# 4.0.1 Release Notes

Name: "Kraken brown apple" Release Date: April 4th, 2022

# Rundeck 4.0.1 Release Notes

This hotfix version includes updates related to vulnerabilities in Spring Framework announced here (opens new window).

This fix brings the version of Grails up to 5.1.6 and Spring Framework up to 5.3.18 to address CVE-2022-22965 (opens new window)

The specific Pull Requests can be reviewed using this link (opens new window).

WARNING

Warning: This release contains a bug that will cause issues in environments using a Load Balancer in front of Rundeck and running on https. If your environment leverages a load balancer (NGINX, ELB, etc) and the server.useForwardHeaders=true is set there may be a situation where this version reverts to using http instead of https.

Rundeck 4.1.0 fixes this bug. That version also includes the Spring4Shell fixes covered in 4.0.1.

# Staff Contributors

  • Greg Schueler (gschueler)
  • Stephen Joyner (sjrd218)
  • Imad Jafir (imad6639)
  • Luis Toledo (ltamaster)
  • Rodrigo Navarro (ronaveva)
  • Carlos Eduardo (carlosrfranco)
  • Miguel Ramos (mishingo)
  • Christopher McCarroll-Gilbert (chrismcg14)
  • Jason Qualman (qualman)
  • Alexander Abarca (alexander-variacode)
  • Alberto Hormazabal Cespedes (ahormazabal)
  • Leonel Juarez (L2JE)
  • Eric He (ehe-pd)
  • Amir Jafarvand (ajafarvand)
  • Devlin Cashman (devlincashman)
  • Jeremy Olexa (jolexa)
  • Osmar Perez (perezo-pd)
  • Forrest Evans (fdevans)
  • Jake Cohen (jsboak)
Last Updated: 11/16/2022, 10:51:18 PM