Posit Connect Release Notes

Version 2024.11.0

Published

November 13, 2024

Introduction

This document contains the notes associated with each release of Posit Connect. Please contact Posit customer support () with questions about the described changes.

Posit Connect 2024.11.0

November 13, 2024

New

  • When viewing the Source Versions modal for Git-backed content, additional data is now provided for each version, including (#28036):

    • a link to the repository,
    • a link to the branch,
    • the commit date, and
    • the commit hash with a link to the commit.
  • Simplified the workflow to create and manage parameterized content. Changes to parameter override values can be saved without first running the document. (#28246, #6086, #8186, #9960)

  • API endpoints to manage API keys. (#28134)

  • Google OAuth Integrations are now supported. See the Admin Guide for details on how to configure the integration, and the Connect Cookbook for a code example that leverages Google BigQuery resources. (#28620)

  • New and existing OAuth integrations use PKCE (Proof Key for Code Exchange) for the authorization code flow by default. PKCE is required in the upcoming OAuth 2.1 specification, and is recommended in all cases. If necessary, PKCE can be disabled in a custom integration, but this is not recommended. (#26895)

  • The Connect dashboard UI which allows publishers to associate OAuth integrations with their content has been expanded and improved. (#28623)

  • Connect sets the SF_PARTNER environment variable for all content. This helps Snowflake identify connections from content hosted by Connect. (#24405)

  • Early Access configuration section to provide opt-in early access to specific features. (#28326)

  • Share links are now available as an Early Access feature

  • API endpoints to get information about installed package dependencies for a content item or for all content items. (#28227, #28230)

  • Content Search now accepts a package keyword to find content items with specific package dependencies. (#28228)

  • Python package installations now log the packages requested in requirements.txt. (#28730)

Fixed

  • Python FastAPI applications now receive a request scope based on the content URL, making them able to generate absolute URLs that point to the path where they are mounted to. FastAPI lifespan events are now also supported (#28727, #26980)

  • Resolved an issue that could result in deployment log entries appearing in runtime logs (#28310)

  • Resolved a problem with Applications.ViewerOnDemandReports where parameterized report viewers were not able to run that document. (#28457)

  • The Connect dashboard allows an environment variable delete followed by an add of the same variable name. Previously, the variable would need to be directly edited or required a save operation between the delete and re-add. (#28568)

  • Updated software components used to run interactive worker processes. (#28315, #28646, #28638)

  • Updated software components used by Posit Connect. (#28350, #28351, #28373, #28739)

  • Restored the ability to edit a tag name with a mouse click in the Admin Tag Manager (#28527)

  • Python and Quarto processes log their IDs to the content logs. (#22345)

Deprecated / Removed

  • The OAuth integrations template API now supports more robust field and option visibility rules through a new response field called visibility_expression. The visibility field is deprecated in favor of visibility_expression. (#28644)

  • Publishing Jupyter Notebooks via rsconnect-jupyter is no longer supported. Use rsconnect-python to publish notebooks from the command-line, or the Posit Publisher to publish notebooks from VS Code. (#28590)

Posit Connect 2024.09.0

September 26, 2024

New

  • Posit Connect helps administrators understand when the current product version is approaching or outside its window of support. (#23065)

    • At startup, Connect logs when the product version support window ends.

    • System checks indicate when the product version support window ends.

    • The dashboard documentation page indicates when the product version support window ends.

    • The dashboard shows a warning banner to administrators when the product version support window has ended. This notification can be disabled with Licensing.EndOfSupportUIWarning.

    The dashboard is not able to present this warning or show information about the product version support window when Server.HideVersion is enabled.

    The Posit Support Program page contains additional details about product support.

  • The R.RestoreUsesGitCredentials option is enabled by default. Configured Git credentials associated with https://github.com, https://gitlab.com, and https://bitbucket.org are made available when installing R packages. (#27902)

  • What’s new feed to communicate newly released features of Connect, features available on Connect if you upgrade to a newer version, features that you might not know about, and other helpful information. (#28033)

  • Connect validates that the configured data directory (Server.DataDir) can contain executable content. This identifies situations where this directory is mounted with the noexec option. Customize Server.DataDir if the default location (/var/lib/rstudio-connect) cannot be used for executable content. (#14118)

  • GitHub OAuth Integrations are now supported. See the Admin Guide for details on how to configure the integration, and the R and Python Cookbooks for code examples that leverage GitHub resources. (#28213)

  • API endpoints to assign thumbnail (preview) images to content. (#27282)

  • The Admin > Server Status Reports menu is renamed to Admin > System Checks. (#27266)

  • API endpoints to run system checks and obtain results from a completed run. (#27266)

  • An API endpoint to enumerate registered hosts. (#27272)

  • API endpoint to obtain the set of time zones available to the server. (#28111)

  • API endpoint to enumerate the set of Kubernetes service account names available for use. (#28092)

  • Added a configuration setting HTTPS.StrictTransportSecurityMaxAge to customize max-age when HTTP Strict Transport Security (HSTS) is enabled. (#27995)

  • OAuth2.RoleClaim value sent by authentication providers is commonly expected as a raw string but now Posit Connect also picks up a value when claim provided comes as a JSON array. #27986

  • API keys now indicate their effective user role. This lets you use more restrictive keys in many situations where you may not want your normal user rights and permissions to be available. Administrators can create “publisher” API keys which are not permitted to perform administration activities. A publisher can use a “viewer” API key to call a hosted Plumber API; that same key cannot publish content.

    Existing API keys are given the user role of their owner when Connect is upgraded to this version.

    For more information, see the User Guide. (#28013)

  • Adjusted public-access content verification timing to improve reliability. See License Management in the Posit Connect Admin Guide for additional details. (#27714)

  • Admin Guide: Added a reference architecture to deploy Posit Connect on Azure in a single server configuration (#27532)

Fixed

  • Content list search queries and filters are case insensitive. (#26994)

  • Sessions associated with an OAuth integration are now deleted when the integration itself is deleted. (#26951)

  • A warning is logged when one of the R.Executable paths is not a regular file. (#23046)

  • Improved error messages when supervisor scripts and other programs cannot be executed. (#26422)

  • Updated software components used to run processes which render R Markdown and Jupyter content. (#26893)

  • Updated software components used by Posit Connect, including responses to the following: (#27991, 28116)

    • CVE-2024-34155
    • CVE-2024-34156
    • CVE-2024-34158
  • Improved error messages when verifying OAuth integration session tokens. (#27259)

  • Streamlit runtime respects the server.maxUploadSize config setting. (#28086)

  • Parameterized R Markdown content prohibits file input parameters. (#28113)

  • Improved visibility of Parameters panel when collapsed. (#27973)

Breaking

  • The R.RestoreUsesGitCredentials option is enabled by default. Prevent configured Git credentials from being used when installing R packages by disabling the setting. (#27902)

Deprecated / Removed

  • Server.ViewerKiosk is deprecated and will be removed in an upcoming release. Use Authorization.ViewersCanRequestPrivileges instead. (#27805)

  • Server.SelfTestOnStartup is deprecated and will be removed in an upcoming release. Use Server.SystemCheckOnStartup instead. (#28119)

  • Server.SelfTestFrequency is deprecated and will be removed in an upcoming release. Use Server.SystemCheckFrequency instead. (#28119)

  • The Server.RVersion option has been removed. Use R.Executable instead and reference the full R binary path rather than the path to a directory containing an R installation. (#25901)

  • The Server.RVersionMatching option has been removed. Use R.VersionMatching instead. (#25901)

  • The Server.RVersionScanning option has been removed. Use R.ExecutableScanning instead. (#25901)

  • The Packages.External option has been removed. Use R.External instead. (#25901)

  • The Packages.ExternalsCheckIsFatal option has been removed. Use R.ExternalsCheckIsFatal instead. (#25901)

  • The Applications.RConfigActive option has been removed. Use R.ConfigActive instead. (#25901)

  • The Branding.Robots option has been removed. Use Server.Robots instead. (#25901)

Posit Connect 2024.08.0

August 07, 2024

New

  • Interactive content can have OAuth integrations for viewer identity delegation, ensuring a viewer’s data access in Connect is consistent with data-level access control lists defined in the data governance system. Configuration templates are provided for Microsoft Entra ID, Databricks, and Snowflake. Custom OAuth integrations can also be specified. (#27004)

  • New Cookbook for working with Connect using posit-sdk for Python and connectapi for R. (#27464)

  • Content owners and administrators can deactivate content items by locking them as described in the Connect User Guide. Locking content has the following effects:

    • All processes associated with the content are terminated.
    • Any scheduled runs associated with the content are paused.
    • On-demand rendering is disabled.
    • New content bundles cannot be deployed.
  • Ubuntu 24.04, SLES 15 SP6, and openSUSE 15.6 are added as supported platforms. (#27191, #27553)

  • Support for PostgreSQL 16 is added. (#27609)

Fixed

  • TensorFlow model APIs are again included with all other APIs in content listing. (#27586)

  • The Scheduled Content Admin page now displays the schedule frequency for content in local time. (#27821)

  • A space is added to the end of existing content search queries to make it easier to start typing a custom query. (#27277)

  • Changed user profile information is retained after reauthenticating (#27435)

  • Updated software components used by Posit Connect, including responses to the following: (#27514, #27482, #27533, #27938)

    • CVE-2024-24791
    • CVE-2019-25211
    • GO-2024-2567
  • Updated the PostgreSQL driver. (#27482)

Deprecated / Removed

  • Removed support for Red Hat Enterprise Linux 7 / CentOS 7. (#27536)

  • Removed support for Amazon Linux 2. (#27538)

  • The internal API to modify content environment variables is deprecated and will be removed in an upcoming release. Use the public /v1/content/{guid}/environment endpoints instead. (#27490)

  • The internal API to track tasks is deprecated and will be removed in an upcoming release. Use the public /v1/tasks/{id} endpoint instead. (#27496)

  • The internal API to assign thumbnail / preview images to content is deprecated and will be removed in an upcoming release. Use the public /v1/content/{guid}/thumbnail endpoints instead. (#27282)

Posit Connect 2024.06.0

June 26, 2024

New

  • Posit Connect performs Public-Access Content Verification as described in Software License Descriptions. Posit Connect installations that use a license with the Public-Access entitlement must be configured to allow outbound requests to Posit, and interactive content that is configured for anonymous access must be accessible to anyone on the public internet. See License Management in the Posit Connect Admin Guide for additional details. (#26217)

  • Added new query parameters to various /v1/content endpoints. (#26593)

    • GET /v1/search/content?include=vanity_url now populates the vanity_url in the result.
    • GET /v1/content?include=vanity_url now populates the vanity_url in the result.
    • GET /v1/content/<guid> now supports the include query parameter to populate optional fields in the result. Allowed options are owner,tags,vanity_url.
  • API endpoints to enumerate features used by a Connect installation. (#27265)

  • Updated the Job Launcher to version 2.17.0. (#27168)

  • The Unpublished content page located under the “Admin” navigation menu has been removed. Unpublished content can be enumerated via Content Search using the published:false filter. For more details, see Search filters in the Posit Connect User Guide. (#26850)

  • Added reference architectures for deploying Posit Connect within AWS to the Admin Guide (#27446)

Fixed

  • Correct a problem which identified some failing content processes as succeeding. Additionally, the end-time and duration of some content processes was miscalculated, which could prevent adjustments to content scheduling. This issue was most likely to affect rendered Quarto content and processes run with off-host execution. (#27370, #27363, #27395, #27404)

  • Worker processes are identified by a UUID rather than a shorter sequence. (#27185)

  • Updated software components used to run processes which install R and Python packages. (#26892)

  • Updated software components used by Posit Connect, including responses to the following: (#27176, #27159, #27384)

    • CVE-2024-24786
    • CVE-2024-24789
    • CVE-2024-24790
  • Disables the Create API Key button if Authentication.APIKeyAuth is set to false, since those keys aren’t functional with this configuration. (#25670)

  • Updated the format of the Start Time for Server Status Reports to correspond to the format for the user’s locale. (#26582)

  • Viewers are able to see the history for static content. (#27339)

  • Correct a problem where Server.PublicWarning disappears unexpectedly from the landing page. (#26511)

Deprecated / Removed

  • Internal APIs to manage vanity URLs are deprecated and will be removed in an upcoming release. Use the public /v1/content/{guid}/vanity endpoints instead. (#27263)

Posit Connect 2024.05.0

May 31, 2024

New

  • Content listing page has been redesigned to support advanced searching and filtering. (#27121)

    • Search query matches against additional content fields: name, title, description, vanity URL, and git repository URL
    • Filter results by owner, content type, and tags
    • Filter results by published status (published:<true|false>)
    • Pagination, including total results and specific pages
    • Use the browser URL to bookmark a specific content search
    • Content filters are no longer saved in browser state. Instead, use browser history (i.e. back and forward buttons) to go back to the content list with the filters you came from.
  • The Settings pane is now closed by default for all users except administrators. This allows quicker, less cluttered access to content for most users. It also improves the accessibility with large zoom factors. The config_url now adds /access, so that publishers can quickly add users to a newly published piece of content. (#26569, #27011)

  • Hosting of TensorFlow models using TensorFlow Serving. (#25985)

  • Manage the association between content and its (optional) Git repository location with the Connect Server API. (#22242, #22243, #22244, #22245, #26982)

    API endpoints:

    • GET /v1/content/GUID/repository
    • PUT /v1/content/GUID/repository
    • PATCH /v1/content/GUID/repository
    • DELETE /v1/content/GUID/repository
  • API endpoints to enumerate and download the Jump Start Examples distributed with Posit Connect. (#27038)

  • Programmatic provisioning of initial installs can use the /v1/bootstrap APIs. The /v1/experimental/bootstrap endpoint is deprecated and will be removed in an upcoming release. See Programmatic Provisioning in the Posit Connect Admin Guide for additional details. (#26660)

  • The Posit Connect diagnostics report generated by executing scripts/run-diagnostics.sh now:

    • Captures all configured PAM services along with defaults when PAM is the authentication provider. (#26926)
    • Displays pertinent system information at the top for easily comparing nodes in an HA environment. (#26809)
    • Outputs all listening interfaces on the host. (#26820)
  • Debian 12 is now a supported platform. (#26778)

  • OAuth2.GroupsClaim value received by Posit Connect is considered as a single group name when there is no GroupsSeparator configured and the groups claim is not a JSON array. (#26311)

Fixed

  • Shiny for Python applications use asyncio rather than uvloop, which prevents batching of WebSocket messages. (#26938)

  • The new user confirmation page now has the correct link. (#26839)

  • Token authentication returns HTTP 401 for an unclaimed token. (#26929)

  • A whoami warning is no longer logged when executing various R content actions in an off-host execution environment. (#26618)

  • Reactivating previously deployed content bundles no longer prevents subsequent activation attempts. (#26766)

  • Content deletion no longer produces an error when multiple deletion operations are happening concurrently. (#26480)

  • Fixed a link to generated data in the Quarto Python Jumpstart example. (#27097)

  • Updated software components used by Posit Connect, including responses to the following: (#26781)

    • CVE-2024-24787
    • CVE-2024-24788

Deprecated / Removed

  • Removed support for SUSE Linux Enterprise Server 15 SP4 / openSUSE 15.4.

  • Experimental APIs /v1/experimental/bundles, /v1/experimental/content, and /v1/experimental/tasks, deprecated since version 1.8.6 (December 2020), have been removed. Use the official /v1/bundles, /v1/content, and /v1/tasks instead. (#26641)

  • The /v1/experimental/bootstrap endpoint is deprecated and will be removed in an upcoming release. Use the /v1/bootstrap endpoint instead. (#26660)

  • Support for the migration configuration file (located at /etc/rstudio-connect/rstudio-connect-migration.gcfg by default), which was made read-only in 2023.06.0, has been removed. If you have settings that were automatically migrated during a previous upgrade please manually move them to your main configuration file. See the Configuration appendix for more details. (#26719)

Posit Connect 2024.04.1

May 07, 2024

Fixed

  • Requesting access to a piece of content no longer errors. (#26707)

  • Add / Edit Installations under the “Environments” tab no longer displays overlapping modals, which would render the modal unusable (#26782)

  • Content > Info > Usage now shows 0 for no usage history, rather than NaN (#26748)

Posit Connect 2024.04.0

April 29, 2024

New

  • Publish and run Python and R scripts on Posit Connect.

    Output from a script is available to view in the Connect dashboard. Scripts can be scheduled and have scheduled runs send customized email.

    Script support requires at least Quarto 1.4, which introduces support for script file rendering. Publishing scripts to Connect requires at least rsconnect-python 1.23.0 or rsconnect 1.2.2.

    See the user guide for more details about scripts.

  • New HTTP request latency metrics:

    Posit Connect now exposes a Prometheus metric tracking aggregate HTTP request latency. This new metric (connect_http_request_duration_seconds) is available for the following API groups: (#26015)

    • /v1/content
    • /v1/groups
    • /v1/users
  • Content owners can remove all users and groups from their content via the Access panel with one click. (#26151)

  • The optional Authentication.Notice message on the Login form is now more prominent. (#26090)

  • Content search API endpoint /__api__/v1/search/content (#26599)

    Search for content within Posit Connect using a rich query language, including sorting, paginating, and filtering by owner, content type, and tags.

Fixed

  • Server Status Reports are now more accurate for the configuration being used. They determine which checks to run when they start by enumerating the available execution environments and Python, R, and Quarto installations. Previously, this information was only computed at startup and could become outdated. (#26146)

  • Added a fix for changes to path handling in Bokeh apps. Bokeh versions between Bokeh 3.1.1 and Bokeh 3.2.2 may not handle paths correctly, so should be avoided, but older and newer versions are supported. (#24752)

  • Shiny for Python applications no longer automatically add FastAPI into the constructed virtual environment. (#26312)

  • An error is no longer logged when a scheduled or ad-hoc email does not have any recipients. This is a valid condition when users do not have an email address or are locked. (#26044)

  • Fixed some messages in the product which were not displaying the configured system display name. (#26354)

  • Updated software components used by Posit Connect, including responses to the following: (#25857, #25791)

    • CVE-2023-39320
    • CVE-2023-39320
    • CVE-2023-39319
    • CVE-2023-39321
    • CVE-2023-45288
    • CVE-2023-45857
    • CVE-2024-31207

Deprecated / Removed

  • The deprecated setting SAML.IdpMetaData has been removed. Use either SAML.IdpMetaDataURL or SAML.IdpMetaDataPath instead. If IdpMetaData is defined, Connect will fail to start. (#26509)

Posit Connect 2024.03.0

March 28, 2024

New

  • Publishers can now set vanity URLs for their content. To restrict this feature to admins only, set Authorization.PublishersCanManageVanities to false. (#26125)

  • Added a UI to view the current contents of the job queue, available as a tab in the Admin page. (#25964)

Fixed

  • Addressed an error that could occur when people repeatedly requested access for a single content item. This problem occurred only when Connect was configured to use PostgreSQL. (#26037)

  • Added quarto-cli to the default list of prohibited Python packages, as the Connect configuration indicates the available Quarto installations. (#25945)

  • Stable section anchors throughout the Connect release notes. (#24084, #25832)

  • Server Status Reports now redact environment variables containing USR, USER, and PWD. The system environment variables USER, USERNAME, and PWD are not redacted. (#25803)

  • Fixed a bug that could result in users being removed from groups when the LDAP server is unreliable or unavailable. (#26067)

  • Enforce the API hosting entitlement when license files do not communicate that feature. (#26112)

Breaking

  • Product-hosted examples and documentation require authentication. Public documentation remains available at https://docs.posit.co/connect/. (#25668, #25849)

  • The configuration setting Authorization.PublishersCanManageVanities is now enabled by default. To maintain the old behavior where vanity URL management is restricted to administrators, Authorization.PublishersCanManageVanities must be set to false. (#26125)

Deprecated / Removed

  • Vue2 and related dependencies have been upgraded to Vue3 (#26047)

Posit Connect 2024.02.0

February 27, 2024

New

  • A new metrics endpoint, using the Prometheus format, is now available and can be configured via the setting Metrics.PrometheusListen. This endpoint exports content visit counts and job queue activity metrics. For more information on what data is exposed and how to set up Prometheus to scrape your Connect host see the Operational Metrics section of the Admin Guide. (#24396,#25631,#25632,#25634,#25769,#25934)

  • Added an option to wrap long log lines in the Log Viewer. (#25638)

Fixed

  • Resolved an issue where open solo would not work for collaborators who do not own the content. (#25811)

  • Resolved an issue immediately after login where the dashboard incorrectly indicated that certain sharing options were not available. (#25943)

  • HTML tags are now properly escaped in the log view. (#22406, #24273, #25684)

  • RStudio debug logging set on the same host as Connect no longer prevents Connect from running its startup checks against Python, R, and external package definitions. (#25709)

  • Updated software components used by Posit Connect, including responses to the following: (#25855,#25858)

    • CVE-2023-7104
  • When Authentication.ChallengeResponseEnabled is set to true, a new user will be prompted for a challenge and a new password upon first login. (#25836)

  • Fix authentication user flow via browser pop-ups for content embedded in an iframe outside Connect. (#25873)

  • Start at the top when switching between tabs in the jumpstart examples (#25720)

  • A number of visual fixes to the UI (prevent flickering #25637, have consistent background colors #25636, corrected tab order on login #25704)

Posit Connect 2024.01.0

January 25, 2024

New

  • Quarto documents can produce custom email messages. Requires Quarto 1.4. (#24314)

  • Introduced the ability to configure whether local execution processes inherit environment variables from the server. Set Applications.InheritSystemEnvVars to false to disable environment variable inheritance. PATH is always inherited, regardless of this setting. Off-host execution with Kubernetes is unaffected; content executing off-host does not inherit environment variables. (#25140)

  • The Applications.DefaultAPIKeyEnv setting is automatically disabled when API key authentication is prohibited (via Authentication.APIKeyAuth). (#25665)

Fixed

  • Update the version of Packrat used by Posit Connect, which avoids many situations where multiple restore operations would attempt to manage the same cached package entry at the same time. (#20380)

  • Python virtual environments no longer automatically receive the waitress package. (#25576)

  • Quarto content using Python and the Jupyter engine includes the jupyter package in its virtual environment. (#25426)

  • Updated software components used by Posit Connect, including responses to the following: (#25342, #25311, #25628)

    • CVE-2023-48795
    • CVE-2023-45683
  • The GitCredential.Host field is validated to confirm that it resembles a host name or IP address with an optional port. (#25608)

  • Quarto content executing locally now inherits environment variables from the server by default. This behavior can be disabled by setting the new Applications.InheritSystemEnvVars setting to false. (#25140)

  • Fixed a deprecation error in content using Streamlit >= 1.29.0 which prevented application startup. (#25708)

  • Shiny for Python apps using Starlette >= 0.35.0 now run correctly. (#25645)

    • This breakage was due to Starlette updating its usage of scope["path"]. Should ASGI frameworks change their implementation of scope["path"], the environment variable CONNECT_STRICT_ASGI can be set to true or false to force strict or non-compliant treatment of scope["path"]. Use the Vars pane to adjust environment variables for any content item.

Deprecated / Removed

  • AngularJS and related dependencies have been removed (#20732)

Breaking

  • Support for Python version 3.7 has been removed. This release is no longer receiving security updates from the Python maintainers; see the Python releases page for details.

    Configuration files that include Python versions prior to 3.8 will cause an error during Connect startup. (#22693)

    • Existing Jupyter Notebooks, R Markdown reports, and Quarto content that use older Python versions can still be viewed. However, they cannot be deployed to Connect or re-rendered.
    • Existing applications and APIs that use older Python versions will no longer run. An HTTP 502 error will be returned for all requests to these applications.
    • To identify Python content deployed to Connect, use the script in /opt/rstudio-connect/scripts/find-python-envs which will list all Python virtual environments and the applications that use them.
  • The minimum supported PostgreSQL version is now 12.0. The final release of PostgreSQL 11.22 was on November 9, 2023.

Posit Connect 2023.12.0

December 18, 2023

New

  • Python interactive applications are available for all Posit Connect licenses. (#24551) Other features, including custom branding (#24553), current user execution (#24573), and no-login access to content (#25118, #25022), may be enabled by licenses. Existing licenses retain access to these features.

  • Instrumentation data now includes the requested path for non-Shiny content hosted on Posit Connect. For example, you can see which API endpoints are high traffic and which pages in a published site are viewed by your audience. See the Content Visits API Reference for more information. (#24842)

  • Audit logs now include a user_login_failure event (#24664), and the actor info for LDAP and PAM audit log add_user events is now correct. See the Admin Guide for more details.

  • Added the Server.ProxyHeaderLogging setting to enable logging for incoming request headers like X-RSC-REQUEST and X-FORWARDED-* which can be used to help debug proxy configurations. This configuration produces a lot of log messages and should be disabled once debugging is complete. (#19656)

Fixed

  • The files referenced by Branding.Logo and Branding.Favicon are no longer compared against a fixed set of known image types. (#24463)

  • The bundle upload API no longer returns an error when static content is configured with a custom RunAs user. Instead, the custom user is ignored as it is not relevant to static content. (#24857)

  • Empty content titles no longer prevent modifications to other fields in the Connect dashboard. (#25156)

  • Fixed a condition where the Server.RootRedirect configuration setting was not respected when using SAML SSO authentication. (#23451)

  • Expand the sanitization of configuration fields included in the Posit Connect diagnostics report. (#23821, #23822)

  • Updated software components used by Posit Connect, including responses to the following: (#25027, #25174)

    • CVE-2023-45283
    • CVE-2023-45284
    • CVE-2023-39326
    • CVE-2023-45285

Deprecated / Removed

  • Branding.Robots is deprecated and will be removed in an upcoming release. Use Server.Robots instead. (#24553)

Posit Connect 2023.10.0

October 31, 2023

New

  • Added support for raw NFS volume mounts when running content with off-host execution enabled. Use the Launcher.DataDirNFSHost configuration to define the NFS host. When using this setting, Launcher.DataDir defines the NFS export path. This setting is ignored when Launcher.DataDirPVCName is defined. (#23382)

  • Added support for allocating GPUs during content execution via the Connect Server API or the content runtime settings pane in the dashboard. Using GPUs requires off-host execution mode to be enabled. (#24522, #24585)

  • Adjusted recurring, internal, cleanup routines to run at slightly staggered times in order to reduce resource contention in multi-node clusters. (#24715)

  • On the Content page, pins are now listed with both title and name to help you distinguish between similarly named pins. (#19861)

  • Adds operating system support for SLES 15 SP5 and OpenSUSE 15.5.

  • Connect administrators can kill processes from the dashboard under Admin > Metrics. (#22099, #10312)

Fixed

  • The content settings pane in the dashboard has been updated. The following components have moved from the Access tab to the Runtime tab:

    • Default Execution Environment selection (#24710)
    • Service Account selection (#24711)
    • RunAs user selection (#24745)
  • Fixed a bug where content visits for Plumber, Voila, Streamlit, Dash, and Bokeh were over-counted in instrumentation metrics. Usage graphs may appear inaccurate as the dashboard displays data for the last 30 days, including content visits with a minimum data version of 1 or greater. The default content visits API minimum data version was bumped to 3 as a result of these changes. See the Historical Information section of the Admin Guide and the Content Visits API Reference for more information. (#24830)

  • Posit Connect considers the connection load with fewer workers when determining if a process is still required. Avoids situations where certain values for Scheduler.LoadFactor and Scheduler.MaxConnsPerProcess caused the termination of newly launched processes. (#18473, #24289)

  • Added conda-content-trust, conda-package-streaming, and conda-token to the default list of prohibited Python packages, since they are not available for installation with pip. (#24506, #24831)

  • Fixed a bug that caused RPackageRepository URLs beginning with "file:///" to be displayed as empty strings when logged during packrat restores. (#24552)

  • Browser URL now updates when switching between logs in the dashboard content logging visor. This can be used to share links directly to individual logs (via copy-paste). (#23546)

  • Audit logging improvements

    • Content ownership transfer events now also record the original user that owned the content. (#24436)
  • FastAPI and Shiny applications no longer limit HTTP headers to 16KB. They can now handle large numbers of groups in the RStudio-Connect-Credentials header (#24554).

  • Updated software components used by Posit Connect, including responses to the following: (#24724, #24428, #24497)

    • CVE-2023-39323
    • CVE-2023-39325
    • CVE-2023-44487
  • Connect now prevents duplicate tasks from being queued. This affects both git polling and scheduled rendering of reports. If a matching task is already in the queue, a warning will be issued. The existing task will be left in the queue, and the new item will not be added. (#21895)

  • Updated the version of Packrat used by Posit Connect. This improves the detection of the host Linux distribution used to automatically rewrite Posit Package Manager URLs when R.PositPackageManagerURLRewriting is set to auto or force-binary. In particular, support has been added or fixed for the following distributions, expanding support to all distributions supported by Connect. Note that support for SLES 15 SP3 was dropped in Posit Package Manager 2023.08.0. (#24766)

    • Rocky Linux 8 & 9 and AlmaLinux 8 & 9 (using CentOS 8 or RHEL 9 binaries)
    • Red Hat Enterprise Linux 9
    • SLES 15 SP3 (on Posit Package Manager < 2023.08.0), SP4
    • OpenSUSE 15.3 (on Posit Package Manager < 2023.08.0), 15.4
    • Amazon Linux 2 (using CentOS 7 binaries)

Posit Connect 2023.09.0

September 12, 2023

New

  • Connect now allows publishers to disable environment management for select content items. By disabling environment management, the user indicates that Connect should not perform any environment restore based on the contents of the bundle manifest. Instead, the administrator is responsible for package installation in the runtime environment. Environment management can be disabled at the bundle-level with the manifest.json, at the application-level with the Connect Server API (or through the dashboard), or globally with a server-wide default value. This feature is available for both local and off-host content execution. The Python environment management and R environment management settings can be configured independently of one another. (#23960)

  • Added support for migrating the instrumentation database from SQLite to PostgreSQL. See the Admin Guide for details. (#20148)

  • Connect has new strategies for resolving the set of R package repositories used to install packages in content environments, and controlling how configured RPackageRepository entries and content repositories are used. These are controlled with the setting R.PackageRepositoryResolution. The default behavior has changed. The new default, lax, uses a combined list of configured repositories and repositories from content. To use only configured repositories and discard content repositories, set to strict. To use the old overriding behavior, set to legacy. See the Admin Guide for more details and examples. (#23853)

  • Connect now sets the SPARK_CONNECT_USER_AGENT environment variable for all content. This can help users of hosted Apache Spark clusters (including Databricks) identify when content hosted on Connect is accessing Spark. (#24405)

  • Added a number of Quarto Jump Start examples. (#24403)

  • Connect detects and validates custom email and output metadata for rendered Quarto content. (#24371)

Fixed

  • Updated software components used by Posit Connect, including responses to the following: (#24207, #24218, #24427)

    • CVE-2023-29409
    • CVE-2023-39318
    • CVE-2023-39319
    • CVE-2023-39320
    • CVE-2023-39321
    • CVE-2023-39322
    • CVE-2023-26117
    • CVE-2023-26116
    • CVE-2023-26118
  • Do not reveal file system paths when serving some in-product resources that lack a top-level index.html file. (#24328)

  • Bundles created for Git-backed content receive correct permissions and ownership as they are written without the need for subsequent adjustment. (#24101)

  • Updated the version of Packrat used by Posit Connect to address an issue preventing the installation of R packages that cannot be loaded with library(), e.g. box. (#24217)

  • Fixed a bug where the /v1/system/caches/runtime GET endpoint could list items that are not pip caches. (#24368)

  • Improve indexing on the bundles and bundle_metadata tables. (#24251)

  • Fixed a bug in which the default Posit Connect landing page logo would briefly appear before loading a custom landing page. (#23221)

  • Python APIs and apps now flush sys.stdout after writes, so that print() calls will promptly show up in application logs. (#24560)

Breaking

  • Connect’s default behavior for handling configured RPackageRepository entries has changed. The new default behavior combines the list of configured repositories with repositories from content. See the Admin Guide for more details and examples. (#23853)

Deprecated / Removed

  • Connect no longer mounts the Python package cache if the content does not use Python. (#24222)
  • Python 3.7 is deprecated, and support will be removed in the 2024.01 edition of Connect. (#24504)

Posit Connect 2023.07.0

July 27, 2023

New

  • Fixed formatting of Connect logs and removed all coloring escape codes. (#23974)

  • Improve advice given when a Git branch does not contain deployable content. (#24049)

  • Connect can now rewrite Posit Package Manager URLs to install source or binary packages. The setting R.PositPackageManagerURLRewriting controls this behavior. When set to auto, the default, Connect will rewrite URLs referencing incompatible binary packages to install compatible binary or source packages. Use force-source to rewrite all Posit Package Manager URLs to install source packages, or force-binary for compatible binary packages. Use none to disable this behavior, although this is not recommended. For more information, see documentation on Posit Package Manager URL rewriting. This setting affects configured RPackageRepository URLs as well as repositories from from published content.

  • R packages installed from package binaries are validated with a test-load. This check discovers many system incompatibilities and missing system libraries before packages are added to the runtime package cache. (#22282)

  • Posit Connect releases after July 26th, 2023 will be signed with a new key. Our signing key is available on our website. (#23721)

Fixed

  • Fix an issue where process launch failures cause the /opt/rstudio-connect/mnt/job directory to be deleted. (#24131)

  • Improve handling of content processes which do not successfully start, including upon PAM session failures. (#22507)

  • Process list entries related to status report self-tests no longer contain broken links. (#23814)

  • Updated software components used by Posit Connect, including responses to the following: (#24133)

    • CVE-2023-29406
  • Fixed an issue where editing or deleting “Installations” from within the “Add / Edit Environments” modal would cause it to prematurely close. (#24153)

Breaking

  • The package version identifier has changed. Previously, the version identifier ended with the distribution identifier (e.g., 2023.06.0~ubuntu22, 2023.06.0.el9). The version identifier now only contains the version information (e.g., 2023.06.0). For example, the 2023.06.0 release of Connect for Ubuntu 22.04 (jammy) has the filename rstudio-connect_2023.06.0.ubuntu22_amd64.deb and version identifier 2023.06.0~ubuntu22. Moving forward, releases of Connect for Ubuntu 22.04 (jammy) will maintain the same filename format (e.g., rstudio-connect_2023.07.0.ubuntu22_amd64.deb), but the version identifier will only contain the version information (e.g., 2023.07.0). (#23838)

  • Posit Connect no longer supports Ubuntu 18.04 LTS (Bionic Beaver). See the Platform Support page for additional details. (#24070)

Posit Connect 2023.06.0

June 26, 2023

New

  • Shiny for Python is now deployable on the Connect Base license.

  • Posit Connect now supports email notifications for permission requests and content errors to any email address(es) via the Notifications.Email configuration setting. (#23641)

  • Posit Connect now logs R package repositories in use when restoring the R environment for a piece of published content. (#23613)

  • The rscadmin command-line tool no longer requires that Posit Connect be stopped when encrypting configuration values. (#23177)

  • Posit Connect documentation is produced using Quarto. (#21620, #23898, #23922, #23924, #23932, #23938)

Fixed

  • Improve display of multi-line texts in drop-down select components. (#23547)

  • Fix some checkboxes that didn’t display a checkmark when selected. (#23775)

  • Fixed an issue where the rscadmin command-line tool sent interactive prompts to disk when using the default logging configuration causing commands to fail or hang. (#23177)

  • pip warnings about a non-writable cache directory that could occur in some Connect configurations have been fixed. (#23701)

  • When systems do not set a default locale, consider C.utf8 and en_US.utf8 when running content in addition to C.UTF-8 and en_US.UTF-8. (#23980)

  • Updated software components used by Posit Connect, including responses to the following: (#23847, #23848, #23933)

    • CVE-2023-29401
    • CVE-2023-29402
    • CVE-2023-29403
    • CVE-2023-29404
    • CVE-2023-29405

Breaking

  • Posit Connect no longer attempts to migrate settings or write to the migration configuration file. Settings present in the configuration migration file should be manually moved to the main configuration file, as the append migration functionality has also been removed from the rscadmin command-line tool. See the Posit Connect Admin Guide for more details. (#23177)

  • The rscadmin command-line tool no longer uses the configure command and its associated flags, and the append migration functionality was removed. See the Posit Connect Admin Guide for additional information. (#23177)

Posit Connect 2023.05.0

May 10, 2023

New

  • Posit Connect support for off-host content execution has entered General Availability (GA). Python, Quarto, and R content can be built and executed in remote containers on Kubernetes when off-host execution is enabled.

    See our Getting Started guide to enable this feature in your installation.

    Posit Connect with off-host execution requires an Enterprise license. (#23099, #23507, #23505)

    • Administrators can manage available execution environments (images) through the new Environments dashboard or programmatically using the Connect Server API. (#21450, #22447, #23224, #23204, #23103)

    • Initial configuration of execution environments can occur using a YAML configuration file. Programmatic configuration is preferred. (#22836)

    • Publishers can select a target execution environment for an individual content item. Disable use of these targeted environments with the Applications.DefaultImageSelectionEnabled; disable use of targeted environments from manifest.json with Applications.ManifestImageSelectionEnabled (#20778, #22995, #21450)

    • Administrators can configure Connect to use a Kubernetes service account for all content jobs and/or select a content-specific service account by modifying the settings of a content item.

      Disable use of content-specific service accounts with the Launcher.KubernetesContentServiceAccountSelection option. (#22927, #22777, #23062, #22809, #23151, #23131, #23575, #23213)

  • Posit Connect now supports limiting the total RAM consumed by a single content process. Off-host execution also supports limits on CPU time, as well as memory and CPU minimums to improve node scheduling (see Resource Management for Pods and Containers). (#21972, #21983)

  • Upgrade the Posit Job Launcher to the v2.10.4 release. (#23736, #23816)

  • Configuration values representing data sizes may now be specified with binary or decimal units up to and including exabytes/exbibytes, such as 5 MB, 1 KiB, 0.5 GB. (#23447, #23448)

  • When running in off-host execution mode, Jobs, Services, and Pods in Kubernetes will have an additional label identifying the Posit Connect node that created them. The label key is connect.rstudio.com/connect-node. (#23653)

  • Added Server.URLNormalizationRedirects config option which will redirect when HTTP request paths need normalization. This is the existing behavior for Connect, but this config option now allows it to be disabled. (#21600)

Fixed

  • Accessibility fixes focused on color contrast and keyboard functionality throughout the product (#22521, #22524, #22526, #22527, #22528, #22531, #22533, #22534, #22764, #22768, #22769, #23029)

  • The RSTUDIO_PRODUCT environment variable is set during R and Python package installation. (#23500)

  • The R_CONFIG_ACTIVE environment variable used by the config R package is no longer included in the default set of prohibited environment variable names given by Applications.ProhibitedEnvironment. The R_CONFIG_ACTIVE environment has a default value taken from the R.ConfigActive configuration setting, but individual content items may override this value. Administrators can prohibit content from overriding R_CONFIG_ACTIVE by adding it to Applications.ProhibitedEnvironment. (#23540)

  • Fixed an issue with running a Server Status Report when using off-host execution. (#23211)

  • Fixed a performance issue when constructing the tag hierarchy. (#22804)

  • The set of available time zones and offsets is calculated when requested by the dashboard, not at server start-up. This resolves a problem where the dashboard could present time zone offsets that did not reflect Daylight Savings. This issue did not affect existing scheduled content. (#23474)

  • Fixed an issue with MinProcesses enforcement for content that does not involve worker processes, causing repeated error messages in the logs. (#23761)

  • Allow incoming manifest.json even when some R packages lack a repository URL, as this can occur when referenced packages have been archived by CRAN. (#23673)

  • Updated software components used by Posit Connect, including responses to the following: (#23453, #23349, #23718, #23772)

    • CVE-2023-24537
    • CVE-2023-24538
    • CVE-2023-24534
    • CVE-2023-24536
    • CVE-2023-28119
    • CVE-2022-41912
    • CVE-2023-24539
    • CVE-2023-24540
    • CVE-2023-29400
    • CVE-2023-26125
  • Prohibit configuration of Server.DataDir and other paths which resolve beneath the /opt/rstudio-connect installation hierarchy and include sub-directory names that begin with "..". (#23179)

  • Posit Connect dashboard pages should automatically navigate off of login page if user session is authenticated within another tab or window. (#23633)

  • Unhandled exception in browser when exiting the Confirm Password Dialog has been eliminated. (#23643)

  • Extraneous console errors while loading login page have been removed. (#23055)

  • Connect will perform a redirect when a URL requires normalization (i.e. duplicate /, . or .., etc). Previously, the Location header in the redirect was the relative path; however, this allowed carefully crafted URLs to redirect to alternative domains. Connect now uses absolute URLs for the redirect, or does not perform the redirect at all if the proper host cannot be determined. (#20836)

    • CVE-2022-38131
  • 404 error within the dashboard after user clicks ‘Sign Up’. Only applicable to a Connect server configured with password authentication and deployed behind a reverse proxy. (#23702)

  • Fixed bug where Connect logo no longer linked back to Content page (#23743)

Breaking

  • The migrate rebuild command has been removed, replaced by tools and APIs allowing more granular management of the R and Python runtime caches.

    The Admin Guide explains when you may need to adjust the runtime caches and what commands to use.

    The rsconnect-python package contains commands which take the place of rebuild migrate:

    • rsconnect content search - Enumerates content deployed to a Connect server.
    • rsconnect content build - Builds environments associated with content items.
    • rsconnect system caches list - Enumerate the R and Python runtime caches managed by Connect
    • rsconnect system caches delete - Delete a runtime cache.

    The following Server API endpoints are called by rsconnect-python and available for use:

    • POST /v1/content/{guid}/build - Builds the environment associated with a content item.
    • GET /v1/system/caches/runtime - Enumerates the R and Python runtime caches managed by Connect.
    • DELETE /v1/system/caches/runtime - Delete a runtime cache.

    The API Cookbook contains examples showing how to use the new Server API endpoints.

Posit Connect 2023.03.0

March 13, 2023

New

  • When permitted by the system, the sandbox used to run content processes now includes a user namespace for additional process isolation. (#22872)

  • Connect now utilizes Logging environment variables early in its startup process, causing service logging settings to be configured before anything else. (#22101)

    See the Logging section for more information about how to set up service logging using environment variables.

  • Added support for validating the global default Kubernetes service account against the service accounts identified by Launcher. (#22722)

  • Increases the launcher client certificate expiry to 10y for new client certificates. (#22627)

  • Support for PostgreSQL 15. (#22886)

  • Connect will serve a default robots.txt that disallows all crawling. Admins can specify a custom robots.txt using the Branding.Robots configuration option. (#22105)

  • Jupyter notebooks published in Connect can now use ipywidgets for interactivity via the Voila package. Install the rsconnect-python 1.15.0 or newer and use rsconnect deploy voila to deploy the notebook, or install rsconnect-jupyter 1.8.0 or newer and use the pushbutton publishing UI. See the user documentation for more information.

  • Updated software components used by Posit Connect, including responses to the following. (#22852, #22890, #22988, #23143)

    • CVE-2022-41722
    • CVE-2022-41725
    • CVE-2022-41724
    • CVE-2022-41723
    • CVE-2023-24532

Fixed

  • Fixed an issue where rserver-monitor errors repeatedly while reading memory usage metrics when cgroups v2 is enabled. (#22118) (This note was accidentally omitted from the initial 2023.03.0 release.)

  • Fix Date headers on emails sent by Connect. (#23091)

  • Accessibility fixes focused on color contrast and keyboard functionality throughout the product (#23029, #22766, #22765, #22529, #22522, #22520, #22519, #22518, #22517, #22516, #22515, #22513, #22523, #22525, #22530, #22532, #22763, #22764, #22767)

  • Expanded the set of environment variables which are unset after Connect initialization. (#22873)

  • Individual content items cannot customize the RSTUDIO_PRODUCT environment variable. (#22862)

  • Updated the version of Packrat used by Posit Connect to address an issue preventing the installation of R packages from subdirectories of GitHub, GitLab, and Bitbucket repositories. (#22986)

  • Improved API validation to prevent configuring min processes > max processes (#13610)

Breaking

  • The migrate tool has had updates to its sub-commands and options. (#22731)

  • The minimum supported PostgreSQL version is now 11.0. The final release of PostgreSQL 10.23 was on November 10, 2022.

Deprecated / Removed

  • The images.identifier field has been removed from the Launcher.ClusterDefinitions schema. If identifier is defined, it will be ignored. (#22444)

Posit Connect 2023.01.1

February 10, 2023

Fixed

  • Fixed a bug where content deployed from Git might not update automatically, or might be logged incorrectly. (#22849)

Posit Connect 2023.01.0

January 25, 2023

New

  • Added support for configuring a global default Kubernetes service account (#22505)

  • If Connect detects an active single sign-on (SSO) session, a user will not be required to take an additional authentication action. This doesn’t apply when content is embedded in an iframe outside Connect. (#21687)

  • Logs for R content processes contain additional information about the runtime environment. Information logged includes the hostname, operating system, user, Connect version, certain environment variables, working directory, and other information specific to the content type. (#22557)

  • Logs for Python content processes contain additional information about the runtime environment. Information logged includes the hostname, operating system, user, Connect version, certain environment variables, working directory, and other information specific to the content type. (#22558)

  • Logs for Quarto content processes contain additional information about the runtime environment. Information logged includes the hostname, operating system, user, Connect version, certain environment variables, working directory, and other information specific to the content type. (#22555)

  • Connect now writes content identifiers to content logs. These include a content’s GUID and ID, the active bundle’s ID, and a variant ID for parameterized reports. Content processes spawned by Connect contain these identifiers in their command-line arguments, allowing specific processes to be traced back to specific content items. (#22556)

  • Off-host execution allows images to be configured with multiple Quarto installations. (#22729)

  • Added Connect support for RHEL9-based distributions.

  • Updated the Job Launcher to version 2.9.0. (#22421)

  • Updated software components used by Posit Connect. (#22699)

Fixed

  • Improved the access and authorization checks performed against SockJS connections. (#19198)

  • Updated software components used by Posit Connect in response to CVE-2022-35737 (#22466).

  • Connect now applies file permissions fixes recursively in the metrics directory. (#22582)

  • Fixed a startup issue where Connect failed to sync job data. (#19731)

  • The PATCH /v1/content/{guid} endpoint no longer prohibits multiple items from having an empty name. (#22568)

  • The apps table now contains a serialized version of the environment variables defined for the content item. (#22296)

  • Fixed an issue with handling of prerendered Shiny documents that would cause them not to prerender in some cases. (#22680)

  • Update the version of Packrat used by Posit Connect to address minor restore problems, including a bug that prevented installing packages from GitLab subgroup paths. (#22689)

Breaking

  • Support for Python versions 3.5 and 3.6 has been removed. These releases are no longer receiving security updates from the Python maintainers; see the Python releases page for details.

    Configuration files that include Python versions prior to 3.7 will cause an error during Connect startup. (#22693)

    • Existing R Markdown reports and Jupyter Notebooks that use older Python versions can still be viewed. However, they cannot be deployed to Connect or re-rendered.
    • Existing applications and APIs that use older Python versions will no longer run. An HTTP 502 error will be returned for all requests to these applications.
    • To identify Python content deployed to Connect, use the script in /opt/rstudio-connect/scripts/find-python-envs which will list all Python virtual environments and the applications that use them.
  • Instrumentation data is now written in batches. Writes are triggered when the number of hits reaches the configured value of Metrics.InstrumentationBatchSize (default 200) or the elapsed time reaches the configured value of Metrics.InstrumentationInterval (default 2s). In the event the Connect process exits or is terminated, those values bound the amount of queued instrumentation data that will not be stored. If needed, you can restore the old immediate-write behavior by configuring Metrics.InstrumentationBatchSize = 1. (#22294)

  • The setting Server.SourcePackageDir has been removed.

    R Packages can be installed from an R package repository or from Git repositories. The Posit Connect Admin Guide details how R packages are installed.

  • Posit Connect no longer supports hosting of TensorFlow Model APIs. A TensorFlow model can be deployed as a Plumber API, Shiny application, or other supported content type. (#22630)

Posit Connect 2022.12.0

December 07, 2022

New

  • Users are now able to lock themselves using the Connect Server API. (#22238)
  • Added support for openSUSE 15.4 and SLES 15 SP4.

Fixed

  • Updated software components used by Posit Connect, including responses to the following: (#22498, #22551)

    • CVE-2022-0536
    • CVE-2022-41720
    • CVE-2022-41717
  • Fixed a bug where Git processes “hang” indefinitely when Off Host Execution is enabled. (#22485)

  • Fixed an issue loading configurations containing named runtime/scheduler sections, such as [Scheduler "shiny"]. (#22509)

Posit Connect 2022.11.0

November 16, 2022

New

  • We have renamed RStudio Connect to Posit Connect to reflect our new company name. You can read about our decision to change our company’s name from RStudio to Posit at our blog. (#21994)

  • Added support for restoring R packages installed from private Git repositories hosted on GitHub (github.com), GitLab (gitlab.com), and Bitbucket (bitbucket.org) using configured Git credentials.

    To enable this behavior, set the R.RestoreUsesGitCredentials setting to true. Posit Connect and Packrat will use configured Git credentials when making requests to compatible Git providers, enabling the install of R packages from private repositories. See the Admin Guide section on installing private R packages from private Git repositories. (#22043, #22260, #17042, #22095, #22261, #22078)

  • The Runtime settings tab in the Posit Connect dashboard has been redesigned and improved. (#21982)

Fixed

  • Update the version of Packrat used by Posit Connect.

    Adjusts how a tar binary is selected during an R environment restore. A tar found in the PATH is preferred to the internal tar implementation provided by R. The TAR environment variable can force the use of a specific tar executable. Previously, Packrat used the internal tar implementation, which cannot handle long paths.

  • SECURITY: Updated AngularJS to 1.9.0 (XLTS), including responses to the following: (#22350)

    • CVE-2022-25844
    • CVE-2022-25869
  • Updated software components used by Posit Connect, including responses to the following: (#22327)

    • CVE-2022-41716
  • Fixed an issue where the application settings panel was opening with empty content, when the logs visor was opened. #22344

  • Improve the reporting of startup errors from Shiny applications and Plumber APIs. (#22399)

  • Fixed an issue where Streamlit apps would not run in configurations using off-host execution. (#22353)

  • The dashboard no longer displays the last 30 days usage graph for apps with high usage (more than 10,000 accesses in the last 30 days). (#22361)

  • Fix a performance issue when presenting the dashboard home page with lots of content. (#20981)

  • The server logs now accurately report the PID of the child content process running under rsc-session. Job exit codes now accurately reflect the exit code of the content process. (#20190)

  • Fixed an issue where certain unversioned tags endpoints in the Connect Server API were accessible without authentication. (#22454)

Breaking

  • Connect no longer provides multiple logging implementation options. The basic (legacy) logging option and all supporting configuration fields have been removed. Structured logging is the only supported option.

    Logging.Enabled should no longer be used. Please remove it from your configuration file in order to avoid startup failure.

    For more details, please see the Logging section of the admin docs.

  • Server.AccessLog and Server.AccessLogFormat have been removed in favor of Logging.AccessLog and Logging.AccessLogFormat, respectively.

    Earlier releases specify the logpath and log format of access logs using Server.AccessLog and Server.AccessLogFormat:

    [Server]
    AccessLog = /path/to/access.log
    AccessLogFormat = COMBINED

    These options must now be configured using Logging.AccessLog and Logging.AccessLogFormat:

    [Logging]
    AccessLog = /path/to/access.log
    AccessLogFormat = COMBINED
  • Server.AuditLog and Server.AuditLogFormat have been removed in favor of Logging.AuditLog and Logging.AuditLogFormat, respectively.

    Earlier releases specify the logpath and log format of audit logs using Server.AuditLog and Server.AuditLogFormat:

    [Server]
    AuditLog = /path/to/audit.log
    AuditLogFormat = TEXT

    These options must now be configured using Logging.AuditLog and Logging.AuditLogFormat:

    [Logging]
    AuditLog = /path/to/audit.log
    AuditLogFormat = TEXT

RStudio Connect 2022.10.0

October 26, 2022

New

  • Support for Quarto project profiles. Requires Quarto v1.2. The Quarto.Profile setting indicates the default value to be used for the QUARTO_PROFILE environment variable when rendering Quarto content.

    Individual content items may configure a separate value for the QUARTO_PROFILE environment variable unless the Applications.ProhibitedEnvironment setting indicates that overrides to QUARTO_PROFILE are not permitted.

  • The Server Status Reports look for the use of deprecated settings in your Connect configuration. (#22225)

  • The X-RSC-Authorization can now be used in lieu of the more common Authorization header when making API requests. This is primarily useful in some advanced proxy setups where the Authorization header is needed to get through a proxy in front of Connect. (#22061)

  • RStudio Connect now allows setting any config value by using a CONNECT_ prefixed environment variable. Environment variables take precedence over defaults and settings in configuration files. See the admin guide documentation (configuration appendix) for more details on syntax, etc. (#21200)

  • RStudio Connect now supports the programmatic provisioning of an initial administrator API key on fresh installations. See the new Programmatic Provisioning section of the administrator documentation for more information. (#21301)

  • Audit logs now provide more fields relevant to each event recorded when logs are configured to write output to an additional destination. For more details, see the documentation. (#22050)

  • New public Connect Server API endpoints for Content Jobs which enable requests for job process status, logs, and process termination. See the Connect API documentation for more information. (#21995)

Fixed

  • Plumber APIs were not properly served when the root path was serviced by a static file handler. Affected Plumber 1.0.0 and later. (#22193)

  • LDAP group membership updates no longer run against users that are locked in Connect. (#20098)

  • Server Status Reports can be run when using off-host execution. (#22281)

  • Updated software components used by RStudio Connect, including responses to the following: (#22200)

    • CVE-2022-2879
    • CVE-2022-2880
    • CVE-2022-41715
    • CVE-2022-32149
  • Certain application processes would be marked idle and exit too quickly when running as the logged-in user. (#22228)

  • Address an error with off-host execution when attempting to configure an R Markdown parameterized report. (#22320)

RStudio Connect 2022.09.0

September 13, 2022

New

  • R support can be disabled with the R.Enabled setting. (#21473)

  • R installation scanning offers more granular control. (#21473, #15490, #15491)

    • R.ExecutableScanning specifies whether or not R installations are discovered by analyzing a variety of locations. No scanning occurs when this setting is disabled.

    • R.ExecutableVersionScanning indicates if R installations are discovered beneath the /opt/R and /opt/local/R directories. The /opt/R/3.6.3 directory, for example, would contain a complete R-3.6.3 installation.

    • R.ExecutableSystemScanning controls the scanning of locations where Linux distributions might place an installation of R.

    • R.ExecutablePathScanning uses PATH to locate R. The PATH is used to discover R only when this setting is enabled and no other technique has identified an R installation.

  • Administrators can now configure how images defined in Launcher.ClusterDefinitions are selected by setting the image’s matching field to one of [none, exact, any]. none indicates that the image should never be selected. exact indicates the image must be explicitly asked for in the bundle’s manifest. any (the default) indicates that the image can be selected by Connect automatically or targeted in the bundle’s manifest. (#21889)

  • Audit logs configured to write output to an additional destination other than the database will include the User’s GUID related to the captured events. (#20788)

  • The dashboard and documentation contain additional details about prohibited content (vanity) URLs. (#21365)

  • The dashboard includes a message visible to administrators when certain deprecated settings are in use. (#22109)

  • A new column was created in the process listing, with a direct link to the application log of the corresponding process. (#21852)

Fixed

  • The R_CONFIG_ACTIVE environment variable is given the value from R.ConfigActive when rendering Quarto content that uses an R runtime. (#22085)

  • Updated software components used by RStudio Connect, including responses to the following: (#21791, #22055, #22077)

    • CVE-2022-28948
    • CVE-2022-27664
    • CVE-2022-32190
  • Adjusted the RStudio Connect sandbox to avoid execution errors when running in some emulated environments. (#22065)

  • Fixed an issue where content errors were appearing in the log visor for other content items. (#21856)

  • Fixed an issue where locked administrator users were still receiving some emails. (#22073)

  • Fixed an issue where Streamlit configuration settings were not being honored. Streamlit’s documented configuration methods can now be used. (#21960)

  • Fixed an issue that caused content usage counts to be incremented when loading application assets. This affected Connect configurations that are hosted behind a path-rewriting proxy server. (#22066)

Breaking

  • R installation scanning no longer considers the following system locations by default. These locations can still be scanned when R.ExecutableScanning and R.ExecutableSystemScanning are both enabled. (#21473, #15490)

    • /usr/lib/R
    • /usr/lib64/R
    • /usr/local/lib/R
    • /usr/local/lib64/R
    • /opt/local/lib/R
    • /opt/local/lib64/R

    It is not recommended to rely on system-managed R installations.

  • R installation scanning no longer uses PATH by default to locate R when no other alternatives are discovered. Discovering R through PATH is still permitted when R.ExecutableScanning and R.ExecutablePathScanning are both enabled. (#21473, #15491)

    It is not recommended to rely on system-managed R installations.

  • Connect no longer passes environment variables that start with CONNECT_ from the parent process to content or other subprocesses. Environment variables that are proactively injected into content (for example, CONNECT_SERVER , CONNECT_API_KEY, or CONNECT_CONTENT_GUID) are not affected by this change. (#21899)

  • The Server.TensorFlowEnabled setting is disabled by default. (#22092)

Deprecated / Removed

  • Server.RVersion is deprecated and will be removed in an upcoming release. Use R.Executable instead and reference the full R binary path rather than the path to a directory containing an R installation. (#21473)

    Earlier releases specify an R installation using Server.RVersion to target a directory:

    ; /etc/rstudio-connect/rstudio-connect.gcfg
    [Server]
    RVersion = /opt/R/3.6.3

    That same R installation should be provided using R.Executable:

    ; /etc/rstudio-connect/rstudio-connect.gcfg
    [R]
    Executable = /opt/R/3.6.3/bin/R
  • Server.RVersionMatching is deprecated and will be removed in an upcoming release. Use R.VersionMatching instead. If Server.RVersionMatching is set, its value will be used for R.VersionMatching. (#21473)

  • Server.RVersionScanning is deprecated and will be removed in an upcoming release. Use R.ExecutableScanning instead. If Server.RVersionScanning is set, its value will be used for R.ExecutableScanning. (#21473)

  • Packages.External is deprecated and will be removed in an upcoming release. Use R.External instead. If Packages.External is set, its enumerated packages will be appended to those specified by R.External. (#21473)

  • Packages.ExternalsCheckIsFatal is deprecated and will be removed in an upcoming release. Use R.ExternalsCheckIsFatal instead. If Packages.ExternalsCheckIsFatal is set, its value will be used for R.ExternalsCheckIsFatal. (#21473)

  • Applications.RConfigActive is deprecated and will be removed in an upcoming release. Use R.ConfigActive instead. If Applications.RConfigActive is set, its value will be used for R.ConfigActive. (#22085, #21473)

  • Hosting of TensorFlow Model APIs is deprecated and will be removed in an upcoming release. The Server.TensorFlowEnabled setting is disabled by default. (#22092)

    Use an API framework like Plumber, Flask, or FastAPI to create an HTTP API for your TensorFlow model.

RStudio Connect 2022.08.1

August 25, 2022

New

  • The Authentication.MirroredLDAPServers configuration setting allows server administrators to specify whether Connect should treat multiple LDAP servers as high availability mirrors of each other, or as distinct sources of user and group information.

Fixed

  • Fixed an issue where having multiple LDAP servers configured while using remote groups syncing with Connect could cause some users to be removed from groups. (#19116)

RStudio Connect 2022.08.0

August 17, 2022

New

  • Shiny for Python applications are now fully supported with documentation and a jumpstart example. You can deploy Shiny for Python apps using the rsconnect deploy shiny command, available in rsconnect-python version 1.10 or later. (#21457, #21294)

  • The RStudio Connect dashboard offers additional feedback about repository requirements when publishing content imported from Git. (#17837)

  • Audit logs records now include the user’s GUID when applicable.

  • Log entries referencing content applications now come with more consistent information fields when applicable, such as content_guid and variant_key. Previously, terms like content, contentId, app, appId were used interchangeably to refer to the content id and now are consolidated as content_id.

Fixed

  • Added group name validations while creating a new group. (#20942)

  • Permissions errors involving the encryption key include the path to the file. (#21904)

  • Supervisor scripts can be validated without requiring a privileged container. (#21879)

  • Streamlit 1.12 ImportErrors have been fixed. (#21938)

  • Updated software components used by RStudio Connect, including responses to the following: (#21791)

    • CVE-2022-32189
  • Addressed an error when viewer accounts attempted to request publishing access on servers without email support.

  • Updated the Dash jumpstart example application to be compatible with the latest version of Dash and updated its code to use newer Dash APIs. (#20669)

Deprecated / Removed

  • Python versions 3.5 and 3.6 are now deprecated, and we plan to remove support from Connect in the January 2023 release. These releases are no longer receiving security updates from the Python maintainers; see the Python releases page for details. (#21915)

RStudio Connect 2022.07.0

July 21, 2022

New

  • Updated the content view to reflect the name of the content in the browser’s title bar. Previously, only the name of the RStudio Connect server was shown. Now, it reflects the page/content name as well. (#20638)

  • RStudio Connect can now execute content via the RStudio Job Launcher. This allows RStudio Connect to run content jobs on Kubernetes using containers. This feature is in currently in Beta. Using it in production environments is not recommended. For a detailed overview of this feature, see the RStudio Connect Off Host Execution documentation. (#21703)

  • Updated and redesigned content logs can now be accessed from the top Toolbar. Includes streaming log content for running logs, ability to search within logs, indication of actively running logs, ability to filter logs by type, and larger space for information. For more details, see the documentation. (#20247)

Fixed

  • Updated the Job Launcher to version 2.6.0. (#21700)

  • The configuration values allowed for Launcher.KubernetesJobExpiryHours now allow for fractional hours (float64) and now default to one quarter of an hour (0.25). (#21738)

  • When Launcher.Kubernetes = true and Launcher.KubernetesUseTemplates = true, the RStudio Connect created Job, Service and Pod objects within Kubernetes will now include Labels and Annotations suitable for queries using kubectl. (#21739)

  • Fixed an issue where OpenID configuration would not accept ID tokens hashed with RS512. (#21804)

  • Updated software components used by RStudio Connect, including responses to the following: (#21791)

    • CVE-2022-1705
    • CVE-2022-32148
    • CVE-2022-30631
    • CVE-2022-30633
    • CVE-2022-28131
    • CVE-2022-30635
    • CVE-2022-30632
    • CVE-2022-30630
    • CVE-2022-1962
  • Fixed an issue where spurious errors may be encountered as files were being copied. (#21858)

Breaking

  • The default value for Launcher.KubernetesUseTemplates has changed from false to true. When Launcher.Kubernetes = true and Launcher.KubernetesUseTemplates = true any values set by using job-json-overrides functionality will be ignored and will need to be configured in alternative ways using the Helm chart or by modifying the templates directly.

  • RStudio Connect no longer evaluates .Rdata files during package installation. These files are still evaluated when executing the deployed content. (#21824)

Deprecated / Removed

  • Replaced Postgres driver pq with pgx@v4.

RStudio Connect 2022.06.2

July 08, 2022

Fixed

  • Update the version of packrat used by RStudio Connect to improve downloading of packages from GitLab and Bitbucket.

Breaking

  • RStudio Connect no longer evaluates current-directory or per-user .Rprofile and .Renviron files during package installation. These files are still evaluated when executing the deployed content. (#21698)

RStudio Connect 2022.06.0

June 29, 2022

New

  • Updated the content view to reflect the name of the content in the browser’s title bar. Previously, only the name of the RStudio Connect server was shown. Now, it reflects the page/content name as well. (#20638)

  • The RStudio Connect dashboard offers additional feedback when publishing content imported from Git. (#21632)

  • Documented RStudio Connect’s Quarto support in detail. (#21006)

  • Support for Ubuntu 22.04 LTS. (#21655)

Fixed

  • Fixed an issue in the RStudio Connect Documentation tab where when you click on the logo, it opens the home page in a new tab. (#20646)

  • Fixed an issue in the RStudio Connect Dashboard content information panel where some content information was not being displayed in certain situations. (#21480)

  • Fixed an issue where two interactive jobs, launched in quick succession, could attempt to listen to the same HTTP port, causing one of the two jobs to fail. (#20689)

  • Updated software components used by RStudio Connect, including responses to the following: (#21575)

    • CVE-2022-30634
    • CVE-2022-30629
    • CVE-2022-30580
    • CVE-2022-29804
  • Improved the Applications.RunAs group membership checks that are run at startup. (#21515)

  • Added conda-repo-cli to the default list of prohibited Python packages, since it is not available for installation with pip. (#21601)

  • Fixed an issue caused by content processes that generated extremely long lines of output. Previously, RStudio Connect would err during output processing and terminate the process. (#21666)

  • Fixed an issue where members of remote LDAP groups would not receive emails. (#21243, #21366) (This note was accidentally omitted from the initial 2022.06.0 release.)

Breaking

RStudio Connect 2022.05.1

July 08, 2022

Fixed

  • Update the version of packrat used by RStudio Connect to improve downloading of packages from GitLab and Bitbucket.

Breaking

  • RStudio Connect no longer evaluates current-directory or per-user .Rprofile and .Renviron files during package installation. These files are still evaluated when executing the deployed content. (#21698)

RStudio Connect 2022.05.0

May 25, 2022

New

  • Well-known errors identified when running content or building its dependencies receive links to relevant troubleshooting information in the RStudio Connect User Guide. These links will appear alongside logs in the RStudio Connect dashboard and in the output when deploying content. Previously, the troubleshooting information was displayed in full in these contexts, which could cause the underlying error to scroll off-screen.

  • When Connect stops the processes associated with interactive jobs (e.g. Shiny applications and Python APIs), it will use an interrupt (SIGINT) signal, escalating to a kill (SIGKILL) signal if the process does not shut down in a few seconds. Previously, only a kill signal was used.

  • It is now possible to enable debug logging via SIGHUP signals without restarting the RStudio Connect service for configuration sections that have Logging fields.

Fixed

  • Fixed an issue which caused Shiny applications not to reconnect after a network interruption.

  • Fixed the content type information in the content info panel, that was not bringing the correct information.

  • Fixed an issue which caused Streamlit applications to fail. This affected Connect installations that are hosted on a prefixed URL path via a path-rewriting proxy server.

  • Fixed an issue which caused Connect to fail startup configuration checks related to remote execution.

  • Supervisor scripts are validated using the configured Applications.RunAs user and receive the USER environment variable.

  • Improved handling of response errors from WSGI-compatible Python content.

  • Improved serving of Python content in configurations which lacked a Server.Address setting.

  • Updated software components used by RStudio Connect, including responses to the following:

    • CVE-2022-21698
    • CVE-2020-28483
    • CVE-2022-29526
  • Fixed multiple issues where MinProcesses was not always respected, particularly in HA configurations or in conjunction with RunAsCurrentUser enabled.

  • Fixed issue where unused processes could linger when RunAsCurrentUser is enabled.

  • Fixed a service issue where systemctl reload resulted in a complete restart of the service.

  • Fixed an issue with remote execution where user validation failed when attempting to render Quarto content.

Breaking

  • The minimum supported PostgreSQL version is now 10.0. The final release of PostgreSQL 9.6 was on November 11, 2021.

Deprecated / Removed

  • Removed support for X.509 certificates signed with the SHA-1 hash function. This doesn’t apply to self-signed root certificates.

  • The logging configuration fields Server.AccessLog, Server.AuditLog and Server.AuditLogFormat are deprecated and will stop working with November 2022 release of RStudio Connect. Structured logging configuration will be the the default and only option. It is encouraged to make use of the latest Logging Section which you can learn more about in the RStudio Connect Admin Guide

RStudio Connect 2022.04.3

July 08, 2022

Fixed

  • Update the version of packrat used by RStudio Connect to improve downloading of packages from GitLab and Bitbucket.

Breaking

  • RStudio Connect no longer evaluates current-directory or per-user .Rprofile and .Renviron files during package installation. These files are still evaluated when executing the deployed content. (#21698)

RStudio Connect 2022.04.2

May 10, 2022

Fixed

  • Fixed an issue which caused Streamlit applications to fail. This affected Connect installations that are hosted on a prefixed URL path via a path-rewriting proxy server.

  • Fixed an issue which caused Connect to fail startup configuration checks related to remote execution.

RStudio Connect 2022.04.1

April 25, 2022

Fixed

  • Address an issue with remote execution where interactive Python content failed to use its virtual environment.

RStudio Connect 2022.04.0

April 21, 2022

New

  • RStudio Connect now supports structured logging for service, access and audit logs, in multiple formats and output types, with built-in support for log severity levels. To learn more see the Logging Section in the RStudio Connect Admin Guide.

  • Quarto documents with a Shiny runtime are rendered by RStudio Connect when deployed. The rendered result is used by the Shiny server. Previously, Quarto documents using Shiny components were required to include the HTML within the deployment.

  • Support multiple versions of Quarto. An appropriate version is chosen when content is deployed. Use the Quarto.Executable setting to specify multiple Quarto installations. Use Quarto.VersionMatching to control how an installation is selected.

  • The directory /var/log/rstudio/rstudio-connect will be created when installing RStudio Connect with the default files rstudio-connect.log, rstudio-connect.access.log and rstudio-connect.audit.log, as part of the new structured logging feature.

Fixed

  • Fixed an issue where file uploads in Streamlit applications would produce errors if the application had more than one worker process.

  • Fixed an issue that was causing group membership verification to fail under certain sssd configurations (ignore_group_members = true).

  • Resolved an issue where some Python APIs did not have access to the request query string. This problem was encountered while using the Pycnic framework.

  • Resolved an issue where response headers from some Python APIs were not returned to the client. This problem was encountered while using the Sanic framework.

  • Updated software components used by RStudio Connect, including responses to the following:

    • CVE-2022-24675
    • CVE-2022-28327
    • CVE-2022-27536

Breaking

  • RStudio Connect no longer supports SUSE Linux Enterprise Server 12.

RStudio Connect 2022.03.3

July 08, 2022

Fixed

  • Update the version of packrat used by RStudio Connect to improve downloading of packages from GitLab and Bitbucket.

Breaking

  • RStudio Connect no longer supports SUSE Linux Enterprise Server 12.

  • RStudio Connect no longer evaluates current-directory or per-user .Rprofile and .Renviron files during package installation. These files are still evaluated when executing the deployed content. (#21698)

RStudio Connect 2022.03.2

April 01, 2022

Fixed

  • Addressed an issue where RStudio Connect would not start in situations where the licensing system failed to initialize.

RStudio Connect 2022.03.1

March 25, 2022

Fixed

  • A bug causing the “Logs” panel to incorrectly display error markers on successfully-completed processes has been fixed.

RStudio Connect 2022.03.0

March 24, 2022

New

  • RStudio Connect will now switch its built-in encryption to use the AES-256-GCM algorithm when the Server.UseFIPSEncryption setting is enabled. This algorithm is an Approved Security Function under Federal Information Processing Standard 140, which is applicable to many organizations.

  • Added CORS.EnforceWebsocketOrigin setting which defaults to true. If the Origin and Host header do not match, websockets return a 403 Forbidden (which is the same as existing behavior). This can now be disabled by setting CORS.EnforceWebsocketOrigin to false.

Fixed

  • Git-backed content deployments no longer fail when the target repository does not have a branch named master.

  • Resolved an issue where activity to Plumber APIs and Python applications and APIs was under-counted. Visits were not recorded when the content was hosted within the RStudio Connect dashboard. New records returned by the Get Content Usage Server API are given a data_version of 2. Older data can be excluded with the min_data_version API query argument.

  • Fixed an issue where, under some PAM/SELinux configurations, R and Python sub-processes created by RStudio Connect were orphaned and continued to run indefinitely.

  • Updated software components used by RStudio Connect, including responses to the following:

    • CVE-2022-24921
    • CVE-2022-27191
  • The active working directory is printed as content begins to execute and is included in process logs.

  • Fixed an issue where content that required an unavailable Python or R version could repeatedly attempt to rebuild its environment.

  • Content permission request email replies will now be delivered to the expected recipient. Request replies will be delivered to whom made the request and replies to approval notification will be delivered to whom approved the request.

  • Fixed an issue where Git-backed or API-based deployments would fail if the content had a dependency on a GitLab-hosted package.

Breaking

  • The minimum Python version supported by RStudio Connect is now 3.5. Configuration files that include Python 2, or Python 3 versions prior to 3.5, will cause an error during Connect startup.
    • Python installations no longer require the virtualenv package to be installed. Python content will now use the venv module included with Python 3.
    • Existing R Markdown reports and Jupyter Notebooks that use older Python versions can still be viewed. However, they cannot be deployed to Connect or re-rendered.
    • Existing applications and APIs that use older Python versions will no longer run. An HTTP 502 error will be returned for all requests to these applications.
    • To identify Python 2 content deployed to Connect, use the script in /opt/rstudio-connect/scripts/find-python-envs which will list all Python virtual environments and the applications that use them.

RStudio Connect 2022.02.4

July 08, 2022

Fixed

  • Update the version of packrat used by RStudio Connect to improve downloading of packages from GitLab and Bitbucket.

Breaking

  • RStudio Connect no longer supports SUSE Linux Enterprise Server 12.

  • RStudio Connect no longer evaluates current-directory or per-user .Rprofile and .Renviron files during package installation. These files are still evaluated when executing the deployed content. (#21698)

RStudio Connect 2022.02.3

March 11, 2022

Fixed

  • Addressed an issue where RStudio Connect would not start in some environments without configured Python installations.

RStudio Connect 2022.02.2

March 09, 2022

Fixed

  • Addressed a problem where deployment process output containing % symbols had the strings !(NOVERB) or !(MISSING) inserted. This was visible in the RStudio IDE deploy pane but not present in the process logs.

  • Logging entries that previously were displaying unreadable text for LDAP errors and operations were fixed.

RStudio Connect 2022.02.0

February 24, 2022

New

  • A Server Status Report tool is now available in the Administration tab in the RStudio Connect dashboard. This tool performs additional checks of the Connect server and its process execution environments and provides a downloadable report containing the test results.

  • RStudio Connect will now show a warning during startup if it detects simultaneously active local and remotely managed LDAP groups. This mixed LDAP authentication configuration is not supported. Learn more about how to use the new usermanager align-ldap-groups command to fix mixed LDAP groups in the CLI Appendix to the RStudio Connect Admin Guide.

  • RStudio Connect includes preview support for content built using Quarto, an open-source scientific and technical publishing system built on Pandoc. Visit the Quarto site to learn more.

  • Adds operating system support for Amazon Linux 2, SLES 15 SP3, and OpenSUSE 15.3. AlmaLinux and Rocky Linux are also supported as 1:1 binary compatible alternatives to RHEL 8. Detailed information about platform support can be found here.

Fixed

  • Dashboard view style (compact/expanded) is now stored as a URL parameter, so view will persist on page refresh or when sharing links with others.

  • The hamburger menu icon no longer displays on the Welcome page when not logged in.

  • Update the version of packrat used by RStudio Connect to emit more information about authenticated download failures from GitHub, GitLab, and Bitbucket. The devtools and the devtools::github_pat function are no longer used for these authenticated downloads, as devtools-2.4.3 has removed the devtools::github_pat function.

  • Update the version of packrat used by RStudio Connect to improve caching when remotes::install_version (prior to remotes-2.0.2) was used to install packages during development.

  • The performance of the usermanager, rscadmin, and feature-usage tools has been improved.

  • Link to support article when content encounters errors associated with the Rcpp_precious_* functions introduced by Rcpp-1.0.7.

  • SECURITY: Updated Angularjs to 1.8.2, including responses to the following:

    • CVE-2020-7676
    • CVE-2019-10768
  • SECURITY: Updated Vue to 2.6.14

  • Updated software components used by RStudio Connect, including responses to the following:

    • CVE-2022-23806
    • CVE-2022-23772
    • CVE-2022-23773
  • The Applications.SharedRunAsUnixGroup setting is now respected by RStudio Connect when creating new files and directories. Previously, new files and directories created during an environment restore had incorrect group ownership which prevented the content from executing when a piece of content used an alternate RunAs user.

Breaking

  • RStudio Connect now requires, when multiple LDAP servers are configured, that all LDAP configuration sections consistently declare group sources to be local (user-managed) or remote (provider-managed). Configurations with only one LDAP server configured are not affected. Previously, if multiple LDAP server configurations existed where some but not all servers were configured for provider-managed groups, the server would decide whether groups were managed by users or providers by choosing an LDAP server configuration in a stable but non-deterministic manner and assigning global state according to that configuration only. Now, RStudio Connect will warn when started unless all LDAP server configurations are configured with the same group management source. For more information, see the Group Management Section and the Authentication Section for your LDAP Provider in the RStudio Connect Admin Guide.

RStudio Connect 2021.12.1

January 03, 2022

Fixed

  • Fixed a problem which prevented the plumbertableau R package and fastapitableau Python package from identifying whether or not a target RStudio Connect server supported Tableau Analytics Extensions.

RStudio Connect 2021.12.0

December 13, 2021

New

  • RStudio Connect will now allow email distribution to users who have been added as viewers on content when the access type is “Anyone - no login required” or “All users - login required” and the Server.MailAll setting is disabled.

Fixed

  • Fixed a problem where users listed as viewers on the ACL for a piece of content weren’t able to receive emails about scheduled rebuilds or manual reports when the content’s access type was either “Anyone - no login required” or “All users - login required”.

  • Includes Pandoc 2.16.2 as the default for rmarkdown versions >= 2.5. This release is compatible with the previously used Pandoc 2.11.2. The Pandoc 2.11.2 release is no longer included. Override this Pandoc installation with the Application.Pandoc211Dir configuration option.

    The RStudio Connect installation includes Pandoc in separate, per-version directories beneath /opt/rstudio-connect/ext/pandoc.

  • Applications occupied a client connection during startup. For applications that are slow to launch and with low connection limits this could result in premature “Capacity reached” errors.

    Applications now accept connections up to their configured limits even while they are still loading.

  • The Server.HideViewerDocumentation configuration option documentation links in the dashboard from viewers. These links are removed from the left-hand navigation menu as well as from the application header.

  • RStudio Connect server logs use “content” rather than “app” when identifying the content associated with an interactive worker process.

  • Improve help messages for deployment issues caused by the Linux Out Of Memory (OOM) killer and package compilation errors.

  • Minor reformatting of error help message display within dashboard application log previews (to increase visibility).

  • Updated software components used by RStudio Connect, including responses to the following:

    • CVE-2021-43565
    • CVE-2021-44716
    • CVE-2021-44717
  • Fixed an issue where hitting the return key inside a form that requested a password could make the first listed password field visible instead of submitting the form as expected.

RStudio Connect 2021.11.1

December 02, 2021

Fixed

  • Resolve bug where FastAPI content was not deploying.

  • Improve help messages for deployment issues caused by Rcpp_precious_* functions introduced by Rcpp-1.0.7.

RStudio Connect 2021.11.0

November 15, 2021

Fixed

  • Timestamps recorded in uploaded .tar.gz bundles are preserved.

  • LDAP users who are members of a local group within a report’s access control list will now receive scheduled and on-demand emails.

  • Switching Jump Start language will no longer reset “Show these examples whenever I log in”.

  • Connect now sets RETICULATE_PYTHON to an absolute path, to support deploying R code that changes the working directory.

  • Updated software components used by RStudio Connect, including responses to the following:

    • CVE-2021-41772
    • CVE-2021-41771
  • RStudio Connect no longer refuses to start if Application.Pandoc1Dir, Application.Pandoc2Dir, or Application.Pandoc211Dir are located within its installation directory.

  • Database migrations from SQLite to PostgreSQL that previously failed with an out of range for type integer error should now succeed.

  • Errors in logs like out of range for type integer when using PostgreSQL should no longer occur.

Breaking

  • The directories {Server.DataDir}/apps and {Server.DataDir}/apps/{A_ID} are given stricter permissions on creation.

RStudio Connect 2021.10.0

October 19, 2021

Fixed

  • For RStudio Connect installations running behind a proxy server, the unauthorized content view will now correctly prompt a user to login or request appropriate access permissions.

  • Fixed an issue with how Connect redirects to the FastAPI /docs page. This affected Connect installations that are hosted on a prefixed URL path via a path-rewriting proxy server.

  • Updated software components used by RStudio Connect, including responses to the following:

    • CVE-2021-38297
    • CVE-2021-39293

Breaking

  • RStudio Connect no longer supports Ubuntu 16.04 LTS (Xenial Xerus).

  • Server.CompilationConcurrency is no longer computed based on the number of available CPUs and now defaults to 1.

Deprecated / Removed

  • Fully removed support for X.509 certificates without a valid Subject Alternative Name. Very old certificates may need to be regenerated.

  • BUGFIX: RStudio Connect will now correctly update user roles if the role attribute value in LDAP has changed when logging in. Additionally, if RStudio Connect fails to find the attribute or group membership, or if the attribute has a bad or missing value, RStudio Connect will log a warning.

RStudio Connect 2021.09.0

September 29, 2021

  • BUGFIX: Connect will now correctly use locally-defined groups for access control in a double-bind LDAP setup.

  • RStudio Connect can now be used to host Tableau Analytics Extensions built in both R and Python. These extensions can be used from Tableau workbooks to make realtime requests from Tableau to Connect. For more information, see Tableau Integration.

  • An API endpoint has been added to search for content based on group ownership. See the cookbook section on this API for more information.

  • BUGFIX: Some Shiny applications would experience errors when a particular combination of browser, network configuration, and application support were present. Improvements were made in message processing and error handling by the SockJS JavaScript and server components when using the jsonp-polling and eventsource class of transports.

  • Added the eventsource SockJS transport protocols. This transport is used automatically, when necessary. SockJS protocols can be disabled with the Applications.DisabledProtocol setting.

  • BUGFIX: Removed “RStudio Connect” product name in a few error messages in favor of custom branding. The unauthorized view shows the proper favicon and site name when permission requests are disabled.

  • The configuration option Server.ViewerKiosk will now take effect on content permission requests. When enabled, users with a “viewer” role will not be allowed to request access to individual content items.

RStudio Connect 2021.08.2

September 14, 2021

  • BUGFIX: The default Content URL shown within content settings access tab now includes the missing hostname.

RStudio Connect 2021.08.1

September 13, 2021

  • BUGFIX: Fixed a problem with installing Python packages referenced via a git URL in the requirements.txt file. If the git URL included a branch or commit hash, the Python environment restore would fail.

  • SECURITY: Updated the sockjs-client JavaScript library with improved error handling. RStudio Connect uses SockJS with Shiny applications. This update also includes responses to the following:

    • CVE-2021-3664
    • CVE-2021-27515
  • BUGFIX: Using a custom Branding logo will now take effect within the unauthorized view when permission requests are disabled.

RStudio Connect 2021.08.0

August 30, 2021

  • RStudio Connect now supports deploying Python FastAPI applications. Update to the latest rsconnect-python client package to deploy FastAPI content.

  • SECURITY: Updated software components used by RStudio Connect, including responses to the following:

    • CVE-2021-36221
  • BUGFIX: The Authorization HTTP header is now allowed with cross-origin API requests. Enabling CORS handling to applications hosted on Connect due to preflight requests being denied.

  • BUGFIX: When content is configured to run as The Unix account of the current user with PAM authentication, the Processes list on the Admin Metrics page will now display the correct username.

  • RStudio Connect includes experimental support for content built using Quarto, an open-source scientific and technical publishing system built on Pandoc. Visit the Quarto site to learn more.

  • RStudio Connect now supports custom branding options through the use of new configuration settings. The full list of options including logo, favicon, display name and more are described in the Admin Guide.

RStudio Connect 1.9.0.1

August 05, 2021

  • BUGFIX: Fixed product logo not loading when Connect is hosted in a subpath.

  • KNOWN ISSUE/BUGFIX: When content is configured to run as The Unix account of the current user with PAM authentication, the Processes list on the Admin Metrics page will display (PAM user). A future release will improve this to list the specific username.

RStudio Connect 1.9.0

July 28, 2021

  • SECURITY: Updated software components used by RStudio Connect, including responses to the following:

    • CVE-2021-27918
    • CVE-2021-27919
    • CVE-2021-31525
    • CVE-2021-33196
    • CVE-2021-33195
    • CVE-2021-33197
    • CVE-2021-34558
  • BREAKING: RStudio Connect will not launch if the following configurable directories are located inside its installation directory (/opt/rstudio-connect by default): Server.DataDir, SQLite.Dir, Server.TempDir, Server.LandingDir, Database.Dir, Application.Pandoc1Dir, Application.Pandoc2Dir, Application.Pandoc211Dir. For information on relocating data directories, see Relocating Variable Data in the admin guide. For more detail on RStudio Connect’s files and directories, see Files & Directories.

  • RStudio Connect now allows server administrators to configure a shared Unix group via the Applications.SharedRunAsUnixGroup setting. If unset, the default is the primary Unix group of the Applications.RunAs user. Previously, the shared Unix group was not configurable and the primary group of the Applications.RunAs user was always used. All RunAs users must be members of this shared Unix group.

  • The Server.SenderEmailDisplayName setting has been added to allow customizing the server name alias that is used when sending administrative emails. The default display name is “RStudio Connect.”

  • The Server.EmailFromUserAddresses setting indicates that outbound email messages sent on behalf of your users should specify both the Sender and From addresses. When enabled, the From field of an email message uses the name and email address associated with the sending user. The Sender field will be populated with the value from the Server.SenderEmail configuration setting.

    Your mail server may not permit your Server.SenderEmail address to send email on behalf of other email addresses. Enable this setting only if Server.SenderEmail is allowed to send email messages indicated as from other accounts.

    This setting is disabled by default.

  • BREAKING: RStudio Connect confirms at startup that a configured Applications.Supervisor script does not reside under certain protected directories, including Server.DataDir, Server.TempDir, SQLite.Dir, and /etc/rstudio-connect/. Startup will fail if this is the case, and the script should be moved to another location, such as /usr/local/bin.

  • BUGFIX: Login now succeeds when the configured SAML role attribute is not received from the identity provider. We default to a blank value and new users receive the role specified by Authorization.DefaultUserRole.

  • Updated the process listing on the Admin Metrics page of the RStudio Connect dashboard:

    • Enumerates jobs across all hosts in a cluster, not only those on the responding host.
    • Includes process age and owning hostname.
    • Entries link to the logs for that job.
    • Removes PID, which is available on the linked-to logs page.
    • Columns can be sorted by clicking on the headers.
  • RStudio Connect finalizes and regards jobs as “complete” even when originally associated with a node name that is no longer running Connect.

  • Python Streamlit applications with an entrypoint named streamlit_app.py will now run correctly without explicitly identifying the entrypoint.

  • Add support for Python Streamlit forms introduced in Streamlit 0.81.1

  • BUGFIX: The SMTP.ClientAddress setting has been added. This setting is used with HELO messages when initiating a connection to an SMTP server. Previously, this value was always set to localhost. The new default value is Server.NodeName. Some SMTP servers, like Google SMTP relay, will reject the connection if localhost is used.

  • Content environment variables are masked by default and values cannot be seen after confirming changes.

  • Add support to enable hiding of Jupyter notebook input cells in the rendered output.

  • BUGFIX: Fixed a resource leak that would cause the RStudio Connect server to consume more CPU over time.

  • BUGFIX: Configuring Applications.BundleRetentionLimit could result in out-of-order bundle deletion.

  • The Server.HideViewerDocumentation configuration option hides the Documentation menu item in the dashboard from viewers.

  • Two new environment variables are now available for content as it is built or executed within the RStudio Connect server.

    • RSTUDIO_PRODUCT will be assigned the value of CONNECT
    • CONNECT_CONTENT_GUID will be set to the applicaton GUID string assigned to the content at the time it was first published to RStudio Connect
  • KNOWN ISSUE: When content is configured to run as The Unix account of the current user with PAM authentication, the updated Processes list on the Admin Metrics page will display the incorrect user. Although the listing is incorrect, the process is actually running as the correct user.

RStudio Connect 1.8.8.2

May 18, 2021

  • BUGFIX: Reverts the previous bugfix for LDAP role mapping which exposed a more serious regression causing users to be demoted to the default role in error. Until a fix for LDAP role mapping is available, roles can be managed manually with the usermanager utility, or from the RStudio Connect UI.

RStudio Connect 1.8.8.1

May 10, 2021

  • BUGFIX: RStudio Connect will now correctly update roles mapped from LDAP authentication providers on next login.

  • BUGFIX: Errors related to email misconfiguration no longer show when adding groups to content’s ACL.

  • BREAKING: RStudio Connect confirms at startup that a configured Applications.Supervisor script does not write to stdout. Supervisors that write to stderr are permitted.

  • BUGFIX: Connect now handles the case where Python’s hashlib is configured for FIPS and doesn’t allow the usage of md5 for security.

  • BUGFIX: Errors related to email misconfiguration no longer show when editing content’s ACL.

  • BUGFIX: Permission request emails could be sent with blank content titles. Content without a title will now use the name or fallback to “Untitled Content”.

  • BUGFIX: Content no longer reloads unexpectedly while navigating through content logs.

RStudio Connect 1.8.8

April 01, 2021

  • RStudio Connect will no longer show stack traces in the content viewer when an application fails to execute for any reason. Instead, a message stating that an error has occurred will be shown together with a detailed message that may be configured using the Applications.InitializationErrorMessage configuration setting.

  • The RunAs and RunAsCurrentUser settings for a deployed content item can now be changed via the API (/__api__/v1/content).

  • Fixed a directory permissions issue that could occur when redeploying Python content, if the RunAs user for the content item was changed.

  • Fixed a compatibility issue with Streamlit versions 0.79.0 and above.

  • RStudio Connect now allows users to request access permissions for content. This feature is enabled by default but can be disabled via Applications.PermissionRequest configuration.

  • By default, all collaborators are notified by email of application errors and permission requests. Notification emails can be limited to content owners exclusively by enabling the Applications.NotificationsToOwnerOnly configuration.

  • The usage of id for application routes has changed to guid. Previous urls using id will continue working but only those using guid can be used to request permissions over content.

  • RStudio Connect now automatically provides CONNECT_SERVER and CONNECT_API_KEY environment variables to all content runtimes (except for TensorFlow).

    • CONNECT_SERVER contains the configuration value set in Server.Address. This can be disabled with the Applications.DefaultServerEnv configuration option.
    • CONNECT_API_KEY is owned by the content owner and is ephemeral (only exists for the duration of the underlying R/Python process). This can be disabled with the Applications.DefaultAPIKeyEnv configuration option.
  • BUGFIX: Fixes a regression introduced in the 1.8.6.3 release. The Applications.DisabledProtocol option did not correctly prevent the use of named SockJS protocols.

  • Updated LimeLM TurboActivate and TurboFloat to v4.4.3.

RStudio Connect 1.8.6.6

March 12, 2021

  • BREAKING: Internet Explorer 11 is no longer supported. Please see https://rstudio.com/about/platform-support/ for a list of supported browsers.

  • Better support for R installations where default packages like util and stats are not loaded into the R environment at startup. The version of packrat used by RStudio Connect has been updated to address similar issues.

  • CORS support is disabled by default, but can be enabled via the CORS.Enabled configuration option.

RStudio Connect 1.8.6.3

February 17, 2021

  • SECURITY: Updated software components used by RStudio Connect in response to CVE-2020-29652.

  • BREAKING: The Applications.Supervisor configuration must reference an absolute path to the supervisor script. Supervisors are no longer discovered using the PATH.

  • BREAKING: The setting Python.LibraryCheckIsFatal has been removed and is no longer supported.

  • BREAKING: Python installations containing errors now interrupt the startup of RStudio Connect. Please fix the erring installations or remove them from the configuration file.

  • BREAKING: The following deprecated settings have been removed.

    • LDAP.GroupsAutoRemoval
    • OAuth2.GroupsAutoRemoval
    • Proxy.GroupsAutoRemoval
    • SAML.GroupsAutoRemoval
  • RStudio Connect now allows the Run as Current User feature to work with Python Dash, Streamlit, and Bokeh applications.

  • RStudio Connect will warn on a plain-text password within the Postgres.URL setting. Previously, Connect would warn on plain-text values in Postgres.Password but not for passwords embedded in the connection URL.

  • Updated the sockjs-client JavaScript library. RStudio Connect uses SockJS with Shiny applications.

  • The Connect Server API returns additional information about bundles, including hashes that can be used to help validate the download. Bundles generated from Git deployments include information about the Git repository and commit that were the source of the bundle.

  • The usermanager CLI tool now supports sorting users and groups listed by the usermanager list command as well as outputting to CSV. See the CLI appendix of the Admin Guide for details.

  • RStudio Connect rewrites .Rprofile files included in deployment bundles to prevent external renv or packrat initialization.

  • RStudio Connect now supports CORS preflight OPTIONS requests. Default headers values and supported configuration options are outlined in the API docs

RStudio Connect 1.8.6.2

February 5, 2021

  • BUGFIX: Fixed an issue where publishing reports with rsc_email_suppress_scheduled: true would result in the scheduled emails being sent anyway.

RStudio Connect 1.8.6.1

January 8, 2021

  • BUGFIX: Fixed an issue where content running as a non-default user would be unable to access their home directory or the temporary directory.

  • BUGFIX: Loading job (process) details from disk previously erred when some numeric information was missing.

  • BUGFIX: Fixes an issue with user role group mapping when using Active Directory with multiple groups mapped to roles.

  • BREAKING: Publishers can no longer add new users from LDAP/Active Directory or Google via the content Access Control List. The addition of users by publishers without consent from an administrator made it harder to control license usage and ensure access to content. If you want to restore the previous behavior and allow publishers to add users, enable the new setting Authorization.PublishersCanAddUsers. This will allow publishers to add users via the People tab and API.

RStudio Connect 1.8.6

December 15, 2020

  • BREAKING: RStudio Connect no longer supports Red Hat Enterprise Linux/CentOS Linux 6.x.

  • SECURITY: Updated software components used by RStudio Connect in response to CVE-2020-28362, CVE-2020-28367, and CVE-2020-28366.

  • NOTICE: The following settings have been deprecated and will be removed in a future version of RStudio Connect.

    • LDAP.GroupsAutoRemoval
    • OAuth2.GroupsAutoRemoval
    • Proxy.GroupsAutoRemoval
    • SAML.GroupsAutoRemoval
  • NOTICE: The setting Server.SourcePackageDir is deprecated and will be removed in a future version of RStudio Connect.

    We recommend migrating to either RStudio Package Manager or setting up a private package repository as outlined here.

  • BREAKING: GroupsByUniqueId and GroupsAutoProvision cannot be enabled at the same time. IDs received from the authentication provider are not immediately useful for users when group auto provisioning is enabled. Please see the section for your authentication provider in the admin guide for more information.

  • Bokeh and Streamlit support is no longer in beta and is now generally available.

  • Includes the following Pandoc versions:

    • Pandoc 1.19.2.1 - default for rmarkdown versions < 1.9.
    • Pandoc 2.9.2.1 - default for rmarkdown versions >= 1.9 and < 2.5
    • Pandoc 2.11.2 - default for rmarkdown versions >= 2.5

    The RStudio Connect installation includes these Pandoc versions in separate, per-version directories beneath /opt/rstudio-connect/ext/pandoc. Previously, this directory only included binaries for a single version of Pandoc.

    The RSTUDIO_PANDOC environment variable can be configured in a supervisor script or with a content-specific environment variable. A global RSTUDIO_PANDOC setting may cause problems in some environments, as not all rmarkdown package versions are compatible with all Pandoc versions.

    The Applications.Pandoc1Dir, Applications.Pandoc2Dir, and Applications.Pandoc211Dir settings offer more granular control than the RSTUDIO_PANDOC environment variable.

    Most environments should not need to customize these settings. The default configuration uses Pandoc binaries that are included with RStudio Connect.

  • RStudio Connect will now execute R with the shorthand -s flag in place of the --slave flag, which is deprecated since R 4.0.1.

  • When run via systemd, RStudio Connect will conditionally load environment variables from /etc/default/rstudio-connect via the systemd EnvironmentFile directive.

  • Report rendering error email is now sent to all collaborators in addition to the content owner.

  • Git.PollingFrequency may now be set to 0 to disable Git polling entirely.

  • Added a SAML attribute profile named jumpcloud to support the JumpCloud IdP.

  • RStudio Connect now allows reactivating the current bundle or “Source Version” for a piece of content.

  • SAML now supports RSA encryption keys in the PKCS#8 format (BEGIN PRIVATE KEY). Previously, only the PKCS#1 format (BEGIN RSA PRIVATE KEY) was supported.

  • SAML now can issue signed authentication requests with the signing method selected in the option SAML.SigningMethod. Signing can use the same private key and certificate available for encryption or the options SAML.SPSigningKey and SAML.SPSigningCertificate if encryption is not used.

  • RStudio Connect will no longer estimate the number of recipients when emailing scheduled content.

  • The Server.TempDir/connect-workspaces directory is cleared at startup.

  • Shiny sessions receive the same incoming HTTP headers as other types of interactive content (Plumber APIs, Dash applications, etc). Shiny applications can access HTTP headers through the session$request object. https://shiny.posit.co/r/reference/shiny/latest/session.html

  • RStudio Connect can optionally send the headers Shiny-Server-Credentials and RStudio-Connect-Credentials with Distinguished Names (DNs) instead of username and group names when LDAP authentication is used and the setting Authorization.ContentCredentialsUseDN are enabled.

  • RStudio Connect now offers support for session$groups (via the HTTP header Shiny-Server-Credentials) in Shiny apps when using LDAP or Active Directory. Groups are listed by name according to the setting LDAP.GroupNameAttribute. LDAP groups are also available to other content types via the HTTP header RStudio-Connect-Credentials.

  • LDAP / Active Directory Group handling within RStudio Connect has significantly improved within this release.

    • Groups are now synchronized between the LDAP provider and RStudio Connect in the background on a scheduled interval. This synchronization process has been designed to minimize cpu / disk impact but may be tuned using new configuration options.
    • The group membership for a user is determined on login rather than content access. (Refreshing after configuration changes now requires users to logout and log back in.)
    • The People tab within the RStudio Connect dashboard now displays LDAP groups added to RStudio Connect and provides the function to add (import) additional remote groups from your LDAP server. Remote groups can no longer be added within the content permissions panel.
    • Local groups are now managed from the People tab within the RStudio Connect dashboard.
    • Groups can be automatically populated upon user login if the LDAP.GroupsAutoProvision configuration option is enabled (disabled by default - but we recommend enabling this option for the best user experience). By using this option, the number of groups available to Shiny-Server-Credentials and RStudio-Connect-Credentials will be equal to the number of groups a user is a member of in LDAP.
  • Support for PostgreSQL 13.

  • BUGFIX: On platforms with systemd and syslog support, RStudio Connect lines in syslog will be identified by rstudio-connect. Previously, the identifier was the containing shell sh.

  • BUGFIX: Regression in SAML authentication which could fail with a blank page when there was a misconfiguration with no logs indicating the problem.

  • BUGFIX: Timestamps in content logs are always UTC.

  • BUGFIX: Users that are viewers only of content are no longer provided with R and Python version information in the applications-related APIs.

  • BUGFIX: Loading content within the RStudio Connect dashboard would occasionally record two visits rather than one. This problem did not affect the solo view.

  • BUGFIX: Inactive users are now excluded from the metrics named users licensed user count.

  • BUGFIX: Searches are more likely to show both users and groups when modifying the sharing settings for content. Previously, large numbers of matching users would prevent display of matching groups.

  • BREAKING: The Applications.TempMounting configuration flag has been removed. Previously, disabling the flag would permit R processes to inspect the temporary data of other R processes.

  • BREAKING: When using Postgres, RStudio Connect now verifies that a minimum version of 9.5 is being used. A warning message will be logged if the version of Postgres being used is older. The 9.5 minimum version is also noted in the PostgreSQL section of the Database chapter of the Admin Guide.

  • Commas are no longer allowed in tag names. Commas will be removed when creating new tags or updating existing tags.

RStudio Connect 1.8.4.2

August 26, 2020

  • BUGFIX: Scheduled content runs on time on regardless of the server’s timezone.

  • BUGFIX: RStudio Connect correctly imports the Server module for Streamlit v0.65.

RStudio Connect 1.8.4.1

August 11, 2020

  • SECURITY: Updated software components used by RStudio Connect in response to CVE-2020-15586, CVE-2020-14039, and CVE-2020-16845.

  • RStudio Connect now supports iframe embedding of content and the Dashboard on the browsers that require SameSite cookies.

  • BUGFIX: Regression in SAML authentication which could fail with a blank page when there was a misconfiguration with no logs indicating the problem.

  • BUGFIX: Redirects from OAuth2 (OpenID) and SAML authentication were made less strict when explict port numbers match the default HTTP/HTTPS port 80/443.

  • BUGFIX: The setting SAML.SSOFollowHTTPHeaders, when enabled, will ignore completely Server.Address values when RStudio Connect is behind a proxy.

  • BUGFIX: RStudio Connect could fail randomly when GroupsAutoProvision and GroupsAutoRemoval were both enabled and there was race condition between removal operations.

  • BUGFIX: RStudio Connect when using proxied authentication could issue logs with warnings about missing authentication headers even for unauthenticated endpoints. This information may still be useful for debugging purposes and it will be issued in logs when the ProxyAuth.Logging setting is enabled.

RStudio Connect 1.8.4

July 9, 2020

  • RStudio Connect now supports OpenID Connect as an authentication provider for single sign-on (SSO). The new functionality is built on top of the support for OAuth2 which was previously limited to Google authentication. For backwards compatibility, Google is the default configuration. No action is necessary for existing installations. See the OAuth2 section of the Admin Guide for details.

  • By default, RStudio Connect only allows SAML SSO authentication from the configured Server.Address. Now it’s possible to allow SAML authentication from multiple network aliases with the setting SAML.SSOFollowHTTPHeaders. See the SAML section of the Admin Guide for details.

  • Python Streamlit apps can now be deployed to RStudio Connect.

  • Python Bokeh apps can now be deployed to RStudio Connect.

  • Python virtualenv version 20 is now supported.

  • RStudio Connect now allows external groups to be matched by a unique id instead of the group name during authentication when using SAML.GroupsByUniqueId, OAuth2.GroupsByUniqueId or ProxyAuth.GroupsByUniqueId. These options are especially useful when integrating with Azure for authentication which only send the groups’ GUIDs but not their names during authentication. When using one of these settings groups cannot be manually created via the Dashboard and the Connect Server API must be used instead so it can define the unique id for the group. An authentication provider is responsible for naming these groups and RStudio Connect will not enforce its own naming convention on them either via API or via the usermanager CLI tool.

  • RStudio Connect can now optionally send Shiny-Server-Credentials and RStudio-Connect-Credentials headers with user and group GUIDs with the setting Authorization.ContentCredentialsUseGUID. This should be done to ensure the uniqueness of the credentials in scenarios where the authentication provider allows duplicate names for users or groups. These GUIDs are the same as used in the Connect Server API for users and groups and they could also be leveraged to obtain additional user or group information.

  • RStudio Connect Server API now has support for modifying group names and owners.

  • RStudio Connect now supports assigning user roles from authentication systems with support for remote groups. Roles can be assigned in a custom attribute or automatically mapped from an attribute or group name. See Automatic User Role Mapping for more details.

  • Proxied authentication now supports more customizable login and logout flows with the settings ProxyAuth.LoginURL and ProxyAuth.LogoutURL. See the Proxied Authentication section of the Admin Guide for details.

  • Support for Ubuntu 20.04 LTS.

  • General improvements around Postgres database usage including the ability to use SCRAM-SHA256 authentication and better connection pool management.

  • Python content types are now included in the feature usage scorecard section of admin metrics.

  • Jupyter notebooks are now rendered with an explicit --ExecutePreprocessor.timeout=None to bypass the default 30 second per cell timeout.

  • Jump Start now includes examples for Dash and Streamlit.

  • Jump Start can be enabled or disabled server-wide with the new Server.JumpStartEnabled configuration setting.

  • Python content usage is now tracked and available via the content usage API.

  • Publishers can now set up a scheduled report to run in a specific timezone.

  • BREAKING: SSLv3 is no longer supported. It is considered cryptographically broken.

  • NOTICE: The setting Python.LibraryCheckIsFatal has been deprecated. Python library version checks are now non-fatal and result in a warning in the RStudio Connect log at startup. Python installations that include incompatible libraries will not be available within RStudio Connect, and deployments requiring them will fail with Build error: Unable to find a compatible version of Python.

  • BUGFIX: Fixed an issue where some endpoints were returning an incorrect HTTP error code in any error condition. Some endpoints that previously returned “500 Internal Server Error” in any error condition will now return an appropriate error code.

  • BUGFIX: Email from scheduled reports are now permitted from user accounts without email addresses. Requires that RStudio Connect is configured to support email and that Server.SenderEmail is configured.

  • BUGFIX: The settings Server.FrameOptionsContent and Server.FrameOptionsDashboard can now be set to NONE to prevent sending the X-Frame-Options header. Previously it was documented to set these to an empty string which did not work.

  • BUGFIX: Jupyter notebook imports working consistently by reworking how kernelspecs are built.

  • BUGFIX: Python environment (re)builds significantly less likely to collide.

RStudio Connect 1.8.2.1

May 26, 2020

  • BUGFIX: Fixed a resource leak.

  • BUGFIX: Fixed an incorrect warning being issued with Shiny and TensorFlow content.

RStudio Connect 1.8.2

March 30, 2020

  • SECURITY: Enforce locked user restrictions for active browser sessions.

  • BREAKING: The Postgres.URL database connection URL no longer supports the {$} password placeholder. The Postgres.URL automatically uses the Postgres.Password value without placeholder.

  • BREAKING: The Postgres.InstrumentationURL database connection URL no longer supports the {$} password placeholder. The Postgres.InstrumentationURL automatically uses the Postgres.InstrumentationPassword value without placeholder.

  • BREAKING: Due to breaking changes to the virtualenv package, Python installations must have a version of virtualenv below 20, e.g.: virtualenv<20. The version of setuptools must be 40.8 or higher. Incompatible versions will result in an error at startup. To allow RStudio Connect to start with incompatible versions, set the Python.LibraryCheckIsFatal flag to false.

  • BUGFIX: Metrics collection previously erred and produced system log messages when running in locales that use a decimal separator other than the period.

  • NOTICE: The setting SAML.IdPMetaData has been deprecated. If this setting is currently used, a configuration migration will take place to transfer its value to either SAML.IdPMetaDataURL or SAML.IdPMetaDataPath. The deprecated metadata setting will be removed in a future release. The configuration migration for SAML settings is an automatic process that does not require immediate intervention but that will need a single manual step to be completed. This can be done in a time convenient for your organization. See the Configuration Migration section of the Admin Guide for details.

  • NOTICE: The settings SAML.IdPSigningCertificate and SAML.SPEncryptionCertificate would previously accept the contents of a certificate as a long base64 inline value. This is option is no longer supported and a warning will be issued during startup if used. Now these settings only support a path to a PEM certificate file. The deprecated behavior will be removed in a future release.

  • RStudio Connect now supports Python APIs including applications built with Flask and other WSGI-compatible frameworks when the server is licensed for APIs. Publishing and deployment are supported via rsconnect-python.

  • RStudio Connect now includes beta support for Dash applications when the server is licensed for APIs. Publishing and deployment are supported via rsconnect-python.

  • Installations that do not wish to use TensorFlow API support may now disable this feature using the Server.TensorFlowEnabled setting.

  • RStudio Connect will now periodically delete unused Python environments. The setting Application.PythonEnvironmentReapFrequency can be used to control how often this occurs.

  • User searches are more likely to return relevant results for multi-word queries. Environments with large numbers of users, particularly when using LDAP or Active Directory, are most likely to see an improvement.

  • Sharing the link to the content list will now remember all selected filters.

  • Upgrade to shiny-server-client.js 1.1.0 for Bootstrap 4 fixes. https://github.com/rstudio/shiny-server-client/releases/tag/v1.1.0

  • RStudio Connect now allows different default Scheduler/Runtime settings for each type of active content. The default [Scheduler] configuration section provides global defaults. Specific settings may be overridden in named configuration sections, e.g. [Scheduler "python-api"].

RStudio Connect 1.8.0.4

March 5, 2020

  • SECURITY: Enforce locked user restrictions for active browser sessions.

RStudio Connect 1.8.0.3

February 6, 2020

  • BUGFIX: Fixed an issue where the NameIDFormat element was being incorrectly included with an empty value in SAML information under certain circumstances.

RStudio Connect 1.8.0.2

February 6, 2020

  • BUGFIX: Fixed an issue where an exception could prevent a broken Python environment from being automatically rebuilt. No action is necessary, and the new version of Connect will automatically fix broken environments, but some scheduled runs could be delayed while the environment is rebuilt, and some applications may take longer than usual to start the first time.

RStudio Connect 1.8.0.1

January 16, 2020

  • BUGFIX: Fixed an issue that caused an error rendering Jupyter notebooks if Jupyter was installed in the global Python installation.

  • BUGFIX: Fixed an issue that prevented Python environments from being migrated if they were used by an R deployment via reticulate.

RStudio Connect 1.8.0

December 19, 2019

  • SECURITY: Updated software components used by RStudio Connect in response to CVE-2019-16276 and CVE-2019-17596.

  • SECURITY: Support for TLS 1.3. Access to this TLS version is available without additional configuration.

  • BREAKING: RStudio Connect no longer supports Ubuntu 14.04 LTS (Trusty Tahr).

  • BREAKING: The setting HTTPS.ExcludedCiphers has been removed and is no longer supported. The HTTPS.MinimumTLS setting should be used to specify a minimum accepted TLS version. We recommend running a secure proxy when your organization has more complex HTTPS requirements.

  • BREAKING: The deprecated setting Applications.DisabledProtocols has been removed. Use Applications.DisabledProtocol instead. Multiple values should be placed one per line with this new setting.

  • BREAKING: The deprecated settings OAuth2.AllowedDomains and OAuth2.AllowedEmails have been removed. Use OAuth2.AllowedDomain and OAuth2.AllowedEmail instead. Multiple values should be placed one per line with these new settings.

  • BREAKING: TensorFlow Model API deployment supports models created with TensorFlow up to version 1.15.0.

    A systems administrator will need to update the version of libtensorflow.so installed on your RStudio Connect system. Install version 1.15.0 of the TensorFlow C library with the TensorFlow installation instructions in the RStudio Connect Admin Guide.

    Note: TensorFlow 2.0 is not supported by RStudio Connect, as the libtensorflow.so C library for that version has not been released.

  • BREAKING: Changes to the handling of Python environments will result in a migration of the environments. This will happen as needed, when Python-based content is rendered or executed. There may be a transient failure recorded in the content logs, which should be automatically recovered once the environment is migrated.

  • BUGFIX: Fixed an issue that prevented custom landing page content from scrolling on iOS devices. Custom landing pages are configured with the Server.LandingDir setting. The Custom Landing Page Appendix explains how to create a landing page for your organization.

  • BUGFIX: The “Info” panel for Jupyter notebook content includes a summary of recent usage.

  • Update the version of packrat used by RStudio Connect to improve handling of package metadata added by pak.

  • BUGFIX: Python-based content can now use an application RunAs setting. This fix changes how python environments are handled; existing environments will be rebuilt as needed to render the related document.

  • BUGFIX: Scheduled reports no longer run multiple times if the application and database clocks disagree, or in the case of concurrent rendering attempts in a multi-node installation.

  • BUGFIX: The path /connect/#/login is no longer available and returns a 404 error when SAML, OAuth2 or Proxied authentication are used. RStudio Connect does not handle user credentials directly for these authentication providers.

  • BUGFIX: Misleading LDAP log entries around “missing attributes” have been made more informative and hidden during regular operation. It is still possible to use these logs to diagnose issues by using the LDAP.Logging = true setting.

  • BUGFIX: RStudio Connect will exclude any groups with empty names when using SAML authentication with groups. When a separated-list of groups is used (with the setting SAML.GroupsSeparator) RStudio Connect will no longer fail to authenticate if the whole list is empty.

  • BUGFIX: When publishing via “Import from Git” and including a username in the Git Repository URL, RStudio Connect will now fail on validation of the Git URL. To publish from a Git Repository as a user, the Administrator will need to add a Git Credential to the configuration on the Server.

  • The Destination field in the SAML assertion is now made optional if the assertion itself is not signed. To better diagnose issues around this information, RStudio Connect will log both the expected and received values.

  • Encrypted SAML assertions are no longer required to have an embedded X509 certificate or signature element. RStudio Connect will use the configured encryption certificate instead.

  • It’s now possible to diagnose SAML issues around attribute mapping with SAML.Logging = true. A complete list of attributes, including the ones not currently in use, and their values will be listed in the RStudio Connect log.

  • An error is reported when the RStudio Connect encryption key on disk goes missing due to human error or disk failure. A new key is created in this case but RStudio Connect will not start because the database state is inconsistent with the new key. One should be able to start RStudio Connect, using the new command rscadmin configure --reset-secret-key. Note that in this situation all encrypted data has been permanently lost.

  • Multiple users with the same username will be accepted when using multiple LDAP configurations in RStudio Connect. The LDAP.UniqueIdAttribute will determine the user identity. Caution: There is no assurance about the order in which the LDAP servers will be attempted what may lead to account lockout due to bad credential attempts depending on your LDAP server security policy. This improvement does not apply to Active Directory when using a single LDAP configuration in RStudio Connect pointing to a global catalog where the same username without the domain refers to multiple people.

  • RStudio Connect will accept duplicate usernames for SAML and proxied authentication if those are configured to provide usernames during login. The settings SAML.UniqueIDAttribute and Proxy.UniqueIdHeader will determine the user identity under the respective authentication.

  • Because duplicate usernames are now accepted for LDAP, SAML and proxied authentication (with Proxy.UniqueIdHeader) migrating to these authentication providers no longer requires renaming the users’ usernames ahead of the first login or the actual migration via the usermanager CLI tool.

  • The Postgres.URL database connection URL will always use a nonempty Postgres.Password value as its password. Previous releases would use the password only when a {$} placeholder was present.

  • Support for the Postgres.URL placeholder {$} is deprecated and will be removed in a future release.

  • Upgrade to Pandoc 2.7.3.

  • The RSTUDIO_PANDOC environment variable can be configured in a supervisor script or with a content-specific environment variable.

    If unset, the RSTUDIO_PANDOC environment variable is automatically configured as R starts. The rmarkdown package uses this environment variable to discover the pandoc and pandoc-citeproc programs. rmarkdown versions before 1.9 use pandoc 1 and later rmarkdown versions use pandoc 2.

    A global RSTUDIO_PANDOC setting may cause problems in some environments, as not all rmarkdown package versions are compatible with all pandoc versions.

    The Applications.Pandoc1Dir and Applications.Pandoc2Dir settings offer more granular control than the RSTUDIO_PANDOC environment variable.

    Most environments should not need to customize these settings. The default configuration uses pandoc binaries that are included with RStudio Connect.

  • Jump Start examples have been added to demonstrate different types of content you can publish with RStudio Connect. These will appear on the content list page. Users can update their personal preference to show or hide the Jump Start. The Jump Start can also be accessed via the “Publish” menu on the Content page.

  • A Publishing Guide has been added to walk users through authoring different types of content and publishing them to RStudio Connect. The Publishing Guide can be accessed via the “Publish” menu on the Content page, or via the Jump Start by selecting “Get Started” on any of the examples.

  • Custom URL is now Content URL within the Access settings and includes the current URL regardless of customization.

  • When there is no content present on the Content page, users with publishing permission will be shown a message and arrow which guide toward the “Publish” menu.

  • The Open Solo link no longer appears with each item on the Content page. Instead, when viewing the details of a given item, there is now an Open Solo link available at the top of the page.

RStudio Connect 1.7.8.1

March 5, 2020

  • SECURITY: Enforce locked user restrictions for active browser sessions.

RStudio Connect 1.7.8

September 20, 2019

  • Support for Red Hat Enterprise Linux 8. RHEL 8 support uses a different RPM than used for RHEL 6/7. Please use the correct RPM for your distribution version.

    • rstudio-connect-1.2.3-4.el.x86_64.rpm - use with RHEL 6/7
    • rstudio-connect-1.2.3-4.el8.x86_64.rpm - use with RHEL 8
    • rstudio-connect-1.2.3-4.sles12.x86_64.rpm - use with SLES 12
    • rstudio-connect-1.2.3-4.sles15.x86_64.rpm - use with SLES 15
  • SECURITY: The cookie used for anonymous content access in RStudio Connect could be falsely flagged as having low entropy by security scans. An alternative encoding scheme is used to avoid this issue.

  • BREAKING/SECURITY: Authentication.Lifetime and Authentication.Inactivity have new defaults. Moving forward, users in RStudio Connect will have their credentials requested every 24 hours or if their sessions are considered inactive for more than 8 hours. To opt-out of this new behavior the settings above need to be modified with a longer duration that’s consistent with your organization’s current security policy. See the Limiting Session Lifetime section of the Admin Guide for details.

  • BREAKING: Deployments from the RStudio IDE and/or the rsconnect package now require version 0.8.3 or greater of the rsconnect package. Deployments using an older rsconnect version are prohibited and receive an error stating that the version of rsconnect is lower than the minimum version allowed. The RStudio IDE 1.1 or newer will auto-install a recent rsconnect version. You can also install from CRAN with install.packages("rsconnect").

  • BREAKING: The Applications.ExplicitPublishing setting has been removed from the configuration. Please remove references to this setting from your configuration file.

  • BREAKING: RStudio Connect will now verify on startup whether packages that have been specified in the Packages.External configuration setting are available in every detected version of R, and will fail to start if they are not available in a given version. To allow RStudio Connect to start with missing external packages, set the Packages.ExternalsCheckIsFatal flag to false.

  • BREAKING: The deprecated setting Authorization.UsersListingMinRole has been removed. Use Authorization.ViewersCanOnlySeeThemselves instead.

  • BREAKING: The deprecated setting Password.UserInfoEditableBy has been removed. Use Authorization.UserInfoEditableBy instead.

  • BREAKING: R errors that occur during rmarkdown rendering now stop the deployment process with an error. Previously, R errors would result in the error message being rendered as part of the document contents. The previous behavior can be obtained by setting chunk options for the R code chunk in the Rmd file, e.g. {r error=TRUE warning=TRUE}.

  • NOTICE: The LoadBalancing.EnforceMinRsconnectVersion setting has been removed.

  • NOTICE: The setting Applications.DisabledProtocols has been deprecated and it should be removed from the configuration file. A warning will be issued during startup in the rstudio-connect.log if the setting is in use. In the next release the presence of this setting will prevent RStudio Connect from starting up. Customers using this setting should instead use Applications.DisabledProtocol with one value per line.

  • NOTICE: The settings OAuth2.AllowedDomains and OAuth2.AllowedEmails have been deprecated and they should be removed from the configuration file. A warning will be issued during startup in the rstudio-connect.log if either setting is in use with space-separated values. In the next release the presence of either setting will prevent RStudio Connect from starting up. Customers using these setting should instead use OAuth2.AllowedDomain and OAuth2.AllowedEmail with one value per line.

  • BUGFIX: Fixes a regression introduced in the release 1.7.4 around the setting SMTP.StartTLS which would refuse to work with the option detect.

  • BUGFIX: URL-escape the Postgres.Password when replacing {$} in the Postgres.URL connection URL.

  • The Server.DefaultContentListView option lets you choose the default presentation style of the RStudio Connect dashboard content list. The expanded view includes the content image and description when available. The default compact view is a denser presentation without image or description. The RStudio Connect dashboard still allows toggling between the two views; Server.DefaultContentListView only controls the layout shown by default.

  • BUGFIX: Resolved an issue where some vanity URL comparisons were not performed in a case-insensitive manner. Proposed vanity URLs are not permitted to have existing vanity URLs as path-prefixes and vice versa. All of these path-prefix checks ignore case. Previously, some of the path-prefix tests were performed with case-sensitive comparisons.

  • BUGFIX: Resolved a backwards-compatibility problem caused by an rsconnect update. RStudio Connect ignores certain content category changes when performing Plumber and TensorFlow deployments.

  • BUGFIX: Accessing content that requires SAML authentication before logging in into RStudio Connect no longer causes a 404 error.

  • BUGFIX: LDAP authentication attempts are now reported correctly in the logs for all LDAP servers attempted under a multi-server LDAP configuration.

  • BUGFIX: The syntax of LDAP search filters is now enforced without causing service interruption. Configuration problems are reported in the logs

  • BUGFIX: A performance regression was introduced in RStudio Connect release 1.7.2 when determining which content is visible to a user based on their LDAP group membership. Connect makes better use of membership lookup results and requires fewer LDAP group queries.

  • LDAP group membership is cached for a longer period of time. The new setting LDAP.CacheTTL controls how long Connect retains group membership information about a given user. This setting has a default value of 15 minutes, meaning Connect will not re-query your LDAP server for group membership during that interval. Previous releases cached group information for 10 seconds.

  • Update the version of packrat used by RStudio Connect.

    • Support for GitLab-hosted R packages.
    • Improved caching of GitHub-hosted R packages.
    • Fix download issues for Bitbucket-hosted R packages.
  • RStudio Connect supports sharing of resources with the experimental pins package.

  • The SAML profile for the OneLogin identity provider now specifies a group attribute of Roles.

  • RStudio Connect will log a warning on startup when it detects a version of R that appears to be installed by the OS package manager. In order to preserve reproducibility and minimize rebuild time, it is recommended that each version of R needed to reproduce user environments be installed separately on the system.

  • Errors that occur while building dependencies are now parsed, summarized, and displayed as the last message in the log, in order to simplify troubleshooting unexpected deployment failures.

  • RStudio Connect now supports overriding package repositories for packrat restore with the RPackageRepository heading. To override the URL for CRAN, for example, add a new [RPackageRepository "CRAN"] heading with URL set to the URL of the replacement CRAN.

  • The Admin Metrics page includes a usage scorecard that indicates what top line RStudio Connect features you have used. This helps you understand what parts of the product your team is familiar with, and is easy to share with RStudio to help us improve Connect.

  • The support diagnostic tool now includes information about what top line RStudio Connect features you have used. Please see the Getting Started section of the Admin Guide for more information about the support diagnostic tool.

RStudio Connect 1.7.6.2

September 20, 2019

  • BUGFIX: A performance regression was introduced in RStudio Connect release 1.7.2 when determining which content is visible to a user based on their LDAP group membership. Connect makes better use of membership lookup results and requires fewer LDAP group queries.

  • LDAP group membership is cached for a longer period of time. The new setting LDAP.CacheTTL controls how long Connect retains group membership information about a given user. This setting has a default value of 15 minutes, meaning Connect will not re-query your LDAP server for group membership during that interval. Previous releases cached group information for 10 seconds.

RStudio Connect 1.7.6.1

August 29, 2019

  • SECURITY: Updated software components used by RStudio Connect in response to CVE-2019-9512, CVE-2019-9514, and CVE-2019-14809.

  • BUGFIX: Resolved an issue where redundant passwords caused RStudio Connect to crash.

RStudio Connect 1.7.6

June 20, 2019

  • SECURITY: When using built-in Password authentication, requesting a password reset via the “forgot password” link no longer fails for non-existing users to prevent malicious user enumeration.

  • SECURITY: Changes made to the email addresses in user profiles done manually or via Connect Server API will cause an email to be sent to the old email address, so the user is notified about the new email address in use.

  • SECURITY: A protection against brute force attacks has been implemented for all authentication attempts against API calls to Connect using either API keys or tokens. After a failed authentication attempt, the user may have to wait longer before trying again.

  • SECURITY: Use Password.MinimumScore to control how complex (secure) new passwords must be when using the password authentication provider. See the Password Authentication section of the Admin Guide for details.

  • BREAKING: Authorization.UsersListingMinRole has been deprecated and it should be removed from the configuration file. A warning will be issued during startup in the rstudio-connect.log if the setting is in use. In the next release the presence of this setting will prevent RStudio Connect from starting up. Customers using this setting with any value other than of the default (viewer) should use Authorization.ViewersCanOnlySeeThemselves = true instead.

  • NOTICE: RStudio Connect now records a new event to the audit logs every time a user enter their credentials into the dashboard. There are two new events:

    • A user_login event is now recorded when a user logs in to the RStudio Connect dashboard.
    • A web_sudo event is now recorded when WebSudo mode is enabled and the user asks to do a privileged operation after the WebSudo time has expired.

    Depending on your user volume, this may impact the space required by your database.

  • NOTICE: The Applications.ExplicitPublishing setting no longer alters content deployments. Content is automatically considered complete upon successful deployment. Content without a valid deployment continues to be unavailable. This behavior has been the default and is no longer configurable.

    If your environment enabled Applications.ExplicitPublishing, content with successful deployments is now considered complete and available.

    The setting Applications.ExplicitPublishing has been deprecated. Remove Applications.ExplicitPublishing from your configuration file. Future releases of RStudio Connect will not recognize this setting.

  • BREAKING: The needs_config field has been removed from the Content entity of the experimental Server API. All Content fields and endpoints to interact with content are provided in the Server API Reference.

  • BUGFIX: Historic versions of static content are again available to content viewers. The 1.7.4 release incorrectly restricted viewer access to content history.

  • NOTICE: The Server API Cookbook is now a separate guide and no longer part of the User Guide.

  • Added a New Content button to the Content page to deploy Git repositories directly to RStudio Connect. Publishers can now specify a repository, branch, and directory combination to deploy content from their public or private Git repositories. Instructions for administrators to enable or disable Git-based deployments can be found in the Admin Guide. Git-based deployment requirements for publishers can be found in the User Guide.

  • Updated packrat to better handle packages containing non-ASCII text.

  • RStudio Connect installers are now signed. Our signing key is available on the RStudio website. The Installation instructions in the RStudio Connect Admin Guide explains adding the RStudio key to your Linux distribution.

  • The new setting Authorization.ViewersCanOnlySeeThemselves increases the privacy level among viewers allowing them to see only their own profiles and the groups in which they have been added as members. Information about content and group owners is also heavily restricted.

  • The new setting Authorization.PublishersCanManageVanities allows publishers and collaborators to manage custom “vanity” URLs to content they can change. Please note that for security reasons custom URLs created by publishers must not begin with any existing usernames.

  • Obtaining links to content was made easier in various places on the dashboard. Also, content listing now visually distinguishes the content with custom “vanity” URLs.

  • The new settings Server.AuditLogFormat and Server.AuditLog may now be used to control whether audit log records are echoed to a file and, if so, in what format. See the Audit Log File Output section of the Admin Guide for details.

  • The usermanager audit command can now output the same format used in Server.AuditLogFormat with command line flags --csvlog and --jsonlog. It is also possible to filter for time period with --since and --until.

  • NOTICE: The --csv flag for the usermanager audit command is now considered deprecated. The --csvlog flag should be preferred instead.

  • When using built-in Password authentication, it’s now possible for Administrators to resend the email confirmation for new user accounts from the user profile page. For existing accounts, the admin can also send a password reset email.

  • BUGFIX: Fixed an issue where RStudio Connect would refuse to login all LDAP users with an error if the LDAP.PermittedLoginGroup setting was used with an LDAP vendor other than Active Directory and LDAP.GroupUniqueIdAttribute was not "DN" (the default).

RStudio Connect 1.7.4.3

September 20, 2019

  • BUGFIX: A performance regression was introduced in RStudio Connect release 1.7.2 when determining which content is visible to a user based on their LDAP group membership. Connect makes better use of membership lookup results and requires fewer LDAP group queries.

  • LDAP group membership is cached for a longer period of time. The new setting LDAP.CacheTTL controls how long Connect retains group membership information about a given user. This setting has a default value of 15 minutes, meaning Connect will not re-query your LDAP server for group membership during that interval. Previous releases cached group information for 10 seconds.

RStudio Connect 1.7.4.2

September 26, 2019

  • BREAKING: A vulnerability has been reported on the built-in Password authentication. Due to the risks involved, the Password authentication will now rely on the setting Server.Address for operations that will send emails. If this setting is not configured an error will occur for these operations.

  • BUGFIX: Addressed a problem introduced in 1.7.4 that prevented adjustment of “load factor” in the RStudio Connect dashboard.

RStudio Connect 1.7.4.1

May 20, 2019

  • Support for SUSE Linux Enterprise Server 15.

  • Support for SUSE Linux Enterprise Server 12 SP4.

  • BREAKING: Different RStudio Connect RPM packages are produced for different distributions. The RPM file name has changed to include information about the target distribution.

    The single RPM file name used previously

    • rstudio-connect-1.2.3-4.x86_64.rpm

    is replaced by

    • rstudio-connect-1.2.3-4.el.x86_64.rpm - use with RHEL (6/7)
    • rstudio-connect-1.2.3-4.sles12.x86_64.rpm - use with SLES 12
    • rstudio-connect-1.2.3-4.sles15.x86_64.rpm - use with SLES 15
  • BUGFIX: Update how the network dependency is declared in the systemd unit file rstudio-connect.service.

RStudio Connect 1.7.4

May 8, 2019

  • BUGFIX: RStudio Connect would fail to login when LDAP.GroupUniqueIdAttribute was used along with a value for LDAP.GroupFilterBase which excluded groups not explicitly listed by LDAP.PermittedLoginGroup. Prior to this fix, only a value of LDAP.GroupUniqueIdAttribute = DN would work. Now all values behave equally and any exclusion are reported in the logs.

  • BUGFIX: While searching for LDAP groups in RStudio Connect any groups that are no longer in LDAP but are still associated with content will be included in the results.

  • BUGFIX: Resolved an issue handling vanity URLs like “/connecting_people/” which start with “/connect” but are not beneath the “/connect/” URL hierarchy.

  • BREAKING: RStudio Connect no longer collects network information in {Server.DataDir}/metrics/rrd/network-*.rrd

  • BREAKING: The experimental content creation API no longer supports the run_as and run_as_current_user fields.

  • BREAKING: The experimental content delete API returns an HTTP 204 No Content response on success. It previously returned an HTTP 200 OK response with an empty body.

  • BREAKING: The usermanager CLI tool will fail if the command transfer is called for a target user with the role of viewer and a source user with some other role when the flag --permissions is used to transfer content permissions and email subscriptions.

  • BREAKING: Mail Settings can no longer be configured via the dashboard UI and must be defined via a configuration file. Your existing settings will be placed in a migration file until your organization is ready to move them to the main configuration file. The SMTP settings can be reloaded without restarting RStudio Connect once they have been moved to the main configuration file. See the section on Reloadable Properties of the Admin Guide for details.

  • NOTICE: Moving forward certain changes to the RStudio Connect configuration will be subject to a migration process. The configuration migration is an automatic process that does not require immediate intervention but that will need a single manual step to be completed. This can be done in a time convenient for your organization. See the section on Configuration of the Admin Guide for details.

  • NOTICE: Added support for configuring encrypted values for passwords for SMTP, PostgreSQL, LDAP and OAuth2 secrets. RStudio Connect will issue a warning in the logs if plain text values are in use for these. You can encrypt your passwords with the command rscadmin configure --encrypt-config-value. See the Command-Line Interface section of the Admin Guide for details.

  • NOTICE: The LoadBalancing.EnforceMinRsconnectVersion default is now true. Additionally, the setting has been deprecated and should be removed from the configuration file. In upcoming releases the presence of this setting may prevent RStudio Connect from starting up.

  • NOTICE: A 30-second timeout is now imposed while establishing connections to an LDAP or Active Directory server when using the LDAP authentication provider.

  • NOTICE: RStudio Connect will issue a warning in the logs if the Authentication.Lifetime, which controls the duration of an active dashboard session, is greater than the recommended value of 24 hours. Similarly, a warning will be issued in the logs if the Authentication.Inactivity setting, which controls the timeout for inactive dashboard sessions, is greater than the recommended value of 8 hours. Please note that if Authentication.Lifetime is less than 24 hours the value for Authentication.Inactivity is recommended to be less than 8 hours.

  • NOTICE: The next release of RStudio Connect will remove support for discovering R installations via /etc/rstudio/r-versions. Use the Server.RVersion property to indicate different R installations. See the R Versions section of the Admin Guide for more details about configuring your R installations.

  • NOTICE: The SAML authentication provider is now generally available and no longer in beta. The SAML section of the Admin Guide explains how you can use RStudio Connect with your SAML provider. SAML improvements in this release:

    • IdP profiles may now be used to simplify attribute mapping configuration. Profiles for Okta, OneLogin, and Azure are available and correspond to the entries in those marketplaces for RStudio Connect.
    • RStudio Connect now serves its SAML service provider metadata on the /__login__/saml endpoint.
    • Groups may be provided by the IdP in a multi-valued assertion or in a single value where the group names are separated by a string.
    • Groups may be automatically created on demand when necessary and may be removed when they become empty.
    • As users log in, they may be added to or removed from groups automatically when a groups attribute is configured. Disable this by setting the new SAML.IdPAttributeProfileGroups configuration option to false.
    • RStudio Connect now supports SAML responses encrypted by an RSA key pair.
    • The SAML setting IdPSingleSignOnPostBinding was not functional. It will now work correctly with an IdP that expects an authentication request to be made via an HTTP POST.

    See the section on SAML of the Admin Guide for more details.

  • SAML and proxied authentication providers now support generation of a user’s username from its email address without the domain for situations where a reasonable username cannot be made available from the authenticating proxy or the SAML IdP. If the result is a duplicate or prohibited username, an incremental suffix will be added. The generated username is editable and can be modified if desired.

  • RStudio Connect no longer requires an email server to be used. All email features are disabled in this state. Administrative notifications normally sent via email will be written to the log instead. Built-in password authentication will work but with limited convenience, relying heavily on administrators for user account management. This is the new state of RStudio Connect for new installations before any configuration is done.

  • Added an experimental content update API. The API cookbook in the User Guide contains examples to help you get started. See the Connect Server API Reference for detailed documentation of this endpoint.

  • Added experimental APIs that let you list deployment bundles for a piece of content, obtain bundle details, download a bundle, and delete a bundle. The API cookbook in the User Guide shows how to use these APIs to promote application changes from a staging to a production environment. See the Connect Server API Reference for detailed documentation of these endpoints. These APIs will continue to evolve in subsequent releases. Please try using them to build your own deployment tools and let your Customer Success Representative know about your experience.

  • TensorFlow Model API deployment now supports models created with TensorFlow up to version 1.13.1. To get started deploying newer TensorFlow Model APIs, update the version of libtensorflow.so using the instructions from the Getting Started section of the Admin Guide.

  • Emails sent by RStudio Connect could potentially be flagged as spam by some email providers due to the lack of To: destination. The setting Server.EmailTo has been added to address this issue. It should be used with a no-reply email address.

  • Calendar view has been added to the Schedule view page in the Dashboard Admin section. Calendar view provides an overview of the upcoming scheduled content tasks for RStudio Connect hour-by-hour and day-by-day.

RStudio Connect 1.7.2.2

July 22, 2019

  • Fixed an issue where group memberships were removed from the user after every new login attempt when using proxied authentication with manually assigned group members.

RStudio Connect 1.7.2.1

July 22, 2019

  • Corrected a data corruption in the metrics database introduced between the releases 1.6.6 and 1.6.8 that caused the upgrade from any release after the latter one to fail.

RStudio Connect 1.7.2

March 14, 2019

  • SECURITY: Fixed an issue where certain browser configurations caused environment variable values to be stored in the browser’s autofill cache.

  • BREAKING: Publishers can no longer create groups. The creation of groups by publishers without consent from an administrator made it harder to ensure limited access to content. If you want to restore the previous behavior and allow publishers to create groups use the new setting Authorization.PublishersCanOwnGroups

  • BREAKING: API requests with a malformed GUID in a path segment return a 400 Bad Request HTTP status code rather than a 404 Not Found.

  • NOTICE: When using Postgres, RStudio Connect now verifies that a minimum version of 9.4 is being used. A warning message will be logged if the version of Postgres being used is older. The 9.4 minimum version is also noted in the PostgreSQL section of the Database chapter of the Admin Guide.

  • NOTICE: Shiny App usage historical information had the started timestamp stored in the local timezone while the end timestamp was in UTC. Now both are stored in UTC, existing records will be adjusted. A large number of records may cause a noticeable delay in the upgrade.

  • BUGFIX: Addressed an issue with error handling when recording user activity into a PostgreSQL database.

  • BUGFIX: With OAuth2 authentication deriving a username from the email address would fail indicating a maximum increment when the email contained characters considered invalid for a username, such as -, or if the email was longer than 64 characters or shorter than 3. The rules for generating usernames are described the Admin Guide section for OAuth2

  • BUGFIX: LDAP usernames would be refused as duplicate, causing the login to fail if they were only to differ between uppercase/lowercase when compared to the value previously present in RStudio Connect. Now LDAP usernames are handled case-insensitively. This fix applies to proxied authentication when using a UniqueID separate from the username.

  • BUGFIX: A regression introduced in the 1.6.8 release would cause RStudio Connect to refuse to login all LDAP users with an error if the LDAP.PermittedLoginGroup setting was used with an LDAP vendor other than Active Directory. The setting now works with other LDAP vendors.

  • RStudio Connect now supports using SAML as an authentication provider to support single sign-on (SSO). Note: Support for SAML is currently in beta. Using it in production is strongly discouraged.

  • Support for user groups is now available when authenticating via proxies or when PAM or SAML are used in RStudio Connect. Groups were already supported by Password, OAuth2 (Google) and LDAP authentication providers.

  • The new setting Authorization.UserGroups can be used to disable group support and applies to all authentication providers. Please note that all groups must be removed in order to make this setting effective. RStudio Connect will issue a warning and ignore this setting if it is disabled but groups are still present.

  • Authentication via proxies now supports automatically assigning users to and removing users from groups via an HTTP header configured in ProxyAuth.GroupsHeader. Proxies should send the names of the groups the user should be made a member of. The proxy can send multiple group names either as separate occurrences of the same header or a single separated value. The separator can be set in ProxyAuth.GroupsHeaderSeparator.

  • Authentication via proxies can be optionally configured to provision groups automatically in RStudio Connect if the group does not yet exist. The setting ProxyAuth.GroupsAutoProvision allows the authentication engine behind the proxy to fully manage groups in Connect without manual intervention and without relying on calls to the Connect Server API. In this mode, groups are not removed when there are no more members in order to preserve their access to content for future members. To automatically remove empty groups created by the proxy, use the setting ProxyAuth.GroupsAutoRemoval. Please note that existing groups may need to be adjusted or removed when ProxyAuth.GroupsAutoProvision is enabled or disabled. RStudio Connect will issue a warning if groups not matching the current settings are found.

  • Switching between authentication providers is now supported. In order to fully complete the process all users and groups must be adjusted to match the new provider configuration. Additional tools were added to the usermanager to assist with this process.

  • After switching to an alternate authentication provider RStudio Connect will issue a warning if there are groups present that do not match the configuration of the new provider. These groups may not be effective and they must be adjusted via the usermanager CLI tool (--new-owner or --drop-owner switches) or removed. Groups created while using LDAP or authenticating via proxies with ProxyAuth.GroupsAutoProvision enabled will be labeled as “managed by the authentication provider” in the RStudio Connect dashboard and, unless adjusted, no members can be added or removed from those. Groups in this state can still be removed either manually via the dashboard, or via the Connect Server API or by using the usermanager CLI tool.

  • The usermanager CLI tool now supports the transfer command which will transfer owned content and groups from one user to another. Optionally, it can also do the same with group memberships (--memberships), permissions, and subscriptions to content (--permissions) and API keys (--api-keys) - this last has security implications to be considered. The usermanager transfer command also support transferring group permissions and members.

  • The usermanager CLI tool now supports the delete command which will remove permanently a user and all references to it from RStudio Connect as long as there are no remaining owned groups or content, otherwise the command fails. Alternatively, the command transfer --delete will also remove the user after the ownership transfer is complete. The usermanager delete command also supports deleting groups.

  • Expanded view is now available to all users who can view the content list. Expanded view shows content descriptions and images in addition to the information available in the familiar compact view. Please see the Content Images section of the Admin Guide and the Viewing Content section of the User Guide for more information.

  • A summary of recent usage is shown to content owners and administrators within the “Info” panel for content in the RStudio Connect dashboard. Metrics are displayed for Shiny applications and rendered/static content; usage metrics are not available for other content types. Build your own usage reports with the Instrumentation Usage APIs, which are described in the User Guide Cookbook and the Connect Server API Reference.

  • Added an experimental API permitting content deletion. See the Connect Server API Reference for details about this endpoint.

  • Added a diagnostic tool that generates an archive of system information which may be sent along with any support ticket. Please see the Getting Started section of the Admin Guide for more information.

  • Schedule view is now available by default and can be accessed in the Dashboard Admin section. Schedule view shows a sortable list of scheduled content on the server to help Administrators understand how the server resources are being used over time.

  • Python build flags in the Admin Guide have been updated to ensure that the correct libpython is always loaded.

  • The versioning scheme of the Connect Server API is now detailed in its documentation.

  • Troubleshooting PAM authentication is easier when PAM.Logging is enabled. It generates verbose logging about interaction with PAM services.

  • Troubleshooting OAuth2 authentication is easier when OAuth2.Logging is enabled. It generates verbose logging for HTTP redirects and state management.

  • R Markdown document rendering no longer supplies the intermediates_dir argument to rmarkdown::render.

  • Upgrade to Pandoc 2.3.1.

RStudio Connect 1.7.0

January 2, 2019

  • SECURITY: Fixed an issue where malformed publisher-uploaded deployment bundles could cause content to be written outside the application directory.

  • SECURITY: A protection against brute force attacks has been implemented for all interactive authentication attempts against Connect (applies to Password, PAM, LDAP). After a failed login attempt the user may have to wait longer before trying again.

  • SECURITY: All modifications to users and groups done via the usermanager alter CLI are now reported in the audit logs.

  • BREAKING: The deprecated setting OAuth2.DiscoveryEndpoint has been removed. The setting must be removed from RStudio Connect configuration or otherwise it will fail to run.

  • NOTICE: Authorization.UserInfoEditableBy replaces Password.UserInfoEditableBy which has been deprecated. The latter should be removed from the configuration file. A warning will be issued during startup in the rstudio-connect.log if the setting Password.UserInfoEditableBy is present. In upcoming releases the presence of this setting may prevent RStudio Connect from starting up.

  • The new setting Authorization.UserInfoEditableBy when used with the value of Admin will require administrator privileges in order to allow modifications to user profiles for any authentication providers. In this situation, new users will not be prompted for entering their emails during their first login. The default value for this setting is AdminAndSelf which preserves the previous behavior around user profile management and first login prompting. The fields subject to this setting vary among authentication providers.

  • The usermanager list and usermanager alter CLI now support --base64-unique-id to make it easier to interpret and modify UniqueIDs for users and groups. Binary values can also be used when --force-hex is paired with --base64-unique-id. Certain scenarios involving Active Directory require the commands to be paired with --force-ms-guid for compatibility with Microsoft GUIDs.

  • The LDAP attribute names assigned to the following settings are now handled case-insensitively:

    • LDAP.UserFirstNameAttribute
    • LDAP.UserLastNameAttribute
    • LDAP.UserEmailAttribute
    • LDAP.UsernameAttribute
    • LDAP.UniqueIdAttribute
    • LDAP.GroupNameAttribute
    • LDAP.GroupUniqueIdAttribute
  • The following LDAP attributes can now be optionally configured:

    • LDAP.UserFirstNameAttribute
    • LDAP.UserLastNameAttribute
    • LDAP.UserEmailAttribute

    If these are not present in the configuration the respective fields will become user editable. For new users, the values for these fields will remain blank until manually entered via the user edit dialog. For emails it’s possible to enter a value manually during the users’ first login unless Authorization.UserInfoEditableBy = admin is configured in which case the email will remain blank until entered by the administrator.

  • Authentication proxies can now optionally provide complete user profiles to RStudio Connect via additional headers. The following new settings should be configured in RStudio Connect to enable this functionality:

    • ProxyAuth.FirstNameHeader
    • ProxyAuth.LastNameHeader
    • ProxyAuth.EmailHeader
    • ProxyAuth.RoleHeader

    If RStudio Connect is configured to expect a user attribute contained in a header, the respective field is no longer editable via the RStudio Connect dashboard or Connect Server API and requires the proxy to send a value. If a blank value is received, it is ignored so existing values are not replaced.

  • Authentication proxies can now identify users by different means other than the username in RStudio Connect. Previously, a new username would mean a new user in RStudio Connect. Now, by using the new setting ProxyAuth.UniqueIdHeader the proxy may send a unique identity to be used instead of the username. The RStudio Connect Server API is also enabled to take an external unique identity using this setting. Existing customers willing to migrate to this new means of user identification will have to use the usermanager CLI tool to update users to the new identity.

  • OAuth2 (Google) authentication provider will no longer prompt for username on the users’ first login. It will instead derive the username from the email address without the domain. If the result is a duplicate or prohibited username, an incremental suffix will be added.

  • BUGFIX: RStudio Connect will no longer attempt to validate email addresses of external users, allowing even external users with blank emails. Previously, external users with invalid or blank email addresses would be prevented from logging into RStudio Connect. This means the authentication provider is the sole entity responsible for the validity of the email addresses. This is desired in situations where a properly configured authentication provider may be sending non-conforming email addresses that are accepted by the email server configured in RStudio Connect.

  • BUGFIX: RStudio Connect will refuse to login external users with duplicate, prohibited or invalid usernames. Users will be asked to contact the RStudio Connect administrator who will see the event in the logs. Previously the user would be allowed to login and duplicate user would be created remaining unused indefinitely. In most cases, the above happens when the user identification changes in the external authentication provider. In this scenario, the recommendation is repairing the user in RStudio Connect via the usermanager CLI tool, informing the new UniqueID value to be used. In the scenario where there are actually two distinct users with the same username, currently this is not supported in RStudio Connect.

  • BUGFIX: RStudio Connect will refuse to login external users with invalid or blank UniqueID. Users will be asked to contact the RStudio Connect administrator who will see the event in the logs. Previously this would lead to the creation of an invalid user requiring a repair via the usermanager CLI tool.

  • BUGFIX: Older versions of RStudio Connect would fail to start when previously initialized under a different schema using the same PostgreSQL database. RStudio Connect now performs a narrower check for preexisting schema and correctly starts.

  • BUGFIX: RStudio Connect will now exit with an appropriate error when it cannot read database initialization files.

  • The Shiny Application Usage API now includes a data version that describes any known issues with how the information was recorded. See the Historical Information chapter of the Admin Guide for more details.

  • The rendered/static Content Visits API allows administrators and publishers to obtain information about who is visiting their content. See the User Guide for details relating to publishers’ access to content information. See the Admin Guide for more general details concerning the information captured and how it may be accessed. See the Connect Server API Reference for more specific details on using the API.

  • An issue was identified and corrected regarding how RStudio Connect records visits to non-Shiny application content. Data recorded prior to the 1.7.0 release may contain extraneous records that will skew any analysis performed on the data. The data will correctly reflect which users visited which content but not necessarily the number of times. The Shiny Application Usage API now excludes the problematic data by default; use the min_data_version filter to include it, if desired.

  • Keys for variants are now guaranteed to be unique across the entire database. Previously, uniqueness was guaranteed only within a piece of content. In the rare event that any globally duplicate keys exist in the database, the duplicates will be reassigned new, unique values. Note that any URLs that included a duplicated key will no longer work. The audit log in the RStudio Connect dashboard will show any key reassignments that were required.

  • RStudio Connect includes experimental APIs that let you create content, obtain content details, and perform deployment operations against that content. The API cookbook within the User Guide contains examples to help you get started. The Connect Server API Reference contains the documentation for each of these endpoints. The rstudio/connect-api-deploy-shiny GitHub repository contains a Shiny application with sample deployment scripts. These APIs will continue to evolve in subsequent releases. Please try using them to build your own deployment tools and let your Customer Success Representative know about your experience.

  • It is now possible to manage groups via the Connect Server API when using password or OAuth2 (Google) authentication. For more details, see the Connect Server API Reference

  • RStudio Connect now supports limited forms of Python content, namely Jupyter Notebooks and reticulate-enabled R content. Please see the Admin Guide for details on how to enable Python support for such content.

    • Jupyter Notebooks can be deployed to RStudio Connect via the rsconnect-jupyter plugin. A notebook may be deployed either as a pre-rendered HTML document or with its code; the latter option enables Jupyter Notebooks to be rendered by RStudio Connect in a similar manner to R Markdown documents.
    • R content that uses reticulate to call Python code can be deployed with the rsconnect R package.

RStudio Connect 1.6.10

November 2, 2018

  • BREAKING: HTTP.ForceSecure now sets the Strict-Transport-Security header on all web connections.

  • BREAKING: when Authorization.UsersListingMinRole is set to administrator, then only administrators will be able to manage app ACLs, group membership, email subscription, and list users.

  • NOTICE: A post-install data update to the historical records may require several minutes to complete. RStudio Connect will be unavailable during this process.

  • Troubleshooting proxied authentication is easier when ProxyAuth.Logging is enabled. It generates verbose logging with received HTTP headers and cookies.

  • It is now possible to fully manage users via the Connect Server API. For more details, see the Connect Server API Reference

  • Content is now listed in order by recently deployed time.

  • A new setting RegisterOnFirstLogin, which, if set to false, can be used to prevent the creation of users upon their first login attempt. Default value is true. This setting is applicable for the following providers: PAM, Proxy, OAuth2, and LDAP. See the Admin Guide for more details.

  • Packrat has been updated for better package cache reuse across a variety of deployment sources. Existing deployments and already installed package versions are not affected.

  • Worker exit logging includes the name of the terminating signal.

  • The startup warning given when the server is licensed for TensorFlow Model API support but libtensorflow.so is not available has been simplified. See the Admin Guide for instructions to enable TensorFlow API support.

  • Content has an associated image that can be configured in the Info tab. The content image is only available in the Info tab. Future releases will include the image and description for content in additional views. Users who cannot view content will be unable to view the associated image.

  • The size limit for images associated with content is 10mb by default. This setting is configurable with Applications.MaxAppImageSize.

  • Added new logging to aid in the detection of instabilities involving at least one LDAP server in a multiple LDAP configuration. The following error messages indicate RStudio Connect may be unstable to some users due to LDAP failures:

    • Search results may be incomplete.
    • Access granted via groups may not work.
    • Not all group members could be retrieved.
  • The Shiny Application Usage API allows administrators and publishers to obtain information about who is visiting their applications and the length of their session. See the User Guide for details relating to publishers’ access to shiny application usage information. See the Admin Guide for more general details concerning the information captured and how it may be accessed. See the Connect Server API Reference for more specific details on using the API.

  • An issue was identified and corrected regarding how RStudio Connect records visits to a Shiny application. Data recorded prior to the 1.6.10 release may contain extraneous records that will skew any analysis performed on the data. The data will correctly reflect which users used which applications but not necessarily the number of times or time spent. You may use the from filter on the new API to exclude the problematic data, if desired.

RStudio Connect 1.6.8.2

September 18, 2018

  • Corrected an issue where LDAP configurations using LDAP.UniqueIdAttribute or LDAP.GroupUniqueIdAttribute with any value other than the default of "DN" failed to start on new installations.

RStudio Connect 1.6.8.1

September 18, 2018

  • NOTICE: It is now possible to specify the minimum TLS version using the HTTPS.MinimumTLS configuration setting.

RStudio Connect 1.6.8

September 9, 2018

  • BREAKING: LDAP.WhitelistedLoginGroup has been removed from the configuration and replaced by LDAP.PermittedLoginGroup.

  • BREAKING: Applications.EnvironmentBlacklist has been removed from the configuration and replaced by Applications.ProhibitedEnvironment.

  • BREAKING: A non-blank Server.SenderEmail that is not a valid email address will now prevent RStudio Connect from starting.

  • NOTICE: Specific TLS ciphers may be prohibited using the HTTPS.ProhibitedCiphers configuration flag. Additionally, a list of enabled ciphers will print when the RStudio Connect node starts.

  • NOTICE: The LDAP authentication provider no longer relies exclusively on distinguished names (DN) for group identification. Existing installations should continue to work as previously. It is strongly recommended that administrators migrate their group identification attribute using the new setting LDAP.GroupUniqueIdAttribute, configured with a value suitable for the organization’s LDAP server. A warning will be logged if the setting is not present or if the default value of "DN" is used. In an upcoming release to be determined, the new setting will be required on startup. See the LDAP and Active Directory section in the Admin Guide for information about configuring the LDAP.GroupUniqueIdAttribute and migrating groups.

  • NOTICE: LDAP groups will become inaccessible to users or be duplicated in the uncommon case where a groups’s distinguished name (DN) changes. See the Command Line Interface (CLI) section for usermanager in the Admin Guide for instructions on how this condition can be detected and the affected groups repaired.

  • The title associated with content can be edited in the Info tab. NOTE: The RStudio IDE may not reflect changes to title at this time.

  • Content has an associated description that can be edited in the Info tab. Administrators can view this description even when not explicitly a viewer of the content itself.

  • It is now possible to create local users for password, PAM, and proxy providers via the Connect Server API. For more details, see the Connect Server API Reference

  • It is now possible to update user information via the Connect Server API. For more details, see the Connect Server API Reference

  • RStudio Connect may be configured to suppress the display of version and build numbers using the new Server.HideVersion setting.

  • R Markdown reports have access to metadata such as their subscription URL via environment variables. The list of available variables and more details are available in the User Guide

  • The usermanager list CLI will list the users’ or groups’ distinguished names (DN) if the configured authentication provider is LDAP.

  • The usermanager alter CLI also accepts --user-guid to identify a user with a blank username. GUIDs may be obtained with usermanager list.

  • The usermanager list and usermanager alter CLI now support --groups and other options to support managing groups and repairing access to LDAP groups in Connect.

  • R Markdown reports are allowed to produce output files nested beneath the rendering working directory. Subdirectories were previously prohibited.

  • The xhr-streaming SockJS transport has been disabled for the Microsoft Edge browser to fix an issue involving Shiny application unresponsiveness.

RStudio Connect 1.6.6.1

August 1, 2018

  • Fixed a regression introduced in the 1.6.0 release where some deployment errors were not recognized and reported by the RStudio IDE.

RStudio Connect 1.6.6

July 25, 2018

  • BREAKING: All URLs referring to users and groups now use GUIDs. Any bookmark to a user or a group needs to be updated. For the password authentication provider, user confirmation emails sent before upgrading will no longer work. Users needing to confirm their accounts should request a password reset.

  • BREAKING: usermanager alter --force flag has been renamed to --force-demoting.

  • NOTICE: The Applications.EnvironmentBlacklist configuration setting has been deprecated in favor of the Applications.ProhibitedEnvironment setting. Applications.EnvironmentBlacklist will be removed in the next release.

  • NOTICE: The LDAP.WhitelistedLoginGroup configuration setting has been deprecated in favor of the LDAP.PermittedLoginGroup. setting. LDAP.WhitelistedLoginGroup will be removed in the next release.

  • NOTICE: The LDAP authentication provider no longer relies exclusively on distinguished names (DN) for user identification. Existing installations should continue to work as previously. It is strongly recommended that administrators migrate their user identification attribute using the new setting LDAP.UniqueIdAttribute, configured with a value suitable for the organization’s LDAP server. A warning will be logged if the setting is not present or if the default value of "DN" is used. In an upcoming release to be determined, the new setting will be required on startup. See the LDAP and Active Directory section in the Admin Guide for information about configuring the LDAP.UniqueIdAttribute and migrating users.

  • NOTICE: LDAP users will become inaccessible or duplicated in the uncommon case where a user’s distinguished name (DN) changes. See the Command Line Interface (CLI) section for usermanager in the Admin Guide for instructions on how this condition can be detected and the affected users repaired.

  • It is now possible to list local users via the Connect Server API. For more details, see the Connect Server API Reference and the Connect Server API Cookbook

  • It is now possible to prohibit certain user roles, such as “viewer”, from listing users other than themselves by using the new setting Authorization.UsersListingMinRole. Limited users still have access to the lists of collaborators and viewers on content they can view, as well as access to those users’ profiles.

  • The usermanager alter CLI now accepts --yes to skip confirmation making it easier to be used by scripts. This flag should be used with caution.

  • The usermanager alter CLI also accepts --user-id to identify a user with a blank username. IDs may be obtained with usermanager list.

  • The usermanager alter CLI now supports --lock and --unlock to manage a user’s locked state.

  • Connect now validates that its configured temporary directory can contain executable content. This helps to identify situations when /tmp or the alternative temporary directory is mounted with the noexec option. Customize Server.TempDir if the default temporary directory cannot be used for executable content. See the Admin Guide for more information about the temporary directory given to R processes.

  • External fonts in the UI are eliminated. The default font-family has been updated, with the exception of the Google OAuth2 login page.

  • Emailing and opening reports in solo view previously emailed or opened the most recent version of the report. Now, these tasks will email or open a historical report as well.

  • RStudio Connect may now be configured to restrict which types of content access controls are available to users and administrators using the settings Applications.MostPermissiveAccessType and Applications.AdminMostPermissiveAccessType respectively. All access types, including “Anyone”, are permitted by default. See the Admin Guide for details and examples.

  • Information about user logins, RMD and static content usage and node up-time are now recorded to the instrumentation database. To learn more about the types of historical events that are logged, see the Admin Guide.

  • RStudio Connect may be configured to set the Secure flag on all cookies issued from its HTTP listener using the new HTTP.ForceSecure flag. This provides extra security when running RStudio Connect behind a HTTPS-terminating proxy.

  • Images and plots may now be embedded in custom HTML email. See the User Guide for details and examples.

  • TensorFlow support has been updated for TensorFlow 1.9. Please update libtensorflow.so to the latest version for full functionality.

RStudio Connect 1.6.4.2

July 23, 2018

  • SECURITY: An important security issue was fixed. Customers should update at their earliest convenience.

RStudio Connect 1.6.4.1

July 23, 2018

  • NOTICE: When using the PostgreSQL database provider, RStudio Connect would intermittently cause an error page to appear when user sessions expired. This should no longer occur.

RStudio Connect 1.6.4

June 13, 2018

  • BREAKING: Pandoc 2 is used with rmarkdown versions 1.9 or higher. Pandoc 1 is still used for older rmarkdown. The pandoc and pandoc-citeproc commands in the PATH correspond to these versions. Content that does not use rmarkdown will have the newer pandoc available.

  • BREAKING: RStudio Connect now renders documents in a temporary directory containing the report source. Processes concurrently rendering the same source no longer risk simultaneously writing to the same on-disk location. R Markdown documents can no longer assume that files written during a render will be present the next time the report executes.

  • Support for Ubuntu 18.04.

  • The systemctl reload command is supported by the RStudio Connect systemd service definition (Red Hat/CentOS 7, SUSE 12, Ubuntu 16.04, and Ubuntu 18.04).

  • The RStudio Connect Ubuntu installers now depend on mime-support. The Red Hat Enterprise Linux/CentOS/SUSE Linux Enterprise depend on the /etc/mime.types file (satisfied by either the mailcap or aaa_base packages).

  • Primary documents no longer trigger a download on each visit if they cannot be displayed by browsers. RStudio Connect identifies that the client browser is unable to show the file and shows a download page. This change makes it easier to publish and manage R Markdown documents which produce output files that are not browser-friendly, such as Word documents or PowerPoint presentations.

  • R Markdown reports can customize the body of the message when emailed. The body can be text or HTML. Set the body in code by using the rmarkdown::output_metadata$set function to give a value to rsc_email_body_text or rsc_email_body_html. Set a default value for rsc_email_body_text or rsc_email_body_html in the rmd_output_metadata section of the YAML header. See the User Guide for more information. Requires rmarkdown version 1.8.6 or newer.

  • Log downloads include the full process output and are not size-limited. The RStudio Connect dashboard continues to show only the most recent log output from a process.

  • Administrators can filter the users list by multiple account statuses. Non-administrators cannot filter by account status.

  • The users list displays the last day each user was active.

  • When using password authentication ‘unconfirmed’ status is displayed in the users list and the user’s profile.

  • R installation scanning now reads through symbolic links beneath the /opt/R and /opt/local/R directories. More information is available in the Admin Guide

  • Information about a user visiting and leaving a Shiny app is now recorded in the database. The information recorded is not currently exposed in either the dashboard or an API; this will be addressed in an upcoming release. See the Admin Guide for more information.

  • The RStudio Connect dashboard now includes interactive labels for tag filters in the content listing view.

RStudio Connect 1.6.2

May 8, 2018

  • SECURITY: The X-Frame-Options HTTP header again defaults to DENY for all Connect resources that are not user content. RStudio Connect version 1.4.2 incorrectly removed the header from some responses.

  • NOTICE: The configuration setting DiscoveryEndpoint for [OAuth2] has been deprecated and it should be removed from the configuration file. A warning will be issued during startup in the rstudio-connect.log if the setting is present. In upcoming releases the presence of this setting may prevent RStudio Connect from starting up.

  • BUGFIX: The startup check for a valid Applications.Supervisor now allows supervisors that create output.

  • The content list in the RStudio Connect dashboard now retains filter selections when the user navigates to another part of the dashboard and returns. Filters can only be cleared using the “Reset all filters” link.

  • Environment variables set during PAM session creation will now be injected into the sandboxed R environment. This should simplify locating a Kerberos ticket when the PAM service creating the ticket forwards the ticket filename as an environment variable.

  • TensorFlow support has been updated for TensorFlow 1.8. Please update libtensorflow.so to the latest version for full functionality.

  • R Markdown reports have access to the default subject through the RSC_EMAIL_SUBJECT environment variable. A report’s R code chunks can add context to your email subject while still preserving that default, published report name. See the User Guide for more information. Requires rmarkdown version 1.8.6 or newer.

  • R Markdown reports can indicate that the generated report should not be attached to email messages. Use the rmarkdown::output_metadata$set function to give a logical (Boolean) value to rsc_email_suppress_report_attachment. Set a default value for rsc_email_suppress_report_attachment in the rmd_output_metadata section of the R Markdown YAML header. See the User Guide for more information. Requires rmarkdown version 1.8.6 or newer.

  • R Markdown reports can indicate that email should not be sent after a scheduled rendering. Use the rmarkdown::output_metadata$set function to give a logical (Boolean) value to rsc_email_suppress_scheduled. Set a default value for rsc_email_suppress_scheduled in the rmd_output_metadata section of the R Markdown YAML header. See the User Guide for more information. Requires rmarkdown version 1.8.6 or newer.

  • Public API documentation (accessible via the Connect Server API Reference link on the Documentation tab of the Connect dashboard) is now provided in Swagger and HTML forms only; support for API Blueprint has been removed. The Swagger document is available in JSON and YAML formats. This brings numerous content enhancements to the HTML page. See the Connect Server API Reference

  • Audit Logs are now accessible via the Connect Server API. For more details, see the Connect Server API Reference and the Connect Server API Cookbook

  • Administrators can filter the users list to see locked and inactive users as well as licensed accounts. Non-administrators cannot filter by account status.

  • Users are now represented by a monogram icon and no longer use Gravatar.

  • The new configuration setting Authentication.Notice may be used to display a message to the user at the login page, the user information completion page, and the user registration page.

  • Additional validation to ensure that Server.Address is a well-formed URL with protocol and host. URLs like http://connect.company.com:3939/ and https://proxy.company.com/connect/ are accepted.

  • The R_LIBS environment variable is configured for R processes running deployed content. The R_LIBS environment variable helps child R processes use the R package library associated with that content.

RStudio Connect 1.6.0

April 4, 2018

  • BREAKING: RStudio Connect no longer supports Internet Explorer 10.

  • BREAKING: RStudio Connect no longer supports Ubuntu 12.04.

  • SUSE Enterprise Linux 12 SP3+ Support (previously Beta).

  • TensorFlow Model API deployment support (previously Beta).

  • TensorFlow support has been updated for TensorFlow 1.7. Please update libtensorflow.so to the latest version for full functionality.

  • Beta public support for the Connect Server API. Current functionality includes querying available R versions.

  • The categorization of content can not change after initial deployment. A single-file static content deployment cannot become a site. A plot cannot become a static report. Content with different characteristics must be deployed to a separate location.

  • A report without parameters cannot be converted into a parameterized report after initial deployment. The parameterized version must be deployed as a separate piece of content.

  • The default value for the Server.CompilationConcurrency setting is derived from the number of available CPUs with the formula max(1, min(8, (cpus-1)/2)). This property controls the number of concurrent C/C++ compilations during R package installation. This change makes it less likely for package installs to encounter memory capacity issues on lightweight hosts while allowing more concurrency on high-capacity servers. The Admin Guide contains more information about package management.

  • The user list can be filtered by role and locked status.

  • The Admin Metrics page includes graphs for active logins and active Shiny users.

  • The Scheduler.MaxProcessesLimit setting specifies highest value allowed for the per-application MaxProcesses setting. The default value is 20, meaning an application cannot be configured with a MaxProcesses setting greater than 20. Applications without a custom MaxProcesses setting still default to using Scheduler.MaxProcesses (with a default of 3).

  • The default value for Scheduler.MinProcessesLimit has been reduced from 20 to 10. This setting specifies the highest value permitted for the per-application MinProcesses setting.

  • The list of currently installed R versions is now shown to administrators and publishers at the bottom of the left navigation bar.

  • Forward X-Forwarded-For HTTP header into Shiny sessions so that the header can be accessed on the Shiny session via session$request[["HTTP_X_FORWARDED_FOR"]].

  • Login links are now hidden in 404 errors and in the Welcome page when proxied authentication is used.

  • LDAP DNs can now be altered by the usermanager CLI.

  • R Markdown reports can specify output files that will be available via HTTP. Set a list of output file names in code by using the rmarkdown::output_metadata$set function to give a value to rsc_output_files. Set a default value for rsc_output_files in the rmd_output_metadata section of the YAML header. See the User Guide for more information. Requires rmarkdown version 1.8.6 or newer.

  • R Markdown reports can specify files that should be attached to emailed reports. Email-attachment files will also be available via HTTP, because they are also output files. Configuration is similar to rsc_output_files, except the name is rsc_email_attachments. See the User Guide for more information. Requires rmarkdown version 1.8.6 or newer.

  • The Applications.RunAs setting is now verified to exist and have execution permissions during server startup. If the verification fails, the server will not start.

  • The Applications.Supervisor setting, if specified, is now verified during server startup. If the verification fails, the server will not start.

RStudio Connect 1.5.14

February 26, 2018

  • BREAKING: Applications.ConnectionTimeout and Applications.ReadTimeout have been removed from the configuration. They have been replaced with Scheduler.ConnectionTimeout and Scheduler.ReadTimeout respectively.

  • Beta support for deploying RStudio Connect on SuSE Linux Enterprise Server version 12sp3 and higher.

  • KNOWN ISSUE: On SuSE, the license-manager prints warnings stating libcrypto.so.10 has no version information available.

  • Beta support for hosting TensorFlow Model APIs. Hosting of TensorFlow Model APIs is available on Standard and Enterprise licenses. See the Admin Guide for more information. If you believe there has been a mistake for your license, please contact RStudio Support ().

  • Plumber API support (previously in Beta).

  • The license expiration warning shown to publishers and administrators in the RStudio Connect dashboard can be turned off. When Licensing.ExpirationUIWarning is disabled, expiration messages are not shown.

  • Environment variables for executable content can be configured in the RStudio Connect dashboard. Values assigned to environment variables are available from within your R code using the Sys.getenv function. Environment variables are a good way to specify configuration that you do not wish to embed in your code. For example, you may use them to supply keys to HTTP APIs, database credentials, or other kinds of sensitive data.

  • R Markdown reports can control the subject line when emailed. Set the subject in code by using the rmarkdown::output_metadata$set function to give a value to rsc_email_subject. Set a default value for rsc_email_subject in the rmd_output_metadata section of the YAML header. See the User Guide for more information. Requires rmarkdown version 1.8.6 or newer.

  • The -unstable flag has been removed from the migrate utility’s rebuild-packrat command

  • KNOWN ISSUE: The migrate rebuild-packrat -force command causes scheduled reports to send failure email if they execute while the migration is running.

RStudio Connect 1.5.12.1

January 24, 2018

  • NOTICE: The license-manager installed with the RStudio Connect 1.5.12 release recorded licensing information incorrectly. This issue only affects installations where the initial activation of a license was performed using the 1.5.12 version of the license-manager. You are unaffected if you had a previous release and upgraded to 1.5.12.

    You can determine if you are affected by this issue by running the following command as a non-elevated user (not as root):

    /opt/rstudio-connect/bin/license-manager verify

    If this command fails to show your licensing details, you are experiencing this issue. Please contact RStudio Support () for help with your license activation.

RStudio Connect 1.5.12

January 11, 2018

  • BREAKING: RequireExternalUsernames and AdminEditableUsernames have been removed from the configuration. Please remove these (if set) from your configuration file.

  • BREAKING: The Applications.ConnectionTimeout configuration setting has been deprecated in favor of the Scheduler.ConnectionTimeout setting. Applications.ConnectionTimeout will be removed in the next release.

  • BREAKING: The Applications.ReadTimeout configuration setting has been deprecated in favor of the Scheduler.ReadTimeout setting. Applications.ReadTimeout will be removed in the next release.

  • NOTICE: Multi-host clustered installations MUST fully shut-down running instances of RStudio Connect before attempting to perform an upgrade. Update one host at a time.

  • NOTICE: We recommend backing-up your RStudio Connect data prior to performing any update.

  • KNOWN ISSUE: With Web Sudo Mode enabled, a user who fails to complete their account information in the provided WebSudoModeDuration will be redirected to the login page, and sent back to the user completion page with none of their previous work saved. Thus, a Web Sudo duration below 1 minute could be frustrating for new users. This is planned to be fixed in the next release.

  • KNOWN ISSUE: In LDAP Authentication mode, a user without an email address in their LDAP record will be presented a user completion page and asked to enter their email address, which will be subsequently rejected with an error indicating that their email address is managed by the authentication provider. This may cause some minor confusion among users.

  • The directory hierarchy containing rendered outputs has been restructured. Directories of the form {Server.DataDir}/reports/APP_ID.VARIANT_ID are now of the form {Server.DataDir}/reports/v2/APP_ID/VARIANT_ID/RENDERING_ID. This directory change is internal to how RStudio Connect manages rendered documents. All content continues to be available and accessible. The directory hierarchy transformation occurs when RStudio Connect starts.

  • RStudio Connect retains previous R Markdown document renderings after new ones are produced. This means that yesterday’s version of a nightly report is still available. Renderings are kept until they are older than the configured Applications.RenderingSweepAge or the associated report has more than Applications.RenderingSweepLimit renderings. Renderings are swept at regular intervals according to Applications.RenderingSweepFrequency. The active rendering is always retained.

  • Users can view previous R Markdown document renderings in the RStudio Connect dashboard. The “History” menu item lists the available renderings associated with a report. Selecting one of those renderings shows the document at that point-in-time. History is also available for Parameterized reports. Each parameterized output has its own associated rendering history. Historical renderings are subject to the same access control rules as the active document rendering.

  • Users can view previous versions of deployed static content (documents published without source, plots, and HTML) in the RStudio Connect dashboard. The “History” menu lists the deployments for that content. Selecting a deployment shows the content at that point-in-time. This older content can be activated via the “Source Versions” menu. Historical content is subject to the same access control rules as current content.

  • A new configuration option has been added to password authentication provider. This configuration, UserInfoEditableBy, sets the permissions of who is able to edit the user attributes for a given user. See configuration documentation for more info.

  • Links between documents in a multi-document Shiny R Markdown deployment no longer bind the linked target document to the same process as the linking document. If your Shiny R Markdown documents rely on shared in-process state, disable the Applications.ShinyIsolation setting.

  • The usermanager cli now allows you to manage more user attributes other than user role.

  • The RStudio Connect dashboard shows a notification to administrators and publishers as license expiration nears.

  • The RStudio Connect dashboard permits customization of idle, init, connection, and read timeouts. These settings override the corresponding application settings from the Scheduler configuration section.

  • SECURITY: Added support for Web Sudo Mode, which is enabled by default in the Password, PAM, and LDAP authentication providers. After a configurable WebSudoModeDuration, a user will be asked to re-enter their password when attempting to undertake sensitive actions: Altering users, altering their API keys, and creating/claiming tokens (pairing with the IDE). This limits the destructive capabilities of an attacker who obtains access to a user’s active web session; for example: by discovering unsecured hardware where a user has logged in and left the device unattended.

RStudio Connect 1.5.10

December 1, 2017

  • BREAKING: Shiny R Markdown documents are executed with a cleaner R environment. RStudio Connect 1.5.8 and earlier define variables in the environment used to execute Shiny R Markdown documents. Together with rmarkdown version 1.7, this could cause the definitions of some functions to be incorrectly masked (such as dplyr::filter). Users of these RStudio Connect versions should use rmarkdown versions prior to 1.7, as earlier rmarkdown versions did not expose its calling environment. The change to how rmarkdown prepares its environment was tracked by Issue #1124

  • BREAKING: Enabling both Authorization.AdminEditableUsernames and the provider-specific RequireExternalUsernames flag is an invalid configuration and will cause RStudio Connect to fail to start. Authorization.AdminEditableUsernames is now disabled by default.

  • Due to a change in the way RStudio Connect tracks web sessions, users will be required to log in again after upgrading RStudio Connect because their sessions will be invalidated. Connections to RStudio Desktop, RStudio Server, and RStudio Server Pro are unaffected.

  • The /tmp and /var/tmp directories are no longer fully masked during R execution. Processes each use a distinct temporary directory that is available via the TMPDIR environment variable. Applications requiring a temporary file or directory are encouraged to utilize this environment variable or the R functions tempdir and tempfile. See the Admin Guide to learn more about the R execution environment.

  • Connect can be made to use an alternative temporary directory by setting Server.TempDir. A common reason to set this flag is when /tmp or equivalent is mounted with the noexec option. The default value for this setting is to use the directory specified by the TMPDIR environment variable, falling back to /tmp. See the Admin Guide for more information about the temporary directory given to R processes.

  • BREAKING: There was an issue where the RStudio IDE could fail to deploy to an RStudio Connect server behind an authenticated proxy (Authentication.Provider configured as proxy). Users deploying to this server configuration must update to use at least version 0.8.7 of the rsconnect package. Server administrators should ensure that the authentication proxy is configured according to the rules laid forth in the Admin Guide.

  • Proxied authentication supports anonymous access by treating requests with no authentication information as an anonymous user. Also reject any request that contains both X-Auth-Token and X-Auth-Username which might indicate a malicious/forged request.

  • Improved scheduled report processing. If Connect or its server is halted while a report is running, work is re-attempted once Connect is restarted or on another Connect node (in a cluster).

  • Configuration error messages include the section and field name which fails to process.

  • Fixed issues where links in some Shiny applications and Shiny R Markdown documents were broken or caused application load issues.

  • The SQLite database provider now periodically snapshots the database while running. By default, 3 backups are retained and a new backup is taken every 24 hours. To disable this, change the SQLite.Backup configuration option to false.

  • BUGFIX: Do not permit partial database initialization. The RStudio Connect database could be incompletely initialized if the server was stopped immediately after installation (as is common in some provisioning environments).

  • Improved error logging for OAuth2 and configuration file issues.

  • BUGFIX: Don’t display the Sign Up link if Password.SelfRegistration is false.

  • BUGFIX: Properly capture the standard output and standard error for R processes that emit very long lines (longer than 64k characters).

RStudio Connect 1.5.8

October 24, 2017

  • BREAKING: The format of the RStudio Connect package file names have changed. Debian package file names have the form rstudio-connect_1.2.3-7_amd64.deb. RPM package file names have the form rstudio-connect-1.2.3-7.x86_64.rpm. In addition, the RPM meta-data will have a “version” of “1.2.3” and a “release” of “7” for this file name. Previously, the RPM would have had a “version” of “1.2.3-7”.

  • Enabled support for Shiny reconnects. Users of shiny applications are less likely to be interrupted during brief network hiccups. The Client.ReconnectTimeout property specifies how long that session is maintained when there is connectivity trouble. The default setting is 15s. See this article to learn more about reconnecting to Shiny applications. Disable this feature by giving the Client.ReconnectTimeout property a value of 0.

  • The browseURL R function is disabled when executing deployed content. Use techniques like the Shiny shiny::tags$a function to expose links to application visitors.

  • The LDAP.UserFilterBase and LDAP.GroupFilterBase settings allow more flexibility when searching for user and group objects in complicated LDAP hierarchies. They default to the LDAP filter clauses objectClass={UserObjectClass} and objectClass={GroupObjectClass}, respectively.

    If users are identified by two separate objectClass values, you might use the configuration:

    [LDAP]
    UserFilterBase = &(objectClass=user)(objectClass=statistician)

    You can disqualify an objectClass value with the configuration:

    [LDAP]
    UserFilterBase = &(objectClass=user)(!(objectClass=computer))
  • The OAuth2.ClientSecret and OAuth2.ClientSecretFile properties are now mutually exclusive. It is an error if both are configured.

  • LDAP configuration’s BindDN password can now be stored in an external file using the new BindPasswordFile field. The file specified in that field can be given more restricted permissions (e.g., 0600 on Unix) for added security.

  • Previously, usernames could not be edited when using the LDAP authentication provider by default or if the Authentication.RequireExternalUsernames flag was set to true. Now, user email, first name, and last name are also not editable for this configuration.

  • KNOWN ISSUE: Using the LDAP authentication provider, with Authentication.RequireExternalUsernames set to false, a user will not be able to create an account if the authentication provider has no entry for the user’s LDAP.UsernameAttribute field.

  • Connect administrators now receive email as license expiration nears. Email is sent when the license is sixty days from expiring. Disable this behavior through the Licensing.Expiration setting.

  • Resolved a bug in the version of the rebuild-packrat command-line tool that was released in v1.5.6. Previously, the migration utility would render static content inaccessible. This release fixes this behavior and adds support for running this CLI tool while RStudio Connect is online. However, due to the discovery of new defects, the utility is disabled by default and is not recommended for production use until further notice. Those wishing to attempt to use the utility anyway should do so on a staging server that can be safely lost, and all content should be thoroughly tested after it has completed. See the Admin Guide for more details.

  • Faster LDAP group membership lookups by requiring fewer connections to the LDAP server.

  • Fixed an issue with account confirmations and password resets for servers using non-UTC time zones.

  • Updated Packrat to handle old Packrat caches better. This should improve functionality for early users of RStudio Connect.

  • LDAP now updates user email, first name, and last name every time a user logs in.

  • BREAKING: Changed the default value for PAM.AuthenticatedSessionService to su. Previously, on some distributions of Linux, setting PAM.ForwardPassword to true could present PAM errors to users when running applications as the current user if the AuthenticatedSessionService was not configured. System administrators who had previously edited the rstudio-connect PAM service for use in ForwardPassword mode should update the PAM.AuthenticatedSessionService configuration option. See the Admin Guide

RStudio Connect 1.5.6.2

October 11, 2017

  • Additional improvements to SMTP mail sending.

  • Disabled the migration utility by default due to its failure to successfully migrate static content. The utility may be run at the user’s own risk with a documented command line flag. A fix will be released with a subsequent release.

RStudio Connect 1.5.6.1

October 11, 2017

  • Fix an issue when performing the “LOGIN” SMTP authentication mechanism.

RStudio Connect 1.5.6

September 6, 2017

  • BREAKING: Running content as the current user is now disabled for content other than Shiny Applications or Shiny R Markdown Documents. Reports will execute as the application RunAs, falling back to the system Applications.RunAs if none is specified.

  • Content deployment no longer requires explicit publishing. New content is available immediately after it is deployed and visible only to the owner. Enable the Applications.ExplicitPublishing setting to revert this behavior.

  • Support for running R in authenticated PAM sessions that use the cached credentials of the current user. This can be used to expose resources requiring Kerberos authentication to running R processes securely and seamlessly. See the Admin Guide

  • Heterogeneous server migrations are now supported, allowing administrators to upgrade their distribution or change to a different (supported) Linux distribution. See the Admin Guide for more details.

  • Administrators are now able to toggle the content filtering settings to enumerate all content on the server so that they can manage settings, regardless of whether or not they have visibility into that content. The permissions here are unchanged; the administrator will not be able to view the content itself without adding themselves as a viewer or collaborator of the content, which is an audited action.

  • In highly available deployments, runtime settings of content now propagates to all nodes in the cluster, ensuring that applications are run with the appropriate configuration. The only remaining exception is if you change which Unix account runs the content, that change will still not cause all nodes in the cluster to terminate their existing processes which may be running as a now-outdated user.

  • The migrate CLI now supports rebuilding the Packrat cache for all deployed content and manually checking the permissions of the working directories of all content. See the Admin Guide for more details.

  • Shiny error sanitization is enabled by default. Disable the Applications.ShinyErrorSanitization setting to revert this behavior. See this article for more information about Shiny error sanitization.

  • Improved LDAP group lookup performance on large LDAP servers that don’t support memberof. Additionally, improved LDAP logging and error handling.

  • The LDAP.WhitelistedLoginGroup property is now documented and is no longer case-sensitive.

  • User creation is now consistently audited across all authentication providers.

  • Check content working directories for permission errors on server startup.

  • On a failed attempt to deploy content, the browser will now immediately show the logs tab of the content.

  • SECURITY: Duplicate proxied authentication headers are now rejected with a generic authentication failure. Administrators have always been advised to configure their proxy to delete existing authentication headers from incoming requests, and should continue to do so. See the Admin Guide for more details.

  • SECURITY: Increased the strictness of URL redirects, ensuring that only valid Connect URLs are eligible targets of a redirect.

  • SECURITY: Added support for a challenge-response (CAPTCHA) to help mitigate brute-force attacks on users’ passwords. Set [Authentication].ChallengeResponseEnabled to true to enable this feature.

  • The subject prefix for all outgoing emails is now configurable using the [Server].EmailSubjectPrefix setting. The default is still [RStudio Connect].

  • Known Issue: Ubuntu Trusty (14.04): systemd-logind was mistakenly identifying R processes as lost children of a closed login session and terminating them, yielding error code 129. The admin guide has been updated with a workaround. See the Admin Guide for more details.

  • Relaxed email validation at signup to support more TLDs.

RStudio Connect 1.5.4

August 3, 2017

  • Each user can now create and manage personal API keys. These keys allow users to make authenticated requests to the server programmatically. For instance, users could leverage an API key to send requests to an authenticated Plumber API.

  • Experimental support for Shiny reconnects. Turn this feature on by configuring Client.ReconnectTimeout. Reconnects allow clients that get disconnected from their Shiny session to reconnect to an existing Shiny session. This ensures that Shiny users aren’t interrupted if there’s a network hiccup.

  • Experimental support for a multi-node, highly available, load-balanced RStudio Connect deployment. This new feature is experimental and does have the following known bugs:

    1. If you delete an application or variant, all running instances of that application will continue to run until they stop on their own (either the process completes or it’s been idle for a long enough period of time)

    2. If you change who runs this application on the server while an application is running, the current processes may continue to run as the previous user, while new processes will start with the intended user. Because of this, it is possible to see a mixture of R processes running as different users for the same application. Processes started using the previously configured user may remain running until Connect is restarted.

    3. Application runtime settings such as max processes, min processes, connection per process, load factor, and idle timeout may not take immediate effect across all nodes. New processes will use the updated settings. Existing processes will eventually see the changes; this is dependent on the amount of traffic targeted to that content. This will be especially noticeable when an application has a non-zero minimum number of processes.

  • Authentication sessions used by Connect are more secure. This change requires all users to re-authenticate the first time they visit an upgraded server running this version.

  • Session inactivity can optionally invalidate a login session. See the Authentication.Inactivity setting for more details.

  • Support external R packages. This allows you to install an R package in the global system library and have deployed content use that package rather than trying to rebuild the package itself. This can be used as a workaround for packages that can’t be installed correctly using Packrat, but should be viewed as a last resort, since this practice decreases the reproducibility and isolation of your content. See the Admin Guide for more details.

  • Display a warning to users when RStudio Connect is not using HTTPS. This behavior can be disabled using the HTTP.NoWarning setting.

  • Upgraded to a new version of our license managing software which should minimize issues with licensing and also report errors more clearly.

  • Added experimental support for floating licenses which can be used to support transient servers that might be running in a Docker or virtualized environment. Please contact RStudio Support () if you’re interested in helping test this feature.

  • Connect now kills all of its child processes when the server is stopped or restarted. Document rendering processes will no longer continue running in the background.

  • Added caching for LDAP group queries. This will make it much faster for users who inherit access to content by group membership to access content.

  • When searching for a user, we now perform a search for the whole query rather than just searching for the individual words in the query. This will improve search performance in environments which use multi-word user properties.

  • Make a “best-effort” attempt at supporting HTTP proxies that do not provide the X-RSC-Request HTTP header which was previously required. See the Admin Guide for more details.

  • Delete any incoming Authorization HTTP header before proxying the request to a Shiny application or Plumber API. This avoids leaking sensitive headers to applications.

  • Administrators are no longer permitted to upload or deploy bundles unless they are either an owner or collaborator for the content they’re publishing to.

  • Automatically display the Swagger UI for Plumber APIs that don’t define their own GET handler for /.

  • Support caching of PAM passwords to inject into PAM sessions to facilitate environments like Kerberos that require injecting passwords. See the Admin Guide for more details.

  • Provide ways of injecting http_proxy and https_proxy information into R processes. By default, if these are visible as environment variables to the main Connect process, they’ll also be set for each child R process. See the Admin Guide for additional information.

  • RStudio Connect detects when the version of R has changed and communicates the need to restart the server.

  • If a user is abruptly logged out while active on the RStudio Connect dashboard, they’ll now be forwarded to the login page.

  • Prompt users for their existing password when they go to change passwords.

  • Improved the presentation of graphs on the RStudio Connect dashboard Admin Metrics page.

  • Formalize that versions of R version 3.1.0 and above are supported.

  • Upgrade Pandoc to version 1.19.2.1

RStudio Connect 1.5.2

July 20, 2017

  • BREAKING: Any private variants configured to send email to users other than the owner of the variant will no longer receive those emails.

  • BREAKING: The LDAP, PAM, and Proxy authentication providers now require by default that a valid username is received from the provider. If a valid username is not received from the provider, an error will be thrown. If you wish to revert to the less restrictive behavior where the user is prompted for a valid username, please use the RequireExternalUsernames = false configuration setting for your authentication provider.

  • PostgreSQL support (previously in Beta).

  • Beta support for hosting Plumber APIs. Hosting of Plumber APIs is available on Standard and Enterprise licenses. See the Admin Guide for more information. If you believe there has been a mistake for your license, please contact RStudio Support ().

  • Relaxed the username requirements for the LDAP, PAM, and Proxy authentication providers. These providers now accept any username, excepting a list of prohibited usernames. See the Admin Guide for details.

  • Added basic content search.

  • SECURITY: LDAP authentication forbids empty passwords.

  • Made authentication cookies used by Connect more secure which will require all users to re-authenticate the first time they visit this version.

  • Upgraded the licensing system to offer better stability in a wider variety of environments.

  • Allow users to run the usermanager command while RStudio Connect is still online if using a PostgreSQL database.

  • Populate the session$groups field in a Shiny application when using built-in password authentication.

  • BUGFIX: Shiny applications now properly rebuild when they encounter an unexpected version of R at runtime.

  • Redesigned the RStudio Connect dashboard Admin Metrics page to load much more quickly and consume fewer resources while open.

  • Redesigned some RStudio Connect dashboard pages including login, registration, password reset, admin settings, user management, and group management pages.

  • BUGFIX: Increase the number of allowed open file handles for Connect and its subprocesses when using systemd.

  • The Authorization.DefaultUserRole setting can no longer be configured as “administrator”.

  • The Applications.RunAs setting can no longer be configured as “root”.

  • Introduce Server.MinRSConnectVersion and Server.MaxRSConnectVersion to enable administrators to control which versions of the rsconnect client should be able to use the server.

  • Added a healthcheck endpoint. See the Admin Guide for more details.

  • Added experimental support for running Highly Available (HA) configurations. Please contact RStudio Support () if you are interested in helping to test this feature.

RStudio Connect 1.5.0

May 23, 2017

  • Introduced tags as a mechanism for organizing and filtering for content. Administrators will be able to define a tag schema by visiting the “Admin” section in the RStudio Connect dashboard then clicking the “Tags” page. More details here.

  • Overhauled the default landing page.

  • Added support for custom landing pages which enable organizations to provide a custom HTML page that will be visible at the root URL to logged out users. See full details here.

  • SECURITY: Fixed an issue where accounts could be created with a role that conflicted with Authorization.DefaultUserRole.

  • SECURITY: Fixed an issue where unprivileged users were permitted to edit other user information.

  • SECURITY: Added protections against Cross-Site Request Forgery (CSRF/XSRF). All users will need to login again on their next visit.

  • BUGFIX: Systems using the systemd init system should no longer see the R processes associated with Shiny applications outlive the Connect process.

  • Authentication.Lifetime now enables customized session durations. The default continues to be 30 days from the time of login.

  • Optionally prevent self-registration when using password authentication. The setting Password.SelfRegistration specifies if self-registration is permitted. Administrators must create all user accounts when this setting is disabled.

  • Renamed the “Performance” tab on Shiny applications to “Runtime.”

  • Allow user and group names to contain periods.

  • Added support for the config package. More details available here.

  • Further improve database performance in high-traffic environments.

  • Formally documented the configuration options that support reloading via HUP. A setting will now mention Reloadable: true in its documentation if it supports reloading.

  • Added experimental support for using PostgreSQL instead of SQLite as Connect’s database. If you’re interested in helping test this feature, please contact RStudio Support ().

RStudio Connect 1.4.6

April 19, 2017

  • BREAKING: Changed the default for Authorization.DefaultUserRole from publisher to viewer. New users will have a viewer account instead of a publisher account until promoted. The user roles documentation explains the differences. To restore the previous behavior, set DefaultUserRole = publisher.

  • On-disk Shiny bookmark state is supported and enabled by default. Use the Applications.ShinyBookmarking setting to disable this feature. Configuring Shiny applications to use server bookmarking is described in this article.

  • BUGFIX: Restored functionality of the Applications.ViewerOnDemandReports and Applications.ViewerCustomizedReports which were both inadvertently broken in the previous release.

  • Begin storing R jobs in the database. This makes server startup and other operations that involve listing R jobs notably faster. This migration will run when you update to 1.4.6 and may take a few minutes to complete if you have a very busy server that has run a lot of R jobs.

  • Package installs are permitted to limit the number of concurrent compilation processes. This is controlled with the Server.CompilationConcurrency setting and passed as the value to the make flag -jNUM. The default is to permit four concurrent processes. Decrease this setting in low memory environments.

  • The /etc/rstudio-connect/rstudio-connect.gcfg file is installed with more restrictive permissions.

  • Log file downloads include a more descriptive file name by default. Previously, we used the naming convention <jobId>.log, which resulted in file names like GBFCaiPE6tegbrEM.log. Now, we use the naming convention rstudio-connect.<appId>.<reportId>.<bundleId>.<jobType>.<jobId>.log, which results in file names like rstudio-connect.34.259.15.packrat_restore.GBFCaiPE6tegbrEM.log.

  • Bundle the RStudio Connect Admin Guide and User Guide in the product. You can access both from the Documentation tab in the RStudio Connect dashboard.

  • Implemented improved, pop-out filtering panel when filtering content, which offers a better experience on small/mobile screens.

  • Improvements to the parameterized report pane when the viewer does not have the authority to render custom versions of the document.

  • Improve database performance in high-traffic environments.

  • KNOWN ISSUE: Systems using the systemd init system may see R processes continue running when RStudio Connect is stopped. This allows Connect to support long-running document rendering. Shiny processes are incorrectly allowed to continue running as well. These leftover Shiny processes are forcibly terminated when Connect restarts.

RStudio Connect 1.4.4.1

March 22, 2017

  • SECURITY: fixed a vulnerability in the token authentication system that allowed for the creation of invalid tokens. See this article for more details.

RStudio Connect 1.4.4

March 13, 2017

  • Introduced a “Source Versions” view for deployed content that allows collaborators on content to list all of the versions of that content that they have published. Collaborators may also activate other versions of the content, delete old versions, or view the activation logs associated with a particular version. See the Admin Guide for more details.

  • Allow automatic removal of older application bundles. The setting Applications.BundleRetentionLimit specifies the minimum number of bundles retained per application. This setting defaults to 0; bundles are not automatically removed. A non-zero value indicates the number of inactive bundles to preserve. The oldest bundles are removed first. Active bundles are always preserved.

  • Limit the concurrency of scheduled reports. This is configured with the Applications.ScheduleConcurrency setting. By default, two scheduled reports are permitted to execute at the same time. Some tasks may be slightly delayed when there are multiple long-running reports already in flight. Increase this limit if your hardware can support more concurrent report execution. Using too high a value could affect the resources available for interactive processes, including Shiny applications.

  • Notify users if they’re taking an action that would cause them to lose unsaved information while customizing a parameterized R Markdown report.

  • The report-emailing dialog is simpler and more informative.

  • Added a “Print” menu option for more easily printing content from within the RStudio Connect dashboard.

  • A viewer-only account (not a publisher) that is a member of a group selected as a collaborator for an application is now properly downgraded to a viewer for that application. Previously, they were denied access to the application.

  • When a collaborator for an application is downgraded to a viewer-only user account, their application access is properly downgraded. Previously, they were denied access to the application.

  • Better cleanup on disk when applications are deleted.

  • Improved the “too many users” LDAP error handling.

  • Documented user permissions in the Admin Guide

RStudio Connect 1.4.2

February 8, 2017

  • Overhaul of the parameterized report interface. You can now manage the parameters in the sidebar and quickly iterate through different versions of your report.

  • Added the notion of “personal” report versions for parameterized reports. You can now create a private version of a parameterized report that is only visible to you. This report can still be scheduled and emailed.

  • Users can now filter content to include only items that they can edit or items they can view.

  • Content is set to private (“Just Me”) by default. Users can change the visibility of their content before publishing as before.

  • Show progress indicator when updating a report.

  • Only count a user against the license when that user logs in.

  • The Applications.RunAsCurrentUser property permits execution of content by a Unix account associated with the currently logged-in user. Requires PAM authentication. See the Admin Guide for more details.

  • Added support for global “System Messages” that can display an HTML message to your users either on the logged out or logged in landing pages. See the Admin Guide for more details.

  • Updated packrat to gain more transparency on package build errors.

  • Updated the list of SSL ciphers to correspond with modern best-practices.

RStudio Connect 1.4.0

December 21, 2016

  • SECURITY: Added missing protection against replay attacks when interacting from the IDE.

  • Redesigned the navigation of the RStudio Connect dashboard to leverage dual-level top navigation bars.

  • Added support for PAM sessions. This allows you to opt-in to having your R processes spawned via PAM. See the Admin Guide for more details.

  • Allow administrators to change the username of any user on the system. See the Admin Guide for more details.

  • Program supervisor support. Administrators may configure a command which is able to alter the environment used to execute R. See the Admin Guide for instructions and sample supervisor configurations.

  • Added access logs in the Apache Combined Log Format for all HTTP requests that hit the server. See the Admin Guide for more details.

  • Expanded the directory permission checks introduced in v1.2.0.

  • Introduced a new router for the RStudio Connect dashboard which should minimize flickers while loading pages.

  • Added support for anonymous LDAP binds. See the AnonymousBind feature in the Admin Guide.

  • Significantly reduced the memory consumption of the RStudio Connect.

  • Bumped the minimum officially supported version of the IDE to 1.0.0.

  • Fixed a bug in the LDAP implementation that could lead to users being created in an “unconfirmed” state which would make it impossible for them to sign in.

  • Include more events in the audit log such as the manipulation of vanity paths.

  • Connect restricts the total number of verified user accounts and concurrent Shiny users according to the product license. See the Admin Guide for details.

RStudio Connect 1.2.1

November 15, 2016

  • Stop masking the contents of /home by default. There are many environments where a shared /home is used and Connect cannot detect these situations. The file-system permissions of /home are responsible for determining if a RunAs user has access to files within the /home hierarchy.

    Revert to prior behavior by enabling Applications.HomeMounting. This specifies that the contents of /home should be hidden from R processes with additional bind mounts. The existing /home will have the home directory of the RunAs user mounted over it. If RunAs does not have a home directory, an empty temporary directory will mask /home instead. Launched R processes can discover this location through the the HOME environment variable.

RStudio Connect 1.2.0

November 8, 2016

  • BREAKING: Default the X-Frame-Options HTTP header to DENY for all Connect resources that are not user content. User content does not have this header set and can still be embedded in external iframes by default. See the Server.FrameOptionsContent and Server.FrameOptionsDashboard settings.

  • Introduce a new page under the “Admin” tab for audit logs. These logs track important changes in the system. To see exactly what is logged, see the Admin Guide

  • Automatically correct ownership and permissions for the R library directory and Packrat cache directory on startup. This helps to ensure that directory permissions are appropriately configured for the current Applications.RunAs user.

  • We now instruct browser clients not to cache content that was cached before the most recent server restart or reload. This ensures that clients do not retain a version of a file that may have been obtained when the server was configured differently.

  • Added a new command-line utility to help manage Connect users. The tool is available at /opt/rstudio-connect/bin/usermanager and currently has two functions: list and alter. It requires root privileges to execute, but will enable system administrators who find themselves unable to access their admin account on Connect to recover administrator privileges.

  • When requesting an update to a report, automatically reload the report when the new version is available.

  • More informative 404 pages and more consistent error pages when viewing content that either doesn’t exist or that you don’t have access to.

  • Configured the X-Frame-Options header to prohibit the embedding of the RStudio Connect dashboard inside an iframe. See the Admin Guide for details.

  • Set the X-Content-Type-Options header to nosniff by default. Learn more here in the Admin Guide

  • Mark session cookies as HTTPOnly.

  • Added a “Permanent” mode for HTTPS that instructs clients to refuse to attempt a connection to this server in the future unless it is HTTPS. See the Admin Guide for details.

  • Support the configuration of custom headers. These can be used to manage CSP or CORS policies, for instance. See the Admin Guide for details.

  • Static content will redirect to the primary file if it is not named index.html. This is different from the previous approach, which served a primary file of any name from the application root URL.

  • Synchronize the client-side Shiny code across Connect, Shiny Server, and Shiny Server Pro.

  • Better instrumentation and environment checks of deploys to help identify configuration issues.

  • Prohibit removing the last administrator.

  • Enforce group membership when specifying an application-specific RunAs.

RStudio Connect 1.0.0

September 22, 2016

  • BREAKING: Removed support for the Server.RPath setting as announced in the previous release. Please use Server.RVersion instead. See the Admin Guide for details.

  • BREAKING: Removed the Server.RVersionMultiple setting as documented in the previous release.

  • Formally added LDAP group support, no longer experimental.

  • Added support for Ubuntu 16.04.

  • Support for private package repositories. Requires version 0.99.1285 or greater of the RStudio IDE. See the Admin Guide for details.

  • Add details to the source of conflicts when unable to add a vanity URL.

  • Allow anonymous user to enumerate and switch between the existing variants of a parameterized report.

  • Improved the consistency of the administrator user experience by ensuring that administrators are able to manage even the content that they aren’t allowed to see. Of course administrators have the option of adding themselves as a viewer to any content, but this is an audited action.

  • Improved styling of various error pages and the Google OAuth2 login page.

  • Added support for application “titles” – user friendly representations of text that gives more flexibility to content names given in the IDE. This requires at least version 1.0.12 of the RStudio IDE.

  • Version information in download links has slightly changed. The new form is rstudio-connect-X.Y.Z-B instead of rstudio-connect-X.Y.Z.B

  • Various improvements to security and the RStudio Connect dashboard interface.

RStudio Connect 0.5.0

August 15, 2016

  • BREAKING: Removed support for the Server.RunAs setting as announced in the previous release. This setting is now managed in Applications.RunAs.

  • BREAKING: Support for multiple R versions has altered how Connect discovers a compatible R version. This may affect installations where multiple R versions are already available. See the Admin Guide for more information as well as instructions for suppressing this auto-discovery.

  • BREAKING: If using LDAP for authentication, UserObjectClass is now a required attribute.

  • Support multiple versions of R. Different content can use different versions of R without conflict; an appropriate version is chosen when content is deployed. Configuring your system to use multiple R installations is described in the Admin Guide. The algorithms which determine how Connect chooses an R version for each content deployment is described in the R Version Matching section.

  • The Server.RPath configuration setting has been deprecated in favor of the Server.RVersion property. Server.RPath will be removed in the next release. See the Admin Guide for details about Server.RVersion.

  • Added a work-around to support private R packages. See the Admin Guide for additional details.

  • Restrict the ability to login to the server using LDAP groups. See the docs for the LDAP.WhitelistedLoginGroup setting in the Admin Guide

  • For parameterized reports, add a drop-down selector at the top of the page that allows you to quickly switch between different variants of the report you’re inspecting.

  • UI enhancements – primarily around content tables, iconography, and Shiny performance settings.

  • Allow anonymous users to access content at the embedded RStudio Connect dashboard link.

  • Introduced the Authentication.Name config setting. This allows administrators to specify a meaningful name for your authentication provider that will be presented on sign-in pages to give your users context.

  • Display counts of different user types on the RStudio Connect dashboard Admin Metrics page.

  • Included version of Pandoc upgraded to version 1.17.2.

  • Bugfix: Parameterized report configuration no longer generates a “Too Many Connections” error on IE10/11.

  • Bugfix: reports now render at the appropriate time on servers which are not on UTC time.

RStudio Connect 0.4.5

July 19, 2016

  • BREAKING: Forbid report viewers from regenerating R Markdown reports and from customizing parameterized R Markdown reports. Report collaborators are still able to generate ad-hoc reports. Two new configuration options in the Applications section can override this behavior: ViewerOnDemandReports and ViewerCustomizedReports.

  • Redesigned the interface to be more unified, displaying settings and the content itself on same page.

  • Don’t set the /<username>/<appname> path for content by default. Instead, reference the content by its numerical ID by default.

  • Support configurable “vanity URLs” on content that enables administrators to set custom paths for content. All existing content which was available under the /<username>/<appname> scheme have that vanity URL pre-configured for backwards compatability.

  • Allow users to configure which Linux account should execute a given application – users can now select to run R as users other than the rstudio-connect user.

  • Offer a “download” button when viewing application logs.

  • Provide a logrotate configuration for /var/log/rstudio-connect.log where logrotate is available.

  • Add a “miscellaneous” section to the CPU graph that tracks all CPU activity outside of system and user usage.

  • Better cache control for web assets.

  • Bump bundled pandoc to 1.17.0.2

  • Move RunAs configuration option from the Server section to the Applications section. Both are currently supported, but Server.RunAs will be removed in the next release.

RStudio Connect 0.4.4

June 2, 2016

  • Redesign the RStudio Connect dashboard UI.

  • Optimize the delivery of the client-side assets used in the RStudio Connect dashboard. Now bundle most assets into a single, minified resource and use proper caching techniques to avoid redundant downloads.

  • Show a table of all running R processes Connect has spawned on the Admin Metrics page complete with CPU and RAM information. Improved robustness of the real-time data feed on that page.

  • Prohibit applications from changing their type.

  • Don’t allow user deletion. Instead, allow “locking” of a user which prohibits the user from logging in or deploying new content.

  • Set the “Reply-To” header on outgoing emails to be the email address of the user sending the report.

  • Kill all running R processes associated with some content when that content is deleted.

  • Bugfix: Better IE compatibility for real-time streaming of metrics and rendering of gauges.

  • Bugfix: Improved behavior when running Connect behind a path-altering proxy.

  • Bugfix: Improved caching logic for the RStudio Connect dashboard. Users of RStudio Connect may need to clear or otherwise reset their browser cache.

RStudio Connect 0.4.3

April 22, 2016

  • Tune the runtime parameters of Shiny applications to control things like maximum processes per app or maximum connections per process. See the Admin Guide’s chapters on Process Management and Configuration.

  • Track historical data about your system including CPU and RAM. Initially, you can view historical data on your CPU and RAM usage in the new Admin Metrics Connect Dashboard page. See the Admin Guide for details.

  • Support deployment of sites including Bookdown. See https://bookdown.org/ for more information.

  • Support TLS and StartTLS on connections to LDAP servers. See the Admin Guide for more details.

  • Usernames which differ only by case are now disqualified. Existing accounts are unaffected. If both johndoe and JohnDoe accounts have been created accidentally, we recommend removing the JohnDoe account and use johndoe going forward. If you use password authentication and attempt to login to one of these johndoe accounts, you will be logged in to the oldest of the two. Other authentication strategies will send the username through as provided and allow the external system to make the decision about case sensitivity.

  • If metrics are enabled, Connect attempts ensure the correct directory ownership and privileges for running rserver-monitor. This includes ensuring that all users have execute permission (0701) on the main Connect data directory. If you have customized the Connect or metrics data directory location, please ensure that the metrics user has permission to cd into the metrics directory.

  • Combined the CentOS/RedHat 6 and 7 builds. There is now a single installer for either platform.

  • Bugfix: correct behavior when running behind a proxy. See the Admin Guide for more details.

RStudio Connect 0.4.2-1218

March 8, 2016

  • PAM authentication. Users can now use Pluggable Authentication Modules by configuring the pam authentication provider. This will allow Connect to leverage local server accounts.

  • Proxied authentication. Allow an external authentication provider to proxy all Connect traffic, appending an HTTP header that has the username of the current user.

  • Don’t copy Shiny output to server log.

  • Use the externally-provided username without prompting when creating an account unless it’s an invalid username.

  • API endpoint to view all running R processes spawned by Connect.

  • Various UI bugfixes and improvements.

RStudio Connect 0.4.2-1093

February 1, 2016

  • Password-based authentication. Connect can host the usernames and passwords in an internal database, complete with password reset and new user registration functions.

  • LDAP and Active Directory authentication. Connect to an external server to authenticate users and to query for users in your organization when sharing content.

  • Publishing of Shiny, R Markdown, and Shiny from the RStudio IDE.

  • Scheduled execution and email delivery of R Markdown. Allows R Markdown reports published with source code to be scheduled for execution on the server. Email recipients can also be configured.

  • Control of parameterized R Markdown reports. Variants can be executed once or scheduled for repeated execution.