Release Notes

Information about upcoming changes, recent releases, new features, and bug fixes.

Release History

Below are specific features and bug fixes for past releases.

v98.2, 7/11/21

  • Fixed an issue where default values for SecureString variables were not be handled properly in job and run variables.
  • Fixed an issue where default values for pipeline variables were not being merged properly in scheduled jobs.
  • Various internal upgrades.

v98.1, 7/7/21

  • Fixed a bug in the coloring of markdown editors in dark theme.
  • Fixed a bug in the Create Job modal where the page could break in certain cases.

v98, 7/6/21

  • Improved the background color of various code inputs.
  • Added a verbosity option to all pipeline steps. Verbosity controls how much data is sent from the agent to the application, which determines how much data is displayed on the run page. For backwards compatibility, the default verbosity of most step modules has not changed. HTTP Request steps can now have their request/response details omitted from the run page by setting the verbosity level to warn. Any “shell” type modules can have their stdout/stderr omitted from the run page by setting the verbosity level to warn.
  • Fixed a minor bug in the drag and drop animation for variable reordering.
  • Fixed a potential security vulnerability caused by CORS misconfiguration.

v97, 6/28/21

  • Added project and organization email notification system. Notifications can be configured by visiting the project and organization settings pages.

v96, 6/22/21

Runner Agent v1.100.1

v95, 6/11/21

  • Added Inputs and Outputs tabs to the pipeline builder step sidebar. The outputs tab now shows the available fields of the steps.<step id>.result object for the selected step.
  • Removed hover effect on scrollbars.
  • The form fields for many array-type step properties now clear the property from the pipeline YAML when emptied, rather than adding an empty array.
  • The Run Pipeline dialog now opens with the current pipeline revision, rather than always the latest revision, when opened from the pipeline builder.
  • Added a description field to pipeline output variables, which is now displayed in the step sidebar for included pipeline steps.
  • Runner list API endpoints and pages now sort by created date.
  • Fixed a bug in 2 list API endpoints where one of the fields query params was not being respected.
  • Fixed a bug where several list API endpoints would have an inconsistent sort order in some cases.
  • Other various UI improvements and fixes.

Runner Agent v1.99.12

  • Added 3 new step modules for working with Helm charts. See the step module reference for more information.
  • Added a response_type property to the HTTP Request step module. If provided, this property enforces an expected response body format.
  • The HTTP Request module now supports downloading binary response bodies to a file, and will stream the response in a memory efficient manner.
  • Fixed a bug where the Docker Build & Push and Checkov modules were not respecting the Working Directory property in some cases.
  • Fixed a bug where the Terrascan module’s policy_path field was not validating correctly.
  • Fixed an issue where if a CLI-driven module outputed only whitespace on the stdout or stderr, it could cause an exception in the agent.

v94.1, 5/30/21

  • Fixed a bug that prevented some step property dropdowns from switching to expression mode.
  • Fixed a bug where some step property dropdowns with multiple inputs would appear empty.
  • Improved the behavior of some step property dropdowns to remove fields from the step when empty, rather than adding an empty array.

v94, 5/29/21

  • Internal upgrades

Runner Agent v1.97.4

v93.2, 5/24/21

  • Fixed a bug which could cause an Oops! message in the pipeline builder in rare cases.

v93.1, 5/23/21

  • Fixed/improved several UI issues in dark theme, including text selection color.
  • Improved syntax highlighting modes for various code input fields.

v93, 5/19/21

  • Added a missing field in the OpenAPI schema Run model.
  • Various minor UI cleanups and bug fixes.
  • Addressed a CVE.

Runner Agent v1.95.11

  • Added support for dynamic loops in pipeline steps. See the Building Pipelines page for more information.
  • Added Azure CLI step module.
  • Added a deepequalto test function for expressions. See the expression reference for more information.
  • Removed strict RSA format validation for SSH Public Key credential types when created dynamically using the Credential step module.
  • Fixed a bug where the condition field on steps contained the pre-evaluated value after execution. It should now be a boolean after step execution, if it was set.

v92.1, 5/7/21

  • Improved syntax highlighting contrast of various code input fields in dark theme.
  • Various minor cleanups and fixes to dark theme.
  • Removed syntax highlighting from the run page Raw Text view.
  • Added shell syntax highlighting to runner startup script input field.
  • Addressed several CVEs.

v92, 5/2/21

  • Added dark theme.

v91, 4/30/21

  • Added AWS CLI step module. See the step module reference for more information.
  • Azure Resource Group and Azure ARM Deployment step modules now support authenticating with a Tenant ID in addition to a domain name. Either value may be provided in the Azure Service Prinicipal credential.
  • Subscription ID is now optional in the Azure Service Principal credential type. Currently this value must still be provided when using the Azure Resource Group and Azure ARM Deployment step modules.

Runner Agent v1.94.6

  • The agent no longer requires a configuration file, if all required configuration properties are provided through environment variables.
  • Pipeline steps that execute as subprocesses will now inherit select environment variables from the agent process, particularly $HOME.

v90, 4/27/21

  • Added and updated icons in various places in the application.
  • Updated various empty page messages.
  • Updated error toast styles.
  • Increased the maximum number of items displayed in some dropdowns.
  • Many dialogs now autofocus the top input when opened.
  • Various other UI improvements.

v89, 4/21/21

  • Added a pinned property to pipelines which, when true, will pin the pipeline to the top of the pipeline list page.
  • Fixed a bug where entering “undefined” for a step’s ID would cause layout errors in the pipeline builder.
  • Security patches

Runner Agent v1.93.0

  • Added a date_format expression filter which can generate date strings with a customizable formatter.
  • Added underscore-separated aliases for all findStep*() expression helper functions, such as find_steps_by_tag(), to make helper names consistent.
  • Changed Ansible tool installer to inherit the system virtualenv. This change fixes an issue where pip packages installed from a Shell Script step were not resolvable by the default Python interpreter used by Ansible.
  • The Ansible tool installer no longer automatically installs the ansible[azure] or libcloud. Cloud-hosted managed runners still have these libraries installed by default.

v88.1, 4/9/21

  • Fixed a bug where the “Disable on failure” feature was not being respected when runs were failed for exceeding the maximum run duration.
  • Fixed a bug where some dropdowns were displaying images at too large a size.

v88, 3/28/21

  • Added links to included pipelines from the pipeline builder for catalog includes.
  • Reorganized API schema tags for catalog endpoints.
  • Added a feature to update pipeline revision comments after creation.
  • Various minor bug fixes and enhancements.

Runner Agent v1.92.1

  • Added hmac, quote, split, merge, and merge_deep expression filters.
  • Added a env.PIPELINE_REVISION_ID env variable.

v87.3, 3/23/21

  • Changed the permissions required to publish private catalogs. All organizations on plans enterprise starter or higher can now create and share private organization catalogs. All public catalogs still require approval from Refactr support.
  • Fixed a bug where privately shared catalogs could not be cloned in some cases.
  • Improved some API error messages.
  • Various minor UI improvements.

v87.2, 3/16/21

  • Fixed a bug where pipelines with multiple pipeline include steps were causing errors in the runner in some cases.

Runner Agent v1.91.1

  • Increased the memory usage limit for expression evaluations from 8MB to 32MB.

v87.1, 3/15/21

  • Minor fixes.

v87, 3/14/21

  • Added additional security around session tokens stored by browsers. This update will invalidate all user sessions.
  • Decreased two-factor authentication expiry from 7 days to 24 hours. Users with 2FA enabled will be be required to authorize with a mobile device after being logged out for 24 hours.

Runner Agent v1.91.0

  • Fixed a bug where ignore_errors was not working properly for pipeline include steps with failed sub-steps. ignore_errors should now properly propagate nested errors.
  • Fixed a bug where pipeline include steps contained merged input variables after execution. Pipeline include step variables are now set properly after execution.

v86.2, 3/11/21

  • Added horizontal scrollbar to the content area of most pages in the application on small screen sizes.
  • Fixed some layout issues where tables were overflowing their content area incorrectly on small screen sizes.

Runner Agent v1.90.6

  • Fixed an issue where using the Ansible installer module could lead to errors relating to the libselinux dependency not being resolved.

v86.1, 3/9/21

  • Fixed a bug where some buttons were not disabled in the builder for catalog pipelines.
  • Fixed a bug where the unsaved changes alert could appear in the builder for catalog pipelines.
  • Fixed a bug where the PIPELINE_REVISION virtual environment variable was not being set in the agent.
  • Some minor UI cleanups.

Runner Agent v1.90.5

  • Added a PIPELINE_CATALOG_ID virtual environment variable, which contains the ID of the catalog that owns the pipeline, if the run is from a catalog pipeline.

v86, 3/1/21

  • Release of Solution Catalogs. Catalogs are shared projects that can be published publicly. Users outside your organization are able to view, run, and include pipelines from published catalogs in their projects.
  • Breaking changes to API and pipeline YAML structure, detailed below.
  • Various fixes and UI improvements.

Catalogs Update Breaking Changes, 3/1/21

We will be introducing a few breaking changes and fixes in order to support the upcoming catalogs release. These changes affect the pipeline YAML schema and the resource schemas and path params of several API endpoints. If you’re currently using the Refactr API, or storing/processing pipeline definitions outside of the application, please read on.

  1. The pipeline_revision_id field of the Job API resource is changing from a number to a resource ID string.
  2. The pipeline_revision_id field of the Run API resource is changing from a number string to a resource ID string.
  3. The step properties of pipeline include steps in all pipeline definitions will have the following changes:
    1. The properties._id step property key is changing from _id to pipeline_id. The value will remain the same.
    2. The properties.revision step property key is changing from properties.revision to properties.pipeline_revision_id. The value is also changing from a number to a resource ID string.
  4. API endpoints that use a {revision} path parameter are changing to use a {revision_id} parameter. This parameter is a resource ID string, instead of a revision number.

The common theme of these changes is that “revision numbers” are changing to “revision IDs” in all interfaces.

Existing runner agents will continue to function. However, runner agent versions before 1.91.x will enter our deprecation schedule, and will eventually no longer function, so it is recommended to update your self-hosted runner agents as soon as possible. We expect to support existing versions for 2 months after this release.

Additionally, all /catalog/* endpoints will be removed. These will be replaced with a new set of /catalogs/* endpoints with the release of Solution Catalogs.

These changes are expected to take effect on 2-28-21.

v85, 2/6/21

  • Improved the security of session token storage in web browsers.
  • Added an organization image feature. To upload an image for your organization, visit Account Settings -> Organization.

v84, 2/4/21

  • Added Aqua Trivy step module. Trivy is a simple and comprehensive vulnerability scanner for containers and other artifacts.
  • Removed an undocumented webhook events endpoint. This endpoint will be added again in a future release.
  • Fixed a limitation where some step module arguments fields had a minimum length.

v83, 2/1/21

  • Added Accurics Terrascan step module. Terrascan detects security vulnerabilities and compliance violations across your Infrastructure as Code.
  • Added HashiCorp Vault credential step module. This module can fetch secrets from a HashiCorp Vault instance and load them into Refactr credentials.
  • Some minor UI updates.

v82.1, 1/26/21

  • Fixed a bug where run quotas were not being applied correctly for runs created by incoming webhook.
  • Fixed a bug where the job page would not load in some cases.
  • Fixed a minor issue in rich text editor display.

v82, 1/25/21

  • Jobs have a new trigger type called “incoming webhook”. Incoming webhook jobs can be easily triggered from external systems that fire webhook events. Variables can be arbitrarily transformed from the input request using an expression.
  • CentOS 7 containers can no longer be created from the application.
  • Some bug fixes and QoL improvements.

Runner Agent v1.88.x

  • CentOS 7 container runners are now considered deprecated and will no longer recieve updates. They will remain in the app for some time, but users are encouraged to change their runners to use CentOS 8 virtual machines.
  • Added hard isolation technology to expression evaluation. Evaluation of expressions is now sandboxed, which provides an extra layer of security. Note that this does not prevent execution of arbitrary code in your pipelines (in fact, that’s a feature!). Rather, it ensures that expressions can never escape into the runner process environment, and also places limits on CPU and memory consumption during expression evaluation.
  • The runner agent distributable has changed to a tarball (.tgz) and now contains multiple installation files. Installation documentation has been updated to reflect this change.

v81.1, 1-5-21

  • Fixed a bug where the delete project button was not showing up in the app.
  • Improved the horizontal scrolling behavior of the run event viewer on the run page.
  • Routine security updates.

v81, 12-31-20

  • Added a “summary” field to pipelines. The summary is now displayed in pipeline cards by default. The “description” field now accepts Markdown syntax, and the description is rendered as rich text on the pipeline page. This is like a “README” file and is helpful for adding more detailed documentation for a pipeline.
  • Improved the UI of the run page. Run events can now be collapsed.
  • Added a “default” option to pipeline variables. When this option is true, the pipeline variable value will be used by default when creating runs if a value is not provided. This feature allows users to provide default values for visible variables. Previously only hidden variables could be used as defaults.
  • Pipeline variable values can now be omitted when saving a pipeline revision, even if the variable is required. The values will now only be required at run time.
  • Various improvements to API behavior when providing variables to pipelines, jobs, and runs. See below for more info.
  • Various other UI improvements.

Runner Agent v1.87.x

  • Fixed a bug where npm packages installed with npm install -g were not being found by the Node.js step module.
  • Fixed a bug where project variables were overriding pipeline variables with the same key when evaluating step variables for pipeline includes. The precedence is now reversed.
  • For VM runners, the docker service is now enabled by default.

Upcoming Changes to Pipeline Variables, 12/31/20

In order smooth over some API behavior, and to pave the way for upgrades to Refactr’s variables system, we are making some changes to API and runner behavior that may be breaking for some users.

  1. Currently, project variables are overriding pipeline variables for included pipelines when the variables have the same key. This is incorrect behavior, and it will be corrected in this update by reversing the precedence (pipeline variables will take precedence over project variables with the same key when evaluating pipeline step include variables). To check whether this might be a change in behavior for your pipelines, look for project-level variables with the same keys as as pipeline variables (including those created by the “Set Variables” step module), and check if those are also being used in the step variables for an included pipeline.
  2. It’s currently possible to create pipeline runs using the API by omitting variables entirely, even if there is at least one required pipeline variable. This defers the full validation to the runner agent, which will always reject these cases. In this update, API requests to create runs (pipeline and job) without variables in the request body when at least one variable is required will be rejected with a 400 status code. Because these cases would currently fail, it’s unlikely this change will affect many users.
  3. It’s currently possible to provide a value at run time for a hidden pipeline variable when using the API. While the value will always be overridden by the hidden value, the API request will pass validation. This behavior is changing so that providing a value at run time for a hidden variable will fail with a 400 status code.
  4. Currently, when creating pipelines, variables marked as required must have a value provided. This behavior is changing so that a value is only required when the variable is marked as both hidden and required.
  5. A new “default” option will be added to pipeline variables, which will specify whether the value specified in the pipeline variables will be used by default if a value is not provided at run time. This is a backwards compatible change.

These changes are expected to take effect on 12/31/20 at midnight PST.

v80, 12-22-20

  • Fixed a rare bug in the pipeline designer that could break the page.
  • Added an env.* context variable to expressions which contains the “virtual” environment variables used by pipeline steps.
  • Improved the error message displayed when a project has no runners assigned and a pipeline is run.
  • Added a feature for guest users to leave an organization.
  • Added Vault AppRole credential type.

v79, 12-10-20

  • Added Java installer step module.

v78, 12-8-20

  • Added Bridgecrew Checkov and Checkov installer step modules.
  • Renamed “Bearer Token” credential type to “API Token”. The old “Bearer Token” (bearer_token) has been deprecated and will be removed in a future release.
  • Fixed a bug in calculation of subscription credits in certain cases.

v77, 11-24-20

  • Switch to credit-based subscriptions. Organization administrators can now configure subscription credit allocation to runner, user, and project counts.

v76, 11-12-20

  • Updated the navigation bar to match the Refactr color scheme.
  • Improved release rollout behavior, which should largely eliminate downtime during updates to the cloud-hosted platform. Expected downtime going forward will mostly be limited to planned maintenance windows.
  • Fixed a bug where self-hosted runners would not transition to Stopped state after going offline.
  • Fixed a bug where some form fields were not displaying values correctly.

Runner Agent v1.82.6

  • Added a LOG_LEVEL option to configuration file. Options are info, debug, warn, error.
  • Added global tool installer step modules for all supported tools, plus a few additional tools including the AWS CLI and HashiCorp Vault CLI (a dedicated Vault CLI step module is coming soon!).

v75, 11-7-20

  • Add an “unsaved changes” dialog when the step sidebar is closed in the builder and there are unsaved changes.
  • Improved the display of step names in builder steps.
  • Pipeline include steps in the builder now display an icon.

v74, 11-5-20

  • Users are now navigated to the job page after creating a job.
  • Fixed a bug preventing installation of custom kubectl versions from the kubectl step module.
  • Fixed a bug where some variable combinations would cause errors in the agent.

v72-v73, 10-20-20 - 11-3-20

  • Internal infrastructure upgrades.

v71, 10-20-20

  • Removed personal accounts (see below).
  • Internal infrastructure upgrades.

Personal Account Migration, 10/21/20

Currently, the Refactr Platform offers “personal” accounts, which have limited features, and are only accessible by a single user. This functionality is being replaced by “community” plans which, while still free, will require that all users be associated with a named organization.

On 10/11/20, we will be migrating all users to be associated with a single “primary” organization. All personal projects will also be moved into the primary organization assigned to each user.

Important notes:

  • Personal projects, and all data within them, including pipelines, variables, jobs, and credentials, will become owned by your organization.
    • Organization administrators will be able to view, modify, and delete all of your personal account data.
    • A temporary group will be created in organizations for each personal account migrated, granting each user access to their migrated personal projects.
  • All pending organization and project invites will be revoked, and will need to be resent.
  • If you’re not sure which organization will become your primary organization, please contact us at support@refactr.it

v70, 10-14-20

  • Internal infrastructure upgrades.
  • More info is displayed in the UI about the Authy app for 2FA authentication.
  • Fixed a minor bug in Authy push notification messages.

v69, 10-13-20

  • Improved responsive layout behavior for desktop screens.
  • Added a function-style syntax for retrieving credentials, credential('my_cred_id'). Equivalent to the filter style, 'my_cred_id' | credential.
  • Added several expression test functions for checking the state of local files and directories.
  • Fixed a bug where template expressions were being coerced to strings in some cases.
  • Minor UI improvements

v68, 10-12-20

  • Some SDK improvements (CLI, Node.js API client)
  • Minor UI improvements

v67, 10-6-20

  • Reduced minimum job scheduler interval to 1 minute.
  • Added a feature to enable/disable the automatic disabling of jobs when scheduled runs fail.
  • Minor UI improvements

v66, 10-5-20

  • Fixed a bug where some run events would have duplicates in the run log.
  • Further improvements to API error response behavior.

v65, 10-1-20

  • Updated login page design.
  • Added password reset feature from the login page.
  • Pipeline builder sidebars now remember their last position.
  • Other minor UI improvements.
  • Application performance improvements.

v64, 9-27-20

  • Login emails are now case-insensitive.
  • Improved logo display in the Authy app on mobile devices.

v63, 9-24-20

  • Improved the project chooser page with organization filter and New Project button.
  • Added close buttons to pipeline builder sidebars.
  • Users are now granted individual access to projects they create, unless they’re in the Administrators group.
  • Personal project invites have been disabled.
  • Other minor UX improvements and bug fixes.

v62, 9-20-20

  • Beta release of virtual machine hosted runners. Visit the Runners page and open the New Runner dialog to create a virtual machine runner.

v61, 9-12-20

  • Project quotas are now enforced on creation
  • Fixed a bug in the kubectl module where the dry_run option was being treated as a boolean
  • Added steps.<id> syntax to pipeline expressions. This is a more compact alternative to findStepById(id)
  • Improved run event secret replacer algorithm. Now splits secret values on newlines and treats each line as an individual secret.
  • Some minor UI fixes.

v60, 9-6-20

  • Increased default maximum run queue size to 100
  • Improved API error handling and error responses. Added JSON response data for several common API errors.
  • Some minor UI cleanups

v59, 8-30-20

  • Fixed a UI bug that was causing flashing on initial page load
  • Some minor UI cleanups

v58, 8-28-20

  • Improve application Content Security Policy headers; other application behavior tweaks
  • Application performance improvements
  • Some minor UI fixes

v57, 8-23-20

  • Added Credential step module.
  • Added more options to the runner config file for controlling log file behavior. Now supports various types of rolling logs.

v56, 8-19-20

  • Improvements to secret field UI, for example in variable forms for SecureString variables.
  • New pipeline icon.
  • Improved step module names, labels, and icons.

v55, 8-15-20

  • Minor bug fixes and performance improvements.

v54, 8-14-20

  • Improved pipeline validation. The YAML editor in the builder now gives more detailed validation error messages.
  • User is now routed to the pipeline builder after creating a new pipeline.

v53, 8-11-20

  • Added user to pipeline revision history on pipeline details page.
  • The step sidebar in the pipeline builder now displays detailed validation error messages in a tooltip.
  • The HTTP Request step module now defaults to https:// if no protocol is specified in the URL. Also improved error messages when an invalid URL is provided.

v52, 8-6-20

  • Added Go Executor step module.
  • Minor bug fixes.

v51, 8-5-20

  • Minor improvements.

v50, 7-30-20

  • Added three output suppression options to jobs and runs. These are suppress_vars, suppress_outputs, and suppress_events. With all three options enabled, no run data will be sent to the Refactr application from the runner, and variables associated with the run are not saved.
  • Other minor improvements.

v49, 7-26-20

  • Ansible playbook content and file path are now exclusive; provide one or the other but not both. Only applies to direct YAML edits.
  • Git checkout step module destination path is now optional, and defaults to the run directory
  • After cloning a pipeline, the user is now redirected to the appropriate pipeline list page.
  • All API endpoints for running pipelines now include additional JSON response fields.
  • Hidden run variables are no longer displayed on the run page in the Variables dialog.
  • Added tooltips in a few places.
  • Fixed a bug where authentication sessions could sometimes be lost without being redirected to the login page.
  • Performance improvements. In particular, initial page load time has been improved significantly.

v48, 7-20-20

  • Beta release of self-hosted runners. Users on organization plans can now create new runners from the organization settings page. See the user guide for more information.
  • Added a few secondary tools to cloud-hosted runner image, including jq CLI tool.
  • Now enforcing stricter validation on JSON and YAML inputs. In most fields in the application, YAML must only use language features that are transformable to JSON.
  • Fixed a bug where API status codes were 500 in some cases where they should have been 401.
  • Various minor UI and performance improvements.

v47, 7-2-20

  • Launched new documentation site.
  • Improved the kubectl step module significantly. The module can now execute any kubectl commands, and has an inline/file kubeconfig property for conveniently generating a kubeconfig file for the step.
  • Added a Run button to the pipeline builder page.
  • Various minor UI improvements.

v46, 6-17-20

  • Added CIS-CAT Assessor step module.
  • Some UX improvements to OpenSCAP scanner step module.
  • Fixed a bug where builder arrows could disappear in rare cases.
  • Updated documentation.

v45, 5-29-20

  • Added OpenSCAP scanner step module. This module executes the oscap and oscap-ssh tools to process SCAP content files such as XCCDF and OVAL, as well as perform automated benchmark assessments against remote systems.
  • Added Assert step module. This module can be used to fail a pipeline if a condition is not met.
  • Added Bearer Token credential type support to HTTP step module.
  • Added read_file() expression helper function.
  • Added stricter validation for SSH Private Key credentials. Now only allows PEM-encoded RSA keys.
  • Improved in-app support. New support site.
  • Some minor UI updates.
  • Updated documentation, particularly expression reference.

v44, 5-21-20

  • Added feature to set a custom image for each step in a pipeline, including built-in step modules.
  • Fixed a bug where HTTP step result fields were not set properly when the step failed and ignore_errors was true.

v43, 3-22-20

  • Added two-factor authentication feature. Enable this feature from Account Settings -> My Profile by configuring a mobile device.
  • Some UI bug fixes.

v42, 3-3-20

  • Fixed a UI bug where new Boolean variables were not being initialized correctly in some variables forms.
  • Added reference documentation for step results.
  • Added documentation about step results.
  • Added documentation about agent Idle TTL and Autostart.
  • Various other documentation cleanups.

v41, 2-28-20

  • Added result fields to script step modules (Bash, Python, Node.js, Powershell) and CLI-driven step modules (Ansible Playbook, Terraform). Fields include stdout, stderr, and exit_code.