Server-FIPS 2022.2 Release Notes

Version:
2022.2 FIPS
Last modified: June 26, 2023

  

Release Note Product Versions
Version Date Release End of Support
2022.2.1.39654 August 24, 2022 Major August 24, 2024

The 2022.2 release is an Alteryx Server-FIPS release only. Please note that there is not a 2022.2 release for the non-FIPS version of Alteryx Server.

Alteryx Server-FIPS includes a jQuery v.1.9.1 library component that shows on automated penetration-test reports. Alteryx Engineering has reason to believe that the XSS flaws associated with this version of jQuery are not exercisable within the context of the library’s use in Alteryx Server or Alteryx Server-FIPS. We are providing this information to our customers for awareness.

We are working to remove jQuery from Server and Server-FIPS. In the meantime, if you are aware of a working exploit against Alteryx Server which leverages jQuery as a vector, please contact Customer Support with details and any assets necessary to replicate the exploit.

New Features

Alteryx Server-FIPS version 2022.2 is the first release of Server that offers a FIPS 140-2 capable option for customers that require FIPS compliance. FIPS standards are developed by the US National Institute of Standards and Technology (NIST) for use by US government agencies and contractors. For more information about FIPS, go to the NIST FIPS FAQ page.

The general (non-FIPS) release version of Alteryx Server is not capable of FIPS operation. A separate release (and installer) is available under separate license terms, for our FIPS 140-2 customers. Contact your Alteryx Sales Representative for more details.

Server-FIPS 2022.2 has a few features that are not available or limited in function when compared to the previous non-FIPS Server releases. See Alteryx Server and Server-FIPS Feature Differences for reference.

Server-FIPS Requires MongoDB Atlas or MongoDB Enterprise Advanced (MongoDB Community Is Not Available)

MongoDB Community is not FIPS compliant, therefore it is not embedded in Server-FIPS. You need the user-managed Mongo DB Atlas or MongoDB Enterprise Advanced. Accordingly, we removed the Community Mongo from the System Settings. For more information see the Alteryx Server and Server-FIPS Feature Differences help page. For more information about MongoDB, go to the MongoDB Management help page.

Server Settings Specific for FIPS Version

  • TLS enabled for all services: AlteryxService now supports TLS for internal and direct service layer communication. For the Server-FIPS, TLS is enabled for all services and cannot be disabled. Because of this change, you must install an X.509 (TLS) certificate on the Controller and Server UI nodes. This allows communication between nodes to work with TLS. We recommend installing certificates on all of the machines hosting Server, regardless of their configuration. For more information about the TLS Settings, go to the System Settings help page. 
  • DCM settings: DCM is enabled and cannot be disabled in Server-FIPS. Also, the DCM Enforced mode is enabled and cannot be changed in the FIPS capable version of Server. The DCM benefits include: Securely storing user credentials for data connections outside the workflow, increasing security, improving password credential manageability, and enabling synchronization of credentials between Server and Designer. For more information about DCM, visit the DCM - Server help page.
  • Enable Scheduler Auto-Connect: This setting is disabled and cannot be enabled for Server-FIPS. Go to the Controller help page for more information.

Encryption and Hashing Updates

  • Analytic app fields are not encrypted in this release. If you have personal identifying information (PII) in the analytic app fields, that data will not receive extra protection.
  • Alteryx Server-FIPS uses these FIPS 140-2 certified cryptographic modules:
    • OpenSSL version 3.0.0 – OpenSSL FIPS Provider – Review Pending – algorithm certs (A1938)[1]
    • Windows 10 - Cryptographic Primitives Library - Certificate #3197

End User License Agreement

We updated the EULA information to FIPS specific EULA. You can find this info under the global menu (the question mark next to the user name in the Server UI). In the dropdown, select the option ‘End User License Agreement’ for more information.

Server UI Redesign

We’ve redesigned these admin pages: Notifications, Settings (previously Configuration and Theme), Jobs, Schedules, Media, Insights, Workflows, Subscriptions, Data Connections, Districts, Pages, and Links. The functionality of these pages remains the same. We also redesigned the Diagnostics page. Updates include an easier to read worker node section and clearer field names. Please note we have removed the "unassigned jobs indicator" for worker nodes. 

Designer-FIPS Interoperability with Server-FIPS

With the release of Alteryx Server-FIPS 2022.2, you now have access to these options via Designer-FIPS 2022.2:

  • Open a workflow from Server-FIPS.

  • Save a workflow to Server-FIPS. Note that the Lock Workflow feature is not available in Designer FIPS and thus is not an option via the Save Workflow modal.

  • Add a new Server-FIPS connection via Designer-FIPS.

  • Access to System Settings via Designer-FIPS. Go to Options > Advanced Options > System Settings.

  • Schedule workflows. Go to Options > Schedule Workflow.

  • Synchronize DCM between Server-FIPS and Designer-FIPS in the Connection Manager. Go to Designer > File > Manage Connections to open Connection Manager and select Synchronize in the menu.

 

Fixed and Known Issues

Fixed

Minor Release Version 2022.2.2.42336

ID Description Version Issue Status
TGAL-7016 Backporting strong encryption and map rendering fixes. 2022.2.2.42336 Fixed

TPRI-639

GCSE-530

In versions 2021.4+, only the workflow owner and curators can access Workflow Settings. In the previous releases, all users with access to the workflow could access Workflow Settings. 2022.2.2.42336 Fixed

Known

Major Release Version 2022.2.1.39654

ID Description Version Issue Status
TGAL-6264
GCSE-339
Users are not shown in the Add User dropdown of Data Connections when username is in Japanese characters (Lucene issue). 2022.2.1.39654 Known
TGAL-6357
GCSE-412
Opening workflow from Server UI immediately exits (Lucene issue). 2022.2.1.39654 Known
TGAL-6394
GS-610
Daylight Savings Time alters future interval scheduling of jobs/workflows. 2022.2.1.39654 Known
TGAL-6467
GCSE-464
Daylight Saving Time causing schedules to run at incorrect time and inaccurate schedule data in Server UI. 2022.2.1.39654 Known
TGAL-6706
GCSE-635
Error opening workflows from the Server UI via Designer, when these workflows were uploaded/migrated via API or Server Admin page and when "Disable direct downloads" is enabled. 2022.2.1.39654 Known
TGAL-6715
GBETA-313
Server UI Persistence required Web and Search persistence boxes to be filled in. 2022.2.1.39654 Known
TGAL-6720 API Access Key and API Access Secret are not available for the users created from Users page. 2022.2.1.39654 Known
TGAL-6740 The POST /v3/workflows/{workflowid}/versions command doesn’t properly upload new versions of the workflow but increments the version number. 2022.2.1.39654 Known
TGAL-6749 Updating the Account Lockout Time under Security settings is getting reset to default value after reloading the Settings page in Server Admin interface. 2022.2.1.39654 Known
TGAL-6751 On a Server using SAML, the Admin login page does not display the SAML login screen. 2022.2.1.39654 Known
TGAL-6743 Base maps may not render in apps that utilize the map input tool depending on your configuration. Refer to Maps tiles do not render in Server UI (Community article) for more information and how to work around this issue. 2022.2.1.39654 Known

Security Updates

Known

ID Description Version Issue Status
TGAL-6764

To be disclosed.*

All 2022.x versions Known

TGAL-6772

GCSE-822

To be disclosed.* All 2022.x versions Known

*In accordance with security best practices and to prevent potential manipulation by bad actors, Alteryx does not disclose the details of any open vulnerability until all supported versions are updated with a fix. Beginning with 2022.3, releases and updates will become available and will continue until the fix has been supplied for all supported versions. To ensure that all versions you use are promptly fixed, regular updates are strongly recommended. More information will be made available once the vulnerability has been fixed for all supported versions that were impacted.

Was This Page Helpful?

Running into problems or issues with your Alteryx product? Visit the Alteryx Community or contact support. Can't submit this form? Email us.