Product Update - v24.13

Details of the product update v24.13 from the 28th of March 2024.

New Features

Added support for flow variables in Recipes

The Recipe author has a possibility to declare variables in Recipe and use its values in the Flow templates.

User can access these variables via $getFlowVariables().{variable_name}.

The usage example of storing these variables can be found in API documentation in Recipes endpoint in variables section.

Improved Email template texts for deleting Workspace/Contract/Membership actions

The next e-mails now contain the name of the User who triggered the deletion process:

Delete Workspace.
Delete Contract.
Remove Member from Workspace.
Remove Member from Contract.
Remove Member from Developers team.

HMAC SHA-256 authorization method

Now the SHA-256 encryption algorithm is supported in Webhook credentials.

Increased time of possible restoring flow before permanent removal to 48 hours

CronJob value responsible for time of possible flow recovery (see Release 23.44) before permanent deletion is increased to 48 hours.

Beautify cUrl in the Implement section of the flow-designer

Now the JSON in the Implement section displays beautified to read the flow’s structure more easily.

Subscribe to errors feature is automatically activated for the creator of the flow by default. User can unsubscribe to errors via gear menu at the Flow card. Also any user can subscribes to not his own flow in the workspace.

Avoided vulnerabilities

Vulnerability CWE-601 “Open Redirect”

Fixed vulnerability by removing domain by default.

Update @elastic.io/jsonata-moment to avoid vulnerability

Updated @elastic.io/jsonata-moment to 1.1.6 to fix a vulnerability found in jsonata 1.8.6 (migrated jsonata to 1.8.7).

Update @elastic.io/component-commons-library to avoid vulnerability

Got rid of @elastic.io/component-commons-library lib as a dependency to avoid circular dependency. The only function that was used from that library has been moved to this library source code.

Update JSONata to 1.8.7 to resolve vulnerability

Update JSONana version in the jsonata-moment library.

Update @elastic.io/maester-client to new version to avoid vulnerability

@elastic.io/maester-client updated to 5.0.2 The new elasticio-sailor-nodejs version 2.7.2 was released.

Fixed Bugs

FIXED Subscribe to errors check mark disappears after UI reload.
FIXED $getPassthrough() function is not available in the UI when the previous step’s sample is an array.
FIXED Grant/Revoke support access button is not displayed on Workspace page if it configured on the tenant level, not per contract.
FIXED The monitor-contract-quota-usage job doesn’t send email if quota is exceed.
FIXED The quota usage page cannot load reports if you have a large number of workspaces.
FIXED k8s-events-handler reconnection issue.

Components

Transformation (JSONata) component `1.0.13`

UPDATED Sailor version to 2.7.2.
UPDATED @elastic.io/component-commons-library to 3.2.0.

Node.js Code with Credentials component `1.0.0`

Initial component release
- Note: The component is derived from the code-component 1.2.11. A noteworthy enhancement in this version is the introduction of an authorization mechanism. This mechanism involves the use of credentials, which are available in four distinct types:
  - No Auth
  - Basic Auth
  - API Key
  - OAuth 2.0

REST API V2 component `2.0.15`

UPDATED the Sailor version to 2.7.2.
SET the Node engine to 18.x.
UPDATED minor development libraries.

Google translate component `2.0.0`

SWITCHED Google Translate library from google-translate:3.0.0 to google-cloud/translate:8.1.0
- Note: Translate Object Properties has not been transferred to this component version.
UPDATED Sailor to 2.7.2.
UPDATED development libraries.
FIXED credentials verification stuck issue.