Patch 1.28.2
In this patch, we have fixed critical vulnerabilities and strengthened the system's security. Also, this patch introduces the following updates to the configurations and layout of the agent interface:
- extended list of interface elements that change their display view when the Compact mode is on.
- new Immediate unit field on the Employee forms.
- multiple Static User Information SA widget instances can now be placed on the same form with the display conditions configured.
System improvements and fixes include:
- an updated authorization mechanism and password policies,
- the use of the silentMode() method that excludes indications when updating records,
- a migration script to transfer portal cards from the Node(system_node) table to the Portal Card (portal_card) table.
Improvements
Compact mode updates
The Compact mode, introduced in the previous version, now extends to more agent interface components:
- Table list views
- Condition builder
- Related lists
Read more in the documentation.
Specify Immediate unit on the Employee form
A new Immediate unit field has been added to the Employee form. Now managers can specify the unit where the employee is hired.
Read more in the documentation.
Multiple instances of Static User Information SA widget
In this version, you can configure display conditions for the Static User Information SA widget. This means you can now place multiple instances of the widget on the same form and display only the ones that meet the specified conditions. For example, on an Incident form, different widget instances can show information about the Service Owner or the Caller, depending on whether the incident is infrastructural.
Read more in the documentation.
Portal cards migration from the Node to the Portal Card
Portal card data has been moved from the Node (simple_node) table to the Portal Card (portal_cards) table introduced in version 1.28.0. When upgrading to this version, all previously created cards are moved to the Portal Cards table and displayed in the Portal Cards widget.
To run the script, follow the steps:
- Navigate to System Settings → Server Scripts.
- Find and open the Portal Card Migration record.
- Click Run.
After the script is executed, the migrated records appear in the Portal Card (portal_card) table. You can view them in the table and configure their display in the Portal Cards widget.
Read more in the documentation.
New search bar position on self-service portal
The search bar widget is now located in the header of the self-service portal. This improves UI consistency across the agent interface, self-service portal, and documentation site.
The silentMode() method in the indicator calculator
You can now change target records without triggering indication updates using the silentMode() method.
Read more in the documentation.
Strong Password Policy
Starting with version 1.28.0, you can define a password policy. The system now supports two options:
- Simple password – must contain at least 6 characters and no spaces.
- Strong password – must contain at least 8 characters including uppercase and lowercase letters and digits (0-9).
To enable the strong password policy, use the simple.auth.strong_password_policy.enabled system property.
Passwords created before the strong password policy was enabled will remain valid until changed or reset. After enabling the policy, all new passwords must meet the new requirements.
Read more in the documentation.
Authorization and password policy updates
In this version, we have finalized the authorization and password policy updates:
- Input validation has been added for the authFull tag in both the agent and login interfaces.
- System behavior has been optimized to avoid slow server response on repeated invalid inputs.
- A strong password policy is now enforced for local accounts in the web application.
Read more in the maintenance documentation.
Authentication and authorization updates
In this version, the token processing logic has been moved to a new microservice.
Deleted from the system:
- the User Token (user_token) table.
- the user.token.ttl method.
Read more in the maintenance documentation.
Rule Engine service optimization
To prevent saturation of the Rule Engine, the following options have been added:
- Using the
inventoryparameter to define the number of Rule Engine instances per virtual machine. - Increasing partitions using new tools.
- Monitoring saturation.
Read more in the maintenance documentation.
Fixes
DEF0020935: The deprecated Contract Category (contract_category) field remained on the Contract (contract) form while the new Contract Category (category) field was active. In this version, the deprecated field has been disabled, and the new one renamed Asset Contract Category.
DEF0020335: An error has been fixed where images were not transferred during field conversion from the html type to the WYSIWYG type.
DEF0019715: An invalid backend_worker_attachment_index caused abnormal RAM/CPU usage and instances break downs with errors 502 and 503. In this version, the problem has been fixed.
DEF0019671: In the Heapselect page, the Save and Cancel UI action titles were missing. Also, the users could not save the changes. This version has brought back the button names and fixed the saving issue.
DEF0018425: In the previous versions, unauthorized users could access platform version information. Now, the security settings have been updated, and this data is available to authorized users only.
DEF0015397: The record creation was not registered fully in the system History logs when the value in the fields of type Text and Choice was set to 0, and the value in the fields of type Boolean was set to false. In this version, the validation conditions have been updated, and the History displays all records.
DEF0014651: Client scripts could not be executed on the portal pages due to an error in the Record Default Widget instance. In this version, the widget options are fixed.