[Private] Rudder 8.0.0.alpha1 (2023-07-18)

Rudder 8.0.0.beta2 (2023-09-15)

Changes

Bug fixes

Packaging

  • Fixed: Bump to openssl 1.1.1w (#23410)

Architecture - Code maintenance

  • Fixed: Clean-up acceptation inventory (#23406)

  • Fixed: Update to zio-json 0.6.2 (#23409)

  • Fixed: SQL logger is never called (#23414)

Web - UI & UX

  • Fixed: Add a way to set a message if "change audit logs" setting is enabled (#23372)

  • Fixed: Add a way to set a message if "change audit logs" setting is enabled (#23372)

Architecture - Dependencies

  • Fixed: Upgrade to scala 2.13.12 (#23417)

Web - Config management

  • Fixed: Error when updating policies on relays when no files has been shared between nodes (#17143)

Release notes

This is a bug fix release in the 8.0 series and therefore all installations of 8.0.x should be upgraded when possible. When we release a new version of Rudder it has been thoroughly tested, and we consider the release enterprise-ready for deployment.

Rudder 8.0.0.beta1 (2023-09-07)

Changes

Packaging

  • Update agent dependencies (#23360)

  • rhel7 server build should depends on python3-pip and python3 (#23083)

  • Repair rhel7 agent build (#23080)

  • Update Rust dependencies (#23359)

  • Update frontend dependencies (#23362)

  • Cleanup old files in repo (#23353)

  • Build rust binaries with cargo auditable (#23175)

  • Remove cfe-red-button.sh from sources (#23130)

Agent

  • Missing variables in mustache rendering must be an error (#23068)

  • make rudder agent run -u the default (#23328)

  • Remove RUDDER_VERIFY_CERTIFICATES usage in agent (#23329)

  • Remove support for syslog reporting completely from agent (#23317)

  • Add a trust option to rudder agent policy-server (#22629)

Documentation

  • Update hardening guide for 8.0 (#23333)

  • Add release note for hashed api tokens (#23257)

  • Prepare doc for 8.0 (#23204)

  • Document how to script the windows agent install (#23066)

  • Arch doc for policy update (#22589)

Relay server or API

  • Update embedded openssl to 3.1 in relayd (#23383)

  • Use the secrecy crates for wrapping passwords (#23159)

Web - Technique editor

  • Allow to edit yaml in editor (#23381)

  • Display compilation output in technique details (#23357)

Web - Compliance & node report

  • Remove constraint on component name pattern for matching reports (#23084)

Web - Nodes & inventories

  • When I enter the "Create a new item" popup to create a group the default field should be Name (#2677)

Web - UI & UX

  • Remove angular leftovers (#23350)

  • Allow to edit files in file manager (#23349)

  • When drag’n drop, the selected method and the targeted drop zone should be more highlighted (#23303)

  • Improve some messages in the interface (#23275)

  • Speed up fadein animation of pages (#23274)

  • Use consistent fonts in Rudder interface (#23265)

  • After deleting a node, the user should be redirected to nodes list page (#7008)

  • Remove angularjs from Rudder (#23072)

  • Rewrite the 'technique-version' app in Elm (#22991)

Web - Config management

  • Improve password hash scheme names (#23283)

  • Remove old certificate verification option (#23287)

  • Rename "global parameters" to "global properties" (#22379)

  • Remove the rudderc "linux only" option from webapp (#23118)

Security

  • TLS 1.3 everywhere (#23292)

  • Use constant time comparison for system token (#23291)

API

  • Add last generation time on regenerate button (#23284)

  • Hash API tokens (#23234)

  • Prepare API doc for 8.0 (#23205)

Architecture - Code maintenance

  • Rewrite angular app "filters.js" in Elm (#23210)

  • Rewrite angular app "passwordForm" in JavaScript (#23060)

rudderc

  • Parse expressions for linting (#23190)

  • Don’t stop at first user error but display an many as possible (#23188)

  • Allow JSON output (#23185)

  • Switch to tracing for logging (#23180)

  • Add an option to start the agent in verbose mode (#23135)

  • Document JSON schema (#23134)

  • Improve testing features (#23102)

Performance and scalability

  • Make commiting nodes to fact-repo optionnal (#23045)

Generic methods

  • Improve variable_string_from_command by using execresult_as_data (#23347)

Bug fixes

Packaging

  • Fixed: Server install fails with postgresql encoding error (#23388)

  • Fixed: Stop removing the openssl test folder (#23355)

  • Fixed: Don’t build openssl tests (#23255)

  • Fixed: Hide postrm script warnings (#23251)

  • Fixed: Rudder Server 7.3.4 doesn’t install on SLES 15 SP4 (#23186)

  • Fixed: Install failed rudder-slapd does not start (#23165)

  • Fixed: Actually allow uninstalling the agent (#23146)

  • Fixed: Agent uninstall fails on Ubuntu 22.04 (#23145)

  • Fixed: rudder-server package can’t install on rpm in 8.0 (#23144)

  • Fixed: /var/log/rudder/ldap/slapd.log has incorrect permissions (#23142)

  • Fixed: Some cfengine patch don’t apply in 8.0 anymore (#23069)

  • Fixed: Some cfengine patch don’t apply in 8.0 anymore (#23069)

  • Fixed: relayd build broken (#23247)

  • Fixed: Update spring security (#23221)

  • Fixed: Remove unused Rust dependencies (#23219)

  • Fixed: Update embedded openssl to 1.1.1v - relayd (#23217)

  • Fixed: Install cargo-auditable before building (#23191)

  • Fixed: Package install after uninstall only restores uuid (#23239)

Agent

  • Fixed: Wrong source detection on some apt systems (#23387)

  • Fixed: When we uninstall and reinstall an agent, the agent is not correctly activated (#22413)

Security

  • Fixed: Update openssl and curl (#23192)

  • Fixed: Prevent API token logging by overriding toString implementation (#23228)

  • Fixed: Use token id in URLs (#23233)

  • Fixed: CVE-2016-1000027 false positive detection (#23231)

  • Fixed: Some internal APIs in the Web application bypass ACLs (#23227)

  • Fixed: File manager API is vulnerable to malicious input (#23225)

  • Fixed: Path traversal in relayd shared-folder HEAD call (#23226)

  • Fixed: The "shared_file_to_node" method does not verify its policy server’s certificate with default configuration (#23290)

Web - Nodes & inventories

  • Fixed: Missing information in Oracle linux inventory (#23029)

  • Fixed: 502 - Proxy Error when triggering Rudder agent (#22998)

  • Fixed: Don’t accept inventories from agent without a certificate (#23324)

  • Fixed: Change description of "All Linux nodes" group (#23179)

Documentation

  • Fixed: Fix version in menu for yaml tehcniques doc (#23259)

  • Fixed: doc for external db is not very clear (#23245)

  • Fixed: Wrong OS for amazon linux 2023 server install (#23242)

  • Fixed: correct rudder server requirements in doc (#23131)

  • Fixed: Add relevent items from jetty config to the webapp conf section (#23026)

  • Fixed: Document the report mode setting (#13289)

  • Fixed: Windows agent installation : Documentation improvement (#23018)

  • Fixed: Update api doc for new response format for /settings/allowed_networks (#23267)

  • Fixed: Document when a parameter can be a regex (#10713)

Web - UI & UX

  • Fixed: Elm webapp build is broken in 8.0 (#23394)

  • Fixed: We can choose the format of the value on deletion in global parameter (#23183)

  • Fixed: Tables in Rudder UI are sorted alphabetically but should also follow a numerical sort (#23335)

  • Fixed: Change the display of the new filemanager to match the previous one (#23285)

  • Fixed: Filter display is broken when a tag is added (#23346)

  • Fixed: In the quicksearch window, the link for a result is not applied to the entire line (#23345)

  • Fixed: In Technique Editor, the quicksearch window appears behind the navigation menu. (#23343)

  • Fixed: In quicksearch window, Warning message "please refine your query" is displayed even if there is less than 10 results (#23342)

  • Fixed: Inconsitency background color in generic method section in technique editor (#23170)

  • Fixed: Node property name is reset to the previous value when editing the value on creation (#23182)

  • Fixed: Inconsistent color of save button in directives (#23196)

  • Fixed: Cannot create group property because of missing UI (#23181)

  • Fixed: Inventory variable that are Json types are listed as plain string types in the UI (#23087)

  • Fixed: Password form in User directives does not works properly (#23200)

  • Fixed: Interface color inconsistency for non compliance display (#23004)

Relay server or API

  • Fixed: Allow underscore in file_id in shared-files (#23392)

  • Fixed: Broken log for file_id in shared-files API (#23390)

rudderc

  • Fixed: rudderc parses ncf_const.s as const.s (#23377)

  • Fixed: Rudderc silently accept unknown parameter constraints (#23380)

  • Fixed: Broken technique parameter serialization (#23358)

  • Fixed: Rudderc transform some method parameter name in an incorrect manner (#23341)

  • Fixed: Move "technique parameters" section at the beginning (#23334)

  • Fixed: Improve serde deserialization error messages (#23252)

  • Fixed: Rudderc does not escape correctly the double quotes in componentKey in windows techniques (#23246)

  • Fixed: Windows technique generated function name is incoherent with the generated directives (#23240)

  • Fixed: Fix JSON output of the lib command (#23195)

  • Fixed: Warn on deprecated methods (#23194)

  • Fixed: " are not correctly escaped in technique for classes_noop in rudder 8.0 (#23178)

  • Fixed: Conditions syntax broken on Windows (#23152)

  • Fixed: Allow booleans for condition fields (#23151)

  • Fixed: Sort bundles in CFEngine output (#23150)

  • Fixed: Broken reports when condition is not defined (#23149)

  • Fixed: Add versions to rudderc binaires (#23138)

  • Fixed: Rudderc fails to render block conditions (#23136)

  • Fixed: Improve technique JSON schema (#23132)

  • Fixed: Embed current version of the lib in rudderc (#23125)

  • Fixed: Add rich form types to yaml techniques (#23039)

Architecture - Code maintenance

  • Fixed: Clean-up unsuported old format for expected report and techniques (#23369)

  • Fixed: Add rudder 8.0 inventories to unit tests (#23319)

  • Fixed: Simplify YAML encoding workaround (#23325)

  • Fixed: When custom role permission list is empty, reload lead to stack trace (#23305)

  • Fixed: Rewrite angular app tags.js in Elm (#23201)

  • Fixed: Warning for unused vars in 8.0 compilation (#23093)

Web - Technique editor

  • Fixed: Import/Export yaml with technique editor (#23352)

  • Fixed: Technique editor throws errors when using blocks with the weighted default reporting option (#23244)

  • Fixed: Error when we try to save a draft with a missing parameter name in technique editor (#23256)

  • Fixed: in the technique editor, the drop down list for condition is truncated (#23177)

  • Fixed: When changes messages are mandatory and saving a technique we have an error message about missing info but technique is saved (#23000)

Web - Config management

  • Fixed: First regenerate methods then migrate to yaml (#23361)

  • Fixed: Regenerate yaml technique and filter generated files in rule archives (#23155)

  • Fixed: Message “Error getting directive compliance” when creating new directive (#22830)

  • Fixed: Temporary workaround for tag creation in rudder 8.0 alpha (#23148)

Architecture - Dependencies

  • Fixed: Update scala dependencies before beta (#23364)

Web - Maintenance

  • Fixed: Plugin cannot add custom roles or it will be overwritten by boot custom roles (#23098)

Plugin manager cli

  • Fixed: rudder package doesn’t upgrade openscap, and it brings a lot of chaos (#23224)

Miscellaneous

  • Fixed: Update Rust compiler to 1.71.1 for security fix (#23216)

  • Fixed: Version 2.0.3 of ZIO cause OutOfMemory error and high CPU load (#23147)

  • Fixed: Generation not queued when one already started (#23074)

System integration

  • Fixed: Windows agent cannot get immediatly its policies right after being accepted (#23218)

Generic methods

  • Fixed: N/A report message when a block expression is not valid is not rendered correctly (#23212)

  • Fixed: When generic method change a password it doesn’t update the date of last change (#23339)

  • Fixed: "Variable string from command" creates empty files in /var/rudder/modified-files (#22584)

CI

  • Fixed: Update compatibility test to JVM 20 (#23129)

Web - Compliance & node report

  • Fixed: Bad report maching when reportid are present (#22388)

  • Fixed: Multiline string in component name or value breaks pattern comparison for expected report (#23090)

Techniques

  • Fixed: When the user technique change a password it doesn’t update the date of last change (#23338)

  • Fixed: Deprecate some built-in techniques in 8.0 (#23044)

System techniques

  • Fixed: Broken report in 8.0 (#23143)

Server components

  • Fixed: Broken "server create-user" command when auth file has different formating (#23203)

Release notes

Special thanks go out to the following individuals who invested time, patience, testing, patches or bug reports to make this version of Rudder better:

  • Florian Heigl

  • Jonathan CLARKE

  • Marc Evans

This is a bug fix release in the 8.0 series and therefore all installations of 8.0.x should be upgraded when possible. When we release a new version of Rudder it has been thoroughly tested, and we consider the release enterprise-ready for deployment.

Changes

This version is only available for extended support subscription

Packaging

  • Remove agent dependency on syslog (#22900)

  • Upgrade agent dependencies for 8.0 (#22840)

  • Use openldap 2.6.4 in rudder 8 (#22793)

  • Upgrade fusion inventory to 2.6 (#22791)

  • Remove transitional packages in Rudder 8.0 (#22748)

  • remove python2 support on rudder 8 (#22746)

  • Require postgresql 13 on rudder 8 (#22745)

  • Update cfengine to 3.21 (#22742)

Web - UI & UX

  • Switch quicksearch to elm (#23050)

  • Remove old IE 5 & 6 JS compatibility code (#23057)

  • Remove heartbeat configuration from the settings (#22659)

  • Removing deprecated AngularJs applications (#23036)

  • Beautify no permission page when user have no rights (#22626)

  • Rewrite angular app "ComplianceMode" in Elm (#22969)

  • Rewrite angular app "Node properties" in Elm (#22741)

  • Modify the hierarchy of elm applications to make their code shareable between them (#22647)

  • Rewrite the angular app "Policy mode" in Elm (#22427)

  • Rewrite the angular app "Policy mode" in Elm (#22427)

Architecture - Code maintenance

  • Rewrite angular app "textForm" in JavaScript (#23041)

  • Remove QueryTrait (#22678)

API

  • Remove "no access" permission in token authorization (#23014)

Web - Technique editor

  • Use rudderc in webapp to generate internal techniques (#22815)

rudderc

  • Generator for Windows policies (#22849)

  • Update rudderc documentation (#22721)

  • Fallback on /var/rudder/ncf/common for library (#22719)

  • Allow generating runnable techniques (#22573)

  • Improve HTML doc of methods (#22563)

  • Update Rust tooling for 8.0 (#22561)

  • Refactor CLI to work on a local directory (#22545)

Relay server or API

  • Remove md5 usage in relayd (#22909)

Security

  • Use cargo vet to check Rust dependencies (#22816)

Architecture - Dependencies

  • Update webapp dependencies (#22800)

System techniques

  • remove syslog configuration and associated restart in the agent (#22902)

  • remove log rotation for slapd logs (#22898)

Generic methods

  • Update CFEngine stdlib to 3.21.1 (#22818)

  • Add a 'Permissions POSIX ACLs entry parent' method (#22386)

Bug fixes

Packaging

  • Fixed: slapd cannot write in its log file (#23048)

  • Fixed: remove openssl 1.1.1 build hack un rudder 8.0 (#22961)

  • Fixed: accelerate rpm build when perl modules are already present (#22939)

  • Fixed: rpm build may fail on old centos (#22936)

  • Fixed: build fail on amazon linux 2023 (#22935)

  • Fixed: there is a hidden dependency on syslog service (#22899)

  • Fixed: Use system openssl for relayd (#22888)

  • Fixed: libxml2 sha256 is wrong (#22855)

  • Fixed: Failing patches of jetty (#22851)

  • Fixed: aix should continue to build 32 bits dependencies as before (#22837)

  • Fixed: old value aix-gcc doesn’t work on openssl3 (#22835)

  • Fixed: openssl3 configure script is deprecated (#22834)

  • Fixed: openssl3 is not detected at build time by curl (#22833)

  • Fixed: Document missing perl dependencies (#22812)

  • Fixed: 8.0 dependecny check is broken (#22872)

  • Fixed: docopt completion is installed in /usr/local/bin (#22868)

Performance and scalability

  • Fixed: use openssl 3 on very old and very recent OS in rudder 8 (#22817)

Miscellaneous

  • Fixed: Require Java 17 (#22732)

Documentation

  • Fixed: documentation on how to configure rsync relay synchroinisation is missing (#22891)

  • Fixed: Documentation on how to upgrade Rudder to 7.2 is invalid on zypper (#22621)

Architecture - Code maintenance

  • Fixed: Rudderc produces metadata.xml under target directory which breaks webapp (#23053)

  • Fixed: Rewrite file manager to an elm application (#22988)

  • Fixed: Cache most current Version number to save lots of memory (#22978)

  • Fixed: Rudder 8.0 compilation is broken (#22986)

  • Fixed: Snake-yaml dependency in zio-json is subjected to CVE (#22983)

Web - Config management

  • Fixed: Wrong command to call rudderc in webapp (#23049)

  • Fixed: Rudderc usage within Rudder webapp (#22845)

  • Fixed: Rudderc usage within Rudder webapp (#22845)

  • Fixed: Rudderc usage within Rudder webapp (#22845)

Web - UI & UX

  • Fixed: There is a blank space above almost every Rudder page (#23042)

  • Fixed: Directives tooltips go under navigation menu (#22530)

  • Fixed: Agent schedule and policy mode apps are not initialized anymore (#22853)

  • Fixed: Rewrite angular app "Agent schedule" in Elm (#22510)

Server components

  • Fixed: Grammar correction in error message (#23027)

rudderc

  • Fixed: Call rudderc with correct parameters (#22973)

  • Fixed: Windows generator generates invalid syntax (#22972)

  • Fixed: Broken test in rudderc (#22726)

  • Fixed: Check focus reporting has an existing id (#22720)

  • Fixed: Put images in src dir (#22572)

  • Fixed: Missing rsync to publish rudderc docs (#22570)

Security

  • Fixed: JS vulns in 8.0 (#22984)

  • Fixed: Fix our GitHub SECURITY file (#22964)

  • Fixed: Ignore DoS in npm dependencies (#22324)

Architecture - Dependencies

  • Fixed: Update elm dependencies (#22881)

API

  • Fixed: Change json structure returned for /settings/allowed_networks (#22456)

Techniques

  • Fixed: Update user management to manage secondary group of user (#22846)

  • Fixed: Update user management to manage secondary group of user (#22846)

System techniques

  • Fixed: there is no all.log anymore, remove log rotation (#22897)

Agent

  • Fixed: Hard to understand set-force-audit help (#23008)

Generic methods

  • Fixed: Remove reporting heartbeat implementation (#22660)

Release notes

This is a bug fix release in the 8.0 series and therefore all installations of 8.0.x should be upgraded when possible. When we release a new version of Rudder it has been thoroughly tested, and we consider the release enterprise-ready for deployment.

Change logs for Rudder 8.0


← Release notes aix →