PSAppDeployToolkit 3.8.2

Version 3.8.2 [08/05/2020]

Releases

Security Notice

  • Fixed security issue that could allow elevation of privilege related to the toolkit temp file path [Reserved CVE-2020-10962]
    • The script temp file path was set to a location that was writeable by a standard user. This is set in the configuration XML.
    • This security risk only affects deployments that use the Show-InstallationWelcome function with the parameter -BlockExecution or the internal function Block-AppExecution AND are running with elevated permissions AND can be exploited only while the script is running.
    • To further minimize the risk of an attacker using this to gain additional permissions, it has been moved to a write-protected location.
    • Note: This change will break deployment scripts that run with Standard User rights. While this has been technically possible to do, we are not aware of anyone doing this. As such, we feel this is the safest course of action for the overall PSADT userbase.
    • Additionally, a standalone PowerShell script was created, to identify and remediate the issue on existing PSAppDeployToolkit deployment packages. It can be found here:

Breaking Changes

  • Changed behavior of parameters in Execute-Process. This is a breaking change which may require changes to deployment scripts:
    • Changes to behavior are being made to reduce confusion around the wording of parameters when a custom workflow is required.
    • No changes required if your deployment script does not have custom handling of exceptions / exit codes.
    • ContinueOnError was scoped to ignore non-zero exit codes. It now operates at the function level and will allow continuing if an unknown exception occurs.
    • If Passthru was specified, all non-zero exit codes and exceptions were ignored. Now, both event types cause a Script Failure.
      • To ignore specific exit codes, use the new IgnoreExitCodes parameter, using * to ignore all.
      • To stop the script if the process fails, use the ExitOnProcessFailure parameter.
    • Execute-Process would fail if an exception occurred, even when ContinueOnError was specified. It now ignores exceptions as expected.
    • ContinueOnError now ignores exceptions as expected. To ignore specific exit codes, use the IgnoreExitCodes parameter.

Other

  • Added new parameters to the Execute-MSI function:
    • NoWait. Allows immediately returning to the script once the process has been started, without waiting for it to complete (Default: False).
    • IgnoreExitCodes. Allows ignoring specific or all exit codes returned by the process (Default: None).
    • PriorityClass. Allows changing the process priority immediately after process starts (Default: Normal).
    • ExitOnProcessFailure. Allows setting the script to immediately stop if the process fails and returns the exit code to the caller (e.g. SCCM) (Default: True).
    • RepairFromSource. Allows rewriting local msi cache and repair installation from source
  • Added new parameters to the Execute-Process function:
    • IgnoreExitCodes. now supports ignoring all exit codes returned by the process (Default: None).
    • PriorityClass. Allows changing the process priority immediately after process starts (Default: Normal).
    • ExitOnProcessFailure. Allows setting the script to immediately stop if the process fails and returns the exit code to the caller (e.g. SCCM) (Default: True).
  • Added async reading of standard error stream to Execute-Process
  • Added restoring of PowerShell window title on script exit
  • Changed function Remove-InvalidFileNameChars to only retrieve Invalid Filename Characters once per script execution, instead of once per each function call
  • Improved handling of application install title / name variables
  • Fixed issue where exceptions were bypassed in Execute-Process with PassThru parameter specified.
  • Fixed issue where multiple processes were displayed in the Show-InstallationWelcome dialog when the same process has multiple descriptions.
  • Fixed a number of typos in the documentation.
  • Reverted part of the function Get-InstalledApplication that was causing slowdowns
  • Removed unused variable $processStarted.
  • Added parameter -WorkingDirectory for Execute-ProcessAsUser
  • Fixes for Slovak and Czech translations
1 Like

RE: Fixed a number of typos in the documentation.

The documentation bundled with the 3.8.2 zip file still indicates 3.8.1. Was this text just not updated or is this the previous version’s document?

Thanks,
ChrisF

Yes we forgot to update the documentation in the latest version. We will fix it in v3.8.3.

1 Like