New Feature: Output Schema

April 9, 2019
by Lindsay Hill

We added support for Output Schema in StackStorm 2.9. This feature has been “under the radar” for a while. Time to shed a little light, explain what it is, how to use it, and why we added this feature. Read on!

READ MORE…

What’s new in ST2 Exchange?

March 25, 2019
by Lindsay Hill

Hey folks, been a little while since we’ve done a roundup of new & interesting pack updates. This time it’s Telegram, vSphere, Terraform, Napalm, Icinga2 and more. We’ve also been doing some background preparation work for Python 3. Read on for the full details.

READ MORE…

StackStorm v2.10.4

March 15, 2019
By Tomaz Muraus

Today we are happy to announce StackStorm v2.10.4.

This is another bug fix release in the v2.10.x release series. It includes the following bug fixes and improvements:

  • Fix inadvertent regression in notifier service which would cause generic action trigger to only be dispatched for completed states even if custom states were specified using action_sensor.emit_when config option.
  • Make sure we don’t log auth token and api key inside st2api log file if those values are provided via query parameter and not header (?x-auth-token=foo, ?st2-api-key=bar).
  • Fix rendering of {{ config_context. }} in orquesta task that references action from a different pack
  • Add missing default config location (/etc/st2/st2.conf) to the following services: st2actionrunner, st2scheduler, st2workflowengine.
  • Update statsd metrics driver so any exception thrown by statsd library is treated as non-fatal.

Upgrading

As always, make sure you have backups first. Then follow the standard Upgrade Instructions.

StackStorm 2.9.3/2.10.3

March 8, 2019
By Matt Stone

In the last couple of weeks StackStorm has published back-to-back releases. 2.10.2 is a traditional patch release from StackStorm, and you’ll find some of the highlights below. 2.10.3 and 2.9.3; however, are releases to address CVE-2019-9580. I want to thank Barak Tawily and Anna Tsibulskaya: the researchers who discovered and submitted a patch for the issue.

The issue found by Barak and Anna is an improper handling of CORS headers. Specifically what the StackStorm API returned for Access-Control-Allow-Origin. Prior to 2.10.3/2.9.3, if the origin of the request was unknown, we would return null. As Mozilla’s documentation will show, and client behavior will back up, null can result in a successful request from an unknown origin in some clients. Allowing the possibility of XSS style attacks against the StackStorm API. The fix for this is relatively straightforward, and, as of 2.10.3/2.9.3, if the origin is unknown StackStorm will return the first valid origin in the Access-Control-Allow-Origin header.

Thanks again to Barak and Anna for the report, and if you are a researcher or user that discovers a security issue please reach out to moc.mrotskcatsnull@ofni.

Now back to our regularly scheduled release blog.

Our latest release continues StackStorm on its journey to 3.0, and has a plethora of bug and performance fixes. We continue to bring Orquesta closer to GA, and the community has been an great asset both reporting new issues as well as providing new feature requests. Some of the release highlights include:

  • Add support for various new SSL / TLS related config options to the messaging section in st2.conf config file.
  • Metrics instrumentation for the st2notifier service
  • Fix datastore value encryption and make sure it also works correctly for unicode (non-ascii) values.
  • Moved the lock from concurrency policies into the scheduler to fix a race condition when there are multiple scheduler instances scheduling execution for action with concurrency policies.

As always, you can check the release notes for the complete list of changes. We’ll see you again soon for 3.0.

2018 Year in Review & 2019 StackStorm User Survey

Jan 30, 2019
By Tomaz Muraus

2018 is behind us and first of all we would like to thank all of our users, community members and customers for supporting us and making 2018 a successful year.

In this post we would like to have a look at the various things we have released and important milestones we have reached in 2018.

In addition to that, we would like to ask you to spare 10 minutes of your time by completing the StackStorm 2019 User Survey. Completing the survey will give us a better idea on how you use StackStorm. This will help us prioritize our feature development for 2019, make StackStorm better and help you become more successful.

READ MORE…

Ansible StackStorm role v1.0.0 released

Jan 15, 2019
By Eugen C. (@armab)

We’re very excited to announce that Ansible roles to deploy StackStorm have been promoted to major version 1.0.0!

READ MORE…

StackStorm v2.9.2 and v2.10.1: A Security Release (CVE-2018-20345)

Dec 20, 2018
By Tomaz Muraus

Today we are announcing the release of StackStorm v2.9.2 and StackStorm v2.10.1.

Those two patch releases fix a security issue which has been reported to us this week by one of our users (Alexandre Juma – thanks!).

READ MORE…

Pre-Change Freeze: StackStorm 2.10

Dec 14, 2018
By Lindsay Hill

Thought you could wind down for the change freeze? Sorry, we’ve got one last thing for you to do: Upgrade StackStorm to 2.10! Orquesta is now ready for almost all workflow use-cases. We’ve also done a big update to our ChatOps internals, and we have early-access Ubuntu 18 + Python 3 packages (for test only!). Read on for full details:

READ MORE…

Website Updates, Pack Updates

November 27, 2018
by Lindsay Hill

We have been doing a little tidying up around here, giving the website a small facelift. Our contributors have not rested either, with more pack updates including NetBox, PagerDuty, Atlassian Crowd and InfluxDB. Here’s the details:

READ MORE…

StackStorm 2.9.1 and Exchange Updates

October 23, 2018
by Lindsay Hill

Late October already – where did the year go? Well at least part of it was spent making StackStorm better, and adding new packs and actions to the StackStorm Exchange. Read on for more details about StackStorm 2.9.1, and pack updates to ManageIQ, Jira, ServiceNow, InfluxDB, vSphere, and more:

READ MORE…

1 2 3 27