25.3.0
What's Changed
- Upgrade to Django v5 in #187
- Fix logic in isAuthenticated in #180
- Fix f-string in log that is broken (Upstream 16132) in #179
- Remove unused additional containers (splunk, grafana, etc...) in #184
- Remove dependency on django-crum, move to native threading. in #186
- Fix using the Ascender controller as an Inventory Source in #192
- Fix some translation issues causing text not to display in #193
- Removed options to disable gradient and custom header logo in #193
- Add better Source Var defaults for some Inventory Sources in #193
- Fix a UI caching issue when selecting Role permissions in #193
- Re-added Satellite credential in #191
Security Fixes
These CVEs were against the underlying packages we depend on, not directly on Ascender. For several of these, we did not use the affected code at all. They were resolved nevertheless as they will still be reported on any vulnerability scan on the container in your environment.
- Update django to resolve CVE-2025-59681 in #175
- Update django to resolve CVE-2025-64459 CVE-2025-64458 in #182
- Upgrade to pip 25.3 to resolve CVE-2025-8869 in #183
- Update glob / js-yaml to resolve CVE-2025-64756 & CVE-2025-64718 in #185
- Update node-forge to resolve CVE-2025-12816, CVE-2025-66031, CVE-2025-66030 in #190
- Update social-auth-app-django to resolve CVE-2025-61783 in #187
Full Changelog: 25.2.0...25.3.0