Orchestrator Release Notes
2021.10.9
Release date: 12 December 2022
Added 12 January 2023: Minimum Elasticsearch and Kibana version changed
Starting with this release, the minimum version required for Elasticsearch and Kibana is 7.16.3.
Additionally, Elasticsearch 7.16.3 must be installed via .zip package, as Windows MSI installer packages of this product are no longer released after 7.16.2.
UnsupportedProductException
. This issue will be fixed in the upcoming cumulative update, enabling you to also use earlier Elasticsearch versions.
- We have fixed an issue that caused the password used for connecting to a storage bucket provider to be stored in the database. This occurred when you created or edited a storage bucket. The password could be retrieved by an SQL administrator with read access to the database, or by anyone with View permission on Audit via API.
- We have fixed an issue that caused credential store passwords to be stored in the database. The passwords could be retrieved by an SQL administrator with read access to the database, or by anyone with View permission on Audit via API.
- We have fixed an issue that caused license codes to be visible in the response returned by calls that retrieved all audit data.
- We have fixed an issue that caused external feed passwords to be stored in the database. This occurred when you created an external feed for maintaining automation packages.
Use this script to clean up any passwords displayed in the existing logs. The script can be run before upgrading to this version.
DECLARE @serverVersion INT
SET @serverVersion = ISNULL(CAST(COALESCE(SERVERPROPERTY('ProductMajorVersion'),PARSENAME(CAST(SERVERPROPERTY('productversion') AS varchar(20)), 4)) as INT),0)
IF NOT EXISTS (SELECT 1 from [dbo].[Settings] WHERE [Name] = 'Migration.AuditCleanup.Buckets' AND [TenantId] IS NULL)
BEGIN
IF @serverVersion >= 13 -- SQL Server 2016
-- Remove just the password if json functions are supported
EXECUTE sp_executesql N'
UPDATE [dbo].[AuditLogs]
SET [Parameters] = JSON_MODIFY([Parameters], ''$.bucketDto.Password'', NULL)
WHERE
[TenantId] IN (SELECT DISTINCT TenantId FROM [dbo].[Buckets] WHERE [StorageProvider] IN (''Amazon'',''Azure'',''Minio'',''S3Compatible'')) AND
[ServiceName] = ''UiPath.Orchestrator.Web.Api.OData.Controllers.BucketsController'' AND
CHARINDEX(''Password'', [Parameters]) > 0 AND
NULLIF(JSON_VALUE([Parameters], ''$.bucketDto.Password''), '''') IS NOT NULL'
ELSE
-- Remove all parameters if json functions are not supported
EXECUTE sp_executesql N'
UPDATE [dbo].[AuditLogs]
SET [Parameters] = ''''
WHERE
[TenantId] IN (SELECT DISTINCT TenantId FROM [dbo].[Buckets] WHERE [StorageProvider] IN (''Amazon'',''Azure'',''Minio'',''S3Compatible'')) AND
[ServiceName] = ''UiPath.Orchestrator.Web.Api.OData.Controllers.BucketsController'' AND
CHARINDEX(''Password'', [Parameters]) > 0'
INSERT INTO [dbo].[Settings] ([TenantId],[UserId],[Name],[Value],[CreationTime])
VALUES (null,null,'Migration.AuditCleanup.Buckets','true',GETUTCDATE())
END
IF NOT EXISTS (SELECT 1 from [dbo].[Settings] WHERE [Name] = 'Migration.AuditCleanup.CredentialStores' AND [TenantId] IS NULL)
BEGIN
IF @serverVersion >= 13 -- SQL Server 2016
-- Remove just the password if json functions are supported
EXECUTE sp_executesql N'
UPDATE [dbo].[AuditLogs]
SET [Parameters] = JSON_MODIFY([Parameters], ''$.credentialStoreDto.AdditionalConfiguration'', NULL)
WHERE
[TenantId] IN (SELECT DISTINCT TenantId FROM [dbo].[CredentialStores] WHERE [Type] <> ''Database'') AND
[ServiceName] = ''UiPath.Orchestrator.Web.Api.OData.Controllers.CredentialStoresController'' AND
CHARINDEX(''AdditionalConfiguration'', [Parameters]) > 0 AND
ISJSON([Parameters]) = 1 AND
NULLIF(JSON_VALUE([Parameters], ''$.credentialStoreDto.AdditionalConfiguration''), '''') IS NOT NULL
-- Some records are truncated, so not valid JSON
UPDATE [dbo].[AuditLogs]
SET [Parameters] = ''''
WHERE
[TenantId] IN (SELECT DISTINCT TenantId FROM [dbo].[CredentialStores] WHERE [Type] <> ''Database'') AND
[ServiceName] = ''UiPath.Orchestrator.Web.Api.OData.Controllers.CredentialStoresController'' AND
CHARINDEX(''AdditionalConfiguration'', [Parameters]) > 0 AND
ISJSON([Parameters]) = 0'
ELSE
-- Remove all parameters if json functions are not supported
EXECUTE sp_executesql N'
UPDATE [dbo].[AuditLogs]
SET [Parameters] = ''''
WHERE
[TenantId] IN (SELECT DISTINCT TenantId FROM [dbo].[CredentialStores] WHERE [Type] <> ''Database'') AND
[ServiceName] = ''UiPath.Orchestrator.Web.Api.OData.Controllers.CredentialStoresController'' AND
CHARINDEX(''AdditionalConfiguration'', [Parameters]) > 0'
INSERT INTO [dbo].[Settings] ([TenantId],[UserId],[Name],[Value],[CreationTime])
VALUES (null,null,'Migration.AuditCleanup.CredentialStores','true',GETUTCDATE())
END
IF NOT EXISTS (SELECT 1 from [dbo].[Settings] WHERE [Name] = 'Migration.AuditCleanup.PackageFeedApiKey' AND [TenantId] IS NULL)
BEGIN
IF @serverVersion >= 13 -- SQL Server 2016
-- Remove just the password if json functions are supported
EXECUTE sp_executesql N'
UPDATE [dbo].[AuditLogEntities]
SET [CustomData] = JSON_MODIFY([CustomData], ''$.ApiKey'', NULL)
WHERE
[EntityId] IS NULL AND
[EntityName] = ''UiPackageFeed'' AND
CHARINDEX(''ApiKey'', [CustomData]) > 0 AND
JSON_VALUE([CustomData], ''$.ApiKey'') IS NOT NULL'
ELSE
-- Remove just the password if json functions are supported
EXECUTE sp_executesql N'
UPDATE [dbo].[AuditLogEntities]
SET [CustomData] = ''''
WHERE
[EntityId] IS NULL AND
[EntityName] = ''UiPackageFeed'' AND
CHARINDEX(''ApiKey'', [CustomData]) > 0'
INSERT INTO [dbo].[Settings] ([TenantId],[UserId],[Name],[Value],[CreationTime])
VALUES (null,null,'Migration.AuditCleanup.PackageFeedApiKey','true',GETUTCDATE())
END
IF NOT EXISTS (SELECT 1 from [dbo].[Settings] WHERE [Name] = 'Migration.AuditCleanup.PackageFeedBasicPassword' AND [TenantId] IS NULL)
BEGIN
IF @serverVersion >= 13 -- SQL Server 2016
-- Remove just the password if json functions are supported
EXECUTE sp_executesql N'
UPDATE [dbo].[AuditLogEntities]
SET [CustomData] = JSON_MODIFY([CustomData], ''$.BasicPassword'', NULL)
WHERE
[EntityId] IS NULL AND
[EntityName] = ''UiPackageFeed'' AND
CHARINDEX(''BasicPassword'', [CustomData]) > 0 AND
JSON_VALUE([CustomData], ''$.BasicPassword'') IS NOT NULL'
ELSE
-- Remove just the password if json functions are supported
EXECUTE sp_executesql N'
UPDATE [dbo].[AuditLogEntities]
SET [CustomData] = ''''
WHERE
[EntityId] IS NULL AND
[EntityName] = ''UiPackageFeed'' AND
CHARINDEX(''BasicPassword'', [CustomData]) > 0'
INSERT INTO [dbo].[Settings] ([TenantId],[UserId],[Name],[Value],[CreationTime])
VALUES (null,null,'Migration.AuditCleanup.PackageFeedBasicPassword','true',GETUTCDATE())
END
IF NOT EXISTS (SELECT 1 from [dbo].[Settings] WHERE [Name] = 'Migration.AuditCleanup.LicenseKey' AND [TenantId] IS NULL)
BEGIN
IF @serverVersion >= 13 -- SQL Server 2016
EXECUTE sp_executesql N'
UPDATE [dbo].[AuditLogs]
SET [Parameters] = JSON_MODIFY([Parameters], ''$.licenseKey'', NULL)
WHERE
[ServiceName] = ''UiPath.Orchestrator.Web.Api.OData.Controllers.SettingsController'' AND
CHARINDEX(''licenseKey'', [Parameters]) > 0 AND
ISJSON([Parameters]) = 1 AND
JSON_VALUE([Parameters], ''$.licenseKey'') IS NOT NULL
UPDATE [dbo].[AuditLogs]
SET [Parameters] = ''''
WHERE
[ServiceName] = ''UiPath.Orchestrator.Web.Api.OData.Controllers.SettingsController'' AND
CHARINDEX(''licenseKey'', [Parameters]) > 0 AND
ISJSON([Parameters]) = 0'
ELSE
EXECUTE sp_executesql N'
UPDATE [dbo].[AuditLogs]
SET [Parameters] = ''''
WHERE
[ServiceName] = ''UiPath.Orchestrator.Web.Api.OData.Controllers.SettingsController'' AND
CHARINDEX(''licenseKey'', [Parameters]) > 0'
INSERT INTO [dbo].[Settings] ([TenantId],[UserId],[Name],[Value],[CreationTime])
VALUES (null,null,'Migration.AuditCleanup.LicenseKey','true',GETUTCDATE())
END
DECLARE @serverVersion INT
SET @serverVersion = ISNULL(CAST(COALESCE(SERVERPROPERTY('ProductMajorVersion'),PARSENAME(CAST(SERVERPROPERTY('productversion') AS varchar(20)), 4)) as INT),0)
IF NOT EXISTS (SELECT 1 from [dbo].[Settings] WHERE [Name] = 'Migration.AuditCleanup.Buckets' AND [TenantId] IS NULL)
BEGIN
IF @serverVersion >= 13 -- SQL Server 2016
-- Remove just the password if json functions are supported
EXECUTE sp_executesql N'
UPDATE [dbo].[AuditLogs]
SET [Parameters] = JSON_MODIFY([Parameters], ''$.bucketDto.Password'', NULL)
WHERE
[TenantId] IN (SELECT DISTINCT TenantId FROM [dbo].[Buckets] WHERE [StorageProvider] IN (''Amazon'',''Azure'',''Minio'',''S3Compatible'')) AND
[ServiceName] = ''UiPath.Orchestrator.Web.Api.OData.Controllers.BucketsController'' AND
CHARINDEX(''Password'', [Parameters]) > 0 AND
NULLIF(JSON_VALUE([Parameters], ''$.bucketDto.Password''), '''') IS NOT NULL'
ELSE
-- Remove all parameters if json functions are not supported
EXECUTE sp_executesql N'
UPDATE [dbo].[AuditLogs]
SET [Parameters] = ''''
WHERE
[TenantId] IN (SELECT DISTINCT TenantId FROM [dbo].[Buckets] WHERE [StorageProvider] IN (''Amazon'',''Azure'',''Minio'',''S3Compatible'')) AND
[ServiceName] = ''UiPath.Orchestrator.Web.Api.OData.Controllers.BucketsController'' AND
CHARINDEX(''Password'', [Parameters]) > 0'
INSERT INTO [dbo].[Settings] ([TenantId],[UserId],[Name],[Value],[CreationTime])
VALUES (null,null,'Migration.AuditCleanup.Buckets','true',GETUTCDATE())
END
IF NOT EXISTS (SELECT 1 from [dbo].[Settings] WHERE [Name] = 'Migration.AuditCleanup.CredentialStores' AND [TenantId] IS NULL)
BEGIN
IF @serverVersion >= 13 -- SQL Server 2016
-- Remove just the password if json functions are supported
EXECUTE sp_executesql N'
UPDATE [dbo].[AuditLogs]
SET [Parameters] = JSON_MODIFY([Parameters], ''$.credentialStoreDto.AdditionalConfiguration'', NULL)
WHERE
[TenantId] IN (SELECT DISTINCT TenantId FROM [dbo].[CredentialStores] WHERE [Type] <> ''Database'') AND
[ServiceName] = ''UiPath.Orchestrator.Web.Api.OData.Controllers.CredentialStoresController'' AND
CHARINDEX(''AdditionalConfiguration'', [Parameters]) > 0 AND
ISJSON([Parameters]) = 1 AND
NULLIF(JSON_VALUE([Parameters], ''$.credentialStoreDto.AdditionalConfiguration''), '''') IS NOT NULL
-- Some records are truncated, so not valid JSON
UPDATE [dbo].[AuditLogs]
SET [Parameters] = ''''
WHERE
[TenantId] IN (SELECT DISTINCT TenantId FROM [dbo].[CredentialStores] WHERE [Type] <> ''Database'') AND
[ServiceName] = ''UiPath.Orchestrator.Web.Api.OData.Controllers.CredentialStoresController'' AND
CHARINDEX(''AdditionalConfiguration'', [Parameters]) > 0 AND
ISJSON([Parameters]) = 0'
ELSE
-- Remove all parameters if json functions are not supported
EXECUTE sp_executesql N'
UPDATE [dbo].[AuditLogs]
SET [Parameters] = ''''
WHERE
[TenantId] IN (SELECT DISTINCT TenantId FROM [dbo].[CredentialStores] WHERE [Type] <> ''Database'') AND
[ServiceName] = ''UiPath.Orchestrator.Web.Api.OData.Controllers.CredentialStoresController'' AND
CHARINDEX(''AdditionalConfiguration'', [Parameters]) > 0'
INSERT INTO [dbo].[Settings] ([TenantId],[UserId],[Name],[Value],[CreationTime])
VALUES (null,null,'Migration.AuditCleanup.CredentialStores','true',GETUTCDATE())
END
IF NOT EXISTS (SELECT 1 from [dbo].[Settings] WHERE [Name] = 'Migration.AuditCleanup.PackageFeedApiKey' AND [TenantId] IS NULL)
BEGIN
IF @serverVersion >= 13 -- SQL Server 2016
-- Remove just the password if json functions are supported
EXECUTE sp_executesql N'
UPDATE [dbo].[AuditLogEntities]
SET [CustomData] = JSON_MODIFY([CustomData], ''$.ApiKey'', NULL)
WHERE
[EntityId] IS NULL AND
[EntityName] = ''UiPackageFeed'' AND
CHARINDEX(''ApiKey'', [CustomData]) > 0 AND
JSON_VALUE([CustomData], ''$.ApiKey'') IS NOT NULL'
ELSE
-- Remove just the password if json functions are supported
EXECUTE sp_executesql N'
UPDATE [dbo].[AuditLogEntities]
SET [CustomData] = ''''
WHERE
[EntityId] IS NULL AND
[EntityName] = ''UiPackageFeed'' AND
CHARINDEX(''ApiKey'', [CustomData]) > 0'
INSERT INTO [dbo].[Settings] ([TenantId],[UserId],[Name],[Value],[CreationTime])
VALUES (null,null,'Migration.AuditCleanup.PackageFeedApiKey','true',GETUTCDATE())
END
IF NOT EXISTS (SELECT 1 from [dbo].[Settings] WHERE [Name] = 'Migration.AuditCleanup.PackageFeedBasicPassword' AND [TenantId] IS NULL)
BEGIN
IF @serverVersion >= 13 -- SQL Server 2016
-- Remove just the password if json functions are supported
EXECUTE sp_executesql N'
UPDATE [dbo].[AuditLogEntities]
SET [CustomData] = JSON_MODIFY([CustomData], ''$.BasicPassword'', NULL)
WHERE
[EntityId] IS NULL AND
[EntityName] = ''UiPackageFeed'' AND
CHARINDEX(''BasicPassword'', [CustomData]) > 0 AND
JSON_VALUE([CustomData], ''$.BasicPassword'') IS NOT NULL'
ELSE
-- Remove just the password if json functions are supported
EXECUTE sp_executesql N'
UPDATE [dbo].[AuditLogEntities]
SET [CustomData] = ''''
WHERE
[EntityId] IS NULL AND
[EntityName] = ''UiPackageFeed'' AND
CHARINDEX(''BasicPassword'', [CustomData]) > 0'
INSERT INTO [dbo].[Settings] ([TenantId],[UserId],[Name],[Value],[CreationTime])
VALUES (null,null,'Migration.AuditCleanup.PackageFeedBasicPassword','true',GETUTCDATE())
END
IF NOT EXISTS (SELECT 1 from [dbo].[Settings] WHERE [Name] = 'Migration.AuditCleanup.LicenseKey' AND [TenantId] IS NULL)
BEGIN
IF @serverVersion >= 13 -- SQL Server 2016
EXECUTE sp_executesql N'
UPDATE [dbo].[AuditLogs]
SET [Parameters] = JSON_MODIFY([Parameters], ''$.licenseKey'', NULL)
WHERE
[ServiceName] = ''UiPath.Orchestrator.Web.Api.OData.Controllers.SettingsController'' AND
CHARINDEX(''licenseKey'', [Parameters]) > 0 AND
ISJSON([Parameters]) = 1 AND
JSON_VALUE([Parameters], ''$.licenseKey'') IS NOT NULL
UPDATE [dbo].[AuditLogs]
SET [Parameters] = ''''
WHERE
[ServiceName] = ''UiPath.Orchestrator.Web.Api.OData.Controllers.SettingsController'' AND
CHARINDEX(''licenseKey'', [Parameters]) > 0 AND
ISJSON([Parameters]) = 0'
ELSE
EXECUTE sp_executesql N'
UPDATE [dbo].[AuditLogs]
SET [Parameters] = ''''
WHERE
[ServiceName] = ''UiPath.Orchestrator.Web.Api.OData.Controllers.SettingsController'' AND
CHARINDEX(''licenseKey'', [Parameters]) > 0'
INSERT INTO [dbo].[Settings] ([TenantId],[UserId],[Name],[Value],[CreationTime])
VALUES (null,null,'Migration.AuditCleanup.LicenseKey','true',GETUTCDATE())
END
Read the security advisory for UiPath Orchestrator - Exposure of Sensitive Information.
- We have improved the security of our system by restricting unnecessary internal information from being exposed in certain error responses.
- Storage bucket files were incorrectly deleted due to an issue related to folder deletion. Specifically, when you unlinked a storage bucket from a folder, then you deleted that folder, the files included in the unlinked storage bucket were also deleted. The same occurred when you deleted the folder without first unlinking the storage bucket. This happened despite the storage bucket still being linked to other folders.
We recommend that you regularly check the deprecation timeline for any updates regarding features that will be deprecated and removed.