Automation Workspace v.40 release
- Updated: 2026/03/30
Review what's new and changed, and the fixes and limitations in Automation Workspace for the v.40 release.
What's new
| Connector Builder
enhancements We have introduced the following enhancements
to the Connector Builder that allows more
flexibility in creating and testing custom connectors:
|
| Option to select child dependencies when check-in of parent
automation (Service
Cloud Case ID: 01956187, 01970786, 01975747) As a Bot Creator, when you check in parent automation files from your private workspace to the public workspace, you now have the option to selectively check in associated child automation files. This allows you to continue working on child automations independently, without impacting the parent or other child automations. |
| Package
usage scanning extended to processes Package usage scanning has been enhanced to include
Processes, in addition to existing
support for Task Bots and API Tasks. This enhancement ensures accurate tracking of package consumption across all automation
artifacts. With this enhancement, you can:
|
| Support for
invoking callback URLs automatically when deploying API Tasks using Deployment API When you deploy a headless API Task with a callback URL using the Deployment API v4/automations/deploy, the Control Room automatically invokes the callback URL and sends the output variable details to this URL. This feature enables you to ascertain the execution status without any alternate methods. During execution, an audit log entry with item name Callback is generated when the Control Room initiates the outbound call to the callback URL. |
| Processes tab now available for
on-premises deployments
On-premises customers can now access the Processes tab directly from the Home page providing visibility into key process-level metrics. |
| OAuth 2.0
Authorization Server support in Automation 360
Control Room Automation 360 Control Room can now act as an OAuth 2.0 and OpenID Connect (OIDC) Authorization Server for Cloud deployments. Administrators can register up to 25 external OAuth client applications per tenant, manage their lifecycle and access permissions, and issue standards‑based tokens for secure integration with MCP (Model Context Protocol) server within the Control Room. Configure OAuth clients | Set up user and automation access for the MCP server |
| Offline licensing
support for Control
Rooms Introduced offline licensing support for Control Rooms in regulated environments without internet connectivity to the Cloud license server. Administrators can now generate an offline license file request (LFR) from the Control Room, use it to generate an offline license file on CALM, and then install the generated offline license file back on the Control Room. |
| Control Room repository file
access in API Tasks You can now select the files uploaded in the Control Room repository as the data source in API Tasks. The Control Room file option in the actions for the file-based operations allows you to select a file available in the Control Room repository as the data source for the session. |
| Automation Co-Pilot Desktop Assistant support for macOS Starting from this release, Automation Co-Pilot Desktop Assistant is automatically added when the Bot Agent is installed on a macOS device. The assistant includes a native macOS-style application icon (macOS Icon.png). You can use one of the following methods to
launch the Automation Co-Pilot Desktop Assistant application on a macOS device:
|
What's changed
| Agentic App
Store: Rebranding of Bot
Store The Bot Store
has been rebranded as the Agentic App Store (formerly
Bot Store). The bot store home page navigation
has been updated with the new name and now points to the new
URL. This change is reflected consistently across the platform,
including the Repository, roles and permissions, folders,
tooltips, downloads, and related UI workflows, ensuring a
unified and updated experience. Note: As
this rebranding is being rolled out in phases, you might
still see some references labeled as Bot
Store in certain areas of the
platform. |
| Enhanced audit log
for bot creation platform type Audit logs now capture the platform type when a Task Bot is created. This platform type appears as Create bot event type in the audit log, helping users clearly identify the platform on which the bot was created. For other entity types (such as processes, forms, and API Tasks), the platform type is shown as N/A for consistency. |
| Improved
visibility into deployment failures (Service Cloud Case ID:
02219499) The Historical page now displays deployments that failed due to pre‑check issues, such as preprocessing errors. This enhancement allows you to easily review the automation details and view specific preprocessing error messages, and identify potential causes of deployment failures quickly and accurately. |
| Enhanced email
notifications for user account changes Automation 360 email notifications now provide detailed information for user activation, deactivation, deletion, and profile updates. Each alert now clearly shows the impacted username, the Automation 360 Control Room URL, and the user who performed the change, helping administrators and end users quickly identify which account and environment were affected, and streamline incident response and audit reviews. |
| Refined Content
Security Policy (CSP) for On‑Premises deployments This update strengthens the Content Security Policy (CSP) for Automation 360 On‑Premises deployments. Unsafe JavaScript permissions (unsafe-inline and unsafe-eval) have been removed from the global default-src directive on unauthenticated pages and are now restricted to explicit script-src and style-src directives only where required. Existing functionality, including login flows, redirects, and initial page load, remains unaffected. |
| Enhanced email notification settings for
locker credential changes now lets you choose whether to receive email notifications when credentials are added to or removed from lockers you consume, allowing you to manage your locker activAutomation 360ity alerts according to system preference. Credential Vault email notifications | Edit email notifications |
| Granular folder-level
permissions for Bots and
Processes Administrators can now assign folder-scoped permissions to manage bots and processes in Automation Co-Pilot. The new View and manage bots from My Folders and View and manage processes from My Folders permissions allow users to configure automations only within folders they can access. This enhancement improves governance, supports regional or team-based administration, and helps enforce the principle of least privilege without impacting existing global permissions. |
Fixes
| Automation run recordings were
intermittently not captured or uploaded, particularly during
long‑running executions that was caused due to authentication token
issue within the NodeManager. However, token handling mechanism has
now been corrected for timely token refreshes and proper validation
to ensure automation run recordings are reliably generated and
uploaded without interruptions. Service Cloud Case ID: 02232696, 02195345 |
| The token handling
mechanism is now enhanced to ensure that the UserToken is securely
encrypted within the Chronicle Queue, which prevents exposure of
sensitive information and strengthens overall security
posture. Service Cloud Case ID: 02210294 |
| Fixed the issue in Connector Builder where the API Tasks and Task Bots failed to execute when the request body of an action in the custom connector contained a nested JSON that included nested keys with hard-coded values. |
| Variable expressions are now parsed and
validated correctly, allowing bots to compile
successfully even when the Bot validation is
enabled. Previously, bot compilation could fail when Bot validation was enabled and a variable operation contained a complex expression combining system variables, array indexing, and string conversion. Service Cloud Case ID: 02230757 |
| The Requested
by column no longer displays an incorrect user as
the system now correctly identifies and displays the appropriate
requester as defined in the corresponding form settings, ensuring
accurate assignment and preventing incorrect routing of the
workflow. Service Cloud Case ID: 02197141, 02295353 |
| Fixed an issue where, if a form containing a Document element and 15 additional elements was added as the initial start step in a process, the form would not allow scrolling beyond the document length. As a result, the last few form elements were not visible or accessible to users. This issue has now been fixed, and all form elements are properly displayed and accessible. |
| Fixed an issue where drop-down
fields in the Form properties panel allowed
users to clear a selected value for elements such as
Button, Label, and
other elements with drop-down options. This issue occurred even when
the field was expected to retain a valid selection. Drop-down fields now correctly retain the selected value and no longer allow unintended clearing. |
| You no longer encounter issues when
creating a bot with a Message Box
action and adding an If
action with multiple nested condition
groups. Previously, moving the Message Box action under the If action in the Bot editor caused an unexpected error to appear in the properties panel. |
| You no longer encounter issues when
using
action with the Control Room file
option, it now runs without errors. Previously, when a Control Room file was passed as input to a child task, it appeared as blank within the child task. |
| The Bulk package
update feature no longer fails for automations
containing Python script and VB script commands as the fix now
addresses a missing null‑pointer check in the underlying code,
ensuring stable and reliable bulk updates across all supported
script commands. Service Cloud Case ID: 02288743 |
| The
Dependencies tab no longer displays an
error when loading a large number of dependencies (over 5,000) as
extensive dependency lists are now handled correctly, ensuring
consistent visibility of all items. This fix also aligns the
interface behavior with the existing export functionality, which
included all dependencies correctly. Service Cloud Case ID: 02161076 |
| After updating to this release, the
configured proxy is correctly used for all remote Git
communications. Previously, when proxy details were provided during
setup, the proxy was not applied to outbound connections that caused
remote Git integration to fail in environments. Service Cloud Case ID: 02199999 |
| After updating to this release, the process scheduling no longer fails with a generic server exception error. The scheduling workflow and underlying exception handling have now been corrected, ensuring that processes can be scheduled reliably and execute without errors. |
| After updating to this release, automations that use a record variable now retrieve the secure credential values correctly. Previously, the secure credential fields were incorrectly returned as the empty strings prevented automations from using the correct credential data at runtime. |
| The macOS devices now register as single user device, regardless of configuration settings. Previously, macOS device registration would honor the configuration settings even when some of the configurations (such as multi-user or RDP) were not supported in macOS, which caused deployment failures. |
| Timeout configurations are now preserved,
ensuring consistent bot behavior before and after the
update. Previously, timeout values in the Recorder actions or conditions were removed after performing a bulk package update. Service Cloud Case ID: 02276295 |
| Special characters are now safely treated
as literals during search and replace operations in Bot editor, allowing replacements to complete
successfully without errors. Previously, performing search and
replace in the Bot editor using special
characters (such as Service Cloud Case ID: 02278555 |
| The repository now automatically deletes
expired metadata using a scheduled quartz job after the metadata
expiry date. Additionally, compilation and execution are no longer
halted due to expired file references even if metadata cleanup is
pending. Previously, users encountered deployment failures when running bots from the private repository due to stale image metadata being included in the compiler response. Service Cloud Case ID: 02284118, 02287041, 02289726 |
| The repository now automatically deletes
expired metadata using a scheduled quartz job after the metadata
expiry date. Additionally, compilation and execution are no longer
halted due to expired file references even if metadata cleanup is
pending. Previously, users encountered deployment failures when running bots from the private repository due to stale image metadata being included in the compiler response. Service Cloud Case ID: 02284118, 02287041, 02289726 |
| Existing user or system level proxy
settings are no longer overwritten during Bot Agent installation or update when custom
installation is selected. Service Cloud Case ID: 02215715 |
| Starting from this release, any
Windows services that might fail to start during silent installation
of Control Room on Microsoft Windows Server will no
longer stop the installation as the Windows Service Recovery
configuration is now applied correctly to ensure that such services
are restarted (twice) automatically. Service Cloud Case ID: 02228632, 02282591 |
| The Automation Type, Activity Type, and Team/Role columns were missing from the drop-down section of the Activity->Historical page. This made it hard for users to filter and search. This issue has been fixed, and now all the needed columns show up correctly. |
| When you configure a credential with an external key vault that is not CyberArk, the CyberArk‑specific additional attribute field is no longer shown on the credential page, and your bot now uses the attribute values you configure without any errors. Previously, this CyberArk‑only field was incorrectly visible for other vaults (such as ARCON), and when you configured an attribute name and custom pattern and used them in a bot, the bot failed with an error instead of using those values. |
| When you sort the
Type column on the page, the sort operation now works as expected
without showing the error message Unable to filter the results
because of invalid input. Previously, sorting by
Type caused this error. Service Cloud Case ID: 02277718, 02282516 |
| When you assign the
Administration: View settings permission
to a custom role, users with that role can now see the configured
Active Directory URLs and the
Forward Proxy configuration. Previously,
these settings were hidden unless the user also had
Manage settings permission, so view‑only
users could not see the Active
Directory or forward proxy values. Service Cloud Case ID: 02219630 |
Limitations
|
When using Automation 360 release v.37 or release v.38, when a new user logs in for the first time in a new environment, the Home page does not load properly. Workaround: For users on Automation 360 release v.37 or release v.38, refresh the page. |
| When you create a process in the Community Edition, the API, AI Agent, Approval Tasks with Split and Merge feature should not be visible in the Process editor. However, due to a limitation, users can still see these options in the left panel of the Elements section. |
|
When multiple Control Room tenants are registered in the OAuth configuration application using the same License account name, the OAuth clients page displays OAuth configuration data from other tenants. |