Tungsten RPA (Kapow) 11.2.0 Fix Pack 10 | Release Date: September 21, 2022

Problems Resolved in this Fix Pack

1848862: A critical error in 11.2.0.9 could potentially corrupt robot files when editing basic robots and cause constant re-execution.
1842553: Roboserver authenticated against LDAP every time a robot was downloaded.
1841391: Synchronizer did not work with Github after a Github upgrade.
1840446: Upgraded commons-configuration due to high severity vulnerability CVE-2022-33980.
1838032: Synchronizer failed to start.
1826622: Missing support for some client certificates algorithms caused error message in CEF.
1826173: Fixed valued inputs were not restored as hidden from Kapplets backup.
1825143: Management Console restore backup failed if it contained a Password Store client role.
1821107: Design Studio used excessive KTA licenses when running robots.
1817112: Robot references were not always updated when importing a Management Console project.
1805582: SOAP wsdl page was not shown for robots in the Management Console.
1805553: Upgraded url-parse due to high severity vulnerability CVE-2022-0691.
1805383: Upgraded log4net due to high severity vulnerability CVE-2018-1285.
1805381: Upgraded Tomcat due to high severity vulnerability CVE-2022-23181.
1805374: Upgraded Liquibase due to high severity vulnerability CVE-2022-0839.

Features Introduced in previous Fix Packs

FR10823 – 1717034 When restoring a backup, previously made clusters were lost. When restoring a backup using Merge or Reset, all previously made clusters are deleted. To retain the clusters, select “Retain existing clusters” in the “Restore backup” window. It is important that the names of the existing clusters are different from the cluster names in the backup.

FR15559, FR16034 – 1676826 Added support for OAuth single tenant mode with Azure AD. A Tenant ID field has been added to the authorization request form when adding a user to an Azure AD 2.0 application.
1680226 – The .NET API now supports queuing in the Management Console. A new extension to the Request object ‘QueuedRequest’ object has been introduced with two additional properties “Timeout” and “Priority”. “Timeout” is measured in seconds and “Priority” has 5 values (MAXIMUM, HIGH, MEDIUM, LOW, MINIMUM)
    Example:
        QueuedRequest request = new QueuedRequest(“[robotname]”)
        request.Timeout = 60
        request.Priority = QueuedRequestPriority.LOW
        …
1679440 – SAML single signout – log out from Management Console will logout from IDP. To configure single signout by either:
        1. add the configuration option useSamlSingleLogout in saml.xml
        2. add the SAML_IDP_USESINGLELOGOUT environment variable for docker

Problems Resolved in previous Fix Packs

1809867: Process Discovery Analyzer could produce an Out of memory error when processing large data sets.
1809761: Management Console could produce an Out of memory error when creating a backup.
1809760: Fixed Kapplet value inputs were not restored when restoring backup.
1806315: Process Discovery Analyzer now enforces Java 11 to avoid memory issues.
1806310: Process Discovery can now be used with previous versions of Management Console when there are no API changes.
1806305: The same processes discovered in Linux and Windows were slightly different.
1805555: Upgraded Gson due to high severity vulnerability WS-2021-0419.
1805543: Upgraded lxml due to high severity vulnerability CVE-2018-9466.
1805538: Upgraded ESAPI due to high severity vulnerability CVE-2022-23457.
1805385: Upgraded XStream due to high severity vulnerability CVE-2021-43859.
1805382: upgraded h2 due to high severity vulnerability CVE-2021-23463.
1805384: Upgraded activeMQ due to high severity vulnerability CVE-2021-26117.
1805001: Robots could produce errors when loading favicons on specific sites.
1802937: Design Studio made changes to snippets when opening robots from previous versions.
1800748: Upgraded NodeJS due to high severity vulnerability CVE-2021-22930.
1796351: Explicitly specified oauth parameters did not work in Kapplets.
1796357: Dates in Management Console did not use locale settings for languages not supported by Tungsten RPA.
1795902: Default port numbers were removed when sending URIRequest CONNECT.

1793157: Upgraded spring due to high severity vulnerability CVE-2022-22965.
1793147: Upgraded OpenSSL due to high severity vulnerability CVE-2022-0778.
1787953: Opening 11.1.x Robot containing Document Transformation step failed.
1787926: Queuing on Management Console could fail when reserving DAS.
1783886: pressKey did not work after page navigation.
1783659: Users could not see running robots in some situations.
1780907: Quartz parameter in docker compose file for Kapplets was missing.
1776146: "Password Store Client" permission was not restored from backup.
1775178: Cluster profile settings were not restored from Japanese backup.
1766869: Design Studio became unresponsive after right-clicking in Recorder View when working with local DAS.
1761576: It was not possible to save Kapplet schedule with monthly trigger.

1761673 – Robots containing conditionals could fail with validation errors when running in debugger.
1761571 – Kapplet user could not save edited schedule if the Stop Date field was empty.
1761546 – Kapplet schedule “Start at” field displayed time incorrectly.
1761542 – Kapplets Schedules could not be paused or resumed.
1761488 – Dates in the Management Console did not use locale settings.
1759582 – CEF failed if web page asked for optional certificate and it was not provided.
1750328 – Offscreen elements caused issues when building the application tree and taking screenshots.
1736323 – Upgraded log4j due to medium severity vulnerabilities CVE-2021-44832 and CVE-2021-45105.
1734426 – Kapplets always returned “completed” instead of correct status.
1733812 – Incorrect localization was used instead of default English text.
1732543 – Improved performance for O365 IMAP Email triggers.

COD16636 – 1730511 Thread leak in RoboServer when running DA Robots.
FR16659 – 1731403 Updated log4j due to critical vulnerabilities CVE-2021-44228 and CVE-2021-45046.
FR16626 – 1729680 Added additional cipher suites to WebKit.
1730195 – RoboServer failed refreshing non-azure token for single tenant OAuth.
1728802 – Process Discovery analysis results varied when using cached images.
1718261 – The DB connection in Process Discovery timed out when using % or ? in passwords.
1716963 – Dummy plugin was added to CEF to avoid empty plugin list that could cause JS issues.
1714086 – Updated Mariadb java client in Process Discovery to eliminate performance issues.

COD16475 – 1706328 Device reset in Design Studio.
FR16336 – 1707607 Terminal step did not work with ipv6.
1716019 – Design Studio crashed when using fuzzy image search in ISA mode.
1714294 – Upgraded Gson due to high severity vulnerability WS-2021-0419.
1705539 – Fixed possible connection starvation in JavaAPI.
1705516 – Fixed Docker-compose file for Tungsten Analytics for RPA.

COD16187 – 1689924 OCR setting to recognize screen contents did not work.
FR16330 – 1696958 Could not refresh access token for single tenant applications. Robot execution with single tenant OAuth user input will fail on RS version lower than 11.2.0.4. Such Robots must be upgraded to 11.2.0.4 to be forced to run on RS version 11.2.0.4 or higher.
1700387 – Removed SQL Server from Windows Docker-compose examples.
1699092 – Fixed empty projects list for LDAP user.
1698367 – Fixed incorrect cluster name in project settings.
1696528 – Upgraded axios due to high severity vulnerability CVE-2021-3749.
1696432 – vc_redist files were missing from the Windows Docker image.
1690952 – Upgraded xmlsec due to high severity vulnerability CVE-2021-40690.
1690477 – Could not open page with personal certificate.
1690233 – Upgraded openssl due to high severity vulnerability CVE-2021-3712.
1682699 – Removed velocity-tools and upgraded velocity due to medium severity vulnerability CVE-2020-13959.
1682692 – Upgraded commons-compress due to high severity vulnerability CVE-2021-35517.
1682688 – Upgraded Jetty due to medium severity vulnerability CVE-2021-34429.
1682687 – Upgraded antisamy due to medium severity vulnerability CVE-2021-35043.
1682686 – Removed jakarta.el due to medium severity vulnerability CVE-2021-28170.
1682685 – Upgraded jsoup due to high severity vulnerability CVE-2021-37714.
1682684 – Upgraded bouncycastle due to medium severity vulnerability CVE-2020-15522.
1682682 – Upgraded xstream due to high severity vulnerability CVE-2021-39149.

COD16153 – 1683754 It was not possible to select different OAuth users for multiple input OAuth variables.
COD16103 – 1681293 DB host name can now be up to 1024 characters instead of 255.
FR16003 – 1649146 Email stayed in Processing folder if execution task expired.
1685621 – Send Email step never timed out.
1683169 – Previous references for device finders did not work when the previous finders were of application or component type.
1682749 – Migrated from log4j to log4j2 due to high severity vulnerability CVE-2019-17571.
1682700 – Upgraded json-smart due to medium sev vulnerability CVE-2021-31684.
1682085 – Cyberark configuration did not work correctly.
1681511 – Upgraded harfbuzz due to high severity vulnerability WS-2020-0392.
1677246 – Corrected the path to ssh keys in the dockerfile for the synchronizer.
1677003 – Webkit stopped if windows.close() was called in Execute JavaScript or Click steps.
1675195 – Process Discovery Analyzer could run out of memory when min count of process instance was set to 1.
1674303 – It was not possible to map smallint to integer with query database.
1660659 – Insufficient Authorization Control allowed users to retrieve project information.
1660721 – Authentication for REST endpoints was not required by default when creating a new project.
1634051 – Robot hanged after entering empty text in CEF.

COD15611 – 1665694 Previous references after try catch only worked if finder was defined in finally.
COD15530 – 1661318 Some dialog boxes with updated UI behaved incorrectly in production environment.
FR15737 – 1661599 JVM could hang DAS during Java application shutdown.
1670876 – Synchronizer did not work in 11.2.0.1.
1670571 – Updated the french and japanese offline documentation to match the online documentation.
1667263 – Process Discovery Analyzer did not always start the analysis when scheduled.
1662473 – Browser view could crash when executing browse step if text nodes were updated on the page.
1662185 – Swagger displayed all internal controllers.
1661535 – Manually started robots could not be stopped when using browser with Japanese locale.
1661229 – Japanese documentation did not contain the final corrections.
1661227 – Updated copyright year in about boxes.
1660485 – Webkit crashed when restoring cssRule without cssRuleList or parent stylesheet.
1660159 – Schedule triggers were not properly restored when importing backup.
1658933 – AuditLog logged “admin login from” every time Robot runs.
1650195 – Corrected docker scripts to correctly identify the Tomcat version.

COD15698 – 1651388 Incorrect permission check was performed when deleting a robot.
FR15573 – 1654347 Step out executed DA robot twice when in loop.
1659198 – Verification of RoboServer Certificates did not work properly.
1658430 – .NET API could become unresponsive on RegisterCluster.
1654384 – Upgraded node.js due to security vulnerability.
1653679 – Sorting schedules by “Next Run” prevented loading the schedules view.
1650263 – Incorrect permission check was performed for editing Device Mappings.
1647935 – Updated Jetty due to security vulnerability.
1647514 – Thread leak in ChunkedArrayProxy when downloading large file could cause RS to run out of memory.
1644997 – Internal IDs for schedules, OAuth Users, DB mappings, Password and CyberArk entries could be outside the safe integer range causing issues when restoring backups.
1644775 – Superfluous x32 was removed from text in the Process Discovery installers.
1644757 – Unable to save cluster setting changes if MC deployed in Oracle database.
1644753 – Kapplets could not start if they contained empty non-required input parameters.
1642468 – Slider could not be moved by Move Mouse and Press/Release.
1640143 – Updated spring-web due to security vulnerability.
1617570 – Data view performance was slow and could cause Management Console to become unresponsive.