Introducing Software Delivery Automation

Software Delivery Automation connects CloudBees CI and CloudBees CD, and Release Orchestration in a single platform. With this first release of Software Delivery Automation, we are introducing a new unified experience with new CloudBees Navigation seamlessly navigating across CloudBees CI, CloudBees CD/RO and CloudBees Analytics capabilities. A common installation experience on Kubernetes with a single Helm chart makes it easy to get started. New integrations connect CloudBees CI to the platform, with a data pipeline for streaming data from across the CI controllers to be stored centrally in the Software Delivery Automation platform. Existing CloudBees CD users upgrading to 10.1 Software Delivery Automation can now start taking advantage of CloudBees CI to drive their CI processes.

This is just the first step with much more to come, bringing new innovation, visibility and seamless automation in end to end software delivery processes in a single platform.

Breaking change: Configuration parameter changes related to proxy settings

New configuration parameters to support HTTPS proxy setting have been added for the CloudBees CD/RO server, agent, and repository server.

Existing configuration parameters related to HTTP proxy settings have been renamed to make it clear that they pertain to HTTP. The pre-v10.1 names are deprecated and no longer recognized by CloudBees CD/RO. See renamed configuration parameters to learn how these parameters may affect your migration to v10.1. [NMB-29472, NMB-30155]

Security fixes

This release includes the following security updates
  • The Apache web server used in CloudBees CD/RO is upgraded from v2.4.43 to v2.4.46. [NMB-29570]

  • PHP is upgraded from v7.4.12 to v7.4.13. For details, see [NMB-29570]

  • OpenSSL is upgraded from 1.1.1h to 1.1.1i. [NMB-29570]

  • Fixed a potential CSRF vulnerability. [NMB-29648, NMB-28538]

New features

Audit and compliance reports

Native audit reports are now available in CloudBees CD/RO. These reports aggregate data generated and collected throughout CloudBees CI and CloudBees CD/RO processes into easy to read reports that address auditing requirements of CloudBees CD/RO customers.


Automatically discover native CI controllers

CloudBees CD/RO can now connect directly to a CloudBees CI operations center to automatically discover and update the list of connected controllers on which a CI Job CloudBees CD/RO pipeline task can run, amplifying the value across both products. This streamlines creation and management of controller configurations. [CEV-25661]

  • Enhanced CI configuration UI to support CloudBees CI operations center configurations.

  • Added support to discover CI Controllers from CloudBees CI operations center

API changes:

  • Added support to filter CI configurations by ciConfigurationType.

  • Enhanced the CI_JOB task type to support referencing a CI Job using a CI Configuration of type CI_OPS_CENTER CI configuration.


  • UI: Configuring CI controllers

  • API: CI configuration commands

  • API: CI job commands

    Support for native CI multi-branch pipelines

    As part of the enhanced native CI integration, CloudBees CD/RO now supports multibranch pipeline projects types. [CEV-25437]

  • When invoking a CI job from CloudBees CD/RO, if the selected CI Job task is a multibranch pipeline job type, CloudBees CD/RO allows the user to specify the branch on which to execute the pipeline job.

  • When CI sends build details to CloudBees CD/RO, whether as a post build action, a pipeline task, or a build event, branch information for multibranch pipelines is sent as part of the build payload to be displayed in the build details view.

Documentation: Triggering CI jobs

Proxy support for CloudBees CD/RO agents

Server-side environment variable definition support added for job steps running on the agent. These properties may be created under zone and/or resource entities in the special ec_environment_variables property sheet. If ec_environment_variables property sheet does not exist, manually create it under zone and/or resource objects to define environment variables. [NMB-29614]

  • Property to define environment variable for http proxy resource

      -> properties
        -> property sheet ec_environment_variables
          -> http_proxy = http://user:password@your-proxy-ip-address:port/
  • Property to define environment variable for https proxy resource

      -> properties
        -> property sheet ec_environment_variables
          -> http_proxy = https://user:password@your-proxy-ip-address:port/
  • Documentation: Proxy server configuration

New default installation path

With this release, the default installation paths for new installations have changed. You can change these defaults at installation time. Default paths for update installations are not affected. [CBSDA-258]

Server-managed agent environment variables

Server-side environment variable definition support is added for job steps running on the agent. These properties may be created under zones and/or resources entities in the special ec_environment_variables property sheet. [NMB-29614]

Re-encrypt credential passwords

New with this release, the ConvertCredentials utility re-encrypts credential passwords. It uses the old passkey to decrypt passwords and then encrypts it with a new passkey. Use this utility to convert passwords encrypted with different bitness of passkeys (AES keys). [NMB-29393]

  • AES 128 bit → AES 128 bit

  • AES 128 bit → AES 256 bit

  • AES 256 bit → AES 256 bit

  • AES 256 bit → AES 128 bit

usage: ConvertCredentials
        --newPasskeyFile <filename>   Path to the new passkey file.
        --oldPasskeyFile <filename>   Path to the old passkey file.
        --sourceXmlFile <filename>    Path to the XML file with credentials to be re-encrypted.
        --targetXmlFile <filename>    Path to the result XML file with re-encrypted credentials.
New CloudBees Analytics for CloudBees CI

With the new insights for CloudBees CI, teams can take action to enhance build performance, right-size workloads over demand cycles, prevent unplanned downtimes, get a holistic view of plugin usage across all pipeline jobs, and more.

A new data pipeline seamlessly sends data from each CloudBees CI controller directly to CloudBees Analytics, where data is presented in two new dashboards:

  • Workload Insights: Workload Insights show historical workload growth across demand cycles. Infrastructure teams can spot patterns, capacity issues and unexpected spikes around system/controller health, enabling the admin to take preventative measures.

  • Plugin Usage: Teams can track and monitor usage of plugins across all Freestyle and Pipeline jobs, prioritize most used plugins for upgrade activity, and review and audit all unused plugins.

These dashboards provide shared services teams with predictability and reliability, allowing them to proactively improve the overall CloudBees CI infrastructure.

Database support

No changes.

Browser support

No changes.

Feature enhancements

Microservices modeling and deployment redesigned

Microservices modeling has been redesigned to better integrate with deployments to Kubernetes, starting from YAML files and integrating with tools like Helm, Terraform to provide value in these areas:

  • Simple onboarding of microservices models

  • Orchestrate deployment

  • Visibility into deployments and status

  • Inventory and inspection of clusters

  • Lift and shift

Functional changes include:

  • Consolidating microservices object type as a microservice application that displays on the application list.

  • Simplifying the entire definition workflow and provide mapping visualization for each application type: traditional and microservice application.

  • Providing a seamless path for the user to point to Helm chart and YAML files (including input parameters).

The legacy microservices model is relabeled as Services and has been deprecated.
External credential management support

Credential management capability has been extended to support external credential providers. External credentials are abstracted from the external management system and stored in CloudBees CD/RO as references. Workflow to attach external credentials to plugins, procedures, and steps is identical to that for local credentials. At runtime, external credentials are retrieved on-demand from the external management system. [NMB-29479, NMB-29369]

Supported external credential management systems include:

  • CyberArk: Dynamic Access Provider (DAP) and Central Credential Provider (CCP) [NMB-29099]

  • HashiCorp Vault: CUBBYHOLE, KV1 and KV2 secret engines


  • UI: Credential management

  • API: External credential provider management commands

  • API: Credential management commands

    Redesigned UI pages
  • The Artifact automation platform page is now available from the CloudBees CD/RO UI. Select Artifacts from DevOps Essentials column on the main menu. [CEV-25274]

  • The Procedures automation platform page is now available from the CloudBees CD/RO UI. Select Procedures from DevOps Essentials column on the main menu. [NMB-29515]

  • The Schedules automation platform page is now available from the CloudBees CD/RO UI via DevOps Essentials  Schedules on the main CloudBees CD/RO menu. [NMB-25556]

  • Azure Container Service Discovery

  • Amazon ECS Dynamic Cluster

  • GCE Dynamic Cluster

    Telemetry data

    A new prompt during CloudBees CD/RO server installation or upgrade (from pre-v10.1) notifies the following:

CloudBees CD Server has the ability to send information about its use, which helps to make CloudBees CD better and more intuitive. Telemetry collects anonymized aggregated information and does not collect any identifying information like user names.

Users can opt out either during installation via prompt (console mode), checkbox (UICD/R mode), or server parameter (silent mode, or post-installation) --serverEnableTelemetry false. [CEV-25588]

Enhanced API annotation support

The @Api annotation is enhanced to indicate when an API is being deprecated or if it is a newly added API that is in preview mode. This information is indicated to the user as an advisory message in the API response.

For backward compatibility with version 10.0 and earlier, ectool supports a new command-line option, --suppressAdvisoryMessages, to suppress printing of the advisory messages if the user does not want to have have any advisory messages displayed. [NMB-29511]

Expanded --filters parameter support with ectool

The getPipelineRuntimes API now supports the --filters parameter when invoked with ectool. [CEV-25946]

MySQL JDBC driver update

Mysql recommends using MySQL Connector/J 8.0 for use with MySQL Server 8.0, 5.7, and 5.6. CloudBees CD/RO is officially stopping support for MySQL Connector/J 5.* and will be supporting MySQL Connector/J 8. MySQL Connector/J 8.0 is highly recommended for use with MySQL Server 8.0, 5.7, and 5.6. Please upgrade to MySQL Connector/J 8.0. [NMB-29505]

The last few versions of the connector (v8.0.21 is the latest as of writing) has a bug so users should use version 8.0.16 until the bug ( is fixed.
Proxy support for CloudBees CD/RO components

Updated and improved process for configuring proxy settings on CloudBees CD/RO servers (both single and clustered environments) and agents. Supported for traditional installations, only. [NMB-29669]

Triggers and webhooks

Trigger and webhook support for GitHub and Bitbucket Cloud is improved.

Performance improvements


Plugin enhancements

CloudBees CD/RO plugin catalog

The CloudBees CD/RO plugin catalog is now available on the main product documentation site.

New plugins



  • New community supported plugin.

  • Added "Save output to file" parameter.

  • Added "Run Script" procedure.



  • Added support for revamped webhooks and external credentials.

  • Added support to specify Git repository as a Microservice definition source

Deprecated plugins


Deprecated by EC-Git

Updated plugins

The following is a list of key changes made to existing plugins. For a complete list see bundled plugins.



Fixed sensible information appearing in the check connection step logs.



  • Added support for external credentials management.

  • Fixed issues for check connection step when plugin is used with

  • Parameter “Project version” is now optional in procedure “Get Last SonarQube Metrics”



  • Added support for external credentials management.

  • Fixed a warning in the Report step of "Run and Monitor Build" and "Run And Wait" procedures.

  • Plugin documentation has been updated to include an examples of multibranch pipeline job names.

  • An issue when in some setups get build details procedure has been failing during the "Report" step has been fixed.



  • Fixed configuration name sent by the CollectReportingData procedure

  • Fixed endpoint used to request custom fields available for modification.



  • Added support to deploy Microservice to the Kubernetes cluster

  • Added support to specify Helm repository as Microservice definition source

  • Added new “Values” parameter to the ”Install Chart”, ”Update Release”, “Run Custom Command” procedures

  • Changed the way plugin parses command line options

  • Fixed check connection did not verified cluster authentication

  • Deprecated Helm v2 client support



  • Support for revamped webhooks and external credentials.

  • Fixed handling of missing action checkbox when Trigger is created with DSL



  • Support for revamped webhooks and external credentials.

  • Fixed handling of missing action checkbox when Trigger is created with DSL



S* ecurity fixes



  • Added support for external credentials management.



  • Added support for external credentials management.



  • Added support for external credentials management.



  • Fixed a problem where the plugin would inappropriately throw the error.

  • Actual parameter name is required and must be between 1 and 255 characters when creating an application step.

  • Added support for external credentials management.

  • Added support for secure credentials with Amazon AWS.



  • Updated to use latest APIs from AWS and to support external credential management.

Plugin support changes

The following plugins are being moved to community support going forward as of CloudBees CD/RO preview release 2020.10.0. Log change requests or issues on their respective GitHub projects. Customers are encouraged to explore changing these plugins directly as required.


































New platform support

This section lists new platform support. For the current list of supported platforms, consult Supported platforms for CloudBees CD/RO

Server support

No changes.

Agent support

No changes.

CloudBees CD/RO on Kubernetes

CloudBees CD/RO on Kubernetes now supports these GKE platformms:

  • 1.16.15-gke.7300 [NMB-29881]

  • 1.17.14-gke.1600 [NMB-29895]

  • 1.18.12-gke.1201 [NMB-29896]

Database support

No changes.

Browser support

No changes.

Resolved issues


In some circumstances, application processes are not finishing.

NMB-30162 NMB-28723

Jobs don’t transition to a completed state on the fresh installation if locale is set to de_DE.utf8


Setting default UI with ecconfigure --webDefaultUI commander -–skipServiceRestart sometime


Error when executing serviceAccount DSL in the context of a procedure step`


When creating WebHook with DSL, if there is any mistake it makes all the webhooks stop processing. Actually evalDsl of a project with invalid schedule should not be allowed.


Executing ectool evalDsl with the --overwrite true option it is failing.


Minimize size of JRE 11.0.9 exclude useless / obsolete modules


Sync tools on template of Windows build agents


In SAML SSO Download Metadata is failing cryptic downloadCertificateOnly error instead of informing the user that There is no metadata configured for IDP or T`he configured IDP metadata is invalid`.


Fix nameid-format and provide flexibility to choose hash algorithm in SAMLRequest.


Job step taking excessive time while doing getProperties for /myWorkflow/builds with --recurse true on a propertySheet that has several nesting.


CloudBees CD/RO does not work with SAML on Azure AD.


Bug in java 11.0.6 leads to connection issues with EC-OpenShift plugin


CleanupStalledJob utility not working with Version 10.0.1+. Used to work in 8.0.6


Sometimes CloudBees CD/RO opens with the flow UI even though the default UI is set to commander with ecconfigure --webDefaultUI commander -–skipServiceRestart.


getProperty does not work when property name ends with .z or .gz.


getAvailableResourcesForEnvironment ignores ACL restrictions


[Regression] Advisory message appears in getFullCredential output


Aborted jobs cannot be cleaned/deleted by background delete even after marked for deletion because they were not completed.


Changing CD keytool password to one different than the default one is leading the server to fail on starting.


ecconfigure currently does not have the options to update the new proxy settings added in NMB-29669 for http.proxyUser http.proxyPassword https.proxyHost https.proxyPort. Also agentNoProxyHosts updates invalid http.noProxyHosts


Slowness detected in cicmdr1 QC 10.0.1 cluster. Also 2x slowness with old commander UI because a long batch of getProperties request (depending on user group membership) is sent twice in 10.0.1 vs 8.0.6


CloudBees Analytics job metrics board has been refreshed.


Release pipelinerun fails with Error processing message when using the same Credential parameter and is logged only in logs and no error message in UI.


Deployer task with credential parameter in releases and pipeline stage fails with InvalidCredentialName if the credential is from another project and so has a fully qualified name. Works only when using credentials in same project.


Property /server/ec_deploy/ec_defaultEmailConfiguration is not used when sending application deployment manual steps notifications if its value is set to email configuration that is not named default.


Give agents the ability to use a proxy (both http and https) for internal network communication


HA system sees one node taking excessive time in processing activemq messages when a large backlog exists.


Improved StepScheduler run performance to prevent deadlocks when processing and scheduling steps.


Skip stages in pipelines when restricted to AD/LDAP groups in distinguished name format does not get saved because of the comma in the distinguished name.


Long running ec_property to ec_property_sheet LEFT OUTER JOIN queries causes CloudBees CD/RO server to be stuck in bootstrap for 2+ hours.


The runProcedure --pollInterval command now polls beyond 60 seconds when --timeout is greater than 60 seconds.


Calling GetGroups method without parameters is failing if tried as currently documented in the Groovy API.


When configuring gmail, server returns a message because the incorrect port was specified.


Preserve wrapper.conf properties related to proxy settings after CD upgrade


ectool PingAllResources defaults to enabledOnly false and so pings all disabled resources.


[Security Probe] Potential HTTP CSRF vulnerability. Fix by adding SameSite protection attribute to the session cookie


Malicious Input Handling - URL parameter 'path' and parameter 'userName' at the login page are prone to cross site scripting (XSS)


HTTP Security Configuration - wildcard at CORS header for Access-Control-Allow-Origin


Upgrade (CDRO) 9.1 to 10.0 deleted old EC-JIRA plugin history including jobs data when EC-JIRA plugin is auto updated during server startup (after the upgrade). Need to preserve historical jobs.


Email notification fails with 550 MIME message is missing 'From' header as SendGrid SMTP is RFC 5322 compliant and requires MAIL_FROM_NAME.


Details on Export API have been updated.


Executing Import DSL from Git catalog is failing due to ParameterMismatch: Extra parameter(s) to importDslFromGit.


Due to an error in the Helm chart, the flow-agent container crashed in some circumstances.


Problem resolve where, in some circumstances, jobs that ran ectool pingResource retried for several hours due to a DeadAgentException.


swagger ui generates incorrect URL for 'abortAllPipelineRuns'


After an upgrade, the ssl.conf file was not preserved. The values of these parameters reverted to default settings: SSLCertificateKeyFile, SSLCertificateFile.


Parameter improvement on procedure side (similar to Flow).


When signing in to CloudBees CD/RO Active Directory are now used instead of forcing users to re-input password every time.


Problem resolved that required the need for agents to be pinged after applying a new license file.


CloudBees removed Parl.exe from the installed Perl package.


LDAP user admin can be used to login to ECommander instead of local admin user when userSearchFilter is done via CN in the Directory Provider configuration. Check authentication only with local user and do not check the directory provider at all.


Commander: Confusing Error Message - AgentNonexistendDir You must use port 465 for SMTPS and port 587 for SMTP.


QueryInformationJobObject api fails on 64 bit windows


CloudBees CI job wasn’t aborting if pipline with CloudBees CI task was aborted.


Project having pipeline with grouped tasks when exported with Export DSL Service Catalog using default settings when reimported using Import DSL Service Catalog fails while importing the pipeline"


runProcess can’t call the procedure of another project with snapshot deployment


Creating snapshot of component - Version column width too small in UI


Unable to select releaseStatus as a filter for a Release Report.


findObjects does not work in Load Options using DSL as createFormalParameter API called from Service calalog fails


Adding a 10th column to a table widget places it in the 2nd spot.


Problem resolved where agent step logs were not visible on the UI on Windows 2019 hosts.


The runCatalogItem API doesn’t support credential reference in v10.1.


Question on livenessProbe setting in K8s for the CD Server and other components


Creating a new task from an existing task cannot show more than 50 pipelines.


Default setting for UI refresh of 10s is too fast for Pipelines. Increase the default to 30sec


"New UI-Refresh setting ""UI auto-refresh frequency in seconds:"" is Poorly named/misleading"


"Starting releases using ""ectool startRelease"" is not setting the ec_startingStage parameter. Set the ec_startingStage property even when we don’t pass ""--startingStage"" option."


"Enhance ""ectool getPipelineRuntimes"" with filter / filters option to work similar to findObjects NMB-25703. Currently it is documented that filter / filters option is not available for getPipelineRuntimes in CEV-21475"


URL link of Service Catalog item requires a space after URL if pointing to SVG file


"In Pipeline Property Picker if we select a property inside a group it´s not taking into account the group in the path"


Error importing Catalog DSL generated by the application


Sort Order of user defined DropDown menus has been changed in v10.0.x to alphabetical. Revert to sorting based on DSL code.


Preconditions now work with FlowRuntime properties.


Unable to locate persister exception after creation of plugin configuration via dsl due to getProperties call after a separate transaction block in dsl.


"The DSL script for validating the custom formal parameter at runtime in service catalog currently checks correctly if you click outside parameter input box before hitting ""OK"". Fix to validate the parameter if ""OK"" clicked immediately as well."


Application DSL Master Component Does not get updated via DSL import


Registered hosts did not appear in the license details list when accessed via the CloudBees CD/RO main menu.


Creating a resource in the UI will attempt to create a concurrent host.


Cannot clear old components from inventory via ectool deleteEnvironmentInventoryItem.


Direct URL to Pipeline runs search with filter


Problem resolved where the resulting DSL script from the Export DSL Service Catalog item was different than the DSL script returned from ectool generateDsl. Now they return the same DSL.


In some circumstances jobs hung after applying a new license file. Agents needed to be pinged in order to restart the jobs.


Lack of document for IntelliJ ElectricFlow plugin or missing functionality mentioned in the description


Retry steps in application processes do not display times


Importing a project failed when the project has env and the env has resource

Behavior changes

No changes.

Installation notes

For complete installation and upgrade information, see CloudBees CD/RO installation guide.

Configuration parameter changes related to proxy settings

Configuration parameters related to HTTP proxy settings have been renamed to make it clear that they pertain to HTTP. The pre-v10.1 names are deprecated and no longer recognized by CloudBees CD/RO. This table lists old and new names. Full list of configuration parameters can be found here. [NMB-29472, NMB-30155]

Pre-v10.1 name v10.1 name Description



Enable (1) or disable (0) the HTTP proxy server configuration. If enabling for the first time, --agentHttpProxyHost and --agentHttpProxyPort must be specified.



Comma delimited list of hosts that should be reached directly, bypassing the HTTP/HTTPS proxy servers.



The IP address of the HTTP proxy server.



The port of the HTTP proxy server.



Enable (1) or disable (0) the HTTP proxy server configuration. If enabling for the first time, --serverHttpProxyHost and --serverHttpProxyPort must be specified.



The IP address of the HTTP proxy server.



The port of the HTTP proxy server.



Comma delimited list of hosts that should be reached directly, bypassing the HTTP/HTTPS proxy servers.



Comma delimited list of hosts that should be reached directly, bypassing the proxy server.

Legacy services applications and container entities

The legacy Services applications and Traditional applications with containers have been deprecated in this version of CloudBees CD/RO. We recommend upgrading your applications to the current microservices application model.

CloudBees CD/RO on Kubernetes

Sample CloudBees CD/RO server and agent Helm chart values, found here, provide CloudBees’s default installation values. The CloudBees CD/RO images.tag value associated with version 10.1 is

Configuring autostart services for Linux installations

Linux installations that you perform as a non-root user or without sudo permissions cannot automatically start the CloudBees CD/RO server, web server, repository server, or agents. This means that you must set up service autostart after installation is complete. Learn more here.

Upgrading your CloudBees CD/RO environment

IMPORTANT: Before starting an upgrade, make sure to back up your existing CloudBees CD/RO data.

Upgradable versions

Upgrades to CloudBees CD/RO 10.x are supported only from ElectricCommander 5.0 or any version before 9.0. Upgrades to version 10.x from version 4.2 or earlier are not supported. For upgrade instructions, see Upgrade on traditional platforms.

Upgrading an older CloudBees Analytics version

Upgrading from a CloudBees CD/RO version 9.0.x , or earlier, requires upgrading the CloudBees Analytics server to 10.0. If upgrading from CloudBees CD/RO version 9.1, then upgrading version 9.1 the CloudBees Analytics server is not required.

Updating elements containing applicationServiceMapping [CEV-16237 and CEV-16158]

If your XML export file from CloudBees CD/RO 8.0.1 or earlier versions has elements containing applicationServiceMapping, you must change all instances of that string in the file to serviceClusterMapping before importing the file into version 10.0. For example, change the following XML:



Backing up and restoring custom settings

The CloudBees Analytics installer overwrites the elasticsearch.yml configuration file with a new file. As of CloudBees Analytics version 8.3, the file includes a Custom Settings section, which lets you add Elasticsearch settings not managed by the CloudBees Analytics server without being lost during an upgrade. If you added settings to this file in version 8.2 or earlier that you want to preserve, you must back up the file to a separate location before upgrading to version 9.2 or newer versions and then add the settings to the Custom Settings section after the upgrade. During future upgrades, the installer will preserve the settings in the Custom Settings section. [NMB-25850]

Updating the MySQL configuration before upgrading

Since release 8.0.1, CloudBees has instructed customers using a MySQL database to use the following two lines in their MySQL configuration:

init_connect='SET collation_connection = utf8_unicode_ci, NAMES utf8'

Before upgrading CloudBees CD/RO, you must remove these lines or comment them out. Otherwise, jobs will not start.

Ensuring the correct default MySQL default collation

Since release 8.0.1, CloudBees has instructed customers using a MySQL database to ensure that the default collation for their database schema is set to utf8_unicode_ci or utf8_general_ci and that no table in their schema overrides this. As of release 9.0, the CloudBees CD/RO server checks this configuration on startup and logs errors in the server log if it is not set correctly.

If the collation is not configured correctly, then entering non-ASCII text into CloudBees CD/RO might cause errors. For example, setting a release name to a non-ASCII value and attempting a search causes an exception.

If your MySQL database schema or any tables in it are set to a non-UTF-8 collation order, see Knowledge Base article KBEC-00385 - Converting a MySQL Database From Latin-1 to UTF-8 for detailed instructions about safely converting your schema to UTF-8. [NMB-26521, NMB_27459]

Upgrading agents that run the ec-groovy job step in multizone deployments

In multizone CloudBees CD/RO deployments, CloudBees CD/RO agents that are in a different zone than the CloudBees CD/RO server must be upgraded to version 9.0 or later for the ec-groovy job step to run successfully on those agents. You must also upgrade the gateway agents that lead back to the server’s zone including those in any zones in between the agent’s zone and the server’s zone. [NMB-27490]

For details about multiple zones and gateway agents, refer to Zones and gateways.

Removing the SSL 2.0 Client Hello or SSLv2Hello protocol from your security configurations

CloudBees recommends removing the SSL 2.0 Client Hello or SSLv2Hello protocol from your security configurations for all components. [NMB-27934, NMB-29326]

  1. Upgrade agents older that fall into this category for security reasons:

    • Windows, Linux: 6.0.3 or older; 6.2 or older

    • Mac OS: 8.4 or older

  2. If this warning appears on the Automation Platform UI:

    Note: We recommend removing `SSL 2.0 Client Hello` format from server configuration and upgrade older agents as indicated on the Cloud/Resources Page to avoid security risk.

    then enter the following command on the CloudBees CD/RO server:

    $ ecconfigure --serverTLSEnabledProtocol=TLSv1.2
Upgrading the CloudBees Analytics server

This section provides information about upgrading the CloudBees Analytics server from Version 7.3 to Version 10.1.

Re-Specifying configuration settings

The installers (GUI, interactive console, and silent mode) for the CloudBees Analytics server do not preserve the configuration setting for the CloudBees Analytics server host name ( --hostName ) or the setting for the Elasticsearch number of shards ( --elasticsearchNumberOfShards ) during the upgrade from 7.3 to 9.2. If you specified non-default values during the 7.3 Reporting server installation, you must re-specify these settings during the upgrade. (All other settings are preserved.)

CloudBees Analytics server configuration notes

For a production environment, CloudBees recommends that you install the CloudBees Analytics server on a system other than systems running other CloudBees CD/RO components (such as the CloudBees CD/RO server, web server, repository server, or agent). If you must install it on the same system (such as for testing or other non-production or trial-basis situations) see CloudBees Analytics server with other components for details.

CloudBees CI operations center configurations

After upgrading to CloudBees CD/RO v10.1 from v10.0.x, your CloudBees CI operations center configurations may need to be reworked.

  • In v10.0.x, CloudBees CI operations center URLs specified in configurations are silently appended at runtime with the /cjoc path component.

  • In v10.1, URLs are used as defined in configurations. The /cjoc component is not appended.

In order to maintain pre-v10.1 runtime compatibility, the v10.1 upgrade process modifies CloudBees CI operations center URLs in existing configurations by hardcoding the /cjoc path component. You need to rework existing URLs in configurations where appending the \cjoc path component is inappropriate.

Configuration notes

Performing a full import

During a full import, the import operation might hang in the following scenarios. To import successfully into CloudBees CD/RO 8.0 and newer versions, perform the appropriate workarounds [CEV-15447, CEV-11873]:

  • A manual process step in a process has formal parameters. The workaround is to remove the entry related to the property sheet for the job step that is associated with the manual process step.

  • In the exported XML file from the earlier release, two pipelines are in different projects, and both pipelines have no gate tasks. The flow associated with the pipeline is duplicated under both projects. The workaround is to remove the flow element under the projects.


When an application is cloned from one project (the original project) to another (the destination project), the tier maps for the application will point to the environments with the same names in the destination project. To deploy the application to the environments in the original project, you must create tier maps connecting the application to those environments.

Known issues


SyncArtifactVersions procedure completes with success, rather than showing a warning, when manifest is missing and overwrite = false.


When you use the Automation Platform UI to upload and publish artifact files with non-English characters in their file names the operation fails with the following error: Upload file: Exit code 1: ERROR: Publish failure: Unexpected retrieval exception for repository error .


Modifications of LDAP user data (such as email addresses) on an Active Directory server after registration in CloudBees CD/RO do not appear properly in user details (in the Automation Platform UI, the Deploy UI, or ectool ) until the CloudBees CD/RO server is restarted.


(Windows platforms only) If the Elasticsearch cluster which is used by CloudBees Analytics is in the red state (in Elasticsearch this means that it only partly functions and some data is unavailable) then upgrade reconfigure or uninstall operations will not work. Because the Elasticsearch service can not be stopped when a cluster is in red state kill the Elasticsearch service process by the task manager before running the installer for these actions.


The Microsoft Edge browser does not work with SAML 2.0 and a self-signed certificate during redirection from the identity provider to the service provider. Edge is not recommended for login via SAML 2.0.


Can’t ignore server mismatch and override passkey from Database Configuration page.


The ec-groovy command line utility fails when invoking createArtifactVersion with error This server cannot handle version <x> messages.


The warning, WARNING: An illegal reflective access operation has occurred is logged by Java 11 for the cglib library.


The LANG environment variable must be set to en.US.UTF-8; otherwise, the upgrade fails. See KBEC-00452 - Error installing CloudBees CD 10.0.x when Lang environment variable is different than en.US.UTF-8 for details.


In some cases, job step diagnostic information is not available and server reports 507 error, Missing sessionId attribute in request, when trying to view job step logs.


When an application with snapshots created in CloudBees CD/RO 6.1 or earlier is cloned and a project containing this application is imported to CloudBees CD/RO 6.3 or higher the import operation fails.


Error prompts for runtimes started by a schedule are not visible if the schedule was created with a missed configuration.


The stage inclusion status in the Release Dashboard changes color after a stage is renamed.


No error prompt appears for failed tasks and retry tasks during a pipeline runtime.


If an application process step cannot expand to its child steps (because of an invalid run condition or an invalid formal parameter) then the step is not retried even if it uses "retry on error" error handling. The job eventually completes with an error.


The retry count for group tasks or rules using "automated retry on error" is missing from the Pipeline runtime page.


Multiple mapped environments with the same name from different projects are not supported in email notifications.


A project import might not include the path-to-production view.


Jobs might not appear upon drill-down into the "Clusters With Most Deployments" widget in the CloudBees Analytics Microservices Dashboard if the service does not contain a deploy step in the process.


When you do a full import from version 8.0 to version 8.2 or newer and two or more releases have the same name (under different projects) and are associated to the same pipeline then after import the runs for all releases might become associated to the first imported release. This is because CloudBees CD/RO cannot differentiate runs between the releases since all runs are under the same pipeline project and have the same name. To work around this issue rename releases in the export file so that all their occurrences (in deploymentHistoryItem flowRuntime and so on) are unique.


All subreleases of a release must appear before the release in the DSL for the release-to-subrelease link to be created.

CEV-19239 CEV-19259

The ability to search by assignee in a Deployment Report is not available in the CloudBees Analytics report editor.


If Release Command Center was setup for JIRA for user-stories and defects and the JIRA project name was mapped to the release project name using the following field mapping: ` projectName:releaseProjectName` then before upgrading to 10.0 the field mapping must be updated to mention the actual release project name using the following field mapping format: "release-project-name-in-CloudBees CD/RO":releaseProjectName


Long custom labels in email notifications do not render correctly.


Approval by email on manual tasks should not expect parameters.


Navigation to a sub-release editor takes user to the parent release editor. As a workaround, select the subrelease from the left-hand navigation in the parent’s release editor.


When you use the Deploy UI to edit a resource pool and add a tag while renaming it at the same time, the operation fails with the following error: Resource pool 'oldPoolName' does not exist . To work around this issue, rename the resource pool, then save the change, and then add the tag to the resource pool.


Running an application process with a parallel manual application process step or running an application process with a parallel manual application and component process steps fails to delete the project.


If you are signed in to the Deploy UI and upgrade to CloudBees CD/RO 10.0, the version 10.0 sign-in page for the Automation Platform UI goes into an infinite redirect. This is because the version 10.0 Automation Platform UI thinks that your sign-in session expired even though it is active. To work around this issue, do one of the following:

  • Before upgrading, sign out from the Deploy UI and the Automation Platform UI.

  • After upgrading, sign out from the Deploy UI and then sign in.

  • After upgrading, clean your browser cache and cookies to kill the pre-upgrade sign-in session.


Attempt to delete a project containing a CIBuildDetails object (injected by Jenkins LTS or CloudBees CI) results in the error: The DELETE statement conflicted with the REFERENCE constraint.


Users will not be able to delete a project if there are Jenkins builds associated with this project that are references in releases not in the project.


Attempt to delete a build from a pipeline run via buildname and flowRuntimeId results in the error deleted object would be re-saved by cascade.


If you use the ectool export to export your system configuration from a previous release and then use ectool import to import the same configuration to a CloudBees CD 10.0 server, some out-of-the-box content introduced in the releases since the version from which the full export was done, such as new or updated plugins, new catalog items, and persona based menu items, may be missing in the CD server UI. It is recommended to use ectool export and ectool import only between servers at the same version.


These service catalog items are disabled because underlying plugin has been removed.

  • Azure Container Service Discovery

  • Amazon ECS Dynamic Cluster

  • GCE Dynamic Cluster


Single Sign on does not work unless PHP configuration is changed due to a security related request. Workaround: change session.cookie_samesite to "Strict" in /opt/electriccloud/electriccommander/apache/conf/php.ini and restart web server.


You can revert changes only for high-level design objects such as applications procedures procedure steps workflow definitions and state definitions.

Restarting the CloudBees CD/RO server while new records are created for all tracked objects might take at least as long as an export or import of all projects (10 to 40 minutes for a large project).


Enabling Recursively Traverse Group Hierarchy might impact system performance when the LDAP group hierarchy is traversed. The amount of impact varies with the configurations of the CloudBees CD/RO and LDAP servers the depth of group hierarchy in the LDAP server and the network latency between the servers. Make sure that your directory provider can handle the additional load for supporting nested group hierarchy traversal.


System performance might decrease if you disable change tracking at the server level and then re-enable it. (Change tracking is enabled by default.) For details about using change tracking see change tracking.