Skip to content

Release history

xyops releases

A complete workflow automation and server monitoring system.

Back to tool Latest release

All releases

32 shown

v1.0.45 Mixed
Security fixes
  • dep: lodash vulnerability fix in async sub-dependency (v4.18.1)
Notable features
  • Postgres storage engine support with pixl-server-storage v4.1.0
  • Redis storage engine support with ioredis module
  • Custom sub-job labels now visible on workflow job detail screens
Full changelog
  • 041c000: Version 1.0.45
    • Bump pixl-server-storage to v4.1.0 for new Postgres storage engine.
    • Add pg module for Postgres storage engine.
    • Add ioredis module for Redis storage engine.
    • Bump lodash (sub-dep of async) to v4.18.1 for another vuln fix.
  • 715a640: Bug Fix: Custom sub-job labels were not visible on workflow job detail screen. Fixes #242.
  • f946407: Sample Config: Add new default Postgres storage engine configuration.
  • 6f863ba: Docs: Add new storage setup doc, and link it from existing docs.
  • 46fc0be: UI Strings: Tweak limit and action table captions to be more clear about category and universal inheritance.
  • 7f962c8: UI Tweak: Fix "Copy to Clipboard" button in code viewer dialog.
  • dd937e6: Bug Fix: Upon job recovery after restart, unset job.remote flag in case job is dead (so it can abort after going stale). Fixes #240.
  • 58be32f: Meta: Add local bin/release.sh script for automating releases.

Full Diff: https://github.com/pixlcore/xyops/compare/v1.0.44...v1.0.45

View release on GitHub
v1.0.44 Bug fix
Notable features
  • Webhook headers array enforcement
  • Bulk delete page refresh
  • Workflow event target expressions
Full changelog
  • bc2a0ea: Version 1.0.44
  • ea357ff: Meta: Add release.yml to automatically generate release notes and a GH release via GH actions.
  • e379951: Servers Doc: Fix tabs that snuck into docker-compose sample.
  • e07bea5: UI Tweak: Job Details: When user content contains markdown, increase its body font size slightly.
  • a97589d: Bug Fix: Ensure web hook headers are an array at the API level, and add extra safeguards. Fixes #238.
  • 74d5778: Servers Doc: Updated automated docker workers section with new xysat configuration setup.
  • 3124d5c: Security Overview Doc: Made a few minor corrections and wording adjustments.
  • f4ba4f7: Multi/Satelite Release List APIs: Add optional verbose parameter, to include full response from GitHub.
  • 018e43b: Add SECURITY_OVERVIEW.md document, to complement THREAT_MODEL.md.
  • e8cf67b: Bulk Deletes: When internal deletion jobs complete, refresh applicable search results pages in case users are waiting. Fixes #236
  • 4c0bf02: Admin Upgrade Conductors API: Default single server pre-delay time to 5 seconds to allow for job to complete before starting upgrade.
  • 0ff5230: Workflows: Support event/job target expression in the multiplex controller, and do not abort the workflow if no servers match. Fixes #233
  • 68972b9: Docs: Remove NFS as a recommended storage configuration.
  • 888d1bf: System Diag Report: Small tweaks, trim load avg for display, add message for zero servers.

Full Diff: https://github.com/pixlcore/xyops/compare/v1.0.43...v1.0.44

View release on GitHub
v1.0.43 New feature
Breaking changes
  • API endpoints with v1 suffix return HTTP 404 on failure instead of other codes
Security fixes
  • Patched lodash vulnerability via dependency override
Notable features
  • Magic link form customization with button text and icons
  • Version upgrade indicators for conductors and satellite servers
  • Diagnostic report generation for GitHub issues
View release on GitHub
v1.0.42 Maintenance
Notable features
  • Config editor validation on save
  • Lazy-loaded marketplace thumbnails
View release on GitHub
v1.0.41 Security relevant
Security fixes
  • Patched picomatch vulnerability in pixl-tools
  • Patched nodemailer vulnerability in pixl-mail
Notable features
  • Global sidebar section hiding configuration
  • Secret vault management for plugins
View release on GitHub
v1.0.40 New feature
Breaking changes
  • Sub-job queuing now uses per-job namespace instead of shared queue
Security fixes
  • Improved secret scrubbing from webhook diagnostic output
Notable features
  • Custom SSO plugin command for validation and transformation
  • Per-job-namespace queuing for workflows
View release on GitHub
v1.0.39 Security relevant
Breaking changes
  • Macro substitution removed from system hook shell exec command
  • Built-in plugin fields locked to administrator-only
Security fixes
  • Prevented prototype pollution via secret key names and API parameters
  • Removed macro substitution from system hook commands
  • Locked down plugin HTTP URL and Docker command fields
Notable features
  • Added THREAT_MODEL.md for security audits
View release on GitHub
v1.0.38 Bugfix

- Server Monitor Alerts: Use correct server label and stripped hostname in notification text.

View release on GitHub
v1.0.37 New feature
Notable features
  • Customize sidebar section visibility in user settings
  • Plugin ID hover tooltips in Server Data Explorer
View release on GitHub
v1.0.36 Maintenance

- Feature: Recover admin access from Docker / containerized systems using a special environment variable. - UI Tweak: Set all password input field fonts to monospace.

View release on GitHub
v1.0.35 Bug fix
Notable features
  • Visual group separators in sorted event tables
  • Improved arrow icons for linked events and workflows
View release on GitHub
v1.0.34 Maintenance

- UI Tweak: When an event has a "Run Event" action attached and enabled, change the default icon. - UI Tweak: Apply hostname strip regex to conductor ID display, to be consistent with server hostnames. - UI Tweak: Show different default icons for events / workflows if they are di

View release on GitHub
v1.0.33 Bug fix
Notable features
  • Better visual distinction between manual and auto-assigned groups
View release on GitHub
v1.0.32 Bugfix

- Bug Fix: Crasher if a server group is deleted with active servers that match only said group.

View release on GitHub
v1.0.31 Bugfix

Fixed typo in Docker container startup script that prevented automatic secret key generation on initial launch.

View release on GitHub
v1.0.30 Security
Security fixes
  • Fixed XSS vulnerability on job detail screen with raw HTML
View release on GitHub
v1.0.29 New feature
Notable features
  • Markdown support in marketplace product descriptions
  • Improved marketplace UI icons and mobile responsiveness
View release on GitHub
v1.0.26 Breaking risk
Breaking changes
  • MAJOR CSRF Token system implementation requires configuration updates
  • bcrypt-node replaced with bcryptjs module
Security fixes
  • jQuery vulnerability fixes
  • CSRF token system implementation
Notable features
  • CSRF token protection for API calls
  • WebSocket authentication timeout (30 seconds)
View release on GitHub
v1.0.25 Security relevant
Security fixes
  • Enforced admin password change on first login
  • Config file permission hardening
Notable features
  • Random secret key generation on first install
  • Config files locked to 0o600 permissions in production
View release on GitHub
v1.0.24 Maintenance
Security fixes
  • Patched sub-dependency vulnerabilities in diff and pixl-request
View release on GitHub
v1.0.23 Maintenance

- Satellite API: Allow API keys containing dashes to be substituted for the token (t) parameter.

View release on GitHub
v1.0.21 New feature
Notable features
  • Every Nth schedule modifier for bi-weekly events
  • Automatic conductor hostname detection and masters.json adjustment
View release on GitHub
v1.0.20 Bugfix

Redesigned number variant text fields to properly handle optional blank fields using null values, fixing regressions with default values.

View release on GitHub
v1.0.19 Security relevant
Breaking changes
  • Marketplace plugins can no longer set their own UID/GID
Security fixes
  • Prevented marketplace plugins from setting custom UID/GID
Notable features
  • default_plugin_credentials config option
  • Elapsed time column in active jobs tables
View release on GitHub
v1.0.18 Bugfix

- Fix issue with optional number params / fields with default values, getting reset if set to empty.

View release on GitHub
v1.0.17 Maintenance

- Health Check API: Remove ACL requirement (was accidentally added).

View release on GitHub
v1.0.16 New feature
Breaking changes
  • Marketplace plugins can no longer be directly edited; must be cloned for modifications
Notable features
  • Event title and revision display in search results
  • Export historical revisions in XYPDF format
  • Last job completion date tooltip on event status
View release on GitHub
v1.0.15 New feature
Notable features
  • Internal api_finish_job API for job completion
  • WebSocket server features broadcasting to satellites
View release on GitHub
v1.0.14 Bug fix

Improved event/plugin parameter handling for omitted non-required values. Fixed UI number field float support. Fixed rollback button regression. Enhanced network robustness for late job updates. Fixed job metadata logging.

View release on GitHub

Beta — feedback welcome: [email protected]