5.14.0 Release Notes
5.14.0 Release Notes
Overview
Rundeck 5.14.0 is a maintenance release focused on security enhancements and bug fixes. This release addresses multiple CVEs including CVE-2023-3635, CVE-2025-48734, CVE-2025-48976, and CVE-2025-7783 through dependency updates across the platform.
Key improvements include enhanced character escaping for Unix, PowerShell, and CMD commands, fixes for execution reporting issues, and updates to the Ansible plugin. The release also includes authorization improvements and various plugin enhancements for Jira integration and ROI/Job Metrics functionality.
While this release doesn't introduce major new features, it significantly strengthens the security posture and stability of your Rundeck environment. We recommend upgrading to ensure your installation benefits from these important security fixes.
Runbook Automation Updates
Also includes all Open Source updates from below
Additional Updates
- Addresses CVE-2025-48734 by updating beanutils to version 1.11.0
- Jira assignee field issue
- Jira plugins - Error with Numeric Custom Field
- Minor Improvements/fixes for ROI/Job Metrics plugins
- Update MongoDB Field Descriptions
Rundeck Open Source Product Updates
- Address CVE-2023-3635 and CVE-2025-48734
- Update File Commons Version for CVE-2025-48976
- Address CVE-2023-3635 and CVE-2025-48734
- Address CVE-2025-7783 by updating axios
- Add feature flag to allow hiding ROI setup instructions
- Improve Escaping chars for unix, ps and cmd
- Avoid creating multiple execution reports if notification fails
- Addresses CVE-2025-48734 by updating beanutils to version 1.11.0
- Add missing authorization check for plugin details
- Address CVE-2023-3635 by updating retrofit to version 3.0.0
- Updated Ansible plugin release to 4.0.9
- Include Last Login on API Responses
- Fix a bug: using ?max=100 URL params on the activity page causes a 500 error
Here is a link to the full list of public PRs
Ansible Plugin Updates
- Bump rundeck-core dependency to 5.14 to address CVEs
- Error when running ansible plugin with encrypt extra vars
Links
- Download the Releases: Open Source | Self-Hosted
- Sign up for Release Notes
- Upgrade instructions
- Catch us on LinkedIn for the Live Stream Release Videos
Version Info
Name: "Logan violet paperclip"
Release Date: August 4th, 2025
Community Contributors
Submit your own Pull Requests to get recognition here!
- (cwaltherpd)
- Rui Melo Amaro (rmeloamaro)
Staff Contributors
- Greg Schueler (gschueler)
- Carlos Eduardo (carlosrfranco)
- Eduardo Baltra (edbaltra)
- Forrest Evans (fdevans)
- Jake Cohen (jsboak)
- Jaya Singh (jayas006)
- Jason Brooks (jbrookspd)
- Jesus Osuna (Jesus-Osuna-M)
- José Vásquez (hiawvp)
- Luis Toledo (ltamaster)
- Rodrigo Navarro (ronaveva)
- Sarah Martinelli Benedetti (smartinellibenedetti)