Changelog

• Security: Java Runtime Environment upgraded to version 17.0.6+10
• Security: PostgreSQL JDBC upgraded to version 42.5.4
• JMS: redelivery options for ActiveMQ added, by default number of retries now unlimited
• Debug: full certificate details now print when TLS handshake fails
• Windows: default encoding changed to UTF-8
• Windows: updated with the latest Windows service wrapper library
  

See OPA Release Notes in docs.

More audit events have been added, to track changes to a workspace’s security and permissions settings.

This allows admins more visibility to troubleshoot changes.

See the full list of account activities tracked.

• JMS, Kafka, SAP: additional firewall configuration for their triggers will no longer be required
• Security: updated to TLSv1.3 to enable gateway tunnel connections
• Performance: buffering for database-related requests disabled for lower memory consumption
• Kafka: support for AVRO-encoded message keys added
• Kafka: kafka-clients library has been upgraded to version 7.3.1-ccs
• SAP: support for TYPE_UTCLONG data type added
• SAP: stateful RFC support implemented (requires SAP JCo library version 3.1.7. or later)
• MySQL: timezone issue for datetime columns in version 8 fixed
• MySQL: result set streaming is now enabled by default

See OPA Release Notes.

We have launched status pages for each region, so users can monitor our systems’ status, check for incidents—and subscribe to email updates.

• USA status page
• Europe status page
• Singapore status page
• Japan status page 

SCIM Provisioning allows our customers to automate the entire user lifecycle management process. From the time a user joins the company and needs access to Workato (provisioning), requires more privileges (profile updates), and finally, to the time they leave (de-provisioning). This eliminates any manual and error prone actions that IT admins must take on the Workato platform as provisioning actions will be automatically synced with their identity provider (IdP) like Okta, OneLogin etc..  This release includes:

• Full lifecycle management actions (Create users, update user attributes like workato_role, and de-provision users with supported IdP's like Okta, OneLogin, CyberArk Idaptive)
• Ability to provision single or multiple Workato Workspaces from identity platforms
• Ability to remove environment / Workspace access from identity platforms
• Ability to provision, update, de-provision users at the individual or group level
• Track all access related changes on audit logs across all environments and differentiate between automatic and manual changes

Learn more about account provisioning with SCIM by checking out the documentation.

This release introduces a stricter validation of third-party TLS certificates. This can affect how HTTP connectors behave, and self-signed certificates may require additional setup.

• HTTP: trustAll default behavior is updated, support for self-signed certificates and mTLS added
• HTTP: Bad Request errors while using encoded characters fixed
• JMS: connector no longer uses local database to store JMS subscriptions
• JMS: support for High Availability mode added
• Kafka: support for message headers added 
• Security: Vertx, Netty and Jetty libraries upgraded to the latest versions
• Database: bulk triggers support added 
• Linux: fontconfig and bash dependencies for Linux DEB/RPM packages added
• SAP: support of SAP JCo version 3.0. discontinued (SAP JCo version 3.1 or later is required)
• SAP: SAP RFC connector no longer attempts to subscribe for inbound IDOCs if program_id is missing
• SAP: RFC connector now ignores redundant IDOC releases
• SAP: system information can be retrieved even if EP8 is not installed
• SAP: On-prem Agent must now be explicitly authorized to use function module OCS_GET_INSTALLED_SWPRODUCTS
  

See OPA Release Notes in docs.

While each Workato data center has its own IPs to use for outbound allow lists, there is a need to restrict inbound requests to Workato for OPA usage.  This is where the On-Prem Agent allow lists helps solve for this.  Admins can easily add an IP allow list at the group level to restrict agents in the group. These additional IP restrictions will help organizations increase their security by decreasing their network attack surface. 

As part of an effort to provide more granular permissions across the platform, Properties are now called “Environment Properties” as they are global properties on an environment level. This allows more control and protection when using Environment Properties.

Previously “full access” was the only permission.  New permissions are now available:

• View 
• Edit records,
• Create
• Delete

• Configuration: added cloud profiles support which allows setting up on-prem connections directly in Workato.
• JMS: added support for headers and binary messages.
• Network: rolled back to default TLS implementation and SNI.
• Network: fixed bug during gateway reconnection.
• Security: upgraded to JRE 17.0.5+8.
• Security: upgraded Commons Text library.

See OPA Release Notes in docs.

A single Workato on-prem agent (OPA) can connect to multiple on-prem applications. However, managing these require editing an on-prem agent config file. A cloud profile is a new way of setting a connection for on-prem agent directly in Workato. Connecting an agent to new resources is now much easier and doesn’t require direct access to the machine where the agent runs. This allows for a more centralized management of OPA agents.

More information can be found in the following docs:

• What’s a cloud profile and a list of supported adapters
• How to create an on-prem group that supports cloud profiles