Universal Controller 7.9.0.0 Release Notes

E-02220

Approval Task

A new task type, Approval Task, has been introduced.

You can use Approval tasks to create a pause in a Workflow, during which approval from one or more Users and/or Groups is required to progress to the next step. Additionally, you can provide a description of what needs to be approved, as well as links to relevant external information for the approvers to view.

E-02216

Reporting Controller

A new option has been added to install a Universal Controller as a Reporting Server.

A Universal Reporting Server is a separate Universal Controller instance dedicated to storing historical data from a source Universal Controller (Production Server). This allows you to maintain minimal data on the Production Server for optimal performance, while preserving access to historical information.

You can use a Reporting Server to replicate Activity, Agents, Audits, and History records. Once an item is replicated, it can be safely backed up and purged from the Production Server.

B-22112*

Exclude non-started Finished task instances from Licensed Monthly Executions

The Controller is licensed by the number of monthly task executions (i.e. the number of task instances that end in Success or Finished status).

Previously, this count included all tasks that are Force Finished, even if those tasks were not started prior to going into Finished status. If a Workflow were Force Finished, all the tasks in that Workflow would be counted, even though they never started. To avoid this scenario, Licensed Monthly Executions now only counts tasks that were started prior to going Finished.

B-22674

UDM > TLS SNI support

An agent registered in Universal Controller will now show the TLS SNI Host Name, when applicable, in the format PORT@HOSTNAME:SNI-NAME.

Open

For a UDM-based File Transfer Task, when selecting UDM Agent or UDM Agent Cluster as the Primary UDM Agent Option and/or the Secondary UDM Agent Option, the “open” statement will be generated using the agent's TLS SNI Host Name, when applicable.

Furthermore, new built-in variables were also added for usage in a UDM Script.

• ops_primary_agent_sni_name - Get the primary agent TLS SNI host name

• ops_primary_agent_port - Get the primary agent TLS SNI host port

• ops_secondary_agent_sni_name - Get the secondary agent TLS SNI host name

• ops_secondary_agent_port - Get the secondary agent TLS SNI host port

B-21505

Change History - Change Description - Web Service API

The Change Description / Change History feature is now supported for Web Service APIs.

If Change History is enabled, a changeHistory property is returned when reading supported record types. You can also specify a Change Description when updating supported records via the X-Change-Description header.

See RESTful Web Services API for details.

B-20771

Allow to bypass initial check on IDP file to be able to get SP Metadata for initial SSO setup

You can now configure SAML Single Sign-On Settings without having to specify an Identity Provider metadata file.

If the IdP requires Service Provider (SP) metadata for configuration, you can temporarily set the Identity Provider Metadata Source to Pending, allowing you to download the SP metadata prior to specifying the Identity Provider Metadata Source.

B-22025*

Update Microsoft JDBC Driver for SQL Server from 12.4 to 12.10

https://learn.microsoft.com/en-us/sql/connect/jdbc/microsoft-jdbc-driver-for-sql-server-support-matrix?view=sql-server-ver17

B-22093

Update MySQL Connector/J for MySQL from 8.2.0 to 9.3.0

https://dev.mysql.com/doc/relnotes/connector-j/en/news-9-3-0.html

B-22094

Certify support for MySQL 8.4 (LTS)

https://dev.mysql.com/doc/relnotes/mysql/8.4/en/

B-22154

Update OpenTelemetry from 1.32.0 to 1.51.0

OpenTelemetry Java Version 1.51.0

https://github.com/open-telemetry/opentelemetry-java/releases/tag/v1.51.0

OpenTelemetry Semantic Conventions for Java Version 1.34.0

https://github.com/open-telemetry/semantic-conventions-java/releases/tag/v1.34.0

B-22102

LDAP: Disable range-based searches by default when synchronizing Users

The uc.ldap.users.synchronization_by_range property is now false by default to disable range-based searches when syncing LDAP users.

See Properties for specifications.

B-22379*

Trigger workflow creation transaction optimizations

A number of performance optimizations were made around triggering (or launching) a large number of workflows simultaneously, including the following highlights:

A reduction in the number of queries to load tasks within a workflow by fetching them upfront by task type.

A summary of the pre-load fetch operations can be found in the uc.log.

An auxiliary database connection pool to allow for assigning connections exclusively to triggering (or launching).

To use this feature, you must enable it by adding the following to the uc.properties.

An optional cache only strategy for managing the Task Instance Number (also known as the Exec Reference Counter). This is an advanced configuration.

See the following properties for more details:

• System properties:

  • Task Instance Number Cache Only

• uc.properties:

  • uc.db.pooler.connections.Auxiliary

  • uc.db.pooler.connections.max.Auxiliary

  • uc.db.pooler.connections.use_auxiliary.launch

  • uc.db.pooler.connections.use_auxiliary.trigger

B-22424

Data Backup/Purge - Optimize "Backup" memory consumption

During a Data Backup/Purge operation, the Controller now performs the backup operation using fixed-sized batches, comparable to the purge operation, when backing up a large number of records. This both reduces and stabilizes memory consumption over the course of the Data Backup/Purge operation. Furthermore, the backup operation is now inline with the purge operation so a batch of records is purged immediately after being backed up.

A new system property has been added to control this functionality: Purge Activity By Primary Maximum Per Backup. See Properties for specifications.

Other optimizations to the Data Backup/Purge operation were made as part of this change, including improved streaming of records to a backup file, and a reduction in the number of SQL queries and updates.

E-02212

Static Code Analysis and Security Hardening:

B-22101: SonarQube - Bugs
B-22103: SonarQube - Vulnerabilities
B-22104*: SonarQube - Security Hotspots

To drive improved security, and reliability, we proactively addressed bugs, vulnerabilities, and security hotspots reported by static code analysis.

B-22019

Session Hijacking Protection

By default, the controller monitors for Remote Address (Client IP) and User-Agent header mismatches by comparing each request to the initial values bound to the authenticated session.

If a mismatch is detected, it will be both logged and audited, and the user's session will be invalidated immediately.

You can control this configuration with the following uc.properties:

• uc.session.validation.remote_addr.proxy_headers

• uc.session.validation.remote_addr.trusted_proxies

• uc.session.validation.remote_addr.use_proxy_headers

• uc.session.validation.remote_addr.validate

• uc.session.validation.user_agent.validate

See Properties for specifications.

B-20594

Restrict number of guesses for TOTP code

You can now restrict the number of guesses for the Time-based One-time Password when trying to log into the Controller. This can be configured with the Maximum Failed Login Attempts field in the Password Settings.

B-20595

Use consistent error messaging.

Use more consistent and generic messages for client facing errors, while preserving detailed messages for auditing and logging.

B-20772

Property to loosen security constraints for automatic retries and better visibility of automatic retry failures

You can now specify whether the Execution User of a task must have Re-run permission for the automatic retry to engage.

This behavior is controlled by the new Task Retry Re-run Permission Required system property. See Properties for specifications.

B-22172

System Property - Task Launch Permission Required For Insert Task

You can now control whether users need permission to launch a task in order to insert that task into a Workflow.

This behavior is controlled by the new Task Launch Permission Required For Insert Task system property. See Properties for specifications.

D-13649*
D-13650*
D-13651*
D-13652*
D-13654*
D-13673*

Library dependencies updated due to vulnerabilities.

D-13424*
D-13426*

Security hardening

B-20596

Enhance Self-Service Options to allow specifying a variable value as Required from Trigger Now... and Launch With Variables... dialogs

You can now control whether the Trigger Now… and Launch With Variables… dialogs require non-empty variable value(s).

This is specified with the new Required checkbox, which is mutually exclusive with the Allow Empty Option. You can find these fields in the Self-Service Options of the Variable Details for a local Variable of a task or trigger.

Open

E-02200

Task Instance Modify

You can now modify task instances via the Patch a Task Instance API. See Task Instance Web Services for details.

Some fields are read-only and cannot be patched. To see which properties of a task instance record can be modified, see the Patchable (Instance Only) column of the table on any Task Properties doc.

B-20582

Add user endpoints for more granular management of group membership

New APIs have been added for managing group membership:

• Read a User’s Group Membership

• Add a User to a Group

• Remove a User from a Group

See User Web Services for details.

B-21675*

Clear Virtual Resource Dependencies - Return In Use Virtual Resource Order(s)

A new Boolean Boolean request property, returnInUse, is supported for the Clear Virtual Resource Dependencies API. See Task Instance Web Services for details.

Setting this property to true specifies that that virtual resource order(s) will be returned if they were already filled for the instance. This is equivalent to running the Clear Resources (Return In Use) task instance command in the UI (see B-22313/B-22320).

B-21684

Task Instance - Insert Task with Variables

The Insert a Task into a Workflow with Dependencies API has been enhanced. You can now specify variables for the inserted task instance using the variables request property.

See Workflow Task Instance Web Services for details.

B-22166

Trigger Now - Return information on started instance(s)

The Trigger Tasks (Trigger Now) API now returns the task instance id(s) of the task(s) launched by the trigger if you specify the includeTaskInstanceIds query parameter.

See Trigger Web Services for details.

B-22168

Task Instance - Set Variable

You can now use the Set a Task Instance Variable API to modify a variable of a task instance.

See Task Instance Web Services for details.

B-22233

Allow creation of user to exclude password when Login Method is exclusively Single Sign-On

You can create a User through the API without having to set a password, if and only if the user’s login method is exclusively Single Sign-On. In this case, the User will be generated with a random secure password.

See User Web Services for details.

B-22300

Cluster Node Health Check

You can now get health check details of the current cluster node by using the Healthcheck API.

See Cluster Node Web Services for details.

B-22449

Change Default Response Content Type

The default response content type for Web Service APIs has changed to JSON for new deployments.

You can specify your preferred content type with the Web Service Default Response Content system property. See Properties for specifications.

D-13793

Retrieve Task Instance Output API should not support operationalMemo query parameter

The operationalMemo query parameter has been removed from the Retrieve Task Instance Output API to prevent updates to a record during a Read operation.

B-20583

Expose Top Level Workflow / Top Level Workflow Name (top_level_workflow_id) to Ux for reporting purposes

You can now easily view the top-level parent workflow of a task instance via the Top Level Workflow field, which is visible from the Activity Monitor and Task Instances list.

You can also view the Top Level Workflow from the details of a task instance. When generating a Report, you can filter and sort by Top Level Workflow as well.

B-21340

Restarting z/OS tasks should default to 'Select to End for Re-run'

Based on user feedback, we moved the ‘Select to End for Re-run’ to the top of the context-menu.

D-13287*

Allow Re-run of z/OS task instance with abnormal failure.

To accommodate B-21340, a Force Resubmit command was introduced under the z/OS Task Commands menu.

For more details about the command and its usage, following the user documentation link below.

Force Resubmitting a z/OS Task Instance

B-21418

Override Previous Instance Wait: "On Resolved Task Name"

A new field, Previous Instance Wait Lookup Option, has been added to Workflows.

Open

You can use this option to specify that a Workflow should wait for previous instances based on the resolved task instance name. This is useful for cases where you might have variable task names, resulting in different task instance names for the same task definition.

B-21558

Add ability to execute Success / Failed Set Variable Actions prior to edge variable condition evaluation

You can now configure whether the Set Variable action of a task in a Workflow will occur before the path condition of that task is evaluated.

This behavior is controlled with the new Perform Set Variable Actions Before Workflow Dependency Evaluation system property. See Properties for specifications.

B-22313*
B-22320*

Add "Clear Resources (Return In Use)" Command

A new task instance command has been added: Clear Resources (Return In Use).

This is similar to the existing Clear Resources command, but it can be used on task instances that have already acquired resources, allowing you to return those resources prior to completion.

You can return acquired resources of a task instance while it is in any of the following statuses: Action Required, Approval Required, Cancel Pending, Confirmation Required, Execution Wait, Failed, In Doubt, Queued, Running, Running Problems, Start Failure, Started, Submitted, Undeliverable.