This release has important security fixes pertaining to Agent-Server communication. We recommend all users to upgrade to this version to safeguard your GoCD server.
These security vulnerabilities were responsibly disclosed by Denis Andzakovic. We want to give users some time to upgrade, before providing more details about the vulnerabilities.
Webhook support for Config Repositories
Starting GoCD 21.1.0, the config repositories can be refreshed or updated via a webhook trigger. The config repositories page will now showcase the URL required to configure the same (if auto update has been turned off).
- #8900 – Improve UX – add search functionality on page
- #8915 – Repeated logging: Could not find file config/cipher and config/go.feature.toggles
Aravind SV, Ganesh S Patil, Ketan Padegaonkar, Kritika Singh, Mahesh Panchaksharaiah, Marques Lee, Varsha Varadarajan
A more comprehensive list of changes for this release can be found here.
Have ideas and want to contribute? Need some help getting started? We’re here to help. Reach out to us at firstname.lastname@example.org.
Found a security issue that needs fixing? Please report it to https://hackerone.com/gocd
Please report any issues that you observe on GitHub issues.