diff --git a/.github/workflows/claude-issue-labeler.yml b/.github/workflows/claude-issue-labeler.yml index f2c2a3f4e1..4895659b6a 100644 --- a/.github/workflows/claude-issue-labeler.yml +++ b/.github/workflows/claude-issue-labeler.yml @@ -115,9 +115,9 @@ jobs: exit 0 fi - # Skip codeowner notification for KB PR review tracking issues - if echo "$LABELS" | grep -q "kb/review"; then - echo "Issue has kb/review label — skipping codeowner notification" + # Skip codeowner notification for KB Operations tracking issues (any kb/ label) + if echo "$LABELS" | grep -q "^kb/"; then + echo "Issue has kb/ label — skipping codeowner notification" exit 0 fi diff --git a/docs/auditor/10.8/configuration/azurefiles/overview.md b/docs/auditor/10.8/configuration/azurefiles/overview.md index 42c3adfd12..eaab999a2e 100644 --- a/docs/auditor/10.8/configuration/azurefiles/overview.md +++ b/docs/auditor/10.8/configuration/azurefiles/overview.md @@ -12,7 +12,7 @@ It supports two types of monitored items for Azure Files: - **Azure Subscription**: monitoring [actions](https://docs.netwrix.com/docs/auditor/10_8/configuration/azurefiles/monitoredobjects) on all shares of all **storage accounts** of the specified **Azure Files subscription** -> **Note:** For all **"data storage accounts"** used in the preceding list, you must configure [Diagnostic settings](https://docs.netwrix.com/docs/auditor/10_8/configuration/azurefiles/overview#diagnostic-settings) +> **Note:** For all **"data storage accounts"**, you must configure [Diagnostic settings](https://docs.netwrix.com/docs/auditor/10_8/configuration/azurefiles/overview#diagnostic-settings) to save audit events on **"log storage accounts"**. Ensure you have the necessary access ([API permissions](https://docs.netwrix.com/docs/auditor/10_8/configuration/azurefiles/overview#configure-api-permissions), [IAM Roles](https://docs.netwrix.com/docs/auditor/10_8/configuration/azurefiles/overview#assign-identity-and-access-management-iam-roles-to-the-app)) for [application](https://docs.netwrix.com/docs/auditor/10_8/configuration/azurefiles/overview#azure-application-registration) to read these events and access storage accounts metadata. > **Note:** Azure activity logs may take 3 to 20 minutes to become available for analysis after an event occurs. This is an [Azure platform limitation](https://learn.microsoft.com/en-us/azure/azure-monitor/logs/data-ingestion-time#azure-metrics-resource-logs-activity-log) that applies to all services consuming Azure activity logs. As a result, some file share activities may appear in Netwrix Auditor reports with a delay. When generating reports shortly after activity occurs, extend the report time range by at least 20 minutes to capture events still in transit. @@ -28,7 +28,7 @@ to save audit events on **"log storage accounts"**. Ensure you have the necessar - One for audit logs — Create a storage account [Create a storage account (Microsoft Learn)](https://learn.microsoft.com/en-us/azure/storage/common/storage-account-create?utm_source=chatgpt.com&tabs=azure-portal) -- [Azure Files identity-based access](https://learn.microsoft.com/en-us/azure/storage/files/storage-files-active-directory-overview) is configured for data storage account in Azure Files +- [Azure Files identity-based access](https://learn.microsoft.com/en-us/azure/storage/files/storage-files-active-directory-overview) configured for the data storage account in Azure Files Supported options: - Active Directory Domain Services (AD DS) @@ -48,7 +48,7 @@ to save audit events on **"log storage accounts"**. Ensure you have the necessar ## Azure Application Registration -You should register an application so Netwrix Auditor can authenticate to Azure and read audit logs +Register an application so Netwrix Auditor can authenticate to Azure and read audit logs. ### Step 1: Create the App Registration @@ -97,10 +97,13 @@ Netwrix Auditor uses the **App ID** + **Client Secret** for authentication ### Step 1: Add Permissions +The Purpose column references Microsoft Graph API endpoints that Netwrix Auditor calls to perform each resolution task. + | Permission | Purpose | |------------|---------| | `User.Read` | Basic user information. Sign in and read user profile. *(default)* | -| `User.Read.All` | Read all users' profiles. Required to resolve SIDs into usernames in reports | +| `User.Read.All` | Read all users' full profiles. Required to resolve user security identifiers (SIDs) into display names and User Principal Names (UPNs), and to map access control entries (ACEs) from group membership via the Microsoft Graph endpoint `/users/{id}/transitiveMemberOf` | +| `Group.Read.All` | Resolve groups and search by SID from discretionary access control lists (DACLs). Required to expand group membership via the Microsoft Graph endpoint `/groups/{id}/transitiveMembers` and filter groups by `securityIdentifier` | 1. In your app in EntraID, go to **Manage > API permissions > + Add a permission**. @@ -108,9 +111,11 @@ Netwrix Auditor uses the **App ID** + **Client Secret** for authentication 3. Add: - **User.Read (default)** - **User.Read.All** + - **Group.Read.All** - *User.Read* – "Sign in and read user profile." *(default)* - *User.Read.All* – "Read all users' full profiles" +- *Group.Read.All* – "Read all groups" ### Step 2: Grant Admin Consent @@ -119,9 +124,10 @@ Click **Grant admin consent for TenantName** **Why this is required:** - By default, applications can't query Microsoft Graph for directory-wide information -- Admin consent allows the app to use **User.Read.All** -- This lets Netwrix Auditor query Azure AD and resolve **user SIDs → user accounts → display names** -- Without admin consent, audit logs will only show unresolved SIDs instead of usernames, making reports incomplete and less useful +- Admin consent allows the app to use **User.Read.All** and **Group.Read.All** +- **User.Read.All** lets Netwrix Auditor query Microsoft Entra ID and resolve **user SIDs → user accounts → display names** +- **Group.Read.All** lets Netwrix Auditor resolve groups from DACLs and expand group membership so reports show which users inherit access through group ACEs +- Without admin consent, audit logs will only show unresolved SIDs and object IDs instead of usernames and group names, making reports incomplete and less useful **At the end of this step, your app has granted Microsoft Graph API permissions** @@ -153,7 +159,7 @@ You should assign Azure IAM roles so that Netwrix Auditor can: - "View everything, but not make any changes" 5. Click **Next** 6. Under **Members**, click **+ Select members** -7. In the search window, find and select the **App you registered earlier** +7. In the search window, select the **App you registered earlier** 8. Click **Select → Review + assign** @@ -238,7 +244,7 @@ Azure Files now archives audit logs into your **Log Storage Account** ## Checklist - [Azure Application registered](#azure-application-registration) with App ID + Secret -- [API permissions](#configure-api-permissions) (User.Read, User.Read.All) granted +- [API permissions](#configure-api-permissions) (User.Read, User.Read.All, Group.Read.All) granted - [IAM roles assigned](#assign-identity-and-access-management-iam-roles-to-the-app) (Reader, Storage File Data Privileged Reader, Storage Blob Data Reader) - [Diagnostic Settings configured](#diagnostic-settings) to log to a Log Storage Account diff --git a/docs/changetracker/8.2/integration/netwrixproducts/activitymonitor.md b/docs/changetracker/8.2/integration/netwrixproducts/activitymonitor.md index 43e7696b29..3640eb1a33 100644 --- a/docs/changetracker/8.2/integration/netwrixproducts/activitymonitor.md +++ b/docs/changetracker/8.2/integration/netwrixproducts/activitymonitor.md @@ -7,17 +7,18 @@ sidebar_position: 20 # Netwrix Activity Monitor Integration Netwrix Change Tracker can use the **Netwrix Activity Monitor** (via its `SBTService` Windows -service) as an alternative data source for file change attribution on Windows. When this -integration is enabled, the Gen 7 Agent reads user and process information from log files written -by Activity Monitor instead of relying on the built-in kernel mini-filter driver (`NNTInfo.sys`). +service, which appears as **Netwrix Windows File Monitoring Service** in `services.msc`) as an +alternative data source for file change attribution on Windows. When you enable this integration, +the Gen 7 Agent reads user and process information from log files that Activity Monitor produces +instead of relying on the built-in kernel mini-filter driver (`NNTInfo.sys`). -This is useful in environments where the kernel driver cannot be loaded, for example systems +This is useful in environments where the kernel driver can't load, for example systems with strict kernel security policies (Secure Boot / HVCI), certain hypervisor configurations, or -where Activity Monitor is already deployed and you want a single audit trail for file activity. +where you already deploy Activity Monitor and want a single audit trail for file activity. :::note This feature applies to **Windows only** and to **file integrity monitoring (FIM) with live -tracking**. Linux devices are unaffected. +tracking**. This feature doesn't affect Linux devices. ::: ## Prerequisites @@ -31,28 +32,28 @@ tracking**. Linux devices are unaffected. ## How it works -When the integration is enabled: +When you enable the integration: 1. The Gen 7 Agent automatically generates a configuration file (`SBTFileMon.ChangeTracker.ini`) in the Activity Monitor configuration directory whenever it receives a FIM policy from the Hub. This file instructs Activity Monitor which paths to monitor and in what format to log events. 2. Activity Monitor's `SBTService` writes file change events, including the user account and - process name responsible, to a daily JSON log file on the local disk. Files are named - `{hostname}_CT_Log_{YYYYMMDD}.json`. + process name responsible, to a daily JSON log file on the local disk. The service names these + files `{hostname}_CT_Log_{YYYYMMDD}.json`. 3. The Gen 7 Agent continuously reads these log files and caches attribution data keyed by file path. -4. When a file change is detected by the agent's file system watcher, the cached attribution data - is attached to the event before it is sent to the Hub. +4. When the agent's file system watcher detects a file change, it attaches the cached attribution + data to the event before sending it to the Hub. -The agent and the kernel driver are mutually exclusive as attribution sources. If both are -configured, Activity Monitor takes precedence and the kernel driver is not loaded. +The agent and the kernel driver are mutually exclusive as attribution sources. If you configure +both, Activity Monitor takes precedence and the agent doesn't load the kernel driver. ## Configuration -Activity Monitor integration is configured in the Gen 7 Agent's `app.config` file, located at: +Configure Activity Monitor integration in the Gen 7 Agent's configuration file, located at: ``` -%PROGRAMDATA%\NNT\gen7agent.service\app.config +C:\Program Files\NNT Change Tracker Suite\Gen7Agent (NetCore)\Gen7Agent.App.NetCore.dll.config ``` Add or update the following keys in the `` section: @@ -60,34 +61,35 @@ Add or update the following keys in the `` section: | Key | Value | Description | |---|---|---| | `useActivityMonitorChangeSource` | `true` | Enables Activity Monitor as the attribution source. Set to `false` (or omit) to use the default kernel driver. | -| `activityMonitorChangeSourceDirectory` | Path to log directory | The folder where Activity Monitor writes its `_CT_Log_` JSON files. Must match the `LOG_FILE` directory in the generated INI (see below). | -| `changeSourceFileFormat` | `json` (default) or `tsv` | Log file format written by Activity Monitor. Leave as `json` unless Activity Monitor is explicitly configured for TSV output. | +| `activityMonitorChangeSourceDirectory` | Path to log directory | The folder where Activity Monitor writes its log files. The default is `C:\ProgramData\Netwrix\Activity Monitor\Agent\ActivityLogs`. Must match the `LOG_FILE` directory in the [auto-generated INI file](#auto-generated-ini-file). | +| `changeSourceFileFormat` | `json` (default) or `tsv` | Log file format that Activity Monitor writes. Leave as `json` unless you explicitly configure Activity Monitor for TSV output. | +| `loaddriver` | `true` (default) or `false` | Controls whether the agent loads the kernel mini-filter driver (`NNTInfo.sys`) for file change attribution. Mutually exclusive with `useActivityMonitorChangeSource`. When both are `true`, Activity Monitor takes precedence and the agent doesn't load the driver. | Example `` entries: ```xml - + ``` -:::warning -Do not set both `useActivityMonitorChangeSource=true` and `loaddriver=true`. These are mutually -exclusive. If both are present, Activity Monitor will be used and the kernel driver will be -disabled automatically, but it is best practice to explicitly set `loaddriver=false` to avoid -ambiguity. +:::note +The `useActivityMonitorChangeSource` and `loaddriver` settings are mutually exclusive as +attribution sources. If you set both to `true`, the agent automatically uses Activity Monitor +and disables the kernel driver. You don't need to explicitly set `loaddriver=false`, but you +can do so to make the configuration clearer. ::: -**Step 1 –** Open `app.config` in a text editor with administrator privileges and add the keys -above with the appropriate values for your environment. +**Step 1 –** Open `Gen7Agent.App.NetCore.dll.config` in a text editor with administrator +privileges and add the preceding keys with the appropriate values for your environment. **Step 2 –** Restart the Gen 7 Agent service for the changes to take effect: ```powershell -Restart-Service gen7agent.service +Restart-Service Gen7AgentCore ``` -**Step 3 –** Confirm that a FIM live-tracking policy is applied to the device from the Hub. The +**Step 3 –** Confirm that the device has a FIM live-tracking policy assigned from the Hub. The agent generates the Activity Monitor INI file the next time it receives a device configuration update. To trigger this immediately, navigate to **Settings > Agents and Devices**, select the device, and click **Refresh Configuration**. @@ -102,39 +104,42 @@ file. The agent discovers the correct directory by reading the registry key: HKLM\SYSTEM\CurrentControlSet\Services\SBTLogging\Parameters\ConfigPath ``` -The INI file instructs Activity Monitor to log file events to the directory specified by -`activityMonitorChangeSourceDirectory`, using the path filters derived from the FIM policy -configured in the Hub. You do not need to edit this file manually, as it is regenerated each +The INI file instructs Activity Monitor to log file events to the directory that +`activityMonitorChangeSourceDirectory` specifies, using the path filters that the Hub's FIM policy +defines. You don't need to manually edit this file, as the agent regenerates it each time the FIM policy changes. -If the FIM policy is removed from a device, the agent disables the corresponding section in -the INI file automatically. +If you remove the FIM policy from a device, the agent automatically disables the corresponding +section in the INI file. :::note The `SBTFileMon.ChangeTracker.ini` file is separate from Activity Monitor's main -`SBTFileMon.ini`. Other monitoring sections in the main INI are not affected. +`SBTFileMon.ini`. The agent doesn't modify other monitoring sections in `SBTFileMon.ini`. ::: ## Troubleshooting **No user attribution in events** -- Confirm `SBTService` is running: `Get-Service SBTService`. +- Confirm `SBTService` is running: `Get-Service SBTService`. This service appears as + **Netwrix Windows File Monitoring Service** in `services.msc`. - Verify the `activityMonitorChangeSourceDirectory` path exists and contains files matching the pattern `*_CT_Log_{YYYYMMDD}.json`. - Check the agent's `rolling-log.txt` for warnings from `ActivityMonitorChangeSource`. Look - for messages indicating the directory or log file cannot be found. + for messages indicating the directory or log file can't be found. **INI file not generated** - Check that the registry key `HKLM\SYSTEM\CurrentControlSet\Services\SBTLogging\Parameters\ConfigPath` exists and - contains a valid path. This key is created by the Activity Monitor installer; if it is + contains a valid path. The Activity Monitor installer creates this key; if it is missing, Activity Monitor may not be installed correctly. -- Confirm the FIM policy is assigned to the device in the Hub and that live tracking is - enabled in the policy template. +- Confirm that the Hub assigns the FIM policy to the device and that the policy template + enables live tracking. **Both driver and Activity Monitor appear active** -- Review `app.config` and ensure `loaddriver` is set to `false` or removed. The agent logs a - warning to `rolling-log.txt` if both settings are enabled simultaneously. +- If you set both `loaddriver` and `useActivityMonitorChangeSource` to `true` in the + `` section of `Gen7Agent.App.NetCore.dll.config` (see [Configuration](#configuration)), + the agent automatically uses Activity Monitor and disables the kernel driver. You can + optionally set `loaddriver` to `false` to make the configuration explicit. diff --git a/docs/kb/auditor/configuration-and-setup/file-server-auditing/managing-access-reviews-integration-limits-for-file-servers.md b/docs/kb/auditor/configuration-and-setup/file-server-auditing/managing-access-reviews-integration-limits-for-file-servers.md new file mode 100644 index 0000000000..57731d7be3 --- /dev/null +++ b/docs/kb/auditor/configuration-and-setup/file-server-auditing/managing-access-reviews-integration-limits-for-file-servers.md @@ -0,0 +1,101 @@ +--- +description: >- + Describes the current limits and system requirements for the Access Reviews + integration with Windows File Servers in Netwrix Auditor, including maximum + permission count and memory consumption. +keywords: + - Access Reviews + - file servers + - integration limits + - AIC + - permissions + - memory requirements + - Netwrix Auditor + - SQL Server + - AIC Resource Estimation Tool + - NwxFileStorageAicManager.acinc + - packet size + - file server auditing +products: + - auditor +sidebar_label: Managing Access Reviews Integration Limits for File Servers +tags: + - kb +title: "Managing Access Reviews Integration Limits for File Servers" +--- + +# Managing Access Reviews Integration Limits for File Servers + +## Overview + +This article describes the current limits and system requirements for the Access Reviews integration when collecting permission data from Windows File Servers in Netwrix Auditor. + +The Access Reviews integration collects permission data from monitored file servers and uploads it to the Access Reviews (AIC) database. The volume of permission data directly affects memory consumption on both the Auditor host and the SQL Server instance. + +Review the [Considerations & Limitations](pathname:///docs/auditor/10_8/accessreviews#considerations--limitations) section for general integration constraints. + +## Instructions + +### Permission Upload Limit + +The default limit for permissions uploaded to the Access Reviews database in a single data collection is **200,000**. To increase this limit, contact [Netwrix Support](https://www.netwrix.com/support.html). The current maximum that can be configured is **800,000** permissions. + +If the number of permissions exceeds this limit, the upload fails with a connection error due to SQL Server packet size restrictions. + +> **NOTE:** SQL Server imposes the 800,000 permission limit as a hard constraint. Attempting to upload more than 820,000 permissions results in a `maximum packet count exceeded` error that cannot be resolved through SQL Server configuration changes. + +### System Requirements by Permission Count + +The following table shows approximate **memory consumption** observed during data collection for different permission counts. Testing used Auditor 10.8 with a dedicated SQL Server instance. + +| Permissions | Auditor host (RAM) | SQL instance (RAM) | +|---|---|---| +| 200,000 | 3.2 GB | 6.5 GB | +| 400,000 | 4.1 GB | 12 GB | +| 500,000 | 5 GB | 15.5 GB | +| 600,000 | 5.6 GB | 19 GB | +| 800,000 | 6.5 GB | 24 GB | + +> **NOTE:** If the SQL Server host does not have enough available RAM for the permission count being processed, the upload fails with an `insufficient system memory in resource pool` error. + +### Count Permissions Before Enabling Integration + +1. Verify that the total number of permissions per data source does not exceed the 800,000 limit. +2. Download and copy the AIC Resource Estimation Tool to the machine where Auditor is installed. + + Download the [AIC Resource Estimation Tool](https://releases.netwrix.com/products/auditor/10.8/auditor-aic-estimation-tool-tool-1.0.1.zip), a Netwrix permission-counting utility. + + The executing account must have: + - Local administrator rights. + - Read access to the Auditor reporting databases. To authenticate with a specific SQL account, use `--sqluser`. + +3. Run the tool: + + ``` + AicResourceEstimationTool.exe + AicResourceEstimationTool.exe --countall + AicResourceEstimationTool.exe --html + ``` + + | Parameter | Description | + |---|---| + | `--countall` | Count permissions for all File Server Auditing (FSA) plans, including plans without Access Reviews enabled | + | `--html` | Save results as an HTML report and open it in the default browser | + | `--csv` | Save results as a CSV file | + | `--depth N` | Override the AIC depth level for every plan (0 = shares only, 1 = shares + one subfolder level) | + | `--sqluser USERNAME` | Authenticate to SQL Server with a specific account (SQL or Windows) | + | `--help` | Display help and exit | + + > **NOTE:** The tool reads the Auditor configuration automatically and discovers all FSA monitoring plans. By default, it only counts permissions for plans with **Send Data for Access Reviews** enabled. Use the `--countall` parameter to include all FSA plans. + +### Recommendations + +1. **Verify permission counts before enabling the integration.** + - If a file server has more than 800,000 unique permissions across all monitored shares, consider splitting the data source into multiple monitoring plans. +2. **Allocate sufficient SQL Server memory.** + - For environments with 400,000+ permissions, ensure the SQL Server host has at least 16 GB of RAM dedicated to the SQL instance. + - For 600,000+ permissions, allocate at least 24 GB. +3. **Monitor the Auditor host.** + - Auditor services hold allocated memory until the upload completes. Ensure the Auditor host has enough available RAM to accommodate the peak usage listed in the [System Requirements by Permission Count](#system-requirements-by-permission-count) table. +4. **Check the Health Log for errors.** + - The Netwrix Auditor Health Log records upload failures. These failures do not affect the status of monitored items or data sources in the Auditor console. diff --git a/docs/platgovsalesforce/tools/system_permission_tracking.md b/docs/platgovsalesforce/tools/system_permission_tracking.md index 802f10ba4e..88dd27c2d5 100644 --- a/docs/platgovsalesforce/tools/system_permission_tracking.md +++ b/docs/platgovsalesforce/tools/system_permission_tracking.md @@ -10,6 +10,10 @@ sidebar_position: 112 System Permission Tracking monitors and detects changes in System Permissions across Permission Sets and Profiles in your Salesforce environment. Each scan compares the selected permissions against previous snapshots and generates a Change Log for any detected differences. When a permission changes—either because a Permission Set/Profile is modified or because a user gains or loses an assignment—the system records the impact at the user level, creating an individual Change Log entry for every affected user. +### Tracked permissions scope + +System Permission Tracking only monitors permissions listed under the **System** section of the Salesforce **System Permissions** page (**Setup** > **Users** > **Profiles** > select a profile > **System Permissions**). System Permission Tracking excludes all permissions listed under the **Users** section from change detection and the generated Change Log. + ## Accessing System Permission Tracking Navigate to: **Tools** > **Access** > **System Permission Tracking** @@ -45,17 +49,17 @@ You can enable Email Notifications to receive reports showing System Permission #### Email Frequency & Timing -Choose whether the report should be sent daily, weekly, or monthly, and configure the corresponding delivery time or date. +Choose whether to send the report daily, weekly, or monthly, and configure the corresponding delivery time or date. #### Recipients -Add users to receive notification emails. Recipients must have the required Permission Set to access the internal components used by this feature. After saving, the recipients are automatically subscribed to the System Permission Change Log report. +Add users to receive notification emails. Recipients must have the required Permission Set to access the internal components used by this feature. After you save, the system automatically subscribes the recipients to the System Permission Change Log report. ![Weekly Report Example](/images/platgovsalesforce/sys_perm_tracking/Report_Weekly.webp) ### In-App Notifications -If In-App Notifications are enabled, each scan creates a record in the Downloaded Files component on the Netwrix Dashboard. This provides links to reports showing all detected System Permission changes. An Export Attachment record is also created, but users typically don't need to access it directly. +If In-App Notifications are enabled, each scan creates a record in the Downloaded Files component on the Netwrix Dashboard. This provides links to reports showing all detected System Permission changes. The system also creates an Export Attachment record, but users typically don't need to access it directly. **Example of a System Permission Change in Downloaded Files:** @@ -134,9 +138,10 @@ Export change logs for further analysis or compliance reporting: ## Limitations +- Tracking is limited to the **System** section of the Salesforce **System Permissions** page; permissions in the **Users** section are excluded (see [Tracked permissions scope](#tracked-permissions-scope)) - Tracking too many permissions can increase scan times - Some Salesforce permissions may behave differently depending on org configuration -- Historical data is limited to the period since tracking was enabled +- Historical data covers only the period since you enabled tracking - Change detection requires at least two scans to establish a baseline ## Troubleshooting @@ -158,9 +163,9 @@ Export change logs for further analysis or compliance reporting: **Solutions**: - Ensure Email Notifications are enabled -- Verify at least one valid recipient is added +- Verify you have added at least one valid recipient - Check that recipients have the required Permission Set ('Netwrix Grant Permissions') -- Ensure a valid schedule is configured +- Ensure you have configured a valid schedule - Verify email addresses are correct in Salesforce - Check spam/junk folders for notification emails @@ -191,11 +196,11 @@ Export change logs for further analysis or compliance reporting: **Issue**: Change logs contain entries that don't match expected changes **Solutions**: -- Verify the baseline scan was completed successfully +- Verify the baseline scan completed successfully - Check for bulk permission changes or user assignments - Review the time range of the changes - Ensure no other administrators made concurrent changes -- Validate that the tracked permissions are correctly configured +- Validate that you have correctly configured the tracked permissions ## Related Topics diff --git a/package-lock.json b/package-lock.json index 12be23ef3b..ff6200cbca 100644 --- a/package-lock.json +++ b/package-lock.json @@ -317,12 +317,12 @@ } }, "node_modules/@babel/code-frame": { - "version": "7.27.1", - "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.27.1.tgz", - "integrity": "sha512-cjQ7ZlQ0Mv3b47hABuTevyTuYN4i+loJKGeV9flcCgIK37cCXRh+L1bd3iBHlynerhQ7BhCkn2BPbQUL+rGqFg==", + "version": "7.29.7", + "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.29.7.tgz", + "integrity": "sha512-Aup7aUOfpbAUg2ROOJN6Iw5f9DMBlzu0mIkm/malLQFN/YQgO48wCj0Kxa3sEHJvPVFg7siR+qRInwXd2qhQKw==", "license": "MIT", "dependencies": { - "@babel/helper-validator-identifier": "^7.27.1", + "@babel/helper-validator-identifier": "^7.29.7", "js-tokens": "^4.0.0", "picocolors": "^1.1.1" }, @@ -370,13 +370,13 @@ } }, "node_modules/@babel/generator": { - "version": "7.28.0", - "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.28.0.tgz", - "integrity": "sha512-lJjzvrbEeWrhB4P3QBsH7tey117PjLZnDbLiQEKjQ/fNJTjuq4HSqgFA+UNSwZT8D7dxxbnuSBMsa1lrWzKlQg==", + "version": "7.29.7", + "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.29.7.tgz", + "integrity": "sha512-DkXD5OJQaAQIdZ1bt3UZdEnHAn9Imd3IVBdX03UFe+ony9Ojw5pzr9YVKGDY1jt+Gcn/FnGkNf8r+Vj5NOJWtQ==", "license": "MIT", "dependencies": { - "@babel/parser": "^7.28.0", - "@babel/types": "^7.28.0", + "@babel/parser": "^7.29.7", + "@babel/types": "^7.29.7", "@jridgewell/gen-mapping": "^0.3.12", "@jridgewell/trace-mapping": "^0.3.28", "jsesc": "^3.0.2" @@ -468,9 +468,9 @@ } }, "node_modules/@babel/helper-globals": { - "version": "7.28.0", - "resolved": "https://registry.npmjs.org/@babel/helper-globals/-/helper-globals-7.28.0.tgz", - "integrity": "sha512-+W6cISkXFa1jXsDEdYA8HeevQT/FULhxzR99pxphltZcVaugps53THCeiWA8SguxxpSp3gKPiuYfSWopkLQ4hw==", + "version": "7.29.7", + "resolved": "https://registry.npmjs.org/@babel/helper-globals/-/helper-globals-7.29.7.tgz", + "integrity": "sha512-3nQVUAtvkKH9zahfWgw96Jc/uFOmjACE1kQz82E2lqWmHBgjzbNlsC22nuQTfahmWeQtTq5nQ/4Nnd2A1wj4zA==", "license": "MIT", "engines": { "node": ">=6.9.0" @@ -490,27 +490,27 @@ } }, "node_modules/@babel/helper-module-imports": { - "version": "7.27.1", - "resolved": "https://registry.npmjs.org/@babel/helper-module-imports/-/helper-module-imports-7.27.1.tgz", - "integrity": "sha512-0gSFWUPNXNopqtIPQvlD5WgXYI5GY2kP2cCvoT8kczjbfcfuIljTbcWrulD1CIPIX2gt1wghbDy08yE1p+/r3w==", + "version": "7.29.7", + "resolved": "https://registry.npmjs.org/@babel/helper-module-imports/-/helper-module-imports-7.29.7.tgz", + "integrity": "sha512-ejHwrQQYcm9xnTivShn2IDOlIzInN34AXskvq9QicvCtEzq1Vzclu/tKF8Jq1Cg8JG2GL6/EmjgsCT7lXepE3g==", "license": "MIT", "dependencies": { - "@babel/traverse": "^7.27.1", - "@babel/types": "^7.27.1" + "@babel/traverse": "^7.29.7", + "@babel/types": "^7.29.7" }, "engines": { "node": ">=6.9.0" } }, "node_modules/@babel/helper-module-transforms": { - "version": "7.27.3", - "resolved": "https://registry.npmjs.org/@babel/helper-module-transforms/-/helper-module-transforms-7.27.3.tgz", - "integrity": "sha512-dSOvYwvyLsWBeIRyOeHXp5vPj5l1I011r52FM1+r1jCERv+aFXYk4whgQccYEGYxK2H3ZAIA8nuPkQ0HaUo3qg==", + "version": "7.29.7", + "resolved": "https://registry.npmjs.org/@babel/helper-module-transforms/-/helper-module-transforms-7.29.7.tgz", + "integrity": "sha512-UPUVSyXbOh627KiCIGQSgwWzGeBKLkaJ9PJEdrngIwMSzxLR4jS4+f1f1jb7VzBbg8nFLaYotvVPFCTqdrmTAg==", "license": "MIT", "dependencies": { - "@babel/helper-module-imports": "^7.27.1", - "@babel/helper-validator-identifier": "^7.27.1", - "@babel/traverse": "^7.27.3" + "@babel/helper-module-imports": "^7.29.7", + "@babel/helper-validator-identifier": "^7.29.7", + "@babel/traverse": "^7.29.7" }, "engines": { "node": ">=6.9.0" @@ -532,9 +532,9 @@ } }, "node_modules/@babel/helper-plugin-utils": { - "version": "7.27.1", - "resolved": "https://registry.npmjs.org/@babel/helper-plugin-utils/-/helper-plugin-utils-7.27.1.tgz", - "integrity": "sha512-1gn1Up5YXka3YYAHGKpbideQ5Yjf1tDa9qYcgysz+cNCXukyLl6DjPXhD3VRwSb8c0J9tA4b2+rHEZtc6R0tlw==", + "version": "7.29.7", + "resolved": "https://registry.npmjs.org/@babel/helper-plugin-utils/-/helper-plugin-utils-7.29.7.tgz", + "integrity": "sha512-G7sHYigPY17oO5SYWnfD/0MTBwVR781S/JI643e/JhUYgVgWE/61SoW3NH9KWUKyKq5LVh3npif99Wkt6j86Jw==", "license": "MIT", "engines": { "node": ">=6.9.0" @@ -588,18 +588,18 @@ } }, "node_modules/@babel/helper-string-parser": { - "version": "7.27.1", - "resolved": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.27.1.tgz", - "integrity": "sha512-qMlSxKbpRlAridDExk92nSobyDdpPijUq2DW6oDnUqd0iOGxmQjyqhMIihI9+zv4LPyZdRje2cavWPbCbWm3eA==", + "version": "7.29.7", + "resolved": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.29.7.tgz", + "integrity": "sha512-Pb5ijPrZ89GDH8223L4UP8i6QApWxs04RbPQJTeWDV0/keR2E36MeKnyr6LYmUUvqRRI+Iv87SuF1W6ErINzYw==", "license": "MIT", "engines": { "node": ">=6.9.0" } }, "node_modules/@babel/helper-validator-identifier": { - "version": "7.27.1", - "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.27.1.tgz", - "integrity": "sha512-D2hP9eA+Sqx1kBZgzxZh0y1trbuU+JoDkiEwqhQ36nodYqJwyEIhPSdMNd7lOm/4io72luTPWH20Yda0xOuUow==", + "version": "7.29.7", + "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.29.7.tgz", + "integrity": "sha512-qehxGkRj55h/ff8EMaJ+cYhyaKlHIxqYDn682wQD7RNp9UujOQsHog2uS0r2vzr4pW+sXf90NeeayjcNaX3fFg==", "license": "MIT", "engines": { "node": ">=6.9.0" @@ -728,12 +728,12 @@ } }, "node_modules/@babel/parser": { - "version": "7.28.0", - "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.28.0.tgz", - "integrity": "sha512-jVZGvOxOuNSsuQuLRTh13nU0AogFlw32w/MT+LV6D3sP5WdbW61E77RnkbaO2dUvmPAYrBDJXGn5gGS6tH4j8g==", + "version": "7.29.7", + "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.29.7.tgz", + "integrity": "sha512-hnORnjP/1P/zFEndoeX+n+t1RwWRJiJpM/jO7FW32Kn9r5+sJB2JWOdYo4L6k78j15eCwY3Gm/7364B1EMwtNg==", "license": "MIT", "dependencies": { - "@babel/types": "^7.28.0" + "@babel/types": "^7.29.7" }, "bin": { "parser": "bin/babel-parser.js" @@ -1318,15 +1318,15 @@ } }, "node_modules/@babel/plugin-transform-modules-systemjs": { - "version": "7.27.1", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-modules-systemjs/-/plugin-transform-modules-systemjs-7.27.1.tgz", - "integrity": "sha512-w5N1XzsRbc0PQStASMksmUeqECuzKuTJer7kFagK8AXgpCMkeDMO5S+aaFb7A51ZYDF7XI34qsTX+fkHiIm5yA==", + "version": "7.29.7", + "resolved": "https://registry.npmjs.org/@babel/plugin-transform-modules-systemjs/-/plugin-transform-modules-systemjs-7.29.7.tgz", + "integrity": "sha512-TM2ZcQLoG2/y4HODiStCo10DibYhWhGWAwVv+EQKmG/7GFl0N+AAmUiXOMKM+aiJ9XBJ9AHVZBvTzMnJ2sM3cQ==", "license": "MIT", "dependencies": { - "@babel/helper-module-transforms": "^7.27.1", - "@babel/helper-plugin-utils": "^7.27.1", - "@babel/helper-validator-identifier": "^7.27.1", - "@babel/traverse": "^7.27.1" + "@babel/helper-module-transforms": "^7.29.7", + "@babel/helper-plugin-utils": "^7.29.7", + "@babel/helper-validator-identifier": "^7.29.7", + "@babel/traverse": "^7.29.7" }, "engines": { "node": ">=6.9.0" @@ -1992,31 +1992,31 @@ } }, "node_modules/@babel/template": { - "version": "7.27.2", - "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.27.2.tgz", - "integrity": "sha512-LPDZ85aEJyYSd18/DkjNh4/y1ntkE5KwUHWTiqgRxruuZL2F1yuHligVHLvcHY2vMHXttKFpJn6LwfI7cw7ODw==", + "version": "7.29.7", + "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.29.7.tgz", + "integrity": "sha512-puq+Gf35oI24FeN11LkoUQFqv9uwNeWpxXZi/Ji3rRIoKAzKnxRaZ+Gkj0vKS9ZCiTESfng1N9LyOyXvo+m+Gg==", "license": "MIT", "dependencies": { - "@babel/code-frame": "^7.27.1", - "@babel/parser": "^7.27.2", - "@babel/types": "^7.27.1" + "@babel/code-frame": "^7.29.7", + "@babel/parser": "^7.29.7", + "@babel/types": "^7.29.7" }, "engines": { "node": ">=6.9.0" } }, "node_modules/@babel/traverse": { - "version": "7.28.0", - "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.28.0.tgz", - "integrity": "sha512-mGe7UK5wWyh0bKRfupsUchrQGqvDbZDbKJw+kcRGSmdHVYrv+ltd0pnpDTVpiTqnaBru9iEvA8pz8W46v0Amwg==", + "version": "7.29.7", + "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.29.7.tgz", + "integrity": "sha512-EhlfNQtZ+NK22w5BM61ciuiq1m58ed33Wr1Xan//ZRTy6hgjnwyCffRYwzsGXdASJSUJ1guZILsErh1eQcl+zw==", "license": "MIT", "dependencies": { - "@babel/code-frame": "^7.27.1", - "@babel/generator": "^7.28.0", - "@babel/helper-globals": "^7.28.0", - "@babel/parser": "^7.28.0", - "@babel/template": "^7.27.2", - "@babel/types": "^7.28.0", + "@babel/code-frame": "^7.29.7", + "@babel/generator": "^7.29.7", + "@babel/helper-globals": "^7.29.7", + "@babel/parser": "^7.29.7", + "@babel/template": "^7.29.7", + "@babel/types": "^7.29.7", "debug": "^4.3.1" }, "engines": { @@ -2024,13 +2024,13 @@ } }, "node_modules/@babel/types": { - "version": "7.28.2", - "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.28.2.tgz", - "integrity": "sha512-ruv7Ae4J5dUYULmeXw1gmb7rYRz57OWCPM57pHojnLq/3Z1CK2lNSLTCVjxVk1F/TZHwOZZrOWi0ur95BbLxNQ==", + "version": "7.29.7", + "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.29.7.tgz", + "integrity": "sha512-4zBIxpPzowiZpusoFkyGVwakdRJUyuH5PxQ/PrqghfdFWWasvnCdPfQXHrenDai+gyLARulZjZowCOj6fjT4pA==", "license": "MIT", "dependencies": { - "@babel/helper-string-parser": "^7.27.1", - "@babel/helper-validator-identifier": "^7.27.1" + "@babel/helper-string-parser": "^7.29.7", + "@babel/helper-validator-identifier": "^7.29.7" }, "engines": { "node": ">=6.9.0" @@ -11855,9 +11855,9 @@ "license": "MIT" }, "node_modules/fast-uri": { - "version": "3.0.6", - "resolved": "https://registry.npmjs.org/fast-uri/-/fast-uri-3.0.6.tgz", - "integrity": "sha512-Atfo14OibSv5wAp4VWNsFYE1AchQRTv9cBGWET4pZWHzYshFSS9NQI6I57rdKn9croWVMbYFbLhJ+yJvmZIIHw==", + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/fast-uri/-/fast-uri-3.1.2.tgz", + "integrity": "sha512-rVjf7ArG3LTk+FS6Yw81V1DLuZl1bRbNrev6Tmd/9RaroeeRRJhAt7jg/6YFxbvAQXUCavSoZhPPj6oOx+5KjQ==", "funding": [ { "type": "github", @@ -17062,9 +17062,9 @@ } }, "node_modules/nanoid": { - "version": "3.3.11", - "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.11.tgz", - "integrity": "sha512-N8SpfPUnUp1bK+PMYW8qSWdl9U+wwNWI4QKxOYDy9JAro3WMX7p2OeVRF9v+347pnakNevPmiHhNmZ2HbFA76w==", + "version": "3.3.12", + "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.12.tgz", + "integrity": "sha512-ZB9RH/39qpq5Vu6Y+NmUaFhQR6pp+M2Xt76XBnEwDaGcVAqhlvxrl3B2bKS5D3NH3QR76v3aSrKaF/Kiy7lEtQ==", "funding": [ { "type": "github", @@ -18162,9 +18162,9 @@ } }, "node_modules/postcss": { - "version": "8.5.9", - "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.5.9.tgz", - "integrity": "sha512-7a70Nsot+EMX9fFU3064K/kdHWZqGVY+BADLyXc8Dfv+mTLLVl6JzJpPaCZ2kQL9gIJvKXSLMHhqdRRjwQeFtw==", + "version": "8.5.15", + "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.5.15.tgz", + "integrity": "sha512-FfR8sjd4em2T6fb3I2MwAJU7HWVMr9zba+enmQeeWFfCbm+UOC/0X4DS8XtpUTMwWMGbjKYP7xjfNekzyGmB3A==", "funding": [ { "type": "opencollective", @@ -18181,7 +18181,7 @@ ], "license": "MIT", "dependencies": { - "nanoid": "^3.3.11", + "nanoid": "^3.3.12", "picocolors": "^1.1.1", "source-map-js": "^1.2.1" }, diff --git a/src/components/ProductMetaTags/index.js b/src/components/ProductMetaTags/index.js index 3a459a7346..f85b7a2f7e 100644 --- a/src/components/ProductMetaTags/index.js +++ b/src/components/ProductMetaTags/index.js @@ -1,7 +1,7 @@ import React from 'react'; import Head from '@docusaurus/Head'; import { useLocation } from '@docusaurus/router'; -import { createProductMap } from '@site/src/config/products.js'; +import { createProductMap, PRODUCTS } from '@site/src/config/products.js'; const productMap = createProductMap(); @@ -34,16 +34,26 @@ export default function ProductMetaTags() { let versionFromUrl = pathParts[productIndex + 1]; // Check if it looks like a version (e.g., "13_5", "2_0", "v2", "saas", etc.) // Regex now accepts underscores in version numbers - if (/^(v?\d+(_\d+)*|saas)$/i.test(versionFromUrl)) { + if (/^(v?\d+(_\d+)*|saas|current)$/i.test(versionFromUrl)) { versionFromUrl = versionFromUrl.replace(/^v/i, ''); // Remove 'v' prefix if present if (versionFromUrl.toLowerCase() === 'saas') { productVersion = 'saas'; + } else if (versionFromUrl.toLowerCase() === 'current') { + productVersion = 'current'; } else { // Convert underscores back to periods for the meta tag content productVersion = versionFromUrl.replace(/_/g, '.'); } } } + + // Fallback for single-version "current" products with no version segment in the URL + if (!productVersion) { + const product = PRODUCTS.find(p => productName === p.name); + if (product && product.versions.length === 1 && product.versions[0].version === 'current') { + productVersion = 'current'; + } + } } // Only render meta tags if we have a product name diff --git a/src/theme/SearchBar/index.js b/src/theme/SearchBar/index.js index 39c8b547d6..9401478ec4 100644 --- a/src/theme/SearchBar/index.js +++ b/src/theme/SearchBar/index.js @@ -307,7 +307,7 @@ function getVersionsForProducts(selectedProducts) { selectedProducts.forEach(productName => { const product = PRODUCTS.find(p => p.name === productName); if (product && product.versions) { - product.versions.forEach(v => versionsSet.add(v.label)); + product.versions.forEach(v => versionsSet.add(v.version)); } }); return Array.from(versionsSet).sort(); diff --git a/src/theme/SearchPage/index.js b/src/theme/SearchPage/index.js index c60863c86b..47f7e59a33 100644 --- a/src/theme/SearchPage/index.js +++ b/src/theme/SearchPage/index.js @@ -41,7 +41,7 @@ function getVersionsForProducts(selectedProducts) { const source = isAll ? PRODUCTS : selectedProducts.map(name => PRODUCTS.find(p => p.name === name)).filter(Boolean); source.forEach(product => { if (product.versions) { - product.versions.forEach(v => versionsSet.add(v.label)); + product.versions.forEach(v => versionsSet.add(v.version)); } }); return Array.from(versionsSet).sort();