# Security Advisories
April 4th, 2022
The Rundeck / Process Automation team has released a hotfix version
4.0.1 to address the vulnerabilities in Spring Framework announced here (opens new window).
All future releases will also include this fix.
# Past Rundeck CVEs
These are the Security Advisories Rundeck has issued in the past. It is always recommended to upgrade to the current version of Rundeck (4.2.0) for the latest security updates.
Key Pair Misconfiguration may expose systems.
Authenticated users can modify Calendars without appropriate authorization.
Webhook data and tokens can be revealed to an unauthorized user.
Cross-Site Request Forgery (CSRF) can run untrusted code on Rundeck server.
YAML deserialization can run untrusted code.
IDOR can reveal execution data and logs to unauthorized user.