LoginSign Up
← Back to all sparks
W

Woodpecker CI

INFRA · APIS
Velocity0.0

Open-source, community-driven continuous integration engine.

woodpecker-ci.org

Woodpecker CI hardens agent security and forge handling through its 3.14 release candidates

ci-cdpipelineagent-securityforge-integrationrelease-candidateopen-source
Current state
Woodpecker is iterating through 3.14.0 release candidates focused on security and agent/forge robustness: sanitizing agent-introduced state changes and log streaming, blocking registration as arbitrary agents, restricting log access, and cleaning up the Forge interface. Dependency security bumps (axios, otel, follow-redirects) and a lodash removal run throughout.
Where it's heading
The 3.14 line reads as a security-and-internals hardening cycle, tightening the agent trust boundary and forge integration rather than pushing features. The earlier 3.11 line shows the more typical mix of per-repo config features and fixes.
Prediction
Expect 3.14.0 to converge to a stable release after the RC series, continuing the agent-security and forge-handling focus.

Recent moves

  1. 1mo ago

    3.14.0-rc.2: configurable agent reconnect, forge cleanup

    Removes Auth() from the Forge interface, makes the agent reconnect retry timeout configurable, and handles re-created forge repos gracefully, refining the agent/forge internals in the 3.14 RC series.

    View source ↗
  2. 1mo ago

    3.14.0-rc.1: security bumps, agent state sanitization

    Sanitizes agent-introduced pipeline/workflow/step state changes and log streaming and bumps axios and otel for security, tightening the agent trust boundary.

    View source ↗
  3. 2mo ago

    3.14.0-rc.0: agent registration and log-access hardening

    Opens the 3.14 line by returning 404 for disallowed log access and preventing registration as arbitrary agents, setting the security-hardening theme the later RCs continue.

    View source ↗
  4. 8mo ago

    3.11.0-rc.0: per-repo config extension support

    From the earlier 3.11 line, adds a configurable per-repo config extension plus connection error-message and local-backend fixes, showing the more feature-oriented work that preceded the 3.14 hardening cycle.

    View source ↗