You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
##### ::circle-dot:: Fix project runner replica list gated on delete permission
28
+
##### ::circle-dot:: Password reset links now automatically expire
28
29
29
-
Fixed a bug where **viewing runner replicas** in a project incorrectly required **delete** permission on project runners in addition to read. **Read access alone is now enough** to see replica information in Runner Management, so least-privilege ACLs work as administrators expect.
30
+
Password reset links now automatically expire after a configurable period (7 days by default), improving security by limiting the window of opportunity for unauthorized password resets. If a user attempts to use an expired reset link, they'll simply need to request a new one—no manual cleanup or administrative action required.
30
31
31
32
##### ::circle-dot:: Fix search not working in User Management tables
32
33
33
34
Fix User Management search — typing in the search box in the User Classes, Manage Local Users, and Manage Local Groups tabs now correctly filters rows by all searchable columns, including User Class name and Group Name.
34
35
36
+
##### ::circle-dot:: Fix project runner replica list gated on delete permission
37
+
38
+
Fixed a bug where **viewing runner replicas** in a project incorrectly required **delete** permission on project runners in addition to read. **Read access alone is now enough** to see replica information in Runner Management, so least-privilege ACLs work as administrators expect.
Execution log: runner plugin registers i18n for the “Display Runner Badge” setting; fixes missing translation key and non-functional toggle when combined with updated ui-trellis LogViewer `addUiMessages` provider.
43
+
35
44
36
45
## Rundeck Open Source Product Updates
37
46
38
-
##### ::circle-dot:: [Upgrade log4J to 2.25.4](https://github.com/rundeck/rundeck/pull/10086)
47
+
##### ::circle-dot:: [NextUI: Vue migration for User and System Configuration menus](https://github.com/rundeck/rundeck/pull/9899)
39
48
40
-
Fix CVE-2026-34478 and CVE-2026-34480 by upgrading to 2.25.4
49
+
<!-- If you have suggested content that would describe this PR to other Rundeck community users, please enter it here.-->
41
50
42
-
##### ::circle-dot:: [Upgrade mina-core to 2.2.7 to fix CVE-2026-42779](https://github.com/rundeck/rundeck/pull/10118)
51
+
##### ::circle-dot:: [Upgrade to Grails 7.0.9, Spring Boot 3.5.11, Groovy 4.0.30, Java 17](https://github.com/rundeck/rundeck/pull/9922)
52
+
53
+
Initial Grails 7 Upgrade for Rundeck Core. Versions and code from this pull request have been improved and updated since merge, but this is the original PR for the 6.0 upgrade.
43
54
44
-
##### ::circle-dot:: [Make UUID field read-only in job Other tab](https://github.com/rundeck/rundeck/pull/10146)
55
+
##### ::circle-dot:: [Bump Jetty to 12.0.33 for CVE-2026-2332 (CWE-444 request smuggling)](https://github.com/rundeck/rundeck/pull/10050)
56
+
57
+
##### ::circle-dot:: [Eliminate Jasypt dependency and upgrade BouncyCastle to 1.84](https://github.com/rundeck/rundeck/pull/10094)
45
58
46
-
UUID is no longer be editable on Jobs Other tab
59
+
Rundeck's storage encryption has been upgraded to use modern AES-256-GCM authenticated encryption, replacing the legacy Jasypt library and resolving security vulnerability CVE-2026-5588 by upgrading BouncyCastle to version 1.84. This enhancement provides stronger encryption for stored credentials and keys while maintaining full backward compatibility—existing encrypted data continues to work and is automatically migrated to the new encryption format when next updated, requiring no manual intervention or downtime.
47
60
48
-
##### ::circle-dot:: [Improve Dutch translations to be better understandable - Community Submission](https://github.com/rundeck/rundeck/pull/10164)
61
+
##### ::circle-dot:: [Make script editor min/max lines configurable via System Configuration](https://github.com/rundeck/rundeck/pull/10137)
62
+
63
+
##### ::circle-dot:: [Conditional step with multiple sub-steps breaks job output](https://github.com/rundeck/rundeck/pull/10140)
49
64
50
-
Community Submission from @TheSander562. Enhancement for dutch speaking people so the words and sentences makes sense when reading them in Rundeck.
65
+
This fixes some issues with the Job Output view when there are multiple sub steps in a Conditional Step.
51
66
52
-
##### ::circle-dot:: [Update commons-compress to 1.28.0 to fix CVE-2025-48924](https://github.com/rundeck/rundeck/pull/10165)
67
+
##### ::circle-dot:: [Remove Community News Subscribe Button](https://github.com/rundeck/rundeck/pull/10148)
53
68
54
-
Updated Apache Commons Compress to version 1.28.0 to address CVE-2025-48924, which resolves a vulnerability in the transitively included commons-lang3 dependency.
69
+
The news subscribe button has been removed as a product feature. You can sign up for Release Notes emails at https://www.rundeck.com/release-notes-signup or join us in the [community forums](https://community.pagerduty.com/).
55
70
56
-
##### ::circle-dot:: [Update follow-redirects for CVE-2026-40895](https://github.com/rundeck/rundeck/pull/10169)
71
+
##### ::circle-dot:: [Fix/add created by field](https://github.com/rundeck/rundeck/pull/10150)
57
72
58
-
Updates the follow-redirects dependency to version 1.16.0 to address security vulnerability CVE-2026-40895.
73
+
Job creation tracking now permanently preserves the original job creator's identity. When viewing job details, you'll see who originally created the job, even if the job has been modified by other users over time. This enhancement improves audit trails and accountability by ensuring the original creator information is never lost during job updates or imports.
74
+
75
+
##### ::circle-dot:: [Fix cluster member state showing as unknown on Job page](https://github.com/rundeck/rundeck/pull/10172)
59
76
60
77
##### ::circle-dot:: [Restore step property value colors for dark background contexts](https://github.com/rundeck/rundeck/pull/10153)
61
78
62
79
Fixed a regression in 5.20.0 where step configuration property values in the workflow editor step cards appeared invisible or hard to read due to dark color overrides that conflicted with the dark-background step list UI. Values now render in the original readable green color (Bootstrap `text-success`) as in previous versions.
63
80
64
-
65
81
##### ::circle-dot:: [Fix cron expression selector not updating in Execution History Clean](https://github.com/rundeck/rundeck/pull/10154)
66
82
67
83
Fix cron expression selector in Project Settings > Execution History Clean. Selecting a predefined cron option now correctly updates the schedule input field.
68
84
85
+
##### ::circle-dot:: [Improve Dutch translations to be better understandable - Community Submission](https://github.com/rundeck/rundeck/pull/10164)
86
+
87
+
Community Submission from @TheSander562. Enhancement for dutch speaking people so the words and sentences makes sense when reading them in Rundeck.
88
+
89
+
##### ::circle-dot:: [Update follow-redirects for CVE-2026-40895](https://github.com/rundeck/rundeck/pull/10169)
90
+
91
+
Updates the follow-redirects dependency to version 1.16.0 to address security vulnerability CVE-2026-40895.
92
+
93
+
##### ::circle-dot:: [Update commons-compress to 1.28.0 to fix CVE-2025-48924](https://github.com/rundeck/rundeck/pull/10165)
94
+
95
+
Updated Apache Commons Compress to version 1.28.0 to address CVE-2025-48924, which resolves a vulnerability in the transitively included commons-lang3 dependency.
96
+
97
+
##### ::circle-dot:: [Upgrade mina-core to 2.2.7 to fix CVE-2026-42779](https://github.com/rundeck/rundeck/pull/10118)
98
+
99
+
##### ::circle-dot:: [Make UUID field read-only in job Other tab](https://github.com/rundeck/rundeck/pull/10146)
100
+
101
+
UUID is no longer be editable on Jobs Other tab
102
+
103
+
##### ::circle-dot:: [Upgrade log4J to 2.25.4](https://github.com/rundeck/rundeck/pull/10086)
104
+
105
+
Fix CVE-2026-34478 and CVE-2026-34480 by upgrading to 2.25.4
106
+
69
107
70
108
[Here is a link to the full list of public PRs](https://github.com/rundeck/rundeck/pulls?q=is%3Apr+milestone%3A6.0.0+is%3Aclosed)
0 commit comments