RStudio Connect: News
RStudio Connect 1.5.4
- Each user can now create and manage personal API keys. These keys allow users to make authenticated requests to the server programmatically. For instance, users could leverage an API key to send requests to an authenticated Plumber API.
- Experimental support for Shiny reconnects. Turn this feature on by configuring
Client.ReconnectTimeout. Reconnects allow clients that get disconnected from their Shiny session to reconnect to an existing Shiny session. This ensures that Shiny users aren’t interrupted if there’s a network hiccup.
- Experimental support for a multi-node, highly available, load-balanced RStudio Connect deployment. This new feature is experimental and does have the following known bugs:
- If you delete an application or variant, all running instances of that application will continue to run until they stop on their own (either the process completes or it’s been idle for a long enough period of time)
- If you change who runs this application on the server while an application is running, the current processes may continue to run as the previous user, while new processes will start with the intended user. Because of this, it is possible to see a mixture of R processes running as different users for the same application. Processes started using the previously configured user may remain running until Connect is restarted.
- Application runtime settings such as max processes, min processes, connection per process, load factor, and idle timeout may not take immediate effect across all nodes. New processes will use the updated settings. Existing processes will eventually see the changes; this is dependent on the amount of traffic targeted to that content. This will be especially noticeable when an application has a non-zero minimum number of processes.
- Authentication sessions used by Connect are more secure. This change requires all users to re-authenticate the first time they visit an upgraded server running this version.
- Session inactivity can optionally invalidate a login session. See the
Authentication.Inactivitysetting for more details.
- Support external R packages. This allows you to install an R package in the global system library and have deployed content use that package rather than trying to rebuild the package itself. This can be used as a workaround for packages that can’t be installed correctly using Packrat, but should be viewed as a last resort, since this practice decreases the reproducibility and isolation of your content. See http://docs.rstudio.com/connect/1.5.4/admin/package-management.html#external-package-installation for more details.
- Display a warning to users when an RStudio Connect server is not using HTTPS. This behavior can be disabled using the
- Upgraded to a new version of our license managing software which should minimize issues with licensing and also report errors more clearly.
- Added experimental support for floating licenses which can be used to support transient servers that might be running in a Docker or virtualized environment. Please contact firstname.lastname@example.org if you’re interested in helping test this feature.
- Connect now kills all of its child processes when the server is stopped or restarted. Document rendering processes will no longer continue running in the background.
- Added caching for LDAP group queries. This will make it much faster for users who inherit access to content by group membership to access content.
- When searching for a user, we now perform a search for the whole query rather than just searching for the individual words in the query. This will improve search performance in environments which use multi-word user properties.
- Make a “best-effort” attempt at supporting HTTP proxies that do not provide the
X-RSC-RequestHTTP header which was previously required. See http://docs.rstudio.com/connect/1.5.4/admin/running-a-proxy.html for more details.
- Delete any incoming
AuthorizationHTTP header before proxying the request to a Shiny application or Plumber API. This avoids leaking sensitive headers to applications.
- Administrators are no longer permitted to upload or deploy bundles unless they are either an owner or collaborator for the content they’re publishing to.
- Automatically display the Swagger UI for Plumber APIs that don’t define their own
- Support caching of PAM passwords to inject into PAM sessions to facilitate environments like Kerberos that require injecting passwords. See http://docs.rstudio.com/connect/1.5.4/admin/authentication.html#authentication-pam for more details.
- Provide ways of injecting
https_proxyinformation into R processes. By default, if these are visible as environment variables to the main Connect process, they’ll also be set for each child R process. See http://docs.rstudio.com/connect/1.5.4/admin/package-management.html#proxy-configuration for additional information.
- RStudio Connect detects when the version of R has changed and communicates the need to restart the server.
- If a user is abruptly logged out while active on the dashboard, they’ll now be forwarded to the login page.
- Prompt users for their existing password when they go to change passwords.
- Improved the presentation of graphs on the Admin’s Metrics page.
- Formalize that versions of R version 3.1.0 and above are supported.
- Upgrade Pandoc to version 184.108.40.206
RStudio Connect 1.5.2
- BREAKING: Any private variants configured to send email to users other than the owner of the variant will no longer receive those emails.
- BREAKING: The LDAP, PAM, and Proxy authentication providers now require by default that a valid username is received from the provider. If a valid username is not received from the provider, an error will be thrown. If you wish to revert to the less restrictive behavior where the user is prompted for a valid username, please use the
RequireExternalUsernames = falseconfiguration setting for your auth provider.
- PostgreSQL support (previously in Beta).
- Beta support for hosting Plumber APIs. Hosting of Plumber APIs is available on Standard and Enterprise licenses. See http://docs.rstudio.com/connect/1.5.2/admin/process-management.html#shiny-applications-plumber-apis-1 for more information. If you believe there has been a mistake for your license, please contact email@example.com.
- Relaxed the username requirements for the LDAP, PAM, and Proxy authentication providers. These providers now accept any username, excepting a list of blacklisted usernames. See http://docs.rstudio.com/connect/1.5.2/admin/user-management.html for more information on blacklisted usernames.
- Added basic content search.
- SECURITY: LDAP authentication forbids empty passwords.
- Made authentication cookies used by Connect more secure which will require all users to re-authenticate the first time they visit this version.
- Upgraded the licensing system to offer better stability in a wider variety of environments.
- Allow users to run the
usermanagercommand while the Connect server is still online if using a PostgreSQL database.
- Populate the
session$groupsfield in a Shiny application when using built-in password authentication.
- BUGFIX: Shiny applications now properly rebuild when they encounter an unexpected version of R at runtime.
- Redesigned admin metrics to load much more quickly and consume fewer resources while open.
- Redesigned some pages including login, registration, password reset, admin settings, user management, and group management pages.
- BUGFIX: Increase the number of allowed open file handles for Connect and its subprocesses when using
Authorization.DefaultUserRolesetting can no longer be configured as “administrator”.
Applications.RunAssetting can no longer be configured as “root”.
Server.MaxRsconnectVersionto enable administrators to control which versions of the
rsconnectclient should be able to use the server.
- Added a healthcheck endpoint. More details at http://docs.rstudio.com/connect/1.5.2/admin/server-management.html#health-check
- Added experimental support for running Highly Available (HA) configurations. Please contact firstname.lastname@example.org if you are interested in helping to test this feature.
RStudio Connect 1.5.0
- Introduced tags as a mechanism for organizing and filtering for content. Administrators will be able to define a tag schema by visiting the “Admin” section then clicking the “Tags” page. More details here.
- Overhauled the default landing page.
- Added support for custom landing pages which enable organizations to provide a custom HTML page that will be visible at the root URL to logged out users. See full details here.
- SECURITY: Fixed an issue where accounts could be created with a role that conflicted with
- SECURITY: Fixed an issue where unprivileged users were permitted to edit other user information.
- SECURITY: Added protections against Cross-Site Request Forgery (CSRF/XSRF). All users will need to login again on their next visit.
- BUGFIX: Systems using the
systemdinit system should no longer see the R processes associated with Shiny applications outlive the Connect process.
- Authentication.Lifetime now enables customized session durations. The default continues to be 30 days from the time of login.
- Optionally prevent self-registration when using password authentication. The setting
Password.SelfRegistrationspecifies if self-registration is permitted. Administrators must create all user accounts when this setting is disabled.
- Renamed the “Performance” tab on Shiny applications to “Runtime.”
- Allow user and group names to contain periods.
- Added support for the config package. More details available here.
- Further improve database performance in high-traffic environments.
- Formally documented the configuration options that support reloading via
HUP. A setting will now mention
Reloadable: truein its documentation if it supports reloading.
- Added experimental support for using PostgreSQL instead of SQLite as Connect’s database. If you’re interested in helping test this feature, please contact email@example.com.
RStudio Connect 1.4.6
- BREAKING: Changed the default for
viewer. New users will have a
vieweraccount instead of a
publisheraccount until promoted. The user roles documentation explains the differences. To restore the previous behavior, set
DefaultUserRole = publisher.
- On-disk Shiny bookmark state is supported and enabled by default. Use the
Applications.ShinyBookmarkingsetting to disable this feature. Configuring Shiny applications to use server bookmarking is described in this article.
- BUGFIX: Restored functionality of the
Applications.ViewerCustomizedReportswhich were both inadvertently broken in the previous release.
- Begin storing R jobs in the database. This makes server startup and other operations that involve listing R jobs notably faster. This migration will run when you update to 1.4.6 and may take a few minutes to complete if you have a very busy server that has run a lot of R jobs.
- Package installs are permitted to limit the number of concurrent compilation processes. This is controlled with the
Server.CompilationConcurrencysetting and passed as the value to the
-jNUM. The default is to permit four concurrent processes. Decrease this setting in low memory environments.
/etc/rstudio-connect/rstudio-connect.gcfgfile is installed with more restrictive permissions.
- Log file downloads include a more descriptive file name by default. Previously, we used the naming convention
<jobId>.log, which resulted in file names like
GBFCaiPE6tegbrEM.log. Now, we use the naming convention
rstudio-connect.<appId>.<reportId>.<bundleId>.<jobType>.<jobId>.log, which results in file names like
- Bundle the admin guide and user guide in the product. You can access both from the
- Implemented improved, pop-out filtering panel when filtering content, which offers a better experience on small/mobile screens.
- Improvements to the parameterized report pane when the viewer does not have the authority to render custom versions of the document.
- Improve database performance in high-traffic environments.
- KNOWN ISSUE: Systems using the
systemdinit system may see R processes continue running when RStudio Connect is stopped. This allows Connect to support long-running document rendering. Shiny processes are incorrectly allowed to continue running as well. These leftover Shiny processes are forcibly terminated when Connect restarts.
RStudio Connect 220.127.116.11
- SECURITY: fixed a vulnerability in the token authentication system that allowed for the creation of invalid tokens. See https://rstudioide.zendesk.com/hc/en-us/articles/115004691948 for more details.
RStudio Connect 1.4.4
- Introduced a “Source Versions” view for deployed content that allows collaborators on content to list all of the versions of that content that they have published. Collaborators may also activate other versions of the content, delete old versions, or view the activation logs associated with a particular version. More details here: http://docs.rstudio.com/connect/1.4.4/admin/content-management.html#bundle-management
- Allow automatic removal of older application bundles. The setting
Applications.BundleRetentionLimitspecifies the minimum number of bundles retained per application. This setting defaults to
0; bundles are not automatically removed. A non-zero value indicates the number of inactive bundles to preserve. The oldest bundles are removed first. Active bundles are always preserved.
- Limit the concurrency of scheduled reports. This is configured with the
Applications.ScheduleConcurrencysetting. By default, two scheduled reports are permitted to execute at the same time. Some tasks may be slightly delayed when there are multiple long-running reports already in flight. Increase this limit if your hardware can support more concurrent report execution. Using too high a value could affect the resources available for interactive processes, including Shiny applications.
- Notify users if they’re taking an action that would cause them to lose unsaved information while customizing a parameterized R Markdown report.
- The report-emailing dialog is simpler and more informative.
- Added a “Print” menu option for more easily printing content from within the dashboard.
- A viewer-only account (not a publisher) that is a member of a group selected as a collaborator for an application is now properly downgraded to a viewer for that application. Previously, they were denied access to the application.
- When a collaborator for an application is downgraded to a viewer-only user account, their application access is properly downgraded. Previously, they were denied access to the application.
- Better cleanup on disk when applications are deleted.
- Improved the “too many users” LDAP error handling.
- Documented user permissions in admin guide: http://docs.rstudio.com/connect/1.4.4/admin/user-management.html#user-permissions
RStudio Connect 1.4.2
- Overhaul of the parameterized report interface. You can now manage the parameters in the sidebar and quickly iterate through different versions of your report.
- Added the notion of “personal” report versions for parameterized reports. You can now create a private version of a parameterized report that is only visible to you. This report can still be scheduled and emailed.
- Users can now filter content to include only items that they can edit or items they can view.
- Content is set to private (“Just Me”) by default. Users can change the visibility of their content before publishing as before.
- Show progress indicator when updating a report.
- Only count a user against the license when that user logs in.
- The Applications.RunAsCurrentUser property permits execution of content by a Unix account associated with the currently logged-in user. Requires PAM authentication. http://docs.rstudio.com/connect/1.4.2/admin/process-management.html#process-management-runas-current
- Added support for global “System Messages” that can display an HTML message to your users either on the logged out or logged in landing pages. http://docs.rstudio.com/connect/1.4.2/admin/server-management.html#system-messages
- Updated packrat to gain more transparency on package build errors.
- Updated the list of SSL ciphers to correspond with modern best-practices.
RStudio Connect 1.4.0
- SECURITY: Added missing protection against replay attacks when interacting from the IDE.
- Redesigned the navigation of the dashboard to leverage dual-level top navigation bars.
- Added support for PAM sessions. This allows you to opt-in to having your R processes spawned via PAM. More details here: http://docs.rstudio.com/connect/1.4.0/admin/process-management.html#process-management-pam-sessions
- Allow administrators to change the username of any user on the system. http://docs.rstudio.com/connect/1.4.0/admin/authorization.html#user-renaming
- Program supervisor support. Administrators may configure a command which is able to alter the environment used to execute R. See http://docs.rstudio.com/connect/1.4.0/admin/process-management.html#program-supervisors for instructions and sample supervisor configurations.
- Added access logs in the Apache Combined Log Format for all HTTP requests that hit the server. More details at http://docs.rstudio.com/connect/1.4.0/admin/files-directories.html#access-logs
- Expanded the directory permission checks introduced in v1.2.0.
- Introduced a new router for the dashboard which should minimize flickers while loading pages.
- Added support for anonymous LDAP binds. See the
AnonymousBindfeature here: http://docs.rstudio.com/connect/1.4.0/admin/authentication.html#ldap-or-ad-configuration-settings
- Significantly reduced the memory consumption of the Connect server.
- Bumped the minimum officially supported version of the IDE to 1.0.0.
- Fixed a bug in the LDAP implementation that could lead to users being created in an “unconfirmed” state which would make it impossible for them to sign in.
- Include more events in the audit log such as the manipulation of vanity paths.
- Connect restricts the total number of verified user accounts and concurrent Shiny users according to the product license. See http://docs.rstudio.com/connect/1.4.0/admin/licensing-activation.html for details.
RStudio Connect 1.2.1
Stop masking the contents of
/homeby default. There are many environments where a shared
/homeis used and Connect cannot detect these situations. The file-system permissions of
/homeare responsible for determining if a
RunAsuser has access to files within the
Revert to prior behavior by enabling
Applications.HomeMounting. This specifies that the contents of
/homeshould be hidden from R processes with additional bind mounts. The existing
/homewill have the home directory of the
RunAsuser mounted over it. If
RunAsdoes not have a home directory, an empty temporary directory will mask
/homeinstead. Launched R processes can discover this location through the the
RStudio Connect 1.2.0
- BREAKING: Default the
X-Frame-OptionsHTTP header to
DENYfor all Connect resources that are not user content. User content does not have this header set and can still be embedded in external iframes by default. See the
- Introduce a new page under the “Admin” tab for audit logs. These logs track important changes in the system. To see exactly what is logged, see http://docs.rstudio.com/connect/admin/security-auditing.html#audit-logs
- Automatically correct ownership and permissions for the R library directory and Packrat cache directory on startup. This helps to ensure that directory permissions are appropriately configured for the current
- We now instruct browser clients not to cache content that was cached before the most recent server restart or reload. This ensures that clients do not retain a version of a file that may have been obtained when the server was configured differently.
- Added a new command-line utility to help manage Connect users. The tool is available at
/opt/rstudio-connect/bin/usermanagerand currently has two functions:
alter. It requires root privileges to execute, but will enable system administrators who find themselves unable to access their admin account on Connect to recover admin privileges.
- When requesting an update to a report, automatically reload the report when the new version is available.
- More informative 404 pages and more consistent error pages when viewing content that either doesn’t exist or that you don’t have access to.
- Configured the
X-Frame-Optionsheader to prohibit the embedding of the RSC dashboard inside an iframe. See http://docs.rstudio.com/connect/admin/security-auditing.html#content-embedding
- Set the
nosniffby default. Learn more here: http://docs.rstudio.com/connect/admin/security-auditing.html#content-sniffing
- Mark session cookies as
- Added a “Permament” mode for HTTPS that instructs clients to refuse to attempt a connection to this server in the future unless it is HTTPS. http://docs.rstudio.com/connect/admin/security-auditing.html#guaranteeing-https
- Support the configuration of custom headers. These can be used to manage CSP or CORS policies, for instance. http://docs.rstudio.com/connect/admin/security-auditing.html#custom-headers
- Static content will redirect to the primary file if it is not named
index.html. This is different from the previous approach, which served a primary file of any name from the application root URL.
- Synchronize the client-side Shiny code across Connect, Shiny Server, and Shiny Server Pro.
- Better instrumentation and environment checks of deploys to help identify configuration issues.
- Prohibit removing the last administrator.
- Enforce group membership when specifying an application-specific
RStudio Connect 1.0.0
- BREAKING: Removed support for the
Server.RPathsetting as announced in the previous release. Please use
Server.RVersioninstead. See http://docs.rstudio.com/connect/admin/r.html#r-versions for details.
- BREAKING: Removed the
Server.RVersionMultiplesetting as documented in the previous release.
- Formally added LDAP group support, no longer experimental.
- Added support for Ubuntu 16.04.
- Support for private package repositories. Requires version 0.99.1285 or greater of the RStudio IDE. See http://docs.rstudio.com/connect/admin/package-management.html#private-repositories
- Add details to the source of conflicts when unable to add a vanity URL.
- Allow anonymous user to enumerate and switch between the existing variants of a parameterized report.
- Improved the consistency of the admin user experience by ensuring that admins are able to manage even the content that they aren’t allowed to see. Of course administrators have the option of adding themselves as a viewer to any content, but this is an audited action.
- Improved styling of various error pages and the Google OAuth login page.
- Added support for application “titles” – user friendly representations of text that gives more flexibility to content names given in the IDE. This requires at least version 1.0.12 of the RStudio IDE.
- Version information in download links has slightly changed. The new form is rstudio-connect-X.Y.Z-B instead of rstudio-connect-X.Y.Z.B
- Various improvements to security and the dashboard interface.
RStudio Connect 0.5.0
- BREAKING: Removed support for the
Server.RunAssetting as announced in the previous release. This setting is now managed in
- BREAKING: Support for multiple R versions has altered how Connect discovers a compatible R version. This may affect installations where multiple R versions are already available. See http://docs.rstudio.com/connect/admin/r.html#scanning for more information as well as instructions for suppressing this auto-discovery.
- BREAKING: If using LDAP for authentication,
UserObjectClassis now a required attribute.
- Support multiple versions of R. Different content can use different versions of R without conflict; an appropriate version is chosen when content is deployed. Configuring your system to use multiple R installations is described here: http://docs.rstudio.com/connect/admin/r.html#multiple-r-versions. The algorithms which determine how Connect chooses an R version for each content deployment is described here: http://docs.rstudio.com/connect/admin/r.html#r-version-matching.
Server.RPathconfiguration setting has been deprecated in favor of the
Server.RPathwill be removed in the next release. See http://docs.rstudio.com/connect/admin/r.html#r-versions for details about
- Added a work-around to support private R packages. See http://docs.rstudio.com/connect/admin/process-management.html#private-packages for additional details.
- Restrict the ability to login to the server using LDAP groups. See the docs for the
LDAP.WhitelistedLoginGroupsetting here: http://docs.rstudio.com/connect/admin/appendix-configuration.html#appendix-configuration-ldap
- For parameterized reports, add a drop-down selector at the top of the page that allows you to quickly switch between different variants of the report you’re inspecting.
- UI enhancements – primarily around content tables, iconography, and Shiny performance settings.
- Allow anonymous users to access content at the embedded dashboard link.
- Introduced the
Authentication.Nameconfig setting. This allows admins to specify a meaningful name for your authentication provider that will be presented on sign-in pages to give your users context.
- Display counts of different user types on metrics page
- Included version of Pandoc upgraded to version 1.17.2.
- Bugfix: Parameterized report configuration no longer generates a “Too Many Connections” error on IE10/11.
- Bugfix: reports now render at the appropriate time on servers which are not on UTC time.
RStudio Connect 0.4.5
- BREAKING: Forbid report viewers from regenerating R Markdown reports and from customizing parameterized R Markdown reports. Report collaborators are still able to generate ad-hoc reports. Two new configuration options in the
Applicationssection can override this behavior:
- Redesigned the interface to be more unified, displaying settings and the content itself on same page.
- Don’t set the
/<username>/<appname>path for content by default. Instead, reference the content by its numerical ID by default.
- Support configurable “vanity URLs” on content that enables admins to set custom paths for content. All existing content which was available under the
/<username>/<appname>scheme have that vanity URL pre-configured for backwards compatability.
- Allow users to configure which Linux account should execute a given application – users can now select to run R as users other than the
- Offer a “download” button when viewing application logs.
- Provide a logrotate configuration for
/var/log/rstudio-connect.logwhere logrotate is available.
- Add a “miscellaneous” section to the CPU graph that tracks all CPU activity outside of
- Better cache control for web assets.
- Bump bundled pandoc to 18.104.22.168
RunAsconfiguration option from the
Serversection to the
Applicationssection. Both are currently supported, but Server.RunAs will be removed in the next release.
RStudio Connect 0.4.4
- Redesign the dashboard UI.
- Optimize the delivery of the client-side assets used in the dashboard. Now bundle most assets into a single, minified resource and use proper caching techniques to avoid redundant downloads.
- Show a table of all running R processes Connect has spawned on the Admin > Metrics page complete with CPU and RAM information. Improved robustness of the real-time data feed on that page.
- Prohibit applications from changing their type.
- Don’t allow user deletion. Instead, allow “locking” of a user which prohibits the user from logging in or deploying new content.
- Set the “Reply-To” header on outgoing emails to be the email address of the user sending the report.
- Kill all running R processes associated with some content when that content is deleted.
- Bugfix: Better IE compatability for real-time streaming of metrics and rendering of gauges.
- Bugfix: Improved behavior when running Connect behind a path-altering proxy.
- Bugfix: Improved caching logic for the dashboard. Users of RStudio Connect may need to clear or otherwise reset their browser cache.
RStudio Connect 0.4.3
- Tune the runtime parameters of Shiny applications to control things like maximum processes per app or maximum connections per process. See http://docs.rstudio.com/connect/admin/process-management.html#shiny-applications and http://docs.rstudio.com/connect/admin/appendix-configuration.html#appendix-configuration-scheduler
- Track historical data about your system including CPU and RAM. Initially, you can view historical data on your CPU and RAM usage in the new metrics page. See http://docs.rstudio.com/connect/admin/metrics.html
- Support deployment of
sites including Bookdown. See https://bookdown.org for more information.
- Support TLS and StartTLS on connections to LDAP servers. See http://docs.rstudio.com/connect/admin/appendix-configuration.html#appendix-configuration-ldap
- Usernames which differ only by case are now disqualified. Existing accounts are unaffected. If both
JohnDoeaccounts have been created accidentally, we recommend removing the
JohnDoeaccount and use
johndoegoing forward. If you use password auth and attempt to login to one of these
johndoeaccounts, you will be logged in to the oldest of the two. Other authentication strategies will send the username through as provided and allow the external system to make the decision about case sensitivity.
- If Metrics are enabled, Connect attempts ensure the correct directory ownership and privileges for running
rserver-monitor. This includes ensuring that all users have execute permission (0701) on the main Connect data directory. If you have customized the Connect or metrics data directory location, please ensure that the metrics user has permission to
cdinto the metrics directory.
- Combined the CentOS/RedHat 6 and 7 builds. There is now a single installer for either platform.
- Bugfix: correct behavior when running behind a proxy. See http://docs.rstudio.com/connect/admin/running-a-proxy.html for more details.
RStudio Connect 0.4.2-1218
- PAM authentication. Users can now use Pluggable Authentication Modules by configuring the
pamauth provider. This will allow Connect to leverage local server accounts.
- Proxied authentication. Allow an external authentication provider to proxy all Connect traffic, appending an HTTP header that has the username of the current user.
- Don’t copy Shiny output to server log.
- Use the externally-provided username without prompting when creating an account unless it’s an invalid username.
- API endpoint to view all running R processes spawned by Connect.
- Various UI bugfixes and improvements.
RStudio Connect 0.4.2-1093
- Password-based authentication. Connect can host the usernames and passwords in an internal database, complete with password reset and new user registration functions.
- LDAP and Active Directory authentication. Connect to an external server to authenticate users and to query for users in your organization when sharing content.
- Publishing of Shiny, R Markdown, and Shiny from the RStudio IDE.
- Scheduled execution and email delivery of R Markdown. Allows R Markdown reports published with source code to be scheduled for execution on the server. Email recipients can also be configured.
- Control of parameterized R Markdown reports. Variants can be executed once or scheduled for repeated execution.