Release 3.4.3

Name: "Papadum burlywood camera"
Release Date: August 25, 2021

• Download Rundeck
• Sign up for Release Notes
• Upgrade instructions

Overview

Check out the new features and enhancements for Rundeck Enterprise and Rundeck Community included in this release. This is a smaller release, with two important security fixes. Look out for new enhancements and a significant release in the coming months.

Security Fixes

• CVE-2021-39132: YAML deserialization can run untrusted code.
• CVE-2021-39133: Cross-Site Request Forgery (CSRF) can run untrusted code on Rundeck server

Enterprise Updates

• Azure Node Health Check Plugin - The Azure Node Health Check plugin will provide a "healthy" status to instances that are currently running. This pairs well with the new Azure Steps from the 3.4.2 release to only run jobs on nodes that are actually running.
• Fix dynamic properties error on startup
• Fix issue when scheduled jobs runs twice in a cluster

Core Product Updates

• Fix: unable to upload an ACL policy file with the GUI
• Add plugin security feature check to installPlugin endpoint
• Job tags not copied when duplicating job
• Fix/issue 1899 Wrong value after changing option type
• Fix issue when scheduled jobs runs twice in a cluster
• Add pluginSecurity feature to disable plugin uploads

Here is a link to the full list of public PRs

Contributors

• Imad Jafir (imad6639)
• Greg Schueler (gschueler)
• Luis Toledo (ltamaster)
• Rodrigo Navarro (ronaveva)
• Carlos Eduardo (carlosrfranco)
• Miguel Ramos (mishingo)
• Stephen Joyner (sjrd218)
• Greg Zapp (ProTip)
• Christopher McCarroll-Gilbert (chrismcg14)
• Jason Qualman (qualman)
• Alexander Abarca (alexander-variacode)
• Alberto Hormazabal Cespedes (ahormazabal)
• Forrest Evans (fdevans)