Allure Framework has released version 2.39.0, focusing primarily on security and underlying infrastructure improvements. This minor update addresses several key areas:
Key Changes
Security Enhancements:
The most significant changes are security-related. Allure 2.39.0 fixes a path traversal vulnerability in the serve and open commands, preventing potential unauthorized access to files. Additionally, the release includes improved sanitization for descriptionHtml and better escaping for ANSI helpers, mitigating risks associated with malicious content in report descriptions. These fixes are crucial for maintaining the integrity and security of your test reports, especially when using features like Allure TestOps enterprise management.
Dependency Updates:
This version includes numerous dependency bumps, such as com.diffplug.spotless, gradle-wrapper, com.fasterxml.jackson:jackson-bom, gradle/actions, and org.jsoup:jsoup. These updates are vital for maintaining compatibility, performance, and addressing underlying vulnerabilities within the framework’s components.
For a detailed list of changes, refer to the official changelog.
Impact for QA Teams
QA teams benefit from a more secure and stable Allure reporting environment. The security fixes reduce risks when generating and sharing test reports, ensuring data integrity. Updated dependencies contribute to overall system reliability, making Allure Framework reporting a safer choice.
