Changelog

• Security: upgraded middleware libraries Spring to 6.0.9, Jetty to 11.0.15, and Spring LDAP to 3.1.0.
• Kafka: new real-time “New message in topic” single and batch triggers have been released, for better reliability in instances when a recipe is stopped and then started again. Previous triggers are still supported but now marked deprecated.
• Kafka: a bug that caused misconfiguration with the sasl.jaas.config property has been fixed.
• Redshift: microseconds to timestamps added to avoid row collisions.

See OPA Release Notes in docs.

For tighter security, we’ve extended support for secrets manager, Hashicorp Vault, to our on-prem agents (OPA) and on-prem groups (OPA).

We’ve improved the activation flow for any new on-prem agents you create. Other updates:

• Security: trust certificates are now issued by default, by Let’s Encrypt
• Security: several libraries were upgraded with OWASP’s recommendations
• System: agent performance data is now automatically sent to Workato for analysis and improvements
• System: cloud logging feature no longer requires added configuration
• MS SQL: support for useFmtOnly connection property added
• MySQL: support for year date type added
• Kafka: validation of SASL configuration improved

See OPA Release Notes in docs.

• Security: Java Runtime Environment upgraded to version 17.0.6+10
• Security: PostgreSQL JDBC upgraded to version 42.5.4
• JMS: redelivery options for ActiveMQ added, by default number of retries now unlimited
• Debug: full certificate details now print when TLS handshake fails
• Windows: default encoding changed to UTF-8
• Windows: updated with the latest Windows service wrapper library
  

See OPA Release Notes in docs.

• JMS, Kafka, SAP: additional firewall configuration for their triggers will no longer be required
• Security: updated to TLSv1.3 to enable gateway tunnel connections
• Performance: buffering for database-related requests disabled for lower memory consumption
• Kafka: support for AVRO-encoded message keys added
• Kafka: kafka-clients library has been upgraded to version 7.3.1-ccs
• SAP: support for TYPE_UTCLONG data type added
• SAP: stateful RFC support implemented (requires SAP JCo library version 3.1.7. or later)
• MySQL: timezone issue for datetime columns in version 8 fixed
• MySQL: result set streaming is now enabled by default

See OPA Release Notes.

This release introduces a stricter validation of third-party TLS certificates. This can affect how HTTP connectors behave, and self-signed certificates may require additional setup.

• HTTP: trustAll default behavior is updated, support for self-signed certificates and mTLS added
• HTTP: Bad Request errors while using encoded characters fixed
• JMS: connector no longer uses local database to store JMS subscriptions
• JMS: support for High Availability mode added
• Kafka: support for message headers added 
• Security: Vertx, Netty and Jetty libraries upgraded to the latest versions
• Database: bulk triggers support added 
• Linux: fontconfig and bash dependencies for Linux DEB/RPM packages added
• SAP: support of SAP JCo version 3.0. discontinued (SAP JCo version 3.1 or later is required)
• SAP: SAP RFC connector no longer attempts to subscribe for inbound IDOCs if program_id is missing
• SAP: RFC connector now ignores redundant IDOC releases
• SAP: system information can be retrieved even if EP8 is not installed
• SAP: On-prem Agent must now be explicitly authorized to use function module OCS_GET_INSTALLED_SWPRODUCTS
  

See OPA Release Notes in docs.

• Configuration: added cloud profiles support which allows setting up on-prem connections directly in Workato.
• JMS: added support for headers and binary messages.
• Network: rolled back to default TLS implementation and SNI.
• Network: fixed bug during gateway reconnection.
• Security: upgraded to JRE 17.0.5+8.
• Security: upgraded Commons Text library.

See OPA Release Notes in docs.

A single Workato on-prem agent (OPA) can connect to multiple on-prem applications. However, managing these require editing an on-prem agent config file. A cloud profile is a new way of setting a connection for on-prem agent directly in Workato. Connecting an agent to new resources is now much easier and doesn’t require direct access to the machine where the agent runs. This allows for a more centralized management of OPA agents.

More information can be found in the following docs:

• What’s a cloud profile and a list of supported adapters
• How to create an on-prem group that supports cloud profiles

A new version of the on-prem agent has been released with updates in security, new on-prem agent monitoring, added support for Cliend ID and Secret encryption, and more. Click here for the full version notes.

• On-prem files: Invalid character error for Windows file path format fixed
  

See OPA Release Notes in docs.