included user-specific data, a blank page was displayed and the user was unable to access Orchestrator. Now, in such cases, users are redirected to the login page.
The process version included in the Job Details window was incorrect, displaying the latest version uploaded to Orchestrator. Now, the Process Version field correctly renders the version used to run the job.
Filtering by host identity on the Jobs and Logs pages did not work correctly for jobs executed via accounts without credentials. When running jobs on Windows machines, the Host Identity column was populated with the actual identity of the robots (domain\username), however, filtering by this value returned no jobs. When running jobs on Linux machines, jobs were executed under Root, but this value was not available for filtering.
The OK and Cancel buttons in the upgrade warning window were not properly displayed in the Japanese version of the application. They are now visible.

Breaking changes

Last Login column

The Last Login column is no longer displayed in the Orchestrator tenant-level License page for Attended licenses. This allows details to be loaded faster in environments containing upwards of 300.000 attended robots. However, if you would like to retrieve this information, you can use the /api/UserPartition/users/{partitionGlobalId} endpoint.

Known issues

Monitoring page issue

Added on 24 April 2023

The Jobs History and Transactions graphs in the Overview section of the Monitoring page are sometimes not displayed properly when using Mozilla Firefox. If this happens, refreshing the browser should solve the problem.

This issue will be fixed in our next cumulative update.

External apps permissions issue

Added on 28 April 2023

There is a disconnect between external apps permissions and the Identity Server, preventing you from adding external apps to a tenant or a folder.

You can bypass this by adding the following parameters to the identity-service config map in ArgoCD:

IdentityFeatureFlags__PublicApps__ApplicationDirectoryMembershipEnabled: 'true' 
IdentityFeatureFlags__PublicApps__EnableDefaultScope: 'true'IdentityFeatureFlags__PublicApps__ApplicationDirectoryMembershipEnabled: 'true' 
IdentityFeatureFlags__PublicApps__EnableDefaultScope: 'true'

Once added, simply save the changes.

This issue will be fixed in our next cumulative update.

Identity known issue

Added on 6 November 2023

In versions 2023.4.0 through 2023.4.2, if you have an Active Directory (AD) integrated environment, you will see sporadic failures from the product leading to the IIS application pool restarting. This issue has been fixed in version 2023.4.3, but it still affects the aforementioned versions. As such, if you use AD, we highly recommend that you directly install or upgrade to 2023.4.3. Otherwise, you will encounter functionality issues.

Deprecation timeline

We recommend that you regularly check the deprecation timeline for any updates regarding features that will be deprecated and removed.

Was this page helpful?

NEXT2023.4.1

Support and Services

Get The Help You Need

UiPath Academy

Learning RPA - Automation Courses

UiPath Forum

UiPath Community Forum

Trust and Security

Cookies Policy