Skip to content

v2.10.2
Compare
Choose a tag to compare
@blag blag released this 28 Feb 00:00
· 40 commits to v2.10 since this release
v2.10.2
3f3c803

Added

  • Add support for various new SSL / TLS related config options (ssl_keyfile, ssl_certfile,
    ssl_ca_certs, ssl_certfile, authentication_mechanism) to the messaging section in
    st2.conf config file.

    With those config options, user can configure things such as client based certificate
    authentication, client side verification of a server certificate against a specific CA bundle, etc.

    NOTE: Those options are only supported when using a default and officially supported AMQP backend
    with RabbitMQ server. (new feature) #4541

  • Add metrics instrumentation to the st2notifier service. For the available / exposed metrics,
    please refer to https://docs.stackstorm.com/reference/metrics.html. (improvement) #4536

Changed

  • Update logging code so we exclude log messages with log level AUDIT from a default service
    log file (e.g. st2api.log). Log messages with level AUDIT are already logged in a
    dedicated service audit log file (e.g. st2api.audit.log) so there is no need for them to also
    be duplicated and included in regular service log file.

    NOTE: To aid with debugging, audit log messages are also included in a regular log file when log
    level is set to DEBUG or system.debug config option is set to True.

    Reported by Nick Maludy. (improvement) #4538 #4502

  • Update pyyaml dependency to the latest version. This latest version fixes an issue which
    could result in a code execution vulnerability if code uses yaml.load in an unsafe manner
    on untrusted input.

    NOTE: StackStorm platform itself is not affected, because we already used yaml.safe_load
    everywhere.

    Only custom packs which use yaml.load with non trusted user input could potentially be
    affected. (improvement) #4510 #4552 #4554

  • Update Orquesta to v0.4. #4551

Fixed

  • Fixed the packs.pack_install / !pack install {{ packs }} action-alias to not have
    redundant patterns. Previously this prevented it from being executed via
    st2 action-alias execute 'pack install xxx'. #4511

    Contributed by Nick Maludy (Encore Technologies)

  • Fix datastore value encryption and make sure it also works correctly for unicode (non-ascii)
    values.

    Reported by @dswebbthg, @nickbaum. (bug fix) #4513 #4527 #4528

  • Fix a bug with action positional parameter serialization used in local and remote script runner
    not working correctly with non-ascii (unicode) values.

    This would prevent actions such as core.sendmail which utilize positional parameters from
    working correctly when a unicode value was provided.

    Reported by @johandahlberg (bug fix) #4533

  • Fix core.sendmail action so it specifies charset=UTF-8 in the Content-Type email
    header. This way it works correctly when an email subject and / or body contains unicode data.

    Reported by @johandahlberg (bug fix) #4533 4534

  • Fix CLI st2 apikey load not being idempotent and API endpoint /api/v1/apikeys not
    honoring desired ID for the new record creation. #4542

  • Moved the lock from concurrency policies into the scheduler to fix a race condition when there
    are multiple scheduler instances scheduling execution for action with concurrency policies.
    #4481 (bug fix)

  • Add retries to scheduler to handle temporary hiccup in DB connection. Refactor scheduler
    service to return proper exit code when there is a failure. #4539 (bug fix)

  • Update service setup code so we always ignore kombu library heartbeat_tick debug log
    messages.

    Previously if DEBUG log level was set in service logging config file, but --debug
    service CLI flag / system.debug = True config option was not used, those messages were
    still logged which caused a lot of noise which made actual useful log messages hard to find.
    (improvement) #4557

Assets 2
Loading