April 5, 2017
by Lindsay Hill
StackStorm 2.2.1 has been released, incorporating the usual array of improvements, bug fixes, and this time a BWC-specific security update. Read on for details.
/opt/stackstorm/configs/, Python actions & sensors never got those default values. Whoops. Resolved. Workaround: Create a pack config file.
While working on some LDAP improvements, we found a potential security exposure in the BWC LDAP Authentication backend. If the requirements were that a user was a member of all three groups x, y, z, then BWC may have allowed access if a user was a member of only a subset of those groups – e.g. if the user was only a member of groups x and z. This has been resolved, and tests added to check for this condition in future. We encourage users to upgrade. This only affects BWC (StackStorm Enterprise) users who use LDAP, and have authentication policies that require users to be a member of multiple groups.
toozlibrary (v1.15.0) means you can now use backends such as Consul and etcd for coordination.
st2ctl reloadcommand now preserves the exit code from
st2-register-content. So if your content registration fails, your scripts will properly detect it.
st2-run-pack-teststool now works directly out of box on servers where StackStorm was installed using packages. In addition to that, the tool no longer installs all the global pack dependencies when they’re already available.
As always, full details are in our Changelog.
This will probably be the last 2.2.x version that gets shipped. We are working on 2.3 right now, which is going to include a new API (with docs!!), and LDAP group -> RBAC role synchronization. More upcoming features include the new packs view in st2web, and oauth2 support. Thanks Peter! Not sure if those last two will make it into 2.3 or the next version after, but they won’t be far away.