Rucio WebUI 39.3.0

What's Changed

• Migrate NextJS to 16.x by @maany in #696

Full Changelog: 39.2.0...39.3.0

Rucio WebUI 38.3.0

What's Changed

Security Updates

• fix(packages): bump react to 19.2.4 and nextjs to 15.5.11 by @maany in #693
• fix(packages): upgrade packages with critical downstream vulnerabilities by @maany in #695

Security Advisory

Important: Docker containers for Rucio WebUI versions 38.2.0, 38.2.1, and 38.2.2 shipped with vulnerable downstream dependencies. Users running these versions should upgrade immediately.

Critical Vulnerabilities Addressed

Vulnerability	Affected Versions	Severity
react2shell (CVE-2025-55182)	38.2.0, 38.2.1	Critical
cipher-base, sha.js, pbkdf2	38.2.x	Critical
elliptic (ECDSA/EDDSA signatures)	38.2.x	Critical
express/body-parser DoS	38.2.x	High

Recommendation

All users are strongly encouraged to upgrade to v38.3.0 or later.

Full Changelog: 38.2.0...38.3.0

Rucio WebUI 38.2.2 - Security Patch

What's Changed

• fix(packages): bump react to 19.2.4 and nextjs to 15.5.11 by @maany in #693

Upgrades React and Next.js dependency versions to non-vulnerable releases, addressing CVE-2025-66478 and GHSA-fv66-9v8q-g76r (React2Shell) exposure in published container images.

Security Notice

Releases 38.2.0 and 38.2.1 container images bundled vulnerable React/Next.js versions due to non-pinned dependencies (^ format). While current source code scans clean when packages are installed fresh, containers built at publication time captured vulnerable versions.

Users on Release 38.2.0 or Release 38.2.1 are advised to upgrade to Release 38.2.2 immediately.

Release 39.2.0

What's Changed

• feat: add subscription details page and improvements by @maany in #690
• Improve subscription details layout and RSE list sorting by @maany in #691
• Add priority sorting for rule and lock states by @maany in #692

Full Changelog: 39.1.1...39.2.0

Release 39.1.1

What's Changed

• feat(oidc): make audience claim configurable via environment variable by @maany in #687

Full Changelog: 39.1.0...39.1.1

Release 39.1.0

What's Changed

• UX improvements: tips system, search enhancements, and bug fixes by @maany in #686

Full Changelog: 39.0.2...39.1.0

Release 39.0.2

What's Changed

• patch Middleware to decode session cookie in Edge runtime by @maany in #682

Full Changelog: 39.0.1...39.0.2

Release 39.0.1

What's Changed

• feat(auth): add NextAuth configuration and update environment templates by @maany in #681

Full Changelog: 39.0.0...39.0.1

Release 39.0.0

What's Changed

• feat: Add click-to-copy functionality for DIDs in rule page by @maany in #659
• feature-604-did_meta_search: Implement filter on DID search by extending existing functionality by @LucaPacioselli in #656
• feat: prioritize stuck and replicating rules in default sort order by @maany in #660
• Automatically trigger searches on Rule, DID and RSE pages by @maany in #661
• feat: Implement responsive grid layout for Rule details meta section by @maany in #662
• Upgrade to Next.js 15, React 19, and TanStack Query v5 by @maany in #667
• Bump actions/setup-node from 5 to 6 by @dependabot[bot] in #671
• Issue 666 DID filters improvements by @LucaPacioselli in #669
• feat(auth): Switch from IronSession to AuthJS by @maany in #670
• chore(deps): bump actions/checkout from 5 to 6 by @dependabot[bot] in #679
• [Breaking Change] Overhaul UX with a Design System, add OIDC support, E2E test foundations, Optimize build by @maany in #678
• chore: update dependencies to latest versions ( CVE-2025-55182, CVE-2025-55184, and CVE-2025-67779 ) by @maany in #680

New Contributors

• @LucaPacioselli made their first contribution in #656

Full Changelog: 38.0.0...39.0.0

Release 38.2.1

fix: revert version to 38.2.1 in package.json