5.13.0 Release Notes

Overview

Important Security Update

A security vulnerability was identified and patched in the Enterprise Runner component where certain password patterns containing regex special characters (particularly multiple '+' characters) could bypass the password masking mechanism, potentially exposing sensitive information in error logs. This issue affected Enterprise Runner versions used with Process Automation 4.14.0 through 5.12.0, but did not impact Open Source Rundeck or the Process Automation server itself. The vulnerability has been remediated in version 5.13.0, which includes fixes in both the server and runner components to prevent exposure of secrets containing regex special characters. Process Automation Self Hosted customers should upgrade both their server and all Enterprise Runners to version 5.13.0 or later for complete remediation. Process Automation SaaS servers are already updated, customers should proceed directly to upgrading all their Enterprise Runners.

Full details on this page

Job Metrics

The Job Metrics plugin provides comprehensive visualization and analysis of your Rundeck job execution patterns, success rates, and timing trends through an intuitive dashboard interface.

ROI Metrics

The ROI Summary plugin brings your automation's financial impact to life through intuitive visualizations and real-time calculations, helping teams quantify and demonstrate the value of their automation initiatives.

Webhook Audit Listener

The Webhook Audit Listener plugin enables real-time streaming of Rundeck audit events to external systems through configurable webhook endpoints. This allows teams to integrate Rundeck’s audit trail with external monitoring, logging, or security platforms.

Runbook Automation Updates

Also includes all Open Source updates from below

Additional Updates

• Add new UI for Job Metrics and ROI Metrics graphs
• Fix: Ansible Model Sources return host vars data in key=value format when "Gather Facts" is set to "no"
• Fix: Webhook events don't get deleted properly from DB
• Update vault-storage plugin version to 1.3.14 for CVE-2019-17571
• Add MongoDB Node Step to allow Runner functionality

Rundeck Open Source Product Updates

• Added new ansible-plugin release
• Fix: DELETE query type for stored events is ignored
• Update multiline-regex-datacapture-filter plugin to 1.1.2 for CVE-2019-17571
• Allow Audit Events Plugins to refresh config
• Upgrade Gradle to 7.6.2
• Upgrade asset-pipeline-grails lib version to 3.4.7
• upgrade go
• Fix/Add 72-char limit for BCRYPT passwords to address CVE-2025-22228
• Upgrade sshj plugin version for Security Fixes
• Update attribute match plugin to 0.2.1
• fix: blank string value for "Options" property type causes Exception
• Add project name to params to get plugin details
• Add autocomplete behavior to inputs and scripts
• NextUI: Add job activity list menu action
• Upgrade selenium version to 4.31.0

Here is a link to the full list of public PRs

Ansible Plugin Updates

• Fix: Ansible Model Sources return host vars data in key=value format when "Gather Facts" is set to "no"

Links

• Download the Releases: Open Source | Self-Hosted
• Sign up for Release Notes
• Upgrade instructions
• Catch us on LinkedIn for the Live Stream Release Videos

Version Info

Name: "Kirkjufell red headphones"

Release Date: June 25th, 2025

Community Contributors

Submit your own Pull Requests to get recognition here!

• Rui Melo Amaro (rmeloamaro)

Staff Contributors

• Greg Schueler (gschueler)
• Alexander Abarca (alexander-variacode)
• Alexander Grachtchouk (mrdubr)
• Carlos Eduardo (carlosrfranco)
• Eduardo Baltra (edbaltra)
• Forrest Evans (fdevans)
• Jake Cohen (jsboak)
• Jaya Singh (jayas006)
• Julianna Green (juliannagreen1)
• Jason Brooks (jbrookspd)
• Jesus Osuna (Jesus-Osuna-M)
• José Vásquez (hiawvp)
• Luis Toledo (ltamaster)
• Rodrigo Navarro (ronaveva)
• Sarah Martinelli Benedetti (smartinellibenedetti)