orchestrator
2020.10
false
2020.10.18
OUT OF SUPPORT
Orchestrator Release Notes
Last updated Dec 12, 2023
2020.10.18
Release date: 12 December 2022
- We have fixed an issue that caused the password used for connecting to a storage bucket provider to be stored in the database. This occurred when you created or edited a storage bucket. The password could be retrieved by an SQL administrator with read access to the database, or by anyone with View permission on Audit via API.
- We have fixed an issue that caused credential store passwords to be stored in the database. The passwords could be retrieved by an SQL administrator with read access to the database, or by anyone with View permission on Audit via API.
- We have fixed an issue that caused license codes to be visible in the response returned by calls that retrieved all audit data.
- We have fixed an issue that caused external feed passwords to be stored in the database. This occurred when you created an external feed for maintaining automation packages.
Use this script to clean up any passwords displayed in the existing logs. The script can be run before upgrading to this version.
DECLARE @serverVersion INT
SET @serverVersion = ISNULL(CAST(COALESCE(SERVERPROPERTY('ProductMajorVersion'),PARSENAME(CAST(SERVERPROPERTY('productversion') AS varchar(20)), 4)) as INT),0)
IF NOT EXISTS (SELECT 1 from [dbo].[Settings] WHERE [Name] = 'Migration.AuditCleanup.Buckets' AND [TenantId] IS NULL)
BEGIN
IF @serverVersion >= 13 -- SQL Server 2016
-- Remove just the password if json functions are supported
EXECUTE sp_executesql N'
UPDATE [dbo].[AuditLogs]
SET [Parameters] = JSON_MODIFY([Parameters], ''$.bucketDto.Password'', NULL)
WHERE
[TenantId] IN (SELECT DISTINCT TenantId FROM [dbo].[Buckets] WHERE [StorageProvider] IN (''Amazon'',''Azure'',''Minio'',''S3Compatible'')) AND
[ServiceName] = ''UiPath.Orchestrator.Web.Api.OData.Controllers.BucketsController'' AND
CHARINDEX(''Password'', [Parameters]) > 0 AND
NULLIF(JSON_VALUE([Parameters], ''$.bucketDto.Password''), '''') IS NOT NULL'
ELSE
-- Remove all parameters if json functions are not supported
EXECUTE sp_executesql N'
UPDATE [dbo].[AuditLogs]
SET [Parameters] = ''''
WHERE
[TenantId] IN (SELECT DISTINCT TenantId FROM [dbo].[Buckets] WHERE [StorageProvider] IN (''Amazon'',''Azure'',''Minio'',''S3Compatible'')) AND
[ServiceName] = ''UiPath.Orchestrator.Web.Api.OData.Controllers.BucketsController'' AND
CHARINDEX(''Password'', [Parameters]) > 0'
INSERT INTO [dbo].[Settings] ([TenantId],[UserId],[Name],[Value],[CreationTime])
VALUES (null,null,'Migration.AuditCleanup.Buckets','true',GETUTCDATE())
END
IF NOT EXISTS (SELECT 1 from [dbo].[Settings] WHERE [Name] = 'Migration.AuditCleanup.CredentialStores' AND [TenantId] IS NULL)
BEGIN
IF @serverVersion >= 13 -- SQL Server 2016
-- Remove just the password if json functions are supported
EXECUTE sp_executesql N'
UPDATE [dbo].[AuditLogs]
SET [Parameters] = JSON_MODIFY([Parameters], ''$.credentialStoreDto.AdditionalConfiguration'', NULL)
WHERE
[TenantId] IN (SELECT DISTINCT TenantId FROM [dbo].[CredentialStores] WHERE [Type] <> ''Database'') AND
[ServiceName] = ''UiPath.Orchestrator.Web.Api.OData.Controllers.CredentialStoresController'' AND
CHARINDEX(''AdditionalConfiguration'', [Parameters]) > 0 AND
ISJSON([Parameters]) = 1 AND
NULLIF(JSON_VALUE([Parameters], ''$.credentialStoreDto.AdditionalConfiguration''), '''') IS NOT NULL
-- Some records are truncated, so not valid JSON
UPDATE [dbo].[AuditLogs]
SET [Parameters] = ''''
WHERE
[TenantId] IN (SELECT DISTINCT TenantId FROM [dbo].[CredentialStores] WHERE [Type] <> ''Database'') AND
[ServiceName] = ''UiPath.Orchestrator.Web.Api.OData.Controllers.CredentialStoresController'' AND
CHARINDEX(''AdditionalConfiguration'', [Parameters]) > 0 AND
ISJSON([Parameters]) = 0'
ELSE
-- Remove all parameters if json functions are not supported
EXECUTE sp_executesql N'
UPDATE [dbo].[AuditLogs]
SET [Parameters] = ''''
WHERE
[TenantId] IN (SELECT DISTINCT TenantId FROM [dbo].[CredentialStores] WHERE [Type] <> ''Database'') AND
[ServiceName] = ''UiPath.Orchestrator.Web.Api.OData.Controllers.CredentialStoresController'' AND
CHARINDEX(''AdditionalConfiguration'', [Parameters]) > 0'
INSERT INTO [dbo].[Settings] ([TenantId],[UserId],[Name],[Value],[CreationTime])
VALUES (null,null,'Migration.AuditCleanup.CredentialStores','true',GETUTCDATE())
END
IF NOT EXISTS (SELECT 1 from [dbo].[Settings] WHERE [Name] = 'Migration.AuditCleanup.PackageFeedApiKey' AND [TenantId] IS NULL)
BEGIN
IF @serverVersion >= 13 -- SQL Server 2016
-- Remove just the password if json functions are supported
EXECUTE sp_executesql N'
UPDATE [dbo].[AuditLogEntities]
SET [CustomData] = JSON_MODIFY([CustomData], ''$.ApiKey'', NULL)
WHERE
[EntityId] IS NULL AND
[EntityName] = ''UiPackageFeed'' AND
CHARINDEX(''ApiKey'', [CustomData]) > 0 AND
JSON_VALUE([CustomData], ''$.ApiKey'') IS NOT NULL'
ELSE
-- Remove just the password if json functions are supported
EXECUTE sp_executesql N'
UPDATE [dbo].[AuditLogEntities]
SET [CustomData] = ''''
WHERE
[EntityId] IS NULL AND
[EntityName] = ''UiPackageFeed'' AND
CHARINDEX(''ApiKey'', [CustomData]) > 0'
INSERT INTO [dbo].[Settings] ([TenantId],[UserId],[Name],[Value],[CreationTime])
VALUES (null,null,'Migration.AuditCleanup.PackageFeedApiKey','true',GETUTCDATE())
END
IF NOT EXISTS (SELECT 1 from [dbo].[Settings] WHERE [Name] = 'Migration.AuditCleanup.PackageFeedBasicPassword' AND [TenantId] IS NULL)
BEGIN
IF @serverVersion >= 13 -- SQL Server 2016
-- Remove just the password if json functions are supported
EXECUTE sp_executesql N'
UPDATE [dbo].[AuditLogEntities]
SET [CustomData] = JSON_MODIFY([CustomData], ''$.BasicPassword'', NULL)
WHERE
[EntityId] IS NULL AND
[EntityName] = ''UiPackageFeed'' AND
CHARINDEX(''BasicPassword'', [CustomData]) > 0 AND
JSON_VALUE([CustomData], ''$.BasicPassword'') IS NOT NULL'
ELSE
-- Remove just the password if json functions are supported
EXECUTE sp_executesql N'
UPDATE [dbo].[AuditLogEntities]
SET [CustomData] = ''''
WHERE
[EntityId] IS NULL AND
[EntityName] = ''UiPackageFeed'' AND
CHARINDEX(''BasicPassword'', [CustomData]) > 0'
INSERT INTO [dbo].[Settings] ([TenantId],[UserId],[Name],[Value],[CreationTime])
VALUES (null,null,'Migration.AuditCleanup.PackageFeedBasicPassword','true',GETUTCDATE())
END
IF NOT EXISTS (SELECT 1 from [dbo].[Settings] WHERE [Name] = 'Migration.AuditCleanup.LicenseKey' AND [TenantId] IS NULL)
BEGIN
IF @serverVersion >= 13 -- SQL Server 2016
EXECUTE sp_executesql N'
UPDATE [dbo].[AuditLogs]
SET [Parameters] = JSON_MODIFY([Parameters], ''$.licenseKey'', NULL)
WHERE
[ServiceName] = ''UiPath.Orchestrator.Web.Api.OData.Controllers.SettingsController'' AND
CHARINDEX(''licenseKey'', [Parameters]) > 0 AND
ISJSON([Parameters]) = 1 AND
JSON_VALUE([Parameters], ''$.licenseKey'') IS NOT NULL
UPDATE [dbo].[AuditLogs]
SET [Parameters] = ''''
WHERE
[ServiceName] = ''UiPath.Orchestrator.Web.Api.OData.Controllers.SettingsController'' AND
CHARINDEX(''licenseKey'', [Parameters]) > 0 AND
ISJSON([Parameters]) = 0'
ELSE
EXECUTE sp_executesql N'
UPDATE [dbo].[AuditLogs]
SET [Parameters] = ''''
WHERE
[ServiceName] = ''UiPath.Orchestrator.Web.Api.OData.Controllers.SettingsController'' AND
CHARINDEX(''licenseKey'', [Parameters]) > 0'
INSERT INTO [dbo].[Settings] ([TenantId],[UserId],[Name],[Value],[CreationTime])
VALUES (null,null,'Migration.AuditCleanup.LicenseKey','true',GETUTCDATE())
END
DECLARE @serverVersion INT
SET @serverVersion = ISNULL(CAST(COALESCE(SERVERPROPERTY('ProductMajorVersion'),PARSENAME(CAST(SERVERPROPERTY('productversion') AS varchar(20)), 4)) as INT),0)
IF NOT EXISTS (SELECT 1 from [dbo].[Settings] WHERE [Name] = 'Migration.AuditCleanup.Buckets' AND [TenantId] IS NULL)
BEGIN
IF @serverVersion >= 13 -- SQL Server 2016
-- Remove just the password if json functions are supported
EXECUTE sp_executesql N'
UPDATE [dbo].[AuditLogs]
SET [Parameters] = JSON_MODIFY([Parameters], ''$.bucketDto.Password'', NULL)
WHERE
[TenantId] IN (SELECT DISTINCT TenantId FROM [dbo].[Buckets] WHERE [StorageProvider] IN (''Amazon'',''Azure'',''Minio'',''S3Compatible'')) AND
[ServiceName] = ''UiPath.Orchestrator.Web.Api.OData.Controllers.BucketsController'' AND
CHARINDEX(''Password'', [Parameters]) > 0 AND
NULLIF(JSON_VALUE([Parameters], ''$.bucketDto.Password''), '''') IS NOT NULL'
ELSE
-- Remove all parameters if json functions are not supported
EXECUTE sp_executesql N'
UPDATE [dbo].[AuditLogs]
SET [Parameters] = ''''
WHERE
[TenantId] IN (SELECT DISTINCT TenantId FROM [dbo].[Buckets] WHERE [StorageProvider] IN (''Amazon'',''Azure'',''Minio'',''S3Compatible'')) AND
[ServiceName] = ''UiPath.Orchestrator.Web.Api.OData.Controllers.BucketsController'' AND
CHARINDEX(''Password'', [Parameters]) > 0'
INSERT INTO [dbo].[Settings] ([TenantId],[UserId],[Name],[Value],[CreationTime])
VALUES (null,null,'Migration.AuditCleanup.Buckets','true',GETUTCDATE())
END
IF NOT EXISTS (SELECT 1 from [dbo].[Settings] WHERE [Name] = 'Migration.AuditCleanup.CredentialStores' AND [TenantId] IS NULL)
BEGIN
IF @serverVersion >= 13 -- SQL Server 2016
-- Remove just the password if json functions are supported
EXECUTE sp_executesql N'
UPDATE [dbo].[AuditLogs]
SET [Parameters] = JSON_MODIFY([Parameters], ''$.credentialStoreDto.AdditionalConfiguration'', NULL)
WHERE
[TenantId] IN (SELECT DISTINCT TenantId FROM [dbo].[CredentialStores] WHERE [Type] <> ''Database'') AND
[ServiceName] = ''UiPath.Orchestrator.Web.Api.OData.Controllers.CredentialStoresController'' AND
CHARINDEX(''AdditionalConfiguration'', [Parameters]) > 0 AND
ISJSON([Parameters]) = 1 AND
NULLIF(JSON_VALUE([Parameters], ''$.credentialStoreDto.AdditionalConfiguration''), '''') IS NOT NULL
-- Some records are truncated, so not valid JSON
UPDATE [dbo].[AuditLogs]
SET [Parameters] = ''''
WHERE
[TenantId] IN (SELECT DISTINCT TenantId FROM [dbo].[CredentialStores] WHERE [Type] <> ''Database'') AND
[ServiceName] = ''UiPath.Orchestrator.Web.Api.OData.Controllers.CredentialStoresController'' AND
CHARINDEX(''AdditionalConfiguration'', [Parameters]) > 0 AND
ISJSON([Parameters]) = 0'
ELSE
-- Remove all parameters if json functions are not supported
EXECUTE sp_executesql N'
UPDATE [dbo].[AuditLogs]
SET [Parameters] = ''''
WHERE
[TenantId] IN (SELECT DISTINCT TenantId FROM [dbo].[CredentialStores] WHERE [Type] <> ''Database'') AND
[ServiceName] = ''UiPath.Orchestrator.Web.Api.OData.Controllers.CredentialStoresController'' AND
CHARINDEX(''AdditionalConfiguration'', [Parameters]) > 0'
INSERT INTO [dbo].[Settings] ([TenantId],[UserId],[Name],[Value],[CreationTime])
VALUES (null,null,'Migration.AuditCleanup.CredentialStores','true',GETUTCDATE())
END
IF NOT EXISTS (SELECT 1 from [dbo].[Settings] WHERE [Name] = 'Migration.AuditCleanup.PackageFeedApiKey' AND [TenantId] IS NULL)
BEGIN
IF @serverVersion >= 13 -- SQL Server 2016
-- Remove just the password if json functions are supported
EXECUTE sp_executesql N'
UPDATE [dbo].[AuditLogEntities]
SET [CustomData] = JSON_MODIFY([CustomData], ''$.ApiKey'', NULL)
WHERE
[EntityId] IS NULL AND
[EntityName] = ''UiPackageFeed'' AND
CHARINDEX(''ApiKey'', [CustomData]) > 0 AND
JSON_VALUE([CustomData], ''$.ApiKey'') IS NOT NULL'
ELSE
-- Remove just the password if json functions are supported
EXECUTE sp_executesql N'
UPDATE [dbo].[AuditLogEntities]
SET [CustomData] = ''''
WHERE
[EntityId] IS NULL AND
[EntityName] = ''UiPackageFeed'' AND
CHARINDEX(''ApiKey'', [CustomData]) > 0'
INSERT INTO [dbo].[Settings] ([TenantId],[UserId],[Name],[Value],[CreationTime])
VALUES (null,null,'Migration.AuditCleanup.PackageFeedApiKey','true',GETUTCDATE())
END
IF NOT EXISTS (SELECT 1 from [dbo].[Settings] WHERE [Name] = 'Migration.AuditCleanup.PackageFeedBasicPassword' AND [TenantId] IS NULL)
BEGIN
IF @serverVersion >= 13 -- SQL Server 2016
-- Remove just the password if json functions are supported
EXECUTE sp_executesql N'
UPDATE [dbo].[AuditLogEntities]
SET [CustomData] = JSON_MODIFY([CustomData], ''$.BasicPassword'', NULL)
WHERE
[EntityId] IS NULL AND
[EntityName] = ''UiPackageFeed'' AND
CHARINDEX(''BasicPassword'', [CustomData]) > 0 AND
JSON_VALUE([CustomData], ''$.BasicPassword'') IS NOT NULL'
ELSE
-- Remove just the password if json functions are supported
EXECUTE sp_executesql N'
UPDATE [dbo].[AuditLogEntities]
SET [CustomData] = ''''
WHERE
[EntityId] IS NULL AND
[EntityName] = ''UiPackageFeed'' AND
CHARINDEX(''BasicPassword'', [CustomData]) > 0'
INSERT INTO [dbo].[Settings] ([TenantId],[UserId],[Name],[Value],[CreationTime])
VALUES (null,null,'Migration.AuditCleanup.PackageFeedBasicPassword','true',GETUTCDATE())
END
IF NOT EXISTS (SELECT 1 from [dbo].[Settings] WHERE [Name] = 'Migration.AuditCleanup.LicenseKey' AND [TenantId] IS NULL)
BEGIN
IF @serverVersion >= 13 -- SQL Server 2016
EXECUTE sp_executesql N'
UPDATE [dbo].[AuditLogs]
SET [Parameters] = JSON_MODIFY([Parameters], ''$.licenseKey'', NULL)
WHERE
[ServiceName] = ''UiPath.Orchestrator.Web.Api.OData.Controllers.SettingsController'' AND
CHARINDEX(''licenseKey'', [Parameters]) > 0 AND
ISJSON([Parameters]) = 1 AND
JSON_VALUE([Parameters], ''$.licenseKey'') IS NOT NULL
UPDATE [dbo].[AuditLogs]
SET [Parameters] = ''''
WHERE
[ServiceName] = ''UiPath.Orchestrator.Web.Api.OData.Controllers.SettingsController'' AND
CHARINDEX(''licenseKey'', [Parameters]) > 0 AND
ISJSON([Parameters]) = 0'
ELSE
EXECUTE sp_executesql N'
UPDATE [dbo].[AuditLogs]
SET [Parameters] = ''''
WHERE
[ServiceName] = ''UiPath.Orchestrator.Web.Api.OData.Controllers.SettingsController'' AND
CHARINDEX(''licenseKey'', [Parameters]) > 0'
INSERT INTO [dbo].[Settings] ([TenantId],[UserId],[Name],[Value],[CreationTime])
VALUES (null,null,'Migration.AuditCleanup.LicenseKey','true',GETUTCDATE())
END
Read the security advisory for UiPath Orchestrator - Exposure of Sensitive Information.
The list of available users you can assign tasks to does not filter out the users that do not have the required permissions. Selecting such a user results in a task assignment failure.
We recommend that you regularly check the deprecation timeline for any updates regarding features that will be deprecated and removed.