Version 3.0.13
Version 3.0.13
Release 3.0.13
===========
Date: 2019-01-23
Name: "jalapeƱo popper khaki headphones"
Notes
Security and bug fixes, and some enhancements.
Security fixes:
- potential stored XSS vulnerability (https://github.com/rundeck/rundeck/pull/4406)
Discovered by Ishaq Mohammed by at qualys.com
- add Content-Security-Policy and other security HTTP headers to responses (see more info https://github.com/rundeck/rundeck/pull/4405)
Contributors
- Alberto Hormazabal (ahormazabal)
- Greg Schueler (gschueler)
- Jaime Tobar (jtobard)
- Luis Toledo (ltamaster)
- Greg Zapp (ProTip)
- Stephen Joyner (sjrd218)
- Ishaq Mohammed
Bug Reporters
- ProTip
- ahormazabal
- gschueler
- jtobard
- ltamaster
- sebastianbello
- sjrd218
- vinillum
Issues
- new version of winrm plugin 1.0.10
- Fix Plugin list api by referencing correct plugin list information service
- Add CSP header control variables to Docker image
- Fix #4406: stored xss vulnerability
- Security: stored XSS vulnerability
- Add common web-app security headers
- Add new flag to enable UI plugins on all pages
- Remove environment variable that hijacks jvm ssl settings
- UI plugin install status fix
- Fix #4374. User and role set by AJP were not being properly set.
- Fixes #4376. Partial templates are now expanded and added to base property file.
- Update spring security plugin to last version.
- UUID validation on jobref
- email notification enhancement
- Fix #2975 multiple threads modify the map
- Fixes #115.
- User profile information can be sync'd from LDAP
- UUID validation and Autocomplete in Job Reference Workflow step
- Feature/multi repository support
- Execution Metrics API
- java.lang.ClassCastException: java.util.HashMap$Node cannot be cast to java.util.HashMap$TreeNode
- LDAP login with empty password