# Ascent 2.11.0 ### **Platform-Wide Highlight: Casdoor Integration** This release introduces full integration with **Casdoor**, our new authentication and authorization system - a foundational upgrade to Apica’s identity and access management model. #### Key Benefits: * **Centralized Login & Session Management**: Secure, unified authentication across all modules. * **Fine-Grained Policy Enforcement**: Access control enforced at the resource level for dashboards, alerts, plugins, and more. * **Enhanced Security**: * Secure, HTTP-only cookies * Configurable idle timeouts (default 20 mins) * Rate-limiting and account lockout after failed logins * Restriction on concurrent sessions * **Future-Ready**: Lays the groundwork for modern authentication methods including OAuth and biometric logins like Face ID and for advanced features such as user impersonation and compliance-driven access control. * **Role and Policy Sync with Casdoor**\ When you delete a role in Ascent, all related user-role and policy mappings are now also removed from Casdoor, keeping your identity platform and Ascent in sync. *** ### **Observe** #### New Features * Casdoor Authorization Integration. * YAML-based support added for creating: * Alerts * Queries * Data sources * Dashboards (via DataExplorer) * Oracle DB is now supported as a data source. **Policy Management** * A brand-new **Policy Management** screen is now available under the **IAM** section in Settings. * Admins can create, assign, and manage policies directly from the UI. * Resources such as users, dashboards, alerts, data sources, and plugins can now be managed via policies. * A new **resource table** with search and a **Select All** option improves policy creation workflows. * The modal for selecting resources within policy management has been improved. It now includes a search bar, a better-organized list, multi-select, a preview option, and clear action buttons, making large resource lists much more manageable. **Security Enhancements** * Casdoor sessions now use secure, HTTP-only cookies. * Idle session timeout is configurable; all cookies are cleared upon logout. * Accounts are locked after 3 failed login attempts. * Concurrent logins with the same credentials are blocked. * Sessions now terminate explicitly during logout. * TLS/SSL usage enforced across the board. * Session login ID is rotated after each login to prevent fixation attacks. **Expanded Role and Permission Enforcement** * Policies and permissions are now enforced for key entities including: * Dashboards, queries, metrics, alerts, input plugins, and services. * Backend access control is fully enforced using Casdoor's policy engine. **API and Documentation Improvements** * Flash API Swagger documentation is now complete and publicly accessible. * Enhanced Swagger docs for pipelines, dashboards, widgets, events, and more. * Tags and Resources APIs now support **pagination and search**. **User Experience** * The UI now handles session expiration and logout scenarios gracefully. * The app can now follow your system’s dark/light mode automatically. *** #### Changes and Improvements **Performance and Usability** * Route-level authorization prevents access via direct URLs for unauthorized users. * UI animations optimized for faster load times. * Font download size reduced by 40%. * Minor improvements to batch enforcement logic on the user list page. * The batch enforcement function for Ascent resources now includes working pagination and user feedback, including loading indicators for longer operations. * When typing in the dashboard search bar before dashboard data loads, search text will be preserved and the search will still run when the data is ready. **API and Backend** * Tag and resource syncing refactored for data integrity. * Migration scripts now clean up deprecated dashboards and migrate datasource groups to policies. **UI and Visualization** * Dashboard and pipeline pages updated with better grouping and detail views. * Widgets now support: * Full-screen mode * Exponential value formatting * Visual fixes for cancel buttons, logo alignment in shared dashboards, and widget resizing. * It’s now possible to see whether dashboards and queries are published or not. This visibility was missing in previous versions. *** #### Bug Fixes * Fixed issue where API key field was reset after editing user groups. * `/users/me` no longer crashes if permissions are missing; user is redirected cleanly. * Dashboard API now correctly honors Casdoor-based permissions. * Check group view shows accurate check counts for all levels. * Counter visualizations now support text color changes and unselection behavior. * Data Explorer no longer hangs when a saved query is deleted. * Visual fixes for dark mode, Y-axis labels, and widget resizing. * Logout message now shown properly; session timeouts handled smoothly. * Alerts page behaves predictably when data is missing; no more random column rendering. * Email formatting fixed in “Generate Password” emails. * Reduced redundant calls to `/api/alerts`. * Corrected role-to-group linkage. * Search fields in Queries now handle special characters like `%` correctly, so all queries return as expected when you use symbols. *** ### **Fleet** #### New Features **Policy Management for Fleet** * Policies can now be applied to **package applications** and fleet-specific actions based on user roles. * A streamlined UI makes it easier to manage fleet permissions via Casdoor integration. **Agent Management** * Agents can be filtered by hostname, version, type, or name. * Agent detail pages now cache responses with defined stale times for faster loading. * Added **force refresh** option to pull the latest agent data. **Configuration and Packages** * Deployed agents auto-refresh every 30 seconds for real-time status. **Security and Access** * **Casbin now supports multiple roles per user**, enabling more flexible access models. * Vault and certificate access now uses IDs instead of names. *** #### Changes and Improvements * Admin check removed for `get/set account repo` endpoint. * Agent detail performance improved with caching and backend load reduction. * Agent-related tables now reload in real time. * Fleet entities are now registered in the resource table for consistent access control. * CI pipeline enhancements with mandatory test coverage. *** #### Bug Fixes * Fixed CPU spikes when agents are stopped. * Fixed Kubernetes agent package import failures. * GUI now properly supports creating configs for Kubernetes. * Searching on the Fleet Agents page now waits until you finish typing (not on every keystroke), which means faster searches and less load on the server. * When a new config file is assigned to an agent, its deployment state is updated correctly and won’t remain stuck as “new.” *** ### **Ascent Synthetics** #### New Features **Scenario Management** * GitLab integration added for repo profiles (joins GitHub, Azure, Bitbucket support). * Browser Scenario updates: * Drag & drop steps * Real-time progress updates * Cancel during test run * Bulk step deletion * Improved tooltips **UI/UX Enhancements** * Auto-refresh added to all check views (Map, List, Grouped). * Upload buttons and labels better aligned. * Improved error handling for certificate creation. * Icons and padding polished across scenario views. **Policy & Permissions** * Tag management and private location access now governed by policies. * SLA alignment and group filters improved on check visualizations. * Checks data source now supports multi-check results. *** #### Changes and Improvements * Improved validation for certificate management. * Button labels and filter UI match latest design guidelines. * Refined scenario group management and conditional rendering. * Kafka client updated to use **franz**. * Check runner supports host exclusions for proxy cases. * Extended function support: `encode`, `decode`, `text`, `mask`, `net`, `time`. *** #### Bug Fixes * Removed duplicate entries in `casbin_user_rule` and fixed group mismatch. * Fixed persistence issue with permission-role mappings on Flash restart. * Addressed check runner bugs with self-signed certs and resource URL normalization. * Zebratester checks now render all expected steps. * Various fixes for compound checks, location rendering, and UI spacing. * Sorting scenarios by name now works as intended in the Scenario Management area. *** ### **Flow** #### New Features * Forward rules now integrated into pipeline processing. * Enriched Swagger documentation for pipelines with examples. * New **Visualize** mode added to the pipeline management page. *** #### Changes and Improvements * Build process updated with stricter test enforcement. * Server-side filtering and execution order support for pipelines. * Grouping enhancements for shared rules by namespace and app. *** #### Bug Fixes * Fixed graph rendering issues in pipeline metrics. * Resolved certificate creation and encrypted secret issues in Vault. * The group dropdown selector in the Rules tab for Pipelines rules now appears correctly. * You can now search for alerts by name or keyword in the Alerts section of the Pipelines dashboard, and the results will update immediately. * The action buttons under Pipelines now include explanatory tooltips. Hovering over an icon will show what it does. *** ### **IronDB** #### New Features * Grafana plugin updates: * Cleaned up IRONdb datasource links * Updated signing and deployment instructions * (Planned) support for React-based plugin development *** #### Changes and Improvements * Lowered broker startup memory footprint. * Upgraded Flatbuffers for security. * Enhanced Kafka config via `librdkafka`. *** #### Bug Fixes * Fixed Coverity and ASAN build issues. * Resolved Prometheus ingestion problems during IRONdb reconstitute. * Fixed Graphite Web handling of empty arrays. * Addressed logging and dropped message scenarios in IRONdb Relay. * Fixed compilation with GCC 13 and Ubuntu 24.04. *** ### **ASM Legacy** #### New Features * New API endpoints added for check management in Ascent On-Prem. * Improved support for editing and viewing all check types. *** #### Changes and Improvements * Updated default RTSE settings. * Improved integration profile and webhook handling. *** #### Bug Fixes * Fixed visibility issues for Videnca reports on specific silos. * Fixed filtering and interval behavior for manual mobile app checks. * ASM API fixes for check config and host exclusions. * SSL handshake and script execution issues resolved. * Fixed deprecated URL references and UI bugs in JSONPath extractor. *** ### **General Improvements** * **Documentation**: Swagger specs enhanced across the platform. * **Performance**: Backend syncing tasks are faster and more stable. * **Accessibility**: UI improvements for dark mode, screen responsiveness, and keyboard navigation. * **Reliability**: Better handling of long agent names, check filters, and data alignment across pages. *** ### Component Versions - Ascent v2.11.0
ComponentsVersion
Flashv3.16.1
Coffeev3.17.5
ASM13.36.3
NG Private Agent1.0.9
Check Execution Container: Browserfpr-c-130n-10.2.1-716-r-2025.04.02-0-base-2.0.0
Check Execution Container: Zebratesterzt-7.5a-p0-r-2025.04.02-0-base-1.2.0
Check Execution Container: Runbinrunbin-2025.04.17-0-base-2.2.1
Check Execution Container: Postmanpostman-2025.04.17-0-base-1.4.1
Bnet (Chrome Version)10.2.1 (Chrome 130)
Zebratester7.0B
ALT6.13.3.240
IronDB1.5.0