Merged
Conversation
RUN-3601: Create false positive notice for CVE-2025-48924
…s.md Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
added Microsoft My SQL Server driver
- Common drivers:
- PostgreSQL: `org.postgresql.Driver`
- MySQL: `com.mysql.jdbc.Driver`
- MariaDB: `org.mariadb.jdbc.Driver`
- Oracle: `oracle.jdbc.OracleDriver`
- Microsoft: `com.microsoft.sqlserver.jdbc.SQLServerDriver`
commiting copilots suggestion Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Contributor
There was a problem hiding this comment.
Pull Request Overview
This PR introduces documentation for the Rundeck 5.14.0 release, which is primarily a maintenance release focused on security enhancements and bug fixes. The release addresses multiple CVEs through dependency updates and includes various stability improvements.
Key changes:
- Added comprehensive 5.14.0 release notes documenting security fixes and improvements
- Updated version configuration and release calendar
- Reorganized runner documentation sections for better readability
Reviewed Changes
Copilot reviewed 12 out of 12 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| docs/history/release-calendar.md | Added 5.14.0 release entry and removed older 5.5.0 version from support list |
| docs/history/cves/CVE-2025-48924.md | Added documentation for new CVE with false positive clarification |
| docs/history/5_x/version-5.14.0.md | Complete release notes for 5.14.0 with security fixes and feature updates |
| docs/administration/runner/using-runners/runner-using.md | Moved job output section to improve document flow |
| docs/administration/runner/runner-management/node-dispatch.md | Reorganized warning sections and improved formatting |
| docs/administration/runner/runner-management/managing-runners.md | Enhanced ACL documentation and restructured content organization |
| docs/administration/runner/runner-installation/runner-install.md | Minor formatting cleanup |
| docs/administration/runner/runner-installation/creating-runners.md | Updated system requirements and improved ACL documentation formatting |
| docs/administration/runner/index.md | Removed commented code blocks and simplified content |
| docs/.vuepress/sidebar-menus/history.ts | Added 5.14.0 version to navigation menu |
| docs/.vuepress/setup.js | Updated version constants to 5.14.0 |
| .docsearch/config.json | Updated search configuration for new version |
Comments suppressed due to low confidence (2)
docs/history/cves/CVE-2025-48924.md:13
- CVE-2025-48924 appears to reference a future CVE number. CVE numbers for 2025 are not yet assigned as it is currently August 2025. This should be verified and corrected if this is meant to reference an existing CVE.
[CVE-2025-48924](https://nvd.nist.gov/vuln/detail/CVE-2025-48924) describes an Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects commons-lang:commons-lang versions 2.0 to 2.6, and org.apache.commons:commons-lang3 versions 3.0 before 3.18.0. The vulnerability is present in the `ClassUtils.getClass(...)` method, which can throw a `StackOverflowError` on very long inputs. Since errors of this type are typically not handled, this could cause an application to stop unexpectedly. The recommended mitigation is to upgrade to version 3.18.0 or later.
docs/history/5_x/version-5.14.0.md:17
- Multiple CVE numbers listed (CVE-2025-48734, CVE-2025-48976, CVE-2025-7783) appear to reference future CVE numbers that have not been assigned yet as it is currently August 2025. These should be verified and corrected to reference actual existing CVEs.
Rundeck 5.14.0 is a maintenance release focused on security enhancements and bug fixes. This release addresses multiple CVEs including CVE-2023-3635, CVE-2025-48734, CVE-2025-48976, and CVE-2025-7783 through dependency updates across the platform.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
5.14.0 Release notes Docs