Gatling Enterprise 1.25
Learn about the main new features of Gatling Enterprise 1.25
Highlights
Security issues fixes
This release fixes several important security issues.
We highly recommend our customers to upgrade.
Session invalidation
In several cases, sessions were not properly invalidated, and it was possible to save a session cookie and manually re-inject it in subsequent requests to be granted access.
Session cookies were not properly revoked in the following situations:
- expiration when the maximum session duration is reached as per
cookieMaxAgeinfrontline.conf(default: 8 days) - permissions modifications by an admin
- logout
- server reboot
- new log in with the same account
This release now properly invalidate session cookies in the above situations.
ACL on teams list in the admin menu
It was possible to call the /api/private/teams private API in read-only while being connected with a user who only has the Viewer or Tester role.
ACL on repositories list in the admin menu
It was possible to call the /api/private/repositories private API in read-only while being connected with a user who only has the Viewer or Tester role.
Release Notes
1.25.1 (2025-05-01)
Fixes
- SH-1053: Don’t retry fetching simulation info when the connection is refused (the boot crashed)
1.25.0 (2025-03-25)
Gatling 3.13.5
See release notes 3.13.5.
Fixes
- SH-1047: Security: Properly revoke sessions.
- SH-1048: Security: Fix ACL on admin teams list
- SH-1049: Security: Fix ACL on repositories teams list
- SH-1052: Server: Properly terminate Gatling Enterprise Server process on shutdown and free LISTEN port