At Copia, protecting the OT networks our customers rely on is a core responsibility. The DeviceLink Agent runs inside some of the most sensitive parts of your industrial infrastructure, and we hold that trust seriously. That's why we're announcing an important security improvement to how the DeviceLink Agent handles Script backup jobs.

What Changed

Previously, Script backup jobs could pull any script file stored in a Copia repository and execute it directly on the host running the DeviceLink Agent — without any additional controls on the agent side. While this required write access to Copia's web application to configure, it still meant that a script stored in Copia could run with the full privileges of the agent process on a machine sitting inside your OT network.

Starting today, every script that a backup job attempts to execute must be pre-approved in an allowlist file on the host running the agent. This allowlist can only be modified by an administrator account on the agent host. If a script's path is not in the allowlist, the backup job will fail immediately and the script will not run. This moves control of what can execute on your OT servers from the Copia web application to the server itself, where your IT and OT security teams have direct authority.

Who Needs to Take Action

If you are currently running Script backup jobs, in order to ensure operational continuity, we have automatically generated a script allowlist for you based on the scripts you have already configured in Copia. You should verify that the allowlist file exists on each host running the DeviceLink Agent and that it contains the paths of your authorized scripts.

If you are setting up new Script backup jobs, you will need to create the allowlist file manually before those jobs will execute successfully.

Our documentation contains detailed instructions on how to create and use the script allowlist.

Why This Matters for OT Security

The principle of "defense in depth" is foundational to OT cybersecurity: every additional step taken towards hardening your security is cumulative. By requiring scripts to be explicitly approved on the agent host, we ensure that no change to a Copia repository, whether accidental or malicious, can cause arbitrary code to execute on a machine inside your OT network without the explicit approval of the team managing that server.

We will continue to invest in security improvements like this one to protect your OT infrastructure. If you have questions about this change or need help with your existing script backups, please reach out to our support team.