InRule 5.7.3 Now Available

  • Updated

InRule® 5.7.3 has been released. 

For flagship customers, this version introduces a change to default settings for non-SaaS customers who call the InRule Decision Platform via REST API. More information is below and linked in documentation and our Knowledge Base.

Highlights of our 5.7.3 update include:

  • Continued enhancement to security features, including:
    • HTTP header security
    • Configurable timeout on web catalog manager sessions
    • Server-side request forgery (SSRF) safeguards
    • Expired certificates
    • InRule for JavaScript key obfuscation
  • irVerify® and irAuthor® user interface improvements
  • Header and body overrides for REST operations
  • Ability to hide defs for extensions created in irAuthor
  • Enabling our on-premises customers to utilize your own Okta account

SSRF Safeguards: Change to Default Operation

For customers who use InRule via a REST API call, changes may be coming to the default method by which you call the InRule Rule Execution Service. 

Currently, the default way to call the InRule Decision Platform using a REST API call is to pass the execution username and password as plain text in the body of the call, most commonly done with an 'execution user' and 'execution password'.  

A new setting has been added to the Rule Execution Service config file, called 


This specifies if catalog credentials will be accepted on Rule Execution Service REST requests. 

  • If set to TRUE, REST requests will work the same as they do prior to upgrading to 5.7.3  
  • If set to FALSE, the REST request will look for credentials in the config file instead

Once upgraded, the default operation for all customers other than SaaS will be that this operates as though allowPerRequestCatalogCredentials is set to FALSE. This is different than how it operates today, and changes may be required to your REST API call, your configuration setting, or both, in order to ensure uninterrupted operation. 

Read more about this update in our documentation or our Knowledge Base article on using Postman with irAuthor.

Dynamics 365 and Salesforce Customers

Features released for both platforms include: 

  • A new Test button has been added to the irX ribbon in irAuthor for each integration. This Test tab delivers parity with the traditional Test button used to launch irVerify. Clicking on the Test button will now allow you to quickly select the most recently used entity or decision contexts.
  • A clear cache button has been added to the Rule Configuration page in both integrations. 

Be sure to check out more information in our respective deployment guides and release notes.

InRule for Dynamics 365 

Please review the new, updated information about our SaaS offering and the various paths to get the components you will need for deployment (for example, we have an ARM template that makes installation a breeze). Check out our the deployment guide to learn more. Other updates include: 

  • We have removed support for legacy S2S connection configuration. 
  • Bug fixes: Fixed money field duplicate presence error, 400 bad request when root entity contains a large text field, and more bug fixes.

Please see release notes and deployment guide for a complete list of what is included in this release.

InRule for Salesforce

Details on everything included in this release is available in release notes and our deployment guide. Some highlights include: 

  • Allowing for 1:N querying in rule helper query filter expression
  • Provide an on-prem rule execution service installer MSI
  • Expose DecisionClient over REST
  • Provide 64-bit deployment options for App Service deployment

SaaS Customer Maintenance

Current SaaS customers will get this update as part of our planned maintenance in May, 2022. 

Was this article helpful?

0 out of 0 found this helpful



Please sign in to leave a comment.