Ascent 2.11.0

Platform-Wide Highlight: Casdoor Integration

This release introduces full integration with Casdoor, our new authentication and authorization system - a foundational upgrade to Apica’s identity and access management model.

Key Benefits:

  • Centralized Login & Session Management: Secure, unified authentication across all modules.

  • Fine-Grained Policy Enforcement: Access control enforced at the resource level for dashboards, alerts, plugins, and more.

  • Enhanced Security:

    • Secure, HTTP-only cookies

    • Configurable idle timeouts (default 20 mins)

    • Rate-limiting and account lockout after failed logins

    • Restriction on concurrent sessions

  • Future-Ready: Lays the groundwork for modern authentication methods including OAuth and biometric logins like Face ID and for advanced features such as user impersonation and compliance-driven access control.

  • Role and Policy Sync with Casdoor When you delete a role in Ascent, all related user-role and policy mappings are now also removed from Casdoor, keeping your identity platform and Ascent in sync.


Observe

New Features

  • Casdoor Authorization Integration.

  • YAML-based support added for creating:

    • Alerts

    • Queries

    • Data sources

    • Dashboards (via DataExplorer)

  • Oracle DB is now supported as a data source.

Policy Management

  • A brand-new Policy Management screen is now available under the IAM section in Settings.

  • Admins can create, assign, and manage policies directly from the UI.

  • Resources such as users, dashboards, alerts, data sources, and plugins can now be managed via policies.

  • A new resource table with search and a Select All option improves policy creation workflows.

  • The modal for selecting resources within policy management has been improved. It now includes a search bar, a better-organized list, multi-select, a preview option, and clear action buttons, making large resource lists much more manageable.

Security Enhancements

  • Casdoor sessions now use secure, HTTP-only cookies.

  • Idle session timeout is configurable; all cookies are cleared upon logout.

  • Accounts are locked after 3 failed login attempts.

  • Concurrent logins with the same credentials are blocked.

  • Sessions now terminate explicitly during logout.

  • TLS/SSL usage enforced across the board.

  • Session login ID is rotated after each login to prevent fixation attacks.

Expanded Role and Permission Enforcement

  • Policies and permissions are now enforced for key entities including:

    • Dashboards, queries, metrics, alerts, input plugins, and services.

  • Backend access control is fully enforced using Casdoor's policy engine.

API and Documentation Improvements

  • Flash API Swagger documentation is now complete and publicly accessible.

  • Enhanced Swagger docs for pipelines, dashboards, widgets, events, and more.

  • Tags and Resources APIs now support pagination and search.

User Experience

  • The UI now handles session expiration and logout scenarios gracefully.

  • The app can now follow your system’s dark/light mode automatically.


Changes and Improvements

Performance and Usability

  • Route-level authorization prevents access via direct URLs for unauthorized users.

  • UI animations optimized for faster load times.

  • Font download size reduced by 40%.

  • Minor improvements to batch enforcement logic on the user list page.

  • The batch enforcement function for Ascent resources now includes working pagination and user feedback, including loading indicators for longer operations.

  • When typing in the dashboard search bar before dashboard data loads, search text will be preserved and the search will still run when the data is ready.

API and Backend

  • Tag and resource syncing refactored for data integrity.

  • Migration scripts now clean up deprecated dashboards and migrate datasource groups to policies.

UI and Visualization

  • Dashboard and pipeline pages updated with better grouping and detail views.

  • Widgets now support:

    • Full-screen mode

    • Exponential value formatting

  • Visual fixes for cancel buttons, logo alignment in shared dashboards, and widget resizing.

  • It’s now possible to see whether dashboards and queries are published or not. This visibility was missing in previous versions.


Bug Fixes

  • Fixed issue where API key field was reset after editing user groups.

  • /users/me no longer crashes if permissions are missing; user is redirected cleanly.

  • Dashboard API now correctly honors Casdoor-based permissions.

  • Check group view shows accurate check counts for all levels.

  • Counter visualizations now support text color changes and unselection behavior.

  • Data Explorer no longer hangs when a saved query is deleted.

  • Visual fixes for dark mode, Y-axis labels, and widget resizing.

  • Logout message now shown properly; session timeouts handled smoothly.

  • Alerts page behaves predictably when data is missing; no more random column rendering.

  • Email formatting fixed in “Generate Password” emails.

  • Reduced redundant calls to /api/alerts.

  • Corrected role-to-group linkage.

  • Search fields in Queries now handle special characters like % correctly, so all queries return as expected when you use symbols.


Fleet

New Features

Policy Management for Fleet

  • Policies can now be applied to package applications and fleet-specific actions based on user roles.

  • A streamlined UI makes it easier to manage fleet permissions via Casdoor integration.

Agent Management

  • Agents can be filtered by hostname, version, type, or name.

  • Agent detail pages now cache responses with defined stale times for faster loading.

  • Added force refresh option to pull the latest agent data.

Configuration and Packages

  • Deployed agents auto-refresh every 30 seconds for real-time status.

Security and Access

  • Casbin now supports multiple roles per user, enabling more flexible access models.

  • Vault and certificate access now uses IDs instead of names.


Changes and Improvements

  • Admin check removed for get/set account repo endpoint.

  • Agent detail performance improved with caching and backend load reduction.

  • Agent-related tables now reload in real time.

  • Fleet entities are now registered in the resource table for consistent access control.

  • CI pipeline enhancements with mandatory test coverage.


Bug Fixes

  • Fixed CPU spikes when agents are stopped.

  • Fixed Kubernetes agent package import failures.

  • GUI now properly supports creating configs for Kubernetes.

  • Searching on the Fleet Agents page now waits until you finish typing (not on every keystroke), which means faster searches and less load on the server.

  • When a new config file is assigned to an agent, its deployment state is updated correctly and won’t remain stuck as “new.”


Ascent Synthetics

New Features

Scenario Management

  • GitLab integration added for repo profiles (joins GitHub, Azure, Bitbucket support).

  • Browser Scenario updates:

    • Drag & drop steps

    • Real-time progress updates

    • Cancel during test run

    • Bulk step deletion

    • Improved tooltips

UI/UX Enhancements

  • Auto-refresh added to all check views (Map, List, Grouped).

  • Upload buttons and labels better aligned.

  • Improved error handling for certificate creation.

  • Icons and padding polished across scenario views.

Policy & Permissions

  • Tag management and private location access now governed by policies.

  • SLA alignment and group filters improved on check visualizations.

  • Checks data source now supports multi-check results.


Changes and Improvements

  • Improved validation for certificate management.

  • Button labels and filter UI match latest design guidelines.

  • Refined scenario group management and conditional rendering.

  • Kafka client updated to use franz.

  • Check runner supports host exclusions for proxy cases.

  • Extended function support: encode, decode, text, mask, net, time.


Bug Fixes

  • Removed duplicate entries in casbin_user_rule and fixed group mismatch.

  • Fixed persistence issue with permission-role mappings on Flash restart.

  • Addressed check runner bugs with self-signed certs and resource URL normalization.

  • Zebratester checks now render all expected steps.

  • Various fixes for compound checks, location rendering, and UI spacing.

  • Sorting scenarios by name now works as intended in the Scenario Management area.


Flow

New Features

  • Forward rules now integrated into pipeline processing.

  • Enriched Swagger documentation for pipelines with examples.

  • New Visualize mode added to the pipeline management page.


Changes and Improvements

  • Build process updated with stricter test enforcement.

  • Server-side filtering and execution order support for pipelines.

  • Grouping enhancements for shared rules by namespace and app.


Bug Fixes

  • Fixed graph rendering issues in pipeline metrics.

  • Resolved certificate creation and encrypted secret issues in Vault.

  • The group dropdown selector in the Rules tab for Pipelines rules now appears correctly.

  • You can now search for alerts by name or keyword in the Alerts section of the Pipelines dashboard, and the results will update immediately.

  • The action buttons under Pipelines now include explanatory tooltips. Hovering over an icon will show what it does.


IronDB

New Features

  • Grafana plugin updates:

    • Cleaned up IRONdb datasource links

    • Updated signing and deployment instructions

    • (Planned) support for React-based plugin development


Changes and Improvements

  • Lowered broker startup memory footprint.

  • Upgraded Flatbuffers for security.

  • Enhanced Kafka config via librdkafka.


Bug Fixes

  • Fixed Coverity and ASAN build issues.

  • Resolved Prometheus ingestion problems during IRONdb reconstitute.

  • Fixed Graphite Web handling of empty arrays.

  • Addressed logging and dropped message scenarios in IRONdb Relay.

  • Fixed compilation with GCC 13 and Ubuntu 24.04.


ASM Legacy

New Features

  • New API endpoints added for check management in Ascent On-Prem.

  • Improved support for editing and viewing all check types.


Changes and Improvements

  • Updated default RTSE settings.

  • Improved integration profile and webhook handling.


Bug Fixes

  • Fixed visibility issues for Videnca reports on specific silos.

  • Fixed filtering and interval behavior for manual mobile app checks.

  • ASM API fixes for check config and host exclusions.

  • SSL handshake and script execution issues resolved.

  • Fixed deprecated URL references and UI bugs in JSONPath extractor.


General Improvements

  • Documentation: Swagger specs enhanced across the platform.

  • Performance: Backend syncing tasks are faster and more stable.

  • Accessibility: UI improvements for dark mode, screen responsiveness, and keyboard navigation.

  • Reliability: Better handling of long agent names, check filters, and data alignment across pages.


Component Versions - Ascent v2.11.0

Components
Version

Flash

v3.16.1

Coffee

v3.17.5

ASM

13.36.3

NG Private Agent

1.0.9

Check Execution Container: Browser

fpr-c-130n-10.2.1-716-r-2025.04.02-0-base-2.0.0

Check Execution Container: Zebratester

zt-7.5a-p0-r-2025.04.02-0-base-1.2.0

Check Execution Container: Runbin

runbin-2025.04.17-0-base-2.2.1

Check Execution Container: Postman

postman-2025.04.17-0-base-1.4.1

Bnet (Chrome Version)

10.2.1 (Chrome 130)

Zebratester

7.0B

ALT

6.13.3.240

IronDB

1.5.0

Last updated

Was this helpful?