What is the main new feature in Allure 2.41.0?

The primary new feature is support for HTTP Exchange attachments, allowing detailed HTTP request/response data in reports.

Were there any security fixes?

Yes, critical XSS vulnerabilities in `reportName` and `reportLanguage` rendering were addressed to enhance report security.

How does this update affect data privacy?

The update includes a fix for the `ALLURE_NO_ANALYTICS` opt-out, ensuring more complete and effective control over analytics data collection.

Allure 2.41.0 Update: New Features & Critical Security Fixes

Explore Allure 2.41.0's latest updates, including HTTP Exchange attachments, crucial security fixes, and improved analytics opt-out. Stay informed.

TL;DR

New: HTTP Exchange attachments for detailed request/response data.
Critical Security Fixes: Addressed XSS vulnerabilities in report rendering.
Improved Analytics Opt-Out: Better control over data collection.

Key Changes

New Features: Allure 2.41.0 introduces significant support for HTTP Exchange attachments. This new capability allows QA engineers to embed comprehensive HTTP request and response data directly within their test reports. This is particularly valuable for API testing, providing immediate context for debugging and detailed analysis of network interactions.
Security Enhancements: A major focus of this release is security. Critical XSS (Cross-Site Scripting) vulnerabilities related to the rendering of user-controlled reportName and reportLanguage fields have been addressed. These fixes are vital for protecting users from malicious script injection, ensuring the integrity and trustworthiness of generated Allure reports, especially when shared across teams or publicly.
Improvements & Bug Fixes: The update resolves an incomplete ALLURE_NO_ANALYTICS opt-out mechanism, providing users with more robust control over data collection and privacy. Additionally, a bug causing duplicate category matches has been fixed; the system now correctly applies the first matching rule, streamlining test categorization. For more on reporting, see our article on Allure Framework Reporting.
Dependency Updates: Several core internal dependencies, including commons-io, jackson-bom, and jsoup, have been updated. These updates contribute to the overall stability, performance, and security posture of the Allure framework.

Impact for QA Teams

QA teams will find debugging API test failures significantly more efficient with the new HTTP Exchange attachments, reducing investigation time. The critical security fixes are paramount for maintaining trust and data integrity in shared test reports, aligning with enterprise security standards. Furthermore, the improved analytics opt-out offers better compliance with data privacy regulations. For enterprise-level management, consider exploring Allure TestOps Enterprise Management.

Full Changelog: Allure 2.41.0

Allure 2.41.0 Update: New Features & Critical Security Fixes

TL;DR #

Key Changes #

Impact for QA Teams #

Frequently Asked Questions

TL;DR

Key Changes

Impact for QA Teams