CloudBees CD/RO v2023.08.0

CloudBees is pleased to announce the v2023.08.0 long-term support (LTS) release of CloudBees CD/RO. With this release, CloudBees added several new features and system improvements, including:

  • Enabling CloudBees CD/RO to communicate with CloudBees Compliance through new gate rules. For more information, refer to New features.

  • Extending automated governance capabilities with the new GitHub-Checks plugin. For more information, refer to New features.

  • Adding Helm chart support for using Google Cloud Storage Workload Identity for CloudBees Analytics snapshot backups. For more information, refer to New features.

  • Transitioning from GCP Cloud SQL Auth Proxy to GCP Cloud SQL connectors. For more information, refer to New features.

  • Introducing Pipeline editor enhancements to improve UI usability. For more information, refer to Feature enhancements.

  • Improving upgrade and boot times by individually updating plugins only when version changes are detected. For more information, refer to Feature enhancements.

  • Implemented the ability to configure permission masks for Linux agent workspaces. For more information, refer to New features.

  • Adding scrollbars to dropdowns to allow easier option selections. For more information, refer to Feature enhancements.

  • Updating CloudBees CD/RO agent third-party tools. For more information, refer to Feature enhancements.

Security fixes

This release includes the following security updates to address potential vulnerabilities:
  • OpenSSL is updated to version v1.1.1u.

  • PHP is updated to version v8.1.21 (v8.1.21 changelog).

  • Extended the functionality of OpenIDConnect by adding support for different algorithms to validate JWT tokens.

New features

New Compliance Check gate rule

Introduced Compliance gate features:

  • New Compliance check gate rule enables checks to facilitate obtaining gating decisions from CloudBees Compliance (CBC) for advancing applications in the pipeline.

  • New Compliance gate configuration in Administration  Configurations  Compliance configuration, enabling CloudBees CD/RO to communicate with CBC. CloudBees CD/RO must already be integrated with CBC to use this feature.

GitHub-Checks plugin introduced for CloudBees CD/RO

With the new GitHub-Checks plugin, you can use CloudBees CD/RO pipelines to perform code linting and analysis based on GitHub events and receive feedback directly on your GitHub pull requests. This integration allows you to create consistent, enforceable, and automated governance within your development processes. For more information, refer to the GitHub-Checks plugin documentation.

Google Cloud Storage Workload Identity support added in Helm charts for CloudBees Analytics snapshot backups

Support has been added to the CloudBees CD/RO Helm charts for using Google Cloud Storage Workload Identity when backing your CloudBees Analytics Elasticsearch indices.

CloudBees CD/RO GCP Cloud SQL Connectors integration

To leverage GCP security and IAM features, CloudBees CD/RO has transitioned away from using GCP Cloud SQL Auth proxy in favor of Cloud SQL Connectors. For more information on configuring Cloud SQL Connectors for your GCP instances, refer to Kubernetes platform-specific configurations.

If your project uses Cloud SQL Auth proxy running as sidecars, they will continue to work with CloudBees CD/RO. However, because of security and IAM features, GCP recommends using Cloud SQL Connectors. CloudBees recommends following the GCP recommendation.

Configure permission mask for Linux agent workspaces

Configuration of a permission mask for Linux agent workspaces is now available for CloudBees CD/RO. The root workspace parameter workspaceMask was added to permit the setting of default permissions for new agent workspace directories. Similarly, the ability to modify permissions for specific agent workspaces with the agentWorkspaceMask parameter was added.

Upgrading to CloudBees CD/RO v2023.08.0 from an earlier version will not automatically add the agentWorkspaceMask parameter to existing agent directories. Use chmod to modify permissions for those directories manually.

Feature enhancements

Pipeline gate enhancements

Pipeline editor UI enhancements:

  • Replaced conditions icon with three-dots on gate rules and gate group rules.

  • Relocated Edit rule functions for details, conditions, and definitions to one panel.

  • Added new Compliance check rule type.

  • Replaced Add task and Copy task icons with buttons.

Only new plugin versions are updated

To improve upgrade times, CloudBees CD/RO installers only update bundled plugins with new versions. This feature is automatic, and no changes are needed to implement it. However, to help special uses cases, CloudBees has also introduced methods to force all bundled plugins to update. For more information on how to force all bundled plugins to update, refer to:

Third-party tool updates for CloudBees CD/RO agents

The following third-party tools have been updated CloudBees CD/RO agents:

Plugin enhancements

CloudBees CD/RO plugins catalog

The CloudBees CD/RO plugins catalog is available on the CloudBees CD/RO documentation site.

For more information about plugin support and versioning, refer to Plugin Concepts.

Legacy platform plugin manager deprecation information

The plugin manager built into the legacy CloudBees CD/RO Automation Platform UI was deprecated with v2023.02.0. CloudBees strongly recommends that you migrate to the new plugin manager. For plugins that support the new plugin format, you can migrate legacy plugin configurations using a built-in Migrate configurations Service catalog item.

Plugin migration information

Migrating your custom plugins

To use the new plugin manager, your plugins must align with the CloudBees plugin development kit (PDK) configuration model and contain the plugin configuration as a first class object. To migrate an existing plugin to the new plugin manager/configuration, CloudBees recommends rebuilding your plugins using the PDK. For more information, refer to Migrate legacy plugins to PDK. Once a plugin is built to support the PDK configuration, legacy plugin configurations for the plugin may be migrated using a built-in Migrate configurations service catalog item.

Plugin configurations based on GWT may not be available to view in the new plugin manager. To view legacy plugin configurations:

  1. Navigate to DevOps Essentials  Platform Home page.

  2. Select the Administration link. The Event Logs page displays.

  3. Select the Plugins page link. The Plugins Manager page displays.

  4. Select the name of the plugin name in the Plugin Label column. The Project Details page displays.

  5. Select the Properties tab.

  6. In the property <PluginName>_cfgs, you can find all configurations for the plugin.

  7. Note any specific configuration names that need to be migrated. You can also migrate all configurations.

For more information, refer to Migrating your plugin configurations.

Current plugin disposition

Plugins that will be migrated to PDK

The following CloudBees supported plugins are not configured with the new plugin configuration, but will be updated soon:

  • EC-Twistlock

Plugins released to the community

The following plugins are not supported by the new plugin manager and have been removed from the plugin catalog and migrated to the community:

  • EC-Apache

  • EC-Azure: CloudBees has released a new AzureCLI plugin to replace this plugin.

  • EC-AzureDevOps: CloudBees has released a new AzureDevOps plugin to replace this plugin.

  • EC-BigIp

  • EC-DB2

  • EC-DBI

  • EC-EC2

  • EC-Gerrit

  • EC-Selenium

  • ECSCM-Perforce

  • ECSCM-Property

  • ECSCM-TFS

  • ECSCM-Accurev

  • ECSCM-Bazaar

  • ECSCM-ClearCase

  • ECSCM-CVS

  • ECSCM-Mercurial

  • ECSCM-Repo

  • ECSCM-StarTeam

  • ECSCM-SVN

  • ECSCM-Synergy

  • ECSCM-Vault

  • EC-Twitter

To generate a list of legacy plugin configurations on your system, you can use this DSL script.

Contact CloudBees Support if you require assistance updating legacy plugins to support the new configuration.

Plugin updates

EC-AWS-EC2 1.0.19

Upgraded third-party dependencies.

EC-DslDeploy 4.2.1

  • Fixed issue with import environment reservations.

  • Supported new option 'suppressEmpty' in the generateDsl plugin procedure.

EC-FileOps 4.0.1

Implemented internal improvements.

EC-GCP-ComputeEngine 2.6.1

Upgraded third-party dependencies.

EC-Jira 2.2.0

Added Personal Access Token authentication support.

EC-Jenkins 2.4.0

  • Added support to the RunAndMonitorBuild and RunAndWait procedures Parameters field to escape commas (,) and equals (=) used with input.

  • Improved the RunAndMonitorBuild and RunAndWait procedures to support JSON build parameters by implementing a new "Is Parameters content in JSON format?" option.

EC-Kubectl 1.4.0

Added support for Argo Rollouts blue-green and canary deployments.

EC-Rest 2.5.

  • Updated third-party dependencies.

  • Migrated to Java 17 and Groovy 3.

    Because of the Java versions supported by CloudBees CD/RO, you can only use EC-Rest v2.5.0 with CloudBees CD/RO agents v10.11 and later.
  • Added support for using custom ports.

EC-ServiceNow 3.2.4

Updated tooltips and added uses cases for the Filter field used in the GetRecord, CollectReportingData, and UpdateRecord procedures.

EC-SonarQube 2.1.6

  • Fixed issue with incorrect SonarQube Server version determining.

  • The SonarQube versions supported by the plugin have been updated to reflect versions actively supported by SonarQube.

GitHu-Checks 1.0.0

Added support for GitHub Checks API.

When upgrading plugins that have been migrated to PDK, you must migrate your existing plugin configurations. You can use the Migrate configurations procedure from the Service catalog to migrate your existing plugin configurations.

Plugin Development Kit enhancements

New platform support

This section lists new platform support.

On June 29, 2023, CloudBees CD/RO v10.6.x reached EOL. For more information, refer to CloudBees maintenance lifecycle policies. CloudBees recommends upgrading to the newest CloudBees CD/RO release to maintain support.

On August 4, 2023, CloudBees CD/RO v10.7 will reach EOL. For more information, refer to CloudBees maintenance lifecycle policies. CloudBees recommends upgrading to the newest CloudBees CD/RO release to maintain support.

Refer to the following topics for a list of officially supported platforms for CloudBees CD/RO:

Resolved issues

BEE-29660

CloudBees CD/RO values files were updated with commented descriptions of service attributes for gateway external agent service and flow-agent service uses.

BEE-31074

Fixed issue with impersonation credentials scope in the DSL evaluation by not allowing the propagation of the 'credentialName' argument from the project level to the trigger level.

BEE-32040

Fixed issue when a CloudBees CD/RO CloudBees CI job task fails with a “StackOverflowError” while waiting for long-running CloudBees CI jobs to complete.

BEE-32234

Formal output parameters are now sorted in the alphabetical order.

BEE-33074

Fixed issue of EC-DslDeploy plugin duplicating properties with encoded special symbols when importing.

BEE-33695

Fixed issue where the following retry error handling options were not cleaned up (string = null, integer = null, and boolean=0) when a task was imported using evalDSL overwrite equals true:

  • afterLastRetry

  • retryCount

  • retryInterval

  • retryType

  • notificationEnabled

  • notificationTemplate

  • approver

BEE-33696

Fixed issue where the outOfOrderRunAssignee option for tasks was not cleaned up when tasks were imported using evalDSL overwrite equals true.

BEE-33934

Fixed issue of DSL processStep inconsistent order generation by updating indexing when a processStep is reinserted into a process list during re-evaluation of the DSL.

BEE-34057

Fixed issue where CI job failed when CI Job parameter is passed as JSON string value that was not escaped using Java String rules.

BEE-34079

Added support for setting the default value of a procedure formal parameter credential type.

BEE-34183

Fixed an issue of wait dependencies not being sorted alphabetically.

BEE-34234

Fixed the issue of the rollingDeployEnabled field with false value in the task entity not being skipped during DSL generation ( generateDsl) when the suppressDefaults value is true.

BEE-34316

Fixed issue with updating a runtime credential in the plugin configuration by specifying the persistent credential reference.

BEE-34434

Added missing notRun task status into the pipelinerun report object type .

BEE-34740

Fixed issue preventing import of group task in YAML DSL by adding support for nested tasks (group task <→ regular task).

BEE-35039

Fixed the issue of SSC FlowRuntime incorrectly navigating release request to pipelines by adding a check for releaseId in the response.

BEE-35559

Fixed intermittent login issue for AD/LDAP users.

BEE-35668

Serially grouped tasks containing a manual first task that fails can not be retried after pipeline restart.

BEE-35768

Fixed issue preventing the importing gates containing wait dependencies in YAML DSL.

BEE-35885

Fixed regression bug that caused getCIEventsSchema operation to fail with an exception that prevented CI/CD events schema sync, which caused new CI Controller registration failure.

BEE-36614

Fixed setCIEventsSchemaConfiguration "java.lang.IllegalArgumentException: Argument for @NotNull parameter value must not be null" error by adding validation for the destinationMapping argument in the setCIEventsSchemaConfiguration API.

BEE-36804

Updating the index when processSteps are reinserted into the list in a process.

BEE-36892

Fixed DependsOn evaluation inconsistencies by adding validation when reordering or moving formal parameters which prevents issue with unresolved dependencies.

BEE-36929

Resolved an issue where application run details did not display in the console in the standard view.

Behavior changes

Locale standardization for CloudBees CD/RO servers

To standardize support of user input, the CloudBees CD/RO servers requires a UTF-8 charset to properly function. For environments that use CloudBees CD/RO server images, the UTF-8 charset is included, and no actions are needed. Windows and macOS installations are also not typically affected, since both use UTF-8 by default.

For Linux or environments modified from using default UTF-8, when installing CloudBees CD/RO using traditional installations, either the system locale must be either configured by default to a UTF-8 charset, or the system locale en_US.utf8 must be available for use. If the UTF-8 charset or system locale en_US.utf8 are not available in your environment, CloudBees CD/RO installer will not install the server component, and return the error message:

Unable to detect a usable utf8 system locale, which is required for the server service.
Using formal parameters in the Service Catalog

Starting with v2023.08.0, to use formal parameters in the Service Catalog, useFormalParameters must set to true.

Removing shared filesystem dependency in v2023.10.0 (next release)

Announcing, in the next CloudBees CD/RO release (v2023.10.0), CloudBees CD/RO will no longer require a shared filesystem. This dependency will be removed from CloudBees CD/RO installers and Helm charts for v2023.10.0 and later.

If you are already using a shared filesystem, this change will not affect your project, and you can continue using it.

As part of this change, the EC-Homepage plugin will be deprecated and removed. This may disable some Commander UI homepage features.

Installation notes

For complete installation and upgrade information, refer to CloudBees CD/RO on Kubernetes and Install CloudBees CD/RO on traditional platforms.

CloudBees deprecated the CloudBees CD/RO ec-jruby and ec-jython wrapper programs with v10.11. The wrapper programs are no longer installed as part of CloudBees CD/RO tools.
Potential backward incompatibility

CloudBees CD/RO Docker images are now based on UBI minimal instead of UBI standard, as in previous releases. Some packages are not installed on our Docker images by default. This may cause backward incompatibility if your environment depends on these tools and utilities. CloudBees CD/RO Docker images now use microdnf as a package manager and yum and dnf package managers are no longer available. To retain backward compatibility, CloudBees CD/RO provides a symlink for microdnf as dnf. These package managers are not 100% compatible, which may cause unexpected errors and require modification of the scripts.

CGI module and support removed

CloudBees removed the CGI module and support with v.2023.02.0. After you upgrade your CloudBees CD/RO server to v2023.02.0, you must also upgrade your CloudBees web server.

UI file upload limits are now controlled by PHP in /opt/cloudbees/sda/apache/conf/php.ini.

For default parameter values and more information, refer to Configuration settings preserved after an upgrade.

Duplicate applications warning

CloudBees CD/RO v10.9 included a fix for an issue that caused duplicate applications for applications created in the UI. The upgrade process fails when there are duplicate applications. CloudBees resolved this issue for MariaDB, MySQL, and Postgres databases. Ensure that your current installation does not contain applications with duplicate names. You can rename or delete the applications. You must remove duplicate applications by ID using the deleteObjects API. You cannot delete duplicate applications by name. For more details and scripts to assist with this process, refer to KBEC-00513 - How to resolve applications with duplicate names before upgrading from a version prior to v10.9.

Apache ZooKeeper required update

The ZooKeeper version bundled with CloudBees CD/RO v10.5 was updated from v3.4.6 to v3.8.0. CloudBees CD/RO v10.5+ requires ZooKeeper v3.8.0. For installation and upgrade instructions, refer to Install ZooKeeper and Upgrade a clustered environment.

Legacy services applications and container entities

In CloudBees CD/RO v10.3, the legacy Services applications and Traditional applications with containers were deprecated and removed. Before you upgrade to CloudBees CD/RO v10.3 or later, you must migrate your applications to the current microservices application model.

Also, before upgrading from CloudBees CD/RO v10.2 or earlier you must delete all legacy services and containers. This will prevent upgrade failure, a database consistency break or inability to run the validateDatabase API.

Legacy webhook triggers

As of v10.8, webhook triggers configured and scheduled before v10.1 have been deleted. Polling triggers configured and scheduled prior to v10.1 continue to work, but they are not available from the UI to review or run.

CloudBees CD/RO server installation binaries are signed for traditional installations so that you can verify their origin and authenticity. Verifying binaries is an optional step in the installation process that can help prevent a man-in-the-middle attack. For more information, refer to Verify installation binaries.

CloudBees CD/RO on Kubernetes

CloudBees CD/RO server and agent Helm chart values are publicly available and provide the CloudBees default installation values. The CloudBees CD/RO images.tag value associated with v2023.08.0 is:

2023.08.0.166738_3.2.51_20230727

CloudBees CD/RO Docker images and Helm charts are signed so that you can verify their origin and authenticity. Verifying Docker tags and Helm charts is an optional step in the installation process that can prevent a man-in-the-middle attack. For more information, refer to Verify Docker images and Verify Helm charts.

Updated Helm charts

Updated Helm charts are available for CloudBees CD/RO v2023.08.0.

Name Chart version App version Description

cloudbees/cloudbees-flow

2.26.0-rc.3

2023.08.0.166738

A Helm chart for CloudBees Flow

cloudbees/cloudbees-flow-agent

2.26.0-rc.3

2023.08.0.166738

A Helm chart for CloudBees Flow Agent

CloudBees CD/RO Universal Base Image (UBI)

The actual UBI associated with v2023.08.0 is 9.2-691.

Upgrading gateway agents

All gateway agents that meet the following criteria must be updated to CloudBees CD/RO v10.2+:

  • Your enterprise implements a multi-zone environment.

  • Agent versions are a combination of pre-v10.2 and v10.2+.

  • The access route to a v10.2+ agent is configured through a pre-v10.2 gateway agent.

Configuring autostart services for Linux installations

Linux installations that you perform as a non-root user or without sudo permissions cannot automatically start the CloudBees CD/RO server, web server, repository server, or agents. Instead, you must set up the service autostart after installation is complete. Refer to Configure autostart for non-root/non-sudo Linux installations to learn more.

Upgrading your CloudBees CD/RO environment
Before starting an upgrade, make sure to back up your existing CloudBees CD/RO data.
Upgradable versions

Upgrades to CloudBees CD/RO 10.x are supported only from ElectricCommander 5.0. For upgrade instructions, refer to the Upgrade on traditional platforms.

Updating the MySQL configuration before upgrading

Since release 8.0.1, CloudBees has instructed customers using a MySQL database to add the following two lines to their MySQL configuration:

init_connect='SET collation_connection = utf8_unicode_ci, NAMES utf8'
skip-character-set-client-handshake

Before upgrading CloudBees CD/RO, you must remove these lines or comment them out. Otherwise, jobs will not start.

Ensuring the correct default MySQL default collation

Make sure that the default collation for the MySQL database schema is set to utf8_unicode_ci or utf8_general_ci and that no table in the schema overrides this setting. The CloudBees CD/RO server checks this configuration on startup and logs errors in the server log if it is not set correctly.

If the collation is not configured correctly, entering non-ASCII text into CloudBees CD/RO can cause errors. For example, setting a release name to a non-ASCII value, and attempting a search, causes an exception.

If your MySQL database schema, or any tables within, are set to a non-UTF-8 collation order, refer to the Knowledge Base article KBEC-00385 - Converting a MySQL Database From Latin-1 to UTF-8 for detailed instructions about safely converting your schema to UTF-8. [NMB-26521, NMB-27459]

Upgrading agents that run the ec-groovy job step in multizone deployments

In multizone CloudBees CD/RO deployments, CloudBees CD/RO agents that are in a different zone than the CloudBees CD/RO server must be upgraded to version 9.0 or later for the ec-groovy job step to run successfully on those agents. You must also upgrade the gateway agents that lead back to the server’s zone, including those in any zones in between the agent’s zone and the server’s zone. [NMB-27490]

For details about multiple zones and gateway agents, refer to Zones and gateways.

Removing the SSL 2.0 Client Hello or SSLv2Hello protocol from your security configurations

CloudBees recommends removing the SSL 2.0 Client Hello or SSLv2Hello protocol from your security configurations for all components. [NMB-27934, NMB-29326]

  1. Upgrade agents to the latest operating system version for security reasons.

  2. If this warning appears on the Automation Platform UI:

    Note: We recommend removing `SSL 2.0 Client Hello` format from server configuration and upgrade older agents as indicated on the Cloud/Resources Page to avoid security risk.

    then enter the following command on the CloudBees CD/RO server:

    $ ecconfigure --serverTLSEnabledProtocol=TLSv1.2
Upgrading the CloudBees Analytics server

This section provides information about upgrading the CloudBees Analytics server.

Potential breaking change: Elasticsearch update

The Elasticsearch version shipped with CloudBees Analytics v10.2 has been updated from v6.6.2 to v7.10.2. As such, this update may create breaking changes in your custom reports. All changes related to the new version are described in Elasticsearch documentation.

Your customs reports may be affected due to changes for missing document values handling. The doc['field'].value now throws an exception if the document is missing a value for the field field. To check if a document is missing a value, you can use doc['field'].size() == 0.

  • It is not possible to upgrade CloudBees Analytics v9.0.1 and below to CloudBees Analytics v10.2.0 and above. The installer exits with an error and an appropriate message when such an update is attempted. If you need to upgrade CloudBees Analytics v9.0.1 and below, you must first upgrade to a version between 9.1.0 and 10.1.0, or 9.0.2 and above. After that, you can upgrade CloudBees Analytics to v10.3.0 or higher. [NMB-31030]

  • For previous CloudBees Analytics upgrades from v9.0.1 and below: CloudBees Analytics data may contain obsolete indexes that are incompatible with CloudBees Analytics v10.2.0 and above. To work correctly, it is necessary to re-index these indexes before an upgrade. The installer prompts you to do this before upgrading.

    • In console mode and UI mode, the installer displays the following prompt if outdated indexes are detected:

      One or more Elasticsearch indexes were created in an obsolete version of Elasticsearch. These indexes must be re-indexed for the upgrade to be successful. Do you want to start the reindexation? [n/Y]

      After an affirmative answer, the installer automatically reindexes and continues the upgrade.

    • In silent mode, the installer reindexes automatically.

  • Backing up and restoring custom settings

    The CloudBees Analytics installer overwrites the elasticsearch.yml configuration file with a new file. This file includes a Custom Settings section, which lets you add Elasticsearch settings not managed by the CloudBees Analytics server without being lost during an upgrade. The installer preserves the settings in the Custom Settings section. [NMB-25850]

  • Upgrading CloudBees Analytics clusters

    The principle of forming a cluster in CloudBees Analytics has changed in v10.2 due to the update of Elasticsearch v7.10.2. In this regard, an additional action is required to upgrade to CloudBees Analytics v10.2 or later:

    When updating the first master node, you must explicitly specify that it is the first node to be updated. If this action is not performed, any cluster that is being updated is placed out of service.

    All installers have been instrumented to accommodate this change. Refer to Upgrade the CloudBees Analytics server for more details. [BEE-2717]

  • CloudBees Analytics server configuration notes

    For a production environment, CloudBees recommends that you install the CloudBees Analytics server on a system separate from systems running other CloudBees CD/RO components (such as the CloudBees CD/RO server, web server, repository server, or agent). If you must install it on the same system (such as for testing or other non-production or trial basis situations), refer to CloudBees Analytics server with other components for details.

    If your CloudBees Analytics server is configured with multiple nodes in a Kubernetes environment, you must pre-generate your certificates. For more information, refer to Install CloudBees CD/RO within Kubernetes.
CloudBees CI operations center configurations

After upgrading to CloudBees CD/RO v10.7 from v10.0.x, you may need to rework your CloudBees CI operations center configurations.

  • In v10.0.x, CloudBees CI operations center URLs specified in configurations are silently appended at runtime with the /cjoc path component.

  • In v10.1, URLs are used as defined in configurations. The /cjoc component is not appended. To maintain pre-v10.1 runtime compatibility, the v10.1 upgrade process modifies CloudBees CI operations center URLs in existing configurations by hardcoding the /cjoc path component. You need to rework existing URLs in configurations where appending the /cjoc path component is inappropriate.

Configuration notes

Performing a full import

During a full import, the import operation might hang in the following scenarios. To import successfully into CloudBees CD/RO 8.0 and newer versions, perform the appropriate workarounds [CEV-15447, CEV-11873]:

  • A manual process step in a process has formal parameters. The workaround is to remove the entry related to the property sheet for the job step that is associated with the manual process step.

  • In the exported XML file from an earlier release, two pipelines are in different projects, and both pipelines have no gate tasks. The flow associated with the pipeline is duplicated under both projects. The workaround is to remove the flow element under the projects.

Limitations

When an application is cloned from one project (the original project) to another (the destination project), the tier maps for the application point to the environments with the same names in the destination project. To deploy the application to the environments in the original project, you must first create tier maps connecting the application to those environments.

Known issues

BEE-14581

The MeanLeadTime report does not work correctly when Elasticsearch has pipeline runs but no release runs.

BEE-14933

The UI does not allow the transfer of artifacts across zones.

BEE-17259

When a custom data retention policy schedule is set to run once, the data is not purged after archiving. To purge data after archiving, use a repeat schedule or the global data retention setting.

BEE-20536

When using Postgres with change tracking enabled, EcAuditStrategy errors may appear in the server log. This is a known issue, but is not expected to affect system performance.

BEE-27713

Events that originate from the default CloudBees CI create default configurations. URLs for these new controllers are not Jenkins configured URLs and cause 401 errors.

BEE-28886

You may experience SSO sign-in issues when using Kerberos due to a Microsoft known issue.

BEE-29494

When a process step that is not manual is modified to be manual after the process runs but before the associated job step evaluated, the step hangs and adds a java.lang.IllegalStateException: Unknown step type: manual exception to the log.

BEE-30080

flowRuntime response contains `hasCIJobs=1 if a release was started from CloudBees CD/RO and previous the release run was triggered within CloudBees CI.

BEE-35136

On Windows agents, Export DSL fails to export objects that end in spaces.

BEE-35271

When running getCIBuildLog for a CloudBees CI build, the build log cannot be accessed without restarting the build CloudBees CI controller. As a workaround, restart your CloudBees CI controller, and set up a number of executors, and getCIBuildLog can then be used to access the CloudBees CI build logs.

CDRO-257

When updating from v10.2 or earlier to v10.3 or later, your upgrade may fail and break database consistency if legacy services or containers exist in your system. Additionally, even if the upgrade completes successfully with legacy services or containers present, it may still be impossible to run the validateDatabase API.

As a workaround, before upgrading from v10.2 and earlier, delete all legacy services and containers, and then perform the upgrade. When upgrading a clustered deployment of CloudBees CD/RO, before running the installer to upgrade, delete the contents inside the broker-data directory, located at <DATA_DIR>/broker-data-<hostname>.

NMB-24734

SyncArtifactVersions procedure completes with success, rather than showing a warning, when manifest is missing and overwrite = false.

NMB-24949

When you use the Automation Platform UI to upload and publish artifact files with non-English characters in their file names, the operation fails with the following error: Upload file: Exit code 1: ERROR: Publish failure: Unexpected retrieval exception for repository error.

NMB-26021

Modifications of LDAP user data (such as email addresses) on an Active Directory server after registration in CloudBees CD/RO do not appear properly in user details (in the Automation Platform UI, the Deploy UI, or ectool) until the CloudBees CD/RO server is restarted.

NMB-26962

(Microsoft Windows platforms only) If the Elasticsearch cluster used by CloudBees Analytics is in the red state (meaning that it only partly functions and some data is unavailable), then upgrade, reconfigure, and uninstall operations will not work. Since the Elasticsearch service cannot be stopped when a cluster is in a red state, you must stop the Elasticsearch service process from the task manager before running the installer for these actions.

NMB-28135

The Microsoft Edge browser does not work with SAML 2.0 and is missing a self-signed certificate during redirection from the identity provider to the service provider. Edge is not recommended for sign-in via SAML 2.0.

NMB-29486

The LANG environment variable must be set to en.US.UTF-8; otherwise, the upgrade fails. Refer to KBEC-00452 - Error installing CloudBees CD/RO 10.0.x when Lang environment variable is different than en.US.UTF-8 for details.

CEV-12363

Error prompts for runtimes started by a schedule are not visible if the schedule was created with a missing configuration.

CEV-12429

The stage inclusion status in the Release Dashboard changes color after a stage is renamed.

CEV-15122

If an application process step cannot expand to its child steps (because of an invalid run condition or an invalid formal parameter), then the step is not retried even if it uses "retry on error" error handling. The job eventually completes with an error.

CEV-15829

The retry count for group tasks or rules using "automated retry on error" is missing from the Pipeline runtime page.

CEV-16245

Multiple mapped environments with the same name from different projects are not supported in email notifications.

CEV-16250

A project import might not include the path-to-production view.

CEV-18531

All subreleases of a release must appear before the release in the DSL for the release-to-subrelease link to be created.

CEV-19239 CEV-19259

The ability to search by assignee in a Deployment Report is not available in the CloudBees Analytics report editor.

CEV-21426

If Release Command Center was set up for JIRA for user stories and defects, and the JIRA project name was mapped to the release project name using the field mapping projectName:releaseProjectName, then before upgrading to 10.0, the field mapping must be updated to mention the actual release project name using the following field mapping format: "release-project-name-in-CloudBees CD/RO":releaseProjectName.

CEV-23624

Approval by email on manual tasks should not expect parameters.

CEV-25150

If you use the ectool export to export your system configuration from a previous release and then use ectool import to import the same configuration to a CloudBees CD/RO 10.0 server, some out-of-the-box content introduced in the releases since the version from which the full export was done, such as new or updated plugins, new catalog items, and persona-based menu items, may be missing in the CloudBees CD/RO server UI. It is recommended to use ectool export and ectool import only between servers at the same version.

CEV-26700

SSO does not work unless PHP configuration is changed due to a security-related request. Workaround: Change session.cookie_samesite to "Strict" in /opt/electriccloud/electriccommander/apache/conf/php.ini and restart the web server.

CEV-28704

CloudBees CD/RO v10.1 introduced new triggers and an updated UI for them. Pre-v10.1 triggers will continue to work but there is no UI to review or run them.

CEV-28779

Before using the export command to perform a full data export from the CloudBees CD/RO database, delete any legacy definitions and references to service objects from applications and releases.

N/A

You can revert changes only for high-level design objects such as applications procedures, procedure steps, workflow definitions, and state definitions.

Restarting the CloudBees CD/RO server while new records are created for all tracked objects might take at least as long as an export or import of all projects (10 to 40 minutes for a large project).

N/A

Enabling Recursively Traverse Group Hierarchy might impact system performance when the LDAP group hierarchy is traversed. The amount of impact varies with the configurations of the CloudBees CD/RO and LDAP servers, the depth of group hierarchy in the LDAP server and the network latency between the servers. Make sure that your directory provider can handle the additional load for supporting nested group hierarchy traversal.

N/A

System performance might decrease if you disable change tracking at the server level and then re-enable it. Change tracking is enabled by default. For details about using change tracking, refer to change tracking.