We are using 3.16.2 Octopus Deploy server and tentacles running in Azure VMs. Recently we found the latest Calamari has got fix for a security issue. However, it doesn’t seem the Octopus server is picking up the latest Calamari at all. Deploying project doesn’t update the calamari on tentacles, health check also found the tentacles’ calamari is up-to-date. Is there any way to trigger the update without upgrading our current Octopus server?
There is a way to set a custom Calamari package (see the Calamari GitHub repo). However this will not help in your case. Calamari sends the variable back with a “Secure” flag that the Server then sees and marks that variable as sensitive internally. Without this change on the Server, this new feature would not work, so you will need to upgrade the server.
Also this is not a “security issue” in our product, rather a new feature, as output variables were never classed as sensitive.
Thanks for the explanation. Looks like we will have to upgrade our server then.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.