CloudBees CD/RO v2024.06.0 updates CloudBees Analytics from using Elasticsearch to OpenSearch. For more information, refer to Upgrade notes. This is considered a breaking change for CloudBees Analytics. When upgrading to v2024.06.0, you must migrate your CloudBees Analytics data from Elasticsearch to OpenSearch. Additionally, it is critical before upgrading to CloudBees CD/RO and CloudBees Analytics to v2024.06.0, you back up your analytics data. Failure to do so may result in permanent data loss in the event of failed migration processes. For more information, refer to: |
CloudBees is pleased to announce the newest CloudBees CD/RO long-term support (LTS) release. You can find specific information about this release in the following sections:
Security fixes
The following security fixes and improvements have been made as part of this release:
- Apache Commons Compress version updated
-
Apache Commons Compress updated to v1.26.0 to address multiple security vulnerabilities.
- Upgraded Java version to address security vulnerabilities
-
Java upgraded to v17.0.10 to address security vulnerabilities.
- Updated third-party libraries to address vulnerabilities
-
The following third-party libraries have been updated to address vulnerabilities:
-
httpd has been updated to v2.4.59.
-
PHP has been updated to v8.1.28.
-
- Fixed issue that could have allowed cross-site scripting
-
Fixed issue that could have allowed cross-site scripting (XSS) to execute code within a user session and gain access to underlying resources.
New features
The following new features are introduced as part of this release:
- New Azure Dynamic Environment item in Service catalog
-
You can now use the AzureCLI Dynamic Environment item in the Service catalog to dynamically provision and configure CloudBees CD/RO resources on Microsoft Azure®. For more information, refer to the AzureCLI Dynamic Environment item in the CloudBees CD/RO Service catalog.
Feature enhancements
The following feature enhancements have been made as part of this release:
- Enhanced visualization of release and pipeline-related objects
-
The updated Portfolio list view now includes triggered sub-releases and pipelines, and attached pipeline run. This provides a comprehensive view of releases, pipelines, and their related objects.
- Configure self-hosted PyPI for custom CloudBees Analytics backup jobs in Helm charts
-
To support offline environments, you can now configure a self-hosted PyPI repository in the CloudBees Analytics Helm chart. This enhancement allows you to
pip install
packages for custom backups and monitoring tools without exposing the CloudBees Analytics server directly to the web. For more information, refer to Configure locally hosted PyPI repositories.
- New report which displays inventory history
-
A new report titled
EnvironmentSeed
is now available. This report retrieves data about seeded environment inventory items.
- Now you can filter the release calendar view using tags
-
Users can now filter the release calendar view based on tags. Once a tag is added to a release, selecting that tag in the calendar view will filter and display only those releases associated with the selected tag.
- The
formalParameter
APIs have been enhanced to no longer require thedependsOn
parameter when using thedefaultValueDsl
parameter -
Now the
dependsOn
parameter is optional when using thedefaultValueDsl
parameter in theformalParameter
APIs.
- Third-party tool updates for CloudBees CD/RO agents
-
The following third-party tools have been updated:
-
helm
v3.14.0 to v3.15.0 -
kubectl
v1.29.1 to v1.30.1 -
kubectl-argo-rollouts
v1.6.5 to v1.7.0-rc1
-
- Resource list view now displays the reasons for inactive resources
-
On the Resources list view, when a job is in progress, and a resource becomes unavailable, the UI now replaces the running icon with a timer and displays the reason why the resource is not active.
- CloudBees CD/RO support for Kubernetes v1.29
-
CloudBees CD/RO has been tested with Kubernetes v1.29 for specified versions. For more information, refer to Supported platforms for CloudBees CD/RO on Kubernetes.
- DSL IDE editors enhancements to avoid loss of user changes
-
When working in the DSL IDE editors, changes are automatically saved, and the user is prompted for confirmation before leaving the page to avoid accidentally losing changes.
- Support for ROSA and OpenShift v4.15
-
ROSA and OpenShift v4.15 are now supported. For more information, refer to Supported platforms for CloudBees CD/RO on Kubernetes.
- New PUT HTTP endpoints added to support complex API arguments
-
Added new PUT HTTP endpoints for
/pipelineRuntimes
and/flowRuntimes/{flowRuntimeId}
to support complex API arguments, such as filters. This type of support is not available in existing GET endpoints. For this reason, only the new PUT endpoints will be available in Swagger.
- CloudBees CD/RO now supports Ubuntu version 24.04
-
Ubuntu version 24.04 is now supported.
- Properties available on grouped tasks and gated group tasks
-
Now you can configure properties at the group level for tasks and gate tasks within your pipelines and releases.
- Create an environment and tier map tutorial is now available
-
The tutorial, Create an environment and tier map is now available in CloudBees CD/RO. Learn to create an environment model and tier map, and then run a deployment.
- Configure custom
init job
resources in CloudBees CD/RO Helm charts -
You can now configure the resources allocated to the CloudBees CD/RO
init job
usingjobInit.resources
in CloudBees CD/RO Helm charts. For more information, refer to Configure init job resources.By default, the
init job
resources are set to:limits: cpu: 4 memory: 6Gi requests: cpu: 2 memory: 6Gi
For some environments, these settings may not be sufficient, and result in the
init job
failing. If this occurs, increase the default settings for your environment, and run the installation or upgrade again.
- Audit report now includes sub-releases information
-
CloudBees CD/RO audit reports now provide detailed information for parent entities and triggered sub-actions.
- Improved user experience for the built-in dashboards
-
The built-in CloudBees CD/RO dashboards are now clearly marked as read-only. To customize these dashboards, copy and modify them as needed. Additionally, you can now select and set up your preferred Command Center dashboard type for each release directly from the Release view.
- OpenID Connect configuration has been enhanced verify supported ID token JWS algorithms
-
The OpenID Connect configuration has been enhanced to verify supported ID token JWS algorithms. Comma-separated entries in the
idTokenJwsAlgs
parameter of the OpenID Connect configuration APIs, or in the CloudBees CD/RO SSO configurations > ID Token JWS algorithms field, are verified according to the following sequence:-
If the JWT token contains the name of an algorithm, that algorithm is used for token validation.
-
If the JWT token does not contain the name of an algorithm, the application checks for values in the ID Token JWS algorithms field of the OpenID Connect configuration.
-
If ID Token JWS algorithms field is empty, an error is displayed.
-
If ID Token JWS algorithms field contains algorithm values, the application validates the JWT token authenticity using the algorithms specified.
-
-
The verification process ends when an algorithm passes validation. All algorithms appearing in the list after the passing algorithm will not be checked.
For details, refer to:
-
- Two new Groovy APIs added for
waitForCompletion
-
The CloudBees CD/RO Groovy APIs now contain these APIs:
-
waitForFlowRuntimeCompletion
: This call waits for flow runtime to have a status ofcompleted
or exceed the defaulttimeout
setting, which is 60 seconds. -
waitForJobCompletion
: This call waits for a specified job to have a status ofcompleted
or exceed the defaulttimeout
setting, which is 60 seconds.
-
- CloudBees CD/RO now supports PostgreSQL 15
-
PostgreSQL 15 is now supported by CloudBees CD/RO.
- CloudBees CD/RO handling of idle user sessions timeout has been enhanced by adding four new server settings.
-
The handling of inactive user sessions has been improved by adding three new Security settings and one UI setting.
-
UI setting: Auto refresh pause time: The
autoRefreshPauseTime
setting is the time after which auto-refresh pauses if there is no user activity. By default, this feature is disabled (set to 0). Enabling this feature requires setting a value greater than 0, which represents the pause duration in minutes. -
Security settings:
-
Enable idle session timeout: When set to true, the
enableSessionIdleTimeout
setting enables the idle session timeout feature. The default value is false. -
Idle session timeout: The
sessionIdleTimeout
setting specifies the number of minutes of inactivity before terminating the session. The default value is 60 minutes. -
Idle session timeout flush interval: The
sessionIdleTimeoutFlushInterval
is the interval with which the server flushes the session cache to the database to update the last activity time of the session. The default value is60 seconds.
-
-
- Enhanced filtering and list view of pipeline runs
-
You can now search and filter pipeline runs for a specific release. Additionally, you can apply a new expand the latest run by default option that displays an expanded view of the most recent pipeline run as a default setting.
Resolved issues
The following issues have been resolved as part of this release:
- The About window displays the correct UI version
-
Now the About window displays the correct UI version.
- All available personas are visible and in the correct group assignment
-
Now, when selecting a persona, all options are visible. Also, the correct API is used now for assigning personas to groups, ensuring accurate and efficient operations.
- The evalDsl now uses evalDsl API argument values for missing DSL content
-
Missing evalDSL content can now be supplied from evalDsl API argument values.
- Fixed issue causing the subject of email notifications to display invalid language characters
-
The subject of CloudBees CD/RO email notifications no longer contains invalid language characters.
- Resolved credential reattachment issue in procedure step
-
Fixed issue when attempting to remove and then reattach a credential associated with a procedure step in the same project via the right-side pane where the credential failed to reattach.
- Fixed procedure step data deletion issue
-
Previously, if a procedure name was duplicated or had a backend error (too long or already used in the same procedure), it would result in the erasure of the procedure step data.
- List of plugin items was limited to 20
-
Fixed an issue when configuring input parameters, and Plugin Credentials was selected, only the first 20 plugin items displayed in the
Select plugin
field drop-down. Now all appropriate plugin items display.
- The
EmailNotifier
for application process steps is missing in the generated DSL. -
The generated DSL now contains the
EmailNotifier
for application process steps.
- Fixed issue of the database settings being unchanged after switching to a new database type
-
CloudBees CD/RO now clears the database settings in
conf/database.properties
file when changing to a new database type.
- Fixed issue causing
generateDsl
to not remove references to deleted users from associated groups -
Group references to a deleted user are now being removed when using
generateDsl
.
- The
sysread
function now works as expected withcb-perl
-
Fixed issue of
sysread
failing incb-perl
by adding a utf8 flag after openingfilehandle
.
- Solved issue causing credential removal when reverting a procedure using the change history feature
-
The
revert
API was modified to ensure child entities remain when reverting procedures via the change history feature.
- Users tab failed to display all group members
-
Resolved the issue, when checking users in a group, the Users tab did not display all member usernames if there were more than 1000 users in the group.
- Artifact version validation during snapshot creation
-
Resolved an issue when creating a snapshot; users could enter any arbitrary string into the artifact version field without a warning if the version did not exist. Now, users can select an existing artifact version or type in a version. If the version does not exist, a warning appears.
- Fixed issue of SSO login creating duplicate groups in CloudBees CD/RO
-
SSO login no longer causes duplicate CloudBees CD/RO group creation.
- Fixed issue causing DSL import to add a
processDependency
to application microservices -
A
processDependency
is no longer added to application microservices when importing DSL.
- After deleting publish installers, CAM users cannot upload new installers
-
Solved issue preventing CAM users from uploading new installers after previously deleting the published installers.
- The
CiConfiguguration
API responses are missing thepublicKey
command parameter -
The
publicKey
command parameter has been added to theCiConfiguguration
API responses.
- Fixed issues caused by job creation failing while adding nested job entities
-
The CloudBees CD/RO state machine configuration was changed to no longer retry jobs that fail while creating nested job steps.
- Control over viewing default input parameter values
-
The Defer Expansion button is added under subprocedure settings. It addresses an issue where properties set as default values in input parameters were automatically expanded when accessed. This behavior led to the actual property values being displayed and saved instead of maintaining the placeholders. Now, you can decide whether a property should be expanded at runtime or kept as a placeholder in the GUI.
- Resolved environment mapping in UI after 20th entry
-
Resolved an issue when mapping more than 20 environments to an application. Previously, environments beyond the 20th showed an error stating
mapping is not valid
.
Known issues
The following issues are included as known issues in this release:
MeanLeadTime
report does not work correctly without release runs-
The
MeanLeadTime
report does not work correctly when Elasticsearch only has pipeline runs but no release runs.
- Artifacts can’t be transferred across zones using UI
-
The CloudBees CD/RO UI does not allow you to transfer artifacts across zones.
- Data from a custom data retention policy schedule is not purged for single runs
-
When a custom data retention policy schedule is set to run once, the data is not purged after archiving. To purge data after archiving, use a repeat schedule or the global data retention setting.
- Using PostgreSQL change tracking may generate errors
-
When using PostgreSQL with change tracking enabled,
EcAuditStrategy
errors may appear in the server log. This is a known issue, but is not expected to have any effect on the performance of the system.
- Events generated from CloudBees CI create URLs that cause 401 errors
-
Events that originate from the default CloudBees CI create default configurations. URLs for these new controllers are not Jenkins configured URLs and cause 401 errors.
- Kerberos SSO sign-in issues
-
You may experience SSO sign-in issues when using Kerberos due to a Microsoft known issue.
- Process steps modified during runs to be manual will hang
-
When a process step that is not manual is modified to be manual after the process runs, but before the associated job step evaluated, the step hangs and adds a
java.lang.IllegalStateException: Unknown step type: manual exception
to the log.
flowRuntime
reports existing CloudBees CI job when switching platforms-
The
flowRuntime
response containshasCIJobs=1
if a release was started from CloudBees CD/RO and the previous release run was triggered within CloudBees CI.
- Catalog item objects cannot end in spaces on Windows agents
-
On Windows agents, "Export DSL" catalog item fails to export objects that end in spaces.
- CloudBees CI build logs are not accessible using
getCIBuildLog
without controller restart -
When running
getCIBuildLog
for a CloudBees CI build, the build log cannot be accessed without restarting the build CloudBees CI controller. As a workaround, restart your CloudBees CI controller, and set up a number of executors, andgetCIBuildLog
can then be used to access the CloudBees CI build logs.
- v10.2 and earlier legacy services may cause failed upgrades and break database consistency
-
Before upgrading from CloudBees CD/RO v10.2 and earlier, if legacy services exist in your system, upgrades may fail and database consistency break. Additionally, even if the upgrade returns successfully, it may still be impossible to run the
validateDatabase
API.As a workaround, before upgrading from v10.2 and earlier, delete all legacy services and containers, and then perform the upgrade.
- Undefined parameters returned in CloudBees CI job response
-
In CloudBees CI job responses, actual parameters are returned that are not defined within the job. Additionally, saving and reloading the tasks doesn’t clear undefined actual parameters.
- Multi-select menu options don’t define specific projects of project objects
-
Currently, if a formal parameter depends on a dropdown menu to get project parameter dependencies for object-like parameters, such as
projectName
, you can select multiple options in dropdown menus. However, there is only an object name (or list of names in case of multi-select) in the parameter value with no connection to a project and without the ability to identify which object exists in which projects.CloudBees does not recommend using multi-select options for parameters used as project parameter dependency for object-like parameters when configuring formal parameters. This applies for the following formal parameter types:
-
Application
-
Procedure
-
Pipeline
-
Release
-
Environment
-
dslsync apply
does not delete microservice mapping when source microservice has fewer mappings than target-
Mapping for microservices is not deleted when the source microservice contains fewer mappings than the target microservice. This mismatch of microservices occurs when the following actions are performed.
On the DEV server:
-
A microservice with 1 mapping is modified.
-
dslsync apply
is used promote DEV changes to:-
DEV Git and CD/RO instances.
-
PROD Git and CD/RO instances.
Expected/Actual Result: Both DEV and PROD data is synchronized = miroservice with 1 mapping
-
-
The microservice is renamed.
-
dslsync apply
is used to promote changes to DEV Git and CD/RO instances.Expected/Actual Result: DEV and PROD data is NOT synchronized.
-
DEV = Renamed microservice with 1 mapping.
-
PROD = miroservice with the old name and 1 mapping .
-
On the PROD server.
-
Mapping is added to the microservice with the old name.
dslsync apply
is used to promote changes to PROD Git and CD/RO instances.Expected/Actual Result: DEV and PROD data is NOT synchronized.
-
DEV = Renamed microservice with 1 mapping.
-
PROD = miroservice with the old name and 2 mappings.
-
-
dslsync apply
is used to promote DEV changes to PROD Git and CD/RO instances.-
Expected Result: Both DEV and PROD data is synchronized = Renamed microservice with 1 mapping
-
Actual Result: Dev and PROD data is NOT synchronized. DEV = Renamed microservice with 1 mapping. PROD = Renamed microservice and 2 mappings.
-
- Analytics reports that contain
@timestamp
cannot be exported to XML -
Analytics reports that contain the
@timestamp
field cannot be exported usingectool
in XML. As a workaround to export these reports, you can export them as JSON using:ectool --format json runReport <projectName> <reportName>
- CloudBees Analytics server cannot be configured in legacy UI
-
In v2024.06.0, on
, the messageWARNING: 'getDevOpsInsightServerConfiguration' API is deprecated.
is displayed, because Elasticsearch is no longer supported. Additionally, it is no longer possible to configure CloudBees Analytics from this page, because it is deprecated and will be removed in a future release.To configure your CloudBees Analytics server, navigate to
.
- v10.2 and earlier legacy services may cause failed upgrades and break database consistency
-
When updating from v10.2 or earlier to v10.3 or later, your upgrade may fail and break database consistency if legacy services or containers exist in your system. Additionally, even if the upgrade completes successfully with legacy services or containers present, it may still be impossible to run the
validateDatabase
API.As a workaround, before upgrading from v10.2 and earlier, delete all legacy services and containers, and then perform the upgrade. When upgrading a clustered deployment of CloudBees CD/RO, before running the installer to upgrade, delete the contents inside the
broker-data
directory, located at<DATA_DIR>/broker-data-<hostname>
.
SyncArtifactVersions
procedure completes with success when it should fail-
SyncArtifactVersions
procedure completes with success, rather than showing a warning, when manifest is missing andoverwrite = false
.
- Automation Platform UI requires artifacts to use English characters in their file names
-
When you use the Automation Platform UI to upload and publish artifact files with non-English characters in their file names, the operation fails with the following error:
Upload file: Exit code 1: ERROR: Publish failure: Unexpected retrieval exception for repository error
.
- Must restart server to apply LDAP changes
-
Modifications of LDAP user data (such as email addresses) on an Active Directory server after registration in CloudBees CD/RO do not appear properly in user details (in the Automation Platform UI, the Deploy UI, or
ectool
) until the CloudBees CD/RO server is restarted.
- Not all Elasticsearch operations can be performed in a red state
-
(Microsoft Windows platforms only) If the Elasticsearch cluster used by CloudBees Analytics is in the red state (meaning that it only partly functions and some data is unavailable), then upgrade, reconfigure, and uninstall operations will not work. Since the Elasticsearch service cannot be stopped when a cluster is in a red state, you must stop the Elasticsearch service process from the task manager before running the installer for these actions.
- Microsoft Edge® doesn’t support SAML 2.0
-
The Microsoft Edge® browser does not work with SAML 2.0 and is missing a self-signed certificate during redirection from the identity provider to the service provider. Microsoft Edge® is not recommended for sign-in via SAML 2.0.
- LANG environment variable must be set to
en.US.UTF-8
-
The LANG environment variable must be set to
en.US.UTF-8
; otherwise, the upgrade fails. Refer to KBEC-00452 - Error installing CloudBees CD/RO 10.0.x when Lang environment variable is different than en.US.UTF-8 for details.
- Schedules missing configuration do display runtime error prompts
-
Error prompts for runtimes started by a schedule are not visible if the schedule was created with a missing configuration.
- Changing name in Release Dashboard changes stage status color
-
The stage inclusion status in the Release Dashboard changes color after a stage is renamed.
- Steps that cannot access their child steps are not retried
-
If an application process step cannot expand to its child steps (because of an invalid run condition or an invalid formal parameter), then the step is not retried even if it uses
retry on error
error handling. The job eventually completes with an error.
- Retry count missing from pipeline runtime page
-
The retry count for group tasks or rules using
automated retry on error
is missing from the Pipeline runtime page.
- Email notifications are not supported for complex environment mapping
-
Multiple mapped environments with the same name from different projects are not supported in email notifications.
- Path-to-production view missing from imported project
-
A project import might not include the path-to-production view.
- All subreleases must be present to link to a release
-
All subreleases of a release must appear before the release in the DSL for the release-to-subrelease links to be created.
- CloudBees Analytics report editor doesn’t include search by assignee
-
The ability to search by assignee in a Deployment Report is not available in the CloudBees Analytics report editor.
- Additional Release Command Center configurations for Jira
-
If Release Command Center was set up for Jira for user stories and defects, and the JIRA project name was mapped to the release project name using the field mapping
projectName:releaseProjectName
, then before upgrading to 10.0, the field mapping must be updated to mention the actual release project name using the following field mapping format:"release-project-name-in-CloudBees CD/RO":releaseProjectName
.
- Approval by email on manual tasks
-
Approval by email on manual tasks should not expect parameters.
ectool export
andectool import
should only be used between same server versions-
If you use the
ectool export
to export your system configuration from a previous release, and then useectool import
to import the same configuration to a CloudBees CD/RO 10.0 server, some out-of-the-box content introduced in the releases since the version from which the full export was done, such as new or updated plugins, new catalog items, and persona-based menu items, may be missing in the CloudBees CD/RO server UI. It is recommended to useectool export
andectool import
only between servers at the same version.
- SSO requires additional PHP configuration
-
SSO does not work unless PHP configuration is changed due to a security-related request. As a workaround, change
session.cookie_samesite
to"Strict"
in/opt/electriccloud/electriccommander/apache/conf/php.ini
and restart the web server.
- No UI to run or review pre-v10.1 triggers
-
CloudBees CD/RO v10.1 introduced new triggers and an updated UI for them. Pre-v10.1 triggers will continue to work but there is no UI to review or run them.
- Legacy definitions and references cause unexpected behavior for full data exports
-
Before using the export command to perform a full data export from the CloudBees CD/RO database, delete any legacy definitions and references to
service
objects from applications and releases.
- Reverting changes is not possible for all objects
-
You can only revert changes for high-level design objects such as applications procedures, procedure steps, workflow definitions, and state definitions.
Restarting the CloudBees CD/RO server while new records are created for all tracked objects might take at least as long as an export or import of all projects (10 to 40 minutes for a large project).
- Recursively traversing nested group hierarchies may cause performance issues
-
Enabling Recursively Traverse Group Hierarchy might impact system performance when the LDAP group hierarchy is traversed. The amount of impact varies with the configurations of the CloudBees CD/RO and LDAP servers, the depth of group hierarchy in the LDAP server, and the network latency between the servers. Ensure that your directory provider can handle the additional load for supporting nested group hierarchy traversal.
- Disabling and re-enabling change tracking may cause performance issues
-
System performance might decrease if you disable change tracking at the server level and then re-enable it. Change tracking is enabled by default. For details about using change tracking, refer to change tracking.