22/09 Daily Promotion #41245
Merged
22/09 Daily Promotion #41245
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## Description CVE-2024-38821 is an authorization-bypass affecting Spring WebFlux apps that apply non-permitAll rules to static resources. The fix for CVE-2024-38821 is in Spring Security 6.3.4+. [Ref](https://spring.io/security/cve-2024-38821) Mitigation Strategy: We are upgrading Spring Boot to 3.3.13 which officially manages Spring Security versions. Spring Security 6.3.10 is well beyond the minimum required 6.3.4+ ### Verification Verification Results: 1. Spring Security Version Check: ✅ SECURE Current Version: Spring Security 6.3.10 Vulnerable Range: 6.3.0-6.3.3 Status: ✅ NOT VULNERABLE - Version 6.3.10 is well beyond the vulnerable range 2. All Spring Security Components Verified: ✅ SECURE ✅ spring-security-web: 6.3.10 ✅ spring-security-oauth2-client: 6.3.10 ✅ spring-security-oauth2-core: 6.3.10 ✅ spring-security-oauth2-jose: 6.3.10 ✅ spring-security-config: 6.3.10 ✅ spring-security-crypto: 6.3.10 ✅ spring-security-test: 6.3.10 3. No Vulnerable Versions Detected: ✅ CLEAN ❌ No Spring Security 6.3.0-6.3.3 versions found ❌ No vulnerable Spring Security components detected Fixes #`Issue Number` _or_ Fixes `Issue URL` > [!WARNING] > _If no issue exists, please create an issue first, and check with the maintainers if the issue is valid._ ## Automation /ok-to-test tags="@tag.Sanity" ### 🔍 Cypress test results <!-- This is an auto-generated comment: Cypress test results --> > [!TIP] > 🟢 🟢 🟢 All cypress tests have passed! 🎉 🎉 🎉 > Workflow run: <https://github.com/appsmithorg/appsmith/actions/runs/17201170729> > Commit: d588e5d > <a href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=17201170729&attempt=1" target="_blank">Cypress dashboard</a>. > Tags: `@tag.Sanity` > Spec: > <hr>Mon, 25 Aug 2025 07:17:32 UTC <!-- end of auto-generated comment: Cypress test results --> ## Communication Should the DevRel and Marketing teams inform users about this change? - [ ] Yes - [ ] No <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Chores** * Upgraded Spring Boot parent to 3.3.13 to improve stability, compatibility, and maintenance. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Description > [!TIP] > _Add a TL;DR when the description is longer than 500 words or extremely technical (helps the content, marketing, and DevRel team)._ > > _Please also include relevant motivation and context. List any dependencies that are required for this change. Add links to Notion, Figma or any other documents that might be relevant to the PR._ Fixes #`Issue Number` _or_ Fixes `Issue URL` > [!WARNING] > _If no issue exists, please create an issue first, and check with the maintainers if the issue is valid._ ## Automation /ok-to-test tags="@tag.Git" ### 🔍 Cypress test results <!-- This is an auto-generated comment: Cypress test results --> > [!TIP] > 🟢 🟢 🟢 All cypress tests have passed! 🎉 🎉 🎉 > Workflow run: <https://github.com/appsmithorg/appsmith/actions/runs/17473362736> > Commit: 9bbf40b > <a href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=17473362736&attempt=1" target="_blank">Cypress dashboard</a>. > Tags: `@tag.Git` > Spec: > <hr>Thu, 04 Sep 2025 19:26:09 UTC <!-- end of auto-generated comment: Cypress test results --> ## Communication Should the DevRel and Marketing teams inform users about this change? - [ ] Yes - [ ] No <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - Bug Fixes - Improved reliability of Git-connected workflows by automatically cleaning up dangling Git lock/index files before key operations, reducing intermittent errors and stuck states across checkouts, branch create/delete, commits, status, discard, and branch listing. - Chores - Made Git-in-memory detection more robust to avoid false positives when the Git root path is missing or contains whitespace. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
…41216) ## Description Adding responseMeta in query object even when the query fails so the header request id can be used by the user, if needed. Fixes [#8024](https://github.com/appsmithorg/appsmith-ee/issues/8024) EE PR for tests: https://github.com/appsmithorg/appsmith-ee/pull/8149 ## Automation /ok-to-test tags="@tag.All" ### 🔍 Cypress test results <!-- This is an auto-generated comment: Cypress test results --> > [!TIP] > 🟢 🟢 🟢 All cypress tests have passed! 🎉 🎉 🎉 > Workflow run: <https://github.com/appsmithorg/appsmith/actions/runs/17625800361> > Commit: c3a972f > <a href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=17625800361&attempt=2" target="_blank">Cypress dashboard</a>. > Tags: `@tag.All` > Spec: > <hr>Thu, 11 Sep 2025 06:23:42 UTC <!-- end of auto-generated comment: Cypress test results --> ## Communication Should the DevRel and Marketing teams inform users about this change? - [ ] Yes - [ ] No <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Bug Fixes** * Improved error messages and details when plugin actions or triggers fail, providing clearer context to diagnose issues. * Surfaces underlying response data on errors (when available), enabling more informative failure feedback in the UI. * Ensures action state is updated consistently after failures (clears loading and populates data/meta when present), preventing stale or misleading states. * Standardized error handling across related flows without changing successful execution behavior. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Description > [!TIP] > _Add a TL;DR when the description is longer than 500 words or extremely technical (helps the content, marketing, and DevRel team)._ > > _Please also include relevant motivation and context. List any dependencies that are required for this change. Add links to Notion, Figma or any other documents that might be relevant to the PR._ Fixes CVE-2025-48734 ## Automation /ok-to-test tags="@tag.Sanity" ### 🔍 Cypress test results <!-- This is an auto-generated comment: Cypress test results --> > [!TIP] > 🟢 🟢 🟢 All cypress tests have passed! 🎉 🎉 🎉 > Workflow run: <https://github.com/appsmithorg/appsmith/actions/runs/17723760561> > Commit: d71d66e > <a href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=17723760561&attempt=4" target="_blank">Cypress dashboard</a>. > Tags: `@tag.Sanity` > Spec: > <hr>Mon, 15 Sep 2025 08:40:18 UTC <!-- end of auto-generated comment: Cypress test results --> ## Communication Should the DevRel and Marketing teams inform users about this change? - [ ] Yes - [ ] No <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Chores** * Upgraded the underlying input validation library to a newer version across server components to incorporate upstream fixes and improvements. * Improves overall stability and security with no expected changes to user-facing behavior. * Ensures continued compatibility with modern environments and reduces maintenance risks. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Description **Before:** The appsmith-ce release image contains CVE-2024-38821 critical vulnerability. <img width="1258" height="876" alt="Screenshot 2025-09-12 at 1 41 00 PM" src="https://github.com/user-attachments/assets/6e5292c7-d073-4241-970d-511ab0533547" /> [cves_report_ce.json](https://github.com/user-attachments/files/22292789/cves_report_ce.json) **After:** The current DP image doesn't contain CVE-2024-38821 after removing pg build from server. <img width="1248" height="906" alt="Screenshot 2025-09-12 at 1 40 36 PM" src="https://github.com/user-attachments/assets/d7d2c812-d6e5-4994-9c08-923e0302b415" /> [cves_41221.txt](https://github.com/user-attachments/files/22292798/cves_41221.txt) Fixes CVE-2024-38821 ## Automation /ok-to-test tags="@tag.Sanity" ### 🔍 Cypress test results <!-- This is an auto-generated comment: Cypress test results --> > [!TIP] > 🟢 🟢 🟢 All cypress tests have passed! 🎉 🎉 🎉 > Workflow run: <https://github.com/appsmithorg/appsmith/actions/runs/17725447283> > Commit: 959d97e > <a href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=17725447283&attempt=2" target="_blank">Cypress dashboard</a>. > Tags: `@tag.Sanity` > Spec: > <hr>Mon, 15 Sep 2025 08:39:53 UTC <!-- end of auto-generated comment: Cypress test results --> ## Communication Should the DevRel and Marketing teams inform users about this change? - [ ] Yes - [x] No <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Chores** * Removed PostgreSQL support from build artifacts; only the MongoDB edition is produced going forward. * Updated Docker validation to require only the MongoDB server jar; error message reflects this change. * Simplified artifact preparation by removing PostgreSQL image extraction and related steps. * Maintains existing exit-on-failure behavior; successful MongoDB paths are unchanged. * No changes to runtime behavior for MongoDB users. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Description > [!TIP] > _Add a TL;DR when the description is longer than 500 words or extremely technical (helps the content, marketing, and DevRel team)._ > > _Please also include relevant motivation and context. List any dependencies that are required for this change. Add links to Notion, Figma or any other documents that might be relevant to the PR._ Fixes #`Issue Number` _or_ Fixes `Issue URL` > [!WARNING] > _If no issue exists, please create an issue first, and check with the maintainers if the issue is valid._ ## Automation /ok-to-test tags="@tag.Git" ### 🔍 Cypress test results <!-- This is an auto-generated comment: Cypress test results --> > [!TIP] > 🟢 🟢 🟢 All cypress tests have passed! 🎉 🎉 🎉 > Workflow run: <https://github.com/appsmithorg/appsmith/actions/runs/17826532521> > Commit: d7e0d56 > <a href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=17826532521&attempt=1" target="_blank">Cypress dashboard</a>. > Tags: `@tag.Git` > Spec: > <hr>Thu, 18 Sep 2025 11:50:06 UTC <!-- end of auto-generated comment: Cypress test results --> ## Communication Should the DevRel and Marketing teams inform users about this change? - [ ] Yes - [ ] No <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - New Features - Branch-aware Git clone/checkout with Redis-backed caching and automatic cleanup. - Operation-aware Git routing for endpoints. - Enhanced, timestamped logging for Git scripts. - Improvements - Faster, more reliable Git flows with lock-based FSM orchestration. - Consistent merge behavior that honors “keep working directory changes.” - Improved private key handling for SSH. - Error Handling - Clearer, granular Git error messages for metadata, FS ops, Redis download, and cleanup. - Documentation - Updated Git route flow documentation. - Tests - Extensive unit tests covering routing, metadata checks, cleanup gating, and key flows. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Description > [!TIP] > _Add a TL;DR when the description is longer than 500 words or extremely technical (helps the content, marketing, and DevRel team)._ > > _Please also include relevant motivation and context. List any dependencies that are required for this change. Add links to Notion, Figma or any other documents that might be relevant to the PR._ Fixes #`Issue Number` _or_ Fixes `Issue URL` > [!WARNING] > _If no issue exists, please create an issue first, and check with the maintainers if the issue is valid._ ## Automation /ok-to-test tags="@tag.Git" ### 🔍 Cypress test results <!-- This is an auto-generated comment: Cypress test results --> > [!IMPORTANT] > 🟣 🟣 🟣 Your tests are running. > Tests running at: <https://github.com/appsmithorg/appsmith/actions/runs/17855114706> > Commit: eded401 > Workflow: `PR Automation test suite` > Tags: `@tag.Git` > Spec: `` > <hr>Fri, 19 Sep 2025 10:02:49 UTC <!-- end of auto-generated comment: Cypress test results --> ## Communication Should the DevRel and Marketing teams inform users about this change? - [ ] Yes - [ ] No <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - New Features - Added support for Redis Cluster URLs in Git-connected features, enabling redis://, rediss://, and redis-cluster:// configurations. - Introduced a configurable Git root path to improve cloning behavior across environments. - Refactor - Unified Redis operations behind a single execution path to ensure consistent behavior and compatibility across connection types. - Streamlined Git initialization and argument handling to reduce edge cases during repository setup. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
Contributor
|
Important Review skippedAuto reviews are disabled on base/target branches other than the default branch. 🗂️ Base branches to auto review (2)
Please check the settings in the CodeRabbit UI or the You can disable this status message by setting the ✨ Finishing touches🧪 Generate unit tests
Tip 👮 Agentic pre-merge checks are now available in preview!Pro plan users can now enable pre-merge checks in their settings to enforce checklists before merging PRs.
Please see the documentation for more information. Example: reviews:
pre_merge_checks:
custom_checks:
- name: "Undocumented Breaking Changes"
mode: "warning"
instructions: |
Pass/fail criteria: All breaking changes to public APIs, CLI flags, environment variables, configuration keys, database schemas, or HTTP/GraphQL endpoints must be documented in the "Breaking Change" section of the PR description and in CHANGELOG.md. Exclude purely internal or private changes (e.g., code not exported from package entry points or explicitly marked as internal).Please share your feedback with us on this Discord post. Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
shadabbuchh
approved these changes
Sep 22, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Tip
Add a TL;DR when the description is longer than 500 words or extremely technical (helps the content, marketing, and DevRel team).
Please also include relevant motivation and context. List any dependencies that are required for this change. Add links to Notion, Figma or any other documents that might be relevant to the PR.
Fixes #
Issue Numberor
Fixes
Issue URLWarning
If no issue exists, please create an issue first, and check with the maintainers if the issue is valid.
Automation
/ok-to-test tags=""
🔍 Cypress test results
Caution
If you modify the content in this section, you are likely to disrupt the CI result for your PR.
Communication
Should the DevRel and Marketing teams inform users about this change?