This release mostly focuses on security improvements and bug fixes.
Changelog
Added
- feat: add security headers middleware (#2195) @yohamta0
- feat: add per-IP sliding window rate limiting to login endpoint (#2196) @yohamta0
- feat: add persistent DAG state (#2203) @yohamta0
Fixed
- fix: track temp files via registry file instead of subshell-local array (#2198) @kuishou68
- fix(auth): invalidate JWT tokens on password change or reset (#2199) @yohamta0
- fix(auth): move OIDC token from query param to hash fragment (#2200) @yohamta0
- fix(cors): remove invalid AllowCredentials with wildcard origin (#2201) @yohamta0
- fix: harden scheduler DAG file reload on Windows (#2204) @yohamta0
- fix: recover scheduler tick panics (#2215) @yohamta0
- fix: preserve dotenv env on retry (#2225) @yohamta0
- fix(ui): guard api-keys page against undefined config.license (#2228) @yohamta0
- fix(core): serialize Container.Env so container.env: vars appear in step output (#2231) @mingfang
Contributors
Thanks to our contributors for this release:
| Contribution | Contributor |
|---|---|
| bug: Environment variables are not loaded when retry from the failed step (#2223) | @Sky-Zeng (report) |
| [BUG] cleanup_tmpfiles in installer.sh does not clear tmp dir (#2001) | @jeremydelattre59 (report) |
| fix: track temp files via registry file instead of subshell-local array (#2198) | @kuishou68 |
| fix(core): serialize Container.Env so container.env: vars appear in step output (#2231) | @mingfang |
New Contributors
Full Changelog: v2.7.4...v2.7.5