Skip to content

Releases: Burnett01/rsync-deployments

8.0.5

17 Apr 16:54
66257ca

Choose a tag to compare

What's Changed

  • update base-image Alpine from 3.23.3 to 3.23.4 that fixes:

musl
CVE-2026-6042
CVE-2026-40200

openssl
CVE-2026-31790
CVE-2026-28387
CVE-2026-28388
CVE-2026-28389
CVE-2026-28390
CVE-2026-31789

Full Changelog: 8.0.4...8.0.5

v8

06 Dec 21:51
66257ca

Choose a tag to compare

v8-release-banner

What's Changed

Version v8 (8.0.5) offers the following features:

  • feat: latest Alpine 3.23.4
  • feat: latest Rsync 3.4.1-r1
  • feat: integrate rsync-docker 3rd party into this action as 1st party code (no more dependency, better audit, single source of truth)
    • backported:
      • agent-start
      • agent-stop
      • agent-askpass
      • agent-add
      • hosts-add
      • hosts-clear
    • new added:
      • ssh-init
      • hosts-init
    • improved:
      • stricter permissions on .ssh/ folder (700) and known_hosts (600)
      • use set -eu in all scipts
  • feat: new strict_host_keys option to enable support for strict host key verification. Default: false (to keep backward compatibility)
  • feat: new debug option to see the commands executed (-x) by this action
  • feat: this action is now scanned for vulnerabilities by Snyk
  • feat; this action is now scanned by CodeQL for Q/A
  • feat: this action now performs CI tasks such as Validation, Linting and Unit Tests
  • fix: various shell syntax for robustness
  • fix: use printf and redirect output to non-stdout instead of echo in sensitive code locations
  • refactor: use $HOME instead of tilde ~ for robustness
  • feat: cross-platform support
  • chore: Deprecate 7.0.2
  • chore: EOL 7.0.0 & 7.0.1

New release channels:

From now on you can use @v8 instead of manually pinning to a version like 8.0.5.

The benefit of using v8 is that you will receive future MINOR+PATCH updates automatically, since v8 is a pointer to 8.x.x.

However, of course you are free to use the regular format like 8.0.5 directly.

Full Changelog: 7.1.0...8.0.5

Contributors:

8.0.4

04 Feb 19:40
dc0d5d4

Choose a tag to compare

What's Changed

  • chore(deps): bump alpine from 3.23.2 to 3.23.3 #99 #100

Full Changelog: 8.0.3...8.0.4

Contributors:

7.0.2

19 Jan 14:37
fcf16a0

Choose a tag to compare

Warning

DEPRECATED - See deprecation notice & SECURITY.md!

What's Changed

3.4.0-r0

The latest rsync version 3.4.0 fixes a wide variety of CVE's.
See their press release: https://download.samba.org/pub/rsync/NEWS#3.4.0

The latest action version 7.0.2 is using rsync 3.4.0, so please use that.

Full Changelog: 7.0.1...7.0.2

8.0.3

02 Jan 21:00
7659d60

Choose a tag to compare

What's Changed

  • chore(deps): bump alpine from 3.23.0 to 3.23.2 #97 #98

Full Changelog: 8.0.2...8.0.3

Contributors:

8.0.2

07 Dec 12:00
0c90252

Choose a tag to compare

8.0.1

06 Dec 21:50

Choose a tag to compare

8.0.0 - regression (use v8 or 8.0.2)

06 Dec 16:01
Immutable release. Only release title and notes can be modified.
05a269a

Choose a tag to compare

Pre-release

Caution

EOL - End of Life - see SECURITY.md!

This release has a regression, see #90 and #89.

Use @v8 which points to 8.0.1

7.1.0

29 Aug 19:08
Immutable release. Only release title and notes can be modified.
33214bd

Choose a tag to compare

Warning

DEPRECATED - See deprecation notice & SECURITY.md!

What's Changed

Full Changelog: 7.0.2...7.1.0

7.0.1

31 Mar 16:12
796cf0d

Choose a tag to compare

Caution

EOL - End of Life - see SECURITY.md!

The docker image of this action is now pinned to the specific SHA-256 hash of the version rather than just the version.
This means for the latest drinternet/rsync:v1.4.4 the corresponding hash is drinternet/rsync@sha256:15b2949838074bd93c49421c22380396a0cd53a322439e799ac87afcadcfe234

Check for validation: https://hub.docker.com/layers/drinternet/rsync/v1.4.4/images/sha256-15b2949838074bd93c49421c22380396a0cd53a322439e799ac87afcadcfe234

With that, usage of this action is even more secure due to a consistent dependency chain of trust,
since changes accompanied by a docker image hash are immutable.

Thanks to @XComp