Release 3.3.8

Name: "onion ring sandybrown leaf"

• Download Rundeck
• Sign up for Release Notes

Overview

Secure Authentication Tokens

In an effort to enhance the security of Rundeck Authentication tokens are now stored securely and will only be displayed upon creation. Here are the highlights of this new functionality:

• New tokens created will be stored hashed, and only will be displayed once when created, either by UI or API. After creation it won't be possible to obtain tokens.
• Existing tokens will be kept as is until deleted.
• Webhook tokens will preserve the previous behavior and wont be hashed.
• For the API, all token api endpoints now require V19 or higher, as V18 and earlier behavior require to obtain the token value which is no longer possible. The only exception is the "Create Token" api endpoint which preserves its behavior.

Jenkins Update

The Rundeck/Jenkins integration received an update that addressed some open issues. We've also added some Option Value and Notification plugins to the Enterprise product to supplement the updated Jenkins code:

• Post Deployment Notification Plugin
• Artifacts Option Value Plugin
• Build Option Value Plugin

Issues

Enterprise Updates

• SSO sync can now use user info that is provided in non-OIDC standard attributes
• Enable OAuth2 client authentication method configuration (Ping SSO)
• Changes to allow use of the namespaces for HashiCorp Vault in rundeck-config.properties
• [FIXED] PyWinRM fails when using options or arguments with simple quotes
• Property loader wasn't decrypting property value

Core Product Updates

• Migrate auth call from frameworkService to new ACL classes in repository controller
• Update pywinrm plugin to add a function to remove/replace simple quotes when execute CMD command
• Update Ace editor to fix handling of yaml multiline string
• Allow syncing user info in pre-authenticated mode
• Package and Publish UI Trellis
• Fix NPE while cleaning up pending triggers
• Add user email to the context that is used to resolve parameters for options
• Fixing Enterprise download link that was point to Open Source version (update available notification)
• Fix execution log viewer not updating settings on running job
• Add ability to redirect login page to a different uri
• Fix an issue with notification plugin and dynamic properties
• Update Gradle to 5.6.4
• Fix/job life cycle node list
• Secure authentication tokens
• Updating node set on subworkflow state when the node filter is modified during the job execution
• NPE In JobSchedulerService

Plus many additional updates to package verisons across Enterprise and Open Source products.

Contributors

• Alberto Hormazabal (ahormazabal)
• Greg Schueler (gschueler)
• Imad Jafir (imad6639)
• Jaime Tobar (jtobard)
• Nicole Valenzuela (nvalenzuela20)
• Greg Zapp (ProTip)
• Rodrigo Navarro (ronaveva)
• Stephen Joyner (sjrd218)
• Carlos Franco (carlosrfranco)
• Luis Toledo (ltamaster)
• Forrest Evans (fdevans)

Bug Reporters

• ProTip
• ahormazabal
• carlosrfranco
• gschueler
• imad6639
• ltamaster
• nvalenzuela20
• ronaveva
• sjrd218

Remember!!

For MySQL users: Starting with Rundeck 3.3.4 the MySQL JDBC driver is no longer be
bundled with the distributions. See the Upgrade Guide
for instructions to ensure your Rundeck installation can still connect to MySQL after upgrading.