CloudBees CD v10.0.2 is a maintenance release (MR) applied to the v10.0.0 long-term release. As such, consult the following in combination with these notes for everything that this release provides.

Security fixes

This release includes the following security updates
  • The Apache web server used in CloudBees CD is upgraded from v2.4.43 to v2.4.46. [NMB-29570]

  • PHP is upgraded from v7.4.6 to v7.4.12. For details, see [NMB-29570]

  • OpenSSL is upgraded from 1.1.1g to 1.1.1h. [NMB-29570]

  • Fixed a potential CSRF vulnerability. [NMB-29648, NMB-28538]

  • Fixed a potential Reflective XSS vulnerability. [NMB-29456]

  • Disabled cross-origin resource sharing (CORS). [NMB-29455]

New features

Kubernetes health probes

The following liveness and readiness health probes are now configurable for Kubernetes installations. [CEV-26028]

healthProbesLivenessTimeout: 10 healthProbeLivenessPeriodSeconds: 60 healthProbeLivenessFailureThreshold: 10 healthProbeLivenessInitialDelay: 90 healthProbesReadinessTimeout: 10 healthProbeReadinessPeriodSeconds: 10 healthProbeReadinessFailureThreshold: 10 healthProbeReadinessInitialDelay: 60
Groovy API enhancements

Added support for Groovy read operations like getGroups(), getUsers(), getJobs(), and so on, to work without arguments. [NMB-29679]

Expanded --filters parameter support with ectool

The getPipelineRuntimes API now supports the --filters parameter when invoked with ectool. [CEV-26254]

New platform support


Database support

No changes.

Browser support

No changes.

Resolved issues


Fixed issue where server would fail at startup with the message java.sql.SQLException: The server time zone value 'PDT' is unrecognized or represents more than one time zone. if mysql-connector-java-8.0.11 is used.


Installing the MySQL JDBC connector has been updated with current JDBC connector information.


Swagger now generates the correct endpoint for abortAllPipelineRuns.


A cap is placed in the number of message triggers in order to reduce backlog and to enable normal job progress.


The runProcedure --pollInterval command now polls beyond 60 seconds when --timeout is greater than 60 seconds.


Default email configuration name can now be set to something other than default.


Skipping stages in pipelines when restricted to groups in AD distinguished name format now is saved successfully if there is a comma in the distinguished name.

CEV-25526, CEV-25735

Preconditions now work with FlowRuntime properties.


The URL link of Service Catalog item no longer requires a space after it if pointing to SVG file.


The pipeline property picker now takes into account the group name in the property path.


Resolved unable to locate persister exception.


Sort order of parameters in Service Catalog drop down menu has been reverted to the sort order of the definition in the DSL code.

Plugin enhancements

Plugin catalog

The CloudBees CD plugin catalog is now available on the main product doc site.

Plugin developer guide availability

The Plugin Developer Guide is now available on the main product doc site.

Plugin support changes

The following plugins are being moved to community support going forward as of CloudBees CD preview release 2020.10.0. Log change requests or issues on their respective GitHub projects. Customers are encouraged to explore changing these plugins directly as required.


































Plugin updates

EC-Artifactory v1.4.7

  • Fixed broken compressed files (.zip, 7z) on Windows. [FLOWPLUGIN-8442]

  • Maven artifacts now use maven-metadata.xml to get the latest version to avoid license restrictions. [FLOWPLUGIN-8130]

EC-BigIP 3.1.1

  • Added token cleanup (logout) at each plugin step. [FLOWPLUGIN-8614]

EC-Docker v1.6.4

  • The Artifact2Image procedure now supports Artifactory extract boolean and classifier.[FLOWPLUGIN-7818, FLOWPLUGIN-7817]

ECSCM-Git v3.12.3

Fixed an issue with missing property credentialType during upgrade. [FLOWPLUGIN-8673]

EC-Helm 1.1.1

  • Changed configuration handling: If a file is provided for the configuration, the file is used, if the content of configuration file is provided, a temporary file is created to use with the plugin procedures. [FLOWPLUGIN-8643]

  • Fixed an issue with spaces in Helm chart path. [FLOWPLUGIN-8595]

EC-Jenkins 1.18.1

Two revisions of EC-Jenkins plugin have been recently released:


  • New checkbox "Depend On Jenkins Build Result?" has been added to "Run And Wait" procedure. [FLOWPLUGIN-8557]

  • Auth Type parameter has been addded to plugin configuration. From now plugin supports Basic and Bearer Token auth.

  • Debug Level parameter has been added to plugin configuration.

  • Collect Reporting Data procedure has been improved to have better support for Multibranch Pipeline.

  • Data source setup for Jenkins has been improved to have better support for Multibranch Pipeline.


  • Fixed a bug when check connection was returning incorrect result.

EC-JIRA v1.6.8

  • Added support for fixVersion and add/remove tickets from fixVersion. [FLOWPLUGIN-8391]

EC-Sendmail v1.0.5

  • Fixed parameter handling when the plugin is used in a component process step. [FLOWPLUGIN-8626]

EC-SonarQube v1.3.4

  • Fixed issues with plugin reporting /myTask/taskName does not exist. [FLOWPLUGIN-8468]

EC-TeamCity v2.0.2

  • Configurations now appear in the configuration list. [FLOWPLUGIN-8431]

ECSCM v2.3.4

  • Fixed an issue when disabled schedules were re-enabled after plugin upgrade. [FLOWPLUGIN-3414]

Behavior changes


Installation notes

For complete installation and upgrade information:

Before starting an upgrade, make sure to back up your existing CloudBees CD data.
Upgradable versions
  • Upgrades to CloudBees CD 10.x are supported only from ElectricCommander 5.0 or later.

  • Upgrades from version 4.2 or earlier are not supported.

For upgrade instructions, see Upgrade on traditional platforms.

Upgrading traditional deployments
  • When upgrading a traditional deployment from version 10.0.1 or earlier, the DATA_DIRECTORY/broker-data data folder must be deleted prior to the upgrade.

Upgrading an older DevOps Insight version
  • Upgrades from version 9.0.x, or earlier: requires upgrading the DevOps Insight server to 10.0.2.

  • Upgrades from version 9.1, or later: upgrading is not required.

Updating elements containing applicationServiceMapping

If your XML export file from CloudBees CD 8.0.1 or earlier versions has elements containing applicationServiceMapping, you must change all instances of that string in the file to serviceClusterMapping before importing the file into version 10.0.1. For example, change the following XML:



Backing up and restoring custom settings

The DevOps Insight installer overwrites the elasticsearch.yml configuration file with a new file. As of DevOps Insight version 8.3, the file includes a Custom Settings section, which lets you add Elasticsearch settings not managed by the DevOps Insight server without being lost during an upgrade. [NMB-25850]

  • Upgrading from version 8.2, or earlier: if you added settings to this file that you want to preserve, you must back up the file to a separate location before upgrading to version 10.0, or newer, and then add the settings to the Custom Settings section after the upgrade.

  • Upgrading from version 8.3, or later: No action required. The installer preserves the settings in the Custom Settings section.

Updating the MySQL configuration before upgrading

Since release 8.0.1, CloudBees has instructed customers using a MySQL database to use the following two lines in their MySQL configuration:

init_connect='SET collation_connection = utf8_unicode_ci, NAMES utf8'

If upgrading from version 8.5, or later, you must remove these lines or comment them out. Otherwise, jobs will not start.

Installing the MySQL connection jar

CloudBees CD does not include the MySQL JDBC connector. If you plan to perform a CloudBees CD server installation that connects to a MySQL database, you must obtain and install the MySQL JDBC Connector/J 8.

Sites upgrading from 10.0.* may continue to use MySQL JDBC Connector/J 5.1 if currently doing so. In which case, no further configuration is required.

See Installing the MySQL JDBC connector for complete details. [NMB-29016]

Ensuring the correct default MySQL collation

Since release 8.0.1, CloudBees has instructed customers using a MySQL database to ensure that the default collation for their database schema is set to utf8_unicode_ci or utf8_general_ci and that no table in their schema overrides this. As of version 9.0, the CloudBees CD server checks this configuration on startup and logs errors in the server log if it is not set correctly.

If the collation is not configured correctly, then entering non-ASCII text into CloudBees CD might cause errors. For example, setting a release name to a non-ASCII value and attempting a search causes an exception.

If your MySQL database schema or any tables in it are set to a non-UTF-8 collation order, see Knowledge Base article KBEC-00385 - Converting a MySQL Database From Latin-1 to UTF-8 for detailed instructions about safely converting your schema to UTF-8. [NMB-26521, NMB_27459]

Upgrading agents that run the ec-groovy job step in multizone deployments

In multizone CloudBees CD deployments, CloudBees CD agents that are in a different zone than the CloudBees CD server must be upgraded to version 9.0 or later for the ec-groovy job step to run successfully on those agents. You must also upgrade the gateway agents that lead back to the server’s zone including those in any zones in between the agent’s zone and the server’s zone. [NMB-27490]

For details about multiple zones and gateway agents, refer to Zones and gateways.

Removing the SSL 2.0 Client Hello or SSLv2Hello protocol from your security configurations

CloudBees recommends removing the SSL 2.0 Client Hello or SSLv2Hello protocol from your security configurations for all components. [NMB-27934, NMB-29326]

  1. Upgrade agents older that fall into this category for security reasons:

    • Windows, Linux: 6.0.3 or older; 6.2 or older

    • Mac OS: 8.4 or older

  2. If this warning appears on the Automation Platform UI:

    Note: We recommend removing `SSL 2.0 Client Hello` format from server configuration and upgrade older agents as indicated on the Cloud/Resources Page to avoid security risk.

    then enter the following command on the CloudBees CD server:

    $ ecconfigure --serverTLSEnabledProtocol=TLSv1.2
Upgrading the DevOps Insight server

This section provides information about upgrading the DevOps Insight server from Version 7.3 to Version 10.0.2.

Re-Specifying configuration settings

The installers (GUI, interactive console, and silent mode) for the DevOps Insight server do not preserve the configuration setting for the DevOps Insight server host name ( --hostName ) or the setting for the Elasticsearch number of shards ( --elasticsearchNumberOfShards ) during the upgrade from 7.3 to 9.2. If you specified non-default values during the 7.3 Reporting server installation, you must re-specify these settings during the upgrade. (All other settings are preserved.)

Configuration notes

Performing a full import

During a full import, the import operation might hang in the following scenarios. To import successfully into CloudBees CD 8.0 and newer versions, perform the appropriate workarounds [CEV-15447, CEV-11873]:

  • A manual process step in a process has formal parameters. The workaround is to remove the entry related to the property sheet for the job step that is associated with the manual process step.

  • In the exported XML file from the earlier release, two pipelines are in different projects, and both pipelines have no gate tasks. The flow associated with the pipeline is duplicated under both projects. The workaround is to remove the flow element under the projects.

Updating application component plugins

Application components are based on plugins (EC-Artifact, EC-Maven and EC-FileSysRepo) with plugin details (such as name, procedure, and parameters) stored in properties on the component. Before version 5.4, the value for the pluginProjectName property included the plugin name and version (for example, EC-Artifact-, which closely tied components to specific versions.

When you export your project data before upgrading from ElectricCommander 5.0, 5.1, 5.2, or 5.3 to CloudBees CD 8.x, or later, you must update the application component plugin versions in the export file to the versions on the target CloudBees CD server before importing the data to CloudBees CD 10.0.

For example, if the promoted EC-Artifact plugin version is, then in the snippet below, you would change EC-Artifact- to EC-Artifact-


Starting with release 5.4, CloudBees CD uses the plugin key, which does not include the version, when defining a component. [CEV-6679]

DevOps Insight server configuration notes

For a production environment, CloudBees recommends that you install the DevOps Insight server on a system other than systems running other CloudBees CD components (such as the CloudBees CD server, web server, repository server, or agent). If you must install it on the same system (such as for testing or other non-production or trial-basis situations) see DevOps Insight server with other components for details.


When an application is cloned from one project (the original project) to another (the destination project), the tier maps for the application will point to the environments with the same names in the destination project. To deploy the application to the environments in the original project, you must create tier maps connecting the application to those environments.

CloudBees CD on Kubernetes configuration notes

The CloudBees CD server and agent Helm charts provide CloudBees default configuration values found here. Of note, the images.tag parameter defines the default Helm chart version of record associated with this release.

Known issues


Some antivirus software might flag parl.exe and delete it, which causes the installation to fail. The workaround is to register this file in the acceptlist of the antivirus.


SyncArtifactVersions procedure completes with success, rather than showing a warning, when manifest is missing and overwrite = false.


When you use the Automation Platform UI to upload and publish artifact files with non-English characters in their file names the operation fails with the following error: Upload file: Exit code 1: ERROR: Publish failure: Unexpected retrieval exception for repository error .


Modifications of LDAP user data (such as email addresses) on an Active Directory server after registration in CloudBees CD do not appear properly in user details (in the Automation Platform UI, the Deploy UI, or ectool ) until the CloudBees CD server is restarted.


(Windows platforms only) If the Elasticsearch cluster which is used by DevOps Insight is in the red state (in Elasticsearch this means that it only partly functions and some data is unavailable) then upgrade reconfigure or uninstall operations will not work. Because the Elasticsearch service can not be stopped when a cluster is in red state kill the Elasticsearch service process by the task manager before running the installer for these actions.


The Microsoft Edge browser does not work with SAML 2.0 and a self-signed certificate during redirection from the identity provider to the service provider. Edge is not recommended for login via SAML 2.0.


Can’t ignore server mismatch and override passkey from Database Configuration page.


The ec-groovy command line utility fails when invoking createArtifactVersion with error This server cannot handle version <x> messages.


The warning, WARNING: An illegal reflective access operation has occurred is logged by Java 11 for the cglib library.


The LANG environment variable must be set to en.US.UTF-8; otherwise, the upgrade fails. See KBEC-00452 - Error installing CloudBees CD 10.0.x when Lang environment variable is different than en.US.UTF-8 for details.


In some circumstances, the StepScheduler becomes deadlocked when processing and scheduling steps.


Error prompts for runtimes started by a schedule are not visible if the schedule was created with a missed configuration.


The stage inclusion status in the Release Dashboard changes color after a stage is renamed.


No error prompt appears for failed tasks and retry tasks during a pipeline runtime.


If an application process step cannot expand to its child steps (because of an invalid run condition or an invalid formal parameter) then the step is not retried even if it uses "retry on error" error handling. The job eventually completes with an error.


The retry count for group tasks or rules using "automated retry on error" is missing from the Pipeline runtime page.


Multiple mapped environments with the same name from different projects are not supported in email notifications.


A project import might not include the path-to-production view.


Jobs might not appear upon drill-down into the "Clusters With Most Deployments" widget in the DevOps Insight Microservices Dashboard if the service does not contain a deploy step in the process.


When you do a full import from version 8.0 to version 8.2 or newer and two or more releases have the same name (under different projects) and are associated to the same pipeline then after import the runs for all releases might become associated to the first imported release. This is because CloudBees CD cannot differentiate runs between the releases since all runs are under the same pipeline project and have the same name. To work around this issue rename releases in the export file so that all their occurrences (in deploymentHistoryItem flowRuntime and so on) are unique.


All subreleases of a release must appear before the release in the DSL for the release-to-subrelease link to be created.

CEV-19239 CEV-19259

The ability to search by assignee in a Deployment Report is not available in the DevOps Insight report editor.


If Release Command Center was setup for JIRA for user-stories and defects and the JIRA project name was mapped to the release project name using the following field mapping: ` projectName:releaseProjectName` then before upgrading to 10.0 the field mapping must be updated to mention the actual release project name using the following field mapping format: "release-project-name-in-CloudBees CD":releaseProjectName


Long custom labels in email notifications do not render correctly.


Approval by email on manual tasks should not expect parameters.


Navigation to a sub-release editor takes user to the parent release editor. As a workaround, select the subrelease from the left-hand navigation in the parent’s release editor.


When you use the CloudBees CD UI to edit a resource pool and add a tag while renaming it at the same time, the operation fails with the following error: Resource pool 'oldPoolName' does not exist . To work around this issue, rename the resource pool, then save the change, and then add the tag to the resource pool.


Running an application process with a parallel manual application process step or running an application process with a parallel manual application and component process steps fails to delete the project.


Attempt to delete a project containing a CIBuildDetails object (injected by Jenkins LTS or CloudBees CI) results in the error: The DELETE statement conflicted with the REFERENCE constraint.


Users are not able to delete a project if there are Jenkins builds associated with this project that are references in releases not in the project.


Attempt to delete a build from a pipeline run via buildname and flowRuntimeId results in the error deleted object would be re-saved by cascade.


If you use the ectool export to export your system configuration from a previous release and then use ectool import to import the same configuration to a CloudBees CD 10.0 server, some out-of-the-box content introduced in the releases since the version from which the full export was done, such as new or updated plugins, new catalog items, and persona based menu items, may be missing in the CD server UI. It is recommended to use ectool export and ectool import only between servers at the same version.


These service catalog items are disabled because underlying plugin has been removed.

  • Azure Container Service Discovery

  • Amazon ECS Dynamic Cluster

  • GCE Dynamic Cluster


Step logs local to Windows agents are not visible from UI webserver with postp. Workaround:

Perform the following on each Windows machine that is a CloudBees CD web server.

  1. Open the file:

    <install directory>/apache/htdocs/commander/WorkspaceFileSection.php

  2. Navigate to line 568:

    if ($this→convertCharset != '') {`

  3. Change the line to:

    if ($this→convertCharset != '' && strtolower($this→convertCharset) != 'cp437') {`

  4. Restart the web server.


You can revert changes only for high-level design objects such as applications procedures procedure steps workflow definitions and state definitions.

Restarting the CloudBees CD server while new records are created for all tracked objects might take at least as long as an export or import of all projects (10 to 40 minutes for a large project).


Enabling Recursively Traverse Group Hierarchy might impact system performance when the LDAP group hierarchy is traversed. The amount of impact varies with the configurations of the CloudBees CD and LDAP servers the depth of group hierarchy in the LDAP server and the network latency between the servers. Make sure that your directory provider can handle the additional load for supporting nested group hierarchy traversal.


System performance might decrease if you disable change tracking at the server level and then re-enable it. (Change tracking is enabled by default.) For details about using change tracking see change tracking.