Skip to main content

25.3 Release Notes

Published on 2026-02-02

New features

  • AVA-1527 - New setting to hide password login when only external users (SAML) are allowed
  • AVA-1449 - Support for Java 21 for Avantra Agent [Beta]
  • AVA-1424 - Support custom user/password for agent database
  • AVA-1409 - SAP Cloud ALM: New check ALM_Connect
  • AVA-1371 - New check HDB_LicenseCompliance to monitor compliance with HANA runtime restrictions
  • AVA-1370 - New setting to configure account lockout auto-unlock behavior
  • AVA-1354 - System selector support to search for systems mapped in CALM
  • AVA-1295 - Portal navigation for checks in managed system details
  • AVA-1276 - [Automation] Ansible Workflow: Support existing ansible.cfg files when running playbooks
  • AVA-1269 - Extend USER_AUTHORIZATION check with filters for user type and user lock status
  • AVA-1261 - [Transport] Add S_RFC for MSS_GET_SY_DATE_TIME to /AVANTRA/MONITORING role
  • AVA-1227 - SAP CALM auto matching: Automatically creating the mapped relations
  • AVA-1217 - New custom check for CALM health metrics monitoring (SAP_CLOUD_ALM_HEALTH_METRICS)
  • AVA-1185 - Support OAuthClient authorisations in web.request()
  • AVA-1091 - Ad hoc check selectors in dashlets
  • AVA-997 - Ad-hoc system selector in dashlets
  • AVA-914 - Invalidate all user sessions on password change
  • AVA-885 - [Automation] New API sleep function for server-side automation steps
  • AVA-839 - Support SAPRouter for connectivity to agentless SAP Systems
  • AVA-838 - Opt-out for non-RFC connections to agentless SAP Systems
  • AVA-775 - Simplify AIR configuration options against a customer
  • AVA-718 - Improve configuration for Ansible repository import
  • AVA-510 - [Add-in] sap-basis-profileparams: Support changing parameters in multiple systems/profiles
  • AVA-380 - New welcome page for next-generation interface
  • AVA-309 - New daily check: Number of PULL API Calls on SAP Cloud ALM
  • AVA-308 - New daily check: Outgoing data volume on SAP Cloud ALM
  • AVA-264 - Workflow failure notifications improvement
  • AVA-263 - New daily check: HANA memory size on SAP Cloud ALM
  • AVA-18 - SAP Cloud ALM Support
  • AVA-14 - Next-generation UI support for ad hoc selectors

Improvements

  • AVA-1448 - Update com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer to mitigate CVE-2025-66021
  • AVA-1438 - Update com.microsoft.sqlserver:mssql-jdbc to mitigate CVE-2025-59250
  • AVA-1425 - Do not include password in default email text sent to new users
  • AVA-1423 - Obfuscate encrypted credentials in agent6.cfg.json
  • AVA-1422 - Obfuscate P12 certificates in log files
  • AVA-1421 - Use UI certificate for 9058 master diagnostic page
  • AVA-1368 - Disable built in RTM user
  • AVA-1045 - Remove Java class information from GraphQL error messages
  • AVA-989 - Update logback to mitigate CVE-2025-11226
  • AVA-988 - Update bouncycastle to mitigate CVE-2025-8916
  • AVA-955 - Update netty to mitigate multiple CVEs
  • AVA-909 - Set Avantra UI default SSL protocol to TLSv1.3 with default enabled ciphers
  • AVA-894 - Improve workflow engine default settings
  • AVA-877 - Update all button labels in loading state

Bug fixes

  • AVA-1584 - [NGUI] Monitoring off doesn't return the correct results
  • AVA-1583 - [NGUI] Changing monitoring off from "yes" to "no" on an existing selector returns no results
  • AVA-1509 - RUN_PROG: "Cannot download program" issue with new checks
  • AVA-1479 - BG_RFC_ERROR / BG_RFC_LOCK – Incorrect Handling of Message 095 (bgrfc not in use)
  • AVA-1469 - Remote SAP System point cost not correctly calculated
  • AVA-1444 - Logout of classic UI should login again to classic UI
  • AVA-1437 - Changing SLA using right click menu doesn't log to logbook
  • AVA-1427 - [BTP] Self entitlement log not correct and has duplicated entries
  • AVA-1426 - [BTP] Assign missing entitlements directory managed entitlement
  • AVA-1396 - Applying user changes resets API key
  • AVA-1377 - NGUI breaks when user has SYSTEM_VIEW but not CUSTOMER_VIEW permission
  • AVA-1365 - System tree view incorrectly renders check status buttons
  • AVA-1364 - SAP HotNews - Not relevant status is set not correctly
  • AVA-1353 - GCP Project ID is not taken from system for start/stop/status integration
  • AVA-1318 - NETWORK_IO: NaN error shown in agent log
  • AVA-1301 - Error in SLT with DMIS 2018 - CL_IUUC_SQL_METADETA CREATE method is PRIVATE
  • AVA-1290 - ORA_Sessions: Unable to ignore no wait classes by clearing parameter ORASessionsIgnoreWaitClass
  • AVA-1288 - Start/Stop of databases requires edit system permission
  • AVA-1280 - Attachments are deleted even if they are in use (e.g. dashboard images)
  • AVA-1259 - BTPGlobalAccountCredits: Exception occurs in some situations
  • AVA-1184 - RUN_JS custom check on BTP subaccount is executed twice, once on globalaccount and once on subaccount
  • AVA-1157 - [Add-in] Support parameters longer than 18 characters in sap-users add-in
  • AVA-1044 - [Add-in] WebDispatcher Update | Version check logic
  • AVA-1031 - [Automation] IllegalStateException when executing workflow steps in in some scenarios
  • AVA-1029 - GraphQl API - Multiple filter conditions don't work
  • AVA-303 - A connection to https://<hostname>:50001/ was leaked is reported in agent log files for SAP MII detection