Update docker.io/semaphoreui/semaphore Docker tag to v2.18.20
Easy minor upgrade without any problems whatsoever by means of Watchtower with dependency update facilitated by Mend's Renovate Bot.
This MR contains the following updates:
| Package | Update | Change |
|---|---|---|
| docker.io/semaphoreui/semaphore | patch | v2.18.12 → v2.18.20 |
Release Notes
semaphoreui/semaphore (docker.io/semaphoreui/semaphore)
v2.18.20
Bugfixes
- Validate playbook path
v2.18.19
v2.18.19 Release Summary
This patch release includes several important security and validation fixes.
Security fixes
- Added validation for Git repository URLs to prevent Git option injection.
- Added
--end-of-optionsto Git commands to make repository URL and branch handling safer. - Fixed branch override handling: task-level Git branch override is now applied only when the template explicitly allows it.
- Prevented custom roles from shadowing built-in role slugs such as owner or manager.
- Fixed permission resolution so built-in roles always use their built-in permissions instead of database-defined custom roles.
- Added validation to prevent access keys from being updated with a different ID or moved to another project.
Reliability and tests
- Added tests for Git URL validation and Git command injection protection.
- Added tests for access key update validation.
- Added tests for custom role validation and reserved role slugs.
- Refactored Git branch resolution into a dedicated helper to make task behavior more consistent.
v2.18.18
v2.18.17
v2.18.16
Bugfixes
- Fix variable groups sync functionality