Skip to content

2.7.2
Compare
Choose a tag to compare
@woodpecker-bot woodpecker-bot released this 03 Nov 12:16
· 522 commits to main since this release
v2.7.2
ba382a0
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

Changelog

2.7.2 - 2024-11-03

Important

To secure your instance, set WOODPECKER_PLUGINS_PRIVILEGED to only allow specific versions of the woodpeckerci/plugin-docker-buildx plugin, use version 5.0.0 or above. This prevents older, potentially unstable versions from being privileged.

For example, to allow only version 5.0.0, use:

WOODPECKER_PLUGINS_PRIVILEGED=woodpeckerci/plugin-docker-buildx:5.0.0

To allow multiple versions, you can separate them with commas:

WOODPECKER_PLUGINS_PRIVILEGED=woodpeckerci/plugin-docker-buildx:5.0.0,woodpeckerci/plugin-docker-buildx:5.1.0

This setup ensures only specified, stable plugin versions are given privileged access.

Read more about it in #4213

❤️ Thanks to all contributors! ❤️

@6543, @anbraten, @j04n-f, @pat-s, @qwerty287

🔒 Security

  • Chore(deps): update dependency vite to v5.4.6 [security] (#4163) [#4187]

🐛 Bug Fixes

  • Don't parse forge config files multiple times if no error occured (#4272) [#4273]
  • Fix repo/owner parsing for gitlab (#4255) [#4261]
  • Run queue.process() in background [#4115]
  • Only update agent.LastWork if not done recently (#4031) [#4100]

Misc

  • Backport JS dependency updates [#4189]

Contributors

anbraten, pat-s, and 3 other contributors
Assets 25
Loading