Open OnDemand 4.1 Release

Open OnDemand version 4.1 is now available as version 4.1.1. Thank you to all of the community members who contributed code, suggestions, bug reports, documentation, and other assistance across the project, including the 44 first-time contributors across several core Open OnDemand GitHub repositories.

We’d like to recognize the following contributors for their significant contributions to the 4.1 release:

• Alan Sussman and Harshit Soora (University of Maryland)
• Robert Henschel, Mattias Reuterskiöld, William Sjöblom, and Jean Zagonel (Cendio AB)
• Jonathan Goodson (NIH)
• Leonard Wisniewski, Phil Durbin, Aday Bujeda, William Horka, Michael Reekie, and the Harvard University IQSS and Dataverse teams

Please see the Acknowledgements section of the release notes for more details on their contributions.

Release Overview

This release brings significant enhancements, new features, deprecations, and dependency updates. Version 4.1 also introduces an Accessibility Conformance Report (ACR) and a Software Bill of Materials (SBOM). Links are provided at the end of this announcement.

Changes That May Impact Your Site / Breaking Changes

• NodeJS has been upgraded from version 20 to version 22. Centers with Passenger apps that rely on NodeJS need to either recompile to version 22 or provide an override for the node binary.
• Support has been added for RHEL, Rocky Linux, and AlmaLinux 10.
• Support for Ubuntu 20.04 has been removed.

Deprecations

The Job Composer is being deprecated and replaced by the Project Manager, which is now enabled by default. The Job Composer will remain available through Open OnDemand version 5.0 but will receive no new features and only critical maintenance updates.

Dependency Updates

• Passenger 6.1.0
• NGINX 1.26.3
• ondemand-dex 2.44.0
• NodeJS 22

Several Highlights of version 4.1.1

• Project Manager enhancements. The Project Manager is now available by default and includes expanded workflow and collaborative project capabilities.
• New Module Browser. Users can search and view available modules and module versions across clusters.
• Notifications for Interactive Apps. Users can now receive a browser notification when an interactive session starts.
• HTML file viewing. Centers can enable the file browser to directly render HTML files.
• ServiceNow integration for support tickets. Support requests can now be sent to ServiceNow.
• Interactive App caching. Interactive Applications are now cached, shortening the load time for pages like ‘My Interactive Sessions’.
• Support for TLS/SSL origins. Open OnDemand now supports the ability to proxy to interactive applications over HTTPS.

Additional Resources

• The Accessibility Conformance Report (ACR) is available for download at openondemand.org/accessibility.
• The Software Bill of Materials (SBOM) is available under the Requirements section in the documentation.

For a detailed list of changes, please see the 4.1 release notes or the changelog.

Finally, we recommend testing the upgrade in a development or test environment before deploying to production. Step-by-step upgrade instructions for version 4.1.1 are available in the release notes.

Open OnDemand 4.1.3 is now available. Thank you to all community members who contributed code, suggestions, bug reports, and other assistance across the project.

Release Overview

This release includes several bug fixes and usability improvements. For a full list of changes, please see the changelog. To compare versions 4.1.1 and 4.1.3, please see this comparison link.

Security:

• Resolves CVE-2026-26002. This version resolves a security issue related to malicious input when navigating to directories.

• Updates NodeJS and Ruby dependencies with CVEs. This version updates rubygems rack, faraday and nokogiri which had some CVEs associated with them. It also updates the NodeJS package qs which had a CVE associated with it.

Fixed:

• Fixed an issue deleting jobs from the ActiveJobs page. Users can now successfully delete jobs from the ActiveJobs page.

Open OnDemand 4.1.4 is also available. We are releasing two patch updates today for the 4.1 series.

Special note: This is an expedited patch release to address a compatibility issue between the Open OnDemand Shell app and Firefox 148. The issue impacts shell access for sites using that browser version.

To ensure the community has a timely fix, we shortened our normal testing window on OSC systems. This release has undergone manual testing and validation, but it has not yet been promoted to full production at OSC.

This patch also fixes a bug that disabled navigational directory links in the file browser for users with downloads_enabled: false. The fix restores the ability to view directory contents and navigate the file system while still preventing file viewing or downloads.

For a full list of changes, please see the changelog. To compare versions 4.1.3 and 4.1.4, please see this comparison link.