4.8.0 Release Notes

Name: "Phoenix green knight" Release Date: November 10, 2022

• Download the Releases (opens new window)
• Sign up for Release Notes (opens new window)
• Watch the Live Stream Release Recap (opens new window)
• Upgrade instructions

Overview

Check out the new features and enhancements for PagerDuty Process Automation, PagerDuty Runbook Automation, and Rundeck Community included in this release. This release includes a new plugin that shows queries status pages from cloud providers and SaaS tools to help users quickly understand if a performance degradation is due to a third party and a number of security and compliance updates and bug fixes.

View our Twitch stream review of this release live on Wednesday, November 15 at 10AM Pacific. Here’s the event link (opens new window).

WARNING

If you are using password authentication with the Rundeck API, the JSESSIONID cookie will change after the first request after authentication. You will have to update your client code to follow redirects for subsequent requests. For example, when using curl you would have to use -b and -c options to update the session cookie in your next request after authentication. Alternately, you could add the -L option to the initial login POST, which will follow the redirect after login and update the session cookie.

Highlights

RSS Feed Plugin - Our new RSS Feed Plugin helps users quickly understand whether an incident is due to an internal issue or a third-party. The RSS Feed Plugin allows users to query and parse RSS feeds for events from SaaS tools and public cloud providers. For users deploying the Automated-Diagnostics Solution, this plugin provides a logical first step for implementation.

Job Resume now works with Parallel/Ruleset strategies - It's now possible to execute previously failed step(s) with the same inputs on Parallel and Ruleset execution strategies. When enabled on a Job, the plugin will record the internal Workflow State as the Execution progresses. When one or more steps fail, the Workflow State prior to executing the failed step(s) is recorded and stored and can be restarted if needed. Check out all the details here.

Patched CVE-2022-42889 - A recent security announcement was released for Apache’s common-text library. Rundeck and Process Automation products were not using the library in a vulnerable way, but we still went ahead and made updates to the patched versions to reduce false positives for customers that might be scanning for vulnerabilities.

Process/Runbook Automation Updates

• The ServiceNow Application is now certified for the Tokyo Release.
• HTTP Job Step now allows printing of status/response codes to log output.
• Fix: ECS/ELB output now clearly shows zero values
• Update base Ubuntu packages on docker build
• Fix: ROI Metrics Output inconsistent with multiple jobs running
• Fix: Result data plugin may not work with simultaneous jobs
• Fix: Execution history cleaner not working if member UUID changes
• Fix: app start fails when disabling calendars and project schedules
• Implement RSS Feeds Plugin
• Update Job Resume to work with Parallel/Ruleset strategies
• Enh: Upgrade Azure Node Source to allow getting resources from selected resource groups
• FIX: AWS EC2 Node Source Plugin now works with Service Accounts

Rundeck Open Source Product Updates

• Fix: CVE-2022-3515:Update for Docker Base Ubuntu Image (libksba8 to 1.3.5-2ubuntu0.20.04.1) (opens new window)
• Include new version of py-winrm plugin 2.1.0 in buld (opens new window)
• Fix: CVE-2022-42004, CVE-2022-42003 update Rundeck (jackson-databind upgraded to 2.13.4.2) (opens new window)
• Fix: Jobs tags are now included when exporting yaml file with rd-cli (opens new window)
• Fix: Proper Inline Icon rendering within Dropdowns (opens new window)
• Fix: CVE-2022-42889 for Rundeck (remove commons-text dependency) (opens new window)
• Fix: Activity Tab no progress percentage displayed in a Progress-bar (opens new window)
• Allow form data to be sent to Webhooks (opens new window)
• Fix: Improve rendering in Job select-all option (opens new window)
• Fix: Custom Replacement in Key-Value Log Filter Plugin (opens new window)
• Fix: Log error when SCM tries to reconnect (opens new window)
• Fix: Long node names overlapping each other in matched nodes list (opens new window)
• Fix: Execution history cleaner not working if member UUID changes (opens new window)
• Fix: Text overflow on the webhook handler plugin list (opens new window)
• Fix: MOTD (Message of the day) not displayed (Rundeck OSS) (opens new window)
• Fix: allowing user to see logs after the job is deleted (opens new window)
• Add note about new example plugins repo (opens new window)
• Fix: Include auto-complete for job context variables in notifications (opens new window)
• Sec: Change session id after login to avoid fixation attacks (opens new window)

Here is a link to the full list of public PRs (opens new window)

Staff Contributors

• Greg Schueler (gschueler (opens new window))
• Alberto Hormazabal Cespedes (ahormazabal (opens new window))
• Alexander Abarca (alexander-variacode (opens new window))
• Antony Velasquez Ruiz (avelasquezr (opens new window))
• Carlos Eduardo (carlosrfranco (opens new window))
• Christopher McCarroll-Gilbert (chrismcg14 (opens new window))
• Darwis Narvaez (DarwisNarvaezDev (opens new window))
• Eric He (ehe-pd (opens new window))
• Forrest Evans (fdevans (opens new window))
• Imad Jafir (imad6639 (opens new window))
• Jake Cohen (jsboak (opens new window))
• Jason Brooks (jbrookspd (opens new window))
• Jason Qualman (qualman (opens new window))
• Jesus Osuna (Jesus-Osuna-M (opens new window))
• Leonel Juarez (L2JE (opens new window))
• Luis Toledo (ltamaster (opens new window))
• Miguel Ramos (mishingo (opens new window))
• Osman Albarran (Oalbarran94 (opens new window))
• Rodrigo Navarro (ronaveva (opens new window))
• Stephen Joyner (sjrd218 (opens new window))