4.0.1 Release Notes
4.0.1 Release Notes
Name: "Kraken brown apple"
Release Date: April 4, 2022
Rundeck 4.0.1 Release Notes
This hotfix version includes updates related to vulnerabilities in Spring Framework announced here.
This fix brings the version of Grails up to 5.1.6
and Spring Framework up to 5.3.18
to address CVE-2022-22965
The specific Pull Requests can be reviewed using this link.
Caution
Warning: This release contains a bug that will cause issues in environments using a Load Balancer in front of Rundeck and running on https. If your environment leverages a load balancer (NGINX, ELB, etc) and the server.useForwardHeaders=true
is set there may be a situation where this version reverts to using http
instead of https
.
Rundeck 4.1.0 fixes this bug. That version also includes the Spring4Shell fixes covered in 4.0.1.
Staff Contributors
- Greg Schueler (gschueler)
- Stephen Joyner (sjrd218)
- Imad Jafir (imad6639)
- Luis Toledo (ltamaster)
- Rodrigo Navarro (ronaveva)
- Carlos Eduardo (carlosrfranco)
- Miguel Ramos (mishingo)
- Christopher McCarroll-Gilbert (chrismcg14)
- Jason Qualman (qualman)
- Alexander Abarca (alexander-variacode)
- Alberto Hormazabal Cespedes (ahormazabal)
- Leonel Juarez (L2JE)
- Eric He (ehe-pd)
- Amir Jafarvand (ajafarvand)
- Devlin Cashman (devlincashman)
- Jeremy Olexa (jolexa)
- Osmar Perez (perezo-pd)
- Forrest Evans (fdevans)
- Jake Cohen (jsboak)