5.15.0 Release Notes

Overview

We always appreciate Community submissions. As part of this release we have 6 contributors that provided enhancements alongside our dedicated staff team.

This release focuses heavily on security improvements and product modernization, addressing multiple CVE findings including CVE-2025-55163, CVE-2024-21538, CVE-2022-38749, and several others. Key security enhancements include forced re-authentication capabilities and comprehensive dependency updates.

Beyond security, this release includes important user experience improvements such as fixes for job loading in the Next UI, enhanced node filtering behavior, and finalized French translations. We've also made significant infrastructure improvements by removing legacy GSP pages that have been converted to Vue components and updating various plugins and dependencies.

Runbook Automation Updates

Also includes all Open Source updates from below

Additional Updates

• Additional fixes to address CVE-2025-55163 findings
• Fix: Force cross-spawn patched versions to fix CVE-2024-21538
• Force Re-authentication regardless of activity status
• Fixes for CVE-2025-55163
• Finish CVE-2024-57699 mitigation
• Fix CVE-2022-38749 - Groovy 3.0.25
• Update snakeyaml to fix CVE-2022-38749
• CVE-2025-48734 Mitigation - Common Beans 1.11.0
• CVE-2024-25710 - High - Review/Resolve
• Update Quartz for CVE-2019-5427
• Upgrade WireMock to fix CVE-2024-8184
• CVE-2020-26939
• CVE-2024-47554

Rundeck Open Source Product Updates

• Fix jobs not loading in nextUI
• Back previous behavior for node filtering combining two filters by clicking on it
• Finalize French translations
• Fix for CVE-2025-4949 - jgit
• Fix: Force cross-spawn patched versions to fix CVE-2024-21538
• Fix CVE-2022-38749
• Fix: repeated exceptions after SCM is disabled
• Child processes not being killed on Windows OS nodes
• Update Quartz for CVE-2019-5427
• Update openshh-node-execution plugin version
• update commons-compress version
• Additional Fixes for CVE-2025-48976
• Update execution metrics
• Cleanup: Remove old gsp pages that were converted to Vue
• cleanup: remove 'filterPref' logic
• CVE-2024-47554
• Enh/Add logger.cleanup on Remco log4j template
• Job editor card header section in vue
• chore(deps): Bump jgit to 6.10.1.202505221210-r
• Update dependency org.seleniumhq.selenium:selenium-java to v4.34.0
• Update French Translations - From community

Here is a link to the full list of public PRs

Links

• Download the Releases: Open Source | Self-Hosted
• Sign up for Release Notes
• Upgrade instructions
• Catch us on LinkedIn for the Live Stream Release Videos

Version Info

Name: "Matterhorn fuchsia sunglasses"

Release Date: September 2nd, 2025

Community Contributors

Submit your own Pull Requests to get recognition here!

• Lucas Migliorini (luqpy)
• Christian Schulze-Wiehenbrauk (Ntr0)
• Clément Mazzella (mazzella-c)
• JP Lassnibatt (jplassnibatt)
• Bruno Dias (brmdias)
• Rui Melo Amaro (rmeloamaro)

Staff Contributors

• Greg Schueler (gschueler)
• Carlos Eduardo (carlosrfranco)
• Eduardo Baltra (edbaltra)
• Forrest Evans (fdevans)
• Jake Cohen (jsboak)
• Jaya Singh (jayas006)
• Jason Brooks (jbrookspd)
• Jesus Osuna (Jesus-Osuna-M)
• José Vásquez (hiawvp)
• Luis Toledo (ltamaster)
• Rodrigo Navarro (ronaveva)
• Sarah Martinelli Benedetti (smartinellibenedetti)