Release 3.3.14

Name: "Onion ring thistle pushpin"

• Download Rundeck (opens new window)
• Sign up for Release Notes (opens new window)

Overview

This release contains a few minor back ported updates from Rundeck 3.4.0 series including the two security fixes listed below:

Security Fixes

• CVE-2021-39132: YAML deserialization can run untrusted code.
• CVE-2021-39133: Cross-Site Request Forgery (CSRF) can run untrusted code on Rundeck server

Core Product Updates

• Fix to properly show SSO login button (backport #7170) (opens new window)
• Handles null value when resource does not have the attribute filtered by rule key (backport #7137) (opens new window)
• Fix: Properly detect when a job was renamed in SCM Import (backport #7030) (opens new window)

Here is a link to the full list of public PRs (opens new window)

Contributors

• Imad Jafir (imad6639)
• Greg Schueler (gschueler)
• Luis Toledo (ltamaster)
• Rodrigo Navarro (ronaveva)
• Carlos Eduardo (carlosrfranco)
• Miguel Ramos (mishingo)
• Stephen Joyner (sjrd218)
• Greg Zapp (ProTip)
• Christopher McCarroll-Gilbert (chrismcg14)
• Jason Qualman (qualman)
• Alexander Abarca (alexander-variacode)
• Alberto Hormazabal Cespedes (ahormazabal)
• Forrest Evans (fdevans)