Release date: 17th October 2018
- In rare cases, processes were no longer visible in the Robot Tray, if the user logged off and then logged on again. This occurred only on Attended Robots that were connected to Orchestrator, and their AD user ids were malformed.
- Due to localization updates for our activities, Invoke Code was not working properly and threw an error at runtime. If you want to use the new localized activities and have workflows that contain Invoke Code, please update your Robot (and Studio, if they are both present on the same machine).
A security fix has been made for Orchestrator which prevents an authenticated user to elevate their privileges and execute commands remotely on a target machine (RCE). Please note that the issue that was fixed did not have any impact on the audit system in Orchestrator.
Please ensure you apply the indicated patch to your Orchestrator instance. This action is mandatory.
A CVE report is available here.