# On-prem Agent Version Notes

The latest version of the Workato On-Premise Agent (OPA) is v23.1.

Learn more about how to upgrade your OPA version.


WARNING

On-prem agents versions older than 2.14.0 were sunset at the end of Jan 2024. Learn more

# v23

# v23.1

  • Kafka: improved trigger stability in case of network failures.
  • Kafka: updated Avro to 1.11.3, kafka-avro-serializer and kafka-protobuf-serializer to 7.6.0.
  • SAP: optimized memory usage of metadata for RFM and BAPI.
  • SAP: fixed bug when RFM name contains unsafe URL characters.
  • Database: added support for synchronous actions cancellation.

# v23.0

OPA 23.0 is the minimum required version for use with the Workato Logging Service (opens new window). This release includes a major Java runtime and language upgrade, the agent now uses the latest 21 LTS version.

  • Kafka: added support for Protobuf schema format.
  • HTTP: the agent now correctly handles cases where the remote server responds before the request completes.
  • HTTP: requests can now pass through a configured proxy server.
  • Hardening: fixed bug where agent failed to reconnect when using a proxy server.
  • JMS: fixed message parsing when sending from non-JMS applications.
  • TLS: added support for ECC private keys and certificates.
  • MS SQL: fixed connection problem when using ActiveDirectory authentication method.
  • SAP: implemented sending IDoc batches to Workato webhook.
  • SAP: support for receiving outbound IDocs from SAP for all partner types.
  • SAP: keep NUMC data types as strings instead of integers.
  • Security: updated Java to version 21.0.2+13.
  • Security: updated Spring Framework to version 6.1.2, Spring Boot to 3.2.2, AWS SQS messaging library to 2.1.1.

# v22

# v22.2

  • Hardening: fixed excessive memory consumption when using asynchronous actions.
  • Kafka: fixed SSL configuration for cloud profiles.
  • Logging: print more details when a shutdown signal is received.
  • SAP: implemented functionality to manage IDoc batches.
  • SAP: added customization capability for the EDI_DC40 segment fields.

# v22.1

  • Security: upgraded several libraries following OWASP recommendations.
  • Linux: fixed RPM OPA upgrade process.
  • Linux: fixed graceful shutdown script.
  • JMS: fixed resolution of mqcsp property in IBM MQ configuration.
  • Files: performance improvements for List files action.
  • Logging: reduced amount of logs with debugging enabled.
  • MS SQL: added SSL configuration support.
  • Docker: starting and activating OPA can be done with a single command.
  • Kafka: fixed support for SSL configuration. Added the option to provide a password for the client key file.

# v22.0

On-prem agent is now available as a docker image. See here for installation instructions.

  • Security: updated Java runtime to version 17.0.9+9.
  • MySQL: updated JDBC driver to version 8.2.0.
  • Monitoring: fixed initialization error when starting agent with monitoring feature enabled.
  • Hardening: fixed rare reconnection bug when using a proxy.
  • Hardening: fixed memory consumption for long-running agents.
  • Configuration: reduced default graceful shutdown timeout to 30 seconds.

# v21

# v21.2

Added dedicated OPA distributions as part of the Australian data center release.

  • JMS: fixed Jakarta EE compatibility issue with IBM MQ JMS driver.
  • SAP: improved IDoc type validation.
  • SAP: resolved EDI_SEGMENTS_ADD_BLOCK is empty bug.
  • SAP: fixed agent shutdown behavior with SAP profiles being active.

# v21.1

  • Security: updated Java runtime to version 17.0.8+7 and several other libraries to the latest versions as recommended by the vendors.
  • NTLM: fixed bug with the HTTP status code handling.

# v21.0

Starting with this release, Workato on-premise agent uses a simplified versioning scheme: major and minor version numbers only (21.0 instead of 2.21.0).

  • MS SQL: added support for RFC 4180 specification in CSV bulk load (e.g. support for newlines in values).
  • Secrets: added support for Workato cloud secrets manager and clear secrets cache mechanism. Please note that clearing the secrets cache is not supported for the following on-premise connections: Kafka, SAP, JMS, and database with the connection pooling option enabled. These connectors require manual reconnection after the secret is rotated.
  • Linux: added SHA-256 signature support for RPM packages to comply with the latest Red Hat Linux releases.
  • Usability: fixed behavior when multiple agents connect with the same key. From now on, only the first connected agent keeps working while others shut down automatically.
  • Windows: removed dependency on vcruntime binary, the installer doesn't ask for additional DLL anymore.
  • Logging: reduced amount of log events when running in debug mode.
  • Extensions: fixed auto-injection bug while using jakarta.inject.Inject annotation.
  • Security: updated libraries according to the OWASP scanner recommendations.
  • Monitoring: added telemetry for asynchronous operations.
  • SAP: improved reliability of metadata load process.

# v2.20

# v2.20.0

This release migrates from the deprecated Java EE to the latest revision of the Jakarta EE API. If you are using extensions or custom JMS drivers, check their compatibility with the Jakarta EE specification before upgrading.

  • Security: upgraded the following middleware libraries Spring to 6.0.9, Jetty to 11.0.15, Spring LDAP to 3.1.0.
  • Security: added new privileges for on-prem files and on-prem command line scripts connections. Learn more (opens new window)
  • Kafka: added new real-time New message in topic single and batch triggers. We recommend using these updated versions of the trigger as it guarantees higher reliability, especially when a recipe is stopped and started again. The previous Kafka triggers are still supported but were marked as deprecated.
  • Kafka: fixed a bug that caused misconfiguration with the sasl.jaas.config property.
  • Redshift: added microseconds to timestamps to avoid row collisions.

# v2.19

# v2.19.0

This release introduces the new activation flow for on-prem agents. For newly created agents, the private key used for the encryption of data transfers is now automatically generated and stored locally.

See the updated installation flow for Windows OS here. Additionally, you can find updated installation flow for Linux DEB package and Linux RPM package.

  • Security: improved PKI activation flow.
  • Security: trust certificates issued by Let's Encrypt by default.
  • Security: upgraded several libraries following OWASP recommendations.
  • RecipeOps: This version supports new Workato RecipeOps trigger (opens new window) to monitor unexpected on-prem agent connectivity issues.
  • System: agent performance data is now sent to Workato for future analysis and improvements; no additional configuration is required. See here for more information.
  • System: cloud logging feature no longer requires additional configuration.
  • MS SQL: added support for useFmtOnly connection property.
  • MySQL: added support for year date type.
  • Kafka: improved validation of SASL configuration.

# v2.18

# v2.18.1

  • SAP: fixed schema generation and retrieval of custom-enhanced IDocs.
  • SAP: fixed Data was lost while copying a value error when loading RFMs.

# v2.18.0

  • Security: Java runtime upgraded to version 17.0.6+10.
  • Security: PostgreSQL database driver updated to version 42.5.4.
  • JMS: added redelivery options for ActiveMQ, by default number of retries is now unlimited.
  • Debug: print full certificate details when TLS handshake fails.
  • Windows: default encoding changed to UTF-8.
  • Windows: installation updated to use the latest Windows service wrapper library.
  • Windows: OPA windows service user account is set to Local Service instead of Local System used in previous versions.

# v2.17

# v2.17.1

  • SAP: fixed multiple connections issue.

# v2.17.0

  • JMS, Kafka, SAP: additional firewall configuration for these triggers is no longer required.
  • Security: switched to TLSv1.3 for gateway tunnel connections.
  • Performance: disabled buffering for database-related requests to reduce memory consumption.
  • Kafka: added support for AVRO-encoded message keys.
  • Kafka: upgraded kafka-clients library to version 7.3.1-ccs.
  • SAP: added support for TYPE_UTCLONG data type.
  • SAP: implemented stateful RFC support, minimum required SAP JCo library version is 3.1.7.
  • MySQL: fixed timezone issue for datetime columns in version 8.*.
  • MySQL: result set streaming is enabled by default.

# v2.16

# v2.16.0

This release introduces more strict approach to validation of third-party TLS certificates, potentially affecting behavior of on-prem HTTP connector. Using self-signed certificates may require additional setup, see On-prem http profile for details.

  • HTTP: trustAll default behavior is changed, added support for self-signed certificates and mTLS.
  • HTTP: fixed Bad Request errors while using encoded characters.
  • JMS: connector no longer uses local database to store JMS subscriptions. Support for High Availability mode has been added.
  • Kafka: added support for message headers.
  • Security: upgraded Vertx, Netty and Jetty libraries to the latest versions.
  • Database: added bulk triggers support.
  • Linux: added fontconfig and bash dependencies for Linux DEB/RPM packages.
  • SAP: dropped support of SAP JCo 3.0. Minimum required version is SAP JCo 3.1.7.
  • SAP: SAP RFC connector does not attempt to subscribe for inbound IDocs if program_id is missing.
  • SAP: SAP RFC connector ignores redundant IDoc release version.
  • SAP: system information can be retrieved even if EP8 is not installed (Error JCoTable of type TT_INSTTU is empty). On-prem agent have to be explicitly authorized to use function module OCS_GET_INSTALLED_SWPRODUCTS.

# v2.15

# v2.15.0

  • Configuration: added cloud profiles support which allows setting up on-prem connections directly in Workato.
  • JMS: added support for headers and binary messages.
  • Network: rolled back to default TLS implementation and SNI.
  • Network: fixed bug during gateway reconnection.
  • Security: upgraded to JRE 17.0.5+8.
  • Security: upgraded Commons Text library.

# v2.14

# v2.14.1

  • Encryptor tool: fixed initialization error after libraries upgrade.
  • Network: added support for DNS requests through proxy.
  • Command-line scripts: added error output into process execution result with non-zero exit code.
  • Security: added TLS strict option for HTTP and SSL configuration.
  • Linux DEB/RPM: fixed errors during package re-installation.
  • SAP: connector doesn't use local file to store IDoc subscriptions and supports HA mode.

# v2.14.0

  • Security: replaced internal agent web server to improve security and performance. This server doesn't use any port on localhost for processing requests by default. Launch options bind, port and public are no longer valid and will be completely removed in the future releases. Deprecated endpoint /status is not available anymore.
  • Security: added an internal feature to route outgoing HTTP requests throughout the gateway instead of direct calls to *.workato.com domain.
  • Security: fixed behavior when several agents are running with the same certificates. Now latest launched instance will continue to run while conflicting ones shutdown gracefully.
  • Security: log events with TRACE level aren't sent into cloud storage anymore (if cloud logging feature is used).
  • Monitoring: added new option monitoring. When enabled the agent records internal statistics related to resource utilization and performance. This data can be observed via UI using local management endpoint or exported for faster issues root cause analysis. Learn more
  • Configuration: completely reworked static configuration parsing to unify errors and used value types.
  • Configuration: added ability to disable cloud secrets caching for database properties. Learn more
  • Azure Key Vault: added support for Azure credentials encryption.
  • SAP: new IDoc trigger now ignores release version specified and uses same release version as SAP instance in all cases. This trigger notifies SAP about IDoc status updates, so it became possible to find undelivered IDocs.

# v2.13

# v2.13.1

  • On-prem files: fixed issue with an invalid character in file path on Windows.

# v2.13.0

  • Java upgrade: Java version and runtime to 17.0.3.
  • Linux distribution: added RPM and DEB packages.
  • Shutdown procedure: agent waits for OS signals, tries to gracefully finish all running queries, and terminates the agent process. You can use option shutdownTimeoutSeconds to set a custom shutdown timeout; the default value is 300 seconds (5 minutes). We updated bin/shutdown.sh script to support this process. Learn more
  • Cloud logging: enabled by default. Agent logs are sent to Workato for future improvements and bug fixes.
  • HTTP response compression: enabled by default. This guarantees better communication throughput, yet can very slightly increase CPU consumption.
  • Health checks: added mgmt-listen command line option to expose a technical endpoint. Workato recommends that you use it in system health checks, to run OPA inside containerized environment. The undocumented /status endpoint is deprecated; we will de-support it in future releases.
  • Security improvement: upgraded several libraries with potential vulnerabilities identified in the security scan.
  • Custom HTTP SSL options: internal agent communication is no longer affected.
  • Kafka: added Avro and Schema Registry support.

# v2.12

# v2.12.2

  • On-prem files: added actions to delete files and folders
  • MS SQL: fixed the delimiter issue for bulk load action
  • Active Directory: fixed error when using a custom attribute as a search filter

# v2.12.1

  • MS SQL on Windows service: fixed DLL library loading issue
  • SAP: fixed client number issue with leading zeros
  • PostgreSQL: fixed issue related to timestamp with timezones
  • Extended logging: for http 520 error
  • File encoding: Added support for UTF-8 BOM

# v2.12.0

  • Oracle stored procedures: Added support for Table/Object type parameters.
  • MySQL JDBC: Added ability to replace MySQL JDBC driver with a custom version.
  • On-Prem connections: Fixed a connection error caused by on-prem file connections using a root or network base folder.
  • SAP on Windows: Fixed a Windows service shutdown issue occurring when SAP connections are used.
  • Upgrades: Removed python as a dependency for the upgrade Script on Linux and MacOS.

# v2.11

# v2.11.0

  • On-prem gateway: Switched to the new on-prem gateway. Added sg3 and sg4 to the allowlist.
  • On-prem CSV files: Added File Encoding Option to On-prem CSV files triggers and actions.
  • SAP connector: Added support for long-running RFCs in SAP connector.
  • Bulk load: Added SQL Server Bulk Load support.
  • Upgrades: Enhanced upgrade script to perform dependency checks.
  • Uploads: Fixed stale uploads cleanup bug which caused ongoing uploads to be dropped.
  • JMS messages: Fixed non-numeric message properties in JMS messages.
  • Java Runtime Environment: Upgraded to 11.0.15+10.

# v2.10

# 2.10.2

  • Support gzip compression for inbound requests
  • Upgraded Spring framework to the latest version
  • Support for parallel multipart uploads and retries
  • Upload folder is not configurable any more: incomplete uploads will use staging directory (or temporary folder if not configured)
  • Support for SG Data Center
  • Faster connection checks for on-prem file profiles.

# 2.10.1

  • Fixed issue causing the upgrade script to fail due to incorrect version comparison
  • Improved file cleanup for staging folder
  • Configuring a staging folder is no longer required
  • Added support for moving staging files into network folders
  • Fixed issue with inability to detect running OPA process in the shutdown script of some Linux distros

# 2.10.0

  • OPA Secrets manager - Azure Key Vault and Google Secret Manager support
  • Data compression to improve data throughput performance
  • Improved Kafka subscription handling
  • TLS support available for PostgreSQL and MySQL
  • SQLServer: Built-in support for integrated Windows authentication and Azure AD password
  • Added support for Active Directory multi-value attributes
  • Now all the agents from group reads metadata from SAP during launch
  • Server-side SAP configuration is not required when no IDocs are transferred
  • There is no need to connect/disconnect SAP manually when OPA is restarted
  • Added graceful shutdown script for Linux
  • Fixed an issue with parsing of date types for JDBC Export query result action
  • Fixed an issue caused by underscores in file profile names
  • Fixed some typos in the Windows installer
  • Fixed issue with OPA connectivity error on startup

# v2.9

# 2.9.3

  • Support for output parameters in batched SQL statements
  • Fixes reporting of uncategorized SQL errors
  • Fixes crushing on misspelled HTTP endpoint URL
  • Fixes automatic garbage collection for staging folder.

# 2.9.2

  • Improved datetime handling support for Oracle
  • Fixes usage of directory handles on file scan operations

# 2.9.1

  • Fixed issue with metadata returned by on-prem download
  • Improved PostgreSQL timestamp parsing
  • Fixed issue with moving on-prem file to a network folder
  • Fixed problem with running agent on Linux/MacOS with folder path containing spaces

# 2.9.0

  • Added support for AWS secret manager as a password encryption option
  • Support for JMS headers and properties
  • Oracle JDBC driver upgraded to version 21c
  • Fix for on-prem files overwrite flag
  • Configurable BLOB size limit
  • Added support for "Collect IDocs" option of SAP Partner Profile
  • SAP TIMS data type support
  • Fixed metadata caching for input/output of SAP IDocs

# v2.8

# 2.8.1

  • Fixes issues when using Websocket proxy
  • Fixes return of multiple datasets from SQL Server stored procedure.

# 2.8.0

  • Agent now uses OpenJDK 11
  • Fixed issue with RFM/BAPI invocation without IDoc routing
  • Parameterized query for Run custom SQL action
  • JDBC connector triggers/actions
    • New/updated trigger
    • New/updated batch trigger
    • Insert batch action
    • Insert action
    • Update action
    • Delete action
  • Fixed schema issue for on-prem MySQL
  • Oracle JDBC driver updated to version 21c.

# v2.7

# 2.7.2

  • Fixed timeout issue with long on-prem files upload
  • Added Quote Character support for On-Prem File trigger
  • Redshift Connector On-premise support for all actions and triggers
    • New row
    • New/updated row
    • New rows (Batch)
    • New/updated rows (Batch)
    • New/updated rows via custom SQL (Batch)
    • New rows via custom SQL (Batch)
    • Select rows
    • Select rows using custom SQL
    • Insert row
    • Update rows
    • Upsert rows
    • Delete rows
    • Run custom SQL
    • Insert rows (Batch)
    • Update rows (Batch)
    • Upsert rows (Batch)
  • Fixed issue with Linux/MacOS upgrade script used in non-default home folder.

# 2.7.1

  • Fixes "input line is too long" error in password encryptor tool on Windows
  • Allows returning CLOBs as stored procedure output
  • Support for long action SQL queries
  • Fixes issue with NTLM-authenticated responses not providing payload on error
  • Fixes issue with agent shutdown taking too long.

# 2.7.0

  • SAP 2.0 Connector
    • SNC encryption
    • JCo 3.1 support
    • Improved RFC and BAPI performance
    • Added connectivity to multiple SAP RFC destinations simultaneously
    • Improved Config profile format
    • Improved logging
    • Added handling for RAW datatypes
    • Support for custom IDOCs and custom extensions
  • IBM MQ JMS-based connectivity
  • Allow duplicate HTTP headers when using on-prem HTTP.

# v2.6

This is a major upgrade from v2.5. In order to improve reliability and throughput, Workato introduced on-prem groups.

On-prem groups help achieve zero downtime for recipes that involves on-prem connections and prevent data and revenue loss through missing SLAs. All critical workflows running on on-prem connections are kept running 100% of the time because recipe can process jobs successfully even when one of the user’s on-prem servers goes down.

To do so, the OPA will be connecting to an expanded set of Workato on-prem gateways. If you are using a firewall allowlist to explicitly allow OPA traffic to the Workato cloud, you may need to expand the firewall allowlist accordingly.

Learn more about on-prem groups here.

# 2.6.4

  • Fixes batch update issue with invoking callback functions more than once.

# 2.6.3

  • Fix for SAP connector where IDOCs with Custom extensions did not show.
  • Fix for SAP connector for RAW data type handling.
  • Fix for SAP connector for nested structures.

# 2.6.2

  • Allow large HTTP headers.
  • Fixes LDAPS connection issue when using trustAll flag.
  • Support for SQL update-only queries.
  • Improved logging for Active Directory.
  • Fix for SQL Server stored procedure issue.

# 2.6.1

  • Fixes a connectivity issue in v2.6.0.

# 2.6.0

  • Major release.
  • Introduce on-prem groups.
  • Introduce High Availability (HA) and load balancing.

# v2.5

Workato On-prem agent now supports database connection pooling to reduce lag between reconnection attempts. Oracle Binary Large Object (BLOB) size limit has been increased.

# 2.5.7

  • Fixes the issue with connection pool not recycling connections properly.

# 2.5.6

  • Support for database XML types.
  • Ensure that command-line script is fully read for background scripts.
  • Update MySQL JDBC driver.

# 2.5.5

  • Allows canceling database queries on recipe job timeout.
  • Fixes Active Directory issue with retrieving a schema.

# 2.5.4

  • Support for SAP connector array types.
  • Log rotation feature.

# 2.5.3

  • Fixes reconnection delay.
  • Fixes for SAP connector classpath issue.
  • Fixes the issue with uninstalling a Windows service.

# 2.5.2

  • Fixes Windows service configuration shortcut.

# 2.5.1

  • Fixes proxy authentication issues on initial connect.

# 2.5.0

  • Support for database connection pooling.
  • Oracle SELECT performance enhancements.
  • Allow Oracle BLOBs larger than 4000 bytes.
  • Added digital signature to Windows Installer.
  • Windows installer is now able to deploy several agent instances on the same box.
  • Fixes the issue of multiple connection attempts using the same key. When the agent recognizes that two or more agents are using same key, it will stop reconnecting.


Last updated: 3/25/2024, 6:42:30 PM