TeamCity 2024.03.2 Release Notes
Build 156319, 29 May 2024
Bug
TW-87798 — Agent-side NuGet Cache cleanup is interrupted if the process cannot clean it in under 1 minute
TW-87765 — Subproject administrator cannot view NuGet feed and Artifact storage settings of a parent project
TW-63400 — Some links opens the href pages in new UI even if user has not checked option 'use experimental UI'
TW-87657 — PullRequest build feature not available for composite configurations anymore
TW-87750 — The user with the Project Administrator role can't see the NuGet feed
TW-87470 — [Vault Remote parameters] Vault query change from the Run custom build dialog is not applied
TW-86820 — Redesign the "Add new parameter" dialog: disable the button "Delete appearance settings" when parameter is uneditable
TW-86702 — Checkout rules don't work with p4 task streams in a different depot
TW-87530 — Support quotes for additional arguments in Docker wrapper
TW-87205 — dotCover runner: working dir is duplicated in Linux container on Windows agent
TW-86663 — dotCover runner: unable to start profiling in Linux container on Windows agent
TW-67454 — Web feedback from "https://www.jetbrains.com/help/teamcity/configuring-finish-build-trigger.html"
TW-86764 — Versioned settings on TeamCity throw java.lang.SecurityException: Registering shutdown hooks is not permitted
TW-87668 — Visual Studio Tests runner is broken
TW-87436 — Deadlock in TeamCity server, jetbrains.buildServer.serverSide.impl.history.DBBuildHistory.add2Cache
TW-85593 — Unclear warning "Unable to determine DSL API packages type", if pom.xml is absent in one of DSL repositories without IncrementalMode
TW-87330 — If upload custom tool archive failed with error, do not show the "To fix this installation error, upload an archive with the tool from local storage" hint
TW-87465 — UnsupportedOperationException when stopping a build
Performance Problem
TW-87434 — Optimize data loading from ignored_tests table for MSSQL database
Security
8 security issues were fixed. To protect customers who have not yet updated their servers, we typically withhold details about these fixes. Instead, we encourage you to review our Security Bulletin a few days after each bugfix release for more information.
In our effort to enhance transparency and due to potential delays in publishing new security bulletins (stemming from the simultaneous release of the 2022.04.6, 2022.10.5, 2023.05.5, 2023.11.5, and 2024.03.2 bug-fix updates), we have decided to provide a summary of both new and backported fixes. You can still expect details on these issues to be published in our Security Bulletin shortly.
Path traversal allowing to read files from the server was possible
Several stored XSS in untrusted builds settings were possible
A third-party agent could impersonate a cloud agent
Stored XSS via build step settings was possible
Technical information regarding the TeamCity server could be exposed
TeamCity users could perform actions that should not be available to them based on their permissions
Certain TeamCity API endpoints did not check user permissions
TeamCity server was susceptible to DoS attacks with incorrect auth tokens