StackStorm v2.10.4

March 15, 2019
By Tomaz Muraus

Today we are happy to announce StackStorm v2.10.4.

This is another bug fix release in the v2.10.x release series. It includes the following bug fixes and improvements:

  • Fix inadvertent regression in notifier service which would cause generic action trigger to only be dispatched for completed states even if custom states were specified using action_sensor.emit_when config option.
  • Make sure we don’t log auth token and api key inside st2api log file if those values are provided via query parameter and not header (?x-auth-token=foo, ?st2-api-key=bar).
  • Fix rendering of {{ config_context. }} in orquesta task that references action from a different pack
  • Add missing default config location (/etc/st2/st2.conf) to the following services: st2actionrunner, st2scheduler, st2workflowengine.
  • Update statsd metrics driver so any exception thrown by statsd library is treated as non-fatal.

Upgrading

As always, make sure you have backups first. Then follow the standard Upgrade Instructions.

StackStorm 2.9.3/2.10.3

March 8, 2019
By Matt Stone

In the last couple of weeks StackStorm has published back-to-back releases. 2.10.2 is a traditional patch release from StackStorm, and you’ll find some of the highlights below. 2.10.3 and 2.9.3; however, are releases to address CVE-2019-9580. I want to thank Barak Tawily and Anna Tsibulskaya: the researchers who discovered and submitted a patch for the issue.

The issue found by Barak and Anna is an improper handling of CORS headers. Specifically what the StackStorm API returned for Access-Control-Allow-Origin. Prior to 2.10.3/2.9.3, if the origin of the request was unknown, we would return null. As Mozilla’s documentation will show, and client behavior will back up, null can result in a successful request from an unknown origin in some clients. Allowing the possibility of XSS style attacks against the StackStorm API. The fix for this is relatively straightforward, and, as of 2.10.3/2.9.3, if the origin is unknown StackStorm will return the first valid origin in the Access-Control-Allow-Origin header.

Thanks again to Barak and Anna for the report, and if you are a researcher or user that discovers a security issue please reach out to moc.mrotskcatsnull@ofni.

Now back to our regularly scheduled release blog.

Our latest release continues StackStorm on its journey to 3.0, and has a plethora of bug and performance fixes. We continue to bring Orquesta closer to GA, and the community has been an great asset both reporting new issues as well as providing new feature requests. Some of the release highlights include:

  • Add support for various new SSL / TLS related config options to the messaging section in st2.conf config file.
  • Metrics instrumentation for the st2notifier service
  • Fix datastore value encryption and make sure it also works correctly for unicode (non-ascii) values.
  • Moved the lock from concurrency policies into the scheduler to fix a race condition when there are multiple scheduler instances scheduling execution for action with concurrency policies.

As always, you can check the release notes for the complete list of changes. We’ll see you again soon for 3.0.

2018 Year in Review & 2019 StackStorm User Survey

Jan 30, 2019
By Tomaz Muraus

2018 is behind us and first of all we would like to thank all of our users, community members and customers for supporting us and making 2018 a successful year.

In this post we would like to have a look at the various things we have released and important milestones we have reached in 2018.

In addition to that, we would like to ask you to spare 10 minutes of your time by completing the StackStorm 2019 User Survey. Completing the survey will give us a better idea on how you use StackStorm. This will help us prioritize our feature development for 2019, make StackStorm better and help you become more successful.

READ MORE…

Ansible StackStorm role v1.0.0 released

Jan 15, 2019
By Eugen C. (@armab)

We’re very excited to announce that Ansible roles to deploy StackStorm have been promoted to major version 1.0.0!

READ MORE…

StackStorm v2.9.2 and v2.10.1: A Security Release (CVE-2018-20345)

Dec 20, 2018
By Tomaz Muraus

Today we are announcing the release of StackStorm v2.9.2 and StackStorm v2.10.1.

Those two patch releases fix a security issue which has been reported to us this week by one of our users (Alexandre Juma – thanks!).

READ MORE…

Pre-Change Freeze: StackStorm 2.10

Dec 14, 2018
By Lindsay Hill

Thought you could wind down for the change freeze? Sorry, we’ve got one last thing for you to do: Upgrade StackStorm to 2.10! Orquesta is now ready for almost all workflow use-cases. We’ve also done a big update to our ChatOps internals, and we have early-access Ubuntu 18 + Python 3 packages (for test only!). Read on for full details:

READ MORE…

Website Updates, Pack Updates

November 27, 2018
by Lindsay Hill

We have been doing a little tidying up around here, giving the website a small facelift. Our contributors have not rested either, with more pack updates including NetBox, PagerDuty, Atlassian Crowd and InfluxDB. Here’s the details:

READ MORE…

StackStorm 2.9.1 and Exchange Updates

October 23, 2018
by Lindsay Hill

Late October already – where did the year go? Well at least part of it was spent making StackStorm better, and adding new packs and actions to the StackStorm Exchange. Read on for more details about StackStorm 2.9.1, and pack updates to ManageIQ, Jira, ServiceNow, InfluxDB, vSphere, and more:

READ MORE…

StackStorm HA in Kubernetes βeta – Community update

Oct 10, 2018
By Warren Van Winckel and Eugen C.

A couple weeks ago, we released the Helm chart and docker images so you could install StackStorm Enterprise HA cluster in Kubernetes.

Today, we’re glad to announce that the Community free and open source edition of StackStorm HA is now available, too! With this update we are excited to bring Kubernetes powers to the broader community and strive for greater adoption in production with better safety for all important operations you delegate to StackStorm automation engine.

Combined logo

READ MORE…

StackStorm Enterprise HA in Kubernetes – βeta

Sep 26, 2018
By Eugen C. and Warren Van Winckel

More groups are progressing from just talking about Event-Driven Automation to actually doing it in practice. StackStorm helps make this easy. When organizations start offloading business-critical tasks and automating for real it becomes essential to ensure that the Automation engine itself is not a single point of failure when it is responsible for recovering a fleet of servers, managing datacenters, and automating remediations.

StackStorm was designed to be cloud-native, API-driven, easily deployed, microservice-oriented, resilient and can be scaled out horizontally to fulfill High Availability and/or High Load demands.

Previously we only documented best practices describing how to distribute StackStorm in HA mode (docs.stackstorm.com/reference/ha.html), giving a high level overview regarding StackStorm design and how to ensure its redundancy. Based on those recommendations, some companies were spending weeks to months to codify a complex st2 HA infrastructure and iterate over their deployments until finding that “silver bullet” stability/production state.

StackStorm HA in K8s and Helm

READ MORE…