CloudBees CD/RO v2024.06.0

Apache Commons Compress updated to v1.26.0 to address multiple security vulnerabilities.

Java upgraded to v17.0.10 to address security vulnerabilities.

The following third-party libraries have been updated to address vulnerabilities:

Fixed issue that could have allowed cross-site scripting (XSS) to execute code within a user session and gain access to underlying resources.

You can now use the AzureCLI Dynamic Environment item in the Service catalog to dynamically provision and configure CloudBees CD/RO resources on Microsoft Azure®. For more information, refer to the AzureCLI Dynamic Environment item in the CloudBees CD/RO Service catalog.

The updated Portfolio list view now includes triggered sub-releases and pipelines, and attached pipeline run. This provides a comprehensive view of releases, pipelines, and their related objects.

To support offline environments, you can now configure a self-hosted PyPI repository in the CloudBees Analytics Helm chart. This enhancement allows you to pip install packages for custom backups and monitoring tools without exposing the CloudBees Analytics server directly to the web. For more information, refer to Configure locally hosted PyPI repositories.

A new report titled EnvironmentSeed is now available. This report retrieves data about seeded environment inventory items.

Users can now filter the release calendar view based on tags. Once a tag is added to a release, selecting that tag in the calendar view will filter and display only those releases associated with the selected tag.

Now the dependsOn parameter is optional when using the defaultValueDsl parameter in the formalParameter APIs.

The following third-party tools have been updated:

On the Resources list view, when a job is in progress, and a resource becomes unavailable, the UI now replaces the running icon with a timer and displays the reason why the resource is not active.

CloudBees CD/RO has been tested with Kubernetes v1.29 for specified versions. For more information, refer to Supported platforms for CloudBees CD/RO on Kubernetes.

When working in the DSL IDE editors, changes are automatically saved, and the user is prompted for confirmation before leaving the page to avoid accidentally losing changes.

ROSA and OpenShift v4.15 are now supported. For more information, refer to Supported platforms for CloudBees CD/RO on Kubernetes.

Added new PUT HTTP endpoints for /pipelineRuntimes and /flowRuntimes/{flowRuntimeId} to support complex API arguments, such as filters. This type of support is not available in existing GET endpoints. For this reason, only the new PUT endpoints will be available in Swagger.

Ubuntu version 24.04 is now supported.

Now you can configure properties at the group level for tasks and gate tasks within your pipelines and releases.

The tutorial, Create an environment and tier map is now available in CloudBees CD/RO. Learn to create an environment model and tier map, and then run a deployment.

You can now configure the resources allocated to the CloudBees CD/RO init job using jobInit.resources in CloudBees CD/RO Helm charts. For more information, refer to Configure init job resources.

 limits:
   cpu: 4
   memory: 6Gi
 requests:
   cpu: 2
   memory: 6Gi
▼

CloudBees CD/RO audit reports now provide detailed information for parent entities and triggered sub-actions.

The built-in CloudBees CD/RO dashboards are now clearly marked as read-only. To customize these dashboards, copy and modify them as needed. Additionally, you can now select and set up your preferred Command Center dashboard type for each release directly from the Release view.

The OpenID Connect configuration has been enhanced to verify supported ID token JWS algorithms. Comma-separated entries in the idTokenJwsAlgs parameter of the OpenID Connect configuration APIs, or in the CloudBees CD/RO SSO configurations > ID Token JWS algorithms field, are verified according to the following sequence:

The CloudBees CD/RO Groovy APIs now contain these APIs:

PostgreSQL 15 is now supported by CloudBees CD/RO.

The handling of inactive user sessions has been improved by adding three new Security settings and one UI setting.

You can now search and filter pipeline runs for a specific release. Additionally, you can apply a new expand the latest run by default option that displays an expanded view of the most recent pipeline run as a default setting.

Now the About window displays the correct UI version.

Now, when selecting a persona, all options are visible. Also, the correct API is used now for assigning personas to groups, ensuring accurate and efficient operations.

Missing evalDSL content can now be supplied from evalDsl API argument values.

The subject of CloudBees CD/RO email notifications no longer contains invalid language characters.

Fixed issue when attempting to remove and then reattach a credential associated with a procedure step in the same project via the right-side pane where the credential failed to reattach.

Previously, if a procedure name was duplicated or had a backend error (too long or already used in the same procedure), it would result in the erasure of the procedure step data.

Fixed an issue when configuring input parameters, and Plugin Credentials was selected, only the first 20 plugin items displayed in the Select plugin field drop-down. Now all appropriate plugin items display.

The generated DSL now contains the EmailNotifier for application process steps.

CloudBees CD/RO now clears the database settings in conf/database.properties file when changing to a new database type.

Group references to a deleted user are now being removed when using generateDsl.

Fixed issue of sysread failing in cb-perl by adding a utf8 flag after opening filehandle.

The revert API was modified to ensure child entities remain when reverting procedures via the change history feature.

Resolved the issue, when checking users in a group, the Users tab did not display all member usernames if there were more than 1000 users in the group.

Resolved an issue when creating a snapshot; users could enter any arbitrary string into the artifact version field without a warning if the version did not exist. Now, users can select an existing artifact version or type in a version. If the version does not exist, a warning appears.

SSO login no longer causes duplicate CloudBees CD/RO group creation.

A processDependency is no longer added to application microservices when importing DSL.

Solved issue preventing CAM users from uploading new installers after previously deleting the published installers.

The publicKey command parameter has been added to the CiConfiguguration API responses.

The CloudBees CD/RO state machine configuration was changed to no longer retry jobs that fail while creating nested job steps.

The Defer Expansion button is added under subprocedure settings. It addresses an issue where properties set as default values in input parameters were automatically expanded when accessed. This behavior led to the actual property values being displayed and saved instead of maintaining the placeholders. Now, you can decide whether a property should be expanded at runtime or kept as a placeholder in the GUI.

Resolved an issue when mapping more than 20 environments to an application. Previously, environments beyond the 20th showed an error stating mapping is not valid.

The MeanLeadTime report does not work correctly when Elasticsearch only has pipeline runs but no release runs.

The CloudBees CD/RO UI does not allow you to transfer artifacts across zones.

When a custom data retention policy schedule is set to run once, the data is not purged after archiving. To purge data after archiving, use a repeat schedule or the global data retention setting.

When using PostgreSQL with change tracking enabled, EcAuditStrategy errors may appear in the server log. This is a known issue, but is not expected to have any effect on the performance of the system.

Events that originate from the default CloudBees CI create default configurations. URLs for these new controllers are not Jenkins configured URLs and cause 401 errors.

You may experience SSO sign-in issues when using Kerberos due to a Microsoft known issue.

When a process step that is not manual is modified to be manual after the process runs, but before the associated job step evaluated, the step hangs and adds a java.lang.IllegalStateException: Unknown step type: manual exception to the log.

The flowRuntime response contains hasCIJobs=1 if a release was started from CloudBees CD/RO and the previous release run was triggered within CloudBees CI.

On Windows agents, "Export DSL" catalog item fails to export objects that end in spaces.

When running getCIBuildLog for a CloudBees CI build, the build log cannot be accessed without restarting the build CloudBees CI controller. As a workaround, restart your CloudBees CI controller, and set up a number of executors, and getCIBuildLog can then be used to access the CloudBees CI build logs.

Before upgrading from CloudBees CD/RO v10.2 and earlier, if legacy services exist in your system, upgrades may fail and database consistency break. Additionally, even if the upgrade returns successfully, it may still be impossible to run the validateDatabase API.

In CloudBees CI job responses, actual parameters are returned that are not defined within the job. Additionally, saving and reloading the tasks doesn’t clear undefined actual parameters.

Currently, if a formal parameter depends on a dropdown menu to get project parameter dependencies for object-like parameters, such as projectName, you can select multiple options in dropdown menus. However, there is only an object name (or list of names in case of multi-select) in the parameter value with no connection to a project and without the ability to identify which object exists in which projects.

Mapping for microservices is not deleted when the source microservice contains fewer mappings than the target microservice. This mismatch of microservices occurs when the following actions are performed.

Analytics reports that contain the @timestamp field cannot be exported using ectool in XML. As a workaround to export these reports, you can export them as JSON using:

ectool --format json runReport <projectName> <reportName>
▼

In v2024.06.0, on DevOps essentials  Platform Home page  Administration  Analytics server, the message WARNING: 'getDevOpsInsightServerConfiguration' API is deprecated. is displayed, because Elasticsearch is no longer supported. Additionally, it is no longer possible to configure CloudBees Analytics from this page, because it is deprecated and will be removed in a future release.

When updating from v10.2 or earlier to v10.3 or later, your upgrade may fail and break database consistency if legacy services or containers exist in your system. Additionally, even if the upgrade completes successfully with legacy services or containers present, it may still be impossible to run the validateDatabase API.

SyncArtifactVersions procedure completes with success, rather than showing a warning, when manifest is missing and overwrite = false.

When you use the Automation Platform UI to upload and publish artifact files with non-English characters in their file names, the operation fails with the following error: Upload file: Exit code 1: ERROR: Publish failure: Unexpected retrieval exception for repository error.

Modifications of LDAP user data (such as email addresses) on an Active Directory server after registration in CloudBees CD/RO do not appear properly in user details (in the Automation Platform UI, the Deploy UI, or ectool) until the CloudBees CD/RO server is restarted.

(Microsoft Windows platforms only) If the Elasticsearch cluster used by CloudBees Analytics is in the red state (meaning that it only partly functions and some data is unavailable), then upgrade, reconfigure, and uninstall operations will not work. Since the Elasticsearch service cannot be stopped when a cluster is in a red state, you must stop the Elasticsearch service process from the task manager before running the installer for these actions.

The Microsoft Edge® browser does not work with SAML 2.0 and is missing a self-signed certificate during redirection from the identity provider to the service provider. Microsoft Edge® is not recommended for sign-in via SAML 2.0.

The LANG environment variable must be set to en.US.UTF-8; otherwise, the upgrade fails. Refer to KBEC-00452 - Error installing CloudBees CD/RO 10.0.x when Lang environment variable is different than en.US.UTF-8 for details.

Error prompts for runtimes started by a schedule are not visible if the schedule was created with a missing configuration.

The stage inclusion status in the Release Dashboard changes color after a stage is renamed.

If an application process step cannot expand to its child steps (because of an invalid run condition or an invalid formal parameter), then the step is not retried even if it uses retry on error error handling. The job eventually completes with an error.

The retry count for group tasks or rules using automated retry on error is missing from the Pipeline runtime page.

Multiple mapped environments with the same name from different projects are not supported in email notifications.

A project import might not include the path-to-production view.

All subreleases of a release must appear before the release in the DSL for the release-to-subrelease links to be created.

The ability to search by assignee in a Deployment Report is not available in the CloudBees Analytics report editor.

If Release Command Center was set up for Jira for user stories and defects, and the JIRA project name was mapped to the release project name using the field mapping projectName:releaseProjectName, then before upgrading to 10.0, the field mapping must be updated to mention the actual release project name using the following field mapping format: "release-project-name-in-CloudBees CD/RO":releaseProjectName.

Approval by email on manual tasks should not expect parameters.

If you use the ectool export to export your system configuration from a previous release, and then use ectool import to import the same configuration to a CloudBees CD/RO 10.0 server, some out-of-the-box content introduced in the releases since the version from which the full export was done, such as new or updated plugins, new catalog items, and persona-based menu items, may be missing in the CloudBees CD/RO server UI. It is recommended to use ectool export and ectool import only between servers at the same version.

SSO does not work unless PHP configuration is changed due to a security-related request. As a workaround, change session.cookie_samesite to "Strict" in /opt/electriccloud/electriccommander/apache/conf/php.ini and restart the web server.

CloudBees CD/RO v10.1 introduced new triggers and an updated UI for them. Pre-v10.1 triggers will continue to work but there is no UI to review or run them.

Before using the export command to perform a full data export from the CloudBees CD/RO database, delete any legacy definitions and references to service objects from applications and releases.

You can only revert changes for high-level design objects such as applications procedures, procedure steps, workflow definitions, and state definitions.

Enabling Recursively Traverse Group Hierarchy might impact system performance when the LDAP group hierarchy is traversed. The amount of impact varies with the configurations of the CloudBees CD/RO and LDAP servers, the depth of group hierarchy in the LDAP server, and the network latency between the servers. Ensure that your directory provider can handle the additional load for supporting nested group hierarchy traversal.

System performance might decrease if you disable change tracking at the server level and then re-enable it. Change tracking is enabled by default. For details about using change tracking, refer to change tracking.