Server-FIPS 2022.2 Release Notes
Release Note Product Versions | |||
|---|---|---|---|
Version | Date | Release | End of Support |
2022.2.1.39654 | August 24, 2022 | Major | August 24, 2024 |
Important
The 2022.2 release is an Alteryx Server-FIPS release only. Please note that there is not a 2022.2 release for the non-FIPS version of Alteryx Server.
Important
Alteryx Server-FIPS includes a jQuery v.1.9.1 library component that shows on automated penetration-test reports. Alteryx Engineering has reason to believe that the XSS flaws associated with this version of jQuery are not exercisable within the context of the library’s use in Alteryx Server or Alteryx Server-FIPS. We are providing this information to our customers for awareness.
We are working to remove jQuery from Server and Server-FIPS. In the meantime, if you are aware of a working exploit against Alteryx Server which leverages jQuery as a vector, please contact Customer Support with details and any assets necessary to replicate the exploit.
New Features
Alteryx Server-FIPS version 2022.2 is the first release of Server that offers a FIPS 140-2 capable option for customers that require FIPS compliance. FIPS standards are developed by the US National Institute of Standards and Technology (NIST) for use by US government agencies and contractors. For more information about FIPS, go to the NIST FIPS FAQ page.
The general (non-FIPS) release version of Alteryx Server is not capable of FIPS operation. A separate release (and installer) is available under separate license terms, for our FIPS 140-2 customers. Contact your Alteryx Sales Representative for more details.
Server-FIPS 2022.2 has a few features that are not available or limited in function when compared to the previous non-FIPS Server releases. See Alteryx Server and Server-FIPS Feature Differences for reference.
Server-FIPS Requires MongoDB Atlas or MongoDB Enterprise Advanced (MongoDB Community Is Not Available)
MongoDB Community is not FIPS compliant, therefore it is not embedded in Server-FIPS. You need the user-managed Mongo DB Atlas or MongoDB Enterprise Advanced. Accordingly, we removed the Community Mongo from the System Settings. For more information see the Alteryx Server and Server-FIPS Feature Differences help page. For more information about MongoDB, go to the MongoDB Management help page.
Server Settings Specific for FIPS Version
TLS enabled for all services: AlteryxService now supports TLS for internal and direct service layer communication. For the Server-FIPS, TLS is enabled for all services and cannot be disabled. Because of this change, you must install an X.509 (TLS) certificate on the Controller and Server UI nodes. This allows communication between nodes to work with TLS. We recommend installing certificates on all of the machines hosting Server, regardless of their configuration. For more information about the TLS Settings, go to the System Settings help page.
DCM settings: DCM is enabled and cannot be disabled in Server-FIPS. Also, the DCM Enforced mode is enabled and cannot be changed in the FIPS capable version of Server. The DCM benefits include: Securely storing user credentials for data connections outside the workflow, increasing security, improving password credential manageability, and enabling synchronization of credentials between Server and Designer. For more information about DCM, visit the DCM - Server help page.
Enable Scheduler Auto-Connect: This setting is disabled and cannot be enabled for Server-FIPS. Go to the Controller help page for more information.
Encryption and Hashing Updates
Analytic app fields are not encrypted in this release. If you have personal identifying information (PII) in the analytic app fields, that data will not receive extra protection.
Alteryx Server-FIPS uses these FIPS 140-2 certified cryptographic modules:
End User License Agreement
We updated the EULA information to FIPS specific EULA. You can find this info under the global menu (the question mark next to the user name in the Server UI). In the dropdown, select the option ‘End User License Agreement’ for more information.
Server UI Redesign
We’ve redesigned the Notifications, Settings (previously Configuration and Theme), Jobs, Schedules, Media, Workflows, Subscriptions, and Diagnostics admin pages. The functionality of these pages remains the same.
Designer-FIPS Interoperability with Server-FIPS
With the release of Alteryx Server-FIPS 2022.2, you now have access to these options via Designer-FIPS 2022.2:
Open a workflow from Server-FIPS.
Save a workflow to Server-FIPS. Note that the Lock Workflow feature is not available in Designer FIPS and thus is not an option via the Save Workflow modal.
Add a new Server-FIPS connection via Designer-FIPS.
Access to System Settings via Designer-FIPS. Go to Options > Advanced Options > System Settings.
Schedule workflows. Go to Options > Schedule Workflow.
Synchronize DCM between Server-FIPS and Designer-FIPS in the Connection Manager. Go to Designer > File > Manage Connections to open Connection Manager and select Synchronize in the menu.
Known Issues
Known Major Release Version 2022.2.1.39654 | |||
|---|---|---|---|
ID | Description | Version | Issue Status |
TGAL-6264 GCSE-339 | Users are not shown in the Add User dropdown of Data Connections when username is in Japanese characters (Lucene issue). | 2022.2.1.39654 | Known |
TGAL-6357 GCSE-412 | Opening workflow from Server UI immediately exits (Lucene issue). | 2022.2.1.39654 | Known |
TGAL-6394 GS-610 | Daylight Savings Time alters future interval scheduling of jobs/workflows. | 2022.2.1.39654 | Known |
TGAL-6467 GCSE-464 | Daylight Saving Time causing schedules to run at incorrect time and inaccurate schedule data in Server UI. | 2022.2.1.39654 | Known |
TGAL-6706 GCSE-635 | Error opening workflows from the Server UI via Designer, when these workflows were uploaded/migrated via API or Server Admin page and when "Disable direct downloads" is enabled. | 2022.2.1.39654 | Known |
TGAL-6715 GBETA-313 | Server UI Persistence required Web and Search persistence boxes to be filled in. | 2022.2.1.39654 | Known |
TGAL-6720 | API Access Key and API Access Secret are not available for the users created from Users page. | 2022.2.1.39654 | Known |
TGAL-6740 | The POST /v3/workflows/{workflowid}/versions command doesn’t properly upload new versions of the workflow nor does it increment the version number. | 2022.2.1.39654 | Known |
TGAL-6749 | Updating the Account Lockout Time under Security settings is getting reset to default value after reloading the Settings page in Server Admin interface. | 2022.2.1.39654 | Known |
TGAL-6751 | On a Server using SAML, the Admin login page does not display the SAML login screen. | 2022.2.1.39654 | Known |
TGAL-6743 | Base maps may not render in apps that utilize the map input tool depending on your configuration. Refer to Maps tiles do not render in Server UI (Community article) for more information and how to work around this issue. | 2022.2.1.39654 | Known |
Security Updates
Known | |||
|---|---|---|---|
ID | Description | Version | Issue Status |
TGAL-6764 | To be disclosed.* | All 2022.x versions | Known |
TGAL-6772 GCSE-822 | To be disclosed.* | All 2022.x versions | Known |
*In accordance with security best practices and to prevent potential manipulation by bad actors, Alteryx does not disclose the details of any open vulnerability until all supported versions are updated with a fix. Beginning with 2022.3, releases and updates will become available and will continue until the fix has been supplied for all supported versions. To ensure that all versions you use are promptly fixed, regular updates are strongly recommended. More information will be made available once the vulnerability has been fixed for all supported versions that were impacted.