RhodeCode 5.2 & 5.3 are live!

Published on October 30, 2024, by Kate Kovbii


Hi All,

What if you could enhance your code management while making security and performance even stronger? With RhodeCode Enterprise 5.2 & 5.3, we've dialed up the control you have over your environment — letting you handle security, file storage, and authentication with more precision than ever before. This release gives you the tools to stay ahead, whether you're managing large-scale repositories or tightening security protocols. Let's dive into what's new and how these updates make RhodeCode even better for your enterprise needs.


Key Features in RhodeCode 5.2 & 5.3:

2FA

S3 Artifact Storage Integration

Availability: Community Edition Enterprise Edition

Users can manage large files more effectively with the newly integrated S3-based artifact storage engine, providing scalable and efficient asset handling.


Security Enhancements

Availability: Enterprise Edition

A new security tab has been added to the admin interface, allowing administrators to whitelist specific VCS client versions. It means older clients with known vulnerabilities can now be explicitly blocked, helping you safeguard your environment.

2FA enforcement for EE

We also fixed two significant security issues:

  • Problem with "apply-to-children" in repo groups which broke permissions, exposing private repositories.

  • Problem with allowing off-chain attacks to replace OID data without validating hash for already present oids.


Email-based log-in

Azure SAML Authentication

Availability: Enterprise Edition
Full support for Azure SAML authentication has been implemented, simplifying identity management and enhancing integration with enterprise authentication systems.


Additional Enhancements:

Dependency Updates

Critical dependencies, including gunicorn, orjson, zope.interface, and others, were updated to ensure performance, security, and compatibility with modern environments.

Simplified SAML Plugin Setup:

Several adjustments to SAML plugins make the configuration process faster and more straightforward.

Logging Improvements:

Added support for JSON-formatted logs in gunicorn, offering better flexibility and integration with logging tools.

SSH Wrapper Changes:

The older SSH wrapper command has been deprecated, and the newer version is now the default, offering better security and performance.

Commit-Cache Propagation:

Commit caches now propagate correctly to parent repository groups, improving performance in larger environments.

Configuration Enhancements:

Paths for Git LFS and Hg large files have been moved to the .ini configuration file, simplifying management.


Bug Fixes & Performance Improvements:

  • Email Notifications: Fixed issues with email notifications not working correctly.

  • Branch Permissions: Resolved problems with branch permission handling and locked repositories.

  • LDAP Improvements: Improved LDAP nested group extraction logic for more accurate role-based access control.

  • Database Stability: Fixed potential database corruption in cases of filesystem-related issues.

  • Documentation: Made comprehensive updates, including a new section on Kubernetes deployment to simplify setup.


RhodeCode 5.2 and 5.3 are two major releases with key updates like S3 artifact storage, Azure SAML support, and security whitelisting for VCS clients. If you're using an older version, we highly recommend reviewing the release notes for 5.2.0, 5.3.0, and 5.3.1 and upgrading to take full advantage of these new capabilities. We also encourage you to share your experience with RhodeCode 5.3 via our Feedback form.

Yours performantly,
The RhodeCode Team