Changelog

Users can now view OPA logs in Workato Logging Service. This addition makes it even easier to to search, audit, and troubleshoot specific automations utilizing OPA.

By default, this feature is disabled, but it can be enabled in workspaces with OPA and Logging Service via the on-prem group level settings.

• Security: upgraded several libraries following OWASP recommendations.
• Linux: fixed RPM OPA upgrade process.
• Linux: fixed graceful shutdown script.
• JMS: fixed resolution of mqcsp property in IBM MQ configuration.
• Files: performance improvements for List files action.
• Logging: reduced amount of logs with debugging enabled.
• MS SQL: added SSL configuration support.
• Docker: starting and activating OPA can be done with a single command.
• Kafka: fixed support for SSL configuration. Added the option to provide a password for the client key file.

See the OPA release notes for this and previous updates to OPA.

• Security: updated Java runtime to version 17.0.9+9.
• MySQL: updated JDBC driver to version 8.2.0.
• Monitoring: fixed initialization error when starting agent with monitoring feature enabled.
• Hardening: fixed rare reconnection bug when using a proxy.
• Hardening: fixed memory consumption for long-running agents.
• Configuration: reduced default graceful shutdown timeout to 30 seconds.

See the OPA release notes for this and previous updates to OPA.

We've introduced a new versioning scheme, major and minor version numbers only (21.0).

Key updates:

• MS SQL: Added support for RFC 4180 specification in CSV bulk load.
• Secrets: Enhanced support for Workato cloud secrets manager and clear secrets cache mechanism. Note: Manual reconnection required for certain connectors after secret rotation.
• Linux: Added SHA-256 signature support for RPM packages for Red Hat Linux.
• Usability: Improved agent behavior with the same key connections. First connected agent remains active, others shut down.
• Windows: Dependency on vcruntime binary removed; installer streamlined.
• Logging: Reduced log events in debug mode.
• Extensions: Fixed auto-injection issue with jakarta.inject.Inject annotation.
• Security: Libraries updated per OWASP recommendations.
• Monitoring: Telemetry added for asynchronous operations.
• SAP: Enhanced reliability of metadata load process.

See OPA Release Notes in docs.

• Security: upgraded middleware libraries Spring to 6.0.9, Jetty to 11.0.15, and Spring LDAP to 3.1.0.
• Kafka: new real-time “New message in topic” single and batch triggers have been released, for better reliability in instances when a recipe is stopped and then started again. Previous triggers are still supported but now marked deprecated.
• Kafka: a bug that caused misconfiguration with the sasl.jaas.config property has been fixed.
• Redshift: microseconds to timestamps added to avoid row collisions.

See OPA Release Notes in docs.

For tighter security, we’ve extended support for secrets manager, Hashicorp Vault, to our on-prem agents (OPA) and on-prem groups (OPA).

We’ve improved the activation flow for any new on-prem agents you create. Other updates:

• Security: trust certificates are now issued by default, by Let’s Encrypt
• Security: several libraries were upgraded with OWASP’s recommendations
• System: agent performance data is now automatically sent to Workato for analysis and improvements
• System: cloud logging feature no longer requires added configuration
• MS SQL: support for useFmtOnly connection property added
• MySQL: support for year date type added
• Kafka: validation of SASL configuration improved

See OPA Release Notes in docs.

• Security: Java Runtime Environment upgraded to version 17.0.6+10
• Security: PostgreSQL JDBC upgraded to version 42.5.4
• JMS: redelivery options for ActiveMQ added, by default number of retries now unlimited
• Debug: full certificate details now print when TLS handshake fails
• Windows: default encoding changed to UTF-8
• Windows: updated with the latest Windows service wrapper library
  

See OPA Release Notes in docs.

• JMS, Kafka, SAP: additional firewall configuration for their triggers will no longer be required
• Security: updated to TLSv1.3 to enable gateway tunnel connections
• Performance: buffering for database-related requests disabled for lower memory consumption
• Kafka: support for AVRO-encoded message keys added
• Kafka: kafka-clients library has been upgraded to version 7.3.1-ccs
• SAP: support for TYPE_UTCLONG data type added
• SAP: stateful RFC support implemented (requires SAP JCo library version 3.1.7. or later)
• MySQL: timezone issue for datetime columns in version 8 fixed
• MySQL: result set streaming is now enabled by default

See OPA Release Notes.

This release introduces a stricter validation of third-party TLS certificates. This can affect how HTTP connectors behave, and self-signed certificates may require additional setup.

• HTTP: trustAll default behavior is updated, support for self-signed certificates and mTLS added
• HTTP: Bad Request errors while using encoded characters fixed
• JMS: connector no longer uses local database to store JMS subscriptions
• JMS: support for High Availability mode added
• Kafka: support for message headers added 
• Security: Vertx, Netty and Jetty libraries upgraded to the latest versions
• Database: bulk triggers support added 
• Linux: fontconfig and bash dependencies for Linux DEB/RPM packages added
• SAP: support of SAP JCo version 3.0. discontinued (SAP JCo version 3.1 or later is required)
• SAP: SAP RFC connector no longer attempts to subscribe for inbound IDOCs if program_id is missing
• SAP: RFC connector now ignores redundant IDOC releases
• SAP: system information can be retrieved even if EP8 is not installed
• SAP: On-prem Agent must now be explicitly authorized to use function module OCS_GET_INSTALLED_SWPRODUCTS
  

See OPA Release Notes in docs.