Skip to content

@blag blag released this Feb 28, 2019 · 40 commits to v2.10 since this release


  • Add support for various new SSL / TLS related config options (ssl_keyfile, ssl_certfile,
    ssl_ca_certs, ssl_certfile, authentication_mechanism) to the messaging section in
    st2.conf config file.

    With those config options, user can configure things such as client based certificate
    authentication, client side verification of a server certificate against a specific CA bundle, etc.

    NOTE: Those options are only supported when using a default and officially supported AMQP backend
    with RabbitMQ server. (new feature) #4541

  • Add metrics instrumentation to the st2notifier service. For the available / exposed metrics,
    please refer to (improvement) #4536


  • Update logging code so we exclude log messages with log level AUDIT from a default service
    log file (e.g. st2api.log). Log messages with level AUDIT are already logged in a
    dedicated service audit log file (e.g. st2api.audit.log) so there is no need for them to also
    be duplicated and included in regular service log file.

    NOTE: To aid with debugging, audit log messages are also included in a regular log file when log
    level is set to DEBUG or system.debug config option is set to True.

    Reported by Nick Maludy. (improvement) #4538 #4502

  • Update pyyaml dependency to the latest version. This latest version fixes an issue which
    could result in a code execution vulnerability if code uses yaml.load in an unsafe manner
    on untrusted input.

    NOTE: StackStorm platform itself is not affected, because we already used yaml.safe_load

    Only custom packs which use yaml.load with non trusted user input could potentially be
    affected. (improvement) #4510 #4552 #4554

  • Update Orquesta to v0.4. #4551


  • Fixed the packs.pack_install / !pack install {{ packs }} action-alias to not have
    redundant patterns. Previously this prevented it from being executed via
    st2 action-alias execute 'pack install xxx'. #4511

    Contributed by Nick Maludy (Encore Technologies)

  • Fix datastore value encryption and make sure it also works correctly for unicode (non-ascii)

    Reported by @dswebbthg, @nickbaum. (bug fix) #4513 #4527 #4528

  • Fix a bug with action positional parameter serialization used in local and remote script runner
    not working correctly with non-ascii (unicode) values.

    This would prevent actions such as core.sendmail which utilize positional parameters from
    working correctly when a unicode value was provided.

    Reported by @johandahlberg (bug fix) #4533

  • Fix core.sendmail action so it specifies charset=UTF-8 in the Content-Type email
    header. This way it works correctly when an email subject and / or body contains unicode data.

    Reported by @johandahlberg (bug fix) #4533 4534

  • Fix CLI st2 apikey load not being idempotent and API endpoint /api/v1/apikeys not
    honoring desired ID for the new record creation. #4542

  • Moved the lock from concurrency policies into the scheduler to fix a race condition when there
    are multiple scheduler instances scheduling execution for action with concurrency policies.
    #4481 (bug fix)

  • Add retries to scheduler to handle temporary hiccup in DB connection. Refactor scheduler
    service to return proper exit code when there is a failure. #4539 (bug fix)

  • Update service setup code so we always ignore kombu library heartbeat_tick debug log

    Previously if DEBUG log level was set in service logging config file, but --debug
    service CLI flag / system.debug = True config option was not used, those messages were
    still logged which caused a lot of noise which made actual useful log messages hard to find.
    (improvement) #4557

Assets 2
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.