StackStorm v3.0.1

May 30, 2019
By Tomaz Muraus

Today we are happy to announce StackStorm v3.0.1.

This is a first bug fix patch / patch release in the v3.0.x release series. It includes the following bug fixes and improvements:

  • Fix a bug in the remote command and script runner so it correctly uses SSH port from a SSH config
    file if ssh_runner.use_ssh_config parameter is set to True and if a custom (non-default)
    value for SSH port is specified in the configured SSH config file
  • Update pack install action so it works correctly when python_versions pack.yaml metadata attribute is used in combination with --python3 ” st2 pack install” flag.
  • Add source_channel back to the context used by Mistral workflows for executions which are triggered via ChatOps (using action alias). In StackStorm v3.0.0, this variable was inadvertently removed from the context used by Mistral workflows.
  • Fix a bug with timestamp attribute in the execution.log attribute being incorrect when server time where st2api is running was not set to UTC.
  • Fix a bug with some packs which use --python3 flag (running Python 3 actions on installation where StackStorm components run under Python 2) which rely on modules from Python 3 standard library which are also available in Python 2 site-packages (e.g. concurrent) not working correctly. In such scenario, package / module was incorrectly loaded from Python 2 site-packages instead of Python 3 standard library which broke such packs.
  • Remove policy-delayed status to avoid bouncing between delayed statuses in st2scheduler service.
  • Truncate some database index names so they are less than 65 characters long in total. This way it also works with AWS DocumentDB which doesn’t support longer index name at the moment.

    NOTE: AWS DocumentDB is not officially supported. Use at your own risk.
  • Fix a possible shell injection in the linux.service action. User who had access to run this action could cause a shell command injection by passing a compromised value for either the service or action parameter.


Thanks to everyone who has contributed to this release.

Special thanks to James Robinson (Netskope and Veracode) for reporting the security issue in linux.service action.


As always, make sure you have backups first. Then follow the standard Upgrade Instructions.