Merged
Conversation
…ails Updates the command injection CVE documentation to reflect the complete fix story, including the failed first attempt in PR #10003 and the successful fix in PR #10010. Adds technical details explaining the root cause (checking for property references after replacement), the correct fix (tracking before replacement), affected versions (3.4.1-5.19.0), and the feature flag for backwards compatibility.
Solves some snyk findings and brings a few packages up for good hygiene.
Contributor
There was a problem hiding this comment.
Pull request overview
Updates the Rundeck documentation site for the 5.20.0 release by adding new release notes content, updating navigation to point to the latest release, refreshing the related security advisory, and bumping doc build dependencies (including removing lodash usage in sidebar generation helpers).
Changes:
- Add new
5.20.0release notes page and update nav/sidebar “latest release” links to point to it. - Expand the option-escaping security advisory with clearer technical details and a fix timeline.
- Update VuePress/DocSearch/build dependencies and remove lodash usage from sidebar child generation scripts.
Reviewed changes
Copilot reviewed 12 out of 14 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| package.json | Bumps build/dependency versions; removes lodash dependency; adds/adjusts overrides. |
| docs/history/cves/2025-07-option-escaping.md | Major rewrite/expansion of the advisory, including root cause, examples, and timeline. |
| docs/history/5_x/version-5.20.0.md | New 5.20.0 release notes page content and metadata. |
| docs/administration/configuration/index.md | Updates internal links to newer doc locations. |
| docs/.vuepress/sidebar-menus/history.ts | Points “Latest Release” to 5.20.0 and adds 5.20.0 to “Previous Version Docs”. |
| docs/.vuepress/setup.js | Updates Rundeck version constants for 5.20.0. |
| docs/.vuepress/pr-feed-config.json | Updates “last self-hosted release” version/date used for PR feed generation. |
| docs/.vuepress/notes.md.nj | Removes one staff contributor entry from the notes template. |
| docs/.vuepress/navbar-menus/about.js | Updates navbar “Release Notes” link to 5.20.0. |
| docs/.vuepress/getCveChildren.js | Replaces lodash sorting with native sorting for CVE sidebar children. |
| docs/.vuepress/getChildren.js | Replaces lodash sorting with native sorting for generic sidebar children. |
| docs/.vuepress/config.ts | Removes unused lodash import. |
| .gitignore | Adds temp/ to ignored paths. |
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Jesus-Osuna-M
approved these changes
Apr 2, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.