Release date: 7 April 2022
Known Issues
As a host, trying to end a maintenance window through Swagger UI may fail. This happens because Swagger UI uses cookies for authentication, which are lost when you close the browser.
To end the maintenance mode via API, use one of the following workarounds:
- Do not close the browser and make the POST request to
/api/Maintenance/Endfrom the Swagger UI. - Use an API testing application (for example, Postman) to:
retrieve an access token by exchanging your credentials to the/api.Account/Authenticateendpoint, and then
make a POST request to the/api/Maintenance/Endendpoint using theAuthorization: Bearer {access_token}header.
Bug Fixes
An issue was fixed that would allow an attacker with privileged access to a robot to retrieve the LicenseKey (MachineKey) of other robots within the same tenant by brute forcing API calls to Orchestrator. This would theoretically allow the attacker to access resources restricted only to that robot.
Read the security advisory for UiPath - Robot Account Takeover.
See Activity Package Versions
The following activity packages and versions are included in the UiPathOrchestrator.msi installer:
| Activity Pack | Version |
|---|---|
| UiPath.UIAutomation.Activities | v21.4.4 |
| UiPath.System.Activities | v21.4.1 |
| UiPath.Mail.Activities | v1.10.5 |
| UiPath.Excel.Activities | v2.10.4 |
| UiPath.IntelligentOCR.Activities | v4.13.2 |
| UiPath.PDF.Activities | v3.4.0 |
| UiPath.Terminal.Activities | v2.2.0 |
| UiPath.Web.Activities | v1.7.0 |
| UiPath.Word.Activities | v1.6.4 |
| UiPath.Form.Activities | v1.1.11 |
| UiPath.Persistence.Activities | v1.2.2 |
| UiPath.Presentations.Activities | v1.1.5 |
| UiPath.MobileAutomation.Activities | v21.4.3 |
| UiPath.Testing.Activities | v1.3.3 |
Updated 11 months ago