Releases: Normation/rudder
8.3.1
🆕 Features
- Filters on system update campaign events
- Security benchmark: display tags and supported policy modes (and lots of fixes)
- New "agent version" field in inventory, making it more standard between oses
- a build recipe for rudder-agent on Arch Linux AUR (non official)
🐛 Bug fix
- Improvement on webapp performance (mostly linked with compliance computation system)
- Rest API now answers with 403 when they use an unauthorized token instead of 500
- Skipped directives are now correctly displayed
8.2.6
🆕 Features
- Filters on system update campaign events
- Security benchmark: display tags and supported policy modes (and lots of fixes)
- New "agent version" field in inventory, making it more standard between oses
- A new method to set user in a local group on Windows system
- Campaign are now stored and committed in configuration repository
- a build recipe for rudder-agent on Arch Linux AUR (non official)
🐛 Bug fix
- Since Reporting plugin is decommissioned in 8.3, we remove default data storage => better performance and disk space usage overall
- Improvement on webapp performance (mostly linked with compliance computation system)
- Rest API now answers with 403 when they use an unauthorized token instead of 500
- No more control on variables existence in Mustache templating on Windows. it was recently added, but was breaking some use cases.
- Removed lots of interal backup of apache conf files on server and relays 🙈
- Skipped directives are now correctly displayed
8.3.0
Change logs for Rudder 8.3
Rudder 8.3 focuses on polishing and consolidating the features introduced in Rudder 8.
A new main menu layout
We redesigned the organization of the main menu to make it more intuitive and user-friendly.
It better represents the set of features that Rudder provides, with the benchmarks and patches and vulnerabilities feature sets in their own section
We also added new dedicated sections
for all user and access management, improved settings page with tabs.
A plugins management interface
Until now, the rudder package CLI allowed managing additional features on the Rudder server,
including the subscription features.
With this new version, it is now achievable directly from the Web interface. After a Rudder server is installed, you can
configure your Rudder account, list the plugins available depending
on your chosen subscription, and install the desired plugins in one click.
The interface allows enabling, disabling, upgrading and removing plugin, i.e., all that was possible with the rudder package CLI.
Preparation for a wide range of security benchmarks implementations
The latest major feature of Rudder, the built-in integration of security benchmarks is making progress, and we are getting ready to provide
turn-key fully configurable benchmarks for industry standards (like CIS).
They are ready to be distributed as standard Rudder plugins.
They integrate powerful customization features, targeted application by node groups,
and detailed score-based results.
More information coming soon!
Direct remediation campaigns for vulnerabilities
Rudder has detected a vulnerability affecting some of your nodes based on the installed package list.
In one click, you can create a patch campaign to remediate the vulnerability, automatically
selecting the right nodes and target packages.
You only need to set the schedule (e.g. deploy the fix this night between 1 and 4 a.m.)
Vulnerabilities ignore list
When a vulnerability affects some of your nodes, based on the list of installed packages, it
you may have a different evaluation of the vulnerability than the one provided by the vulnerability database.
In some cases, the way you use the affected package or the way the vulnerability is exploited
may not apply to your environment. In this case, it is now possible to ignore the vulnerability
altogether.
This makes your vulnerability score more relevant to your environment, and prevents false positives.
API accounts can now be authenticated using OAuth 2.0
A new About page
Provides information about the Rudder instance, and an export button
to facilitate the sharing of this information with the Rudder support team.
Rudder agent support for Windows Server 2025
Windows Server 2025 is now supported by the Rudder agent.
Loops in techniques
The techniques can now include loops. Iterations can be made at the method or block level.
This allows reusing technique parts with different parameters.
The iterations are done on a list of key-value sets, allowing,
for example, to iterate over a list of package names and versions.
This new feature is compatible with both the Linux and Windows agents.
A new method for file audits and editions
A new agent extension, exposed as a new method, is added for file editions and audits. It is based
on the Augeas library, which is a powerful tool for parsing and editing configuration files.
We added support for advanced file audits, including the ability to
check for values in a set, between two values, within an IP range, etc.
A special attention was given to the quality of the error messages, to help
understand the non-compliances directly from the Web interface, with as
much context as possible.
New RPM signing key
We are now using the same key used for other artifacts (plugins, DPKG packages) to sign our RPM packages.
The previous key was only 1024 bits long and needed to be replaced.
The installation and upgrade documentation explains how to import the new key.
💾 Installing, upgrading and testing
- Install docs for https://docs.rudder.io/reference/8.3/installation/server/debian.html[Debian/Ubuntu],
https://docs.rudder.io/reference/8.3/installation/server/rhel.html[RHEL/CentOS] and
https://docs.rudder.io/reference/8.3/installation/server/sles.html[SLES] - https://docs.rudder.io/reference/8.3/installation/upgrade/notes.html[Upgrade nodes and doc]
- https://docs.rudder.io/reference/8.3/installation/versions.html#_versions[Download links]
8.2.5
Webapp/server
⚠️ rudder package was ignoring postinstall errors, be careful on upgrade that plugins are correctly updated- rudder packages (rudder-server, rudder-agent) install logs were harmonized
- property conflicts were still displayed even if they were fixed, and were shown as "policy generation" errors, which was quite confusing
Linux agent
- It was possible to install rudder agent for a different system version than the one compatible with your system. This is now forbidden and only a valid rudder package can be installed
- Policy mode override can be lost on nodes when variable was undefined, leading to unexpected behavior (ie, enforce instead of audit )
Windows agent
- Policy update were done at each run
- Improved policies zip extraction
- Performance improvement (file loading, methods loaded in a single file)
8.2.4
Notables changes
🆕 New features/Enhancements
- You can now pass parameters to package managers through environment variables using "options" field
🩹 Bug fixes
- Server package on recent rhel like system is fixed ( changes in postgresql packaging )
- Score excludes pending nodes (system update score of pending nodes was included into dashboard
- It was impossible de to apply multiple times the same jinja2 template on a node
- Directive page was slower than before (7.3) it is fixed.
- User may be disabled when using incompatible clean date and login date
🔒 Security
- Fixed add XSS in OpenSCAP plugin (GHSA-3pxp-7gwf-xm2g)
- /var/rudder/tmp was world-readable (GHSA-xjjc-8vw4-c9p2)
- OIDC users api token got their rights from user configuration file instead of their correct provider (GHSA-gr6h-8xj2-w29c)
- Path traversal in technique resource API (GHSA-h66x-c5pj-f5f8)
More
More details about the new features and installation/upgrade procedures can be found in the change logs.
8.1.11
Notables changes
🆕 New features/Enhancements
- You can now pass parameters to package managers through environment variables using "options" field
🩹 Bug fixes
- Server package on recent rhel like system is fixed ( changes in postgresql packaging )
- Score excludes pending nodes (system update score of pending nodes was included into dashboard
- It was impossible de to apply multiple times the same jinja2 template on a node
- Directive page was slower than before (7.3) it is fixed.
- User may be disabled when using incompatible clean date and login date
🔒 Security
- Fixed add XSS in OpenSCAP plugin (GHSA-3pxp-7gwf-xm2g)
- /var/rudder/tmp was world-readable (GHSA-xjjc-8vw4-c9p2)
- OIDC users api token got their rights from user configuration file instead of their correct provider (GHSA-gr6h-8xj2-w29c)
- Path traversal in technique resource API (GHSA-h66x-c5pj-f5f8)
8.1 State and EOL
Since release of 8.2.0 on 29-10-2024, Rudder 8.1 public EOL has been set on 29-01-2025. It is set to 29-04-2025 for our premium subscribers
More
More details about the new features and installation/upgrade procedures can be found in the change logs.
8.2.3
Notables changes
🆕 New features/Enhancements
- You can now install your licenses through rudder package, using install command like this
rudder package install <NAME>-license.tar.gzespecially useful in air gaped environnement
🩹 Bug fixes
- Node software were deleted from inventory when we updated properties and settings of a Node, this may have led to inconsistencies in groups based on software and cve checks
More
More details about the new features and installation/upgrade procedures can be found in the change logs.
8.1.10
Notables changes
🆕 New features/Enhancements
- You can now install your licenses through rudder package, using install command like this
rudder package install <NAME>-license.tar.gzespecially useful in air gaped environnement
🩹 Bug fixes
- Node software were deleted from inventory when we updated properties and settings of a Node, this may have led to inconsistencies in groups based on software and cve checks
More
More details about the new features and installation/upgrade procedures can be found in the change logs.
8.2.2
Notables changes
🆕 New features/Enhancements
- Methods that allows JSON as parameters are not validating that JSON is correct
- You can now choose the timezone in which you schedule your system update campaigns, and timezones are more explicit than before
- Add Windows support to the generic method file_report_content_tail
🩹 Bug fixes
- Since 8.1 (but was more likely to appear in 8.2), we had some errors when saving properties and inventory, this was due to a misconfiguration in our database connection pool. We reworked this, fixing the issue and making Rudder faster
- Node with no rules applied had a Score of F, we changed this so that a node has no score instead to be less pessimistic
- Fixes on new system update module
🔒 Security fixes
- Better handling of migration of user file has algorithm in case of invalid hash
More
More details about the new features and installation/upgrade procedures can be found in the change logs.
8.1.9
Notables changes
🆕 New features/Enhancements
- Methods that allows JSON as parameters are not validating that JSON is correct
- You can now choose the timezone in which you schedule your system update campaigns, and timezones are more explicit than before
- Add Windows support to the generic method file_report_content_tail
🩹 Bug fixes
- Since 8.1 (but was more likely to appear in 8.2), we had some errors when saving properties and inventory, this was due to a misconfiguration in our database connection pool. We reworked this, fixing the issue and making Rudder faster
- Node with no rules applied had a Score of F, we changed this so that a node has no score instead to be less pessimistic
More
More details about the new features and installation/upgrade procedures can be found in the change logs.