Skip to content
This repository has been archived by the owner on Feb 8, 2023. It is now read-only.

Latest commit

 

History

History
34 lines (28 loc) · 2.2 KB

v201905-1.md

File metadata and controls

34 lines (28 loc) · 2.2 KB
Raw

PTFE Release v201905-1

APPLICATION LEVEL BREAKING CHANGES:

  1. Security: reverted VCS client URLs to being immutable to prevent secret leakage in the site admin.

APPLICATION LEVEL FEATURES:

  1. Added an attribute to workspaces, "speculative-enabled", which turns off speculative plans from PRs for a workspace.
  2. Added organization external-id attribute to organization API responses
  3. Added summary popup to show additional information about workspaces.
  4. Added workspace settings to switch between remote and local execution modes.
  5. Added the ability to fully manage OAuth clients and tokens while using an organization token within the API.
  6. Changed the Sentinel runtime to version 0.10.0. For the latest changes, see the release notes.
  7. Added help text to the Manage SSH Keys page to clarify the purpose of these keys
  8. Added the ability to run policy checks on Terraform versions 0.12 and higher.
  9. Changed loading spinner to a hexagon
  10. Added external ID to organization attributes on admin API endpoints
  11. Added support for generating Sentinel mocks for Terraform versions 0.12 and later.

APPLICATION LEVEL BUG FIXES:

  1. Fixed server error when viewing modules with existing versions containing semver metadata
  2. Fixed policy check UI spacing
  3. Add possible reasons to error message when setting up a workspace with an empty VCS repo
  4. Changed VCS pull request event to run a speculative plan only in workspaces which track the base branch for the PR.
  5. Fixed: Bitbucket Server repo names now display correctly for autocomplete on workspace create/edit
  6. Fixed an issue with locking when using the remote backend with a team token
  7. Fixed a site-wide performance issue by delaying Vault decryption until decryption is needed.

APPLICATION LEVEL SECURITY FIXES:

  1. Security: improved Markdown sanitization to prevent stored XSS vulnerability.
  2. Security: upgraded dependencies to address CVE-2019-11068
  3. Security: upgraded jQuery to 3.4.0 to address CVE-2019-11358.
  4. Security: Re-enabling MFA after disabling it now correctly requires all browsers and devices that previously selected "remember this device" to re-enter MFA on the next login.