# On-prem Agent Version Notes
The latest version of the Workato On-Premise Agent (OPA) is
Learn more about how to upgrade your OPA version.
This release introduces the new activation flow for on-prem agents. For newly created agents, the private key used for the encryption of data transfers is now automatically generated and stored locally.
See the updated installation flow for Windows OS here. Additionally, you can find updated installation flow for Linux DEB package and Linux RPM package.
- Security: improved PKI activation flow.
- Security: trust certificates issued by
Let's Encryptby default.
- Security: upgraded several libraries following OWASP recommendations.
- RecipeOps: This version supports new Workato RecipeOps trigger (opens new window) to monitor unexpected on-prem agent connectivity issues.
- System: agent performance data is now sent to Workato for future analysis and improvements; no additional configuration is required. See here for more information.
- System: cloud logging feature no longer requires additional configuration.
- MS SQL: added support for
- MySQL: added support for
- Kafka: improved validation of
- SAP: fixed schema generation and retrieval of custom-enhanced IDocs.
- SAP: fixed
Data was lost while copying a valueerror when loading RFMs.
- Security: Java runtime upgraded to version 17.0.6+10.
- Security: PostgreSQL database driver updated to version 42.5.4.
- JMS: added redelivery options for ActiveMQ, by default number of retries is now unlimited.
- Debug: print full certificate details when TLS handshake fails.
- Windows: default encoding changed to UTF-8.
- Windows: installation updated to use the latest Windows service wrapper library.
- SAP: fixed multiple connections issue.
- JMS, Kafka, SAP: additional firewall configuration for these triggers is no longer required.
- Security: switched to TLSv1.3 for gateway tunnel connections.
- Performance: disabled buffering for database-related requests to reduce memory consumption.
- Kafka: added support for AVRO-encoded message keys.
- Kafka: upgraded
kafka-clientslibrary to version
- SAP: added support for
- SAP: implemented stateful RFC support, minimum required
SAP JColibrary version is 3.1.7.
- MySQL: fixed timezone issue for datetime columns in version 8.*.
- MySQL: result set streaming is enabled by default.
This release introduces more strict approach to validation of third-party TLS certificates, potentially affecting behavior of on-prem HTTP connector. Using self-signed certificates may require additional setup, see On-prem http profile for details.
- HTTP: trustAll default behavior is changed, added support for self-signed certificates and mTLS.
- HTTP: fixed Bad Request errors while using encoded characters.
- JMS: connector no longer uses local database to store JMS subscriptions. Support for High Availability mode has been added.
- Kafka: added support for message headers.
- Security: upgraded
Jettylibraries to the latest versions.
- Database: added bulk triggers support.
- Linux: added fontconfig and bash dependencies for Linux DEB/RPM packages.
- SAP: dropped support of SAP JCo 3.0. Minimum required version is SAP JCo 3.1.7.
- SAP: SAP RFC connector does not attempt to subscribe for inbound IDocs if
- SAP: SAP RFC connector ignores redundant IDoc release version.
- SAP: system information can be retrieved even if EP8 is not installed (Error
JCoTable of type TT_INSTTU is empty). On-prem agent have to be explicitly authorized to use function module
- Configuration: added cloud profiles support which allows setting up on-prem connections directly in Workato.
- JMS: added support for headers and binary messages.
- Network: rolled back to default TLS implementation and SNI.
- Network: fixed bug during gateway reconnection.
- Security: upgraded to JRE 17.0.5+8.
- Security: upgraded Commons Text library.
- Encryptor tool: fixed initialization error after libraries upgrade.
- Network: added support for DNS requests through proxy.
- Command-line scripts: added error output into process execution result with non-zero exit code.
- Security: added TLS
strictoption for HTTP and SSL configuration.
- Linux DEB/RPM: fixed errors during package re-installation.
- SAP: connector doesn't use local file to store IDoc subscriptions and supports HA mode.
- Security: replaced internal agent web server to improve security and performance. This server doesn't use any port on localhost for processing requests by default. Launch options
publicare no longer valid and will be completely removed in the future releases. Deprecated endpoint
/statusis not available anymore.
- Security: added an internal feature to route outgoing HTTP requests throughout the gateway instead of direct calls to
- Security: fixed behavior when several agents are running with the same certificates. Now latest launched instance will continue to run while conflicting ones shutdown gracefully.
- Security: log events with
TRACElevel aren't sent into cloud storage anymore (if cloud logging feature is used).
- Monitoring: added new option
monitoring. When enabled the agent records internal statistics related to resource utilization and performance. This data can be observed via UI using local management endpoint or exported for faster issues root cause analysis. Learn more
- Configuration: completely reworked static configuration parsing to unify errors and used value types.
- Configuration: added ability to disable cloud secrets caching for database properties. Learn more
- Azure Key Vault: added support for Azure credentials encryption.
- SAP: new IDoc trigger now ignores release version specified and uses same release version as SAP instance in all cases. This trigger notifies SAP about IDoc status updates, so it became possible to find undelivered IDocs.
- On-prem files: fixed issue with an invalid character in file path on Windows.
- Java upgrade: Java version and runtime to 17.0.3.
- Linux distribution: added RPM and DEB packages.
- Shutdown procedure: agent waits for OS signals, tries to gracefully finish all running queries, and terminates the agent process. You can use option
shutdownTimeoutSecondsto set a custom shutdown timeout; the default value is 300 seconds (5 minutes). We updated
bin/shutdown.shscript to support this process. Learn more
- Cloud logging: enabled by default. Agent logs are sent to Workato for future improvements and bug fixes.
- HTTP response compression: enabled by default. This guarantees better communication throughput, yet can very slightly increase CPU consumption.
- Health checks: added
mgmt-listencommand line option to expose a technical endpoint. Workato recommends that you use it in system health checks, to run OPA inside containerized environment. The undocumented
/statusendpoint is deprecated; we will de-support it in future releases.
- Security improvement: upgraded several libraries with potential vulnerabilities identified in the security scan.
- Custom HTTP SSL options: internal agent communication is no longer affected.
- Kafka: added Avro and Schema Registry support.
- On-prem files: added actions to delete files and folders
- MS SQL: fixed the delimiter issue for bulk load action
- Active Directory: fixed error when using a custom attribute as a search filter
- MS SQL on Windows service: fixed DLL library loading issue
- SAP: fixed client number issue with leading zeros
- PostgreSQL: fixed issue related to timestamp with timezones
- Extended logging: for http 520 error
- File encoding: Added support for UTF-8 BOM
- Oracle stored procedures: Added support for Table/Object type parameters.
- MySQL JDBC: Added ability to replace MySQL JDBC driver with a custom version.
- On-Prem connections: Fixed a connection error caused by on-prem file connections using a root or network base folder.
- SAP on Windows: Fixed a Windows service shutdown issue occurring when SAP connections are used.
- Upgrades: Removed python as a dependency for the upgrade Script on Linux and MacOS.
- On-prem gateway: Switched to the new on-prem gateway. Added
sg4to the allowlist.
- On-prem CSV files: Added File Encoding Option to On-prem CSV files triggers and actions.
- SAP connector: Added support for long-running RFCs in SAP connector.
- Bulk load: Added SQL Server Bulk Load support.
- Upgrades: Enhanced upgrade script to perform dependency checks.
- Uploads: Fixed stale uploads cleanup bug which caused ongoing uploads to be dropped.
- JMS messages: Fixed non-numeric message properties in JMS messages.
- Java Runtime Environment: Upgraded to 11.0.15+10.
- Support gzip compression for inbound requests
- Upgraded Spring framework to the latest version
- Support for parallel multipart uploads and retries
- Upload folder is not configurable any more: incomplete uploads will use staging directory (or temporary folder if not configured)
- Support for SG datacenter
- Faster connection checks for on-prem file profiles.
- Fixed issue causing the upgrade script to fail due to incorrect version comparison
- Improved file cleanup for staging folder
- Configuring a staging folder is no longer required
- Added support for moving staging files into network folders
- Fixed issue with inability to detect running OPA process in the shutdown script of some Linux distros
- OPA Secrets manager - Azure Key Vault and Google Secret Manager support
- Data compression to improve data throughput performance
- Improved Kafka subscription handling
- TLS support available for PostgreSQL and MySQL
- SQLServer: Built-in support for integrated Windows authentication and Azure AD password
- Added support for Active Directory multi-value attributes
- Now all the agents from group reads metadata from SAP during launch
- Server-side SAP configuration is not required when no IDocs are transferred
- There is no need to connect/disconnect SAP manually when OPA is restarted
- Added graceful shutdown script for Linux
- Fixed an issue with parsing of date types for JDBC Export query result action
- Fixed an issue caused by underscores in file profile names
- Fixed some typos in the Windows installer
- Fixed issue with OPA connectivity error on startup
- Support for output parameters in batched SQL statements
- Fixes reporting of uncategorized SQL errors
- Fixes crushing on misspelled HTTP endpoint URL
- Fixes automatic garbage collection for staging folder.
- Improved datetime handling support for Oracle
- Fixes usage of directory handles on file scan operations
- Fixed issue with metadata returned by on-prem download
- Improved PostgreSQL timestamp parsing
- Fixed issue with moving on-prem file to a network folder
- Fixed problem with running agent on Linux/MacOS with folder path containing spaces
- Added support for AWS secret manager as a password encryption option
- Support for JMS headers and properties
- Oracle JDBC driver upgraded to version 21c
- Fix for on-prem files overwrite flag
- Configurable BLOB size limit
- Added support for "Collect IDocs" option of SAP Partner Profile
- SAP TIMS data type support
- Fixed metadata caching for input/output of SAP IDocs
- Fixes issues when using Websocket proxy
- Fixes return of multiple datasets from SQL Server stored procedure.
- Agent now uses OpenJDK 11
- Fixed issue with RFM/BAPI invocation without IDoc routing
- Parameterized query for Run custom SQL action
- JDBC connector triggers/actions
- New/updated trigger
- New/updated batch trigger
- Insert batch action
- Insert action
- Update action
- Delete action
- Fixed schema issue for on-prem MySQL
- Oracle JDBC driver updated to version 21c.
- Fixed timeout issue with long on-prem files upload
- Added Quote Character support for On-Prem File trigger
- Redshift Connector On-premise support for all actions and triggers
- New row
- New/updated row
- New rows (Batch)
- New/updated rows (Batch)
- New/updated rows via custom SQL (Batch)
- New rows via custom SQL (Batch)
- Select rows
- Select rows using custom SQL
- Insert row
- Update rows
- Upsert rows
- Delete rows
- Run custom SQL
- Insert rows (Batch)
- Update rows (Batch)
- Upsert rows (Batch)
- Fixed issue with Linux/MacOS upgrade script used in non-default home folder.
- Fixes "input line is too long" error in password encryptor tool on Windows
- Allows returning CLOBs as stored procedure output
- Support for long action SQL queries
- Fixes issue with NTLM-authenticated responses not providing payload on error
- Fixes issue with agent shutdown taking too long.
- SAP 2.0 Connector
- SNC encryption
- JCo 3.1 support
- Improved RFC and BAPI performance
- Added connectivity to multiple SAP RFC destinations simultaneously
- Improved Config profile format
- Improved logging
- Added handling for RAW datatypes
- Support for custom IDOCs and custom extensions
- IBM MQ JMS-based connectivity
- Allow duplicate HTTP headers when using on-prem HTTP.
This is a major upgrade from v2.5. In order to improve reliability and throughput, Workato introduced on-prem groups.
On-prem groups help achieve zero downtime for recipes that involves on-prem connections and prevent data and revenue loss through missing SLAs. All critical workflows running on on-prem connections are kept running 100% of the time because recipe can process jobs successfully even when one of the user’s on-prem servers goes down.
To do so, the OPA will be connecting to an expanded set of Workato on-prem gateways. If you are using a firewall allowlist to explicitly allow OPA traffic to the Workato cloud, you may need to expand the firewall allowlist accordingly.
Learn more about on-prem groups here.
- Fixes batch update issue with invoking callback functions more than once.
- Fix for SAP connector where IDOCs with Custom extensions did not show.
- Fix for SAP connector for RAW data type handling.
- Fix for SAP connector for nested structures.
- Allow large HTTP headers.
- Fixes LDAPS connection issue when using
- Support for SQL update-only queries.
- Improved logging for Active Directory.
- Fix for SQL Server stored procedure issue.
- Fixes a connectivity issue in v2.6.0.
- Major release.
- Introduce on-prem groups.
- Introduce High Availability (HA) and load balancing.
Workato On-prem agent now supports database connection pooling to reduce lag between reconnection attempts. Oracle Binary Large Object (BLOB) size limit has been increased.
- Fixes the issue with connection pool not recycling connections properly.
- Support for database XML types.
- Ensure that command-line script is fully read for background scripts.
- Update MySQL JDBC driver.
- Allows canceling database queries on recipe job timeout.
- Fixes Active Directory issue with retrieving a schema.
- Support for SAP connector array types.
- Log rotation feature.
- Fixes reconnection delay.
- Fixes for SAP connector classpath issue.
- Fixes the issue with uninstalling a Windows service.
- Fixes Windows service configuration shortcut.
- Fixes proxy authentication issues on initial connect.
- Support for database connection pooling.
- Oracle SELECT performance enhancements.
- Allow Oracle BLOBs larger than 4000 bytes.
- Added digital signature to Windows Installer.
- Windows installer is now able to deploy several agent instances on the same box.
- Fixes the issue of multiple connection attempts using the same key. When the agent recognizes that two or more agents are using same key, it will stop reconnecting.