V‑Spark 4.1

V‑Spark 4.1 is a major release that includes support for single sign-on (SSO) authentication, updated service dependencies, and numerous security enhancements. Many changes included with 4.1 build on architecture upgrades completed as part of the 4.0 release.

Important:

System administrators must run the vspark-admin script with the core-update parameter on any system that has been upgraded to V‑Spark 4.1 from an earlier version.

Refer to the core-update row in the V‑Spark 4.0 release notes for more information about this script.

Note: AWS recently rebranded their managed AWS Elasticsearch service to AWS OpenSearch, which is derived from an earlier version of Elasticsearch that is not supported by V‑Spark. As of version 4.1, V‑Spark does not support AWS OpenSearch for its Elasticsearch requirements.

Major Changes in the 4.1 Release

  1. V‑Spark now supports single sign-on (SSO) authentication using the OpenID Connect (OIDC) protocol. SSO allows V‑Spark user accounts to be managed and authenticated by a third-party identity provider (IDP). Note the following points about using SSO with V‑Spark:

    • SSO capability is configured at the system and company levels, and companies that share a system may use distinct SSO configurations.

    • Once the system and company have been configured, user accounts that use SSO authentication can be created or requested. After an administrator verifies the account and assigns the user's permissions, the user may log in with the newly-created SSO account.

    • User accounts with username-password authentication cannot be converted to SSO accounts; accounts must be created with SSO enabled in order to use it.

    • Some account functionality is different when the account is authenticated with SSO: an SSO user account's email and profile company can't be changed once specified during creation, and change and forgot password functionality is disabled.

    Refer to the Using Single Sign-On (SSO) with V‑Spark section of the Management Guide for more comprehensive information about configuring and using SSO with V‑Spark.

  2. V‑Spark now supports Elasticsearch version 7.13. No breaking changes related to this upgrade were identified. V‑Spark supports a range of Elasticsearch versions, from version 7.6 up to and including version 7.13. This range of supported versions is now more strictly constrained than in previous versions of V‑Spark.

    System administrators should note that previous versions of V‑Spark may be able to run some unsupported versions of Elasticsearch, including versions older than 7.6. Additionally, systems that do not rely on the vspark-all package may use versions of Elasticsearch greater than 7.13, but these versions have not been tested for use with V‑Spark.

  3. Added a configurable limit to the number of consecutive failed login attempts for user accounts. Exceeding this attempt limit will disable the user account, and it cannot be used until reactivated by a system administrator. By default, the maximum number of attempts is 6. This limit may be changed using the new system configuration option max_passwd_failed_attempts . Specifying a value of -1 will disable this feature.

    Events to indicate failed login attempts and accounts locked for exceeding the limit are logged in server.log and shown in the Activity Log as INFO and WARNING messages that include the IP address, username, and timestamp.

  4. Added log reporting for session cookie security mismatch errors. An ERROR entry is now added to server.log whenever the V‑Spark session was not served over a secure connection even though the secure_cookie system configuration setting was enabled.

  5. Addressed cross-site scripting vulnerabilities.

Fixes in V‑Spark 4.1

The following issues have been resolved in the V‑Spark 4.1 release:

V‑Spark 4.1.0 Fixes

  1. Added recovery logic for deletion and report worker processes following a temporary database failure. When deletion or report workers temporarily lose contact with the database, their respective processes will now resume once the database connection is reestablished.

  2. Addressed errors associated with custom database name configuration. Previously, specifying a value other than vspark for the database name in the system configuration settings would cause some processing flows to fail.

  3. Addressed an issue with configuring multiple ASR servers for a folder. Previously, specifying multiple ASR servers in a semicolon-delineated list would cause an error when specifying the folder's language models and application templates.

  4. Modified the descriptor for WARN -level system events. These events now appear with the label WARNING in the Activity Log. Previously, some WARN events would not be properly filtered in the UI.

  5. Addressed an issue that prevented the add icon Add button from displaying when creating a company in a new system. Previously, the button would not display on the Organizations and Users sections of the Accounts Settings page until the user manually refreshed the page.

  6. Addressed an issue with application shutdown functionality that caused cleanup not to finish in some circumstances. Previously, rate limiting keys were not removed from Redis until they expired. All rate limiting Redis keys are now removed when V‑Spark shuts down.

Known Issues in V‑Spark 4.1

  1. Application changes may not display in real time when made by another user from a different host. Although application editing works, users editing an application simultaneously from different hosts must refresh the Application Editor to see changes made by another user. This issue does not typically occur when both users are being served by the same host.

Maintenance Updates Since the Initial 4.1 Release

V‑Spark 4.1.0-2 Updates

  1. Addressed an issue that caused application reprocessing jobs to fail and to appear stuck in Waiting... status.