Dec 14, 2023
This maintenance release accumulated important security updates in the project upstream dependencies: st2 core, orquesta workflow engine, st2web UI, and st2chatops. There were more than 10 pip updates and over 100 npm dependencies updated of low, high and critical severity. Outside of that, for Docker images the OS-level dependencies were refreshed. The work is not complete as keeping the patch release compatible with python 3.6 made it difficult to update everything possible, but it covers the vast majority of upstream security up to date.
In addition to security updates, more than 30 bug fixes were included in this release. See the full v3.8.1 Changelog.
The patch release doesn't introduce any breaking changes and we recommend updating. It will be the last one to support Python 3.6, CentOS7, Ubuntu 18.04 LTS that reached End of Life and will be dropped in v3.9.0.
The plans for 3.9.0 include dropping Ubuntu18 and CentOS/RHEL 7, adding Ubuntu 22 (Python 3.10), RHEL/RockyLinux 9 (Python 3.9), adding MongoDB v6.0 support, SSO/SAML support, updating more upstream dependencies for security.
Python 3.6 will no-longer be supported in future StackStorm releases, so we advise users to start updating their private packs to be compatible with python 3.8/python3.9/python3.10 so that they will be able to migrate to StackStorm 3.9.0 in future. Starting strong with the community-driven v3.8.1, there's much more work that needs to be done for the upcoming bigger v3.9.0!
StackStorm v3.8.1 patch release wouldn't be possible without our open source community who listened when we asked for help and stepped in to assist: fixing broken builds, updating dependencies, security fixes, and testing.
Thanks to Carlos (@nzlosh) who assisted with this release, Amanda McGuinness (@amanda11) from intive, Ronnie Hoffmann (@ZoeLeah) and Philipp Homberger (@philipphomberger) from Schwarz IT, Jacob Floyd (@cognifloyd), Marcel Weinberg (@winem), Scott Swann (@jk464), @enykeev and @dzimine, David Culbreth (@AndroxxTraxxon), @ubaumann, Mark Mercado (@mamercad) from DigitalOcean, Jeremiah Millay (@floatingstatic) from Fastly, @maxfactor1, Sravanthi Konduru (@sravs-dev) from Salesforce, Kyle Hartigan (@setswei), @FileMagic, AJ (@guzzijones), @arms11 from VMware and everyone else who was involved.
Special shout out to Eugen Cusmaunsa, former Stormer who led this release and is stepping down as a senior TSC maintainer. We appreciate your contributions and wish you all the best in your future endeavors!
We invite organizations that made StackStorm part of their business processes to get involved in the community. Ask StackStorm Maintainers (#TSC in Slack) where the help is needed most. Start contributing, become a maintainer. Just operating the project takes a lot of human resources. The hardest work the TSC is doing is day-to-day maintenance: triaging issues, answering questions, reviewing PRs, keeping the builds in a working state, updating with upstream.
Sometimes with the bus factor and people rotation we miss the knowledge and end up with the project being stuck. If you see something is broken, - offer your help. If you can't dedicate engineers to open-source development and still need StackStorm assistance, - hire a StackStorm partner who has expertise, it'll help them to keep the StackStorm maintained. We welcome all approaches!
Keep up to date with the latest developments on LinkedIn, Twitter, Github and join our Slack. We also run monthly community meetings, and everyone is welcome to join us. The success of the upcoming releases depends on you, our community.