25.2.0
What's Changed
- Add option for enabling Ansible 2.9 Collections variable
- Fix all links to external documentation
- Fix API JavaScript expansion icon. size() is long deprecated and removed
- Fix some web-socket issues and memory leaks in asyncs
- Migrate off react-script
- Notebook 7 breaks currently implementation of Jupyter, so downgrade it
- Pin django-ansible-base as last commit breaks migrations
- Re-import docs from Upstream 24.6.1 repo
- Remove alert modal if custom login settings can't be fetched
- Swap to alpine node image for UI
- Upgrade receptor to latest version
- Upgrade to latest Node 20 LTS
- (Upstream) Fix maintain order of insertions into m2m relationship tables
- (Upstream) Setting with ANSIBLE_BASE_ prefix does not need to be added to ENV var for job execution
Security Fixes
These CVEs were against the underlying packages we depend on, not directly on Ascender. For several of these, we did not use the affected code at all. They were resolved nevertheless as they will still be reported on any vulnerability scan on the container in your environment.
- Upgrade aiohttp to resolve CVE-2025-53643
- Upgrade axios to resolve CVE-2025-58754
- Upgrade django, more work was done on CVE-2025-48432
- Upgrade django again to resolve CVE-2025-57833
- Upgrade esbuild to resolve GHSA-67mh-4wv8-2f99
- Upgrade form-data to resolve CVE-2025-7783
- Upgrade on-headers to resolve CVE-2025-7339
- Upgrade kibana, etc... images to latest
- Upgrade tmp to resolve CVE-2025-54798
- Remove @cypress/instrument-cra to resolve CVE-2017-16137
- Migrate to Lingui v5 to resolve multiple CVEs
- Migrate to webpack-dev-server v5 to resolve CVE-2025-30360 CVE-2025-30359 (DEV BUILD ONLY)
- Misc Npm updates (dependencies of dependencies) to resolve multiple CVEs
Full Changelog: 25.1.0...25.2.0