Release Notes

25.2 patch 1

Core

Tot Plugins

Installers

Required manual actions 

Before the upgrade

• Update the deployment kit to its latest version, if not done yet. Review the kit version documentation.

  • Ansible: 25.a2

  • Kubernetes: 25.k1

• If an installation kit provided by Anjana is used, to have the software fully updated it is only necessary to update the artifact versions with the values mentioned in the previous section Affected artifacts, the software takes care of the database changes. Only otherwise, the persistence versions will need to be updated to their latest productive version, manually by the installer.

Optional manual actions

• If there were weightings in SolR, they may need to be regenerated due to the volatile nature of the indexer

• If there is a balanced environment, the following properties must be included in the application.yaml of all horus instances:

  • YAML

    eureka:
      client:
        registerWithEureka: true
        fetchRegistry: true
    

Updates

Updates in deployment kits:

Ansible

Changes and optimizations

• Added tot-plugin-jdbc-snowflake

  • Due to the use of JDK 17, the following must be added at the end of the Snowflake JDBC URL: &JDBC_QUERY_RESULT_FORMAT=JSON

• Fixed error where -t platform was deleting existing public certificates

• Added retries to the monitoring agent download

• Adjusted status endpoint to accept redirects

• Adjusted microservice properties for balanced environments

• Extended timeout for data operations

• Excluded anjanalogs and anjanabackups buckets from import operations

• Optimized backup operations on the anjanabackups bucket

• Added default values for monitoring

• Reduced open standby connection times for local PostgreSQL installation

• Added configuration to prevent unintended restart of microservices during security updates

• Fixed error where folders were not being created correctly in AWS S3

• Added prompt to installer script to enable monitoring

• Added variable to indicate the tot domain in a standalone plugins installation

• Adjusted installer logo size to avoid display errors in terminal

• Fixed error where the installer script was not returning versions correctly when none was specifically entered

Updates in the platform:

• The # character is now allowed in userNames, and the maximum field length is 255 characters.

• All users from the external provider configured in the synchronization are now listed (previously only the first 100).

• New user information from configured external providers is correctly captured during synchronization.

• Tableau publishing in multi-connection format

• Errors in object deletion that generated inconsistencies in states and validations

• Improved object view performance for objects with extensive version history and/or audit trail

• Fix of validations in metadata import

• Fix of ‘infinite’ logout in some installations

• Fix of role list management in workflow configuration

• Fix in Okta/Auth0 configuration management as authentication provider

• Fix in special character handling in Workspace

  • Related incidents: https://anjanadata.atlassian.net/browse/SUP-1609

Updates in the API:

N/A

25.2

Required manual actions 

Before the upgrade

• Update the deployment kit to its latest version, if not done yet. Review the kit version documentation.

  • Ansible: 25.a2

  • Kubernetes: 25.k1

• If an installation kit provided by Anjana is used, to have the software fully updated it is only necessary to update the artifact versions with the values mentioned in the previous section Affected artifacts, the software takes care of the database changes. Only otherwise, the persistence versions will need to be updated to their latest productive version, manually by the installer.

After the upgrade and startup

• From Portuno:

  • Update translation files

  • Calculate full lineage

  • Reindex everything

  • Execute the following endpoint to perform the migration of default and cross roles:

    • curl -L -X GET 'https://<host>/gateway/portuno/api/v1/migration/roles' \ -H 'Authorization: Bearer <token>'

      • The token must have ADMIN or CREDENTIAL_ADMIN permissions

    • It will migrate all user records with cross role that were assigned to regular Organizational Units to the Cross OU, which going forward will be the OU to which users with a cross role must be assigned.

    • It will update the new isDefault flag for roles that were previously configured as default.

    • It will remove from AppConfiguration the record anjana.role.defaultRole, which allowed configuring a default role.

Optional manual actions

• During the upgrade, Anjana creates a user, an organizational unit, a role and an assignment of that OU and role to the user so that, in environments without loaded configuration, the user can log into Portuno to configure. This configuration is optional and can be deleted with this command:

Structural changes

• In the User table of the Zeus database schema, the password_hash column has become nullable to allow the synchronization of users from providers without recovering their credentials in Anjana.

• In the Role table of the Zeus database schema, the is_default column has been added to facilitate the management of application default roles.

Updates

Updates in deployment kits:

Ansible

Breaking changes

• Removed apache2 security mods

• Unified inventories into a single sample

• Updated minio/mc, solr and zookeeper persistence

• Added forced authentication to Solr

• Removed compatibility for multi-instance core deployment with this kit. Balanced mode is maintained

• Standardized file extension to *.yaml

Other changes and optimizations

• Included a hostsB.yaml example file to facilitate balanced architecture installations

• Included all-example.yaml reference file with all possible configuration variables

• Added monitoring support via Java instrumentation and compatibility with Open Telemetry Collector, the latter not included

• Reduced required configuration in microservice configuration templates

• Added ENV vars for connection string control

• Added security.txt file in accordance with RFC9116 standard

• Added /status endpoint for general environment status check

• Removed role check, replaced by /status

• Improved changelog file and renamed to deployment.log

• Added version-report file for installed version matrix

• Added deployment.log as replacement for the old version_report for environment change tracking using the kit

• Migrated anjana alias to anjana command

• Adjusted default variables for persistence authentication

• Adjusted apache2 template to allow /status and /server-status

User synchronization with identity providers

A user synchronization batch has been added that will retrieve user information from configured authentication providers and store it in the database. The purpose of this batch is to simplify management by avoiding the need to manually register users and to facilitate the assignment of permissions to those users.

To configure the batch execution frequency, the system variable anjana.scheduling.synchronizeUsers has been included (see the Functional Configuration Guide for more details). This batch can also be executed from Portuno actions.

 Integration for authentication via SAML

Version 25.2 of Anjana Data incorporates the capability for native integration with identity providers compatible with the SAML 2.0 standard, expanding authentication options and strengthening access security to the platform by leveraging existing security and authentication policies in the enterprise environment, including MFA, session management and conditional access control.

Thanks to this evolution, Anjana Data can be directly integrated with corporate identity management solutions (such as Azure AD, AWS IAM and GCP IAM), allowing users to authenticate with their existing corporate credentials without the need for independent password management within the platform.

New default role capabilities

Up to version 25.1 of Anjana, the default role acted as a generic read role without belonging to an Organizational Unit. In this new version, this role evolves to support the assignment of any permission and behavior in a cross-cutting manner throughout the platform, as well as participation in role-dependent workflows.

To do this, when configuring it, it must be indicated that it is the default role and, automatically, it will be marked as a cross role, applicable to all users and not modifiable while it maintains this condition. Furthermore, it will be possible to configure as many default roles as desired.

This role will appear in the user profile, like any other, indicating that it is cross.

In case the default role acts as a validator in a flow, the step will be automatically approved, since all users inherit it natively, optimizing efficiency in approval and adherence processes.

New cross role capabilities

With the aim of optimizing the management of cross roles and reducing administrative complexity, a key improvement has been introduced in the process of assigning these roles to users.

A fictitious “Cross” Organizational Unit has been incorporated, which is automatically assigned when a user receives a role marked as cross. This new logic eliminates the need to manually select all Organizational Units when configuring a role of this type.

The platform internally interprets this “Cross” OU as equivalent to all existing OUs, ensuring that the role has global validity.

Additionally, control mechanisms are implemented to maintain consistency of the governance model:

• It will not be possible for an administrator to assign a cross role with an OU other than “Cross”, as the system will display a warning and will not allow saving the configuration.

• If you wish to unmark the cross flag from a role, Anjana Data will warn the administrator that they must first reassign or remove that role from all affected users before being able to modify it.

With this new simplified management of cross roles, the batch that reviewed the correct configuration of these roles and notified the administrator was removed, thus suppressing the system variable anjana.scheduling.notification, which allowed its scheduling. The system variable anjana.group.crossName was also removed as it had lost its purpose.

The system variable anjana.group.enableCrossGrouping has been created to group the OUs of Cross roles into a single OU called “Cross”.

UX & UI

A UI update has been carried out on the Anjana interface seeking to improve the user experience:

• The lineage has been given the ability to export it as a .png image.

• In environments with a single authentication provider that is external:

  • A new logout page has been included to avoid redirecting the user to the login page after logging out.

  • The wait for redirection to the provider login has been eliminated.

• Length validation has been included so that the name of a newly created object does not exceed 255 characters.

• In required international text attributes, a warning has been included to notify the user which languages still need to be filled in.

• A button has been added in Portuno Actions to allow on-demand user synchronization.

• A new button has been added in the portal that gives access to the API documentation

New permission

A new permission called API_DOC has been added which, together with the button included in the UX & UI section, will allow loading the API documentation within the application.

ANNEXES

API Changes

Summary of changes made to the API, for more information review the specific API documentation for the version.