Release Notes

1.8.7

This release features faster installers and a lower installation footprint.

Features:

RAD-1757: Packaging: add --service-only CLI option to Linux installer

Documentation:

RAD-1645: Docs: minor fixes post-1.8.5
RAD-1651: Docs: cannot import oauth_connect_only from radkit_client.sync
RAD-1754: Docs: updated Ansible Collection doc for Ansible Galaxy release

Fixes:

RAD-166: Control: it is possible to enroll the Service when Cloud is disabled
RAD-232: Client: HTTPUploadParameters disregards the verb parameter
RAD-1669: Service: some settings saved to TOML but not applied until reload
RAD-1670: Service/UI: missing details about Service certificate
RAD-1674: Client: HTTP proxy incompatible with some Catalyst Center RSA versions
RAD-1693: Service/GUI: traceback instead of GUI message on GUI start
RAD-1707: Genie: parses all entries in a result instead of filtered results
RAD-1712: Console: remove 1.7.x intro text
RAD-1714: Console: fails to recover from AuthenticationFailedError when discovering a Service
RAD-1767: Console: previous SR context still in use after switching to a new Service ID
RAD-1772: Service: CUCM extract postprocessor does not handle binary files properly
RAD-1775: Service/GUI: [Errno 13] Permission denied when starting GUI on Windows

1.8.5

Starting with this release, RADKit is now available on PyPI.org (see pip installation for details).

Features:

RAD-1619: Service/UI: shorten Device Type display names and show full names on hover

Fixes:

RAD-1594: Service/UI: cannot control http2_enabled setting in WebUI
RAD-1630, RAD-1634: Packaging: missing stubs in radkit_common
RAD-1635: Service: remove dependency on id.cisco.com
RAD-1642: Packaging: incorrect platform tag for musllinux_1_1_aarch64 wheels

1.8.3

Features:

RAD-1435: Client/UI: add device description to proxy inventory page
RAD-1534: Client: dynamically create and manage an integrated Service
RAD-1556: Service: stop RADKit Windows Service automatically when upgrading

Documentation:

RAD-1595: Docs: most entries in the Compatibility support matrix are cropped
RAD-1610: Docs: verification scripts are missing from the Code Signing page

Fixes:

RAD-1465: Console: remove deprecated commands with underscore from CLI completion
RAD-1508: Service/UI: minimum generated password length constraint is not shown
RAD-1518: Service/UI: External Sources are not visible in Remote User modals
RAD-1527: Service/UI: make YAML textarea auto-fill vertical screen space
RAD-1567: Service/UI: bulk activate/deactivate breaks after first use
RAD-1573: Service/GUI: not working when started as Windows Service
RAD-1575: Service/UI: checkbox misbehaving after select & import from Catalyst Center
RAD-1576: Packaging: Windows installer fails to close if user aborts installation
RAD-1585: Service/GUI: fails to start with “Settings have already been loaded”
RAD-1587: Service/UI: Apply is broken in Settings
RAD-1592: Client: wheel is missing asyncssh dependency
RAD-1598: Client: fix TLS connection error in CatalystCenter helper class

1.8.1

Features:

RAD-310: Client: SSH proxy multiplexer
RAD-315: Service/Client: enforce password exclusion list
RAD-381: Service: backup restore functionality
RAD-1267: Client: exec now creates one independent RPC call per device
RAD-1366: Service/UI: device search query language
RAD-1424: Service: allow explicit usernames in device template YAML
RAD-1455: Client: allow adding custom endpoints to the Client proxy webserver
RAD-1471: Client: .map() function added to ExecResponse
RAD-1474: Service: dbshell now allows to specify a script file
RAD-1475: Client: encrypt and decrypt now also work as functions
RAD-1477: General: preliminary support for Python 3.13 (no official support yet)
RAD-1478: Service: new setting to disable HTTP2 when connecting to the device
RAD-1497: Client: success and show_progress added to ExecResponse
RAD-1504: Service: passwordless HTTP support for NSO RestConf API

Fixes:

RAD-673: Service: log messages cleanup
RAD-1338: Client: add CSPC credentials warning in HTTP proxy
RAD-1385: Service/UI: UI reloads on network errors
RAD-1390: Service/UI: long names cause notification text overflow
RAD-1410: Service: does not recover after loss of Cloud connectivity
RAD-1422: Service: missing parts of proxied inventory page on Catalyst Center 2.3.7.6
RAD-1425: Service/UI: Select All doesn’t produce a confirmation toast in External Sources
RAD-1433: Service/UI: on Safari, SSO enrollment fails to redirect to RADKit Cloud Access
RAD-1434: Service: cannot import devices from vManage
RAD-1456: Service/UI: show helpful message on TLS verify error when importing inventory
RAD-1457: Service/UI: Safari doesn’t let navigate off the WebUI
RAD-1458: Service/GUI: GUI app broken on Windows
RAD-1485: Service/UI: wrong time slice calculation when creating remote user
RAD-1487: Service/UI: alignment issues on high DPI resolution
RAD-1490: Service/UI: remove Service width limit
RAD-1510: Service/UI: “clear form” button in remote users tab produces validation error
RAD-1511: Service: ModuleNotFoundError: No module named 'python_multipart'
RAD-1514: Service: crash while retrieving OpenID configuration
RAD-1515: Service: enrollment procedure stops due to “token not yet valid”
RAD-1536: Service: “import might be incomplete” when importing devices from CSPC
RAD-1544: Service: database truncation results in data loss and database corruption

1.8.0

Release summary:

Device support: CUCM (import), FMC (import), CPS, CML, Splunk, WSA/ESA/SMA (passwordless)
CSV import and export via Service WebUI
Crosswork and NSO support in Console
ControlAPI integration with Client Python API
External source (TACACS+) authentication for remote users
Support for Hashicorp Vault as external source
Granular Terminal restrictions

Notable or breaking changes:

Python 3.8 is no longer supported (EOL)
Data files written by RADKit 1.4.x or earlier can no longer be migrated directly
Genie 24.x and lower are no longer supported due to 3rd party dependency constraints

Features:

RAD-79: Service: connector for Cisco Unified Call Manager (CUCM)
RAD-414: Service: external sources config templates
RAD-415: Service: external sources plugins
RAD-430: Service: support for Hashicorp Vault as external source
RAD-508: Service: connector for Firewall Management Center (FMC)
RAD-527: Service/UI: improved UX for password policy change
RAD-596: Service: include other Catalyst Center nodes when importing
RAD-605: Control: --create-missing-labels when creating/updating devices/users
RAD-611, RAD-614: Service/UI: CSV upload and export
RAD-680: Genie: leverage RADKit device type for parsing/learning
RAD-690: Service: support for Cisco Policy Suite (CPS)
RAD-705: Service: HTTP passwordless support for Secure Web Appliance, Secure Email Appliance and Secure Email and Web Manager
RAD-754: Client: new client.support_package() command
RAD-792: Service: support external source authentication for remote users
RAD-860: Client/Console: ability to close and re-authenticate direct connections
RAD-863: Console: new platform crosswork and platform nso subcommands
RAD-911: Service: improved SSO enrollment workflow
RAD-912: Service: setting to output RADKit logs in JSON format
RAD-957: Console: support passing E2EE session verification token
RAD-972: Client/Control: ability to create ControlAPI from a Device object of type RADKIT_SERVICE
RAD-994: Service: support for Cisco Modeling Labs (CML)
RAD-1021: Service: granular Terminal restrictions (exec, interactive, upload, download)
RAD-1054: Client/Proxy: new “Refresh” button to reload the inventory
RAD-1069: Control: expose connector-specific config options
RAD-1082: Client/Proxy: add a Search box to the index.proxy page
RAD-1123: Console: allow to authenticate with Service using access token
RAD-1148: Service: add a CSV Template download button
RAD-1153: Service: HTTP passwordless support for CSPC
RAD-1157: Service/UI: add device templates to cart screen
RAD-1179: Client/Service: add setting to change session logs directory
RAD-1197: Service: support for Splunk HTTP API and WebUI
RAD-1344: Client: new helper functions and pipes (encryption, Base64, bytestring, …)
RAD-1359: Service: API for duplicating devices

Documentation:

RAD-776: Genie: document how to add local parsers to radkit-genie installation
RAD-777: Control: reference to device-object does not resolve in API docs
RAD-999: Docs: fix radkit_genie.learn example in documentation
RAD-1193: Client/Service: improved rendering of Pydantic models in HTML docs
RAD-1247: Docs: document telemetry setting
RAD-1280: Docs: document using Control ServiceAPI from within RADKit Client
RAD-1281: Docs: device template documentation
RAD-1284: Docs: general improvements
RAD-1284: Docs: general improvements
RAD-1294: Docs: RADKit Swagger API queries
RAD-1394: Docs: improve security documentation with connectivity details

Fixes:

RAD-256: Service/UI: robustness improvement when time differs between Service and browser
RAD-303: Client: some user-facing classes missing from radkit_client
RAD-780: Packaging: Linux installer fails to resolve user permissions on vManage
RAD-1162: Service/UI: cart metadata validation is overwritten by checkboxes
RAD-1176: Service: “permission denied” error in browser after Service restart
RAD-1184: Service: add a template activator checkbox to reset a value
RAD-1269: Control/Service: admin naming scheme not properly enforced
RAD-1270: Client: restore error logging in access client and admin client
RAD-1272: Control/Service: trying to update non-existent user causes HTTP 500
RAD-1273: Control: not possible to enable/disable existing admin user
RAD-1274: Control/Service: add detailed error when trying to update non-existent admin
RAD-1276: Control: service certificate path is not taken into account
RAD-1283: General: release pin on httpx
RAD-1288: Service/UI: improvements to CSV screen
RAD-1289: Control: NameError: name 'StoredAdmin' is not defined
RAD-1292: Service: endless certificate renewal loop in certain conditions
RAD-1296: Service: won’t start on Windows due to WinError 123
RAD-1305: Service: Go Up arrow component missing from External Sources and Device Templates
RAD-1307: Service/UI: error in Javascript Console when running as integrated
RAD-1308: Client: --domain not honored by network-console subcommand
RAD-1311: Service: crashes when supplying unexpected settings level value
RAD-1315: Service/UI: ghost scrollbar when zooming on Safari
RAD-1318: Service/UI: Create Remote Users value resetting works partially
RAD-1319: Service/UI: E2EE Validation Token constraints should be enforced in the UI
RAD-1328: Service/UI: wrong total number of devices to import from CCC
RAD-1342: Service/UI: settings page not loading
RAD-1343: Client: Client-based control API improvements
RAD-1345: Service: CSPC HTTP authentication fails if username/password are the same
RAD-1348: Common: remove DEV domain definition (no longer in use)
RAD-1356: Service: return better exception for some HTTP/TLS errors
RAD-1365: Service/UI: notifications alignment broken in dropdown
RAD-1369: Genie: _exclude entry moved from .data to .exclude
RAD-1404: Service: inventory import might fail when handling duplicate device names

1.7.6

Compatibility:

Python 3.8 has reached end of life and is no longer supported as of RADKit 1.7.6.

Fixes:

RAD-763: Client: adjust to renamed pysnmp and latest genie
RAD-1088: General: pin httpx<0.28.0 to work around errors due to removed API
RAD-1098: Client: fix AttributeError: module 'h2' has no attribute 'connection'
RAD-1124: General: relax pin on pydantic-settings

1.7.5

Docs:

RAD-776: Genie: document how to add local parsers to radkit-genie installation

Fixes:

RAD-1019: Client/Service: bug in H2 RPC back-pressure breaks some file transfers
RAD-1022: Service/UI: jumphost cannot be unset or applied in bulk

1.7.4

Fixes:

RAD-935: Service/UI: unable to activate user in TIME SLICE mode in update modal
RAD-937: Service/GUI: showing status “stopped” while running as a Windows service
RAD-966: Service: database migration error when upgrading from 1.5.x to 1.7.x

1.7.3

Fixes:

RAD-924: Service: cannot import name 'AF_UNIX' from 'socket' on Windows

1.7.2

Warning

RADKit Service 1.7.1 and 1.7.2 fail to start on Windows due to RAD-924. Please upgrade to 1.7.3 to get the fix.

Fixes:

RAD-910: Service: remote user needs Cloud enabled for Direct+SSO to work

1.7.1

Notable or breaking changes:

Improvements to the Linux installer:
- No longer defaults to an installation type; either pass --systemd or --no-systemd or be asked interactively.
- The --accept-eula and --default-install options have been merged into a single --accept-all option (requires to pass either --systemd or --no-systemd).
- A warning is now printed about pre-1.7.x systemd installations, and a procedure to migrate the data files has been added to the documentation.

Features:

RAD-34 + RAD-643: Service: mark devices as jumphost explicitly
RAD-487: Service: new radkit-service import-db command
RAD-508: Service: connector for FMC inventory import
RAD-513: Client: smart selection of OAuth provider for RADKit Cloud
RAD-680: Genie: leverage RADKit device type for parsing/learning
RAD-756: Console: only suggest to re-attach to connections in progress
RAD-774: Service: restrict connection mode per user
RAD-857: Client/Service: accept new domain definitions through environment variable RADKIT_DOMAIN_DEFINITION
RAD-849: Service: support new login sequence on Catc313

Documentation:

RAD-779: Doc: various improvements to the Linux and Compatibility sections
RAD-847: Doc: RADKIT_CONTROL_URL should be RADKIT_CONTROL_SERVICE_URL instead
RAD-875: Doc: outdated image to illustrate RADKit Client in Jupyter notebook

Fixes:

RAD-172: Service/Client UI: update front-end dependencies
RAD-240: Control: new admin account creation and password lifecycle
RAD-389: Service: fix Internal Server Error if bulk update fails jumphost validation
RAD-435: Client: multi-device/multi-OID SNMP need to conform to the other APIs
RAD-566: Client/Service: terminate idle H2 multiplexing connections
RAD-667: Service: CUCM passwordless UI auto-login stopped working
RAD-689: Service: cosmetic issues while importing
RAD-728: Service: allow underscore in “host” device field
RAD-732: Service: more improvements to PID file logic
RAD-736: Service: additional protection against logging passwords as part of stream data
RAD-743: Service: SNMP community string should be a password-type field
RAD-749: Service: device hosts can be a plain IPv6 address
RAD-760: Client: fixed regex for platform ftd
RAD-769: Service: fix IOS-XE jumphost SSH command
RAD-770: Service: protocol and device name are swapped in session logs
RAD-781: Service: several issues related to lockfiles/certificate handling
RAD-791: Console: support service_direct for on-prem usage
RAD-821: Client: rename OAuthEnabledTools.CCC to OAuthEnabledTools.SWIMS
RAD-831: Console: closes if there is an error while connecting to CCC
RAD-838: Console: CCC does not work on domains other than PROD
RAD-842: Client: HTTP overlay headers are not taken into account for proxy
RAD-844: Service: if a Forwarder is down, Service should try other Forwarders
RAD-856: Service: fix External Sources table sorting bugs
RAD-865: Service: log database migrations and fix dbshell instructions
RAD-876: Service: fix docstring for DatabaseDevicesBackend.start_interaction
RAD-880: Client: missing API export for certificate_login
RAD-881: Service: aiohttp not found when enrolling through a proxy

1.7.0

Release summary:

The documentation has been reorganized (more work is needed, feedback is welcome)
New Python 3.11 environment for all installers (Windows, macOS and Linux)
New Windows installer with multiple improvements including:
- detection and warning about running processes;
- addition of RADKit CLI tools to the system PATH;
- automated installation of RADKit as a Windows Service;
- please make sure you read the documentation.
Improved Linux installer:
- supports system-wide installation + RADKit Service set up as a systemd service;
- please make sure you read the documentation.
New device types with HTTP and passwordless login support:
- UCS CIMC
- Nexus Dashboard
- Intersight Appliance
- Hyperflex
- NCS-2000
- Routed PON
Cisco DNA Center renamed to Catalyst Center to follow current branding
New device import capabilities:
- vManage
- Wireless LAN Controller (Cat9800)
- import device credentials directly from Catalyst Center
Vault integration for storing device credentials (experimental):
- CyberArk AIM
- CyberArk Conjur
Metadata (external attributes) editor in Add/Edit Device properties screen
TACACS+ authentication support for Service admin users (experimental)
Performance improvements for Client autocomplete, Terminal/exec and SNMP
Hybrid direct/cloud model (direct connect with SSO-based authentication)
Basic scripting in Network Console
Improved OCSP logic for certificate revocation checks
Netconf support marked as experimental until it is properly reworked

Notable or breaking changes:

The RADKit Service GUI (the native Tk frontend with start/configure/log buttons) and Medic GUI are no longer supported on Linux.
- This is due to a library compatibility problem. We are working on fixing this, but it will likely remain unsupported for some time.
Symlinks on Linux are now created under a directory dedicated to RADKit. The user is responsible for adding them to the PATH.
Improved and customizable OCSP certificate revocation check logic in RADKit Client and Service:
- OCSP is now disabled on Python 3.9 (it can’t be done reliably on those versions due to missing peer certification information in the SSL APIs).
- New setting cloud_client.ocsp.methods to adjust the OCSP policy. Defaults to [STAPLER, PASS] = delegate OCSP queries to RADKit Cloud and fail-open on error.
Bootstrap-related changes:
- The radkit-service run CLI command no longer automatically bootstraps the Service on first run if the superadmin password is provided through the environment.
- The radkit-service bootstrap command is now discouraged in favor of using RADKit Control.
- Another option is to first run radkit-service run and then bootstrap interactively using the WebUI.
In RADKit Client Device.attributes.external has been renamed to Device.attributes.metadata.
Several breaking changes were necessary during the RADKit Client rework:
- Identity now represents only a Cloud identity; it is not used in direct RPC. Given that this is a NewType, it is not breaking at runtime, only in typechecks.
- Service now has both a name and a service_id attribute. The name refers to the name within the inventory dict, while service_id refers to the identity if this is a Cloud connected Service. Direct and in-memory connected Services don’t have a service_id.
- Instantiation of a Client object should now be done through with Client.create() as client: for stand-alone scripts. The old approach remains functional for backwards compatibility.
- service_direct() now requires a wait() when used in scripts.
- The import hook for the BDB integration now needs to be installed explicitly using client.integrations.bdb.install_importhook().
- The ClientConnectionMethod enum no longer exists.

Features:

#3547: Packaging: new installers using Python 3.11 + revamped Windows installer
#3901: Client/Service: improved/customizable logic for OCSP revocation checks
#3915: Service: Service GUI should detect and manage the RADKit Windows Service
#3974: Service: UCS CIMC: new device type, HTTP support, passwordless login
#3975: Service: Nexus Dashboard: new device type, HTTP support, passwordless login
#3976: Service: Intersight Appliance: new device type, HTTP support, passwordless login
#3977: Service: Hyperflex: new device type, HTTP support, passwordless login
#4020: Service/UI: add sorting to External Sources table
RAD-44: Control: support Base64 encoding of the admin password
RAD-59: Service: Swagger support for NDB appliances
RAD-136: Service/GUI: more accurate PID file checks
RAD-246: Client/Service: session logs should embed all metadata in the log file
RAD-247: Client/Service: direct-connect with SSO-based credentials
RAD-257: Client/Service: SNMP streaming
RAD-272: Service: import inventory from Wireless LAN Controller
RAD-273: Service/UI: complex selector for OCSP settings
RAD-274: Service: NCS-2000: new device type, HTTP support, passwordless login
RAD-277: Service: import inventory from vManage
RAD-279: General: rename Cisco DNA Center to Catalyst Center
RAD-286: Client: add HTTP timeout parameter for BDB run_script command
RAD-307: Console: change terminal title to reflect the current interactive session
RAD-319: Client/Service: allow HTTP DELETE operation with a payload
RAD-325: Service: TACACS+ authentication for admin users
RAD-336: Service/UI: allow visualization and edition of individual device metadata
RAD-337: Service/UI: bulk add/modify/delete device metadata through cart
RAD-341: Service: support for CyberArk AIM
RAD-344: Service/API: accept metaDataUpdate instead of metaData parameter in UpdateDevice
RAD-347: Service: support for CyberArk Conjur
RAD-348: Service/API: new API to retrieve the union of all metadata keys
RAD-365: Service: Catalyst Center import improvements
RAD-378: Console: support for initialization script and ability to pass a script on the CLI
RAD-383: Service: add more settings to WebUI and update outdated SNMP settings docs
RAD-394: Console: support service_direct_with_sso connection type
RAD-399: Service: encrypt sensitive fields such as proxy password in the settings file
RAD-410: Service: add a radkit-service import-secrets command, symmetrical to export-secrets
RAD-427: Service: FDM: new device type, HTTP/API support, passwordless login
RAD-431: Console: implement log rotation
RAD-433: Client: add wait() method to EraseAuthenticationTokensResult and HttpResponse
RAD-447: Console: add a python-repl command to go from Network Console into a full Client REPL
RAD-460: Packaging: Linux installer support for adding as a systemd service
RAD-471: Service/UI: add a “copy device name” button in the Devices table
RAD-472: Service: Routed PON: new device type, HTTP/REST support, passwordless login
RAD-475: Service/UI: Catalyst Center import simplification
RAD-515: Service: static password external source
RAD-527: Service/UI: password policy change UI improvements
RAD-594: Packaging: post-installation instructions after system-level Linux installation
RAD-626: Client: multiple cloud connections for client/domain combination with different authenticators
RAD-659: Client: API to overlay headers on every request going through the HTTP/SOCKS proxy
RAD-701: Client: add is_ready attribute to CloudConnection for troubleshooting
RAD-730: Service/UI: rename Cart to Bulk Editor

Documentation:

RAD-113: Doc: add section about browser compatibility
RAD-264: Doc: Linux system-level installation documentation (also applies to CSPC)
RAD-324: Doc: various documentation fixes
RAD-356: Doc: HTTP feature guide should no longer mention allow_redirects
RAD-423: Doc: start_capture takes one argument in the documentation
RAD-555: Doc: Swagger documentation improvement + examples
RAD-598: Doc: complete documentation rework for 1.7.0
RAD-616: Doc: document system and hardware requirements
RAD-638: Doc: dead link references to new doc layout
RAD-742: Doc: list of device types and supported protocols in Compatibility section
RAD-755: Doc: TACACS+ external source for admin authentication

Fixes:

#3570: Service: improved exec prompt detection performance
#4026: Service/UI: improved accessibility in External Sources and Settings
RAD-94: Service: script-friendly password prompt for “export to JSON” actions
RAD-95: Service/UI: dark mode jumps between normal and dark on refresh
RAD-128: Service/GUI: display Service logs and traceback before exiting
RAD-204: Service/Control: reorder some fields in the CSV template
RAD-255: Service: spurious traceback when device does not respond over HTTP proxy
RAD-263: Service: fix CSPC import error
RAD-267: Service: handle error during bulk import on CSPC when the password needs to be changed
RAD-271: Service: passwordless UI fails on Cisco DNA Center ESXi VA
RAD-276: Client/Service: SNMP bulk walk query time is too long
RAD-287: Service: multiple issues with CSV import
RAD-297: Client: accept reset_after parameter in DeviceDict.exec()
RAD-305: Console: service ... no- does not complete correctly
RAD-318: Client: fix slow completion on large (6000+) inventories
RAD-320: Service: do not strip whitespace from prompt detection output
RAD-322: Service: fix FMC websocket handling
RAD-323: Client: BDB client fails with unclear error when not on the Cisco network
RAD-333: Service: line wrapping issue in prompt detection
RAD-335: Service: “registry entries missing” during Windows service password update
RAD-339: Service: FMC 7.6.0 HTTP proxy failure: logs in then logs out
RAD-352: Service: update_attributes() fails with wrong UUID
RAD-355: Service/API: all the device metadata disappears when using bulk edit
RAD-357: Service: APIC passwordless does not refresh token
RAD-364: Service/UI: time reset for users behavior change
RAD-366: Service: fix APIC import when deselecting all the controllers
RAD-367: Service: fix allowed endpoints for CUCM HTTP proxy
RAD-368: Service/Control: fix traceback after an update on a UUID that does not exist
RAD-369: Service/UI: fix error on label update
RAD-380: Service/UI: fix console error on first change of device type
RAD-389: Service: Internal Server Error if bulk update fails jumphost validation
RAD-390: Service: describe OS error reason for Telnet and SSH PTY
RAD-397: Client/Service: HTTP is broken for CVOS
RAD-398: Client/Service: HTTP requests do not take timeout into account
RAD-400: Service: fix validation of auto-generated password field
RAD-405: Service: RuntimeError while browsing passwordless HTTP
RAD-421: Service: does not error out immediately on invalid / weak webserver certificate
RAD-422: Service: webserver only presents leaf certificate in TLS handshake
RAD-425: Service: remove auto-bootstrap from radkit-service run
RAD-426: Service: settings validation shows wrong error on save
RAD-428: Service: add new endpoints to CVOS whitelist
RAD-434: Service: WLC should use IOS-XE HTTP request updater implementation
RAD-441: Console: Network Console does not have its own session log directory
RAD-445: Service: HTTP UCS Manager updater should refresh token if expired
RAD-452: Service: rename the device type “Nexus” to “Nexus Dashboard”
RAD-453: Service/UI: protocols remain disabled after YAML is switched off in Settings
RAD-457: Service/UI: spurious error when credentials import is deselected
RAD-459: Service/GUI: make Service GUI unsupported on Linux
RAD-461: Service/UI: front-end performance improvements
RAD-463: Service: Cisco DNA Center HTTP API data fetch errors
RAD-464: Client/Service: E2EE session validation is broken
RAD-468: Service: ^C during superadmin password input causes PromptInterruptedError
RAD-469: Service: improve bulk update performance
RAD-474: Service: ACI APIC device import is ineffective
RAD-477: Client: device sub-dictionaries are slow
RAD-478: Service: internal information should not be in device metadata shared to Client
RAD-479: Service: rename Device.attributes.external to Device.attributes.metadata
RAD-481: Service: update password complexity defaults
RAD-485: Service: implement database safety constraints
RAD-490: Service: traceback if superadmin password from environment is incorrect
RAD-502: Service: fix the structure of the IP component in Settings
RAD-512: Client: force Duo for Cisco users when cisco provider is selected
RAD-514: Service/API: audit logging in background task in the update_devices endpoint
RAD-525: Service: exception and missing error code when vManage import fails
RAD-528: Client: client instance should be able to connect to a single domain using multiple identities
RAD-529: Service: get-basic-inventory fails with a traceback if external sources cannot be reached
RAD-532: Service: filter metadata when importing from controllers
RAD-533: Service: OSError on Windows when creating session log for direct connection over IPv6
RAD-534: Service/GUI: Service does not start after bootstrap
RAD-535: Service: import from controller does not display feedback when controller is unreachable
RAD-540: Console: banner indicating the change of CLI from underscore to dash
RAD-570: Console: crashes when Service ID is not fully lowercase
RAD-573: Service/GUI: error while synchronizing Service HTTPS
RAD-583: Console: crashes when trying to get Service ID from CSOne without being logged in
RAD-587: Service: various glitches while importing
RAD-628: Client: readuntil_regex does not unread bytes after the matching string
RAD-631: Service/UI: cart sorting broken
RAD-636: Control: should allow reading admin password from file
RAD-639: Console: SR number is still assigned after logout
RAD-648: Client: readuntil_regex raises asyncio.exceptions.IncompleteReadError
RAD-651: Client: reauthenticate() throws warning about being deprecated
RAD-671: Console: Fix CloudConnectionError when not logged in
RAD-678: Common: when cloud_connection is closed then re-opened, the Services become unreachable
RAD-679: Common: Client default domain should only change on set_default_domain()
RAD-682: Client: tokens cannot be reauthenticated
RAD-685: Service: port number is not taken into account while importing from CC or APIC
RAD-687: Console: platform ftd ... should support FDM device type too
RAD-691: Client: CatalystCenter class should always use fresh CloudConnection instead of Client objects
RAD-712: Client: port forwarding is broken on Windows
RAD-715: Console: robustness improvement against Duo failures
RAD-727: Service: Catalyst Center HTTP API token does not correctly refresh in some scenarios
RAD-731: Client: “Not authenticated against the PROD domain” when using certificate_login
RAD-733: Service: uses wrong port number in check for direct RPC listener
RAD-737: Client: leaking active/open connections in HTTP proxy
RAD-738: Client: multiple cloud connection issues in Catalyst Center helper
RAD-740: Console: no default authenticator was set after using Catalyst Center
RAD-741: Client: inconsistency when stopping proxy forwarder
RAD-751: Service: proxy env variables are used for devices even if fall_back_to_environment is False

1.6.12

Due to an incorrect setting that crept up while migrating from one build environment to another, both 1.6.10 and 1.6.11 were released with an expiration date in September 2024 instead of June 2025. In order to fix this unfortunate situation:

the 1.6.10/1.6.11 code was re-released as 1.6.12 without an expiration date;
future releases starting with 1.7.1 will no longer have an expiration date.

1.6.11

Rebuild of 1.6.10 with a fixed Windows installer.

1.6.10 has been pulled from downloads as it came with a broken Windows installer. If you were using RADKit Service as a Windows Service and you installed 1.6.10, or if you checked the “Windows Service” box while installing 1.6.10, you will need to first install 1.6.11, then perform manual un-installation of the RADKit Windows Service using radkit-service windows-service remove, then re-install it using radkit-service windows-service install.

The known issue regarding RADKit Service GUI on Linux (see 1.6.10 below) also affects 1.6.11.

1.6.10

Rebuild of 1.6.9 with a different installer base; no other changes or fixes.

KNOWN ISSUE: RADKit Service GUI (the graphical start/stop UI, not the browser-based WebUI) fails with Assertion `!xcb_xlib_unknown_seq_number' failed on startup if it was installed using the Linux installer. Workaround: use pip install instead. This is only necessary if RADKit Service GUI is needed on Linux.

1.6.9

Notable or breaking changes:

Service: until RBAC for administrative accounts is implemented, only superadmin will be allowed to change settings (this includes e.g. enabling/disabling RBAC for remote users, or changing proxy settings). Other admins can still view the settings, but cannot change them through the WebUI or the API.
Client: on Windows, we need at least a Windows version that has ConPTY support so that we can enable ENABLE_VIRTUAL_TERMINAL_PROCESSING. This was merged in the Windows 10 kernel around the fall of 2018 and shipped to Windows 10 installs through upgrades around that time. For more information, see: https://learn.microsoft.com/en-us/windows/console/console-virtual-terminal-sequences and https://learn.microsoft.com/en-us/windows/console/setconsolemode

Changelog:

new: #4013: Service: only superadmin should be able to modify settings
fix: #3823: Service/Client: SettingsManagerLoadError when loading bad TOML settings file
fix: #3925: Client: long lines in interactive sessions are truncated on Windows
fix: #3981: Client: radkit-client script displays spurious information
fix: #4014: Service: log level for setting changes should be at INFO level
fix: #4018: Client: not a valid parameter name when building Swagger paths
fix: #4022: Client: spurious “task not found” error during BDB import
fix: #4024: Client: BDB get_tasks raises PydanticUserError

1.6.8

Notable or breaking changes:

New mechanism for mutual validation of end-to-end encrypted sessions (E2EE):
- Remote Users now get an access token (auto-generated, can be modified) to authenticate themselves to RADKit Service when establishing an E2EE session
- this is governed by the new service.e2ee.require_e2ee_session_verification setting (default: False)
- the UseE2EE enum has been removed from the default context in the REPL
- the use_e2ee parameter has been removed from all the login functions
- the client.add_e2ee_certificate_fingerprint(...) method has been removed, the fingerprint now needs to be passed to client.service(...)
- the reload_if_needed parameter in client.service(...) has been removed
- E2EE is now required by default on the Service (clients that don’t support E2EE or refuse to enable it won’t be able to connect)

Changelog:

new: #2017: Client: integration with BDB (Cisco internal only)
new: #3437: Service: base layer to support external authentication sources (experimental)
new: #3850: Client/Service: end-to-end encrypted session validation (see E2EE doc)
new: #3973: Service: UCS Manager: new device type, API support and passwordless login
new: #4000: Service/API: enable gzip compression for response content
fix: #3922: Service: missing xml_requests folder for CSPC import functionality
fix: #3985: Service: FMC: support /api/ paths in HTTP Client
fix: #3987: Client: ^C during login results in NoContextCreatedError on subsequent login attempts
fix: #3988: Service/UI: UI unresponsive with thousands of devices imported from Cisco DNA Center
fix: #3995: Service: incorrect description for setting service.devices_proxy.url

1.6.6

Notable changes:

Connector (device import) settings have been cleaned up:
- Cisco DNA Center-specific settings service.cisco_dna_center_connector.* and environment variables RADKIT_SERVICE_CISCO_DNA_CENTER_CONNECTOR_* have been removed;
- general setting service.connectors.request_timeout and environment variable RADKIT_SERVICE_CONNECTORS_REQUEST_TIMEOUT have been introduced.
Old session logs on Client and Service are now automatically deleted:
- On the Client side, this cleanup is governed by the client.logging.session_log_max_age setting, which defaults to 15 days. Cleanup only happens while RADKit Client or Network Console is running.
- On the Service side, this cleanup is governed by the service.logging.session_log_max_age setting, which defaults to 15 days. Cleanup only happens while RADKit Service is running.
- If you need to retain some of your existing session logs, please make sure to back them up BEFORE you upgrade and start RADKit Client, Console or Service.

Changelog:

new: #3599: Client: join() helper to wait for multiple objects
new: #3680: Service/Client: old session logs are automatically erased
new: #3835: Console: add platform linux sudo <device> support
new: #3841: Service: API and passwordless HTTP proxy for Crosswork
new: #3893: Service: passwordless HTTP proxy for Broadworks
new: #3917: Service/UI: info box about RBAC on Labels screen
new: #3921: Control: expose system support-package command
new: #3982: Service/UI: shrunk navigation pane to make space for new items
fix: #2835: Service: increase and generalize timeouts in device import connectors
fix: #3546: Service/UI: Safari does not prompt the user when the session is terminated
fix: #3597: Service: UnicodeDecodeError during Netconf capabilities update
fix: #3808: Client: HTTP Response does not honor Content-Encoding: gzip
fix: #3908: Client: status missing from Service and InteractiveConnection
fix: #3910: Service: Candela breaks if asyncinotify is present on non-Linux system
fix: #3914: Service: improved error from HTTP proxy when Service is on an older version
fix: #3924: Service: does not completely disable the pager on IOS-XR
fix: #3927: Service: improved username/password prompt detection over Telnet
fix: #3932: Service: TLS verification cannot be disabled when importing devices via proxy
fix: #3934: Service: empty output from exec(sudo=True) when user is root already
fix: #3936: Client: use xterm instead of dumb as the default TERM value
fix: #3941: Service: RADKit Service passwordless HTTP: login no longer works after logout
fix: #3943: Client/Service: tab characters are removed from prompt detector output
fix: #3945: Service/UI: RADKit Service device type default HTTP port should be 8081
fix: #3946: Service: FMC API global domain is never detected
fix: #3952: Service: Netconf/YANG model contains a single empty module entry
fix: #3953: Service: UI boolean settings should not be sent as strings
fix: #3956: Service: HTTP requests for vManage should add X-XSRF-TOKEN
fix: #3960: Client: crashes to prompt when trying to log in on Windows
fix: #3968: Service/UI: admin password change fails if 403 returned
fix: #3972: Service/UI: should not do “get admins” API call user is not superadmin
fix: #3978: Service: cloud proxy environment variable also affects devices proxy setting

1.6.5

Notable or breaking changes:

In RADKit Service, the Swagger device property base_url has been replaced with schema_path and port.
- The Service database migration is performed automatically on the first startup after the upgrade.
- If schema_path is not provided, RADKit Service uses the hardcoded default path for the device type.
- The default value for the port field in the WebUI changes depending on the selected device type.
In RADKit Network Console, the service command now requires the sr or no-sr keyword.
- This is used to set the SR (Cisco TAC Service Request) context for the session to the Service.
- Previously this was only enforced for Cisco user accounts; it has now been extended to all Console users.
- This feature can be disabled by setting client.network_console.enable_sr_context to False.
- Please refer to the Network Console and Settings sections in the RADKit documentation for more information.
In RADKit Client, the client.reauthenticate() method is being deprecated.
- The correct way to reauthenticate is now to call client.authenticator.reauthenticate().
- Depending on the original authentication method, different parameters will be expected.
- The old method is still supported for the time being but will log a warning when used.
Experimental support for system HTTP proxies on Windows and macOS (added in 1.6.0) has been REMOVED.
- Please refer to the “HTTP proxy support” page in the documentation for more information.

Features:

new: #3497: Service: save superadmin password on change if read from a file
new: #3566: Service: support for CSPC device import with credentials
new: #3656: Service/UI: better defaults for SD-WAN devices
new: #3673: Client: certificate renewal management
new: #3675: Common: improved HTTP proxy settings and handling
new: #3681: Console: make service ... [sr | no-sr] available to non-Cisco users
new: #3754: Service: added support for multiple Swagger API paths
new: #3806: Service/UI: add a “clear value” state to Management Protocols in Cart
new: #3810: Service: updated list of allowed TLS ciphers
new: #3838: Service: passwordless HTTP proxy support for CUCM
new: #3839: Service: passwordless HTTP proxy support for CMS
new: #3840: Service: API and passwordless HTTP proxy support for NSO
new: #3842: Client: improved API for reauthenticate
new: #3862: Service: allow labels up to 40 chars long to accommodate UUID4 strings
new: #3902: Client/Service: button to reset passwordless HTTP proxy session

Fixes:

fix: #3747: Service: APIC WebUI login fails intermittently
fix: #3772: Service: various APIC WebUI loading issues
fix: #3774: Service: APIC imported leaves & spines should not have HTTP settings
fix: #3784: Service: “No response returned” traceback
fix: #3785: Client: ModuleNotFoundError: No module named ‘pexpect.socket_pexpect’
fix: #3791: Client/Service: transfers are slow when done over H2 RPC transport
fix: #3795: Client: handle spurious anyio.BrokenResourceError
fix: #3796: Client/Service: BrokenResourceError in H2 RPC transport
fix: #3797: Service: traceback after ^C in older Docker versions
fix: #3798: Client: success and failure missing from TransformedFillerRequest
fix: #3799: Client/Service: large data causes resets in direct RPC
fix: #3801: Service: some newlines are missing from exec() command output
fix: #3809: Service: Candela no longer refreshes logs dynamically
fix: #3811: Console: crash when wrong CEC password entered in platform ccc xxx
fix: #3816: Service: KeyError when passwordless Cisco DNA Center login fails
fix: #3817: Service/UI: authentication extra field does not change with device type
fix: #3834: Service: fix ClosedResourceError in RPC server + enable_set handling
fix: #3846: Client: repeated sso_login causes exception and prevents further login
fix: #3847: Service/UI: no longer shows import icon for Cisco DNA Center devices
fix: #3848: Client/Service: SFTP upload fails (H2 stream was reset by peer)
fix: #3852: Service: HTTP authentication timeout should default to 2 minutes
fix: #3873: Client: clean up handling of unknown service ID in local proxy
fix: #3885: Client: direct WebSocket client gets stuck during termination
fix: #3888: Service: OCSP improvements for webserver-certificate import
fix: #3891: Common: filter out deprecation warnings about naive datetime objects
fix: #3906: Service: validate_schema_path_empty_or_starts_with_slash does not raise a value error

1.6.4

Changelog:

doc: #3760: corrected CSV example in Control cookbook
new: #3603: Console: support for FMC and FTD clish, expert and lina shells
new: #3734: Client: enable HTTP/2 RPC multiplexing by default (for improved performance)
new: #3741: Service: support vManage passwordless auth proxy
new: #3749: Console: automatically add Service info to the SR on service command
new: #3778: Service: add enable_h2_rpc_transport setting to control H2 multiplexing
fix: #3654: Console: interactive help for service is outdated
fix: #3665: Service: after long output, prompt detector sometimes misses the prompt
fix: #3713: Service: cannot download support bundle or logs from ISE over passwordless proxy
fix: #3725: Service: eWLC with passwordless HTTP proxy results in a login loop
fix: #3732: Client: use a longer timeout for HTTP requests made through the proxy
fix: #3733: Service: Expressway with passwordless HTTP proxy results in a login loop
fix: #3737: Service: does not delete the database lockfile on shutdown
fix: #3738: Service: add sub-request ID to logging context for multiplexed requests
fix: #3742: Service/UI: show user-friendly device type in cart and devices table
fix: #3743: Console: device type change in 1.6.3 broke platform ccc commands
fix: #3745: Service: former PID incorrectly seen as running by psutil
fix: #3752: Client: H2 RPC transport can hang on incomplete Terminal connection termination
fix: #3764: Common: fix StreamClosedError in RPC transport
fix: #3765: Service: improve logging in RPC server transport
fix: #3753: Service: fix InvalidStateError in AsyncContextManagerMemoizer
fix: #3771: Service: support concurrent HTTP proxy to multiple devices of the same type
fix: #3779: Service: redirect loop when accessing FMC dashboard over passwordless HTTP
fix: #3783: Service: DELETE calls with HTTP body fail in the HTTP runner

1.6.3

Notable or breaking changes:

The device types have been harmonized; as a consequence, the syntax for some types has changed. All device types used in the Control API are now all-uppercase with underscores. Please update your Control scripts and CSV files accordingly. For details, see: https://radkit.cisco.com/docs/pages/control_api_sync.html#radkit_service.control_api.DeviceType
The verify and cert arguments have been removed from the Raw HTTP methods in the Client API. Those were previously ignored, as TLS verification is handled and driven by RADKit Service. The stream argument has also been removed, as a streaming API is not currently available. The allow_redirects argument had already been removed in 1.6.2.
RADKit’s SocketSpawn class has been integrated into pexpect 4.9 and has now been removed from the RADKit code. The pexpect version requirements for RADKit Client have been changed to >=4.9,<5.0. Calls to spawn_pexpect() now return an instance of pexpect.socket_pexpect.SocketSpawn.

Changelog:

doc: massive documentation refresh (ongoing)
doc: #3702: improved documentation styling
new: #3602: Console: implement Cisco DNA Center RCA collection and interactive shell
new: #3605: Client/Cloud: offer PAC file for HTTP Proxy
new: #3691: Client: improvements to HTTP Proxy WebUI
new: #3714: Service: support ACI APIC passwordless HTTP proxy
new: #3715: Common: harmonized device types
new: #3723: Common: HTTP/2 multiplexing for improved RPC performance (currently disabled)
fix: #3625: Service: CSRF errors when using proxy forwarding to a RADKit Service
fix: #3677: Service: terminating a session on the Activity tab does not notify the Client
fix: #3679: Control: Service returns ValueError due to incorrect device type mapping
fix: #3686: Client: token refresh fails with traceback and does not open browser
fix: #3689: Service: interactive prompt is consumed and not displayed to the user
fix: #3690: Common: invalid settings override correct settings with lower precedence
fix: #3694: Service: import from Cisco DNA Center fails when duplicate devices are present
fix: #3696: Service: Cloud proxy change does not take effect until Service restart
fix: #3701: Service/UI: cEdge device type triggers a Pydantic validation error
fix: #3707: Service: Cisco DNA Center import by tag does not work
fix: #3718: Common: fixed Missing RPC_Success in RPC transport
fix: #3719: Common: fixed BrokenResourceError in RPC transport
fix: #3720: Service: unable to log in to ISE using passwordless proxy
fix: #3721: Client: only list HTTP capable devices in Proxy WebUI
fix: #3729: Client: empty page after clicking Back button in Proxy WebUI
fix: #3730: Client: more informative error message on SSO identity mismatch

1.6.2

Notable and breaking changes:

The HTTP_API class was renamed to HttpApi.
The HTTP_APIError class was renamed to HttpApiError.
The HttpResponseResult class was renamed to HttpResponse and its interface has been slightly modified.
HttpApi methods such as get() or post() now return HttpResponse, instead of a FillerRequest with a result attribute of type HTTPResponseResult. The result attribute still exists in HttpResponse, but it will log a warning and return the same object to the caller.
The allow_redirects argument has been removed from all HttpApi methods.

Changelog:

new: #3335: Service: post-processors for device output
new: #3659: Client: add --device parameter alias to radkit-interactive
fix: #3669: Common: logging error during “rate limit exceeded”
fix: #3671: Client: fix “head-of-line” blocking issues in HTTP/2 proxy implementation

1.6.1

Changelog:

fix: #3640: Service/UI: device list ordering is reset when editing a device
fix: #3655: Service: traceback when SCP command not available on device

1.6.0

Release summary:

Passwordless HTTP proxy for ISE, FMC, Cisco DNA Center
HTTP API support for ISE 3.1+, CUCM
Device import from ACI/APIC
Interface to change Service settings through WebUI
Easier renewal/re-enrollment when Service certificate is expired or revoked
Activity monitoring for terminal and SCP/SFTP file transfers in Service WebUI
Password lifecycle management for Service admin accounts
Code signing for wheel tarballs and Linux installer
Support added for Python 3.10 and 3.11, dropped for 3.7
… and many more changes under the hood :-)

Breaking/notable changes:

A compatible OpenSSL version (1.1.1g+ or 3.x) will be enforced at startup. Be prepared if you use pip install.
In Network Console, the proxy command syntax is now aligned with the port_forward command, with start and stop keywords, supporting both socks and http.
A new SEND_TIMEOUT value was added to RequestStatus, meaning a request could not be delivered to the Service.
The RequestStatus.RECEIVED enum value was renamed to DELIVERED (seen from the point of view of the Client).
The request_success() and request_failure() methods on request objects have been shortened to success() and failure(), respectively. The old names are now deprecated but will be maintained for some time .
asyncssh will no longer try to load keys and settings from ~/.ssh unless fall_back_to_environment is set to True (separate settings are available under service.ssh and service.netconf).
The handling of the ~ (tilde) escape character in interactive Terminal sessions has been cleaned up:
- ~ is only recognized after a carriage return;
- ^C^C^C^C, ~c and ~z are no longer recognized;
- the help text for ~. has been made more accurate.
RADKit now uses Pydantic 2.x for its data models. If you are using the pip installation method and you are installing additional third party libraries (outside of RADKit’s own dependency tree), this may cause incompatibilities if some of those additional libraries are still dependent on Pydantic 1.x.
Code signatures are now available for the Linux installer and wheel tarballs (see documentation for details).
Device types:
- most types have been cleaned up (display only; values in DB and API remain the same as before);
- types CNBR and CNBROpsHub have been removed (obsolete);
- new Control command: radkit-control device list-types.
Supported platforms and Python versions:
- Python 3.10 and 3.11 are now supported
- Python 3.8 is no longer supported on macOS Silicon
- Python 3.7 is no longer supported (EOL; see https://devguide.python.org/versions)
- Windows 32-bit is no longer supported

Features:

new: #955: Client: improved access to request status information
new: #1745: Interactive: make paths optional for certificate authentication
new: #2022: Service/API/WebUI: password lifecycle/management for admin accounts
new: #2124: Service: change settings through API and WebUI
new: #2378: Client: improved ~ escape character handling in interactive
new: #2427: Client: turn light-bg/dark-bg into settings
new: #2510: Service: setting to restrict CXD upload destinations
new: #2786: Client: recommend proxy auto-config (PAC) file for SOCKS/HTTP proxy
new: #2796: Service: ignore outside env/config in 3rd party libraries by default
new: #2816: Enforce recent OpenSSL version at startup
new: #2830: Service/UI: improve UX when Service certificate is expired/invalid
new: #2920: Client/Service: reverse proxy over SOCKS/HTTP with authentication
new: #2944: Client: make CXD integration fully asynchronous
new: #3068: Service: add support for OpenAPI 3.1 to make Swagger work with newest FastAPI
new: #3082, #3330: Service/UI: display active Terminal and SCP/SFTP sessions in real time
new: #3144: Client/Service: advanced terminal interaction (experimental)
new: #3177: Service: ISE HTTP API support for versions 3.1+
new: #3252: Client/Service: migrate to Pydantic 2.x
new: #3272: Service: add device type support for CUCM
new: #3316: Access/Client: direct integration with CSOne
new: #3317: Service: connection limits for read/write-file, terminal, tcp_tunnel and others
new: #3324: Service: cleaned up list of device types
new: #3327: Service: connector for ACI/APIC device import
new: #3328: Client: warn the user about the dangers of sharing certificate credentials
new: #3361: Service: FMC WebUI login support (including banner)
new: #3368: Common: drop support for Python 3.7
new: #3403: Client: DeviceFlow default regex extension for Cisco DNA Center
new: #3408: Service: device labels API improvements (accept label strings in API)
new: #3412: CXD: integrate with CXFiles notifications
new: #3422: Service: add env var to enable --force option in Docker
new: #3438: Packaging: ship .pyi files to assist linters
new: #3460: CXD: migrate away from the global cxd object
new: #3469: Genie: provide API to parse plain-text outputs
new: #3471: Service: ISE passwordless UI proxy
new: #3482: Client: add missing parameters to CiscoDNACenter.exec() and .admin_exec()
new: #3500: Packaging: code signing for Linux installer and wheel tarballs
new: #3506: Control: expose change_password in Control API
new: #3576: Service: stored procedure for Cisco DNA Center rca command
new: #3601: Console: add support for HTTP proxy
new: #3623: Service: remote procedure for Cisco DNA Center to enter unrestricted shell with password

Fixes:

fix: #1351: Client: display success/failure count for TransformedFillerRequest
fix: #2776: Packaging: remove old stub packages for Remote and Candela
fix: #2802: Service: interactive() logs use wrong name@host notation
fix: #3292: Service: CloseConnection cannot be sent in state ConnectionState.LOCAL_CLOSING
fix: #3308: Service/Control: improved error on duplicate names in bulk-create API
fix: #3313: Service: return substitute authentication cookies to Client
fix: #3315: Service/UI: closing update modals while processing stops data refresh
fix: #3340: Client: non-existing Service IDs should be removed from “services” dictionary
fix: #3342: Common: misleading ValidationError when value cannot be parsed as JSON
fix: #3343: Service/UI: do not capitalize empty table placeholders
fix: #3347: Service/UI: typing in name box while function running produces wrong name in toast
fix: #3352: Service/UI: lack of consistency in name-update toast notifications
fix: #3353: Service/UI: validation error on the frontend doesn’t close the spinner
fix: #3356: Service/UI: notifications leak between user sessions in the same browser
fix: #3367: Console: crash on login if AuthFlow fails due to lack of DNS server
fix: #3370, #3381, #3388: Console: tracebacks due to uncaught exceptions
fix: #3372: Service/UI: DNA Center import intermittently goes straight back to inventory
fix: #3377: Service/UI: fix action button scaling
fix: #3409: Service: cannot enter password in headless mode in Docker
fix: #3411: Service: AssertionError in ASGI framework: assert scope["type"] == "websocket"
fix: #3436: Service: admin password change fails if old password is not compliant
fix: #3442: Service: crash observed when handling a TimeoutError
fix: #3452: Client: fix repr message for SCP/SFTP upload request
fix: #3455: Client: traceback if RPC not delivered to Service on time
fix: #3457: Console: local variable ‘index’ referenced before assignment
fix: #3480: Service: prompt detector stops working after a while
fix: #3489: Common: InvalidStateError after restarting authenticator
fix: #3491: Service/GUI: does not handle runtime errors from the Service
fix: #3501: Service/GUI: shows numerical value for “Logging level”
fix: #3502: Service: settings change triggers Service restart
fix: #3503: Service: run --force option doesn’t always work
fix: #3504: Client: integrated fails if superadmin password does not meet complexity requirements
fix: #3510: Service: clearing proxy URL in connectivity page does not work
fix: #3516: Service/UI: password reset should display a reason when it fails
fix: #3517: Service: panel no longer supports Ctrl-G to change the logging level
fix: #3520: Control: admin bulk-update --json-template is broken
fix: #3521: Service/UI: “enable” switch is shown when editing superadmin
fix: #3523: Service: upload error when detaching from session
fix: #3525: Service/API: admin can log in even when disabled
fix: #3533: Service/UI: numerical fields in Settings validation issue
fix: #3534: Service/UI: sort jumphosts alphabetically in drop-downs
fix: #3536: Client: client.reauth with invalid response
fix: #3537: Service: when no cloud connectivity every settings change causes service restart
fix: #3539: Client: improve error handling in CiscoDNACenter class
fix: #3540: Service: do not start up if TOML file is invalid
fix: #3541: Service: traceback when terminating a connection from the Activity tab
fix: #3545: Packaging: Windows install fails with “No matching distribution found for asyncinotify<5.0,>=4.0”
fix: #3549: Service: speed up --help and --version
fix: #3553: Packaging: ImportError while migrating from pre-1.5 database
fix: #3558: Service: various fixes in HTTP runner
fix: #3564: Service: APIC import fails silently when APIC is slow
fix: #3578: Service/UI: restore StarOS and UltraCore5G device types
fix: #3580: Service/UI: do not allow submitting an HTTPS proxy URL
fix: #3596: Service/UI: sorting by Cart presence is broken
fix: #3618: Client: CiscoDNACenter consent-token detection fails on 2.3.3.7

1.5.12

Changelog:

fix: #3626: Packaging: 1.5.11 Windows installation fails

1.5.11

Rebuild of 1.5.10 with asyncssh 2.14.1 which fixes CVE-2023-46445 (see https://github.com/ronf/asyncssh/security/advisories/GHSA-cfc2-wr2v-gxm5 for details). Note that only the RADKit installers include asyncssh; if you installed RADKit using pip, we recommend that you get the fix by running: python3 -m pip install -U asyncssh

1.5.10

Changelog:

new: #2874: Windows: install RADKit Service as a genuine Windows service
new: #3399: Linux: extend installer support to glibc>=2.17 (Debian 8+, Ubuntu 14+, RHEL 7+)
fix: #3324: Service: disallow the TRACE HTTP method on API/WebUI

1.5.9

Breaking change:

The sr keyword has been removed from the download cxd command.

Changelog:

doc: #2499: Doc: add example for plain text output parsing with Genie
new: #3212: Client/Console: add setting for open_browser default behavior
new: #3253: Console: remove sr keyword from download cxd command
new: #3299: Control: add verify boolean to disable TLS verification in ControlAPI.create
fix: #2382: Cisco DNA Center: admin_exec repeatedly asks for credentials
fix: #2784: Console: prompt suggestions not working after variable fields
fix: #3087: Service/UI: cannot change device labels only from tray
fix: #3194, #3305: Service: work around SNMP dependency conflict with Genie
fix: #3263: Service/UI: more optimizations for large numbers of devices
fix: #3267: Console: traceback on download scp if destination is a directory
fix: #3289: Service/UI: auto-select existing placeholder on clicking a password field
fix: #3293: Service/UI: session storage fills up after a large number of bulk operations
fix: #3298: Control: CSV device bulk create template is broken for labels and SNMP
fix: #3302: Service/UI: empty tables when Search has no resulting return payload
fix: #3303: Service/UI: unified brand identity
fix: #3309: Console: traceback if access to SCP destination is not permitted
fix: #3320: Service/UI: missing spinner on user actvication/deactivation
fix: #3322: Control: missing sections in JSON/CSV templates
fix: #3325: Service/UI: delete modals allow to send multiple requests
fix: #3348: Service: SNMP Get/Walk fails with TypeError

1.5.8

Notable changes:

the syntax to bootstrap Service in Docker via CLI has changed (see doc)

Changelog:

new: #3233: Service: support cEdge authentication when RADKit is running on vManage
new: #3241: Service: UI should reflect Forwarder/Cloud connectivity statuses
new: #3247: Console: add SNMP get/walk support
fix: #3277: Common: better handling of syntax errors in TOML settings

1.5.7

Changelog:

new: #3061: Service: configurable protection against RPC flooding
new: #3262: Service/UI: rename Tray to Cart based on user feedback
fix: #2982: Service/Client: unhelpful traceback when accessing a deleted device
fix: #3051: Client: HTTP and Swagger result APIs should be similar
fix: #3075: Service/UI: improved performance with large numbers of devices
fix: #3164: Common: don’t crash on startup if settings.toml has errors
fix: #3249: Service/UI: fix blank admins table on page refresh
fix: #3254: Service/UI: label text color isn’t applied to labels created within picker
fix: #3255: Service/UI: labels created within picker appear as selected in the Cart
fix: #3256: Service: run --force ineffective if stale/running PIDs are the same
fix: #3257: Packaging: fix Windows shortcut commands for Service and Medic
fix: #3261: Service: Docker wrapper should forward SIGTERM to Service process

1.5.5

Breaking or important changes:

Service: setting dnac_connector has been renamed to cisco_dna_center_connector
Service: separate proxy settings for HTTP(S)/Swagger to devices, see service.devices_proxy.*
Console: the service command now requires an sr argument (for Cisco users only)
Genie: temporarily forcing pyats and genie to >=22.5,!=23.8 due to errors on Python 3.8+

Changelog:

doc: #3180: Client: PAC file doc update (browser is detected automatically)
new: #2098: Service: web-server-cert subcommand for importing a web server certificate
new: #2517: Service: separate proxy settings for traffic to devices
new: #2945: Console: add support for SR tagging and session log upload to CSOne
new: #3210: Client/Service: multi-device SNMP Get and Walk
fix: #3009: Service/UI: fix label borders on Safari
fix: #3114: Console: avoid traceback on regex syntax error
fix: #3119: Service/UI: remove “session expired” popup when enabling device with invalid hostname
fix: #3120: Service: “Unable to get the Pydantic model name” on model validation
fix: #3142: Service/UI: Firefox table cell overflow bug
fix: #3148: Service/GUI: fix “ValueError: Formatting field not found in record: ‘nglog_context’”
fix: #3149: Console: traceback and crash if user clicks “Deny” on SSO login screen
fix: #3185: Control: devices not imported during bulk-create CSV operation
fix: #3189: Client: add prefix to error logs issued during access_token_login()
fix: #3216: Service: more accurate Cisco DNA Center import status
fix: #3218: Service: prevent errors and race conditions related to caching in HTTP Runner
fix: #3219: Packaging: add -I flag to ensure isolation of virtualenv in Linux installer
fix: #3221: Service/UI: fix subdevices workflow errors on slow environments
fix: #3224: Service: SCP upload shows success but fails with IOS-XE
fix: #3225: Service: ignore HTTPS_PROXY when connecting to network devices
fix: #3228: Control: uses cloud_client.proxy.* instead of control.proxy.* settings
fix: #3230: Client: nicer formatting of Swagger path dicts
fix: #3242: Service: rename setting dnac_connector to cisco_dna_center_connector
fix: #3246: Service: add_user should not be called after close was called

1.5.4

Important new features:

Linux installer (only x86_64 + glibc supported at the moment)
RADKit Medic application to reset RADKit to a clean config

Changelog:

doc: #3106: update Ansible-RADKit section and document compatibility
doc: #3183: mention PAC file for SOCKS proxy browser configuration
doc: #3184: add documentation for RBAC in Service
new: #1930: installer for Linux (only x86_64 supported at the moment)
new: #2714: “RADKit Medic” CLI and GUI to revert RADKit to a clear configuration
new: #3047: Service: new device types for Broadband Wireless Aggregation
new: #3157: Client: offer API to specify Cloud proxy settings in stand-alone scripts
new: #3193: Service/UI: include hash in front-end assets to avoid caching issues
fix: #3150: CXD: upload_to_cxd no longer works for multipart uploads
fix: #3157: Service: Cloud connection does not restart when proxy is changed
fix: #3170: Service: CLI debug flag is ignored
fix: #3178: Service/UI: buttons stuck in “loading” state after adding new Remote User
fix: #3192: Service/UI: label picker is blank while data is loading
fix: #3195: Service: exec() connection hangs on slow commands on some platforms
fix: #3198: Service/UI: labels in the Users table disappear after tab refresh
fix: #3202: Client: SNMP scripting improvements
fix: #3209: Service: do not suppress CancelledError in Command Runner
fix: #3211: Client: when using terminal.read(-1) some data can be lost on EOF

1.5.3

Changelog:

new: #3098: Client/Service: add support for SNMP GETBULK operations
new: #3122: Client: sso_login now accepts an OAuthConnectResponse object
new: #3146: Service/UI: extend width of Candela Hypersearch window
new: #3162: Common: enforce the use of HTTPS for RADKit OCSP checks
new: #3174: Service/UI: change to full viewport for Monitoring/Candela screen
fix: #3031: Settings: some settings cannot be overridden via TOML/CLI/env
fix: #3096: Service: SNMP Walk does not honor timeout parameter
fix: #3127: Service/UI: allow proxy configuration on the Connectivity screen
fix: #3132: Service/UI: fix performance issues in log viewer with large directories
fix: #3133: Console: load settings from settings.toml
fix: #3137: Service/UI: bootstrap screen should redirect to Devices instead of Connectivity
fix: #3139: Service/UI: don’t show “websocket expiry error” on logout
fix: #3140: Service/UI: fix scrollbar on Webkit
fix: #3141: Service: proxy settings error when password is provided
fix: #3154: Service/UI: block ENTER key for empty input values during SSO enrollment
fix: #3155: Service/UI: handle ENTER key in proxy configuration
fix: #3163: Service: fix taskgroup cancellation of Service
fix: #3175: Service: allow user to override Content-type header for ISE HTTP API

1.5.2

Changelog:

new: #2896: Service: add support for raw HTTP API on ISE (authenticated)
new: #3100: Service/UI: block Add operations until response comes back
fix: #2895: Service/UI: Candela should stop trying to reconnect after session timeout
fix: #3097: Service/UI: table loader shows up on API calls when not necessary
fix: #3131: Service/GUI: context information missing from audit logs when launched from GUI

Temporarily reverted due to regression #3129:

fix: #3031: Settings: some settings cannot be overridden via TOML/CLI/env

1.5.1

KNOWN ISSUES:

#3129: Client/Service: Cloud proxy settings are ignored
#3131: Service/GUI: context information missing from audit logs when launched from GUI

Release summary:

Granular RBAC based on labels affixed to Remote Users and Devices (enabled through Labels section in WebUI)
Direct connection between Client and Service (admin user authentication without RBAC)
Experimental SNMP support (partially implemented)
Support for SSH public-key authentication for Terminal connections
More logical use of Cisco DNA Center credentials (Terminal for SSH, HTTP for import)
Support for large Cisco DNA Center inventory imports with optional filtering based on tags
Canonical device names on Service (lowercase, no spaces or special chars)
Stricter and more configurable TLS versions, algorithms and trusted issuers
Reworked RADKit Remote (now RADKit Control) with CSV support and a new synchronous Python API
Stripped-down and improved Candela (WebUI log display component)
New device types: CVOS, NXOS, Broadworks, Cisco ACI
Many enhancements and bugfixes (full list below)

Breaking or notable changes:

Client and Service:
- Settings log_file, log_dir, logging_level and session_logging have been moved to a new logging subsection
Client:
- [async_]oauth_connect_only() no longer accepts a websockets parameter
- access_token_login() now takes a provider argument like the other *_login functions
- token_provider is still accepted but is deprecated and will be removed in a future release
Cisco DNA Center support:
- Cisco DNA Center devices now use HTTP credentials instead of Terminal for device import
- Terminal credentials can now be properly used for SSH access, along with different credentials for HTTP, on the same device
- When upgrading from pre-1.5 to 1.5 and above, Terminal credentials for Cisco DNA Center devices will be automatically migrated to HTTP
- Make sure to revisit the Cisco DNA Center devices in your inventory and check/fix all credentials
Remote and Candela:
- RADKit Remote has been renamed to RADKit Control and is now part of the cisco_radkit_service package
- Candela is now also part of the cisco_radkit_service package
- The first few 1.5.x releases will include empty cisco_radkit_remote and cisco_radkit_candela packages

Documentation:

doc: #2518: Control CLI documentation
doc: #2679: working example for oauth_connect_only
doc: #2755: documentation for Raw HTTP API
doc: #2819: document regex filtering in Console
doc: #2840: documentation for direct_login
doc: #2910: Control API documentation
doc: #3021: installation guide for Service on CSPC

Features:

new: #1183: Service/Candela: better Candela integration into Service
new: #1345, #2573: Service: more robust process management
new: #1557: Service/Candela: automatic directory refresh
new: #1812, #3020: SNMP support (experimental)
new: #1925, #2076, #2419: label-based device access control
new: #2085: Service: enforce canonical device names
new: #2087, #2577: Client/Service: cloud-free direct connectivity
new: #2091, #2092: Service: support SSH public-key authentication for Terminal
new: #2211: Logging: configurable rate limits for logging
new: #2261: Client: write to CXD from the client side
new: #2318: Service: record DB schema and RADKit version trail
new: #2401: Client: allow passing non-canonical device names to radkit-interactive
new: #2492: Service/GUI: automatic HTTPS port selection
new: #2516: Service: convert database from SQLite to Pydantic
new: #2555: Client: client object caching in Context
new: #2592: Client: async version of Context
new: #2619: Control: sync wrappers around the current async API
new: #2643: Control: bulk create/update/delete devices based on CSV
new: #2647: Service: automatically migrate Cisco DNA Center credentials from Terminal to HTTP
new: #2658: Service/UI: sorting for “Description” column
new: #2671: Control: complete renaming after integration into Service package
new: #2720: Service: support for Cisco Voice Operating System (VOS)
new: #2785: Console: implement a global show port_forward command
new: #2810: Client: allow specifying the OAuth provider in all login functions
new: #2822: Service/Candela: button to wrap long lines
new: #2832: Service: new NXOS device type
new: #2841: Client: verify server cert fingerprint in direct_login
new: #2864: Service/UI: RBAC activation checkbox
new: #2869: Service: new device type for Cisco ACI with HTTP API support
new: #2876: Service/UI: labels can be applied through device tray
new: #2877: Control/Service/API: extended API for changing settings
new: #2897: Service/GUI: check Tk/Tcl version on startup
new: #2906: Client/Service: use Cisco-curated CA bundles for all TLS connections
new: #2908: strict enforcement of appropriate TLS version(s) everywhere in the code
new: #2911: Client/Service/Control: restrict set of TLS crypto algorithms
new: #2914: Service/Control: merge all API settings endpoints together
new: #2930: Service: add Broadworks device type
new: #2936: Service/UI: add option to not clear Edit Tray after applying changes
new: #2951: Console: add command to stop all port forwarding sessions at once
new: #2952: Service/UI: add RBAC status to page header in frontend
new: #2958: Service/UI: option in Swagger section to disable/enable TLS verification
new: #2976: Service/UI: remove the confirmation modal in Edit Tray
new: #3026: Service/UI: add last OCSP validation field
new: #3064: Service/UI: add a login blocker on empty fields

Fixes:

fix: #1607: Service/UI: display friendly page when typing bad URL
fix: #1840, #2086: Control: better approach for _STANDARDIZED_RESPONSE
fix: #1932, #2328: Service: handle large Cisco DNA Center inventory imports
fix: #2172: Service/UI: Connectivity page refresh on Firefox should not redirect to Devices page
fix: #2181: Service/UI: redirect from login page if already logged in
fix: #2183: Global: remove all remaining references to “Connector” (ex-Forwarder)
fix: #2210: Client: add missing to_json support for results objects
fix: #2224: Client: Request.result should never return None
fix: #2261, #2941: Client/Service: support new CXD infra after migration
fix: #2351: Service: garbled output with long exec() commands
fix: #2442: Client: make DeviceFlow.exec_wait() return correct type for radkit_genie.parse()
fix: #2485: Service: improved certificate renewal logic
fix: #2497: Client/Service: port forwarding errors are not actionable
fix: #2559: Client: ability to retrieve local port after forward_tcp_port with local_port=0
fix: #2565: Service/UI: do not display a hash in the URL
fix: #2566: Service/UI: cannot navigate away from RADKit using the address bar on Firefox
fix: #2574: Service/UI: new modes in Service hiding parts of header cut off the notification shade
fix: #2579: Service: fix UI port=8081 is busy when restarting the Service
fix: #2598: Control: traceback when Service port is unresponsive or does not respond as expected
fix: #2629: Service/UI: non-functional button on session expiry dialog
fix: #2633: Client/Service: vague error message when proxy/SOCKS fails to connect to a device
fix: #2649: Service: self-terminates with “OAuth Token expired” error after lost keepalives
fix: #2670: Client: oauth_connect_only fails when passing websockets=False
fix: #2676: Service/UI: sorting reset doesn’t work in the Admins table
fix: #2689: Client: spurious debugs while autocompleting Service object
fix: #2697: Service/Control: fix all update REST API calls
fix: #2703: most entry points should not display a Logging configured message
fix: #2707: Service/Candela: “download log file” button hangs on a blank page
fix: #2708: Service/Candela: logs show as empty after using Hypersearch
fix: #2709: Service/GUI: traceback when using “Reset and exit”
fix: #2711: Service/UI: page not updated after SSO enrollment
fix: #2717: General: set minimum/maximum version for all direct dependencies
fix: #2723, #2946: Service: RBAC error if devices have a disabled jumphost
fix: #2740: Client/Service: show log about reauthenticate() only in the Client
fix: #2753: Service/WebUI: fix middleware bug (KeyError: 'method')
fix: #2766: Service/API: improve performance of bulk device insert and update
fix: #2769: Client/Service: improved recovery from Forwarder authentication failures
fix: #2770: Service: TypeError: issubclass() arg 1 must be a class
fix: #2773: Client: bound method logged in HTTP request failed error
fix: #2778: Client/Service: FileExistsError or FileNotFoundError related to identities migration
fix: #2780: Client: sync API TCPPortForwarder is missing a local_port property
fix: #2789: Console: cd command does not support spaces in path
fix: #2791: Service/API: duplicate data error returns inconsistent response codes
fix: #2798: Console: better reporting for CXD exceptions
fix: #2808: Client/Service: honor Cloud client proxy settings for CXD uploads
fix: #2815: Client: cannot convert some result objects with to_dict or to_json
fix: #2824: Client/Service: fix path types displayed during migration/backup
fix: #2833: Client/Console: do not allow email with <> around it
fix: #2844: Client: fix terminal() recursion in Cisco DNA Center helper
fix: #2845: Service/UI: unexpected shorthand margin after margin-top
fix: #2846: Service: disable access to external entities in XML parsing
fix: #2862: Client: Netconf/Swagger update reports success despite failure
fix: #2870: Service: SSH connection timeout is not refreshed after subsequent exec()
fix: #2871: Service/UI: cosmetic issues in RADKit Service UI
fix: #2875: Service/API: bulk device deletion is too slow and CPU intensive
fix: #2879: Service/Candela: add noopener rel attributes
fix: #2887: Service/UI: “Add new device” dialog is not fully cleared after “Add & Continue”
fix: #2890: Service/Candela: fix “no attribute line_positions” error
fix: #2893: Service/UI: rename “Import everything” to “Bulk import” in Cisco DNA Center import UI
fix: #2899: GUI/Service: misleading error if WebUI port is already in use
fix: #2900: Service/Candela: hangs if there are too many files in session logs directory
fix: #2907: Service/GUI: new WebUI sessions constantly created by status polls
fix: #2912: Service/UI: add remote/admin username in Edit tab
fix: #2913: Control: API delete actions return None instead of a deserialized response
fix: #2916: Service/UI: inputs styling alignment with the Cisco UI Kit
fix: #2926: Service/UI: blank page after login
fix: #2932: Service: error in Candela when session_logs/ does not exist
fix: #2934: Service/Candela: dlsym(..., inotify_init): symbol not found error while loading file
fix: #2940: Service: don’t allow devices without Terminal config as jumphosts
fix: #2949: Service: various memory leak fixes
fix: #2955: Control: KeyError: 'uuid' in device bulk-create --json-template
fix: #2959: Client: add banner in attach() warning not to type passwords in commands
fix: #2961: Service: Cisco DNA Center refresh fails with AttributeError
fix: #2962: Service/Candela: unresponsive after navigating away from Monitoring tab
fix: #2964: Service: anyio.BrokenResourceError causes huge traceback
fix: #2970: Service/UI: error in JS console when doing “Reset certificate”
fix: #2972: Service/GUI: cannot start due to missing packaging dependency
fix: #2973: Service/UI: incorrect placeholder in OTP enrollment dialog
fix: #2983: Service: tracebacks on Windows due to hypercorn
fix: #2984: Client: unhelpful error when clicking “Deny” or “Log out all sessions” on SSO page
fix: #2985: Service: improve the fingerprint display
fix: #2986: Service UI: device enable/disable toggle does not trigger UI timeout
fix: #2992: Service: characters missing at end of prompt in interactive session
fix: #2993: Service/API: do not log failed incorrect usernames
fix: #2998: CXD: upload_to_cxd fails with AttributeError
fix: #3004, #3045: Service: Solis scan causes ASGI framework tracebacks
fix: #3006: CXD: upload_to_cxd fails with UnboundLocalError
fix: #3012: Service: stuck restarting when re-enrolling while in failed authentication state
fix: #3013: Service: “select all” also selects hidden users/admins/labels after a search
fix: #3023: Service: unable to start without internet connection
fix: #3024: Service/UI: SSO enrollment shows misleading errors
fix: #3025: Client: rename token_provider to provider in access_token_login
fix: #3031: Settings: some settings cannot be overridden via TOML/CLI/env
fix: #3032: Service/UI: certificate errors are not displayed in the UI
fix: #3037: CXD: HTTP uploaders do not use proxy settings
fix: #3044: Service: inaccurate error message for SSH connection
fix: #3058: Client: fix UnicodeEncodeError: surrogates not allowed in interactive()
fix: #3066: Service/UI: interference between SSH/HTTP radio buttons in device update modal
fix: #3072: Service/UI: prevent scrolling when modals are open
fix: #3073: Service/UI: move Tray submit buttons to the bottom
fix: #3076: Service: Swagger API for FMC needs to support older FMC versions
fix: #3083: CXD: catch 422 status for cases that are non-existing/closed
fix: #3084: Genie: relax pyats/genie dependencies
fix: #3116: Service/GUI: Configure button remains greyed when not bootstrapped
fix: #3117: Client: sync oauth_connect_only missing provider parameter
fix: #3118: CXD: raise error when client passed to authenticate is not OIDC authenticated

1.4.12

This release is only relevant for users who use pip as the installation method.

Changelog:

fix: #2717: General: set minimum/maximum version for all direct dependencies
fix: #3084: Genie: relax pyats/genie dependencies

1.4.11

This release is only relevant for users who use pip as the installation method.

Changelog:

fix: #2823: Service/Remote: change starlette pin from ==0.22 to >=0.25

1.4.10

Changelog:

fix: #2193: Service: API audit trail does not log IP addresses
fix: #2362: Client: check for obvious errors before starting file upload
fix: #2550: Client: support directory as SCP destination on Windows
fix: #2734: Console: defaults to C:\Windows\System32 instead of home directory
fix: #2764: Client: port forward fails when localhost resolves to a scoped IPv6 address

1.4.9

Changelog:

new: #2636: Service: dynamic remote users for trainings (experimental)
fix: #2588: Service: default listener does not bind to IPv4 on Windows

1.4.8

Changelog:

fix: #2610, #2659, #2665: Client/Service: multiple certificate renewal issues
fix: #2648: Client: certificate_login should check that the identity matches the cert
fix: #2680: Client: raise an exception when the authentication flow fails
fid: #2684: Service: Swagger Runner should honor timeout values everywhere
fix: #2688: Service: disable log file creation in /tmp/candela-cache
fix: #2693: Client/Console: segmentation fault when using ! to run shell commands
fix: #2699: Service: sudo support for FMC

1.4.7

Changelog:

new: #2600: Console: added support for port forwarding
fix: #2326: Service: fixed downloading/uploading to a directory using SCP
fix: #2580: Client: custom certificate paths no longer work
fix: #2623: Client: spurious OAuth Token expired error when leaving with login() block
fix: #2630: Service/UI: “use obsolete algorithms” check box has disappeared
fix: #2632: Service/API: invalid hostname/IPv4 address accepted by UpdateDevice
fix: #2635: Client/Console: implement fuzzy autocompletion

1.4.6

Changelog:

fix: ImportError from sqlalchemy.sql.naming with newest alembic version

1.4.5

Changelog:

doc: fixed links to videos
new: #1667: Client: support for client-side session logs
new: #2381: Client: new SocketSpawn class to support spawn_pexpect() on Windows
new: #2555: Client: drop connection to Forwarder after inactivity timeout
new: #2557: Service: support for IOS-XE authentication in raw HTTP API
fix: #1955: Client/Service: fix SSH “Connection lost” when pasting large amounts of text
fix: #2154: Client: ephemeral attributes must behave exactly like a dict
fix: #2212: Service: fix SOCKS proxy traceback when connection is refused by host
fix: #2271: Service: properly close TCP request stream when there’s an exception
fix: #2426: Client: display inventory in radkit-interactive like in the REPL
fix: #2462: Service/UI: make input validation more consistent
fix: #2489: Service/UI: fix misaligned enable input box, tray device type hint, contrast
fix: #2495: Service/GUI: properly apply config settings (notably the WebUI port)
fix: #2509: Client: fix dynamic generation of Swagger path methods
fix: #2526: Client: start_integrated_service() now uses settings from Service TOML file
fix: #2528: Service/GUI: grey out the logging level when not bootstrapped
fix: #2545: Client: cannot use Ctrl-C to bail out of sso_login on Windows
fix: #2546: Client: fix error message when Client is used after being terminated
fix: #2548: Service/UI: make remote user username/email case-insensitive
fix: #2558: Service: respect jumphost in exec()
fix: #2563: Service/UI: fix loading of “External devices” in WebUI
fix: #2567: Service/UI: add redirect for unknown URL paths
fix: #2576: Client/Console: support destroy_previous for SOCKS proxy
fix: #2581: Service/Client: fix RuntimeError: Event loop is closed on Windows
fix: #2582: Service: KeyError with device type FMC
fix: #2590: Service/UI: hide non-relevant checkboxes in Terminal/Telnet properties
fix: #2595: Service/UI: add informational text about defaults to all password fields
fix: #2597: Client/Console: crash upon update_inventory on an unreachable Service

1.4.4

Changelog:

fix: #2551: Client: ‘AccessTokenAuthFlow’ object has no attribute ‘_access_token’
fix: #2552: Service/UI: device type drop-down incorrectly shows IOS as pre-selected
fix: #2553: Client/API: do not export pipes from top-level module
fix: #2556: Genie: fingerprint does not identify eWLC as a cat9800 platform

1.4.3

Breaking changes:

Client API: ConsoleError renamed to ClientError
Client API: parameter client_id removed from enroll_client_from_otp

Documentation:

doc: #2490: complete synchronous Client API reference
doc: #2511: added missing documentation for use_e2ee_default

Features:

new: #1941: Service: Cisco DNA Center HTTP API authentication
new: #2251: Service/UI: internal rework for improved state management
new: #2321: Remote: expose setting for httpx timeout
new: #2464: Service/UI: SHA256 Fingerprint copy on click feature
new: #2467: Client: added destroy_previous parameter to start_socks_proxy
new: #2483: Client: API to read/write identity cert and keypair
new: #2524: Client: remove client_id parameter from enroll_client_from_otp
new: #2535: Client: improved response object for update_netconf/swagger()
new: #2541: Client: add Service package to Client Docker image (for integrated)

Fixes:

fix: #1608: Client: make parameters optional in Swagger call_path
fix: #1697: Service/UI: close modals on Escape but not when clicking outside
fix: #1879: Service/UI: highlight rows on hover
fix: #2410: Service/UI: lack of loader in OTP enrollment
fix: #2483: Client: perform cert_bundle migration on startup
fix: #2505: Client: multi-device update_netconf/swagger() partial failure
fix: #2508: Client/Service: honor proxy settings while doing OCSP checks
fix: #2513: Client: do not print traceback when write_eof fails
fix: #2521: Client: do not mark FillerRequest failed if total updates is 0
fix: #2522: Client: AttributeError: ‘NoneType’ object has no attribute

1.4.2

Changelog:

doc: using RADKit Client in a Python web application (e.g. FastAPI)
new: #2409: Client: simplified imports from radkit_client[.sync|.async_]
new: #2429: Client: more complete support in DeviceDict for set operations
new: #2448: Service: added reset_after parameter to exec
new: #2466: Console: CLI entry point and Windows and macOS shortcuts
new: #2470: Console: support for domains, CXD and !cmd
fix: #2448: Service: better messages and errors when using jumphost
fix: #2458: Client: DeviceDict no longer supports {scp|sftp}_to_destination
fix: #2471: set pexpect dependency to >=4.3
fix: #2478: Console: handle file transfer failures more gracefully
fix: #2480: Console: crashes when entering invalid directory
fix: #2487: Console: fix !cmd syntax and catch more exceptions
fix: #2494: Service: panel does not show WebUI port when not bootstrapped
fix: #2496: Console: FileNotFoundError when ~/.radkit/client/ does not exist

1.4.1

Changelog:

new: #2399: Client: Network Console feature (simplified command-line interface)
new: #2437: Client: added get_context and close_context helpers
fix: #2357: Client: do not return before certificate_login has completed
fix: #2428: Client: inventory view raises exception after inventory update
fix: #2435: Service: TypeError when bootstrapping if started from GUI
fix: #2444: Client: some regexes do not match when filtering devices by name
fix: #2451: Service/UI: Add & continue button on Add User screen does nothing
fix: #2459: Service/UI: blank page after login on Firefox pre-81
fix: #2461: Client: sftp_download_to_stream raises ValueError
fix: #2465: Client/CXD: restore original order of cxd parameters

1.4.0

Release summary:

Simplified OTP-based Service enrollment
New SSO-based Service enrollment
Swagger platform support: FMC, UCCE, CVP, Expressway
End-to-end encryption (E2EE) enhancements
Aync/async separation in Client API
Improved scriptability (Client) and headless mode (Service)
CXD SSO/OAuth authentication
Ansible collection integration
Performance and stability improvements + many bugfixes

Breaking changes:

radkit-integrated CLI entry point removed
start_integrated_service() command added to the REPL
sso_login, certificate_login, access_token_login are now context managers
- in the REPL: use them as usual: client = sso_login(...) etc.
- in scripts: import and use as with sso_login(...) as client:
- OR use the new create_context() construct
- see Client: stand-alone scripts in the doc for details
Service now starts and stops with Service GUI
Swagger methods now take json parameter instead of json_data
HTTP methods now take content parameter instead of data
Swagger/HTTP results no longer have a .data attribute
- use .content for raw data (binary)
- use .text for decoded data (text)
- use .json for decoded JSON (object)
run_on_service and other obsolete shortcuts have been removed
radkit_client.helpers was moved to radkit_client.sync.helpers
DNAC class was renamed to CiscoDNACenter
DeviceFlow must now be instantiated as .create_device_flow() from a Device or DeviceDict object
- service.inventory.create_device_flow()
- service.inventory[...].create_device_flow()

Features (full list):

new: #564: add Swagger parameters for bytes and form data
new: #1467: Service: many WebUI accessibility improvements
new: #1589: Service: Client-less enrollment using SSO
new: #1590: Service: add support for FMC Swagger API
new: #1925: Service: API support for device/user labels (experimental)
new: #2003: Client: E2EE workflow improvements
new: #2038: Genie: make return values consistent with RADKit Client
new: #2046: support returning metadata within update_swagger()
new: #2055: Service: automatic bootstrap if superadmin password specified in environment
new: #2058: Service: support and doc for running under systemd
new: #2062: Client: add start_integrated_service()
new: #2063: Client: full sync/async code separation
new: #2065: Service: true headless mode with --headless
new: #2095: Service: add notification tray to WebUI to record toasts
new: #2122: GUI: display Service serial and domain
new: #2135: Service: simplified OTP enrollment (no email/serial)
new: #2159: Client: read CA certificates from package directory
new: #2178: Client/Service: domain-qualified enrollment OTPs
new: #2182: Service: cleaned up and improved toasts in WebUI
new: #2188: CXD support for SSO/OAuth Bearer token authentication
new: #2192: GUI: searchable/filterable logging pane
new: #2192: GUI: simplified Service GUI with single process
new: #2207: Service: improved WebUI bootstrap dialog
new: #2214: Client: add wait_closed() to SCP transfer objects
new: #2231: better request cancellation mechanism
new: #2264: UCCE and CVP device support
new: #2305: Client/Service: E2EE usability enhancements
new: #2320: expose timeout for HTTP and Swagger APIs
new: #2369: create_context() for standalone scripts (+ doc)
new: #2395: timedLogging Swagger API support for CMS devices
new: Client: exception_traceback property for Request objects
new: Client: ping() command to check Service liveness and RTT
new: Service: ExpressWay Swagger support
new: Service: improved identity certificate validation
new: Service: show certificate details in WebUI
new: improved performance with large inventories (10k’s of devices)

Fixes (full list):

fix: #1539: Forwarder: terminate connection when OAuth token expires
fix: #1744: Client: add --trace option for debugging
fix: #1910: Client: improved DeviceDict manipulation
fix: #1963: Service: decouple superadmin password from DB
fix: #2025: Service: repeated AuthenticationFailedError on wake
fix: #2049: Client: Terminal object wait/wait_closed return self
fix: #2112: Service: modified SSH defaults to 30s timeout w/o reconnect
fix: #2114: Service: backup should not run DB migration
fix: #2121: Client/Service: display domain in panel and WebUI
fix: #2134: Client: Request cancelled by server when using E2EE
fix: #2146: create directories when RADKIT_DIRECTORY is specified
fix: #2162: Client: mark terminal() sessions closed on error
fix: #2163: Client: crash in port forwarding upon SSO timeout
fix: #2171: Service: incomplete termination
fix: #2184: cleaned up async task cancellation
fix: #2195: Service: cannot create NewDevice using Swagger API
fix: #2197: Service: ASGI Framework Lifespan error
fix: #2202: Service: Telnet fails with no attribute 'is_closing'
fix: #2208: Service: ignore MOTD interference during login sequence
fix: #2216: Client: RuntimeError when prompting for priv. key password
fix: #2218: Service: use new location for CSM OpenAPI definition
fix: #2223: Client: print of an object should use tabular format
fix: #2225: Client: show_progress() freezes and causes exceptions
fix: #2229: Service: BrokenResourceError interrupts SCP upload
fix: #2249: Client/Access: access_token_login() fails
fix: #2259: Service: tracebacks when started w/o network connection
fix: #2266: Client: port forwarding fails with WinError 10053
fix: #2268: Client: SystemExit traceback after exit()
fix: #2272: Client/Service: reduce number of connect/disconnect messages
fix: #2274: Service: slowdown during massive DB operations
fix: #2282: Service: no results when searching/filtering by email
fix: #2285: use correct denomination for Cisco DNA Center everywhere
fix: #2292: Service: do not leak connections when preparation fails
fix: #2295: Service: Generator didn't yield if WebUI port busy
fix: #2313: Client: reauthenticate() raises TimeoutError
fix: #2338: Client: more friendly cert enrollment error message
fix: #2339: Service: session logs not closed along with connection
fix: #2355: Packaging: make Conda env update mandatory on Windows
fix: #2361: Client/Service: SCP upload to IOS-XE fails
fix: #2365: Client: negotiate capabilities before fetching inventory
fix: #2386: Remote: help text for system status subcommand
fix: #2389: Client/Service: better errors for SFTP transfers
fix: #2396: Client: extra chars returned by read_line
fix: #2396: Service: improved prompt detection and output processing
fix: #2400: Service: AssertionError with fastapi 0.89.0 and later
fix: #2434: Client: notify the user when re-authentication is needed
fix: Service: ignore the user’s .ssh/config

1.3.9

Changelog:

fix: #2400: AssertionError: Status code 204 must not have a response body with fastapi 0.89.0 and later
fix: ModuleNotFoundError: No module named 'starlette' when radkit-remote is installed by itself

1.3.7

Changelog:

fix: #2247: SCP connections with IOS-XR are not properly closed
fix: DNAC helper should support token authentication
fix: WebUI compatibility issues with Safari

1.3.2

Changelog:

new: build wheels for Linux arm64/v8 architecture
fix: #2200: tab completion is slow for large inventories
fix: #2221: update OpenSSL to 3.0.7 and cryptography to 38.0.3

1.3.1

Breaking changes:

Support for Python 3.10 has been withdrawn temporarily (see Compatibility section of the doc for details)
Remote: -f and -o CLI args removed, use --input and --output instead
Service: removed Email field from Enrollment screen (will be further simplified in future releases)

Important change:

on the Client, device names are now turned into unique, DNS-compatible canonical names
this makes it possible to access devices with colliding display names coming from DNAC Support Service
this makes all devices reachable via a Client-side SOCKS5 proxy URL (see SOCKS5 section of the doc)

Changelog:

corrected video URLs on website and in documentation
new: Service: removed Email field from Enrollment screen
new: Service: bulk API for users (remote/admins)
new: show a helpful error when a setting is unknown or invalid
new: Service: better display and handling of identity certificates
new: Service: more complete backup on backup command or DB migration
new: Service/Client: customizable password complexity policy (see doc about Settings)
fix: Remote: device_create() fails due to missing http_username and http_password
fix: #1923: Remote: forwarded_tcp_ports should not be mandatory
fix: #2104: Service: traceback in Candela due to permissions error
fix: #2129: WebUI: improved “select all” behavior
fix: #2131: Service: crash on reauthentication
fix: #2139: Client: showing incorrect forwarder status
fix: #2142 #2186: DNAC: several fixes in DNAC class helper
fix: #2145: WebUI: errors while editing devices within Tray
fix: #2155: Client: cannot import from current dir when running scripts with the script subcommand
fix: #2157: Service: restore SSH keepalive support for AireOS devices
fix: #2177: WebUI: go back to previous page if current is empty after deletion
fix: #2189: WebUI: strip leading/trailing whitespace in Serial and OTP during Enrollment

1.3.0

DNA Center Support Service (PLEASE READ):

For test/lab DNACs, pass the STAGE domain to the sso_login function
For production DNACs, you need the PROD domain which is now the default

Breaking changes (PLEASE READ):

Service: sn.cfg replaced by serial.json (back up ~/.radkit if you plan to downgrade)
Client, Service: default to PROD domain (re-enrollment needed)
Client, Service, Remote: new HTTP proxy settings (see doc about HTTP proxy)
Client, Service, Remote: some environment variables renamed (see doc about settings)
Client: running a script is now done using the script subcommand
Remote: CLI syntax and output have changed (see radkit-remote --help)

Changelog:

default domain changed to PROD for Client and Service
major improvements to RADKit Cloud including performance, logging and monitoring
documentation updated and expanded
many internal improvements to stability and scalability (more to come)
new: support for end-to-end encryption (experimental, disabled by default)
new: DNAC helper class for DNA Center integration
new: generic api() call in RADKit Genie
new: support for sudo privileged commands using exec(..., sudo=True)
new: bulk import/update in Remote
new: better settings management (incl. reading settings from TOML file)
new: support for HTTP Proxy Basic authentication
new: macOS .pkg installer for Apple Silicon arm64 architecture
new: keep track of multiple Service serials and certs on different domains
new: API to start radkit-integrated from a Python script
new: support for using vManage as jumphost to reach cEdge over DTLS tunnel
new: management of additional Service admin users
new: improved search filter in Service WebUI
new: support for storing HTTP username/password (experimental, currently unused)
new: loader icon for connection attempts in WebUI
fix: WebUI search filter bug involving the not operator
fix: intermittent TCP Tunneling failures on Windows
fix: #1622: ephemeral attributes lack update and clear methods
fix: #1747: remove TLS workaround for CXD after infra upgrade
fix: #1774: re-add Device.update_attributes()
fix: #1791: better error messages during Service enrollment
fix: #1796: fixed exec result ordering in Client
fix: #1876: print has abnormally bad performance on Client
fix: #1880: SCP upload/download doesn’t show proper status after closing
fix: #1897: scp_upload_from_file fails when trying to upload an empty file
fix: #1901: Client stuck after “log out all sessions” in Access
fix: #1927: audit trail details show up in terminal but not in log file
fix: #1942: Netconf password gets saved as "***********"
fix: #1970: Candela errors on Windows
fix: #1972: removed option to change admin username in Remote
fix: #1979: improve CLI response time for some subcommands
fix: #1998: missing webserver.key causes traceback
fix: #2007: service keeps outdated Swagger parameters in cache
fix: #2029: errors when running multiple concurrent Client objects
fix: #2047: Remote does not use standard output
fix: #2051: make sort maintain state post actions on table
fix: #2068: move the warning about unsupported browsers to the login screen

1.2.2

improved handling of request cancellations
improved handling of expired users in RBAC
fix: #1858: wait for the prompt before disabling the pager
fix: #1916: wrong encoding for CMS Swagger in Windows
fix: #1918: compatibility error with fastapi==0.79

1.2.1

new access_token_login function in RADKit Client
new reauthenticate method on Client object
improved audit logging in Client and Service
improved API documentation (still in progress)
improved stability (async task handling)
fix: #1843: multiple bugs in RADKit Remote
fix: #1873: missing env vars for Docker container startup
fix: #1883: Client.enroll_client should only take client_id as parameter

1.2.0

new: PyATS/Genie integration layer (pip install only for now; EXPERIMENTAL)
new: support for non-Swagger HTTP(S) APIs (EXPERIMENTAL)
further improvements to handling of many parallel connections
multiple improvements to log file monitoring using Candela in WebUI
fix: #1735: increase SSO login timeout in Client
fix: #1750: certificate-authenticated Client or Service cannot reconnect after token expires
fix: #1761: two Client instances cannot authenticate with certs simultaneously
fix: #1766: Candela stalls when opening a log file
fix: #1794: Client traceback when connecting to a Telnet console
fix: #1803: TypeError when accessing AireOS device over SSH
many more improvements under the hood

1.1.5

fix: #1580: SOCKS proxy yields non-actionable errors
fix: #1799: UnboundLocalError when enrolling the Client

1.1.4

added support for certificate-based Client authentication
added support for SFTP file transfers
dynamic management of open sessions to allow for large-scale querying of devices
Service and Client Docker images now on https://containers.cisco.com/organization/radkit?tab=repos
license expiration extended to 12 months for releases, 3 months for special builds
additional rights management in RADKit Access
new STAGE environment (for testing only, do not use unless instructed)
documentation updates with links to videos
fix: #1624: “About” box in WebUI not displayed on Safari
fix: #1660: finished SCP sessions remaining in “Connected” state
fix: #1666: pager not disabled on IOS-XR devices
fix: #1677: CXD authentication fails due to legacy SSL option set by server
fix: #1688: WebUI/API sessions not timing out as they should
fix: #1693: update Remote ServiceAPI for new service bootstrap logic
fix: #1700: SOCKS proxy does not recognize device names containing dots
fix: #1701: maximum number of SOCKS connections too low
fix: #1703: disable proxy support in Service GUI
fix: #1704: unhandled exception when closing Client with open terminal() session
fix: #1706: SSO login results in TypeError when timing out
fix: #1707: restore certificate arguments to radkit-interactive
fix: #1714: make --version available everywhere
fix: #1717: increase Service certificate lifetime
fix: #1741: InvalidState traceback in authentication
fix: #1743: some SSO sessions fail to refresh their token
fix: #1749: Service GUI stuck when stopping the Service
fix: #1754: set default domain for Client with --domain or set_default_domain
fix: #1755: need open_browser flag in sso_login()
fix: #1763: suppress log message at the start of radkit-interactive
fix: #1769: display domain and auth method for Client object
fix: #1771: WebUI “Help” link gives iframe error

1.0.6

fix: #1654: pyang raises FileExistsError on Windows when using a temporary file
fix: #1637: Client copyright notice text should wrap

1.0.5

fix: #1646: pyang not found when using Windows/Mac installer
fix: #1644: GUI fails to recognize “not yet bootstraped” status from Service

1.0.4

cosmetic improvements in Windows and Mac installers
fix: #1564: some OAuth/SSO requests resulted in 504 Server Error
fix: #1599: enroll_service() now returns consumable object instead of simply printing enrollment info
fix: #1610: Windows installer failed on machines with missing proxy or without internet access
fix: #1631: Remote displays hint for --service-url if /api/v1 is omitted
fix: some code-signing errors on macOS went unnoticed due to silenced ImportError

1.0.2

added support to run on Apple Silicon within an x86_64 (non-native) Python environment
dropped support for Python 3.7 on macOS (all architectures)
fix: #1611: RADKit won’t start when deployed using Windows installer
fix: #1602: “Basic Constraints of CA cert not marked critical” error
fix: #1601: cosmetic fixes in Windows and macOS installers
fix: #1598: macOS wheels fail to start in some Python environments

1.0.0

Initial release