4.8.0 Release Notes

Name: "Phoenix green knight" Release Date: November 10, 2022

• Download the Releases
• Sign up for Release Notes
• Upgrade instructions
• Watch the Live Stream Release Recap

A YouTube video

Overview

Check out the new features and enhancements for PagerDuty Process Automation, PagerDuty Runbook Automation, and Rundeck Community included in this release. This release includes a new plugin that shows queries status pages from cloud providers and SaaS tools to help users quickly understand if a performance degradation is due to a third party and a number of security and compliance updates and bug fixes.

View our Twitch stream review of this release live on Wednesday, November 15 at 10AM Pacific. Here’s the event link.

Note

If you are using password authentication with the Rundeck API, the JSESSIONID cookie will change after the first request after authentication. You will have to update your client code to follow redirects for subsequent requests. For example, when using curl you would have to use -b and -c options to update the session cookie in your next request after authentication. Alternately, you could add the -L option to the initial login POST, which will follow the redirect after login and update the session cookie.

Highlights

RSS Feed Plugin - Our new RSS Feed Plugin helps users quickly understand whether an incident is due to an internal issue or a third-party. The RSS Feed Plugin allows users to query and parse RSS feeds for events from SaaS tools and public cloud providers. For users deploying the Automated-Diagnostics Solution, this plugin provides a logical first step for implementation.

Job Resume now works with Parallel/Ruleset strategies - It's now possible to execute previously failed step(s) with the same inputs on Parallel and Ruleset execution strategies. When enabled on a Job, the plugin will record the internal Workflow State as the Execution progresses. When one or more steps fail, the Workflow State prior to executing the failed step(s) is recorded and stored and can be restarted if needed. Check out all the details here.

Patched CVE-2022-42889 - A recent security announcement was released for Apache’s common-text library. Rundeck and Process Automation products were not using the library in a vulnerable way, but we still went ahead and made updates to the patched versions to reduce false positives for customers that might be scanning for vulnerabilities.

Process/Runbook Automation Updates

• The ServiceNow Application is now certified for the Tokyo Release.
• HTTP Job Step now allows printing of status/response codes to log output.
• Fix: ECS/ELB output now clearly shows zero values
• Update base Ubuntu packages on docker build
• Fix: ROI Metrics Output inconsistent with multiple jobs running
• Fix: Result data plugin may not work with simultaneous jobs
• Fix: Execution history cleaner not working if member UUID changes
• Fix: app start fails when disabling calendars and project schedules
• Implement RSS Feeds Plugin
• Update Job Resume to work with Parallel/Ruleset strategies
• Enh: Upgrade Azure Node Source to allow getting resources from selected resource groups
• FIX: AWS EC2 Node Source Plugin now works with Service Accounts

Rundeck Open Source Product Updates

• Fix: CVE-2022-3515:Update for Docker Base Ubuntu Image (libksba8 to 1.3.5-2ubuntu0.20.04.1)
• Include new version of py-winrm plugin 2.1.0 in buld
• Fix: CVE-2022-42004, CVE-2022-42003 update Rundeck (jackson-databind upgraded to 2.13.4.2)
• Fix: Jobs tags are now included when exporting yaml file with rd-cli
• Fix: Proper Inline Icon rendering within Dropdowns
• Fix: CVE-2022-42889 for Rundeck (remove commons-text dependency)
• Fix: Activity Tab no progress percentage displayed in a Progress-bar
• Allow form data to be sent to Webhooks
• Fix: Improve rendering in Job select-all option
• Fix: Custom Replacement in Key-Value Log Filter Plugin
• Fix: Log error when SCM tries to reconnect
• Fix: Long node names overlapping each other in matched nodes list
• Fix: Execution history cleaner not working if member UUID changes
• Fix: Text overflow on the webhook handler plugin list
• Fix: MOTD (Message of the day) not displayed (Rundeck OSS)
• Fix: allowing user to see logs after the job is deleted
• Add note about new example plugins repo
• Fix: Include auto-complete for job context variables in notifications
• Sec: Change session id after login to avoid fixation attacks

Here is a link to the full list of public PRs

Staff Contributors

• Greg Schueler (gschueler)
• Alberto Hormazabal Cespedes (ahormazabal)
• Alexander Abarca (alexander-variacode)
• Antony Velasquez Ruiz (avelasquezr)
• Carlos Eduardo (carlosrfranco)
• Christopher McCarroll-Gilbert (chrismcg14)
• Darwis Narvaez (DarwisNarvaezDev)
• Eric He (ehe-pd)
• Forrest Evans (fdevans)
• Imad Jafir (imad6639)
• Jake Cohen (jsboak)
• Jason Brooks (jbrookspd)
• Jason Qualman (qualman)
• Jesus Osuna (Jesus-Osuna-M)
• Leonel Juarez (L2JE)
• Luis Toledo (ltamaster)
• Miguel Ramos (mishingo)
• Osman Albarran (Oalbarran94)
• Rodrigo Navarro (ronaveva)
• Stephen Joyner (sjrd218)