May 30, 2019
By Tomaz Muraus
Today we are happy to announce StackStorm v3.0.1.
This is a first bug fix patch / patch release in the v3.0.x release series. It includes the following bug fixes and improvements:
ssh_runner.use_ssh_configparameter is set to
Trueand if a custom (non-default)
pack.yamlmetadata attribute is used in combination with
--python3” st2 pack install” flag.
source_channelback to the context used by Mistral workflows for executions which are triggered via ChatOps (using action alias). In StackStorm v3.0.0, this variable was inadvertently removed from the context used by Mistral workflows.
timestampattribute in the
execution.logattribute being incorrect when server time where st2api is running was not set to UTC.
--python3flag (running Python 3 actions on installation where StackStorm components run under Python 2) which rely on modules from Python 3 standard library which are also available in Python 2 site-packages (e.g.
concurrent) not working correctly. In such scenario, package / module was incorrectly loaded from Python 2 site-packages instead of Python 3 standard library which broke such packs.
linux.serviceaction. User who had access to run this action could cause a shell command injection by passing a compromised value for either the
Thanks to everyone who has contributed to this release.
Special thanks to James Robinson (Netskope and Veracode) for reporting the security issue in
As always, make sure you have backups first. Then follow the standard Upgrade Instructions.