4.17.3 Release Notes

Name: "Basilisk violet glass" Release Date: November 13, 2023

• Download the Releases
• Sign up for Release Notes
• Upgrade instructions

Overview

This release addresses two CVE announcements for Rundeck/Process Automation:

• CVE-2023-48222
  Authenticated users can view or delete jobs for which they do not have authorization.
• CVE-2023-47112
  Authenticated users can view job names and groups for which they do not have read authorization.

Also includes other fixes for PagerDuty Process Automation (formerly Rundeck Enterprise), PagerDuty Runbook Automation and Rundeck Community included in this release.

Process Automation Updates

• Fix: Error with authentication using assume-role if using EC2/ECS credential provider
• Fix: ERROR 500 When creating ACL on Rundeck 4.16 + Postgres/Oracle

Also includes all Open Source updates from below

Rundeck Open Source Product Updates

• Fix: CVE-2023-47112 and CVE-2023-48222 | Job information endpoints not properly authorized
• Fix runtimeException Error on Script Resource Model

Here is a link to the full list of public PRs

Enterprise Runner Updates

Bundled Runner Version: 0.1.53

Community Contributors

Submit your own Pull Requests to get recognition here!

• (rmeloamaro)
• Jai Govindani (jai)
• Bruno Dias (brmdias)

Staff Contributors

• Greg Schueler (gschueler)
• Alberto Hormazabal Cespedes (ahormazabal)
• Alexander Abarca (alexander-variacode)
• Antony Velasquez Ruiz (avelasquezr)
• Carlos Eduardo (carlosrfranco)
• Christopher McCarroll-Gilbert (chrismcg14)
• Darwis Narvaez (DarwisNarvaezDev)
• Forrest Evans (fdevans)
• Imad Jafir (imad6639)
• Jake Cohen (jsboak)
• Jason Brooks (jbrookspd)
• Jesus Osuna (Jesus-Osuna-M)
• Leonel Juarez (L2JE)
• Luis Toledo (ltamaster)
• Osman Albarran (Oalbarran94)
• Rodrigo Navarro (ronaveva)
• Sarah Martinelli Benedetti (smartinellibenedetti)
• Stephen Joyner (sjrd218)