TeamCity 2024.03.2 Release Notes

TW-87798 — Agent-side NuGet Cache cleanup is interrupted if the process cannot clean it in under 1 minute

TW-87765 — Subproject administrator cannot view NuGet feed and Artifact storage settings of a parent project

TW-63400 — Some links opens the href pages in new UI even if user has not checked option 'use experimental UI'

TW-87657 — PullRequest build feature not available for composite configurations anymore

TW-87750 — The user with the Project Administrator role can't see the NuGet feed

TW-87470 — [Vault Remote parameters] Vault query change from the Run custom build dialog is not applied

TW-86820 — Redesign the "Add new parameter" dialog: disable the button "Delete appearance settings" when parameter is uneditable

TW-86702 — Checkout rules don't work with p4 task streams in a different depot

TW-87530 — Support quotes for additional arguments in Docker wrapper

TW-87205 — dotCover runner: working dir is duplicated in Linux container on Windows agent

TW-86663 — dotCover runner: unable to start profiling in Linux container on Windows agent

TW-67454 — Web feedback from "https://www.jetbrains.com/help/teamcity/configuring-finish-build-trigger.html"

TW-86764 — Versioned settings on TeamCity throw java.lang.SecurityException: Registering shutdown hooks is not permitted

TW-87668 — Visual Studio Tests runner is broken

TW-87436 — Deadlock in TeamCity server, jetbrains.buildServer.serverSide.impl.history.DBBuildHistory.add2Cache

TW-85593 — Unclear warning "Unable to determine DSL API packages type", if pom.xml is absent in one of DSL repositories without IncrementalMode

TW-87330 — If upload custom tool archive failed with error, do not show the "To fix this installation error, upload an archive with the tool from local storage" hint

TW-87465 — UnsupportedOperationException when stopping a build

TW-87434 — Optimize data loading from ignored_tests table for MSSQL database

8 security issues were fixed. To protect customers who have not yet updated their servers, we typically withhold details about these fixes. Instead, we encourage you to review our Security Bulletin a few days after each bugfix release for more information.

In our effort to enhance transparency and due to potential delays in publishing new security bulletins (stemming from the simultaneous release of the 2022.04.6, 2022.10.5, 2023.05.5, 2023.11.5, and 2024.03.2 bug-fix updates), we have decided to provide a summary of both new and backported fixes. You can still expect details on these issues to be published in our Security Bulletin shortly.

• Path traversal allowing to read files from the server was possible

• Several stored XSS in untrusted builds settings were possible

• A third-party agent could impersonate a cloud agent

• Stored XSS via build step settings was possible

• Technical information regarding the TeamCity server could be exposed

• TeamCity users could perform actions that should not be available to them based on their permissions

• Certain TeamCity API endpoints did not check user permissions

• TeamCity server was susceptible to DoS attacks with incorrect auth tokens