Release 4.2.1.16
The log below describes the changes in v4.2.1.16. More on some of the features in 4.2.1.15 version of OpenIAM can be found in What's new section.
Features
| Issue key | Summary |
|---|---|
| PL-178 | Added an Aerospike connector to integrate OpenIAM with Aerospike-based systems. |
| PL-204 | Bundled the SAP UME connector into the standard release for easier deployment. |
| PL-207 | Sending an automatic email notification to the next reviewer when the current reviewer completes their part of an access certification. |
| PL-216 | Enhanced UAR reporting so large reports (around 17K rows / >110 MB) can be generated and saved reliably. |
| PL-241 | Enabled provisioning of the custom samAccountName attribute from OpenIAM to Workday via SOAP, supporting advanced integration scenarios. |
| PL-250 | Fixed the “Clone rights from user” feature so access rights linked via groups are also copied, not just the groups themselves. |
Bug fixes
| Issue key | Summary |
|---|---|
| PL-192 | Fixed an issue where the Tableau connector was not working, restoring integration with Tableau. |
| PL-199 | Fixed filters on the “View My Requests” page so they continue to work even when a user has more than 1000 requests. |
| PL-200 | Enabled bulk claiming of group/role-based approval requests so approvers can claim multiple requests in one action. |
| PL-206 | Fixed a SelfService pagination issue where the selected page reset after viewing a request. |
| PL-211 | Corrected the Service Catalog request flow so access rights can be selected for all roles/groups. |
| PL-213 | Resolved a display problem where the SelfService Request Inbox appeared blank until the user scrolled, so requests now load immediately. |
| PL-215 | Fixed bulk delegation errors in SelfService → Access Management → Request Administration, so delegations complete successfully. |
| PL-223 | Fixed multiple SelfService 404 errors when using user management options (entitlements, identities, edit user, hierarchy). |
| PL-224 | Fixed an Out-of-Office assistant issue where a future start date reset back to the current date after selecting the end date. |
| PL-226 | Corrected the “Return to List” action from Request Administration so it navigates back to the request list instead of a 404 page. |
| PL-232 | Fixed a resource entitlement issue where a parent resource was incorrectly added as a child entitlement after assignment. |
| PL-239 | Updated the Cassandra image configuration to use the supported Bitnami legacy image source for ongoing compatibility. |
| PL-240 | Ensured that when users are created or updated via REST APIs, their status (e.g., ACTIVE or TERMINATED) is correctly respected instead of always defaulting to PENDING_INITIAL_LOGIN. |
| PL-242 | Fixed SelfService password reset failures for users with many accounts (including related accounts), so resets complete correctly across multiple systems. |
| PL-243 | Resolved an XSS vulnerability when creating a group to prevent injection of malicious scripts. |
| PL-246 | Ensured sensitive mail server configuration fields (such as passwords) are no longer displayed in plain text on the configuration screen. |
| PL-247 | Performed and applied results from Elasticsearch HA testing on RPM-based clusters to improve resilience during node failures. |
| PL-257 | Resolved ElasticSearch errors that occurred when very long data values were saved in audit records. |
| PL-259 | Fixed an issue where clearing the User Type attribute in the console did not actually remove the stored value. |
Improvements
| Issue key | Summary |
|---|---|
| PL-176 | Improved connector logging by recording error text as warnings when the overall connector response is successful, making logs clearer. |
| PL-179 | Improved the display name for the Connector → ConnectorTemplate menu to make navigation clearer for administrators. |
| PL-185 | Packaged required SQL upgrade scripts as part of the release to simplify and standardize upgrades. |
| PL-203 | Enhanced user search by allowing filtering on users with DEACTIVATED status, improving visibility of inactive accounts. |
| PL-209 | Added validation for the Out-of-Office assistant to prevent invalid assignment (e.g., assigning to oneself) and invalid date ranges. |
| PL-218 | Increased the allowed length of the USER_TYPE_IND field so customers can use more descriptive user type values. |
| PL-220 | Upgraded HashiCorp Vault to version 1.20. |
| PL-227 | Fixed database script file permissions so upgrade and maintenance scripts run without permission-related failures. |
| PL-230 | Corrected the confirmation header text in the Self-Service Request Approval screen to display accurate information. |
| PL-239 | Updated the Cassandra image configuration to use the correct image source (Bitnami legacy) for ongoing support. |
| PL-247 | Completed and applied results from Elasticsearch HA testing on RPM-based clusters to improve resilience under node failures. |
| PL-249 | Updated RPM upgrade scripts to make cluster upgrades smoother and more reliable. |
| PL-255 | Stopped logging the UnicodePwd (password) LDAP attribute in provisioning audit events to avoid exposing passwords in logs. |
| PL-256 | Adjusted UAR system comments so they are recorded per access item instead of at the task level, making reports clearer for reviewers. |
| PL-266 | Updated Helm installation in the CI pipeline to use a non-deprecated repository, fixing build_helm job failures and improving build reliability. |