Enhancements
-
[Jobs] Display awaitable signals in the job details page
Add a section that decodes and displays signal payloads sent via
Oban.Pro.Worker.signal/2. While a job is parked waiting, the section shows "Awaiting Signal" with the deadline. Once a signal arrives, it switches to "Received Signal". -
[Resolver] Add
format_signal/2resolver callbackThis allows customizing the decoded output,mirroring what's available with
format_recorded/2.
Bug Fixes
-
[Jobs] Restrict unauthorized job editing and updates with new permission
The save-job event handler previously dispatched changes from any client without checking access controls, allowing a read-only user to rewrite a job's worker module and potentially trigger code execution on the next attempt. Editing now requires
:update_jobspermission, which is enabled by default for:alland disabled for:read_only. -
[Cron] Prevent malicious cron expressions from unrestricted memory allocation
A maliciously crafted cron expression like "0 0 1--100000000 * *" could trigger multi-gigabyte allocations when
describe/1eagerly expanded the range during formatting. Range, value, and step parsing now validate against per-field bounds and require ranges to be non-decreasing, so out-of-domain inputs are rejected before any expansion occurs.