BPA Release Notes v4.1.2 Patch

Available Languages

Updated:July 2, 2025
Document ID:1751481185085229

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Business Process Automation Release Notes

Introduction

Business Process Automation (BPA) is a cross-domain, multi-tier automation and orchestration solution that manages the lifecycle of network assets across various network architectures such as transport, data center, campus, SD-WAN, and security.

BPA provides the following features:

  • An automation solution for managing the lifecycle of Cisco and third-party devices, with use cases such as device onboarding, template management, software conformance, upgrades, and configuration compliance
  • A workflow engine for end-to-end service integration and automation of business and operational processes
  • Process templates for automating procedures, Market Variances for maintaining location data, and Form Designers for creating User Interface (UI) forms
  • An Adapter framework for building East-West integration to Operations Support Systems and Business Support Systems

BPA is integrated with Cisco and Non-Cisco controllers:

  • Cisco controllers
    • Network Services Orchestrator (NSO)
    • Cisco Catalyst Center
    • Data Center Network Manager (DCNM)
    • Cisco Catalyst SD-WAN Manager (formerly Cisco vManage)
    • Umbrella
    • Duo
    • ThousandEyes
    • Cisco Nexus Dashboard Fabric Controller (NDFC)
    • Cisco Crosswork Network Controller (CNC)
    • Cisco Secure Firewall Management Center (FMC)
  • Non-Cisco controllers
    • Direct-to-Device
    • Ansible
    • Checkpoint Manager/Smart Console

With BPA’s modular architecture, integrations can be extended to other Cisco or third-party controllers. BPA provides benefits such as reduced time to deliver new services, minimized capital and operational costs, improved availability, capacity and operational reliability through consistent and automated network configuration, and scalability.

Upgrading to BPA v4.1.2 Patch 7

To upgrade to BPA v4.1.2 Patch 7:

Due to vulnerability issues, the MongoDB image has been upgraded. Since mongo-init is a job and helm upgrade is not supported, the mongo-init pod must be deleted before the patch upgrade.

  1. Delete the mongo-init pod using the following commands.
kubectl get pod -n bpa-ns -o wide | grep mongo-init 
kubectl delete pod <mongo-init-xxxxxx> -n bpa-ns
  1. After deleting mongo-init, refer to the Patch Upgrade section of the BPA Installation Guide for more information about patch updates.

What’s New

This section highlights key features, enhancements, and modifications introduced in the Cisco BPA v4.1.2 release.

OS Upgrade

Operating System (OS) Upgrade enhancements include the following:

  • Multi-step upgrade now includes support for Bridge Software Maintenance Updates (SMUs) as a separate path in the upgrade journey
  • Users can now view rules and evaluation results, along with the command output of the pre-and post-check templates in the Upgrade Job summary and the Upgrade PDF report
  • Software upgrade support is extended for vManage controller v20.12.4

SD-WAN

Support has been added for vManage controller v20.12.4.

Supported Controllers and Versions

Controller Types Supported Versions
NSO 5.5, 5.6, 5.7, 5.8, 6.0, 6.1, 6.2, 6.3
Cisco Catalyst Center 1.3.3, 2.1.2, 2.2.2, 2.2.32.3.3, 2.3.4, 2.3.5
DCNM 11.5
vManage 20.6.3, 20.9.3, 20.9.5, 20.12.4
CNC 4.1, 5.0, 6.0
NDFC 3.0.1(i) Fabric v12.1.2e, 3.0.1(i) Fabric v12.1.3b
FMC 7.2.5
Direct-To-Device The following OS types are supported: cisco-ios, cisco-iosxr, cisco-asa, arista-eos, juniper-junos
CheckpointFortinet R77.30, R80.20 Fortigate 3700D – 5.2.4, 6.0.5
Umbrella Umbrella SIG Advantage + Multi-Org + RBI L3
DUO D299.18
ThousandEyes Not applicable

Miscellaneous

BPA v4.1.2 has been validated with the latest version of Google Chrome (v126.0.6478.183) and Mozilla Firefox (v128) browsers at the time of release.

Resolved Issues


Defect Tracking ID Description
DAA-91480 The issue of the purge process only working for Workflows and not for other applications has been resolved by updating conditions to return a proper response.
DAA-90990 The previous vulnerability issues in Mongosh have been resolved by upgrading Mongo shell from v506 to v507.
DAA-90878 Errors occurring when deleting an API Key by selecting the Delete icon has been resolved by including one key in the payload.
DAA-90018 Previously, the BPA Adapter’s query parameter was not able to save the key field name. This issue has been resolved by updating the functionality to allow the key field name in the query parameters.
DAA-89862 Previously, the loading process failed when Administrators clicked view and claim task. This issue has been resolved by fixing a bug in the UserTask payload.
DAA-89754, DAA-89613, DAA-84854 Users previously received a “session expiry” prompt while active, resulting in unexpected logouts even after clicking Continue. This issue has been resolved by fixing calculation errors in corner cases and ensuring that the token is only refreshed after the timeout period.
Note: To fix this issue in the custom micro-services, the jwt_token must be used from the sessionStorage instead of the localStorage.
DAA-89584 Previously, during the template distribution from the master vManage to other vManage instances, a duplicate GR1(Group) tag was added when a GR tag was already present in the template name. This issue has been resolved by incrementing the same GR tag to the next number instead of adding a new GR tag.
DAA-88969 In previous versions of BPA, the OS Upgrade Workflow Retry Logic failed to update the default version in vManage and mark the order as complete. This issue has been resolved by updating the default version variable when the Cross-Site Request Forgery token issue is observed.
DAA-88778 Previously, when users attempted to log in and log out of BPA, they were redirected to incorrect URLs. This issue has been fixed by passing the administration flag correctly when the source matches and ensuring handle group uniqueness.
DAA-87879 Previously, users experienced sporadic accessibility issues when using bookmarked URLs without logging in. This issue has been resolved by adding logic to refresh the login page to avoid invalid redirection.
DAA-87822 Previously, the NextGen Service Catalog Orders page lagged when orders contained more data in the milestones section. This issue has been resolved by excluding fields which are not needed in the Orders Grid page and making an API call available when a catalog item is selected.
DAA-87532 Previously, users were unable to fetch heavy log files with the kubectl command. This issue has been resolved by enabling the containerd logs.
DAA-85007 Previously, when manually cancelled incomplete jobs at the application level, a forced cancellation occurred, leaving the order state unchanged and failing to roll back or delete the associated Distributor devices. This issue has been resolved by introducing an error-handling task.
DAA-85003 Previously, BPA failed to detect an incorrect CSV format, including columns that were merged incorrectly, resulting in the activation flag being misread as false. This issue has been resolved by validating the CSV format when uploading and displaying error messages to prevent inactive job states.
DAA-84222 Previously, the crypto method in the credential handling script was deprecated. This issue has been resolved by adding the new crypto method to avoid security concerns.
DAA-83034 Previously, user profiles were not created in the BPA Portal due to an empty email address from the Terminal Access Controller Access-Control System Profile. This issue has been fixed by creating dummy email IDs if no email is available in the response. Additionally, email pattern validation has been updated in the UI and API.
DAA-82449 Previously, users set up devices without verifying that the new device was in controller mode, which could lead to incorrect configurations. This issue has been resolved by introducing an alert message.
DAA-80340 Previously BPA incurred OAuth configuration issues. These issues have been resolved by providing plugin updates, a “config.json” file reconfiguration, and coordination with Customer Account and Product Management Teams.
DAA-92291 Previously, the Secure Shell key issue in the case controller report did not generate an error message. This has been resolved by displaying the execution status as “Failed” along with the corresponding reasoning.
DAA-84221 Previously, during BPA Installation the auth-service Lightweight Directory Access Protocol implementation imported an outdated library posing a security risk. This issue has been resolved by replacing “passport-ldapauth” with “passport-custom and ldapts package”.
Note: In the in ldap auth config.json, “old entry searchBase->”searchBase”: “ou=Cisco Users,dc=cisco,dc=com” has been replaced with “new searchBase ->”searchBase”: “ou=Employees,ou=Cisco Users,dc=cisco,dc=com”.


Known Issues

There are no known issues to report as part of this release.

Revision History

Revision Publish Date Comments
1.0
02-Jul-2025
Initial Release

Was this Document Helpful?

FeedbackFeedback

Contact Cisco