Skip to content

Commit 33fded5

Browse files
committed
full release notes list and script fix
1 parent 8bb7a7a commit 33fded5

2 files changed

Lines changed: 142 additions & 14 deletions

File tree

docs/.vuepress/pr-utils.mjs

Lines changed: 90 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -29,6 +29,87 @@ export function parseSaasCutTag(tag) {
2929
};
3030
}
3131

32+
/**
33+
* Fetch PRs by milestone as a fallback for large commit ranges
34+
* @param {Object} octokit - Initialized Octokit instance
35+
* @param {string} owner - Repository owner
36+
* @param {string} repo - Repository name
37+
* @param {string} milestone - Milestone version (e.g., "6.0.0")
38+
* @param {Array<string>} includeLabels - Labels that PRs must have (empty array = all PRs)
39+
* @param {Array<string>} excludeLabels - Labels to exclude from results
40+
* @returns {Promise<Array>} Array of PR objects
41+
*/
42+
async function fetchPRsByMilestone(octokit, owner, repo, milestone, includeLabels = [], excludeLabels = []) {
43+
console.log(` Using milestone-based search for ${owner}/${repo} milestone ${milestone}`);
44+
45+
const prs = [];
46+
let page = 1;
47+
const perPage = 100;
48+
let hasMore = true;
49+
50+
while (hasMore) {
51+
try {
52+
const { data: pullRequests } = await octokit.rest.pulls.list({
53+
owner,
54+
repo,
55+
state: 'closed',
56+
per_page: perPage,
57+
page: page,
58+
sort: 'updated',
59+
direction: 'desc'
60+
});
61+
62+
if (pullRequests.length === 0) {
63+
hasMore = false;
64+
break;
65+
}
66+
67+
for (const pr of pullRequests) {
68+
// Only include merged PRs
69+
if (!pr.merged_at) continue;
70+
71+
// Check milestone if it exists
72+
if (pr.milestone && pr.milestone.title === milestone) {
73+
const prLabels = pr.labels.map(label => label.name);
74+
75+
// Check exclude labels
76+
if (excludeLabels.length > 0 && excludeLabels.some(label => prLabels.includes(label))) {
77+
continue;
78+
}
79+
80+
// Check include labels (empty = all PRs)
81+
if (includeLabels.length === 0 || includeLabels.some(label => prLabels.includes(label))) {
82+
prs.push({
83+
...pr,
84+
_repoOwner: owner,
85+
_repoName: repo
86+
});
87+
}
88+
}
89+
}
90+
91+
// GitHub's list PRs API paginates
92+
if (pullRequests.length < perPage) {
93+
hasMore = false;
94+
} else {
95+
page++;
96+
}
97+
98+
// Safety limit
99+
if (page > 100) {
100+
console.log(` ⚠ Reached pagination safety limit (${prs.length} PRs found)`);
101+
hasMore = false;
102+
}
103+
} catch (error) {
104+
console.warn(` Warning: Error fetching PRs by milestone: ${error.message}`);
105+
hasMore = false;
106+
}
107+
}
108+
109+
console.log(` Found ${prs.length} PRs with milestone ${milestone}`);
110+
return prs;
111+
}
112+
32113
/**
33114
* Fetch PRs merged between two tags using git comparison
34115
* @param {Object} octokit - Initialized Octokit instance
@@ -82,6 +163,15 @@ export async function fetchPRsBetweenTags(octokit, owner, repo, fromVersion, toV
82163
return [];
83164
}
84165

166+
const totalCommits = comparison.data.total_commits || comparison.data.commits.length;
167+
168+
// GitHub's compareCommits API has a 250 commit limit
169+
// For large ranges, we need a different approach
170+
if (totalCommits > 250) {
171+
console.log(` ⚠ Large commit range (${totalCommits} commits) - using milestone/search fallback`);
172+
return await fetchPRsByMilestone(octokit, owner, repo, toVersion, includeLabels, excludeLabels);
173+
}
174+
85175
// Extract PR numbers from merge commits
86176
const prNumbers = new Set();
87177
for (const commit of comparison.data.commits) {

docs/history/6_x/version-6.0.0.md

Lines changed: 52 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -21,51 +21,89 @@ feed:
2121
- MySQL 8.4 support
2222
- Lots More
2323

24+
<!-- <VidStack src="youtube/REPLACE" poster="https://img.youtube.com/vi/REPLACE/maxresdefault.jpg"/> -->
2425

2526
## Runbook Automation Updates
2627

27-
##### ::circle-dot:: Fix project runner replica list gated on delete permission
28+
##### ::circle-dot:: Password reset links now automatically expire
2829

29-
Fixed a bug where **viewing runner replicas** in a project incorrectly required **delete** permission on project runners in addition to read. **Read access alone is now enough** to see replica information in Runner Management, so least-privilege ACLs work as administrators expect.
30+
Password reset links now automatically expire after a configurable period (7 days by default), improving security by limiting the window of opportunity for unauthorized password resets. If a user attempts to use an expired reset link, they&#39;ll simply need to request a new one—no manual cleanup or administrative action required.
3031

3132
##### ::circle-dot:: Fix search not working in User Management tables
3233

3334
Fix User Management search — typing in the search box in the User Classes, Manage Local Users, and Manage Local Groups tabs now correctly filters rows by all searchable columns, including User Class name and Group Name.
3435

36+
##### ::circle-dot:: Fix project runner replica list gated on delete permission
37+
38+
Fixed a bug where **viewing runner replicas** in a project incorrectly required **delete** permission on project runners in addition to read. **Read access alone is now enough** to see replica information in Runner Management, so least-privilege ACLs work as administrators expect.
39+
40+
##### ::circle-dot:: Execution log runner UI (i18n + badge settings)
41+
42+
Execution log: runner plugin registers i18n for the “Display Runner Badge” setting; fixes missing translation key and non-functional toggle when combined with updated ui-trellis LogViewer `addUiMessages` provider.
43+
3544

3645
## Rundeck Open Source Product Updates
3746

38-
##### ::circle-dot:: [Upgrade log4J to 2.25.4](https://github.com/rundeck/rundeck/pull/10086)
47+
##### ::circle-dot:: [NextUI: Vue migration for User and System Configuration menus](https://github.com/rundeck/rundeck/pull/9899)
3948

40-
Fix CVE-2026-34478 and CVE-2026-34480 by upgrading to 2.25.4
49+
&lt;!-- If you have suggested content that would describe this PR to other Rundeck community users, please enter it here.--&gt;
4150

42-
##### ::circle-dot:: [Upgrade mina-core to 2.2.7 to fix CVE-2026-42779](https://github.com/rundeck/rundeck/pull/10118)
51+
##### ::circle-dot:: [Upgrade to Grails 7.0.9, Spring Boot 3.5.11, Groovy 4.0.30, Java 17](https://github.com/rundeck/rundeck/pull/9922)
52+
53+
Initial Grails 7 Upgrade for Rundeck Core. Versions and code from this pull request have been improved and updated since merge, but this is the original PR for the 6.0 upgrade.
4354

44-
##### ::circle-dot:: [Make UUID field read-only in job Other tab](https://github.com/rundeck/rundeck/pull/10146)
55+
##### ::circle-dot:: [Bump Jetty to 12.0.33 for CVE-2026-2332 (CWE-444 request smuggling)](https://github.com/rundeck/rundeck/pull/10050)
56+
57+
##### ::circle-dot:: [Eliminate Jasypt dependency and upgrade BouncyCastle to 1.84](https://github.com/rundeck/rundeck/pull/10094)
4558

46-
UUID is no longer be editable on Jobs Other tab
59+
Rundeck&#39;s storage encryption has been upgraded to use modern AES-256-GCM authenticated encryption, replacing the legacy Jasypt library and resolving security vulnerability CVE-2026-5588 by upgrading BouncyCastle to version 1.84. This enhancement provides stronger encryption for stored credentials and keys while maintaining full backward compatibility—existing encrypted data continues to work and is automatically migrated to the new encryption format when next updated, requiring no manual intervention or downtime.
4760

48-
##### ::circle-dot:: [Improve Dutch translations to be better understandable - Community Submission](https://github.com/rundeck/rundeck/pull/10164)
61+
##### ::circle-dot:: [Make script editor min/max lines configurable via System Configuration](https://github.com/rundeck/rundeck/pull/10137)
62+
63+
##### ::circle-dot:: [Conditional step with multiple sub-steps breaks job output](https://github.com/rundeck/rundeck/pull/10140)
4964

50-
Community Submission from @TheSander562. Enhancement for dutch speaking people so the words and sentences makes sense when reading them in Rundeck.
65+
This fixes some issues with the Job Output view when there are multiple sub steps in a Conditional Step.
5166

52-
##### ::circle-dot:: [Update commons-compress to 1.28.0 to fix CVE-2025-48924](https://github.com/rundeck/rundeck/pull/10165)
67+
##### ::circle-dot:: [Remove Community News Subscribe Button](https://github.com/rundeck/rundeck/pull/10148)
5368

54-
Updated Apache Commons Compress to version 1.28.0 to address CVE-2025-48924, which resolves a vulnerability in the transitively included commons-lang3 dependency.
69+
The news subscribe button has been removed as a product feature. You can sign up for Release Notes emails at https://www.rundeck.com/release-notes-signup or join us in the [community forums](https://community.pagerduty.com/).
5570

56-
##### ::circle-dot:: [Update follow-redirects for CVE-2026-40895](https://github.com/rundeck/rundeck/pull/10169)
71+
##### ::circle-dot:: [Fix/add created by field](https://github.com/rundeck/rundeck/pull/10150)
5772

58-
Updates the follow-redirects dependency to version 1.16.0 to address security vulnerability CVE-2026-40895.
73+
Job creation tracking now permanently preserves the original job creator&#39;s identity. When viewing job details, you&#39;ll see who originally created the job, even if the job has been modified by other users over time. This enhancement improves audit trails and accountability by ensuring the original creator information is never lost during job updates or imports.
74+
75+
##### ::circle-dot:: [Fix cluster member state showing as unknown on Job page](https://github.com/rundeck/rundeck/pull/10172)
5976

6077
##### ::circle-dot:: [Restore step property value colors for dark background contexts](https://github.com/rundeck/rundeck/pull/10153)
6178

6279
Fixed a regression in 5.20.0 where step configuration property values in the workflow editor step cards appeared invisible or hard to read due to dark color overrides that conflicted with the dark-background step list UI. Values now render in the original readable green color (Bootstrap `text-success`) as in previous versions.
6380

64-
6581
##### ::circle-dot:: [Fix cron expression selector not updating in Execution History Clean](https://github.com/rundeck/rundeck/pull/10154)
6682

6783
Fix cron expression selector in Project Settings &gt; Execution History Clean. Selecting a predefined cron option now correctly updates the schedule input field.
6884

85+
##### ::circle-dot:: [Improve Dutch translations to be better understandable - Community Submission](https://github.com/rundeck/rundeck/pull/10164)
86+
87+
Community Submission from @TheSander562. Enhancement for dutch speaking people so the words and sentences makes sense when reading them in Rundeck.
88+
89+
##### ::circle-dot:: [Update follow-redirects for CVE-2026-40895](https://github.com/rundeck/rundeck/pull/10169)
90+
91+
Updates the follow-redirects dependency to version 1.16.0 to address security vulnerability CVE-2026-40895.
92+
93+
##### ::circle-dot:: [Update commons-compress to 1.28.0 to fix CVE-2025-48924](https://github.com/rundeck/rundeck/pull/10165)
94+
95+
Updated Apache Commons Compress to version 1.28.0 to address CVE-2025-48924, which resolves a vulnerability in the transitively included commons-lang3 dependency.
96+
97+
##### ::circle-dot:: [Upgrade mina-core to 2.2.7 to fix CVE-2026-42779](https://github.com/rundeck/rundeck/pull/10118)
98+
99+
##### ::circle-dot:: [Make UUID field read-only in job Other tab](https://github.com/rundeck/rundeck/pull/10146)
100+
101+
UUID is no longer be editable on Jobs Other tab
102+
103+
##### ::circle-dot:: [Upgrade log4J to 2.25.4](https://github.com/rundeck/rundeck/pull/10086)
104+
105+
Fix CVE-2026-34478 and CVE-2026-34480 by upgrading to 2.25.4
106+
69107

70108
[Here is a link to the full list of public PRs](https://github.com/rundeck/rundeck/pulls?q=is%3Apr+milestone%3A6.0.0+is%3Aclosed)
71109

0 commit comments

Comments
 (0)