Skip to main content

Server-FIPS 2022.2 Release Notes

Release Note Product Versions

Version

Date

Release

End of Support

2022.2.1.39654

August 24, 2022

Major

August 24, 2024

Important

The 2022.2 release is an Alteryx Server-FIPS release only. Please note that there is not a 2022.2 release for the non-FIPS version of Alteryx Server.

Important

Alteryx Server-FIPS includes a jQuery v.1.9.1 library component that shows on automated penetration-test reports. Alteryx Engineering has reason to believe that the XSS flaws associated with this version of jQuery are not exercisable within the context of the library’s use in Alteryx Server or Alteryx Server-FIPS. We are providing this information to our customers for awareness.

We are working to remove jQuery from Server and Server-FIPS. In the meantime, if you are aware of a working exploit against Alteryx Server which leverages jQuery as a vector, please contact Customer Support with details and any assets necessary to replicate the exploit.

New Features

Alteryx Server-FIPS version 2022.2 is the first release of Server that offers a FIPS 140-2 capable option for customers that require FIPS compliance. FIPS standards are developed by the US National Institute of Standards and Technology (NIST) for use by US government agencies and contractors. For more information about FIPS, go to the NIST FIPS FAQ page.

The general (non-FIPS) release version of Alteryx Server is not capable of FIPS operation. A separate release (and installer) is available under separate license terms, for our FIPS 140-2 customers. Contact your Alteryx Sales Representative for more details.

Server-FIPS 2022.2 has a few features that are not available or limited in function when compared to the previous non-FIPS Server releases. See Alteryx Server and Server-FIPS Feature Differences for reference.

Server-FIPS Requires MongoDB Atlas or MongoDB Enterprise Advanced (MongoDB Community Is Not Available)

MongoDB Community is not FIPS compliant, therefore it is not embedded in Server-FIPS. You need the user-managed Mongo DB Atlas or MongoDB Enterprise Advanced. Accordingly, we removed the Community Mongo from the System Settings. For more information see the Alteryx Server and Server-FIPS Feature Differences help page. For more information about MongoDB, go to the MongoDB Management help page.

Server Settings Specific for FIPS Version

  • TLS enabled for all services: AlteryxService now supports TLS for internal and direct service layer communication. For the Server-FIPS, TLS is enabled for all services and cannot be disabled. Because of this change, you must install an X.509 (TLS) certificate on the Controller and Server UI nodes. This allows communication between nodes to work with TLS. We recommend installing certificates on all of the machines hosting Server, regardless of their configuration. For more information about the TLS Settings, go to the System Settings help page.

  • DCM settings: DCM is enabled and cannot be disabled in Server-FIPS. Also, the DCM Enforced mode is enabled and cannot be changed in the FIPS capable version of Server. The DCM benefits include: Securely storing user credentials for data connections outside the workflow, increasing security, improving password credential manageability, and enabling synchronization of credentials between Server and Designer. For more information about DCM, visit the DCM - Server help page.

  • Enable Scheduler Auto-Connect: This setting is disabled and cannot be enabled for Server-FIPS. Go to the Controller help page for more information.

Encryption and Hashing Updates

  • Analytic app fields are not encrypted in this release. If you have personal identifying information (PII) in the analytic app fields, that data will not receive extra protection.

  • Alteryx Server-FIPS uses these FIPS 140-2 certified cryptographic modules:

    • OpenSSL version 3.0.0 – OpenSSL FIPS Provider – Review Pending – algorithm certs (A1938)[1]

    • Windows 10 - Cryptographic Primitives Library - Certificate #3197

End User License Agreement

We updated the EULA information to FIPS specific EULA. You can find this info under the global menu (the question mark next to the user name in the Server UI). In the dropdown, select the option ‘End User License Agreement’ for more information.

Server UI Redesign

We’ve redesigned the Notifications, Settings (previously Configuration and Theme), Jobs, Schedules, Media, Workflows, Subscriptions, and Diagnostics admin pages. The functionality of these pages remains the same.

Designer-FIPS Interoperability with Server-FIPS

With the release of Alteryx Server-FIPS 2022.2, you now have access to these options via Designer-FIPS 2022.2:

  • Open a workflow from Server-FIPS.

  • Save a workflow to Server-FIPS. Note that the Lock Workflow feature is not available in Designer FIPS and thus is not an option via the Save Workflow modal.

  • Add a new Server-FIPS connection via Designer-FIPS.

  • Access to System Settings via Designer-FIPS. Go to Options > Advanced Options > System Settings.

  • Schedule workflows. Go to Options > Schedule Workflow.

  • Synchronize DCM between Server-FIPS and Designer-FIPS in the Connection Manager. Go to Designer > File > Manage Connections to open Connection Manager and select Synchronize in the menu.

Known Issues

Known

Major Release Version 2022.2.1.39654

ID

Description

Version

Issue Status

TGAL-6264

GCSE-339

Users are not shown in the Add User dropdown of Data Connections when username is in Japanese characters (Lucene issue).

2022.2.1.39654

Known

TGAL-6357

GCSE-412

Opening workflow from Server UI immediately exits (Lucene issue).

2022.2.1.39654

Known

TGAL-6394

GS-610

Daylight Savings Time alters future interval scheduling of jobs/workflows.

2022.2.1.39654

Known

TGAL-6467

GCSE-464

Daylight Saving Time causing schedules to run at incorrect time and inaccurate schedule data in Server UI.

2022.2.1.39654

Known

TGAL-6706

GCSE-635

Error opening workflows from the Server UI via Designer, when these workflows were uploaded/migrated via API or Server Admin page and when "Disable direct downloads" is enabled.

2022.2.1.39654

Known

TGAL-6715

GBETA-313

Server UI Persistence required Web and Search persistence boxes to be filled in.

2022.2.1.39654

Known

TGAL-6720

API Access Key and API Access Secret are not available for the users created from Users page.

2022.2.1.39654

Known

TGAL-6740

The POST /v3/workflows/{workflowid}/versions command doesn’t properly upload new versions of the workflow nor does it increment the version number.

2022.2.1.39654

Known

TGAL-6749

Updating the Account Lockout Time under Security settings is getting reset to default value after reloading the Settings page in Server Admin interface.

2022.2.1.39654

Known

TGAL-6751

On a Server using SAML, the Admin login page does not display the SAML login screen.

2022.2.1.39654

Known

TGAL-6743

Base maps may not render in apps that utilize the map input tool depending on your configuration. Refer to Maps tiles do not render in Server UI (Community article) for more information and how to work around this issue.

2022.2.1.39654

Known

Security Updates

Known

ID

Description

Version

Issue Status

TGAL-6764

To be disclosed.*

All 2022.x versions

Known

TGAL-6772

GCSE-822

To be disclosed.*

All 2022.x versions

Known

*In accordance with security best practices and to prevent potential manipulation by bad actors, Alteryx does not disclose the details of any open vulnerability until all supported versions are updated with a fix. Beginning with 2022.3, releases and updates will become available and will continue until the fix has been supplied for all supported versions. To ensure that all versions you use are promptly fixed, regular updates are strongly recommended. More information will be made available once the vulnerability has been fixed for all supported versions that were impacted.