Skip to content
Release history
OliveTin releases
OliveTin gives safe and simple access to predefined shell commands from a web interface.
Upgrade now
3000.14.0
Breaking risk
·
RCE / SSRF
RCE prevention + icon change + UI exec conditions
Review required
3000.13.0
Breaking risk
·
RCE / SSRF
API Key auth + Entity view fix
No immediate action
3000.12.0
Breaking risk
·
Popup history + reversed logs
No immediate action
3000.11.4
Breaking risk
·
Form submit fix
3000.11.3
Security relevant
patches GHSA-xx6g-43w2-9g6g
·
Security fixes
- GHSA-228v-wc5r-j8m7 - Unauthorized action output via EventStream
- GHSA-xx6g-43w2-9g6g - Email argument log injection
3000.11.2
Security relevant
·
Security fixes
- GHSA-364q-w7vh-vhpc - Unsafe UniqueTrackingId parsing enabling file writes
- Actions unauthorized for viewing no longer returned
3000.11.1
Security relevant
·
Security fixes
- GHSA-g962-2j28-3cg9 - JWT audience validation bypass
- GHSA-fwhj-785h-43hh - Crash on invalid bindings
- GHSA-gq2m-77hf-vwgh - Session fixation on logout
3000.11.0
Security relevant
·
Security fixes
- GHSA-4fqm-6fmh-82mq - Authentication bypass in KillAction
- GHSA-45m3-398w-m2m9 - Remote crash in OAuth2
Notable features
- Policy to show/hide version number
- Clickable links in action output
3000.10.2
Security relevant
patches GHSA-228v-wc5r-j8m7
·
Security fixes
- GHSA-pc8g-78pf-4xrp - Resource exhaustion via password hash
- GHSA-6f34-72v5-3cwv - Insecure cookie handling
- IDOR on ExecutionStatus API
3000.10.1
Security relevant
·
Security fixes
- CVE-2026-27626 / GHSA-49gm-hh7w-wfvf - Critical RCE via password arguments
3000.10.0
New feature
·
Notable features
- Navigate-on-start icon configuration
- Template parsing for env in password fields
3000.9.4
Maintenance
·
Fixed release trigger pipeline configuration issue that was blocking automated releases.
3000.9.3
Bug fix
·
Restored environment variable support that was accidentally removed, enabling users to reference environment variables in action configurations.
3000.9.2
Bug fix
·
Fixed calendar scheduling issues from version 2k, prevented crashes in execOnCalendarFile by safely handling nil timers.
3000.9.1
Bug fix
·
Fixed process group timeout handling to properly kill child processes when actions exceed time limits, preventing zombie processes.
3000.9.0
New feature
·
Security fixes
- Constant-time comparison for Basic auth and webhook verification
Notable features
- Enable/disable actions based on rules
- Webhook support for action triggers
- Theme selector and calendar log view
3000.9.0-beta.1
New feature
·
Security fixes
- Constant-time comparison for Basic auth verification
Notable features
- Enable/disable actions based on rules
- Webhook support for action execution
- Calendar view for logs
Search tools, categories, lists, and users
Use ↑↓ to navigate, Enter to open, Esc to close
No results for ""
⌘K to open
↑↓ navigate
⏎ open