Releases: Burnett01/rsync-deployments
8.0.5
What's Changed
- update base-image Alpine from 3.23.3 to 3.23.4 that fixes:
musl
CVE-2026-6042
CVE-2026-40200
openssl
CVE-2026-31790
CVE-2026-28387
CVE-2026-28388
CVE-2026-28389
CVE-2026-28390
CVE-2026-31789
Full Changelog: 8.0.4...8.0.5
v8
What's Changed
Version v8 (8.0.5) offers the following features:
- feat: latest Alpine 3.23.4
- feat: latest Rsync 3.4.1-r1
- feat: integrate rsync-docker 3rd party into this action as 1st party code (no more dependency, better audit, single source of truth)
- backported:
- agent-start
- agent-stop
- agent-askpass
- agent-add
- hosts-add
- hosts-clear
- new added:
- ssh-init
- hosts-init
- improved:
- stricter permissions on .ssh/ folder (700) and known_hosts (600)
- use set -eu in all scipts
- backported:
- feat: new
strict_host_keysoption to enable support for strict host key verification. Default: false (to keep backward compatibility) - feat: new
debugoption to see the commands executed (-x) by this action - feat: this action is now scanned for vulnerabilities by Snyk
- feat; this action is now scanned by CodeQL for Q/A
- feat: this action now performs CI tasks such as Validation, Linting and Unit Tests
- fix: various shell syntax for robustness
- fix: use printf and redirect output to non-stdout instead of echo in sensitive code locations
- refactor: use $HOME instead of tilde ~ for robustness
- feat: cross-platform support
- chore: Deprecate 7.0.2
- chore: EOL 7.0.0 & 7.0.1
New release channels:
From now on you can use @v8 instead of manually pinning to a version like 8.0.5.
The benefit of using v8 is that you will receive future MINOR+PATCH updates automatically, since v8 is a pointer to 8.x.x.
However, of course you are free to use the regular format like 8.0.5 directly.
Full Changelog: 7.1.0...8.0.5
Contributors:
Contributors
Assets 2
8.0.4
Contributors
Assets 2
7.0.2
Warning
DEPRECATED - See deprecation notice & SECURITY.md!
What's Changed
-
always force-upgrade rsync to get the latest security upgrades
-
new version 7.0.2 (with rsync 3.4.0), deprecate old versions, remove dead links
The latest rsync version 3.4.0 fixes a wide variety of CVE's.
See their press release: https://download.samba.org/pub/rsync/NEWS#3.4.0
The latest action version 7.0.2 is using rsync 3.4.0, so please use that.
Full Changelog: 7.0.1...7.0.2
8.0.3
Contributors
Assets 2
8.0.2
Contributors
Assets 2
8.0.1
Contributors
Assets 2
8.0.0 - regression (use v8 or 8.0.2)
Caution
EOL - End of Life - see SECURITY.md!
This release has a regression, see #90 and #89.
Use @v8 which points to 8.0.1
7.1.0
Warning
DEPRECATED - See deprecation notice & SECURITY.md!
What's Changed
-
Update Alpine from 3.19.1 to 3.22.1 via drinternet/rsync@1.5.1 (hub)
-
Update Rsync from 3.4.0-r0 to 3.4.1-r0
-
Using Githubs new "immutable releases" feature
-
Repo now supports BATS testing the entrypoint shell script, shellsheck and various integration tests
Full Changelog: 7.0.2...7.1.0
7.0.1
Caution
EOL - End of Life - see SECURITY.md!
- Pin @JoshPiper drinternet/rsync image by SHA-256 hash rather than version. (Immutability)
Added via #60
The docker image of this action is now pinned to the specific SHA-256 hash of the version rather than just the version.
This means for the latest drinternet/rsync:v1.4.4 the corresponding hash is drinternet/rsync@sha256:15b2949838074bd93c49421c22380396a0cd53a322439e799ac87afcadcfe234
Check for validation: https://hub.docker.com/layers/drinternet/rsync/v1.4.4/images/sha256-15b2949838074bd93c49421c22380396a0cd53a322439e799ac87afcadcfe234
With that, usage of this action is even more secure due to a consistent dependency chain of trust,
since changes accompanied by a docker image hash are immutable.
Thanks to @XComp
