kestra

v1.3.18 Bugfix

This release fixes issues for SREs watching stability and regressions.

Published 15d Automation & Workflows

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

automation data-orchestration devops high-availability iac java

+6 more

low-code lowcode orchestration pipeline pipeline-as-code workflow

Affected surfaces

rce_ssrf

Summary

AI summary

Updates 🐛 Bug Fixes ci, 📘 Subtasks version, and 🛠 Build across a mixed release.

Changes in this release

Type	Severity	Summary	CVE
Feature	Medium	Handle `,`, `;`, and `:` in filenames, throwing at creation if file name does not respect regex. Handle `,`, `;`, and `:` in filenames, throwing at creation if file name does not respect regex. Source: granite4.1:8b-q6_K@2026-05-19 Confidence: low	—
Feature	Medium	Validate filenames to allow `,`, `;`, and `:` while rejecting non‑matching regex names at creation. Validate filenames to allow `,`, `;`, and `:` while rejecting non‑matching regex names at creation. Source: granite4.1:30b@2026-05-19-audit Confidence: low	—
Bugfix
Bugfix	Medium	Replace GH_PERSONAL_TOKEN with GitHub App installation tokens in CI. Replace GH_PERSONAL_TOKEN with GitHub App installation tokens in CI. Source: granite4.1:8b-q6_K@2026-05-19 Confidence: high	—
Bugfix	Medium	Do not render Service when only workerGroups are enabled in Helm. Do not render Service when only workerGroups are enabled in Helm. Source: granite4.1:8b-q6_K@2026-05-19 Confidence: high	—
Bugfix	Medium	ParenTransversalGuard now handles encoded characters in storage. ParenTransversalGuard now handles encoded characters in storage. Source: granite4.1:8b-q6_K@2026-05-19 Confidence: low	—

Full changelog

Changelog

📘 Subtasks

version

0f19f95 update to version '1.3.18'

🐛 Bug Fixes

310aaf1 replace GH_PERSONAL_TOKEN with GitHub App installation tokens (#16044), closes #16044

helm

57a8b0e do not render Service when only workerGroups are enabled (#16032), closes #16032

storage

c0e5499 parenTransversalGuard was not handling encoded characters

global

bbf381b handle , , ; and : in filename and throw at creation if file doesnt respect regex name (#16084), closes #14224 #16084

🛠 Build

ae12df9 setup tags develocity on this release branch

Contributors

We'd like to thank the following people for their contributions:
GitHub, PERREYMOND Gilles, Roman Acevedo, YannC, YannC., brian-mulier-p, github-actions[bot]

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track kestra

Get notified when new releases ship.

About kestra

Event Driven Orchestration & Scheduling Platform for Mission Critical Applications

All releases →