CloudBees CD/RO v2024.12.0

When running objects that contained echo statements, it was possible that internal information about the object could be exposed as part of the echo statement. This behavior has been updated to use static strings instead.

To address security vulnerabilities related to handling route patterns, the path-to-regexp libraries were upgraded from version 0.1.7 to 0.1.10 and from version 1.7.0 to 1.9.0.

jsPDF has been updated to address security vulnerabilities.

PHP was upgraded to v8.1.31 to address security concerns.

CloudBees CD/RO UI searches are now case-insensitive by default. For environments using a case-sensitive database, you can re-enable case-sensitive searches by navigating to Administration  Server settings  UI settings and changing Case-sensitive searches from Disabled to Enabled.

A new built-in analytics Pipeline Stats dashboard has been added to provide insights into your pipeline run statistics. To view the dashboard, select the Analytics from the top navigation, and then select Pipeline Stats from the dashboard list. Additionally, to review the documentation, refer to Pipeline Stats dashboard.

In Kubernetes environments, you can now manually create and remove build resources (agents) within resource pools using a procedure. Running this procedure allows you to create agent resources to meet high resource demand and minimize wait times for jobs to start, such as when running multiple releases.

The Service catalog UI has been refactored to enhance usability. Key improvements include:

By default, UI searches are now case-insensitive for all installations, including those that use case-sensitive databases, such as Oracle and PostgreSQL. For case-sensitive databases, a global setting is provided to control this behavior. To adjust this setting, navigate to Administration  Server setting  UI settings  Case sensitive, where Enabled is for case-sensitive searches, and Disabled is for case-insensitive searches.

CloudBees CD/RO has been tested with Kubernetes v1.30 for specified versions. For more information, refer to Supported platforms for CloudBees CD/RO on Kubernetes.

To improve the usability of searches, all CloudBees CD/RO pages can now use case-insensitive searches.

When you select the Portfolio basic or Portfolio list, the status of stages are now shown under the object. This improves usability by providing an overview of the release in a single view.

The tooltip that appears when you select the Search field on CloudBees CD/RO UI pages has been updated to reflect the ability to enable case-insensitive searches for applicable databases.

To enhance the auditability of completed releases, you are no longer allowed to modify the properties of a release once it is completed. This ensures the integrity of release data and provides a reliable record for auditing purposes.

For users, you can now use basic searches and advanced filtering to refine results.

Because CloudBees values making our products accessible to all users, the CloudBees CD/RO VPAT (Voluntary Product Accessibility Template) report has been reassessed, so we can continue to meet accessibility standards, ensure compliance with applicable regulations, and provide an inclusive experience for all users. For more information or to download the report refer to Accessibility.

In the Portfolio basic and Portfolio list views, releases triggered by a higher-level release now automatically receive the Sub-release label instead of the Release label. This update improves usability and clarity for nested release scenarios.

Sub-releases manually added in the Kanban view as part of the release definition are now shown in Portfolio lists and in Portfolio basic views. Additionally, the Add Attach Pipeline Run option has also been added to include pipeline information in Portfolio views and lists.

YAML DSL is now Generally Available (GA) for the evalDsl and generateDsl operations, allowing YAML files to be processed. However, the following limitations exist:

To improve the usability of stage summaries, the Summary link is now highlighted as an active link if it contains content, and greyed-out if the summary is empty. The Summary link is red if the stage contains errors.

To improve the behavior of nested release scenarios, parent releases can no longer be completed if they contain an active immediate sub-release.

When using the Analytics dashboard widget Total Release Duration - Automated vs Manual Tasks, all release time was calculated as Automated. This issue has been fixed, and the times are now totaled as expected.

When modifying the definition of a procedure step, and selecting the property picker icon then the step System Properties (Runtime) option, the path for the jobStepId was incorrect. This caused a Step error to be returned. This issue is now fixed, and the jobStepId is correctly referenced.

When running application deployments using Smart deploy, manual tasks were not being skipped as expected, which caused the deployment to be paused until they were approved. This issue has now been fixed, and after the first deployment of the application, manual tasks are skipped.

Fixed issue where the + (plus) was not correctly interpreted when used in the parameters of REST API calls.

When using the Analytics dashboard widget Total Release Duration - Automated vs Manual Tasks, all release time was calculated as Automated. This issue has been fixed, and the times are now totaled as expected.

An issue was reported that several APIs were missing mandatory parameters and examples in their descriptions in the documentation. Clarifications and examples were added to the following pages to help their usability:

Fixed an issue where the Environment Inventory returned non-existed artifact versions.

An issue was reported that when configuring CI jobs as tasks in pipelines that CloudBees CI Organization Folders were not appearing in the UI, and thus, jobs in the folders could not be selected. This issue has now been fixed, and now, CloudBees CI Organization Folders do appear in the CI jobs menu.

Fixed issue where pipeline runs that lasted more than one year would reset at 366 days back to 1 day.

In v2024.09.0, an issue was reported that evalDsl was not working as expected when invoked from procedure steps. This issue has now been fixed, and operates as expected.

The MeanLeadTime report does not work correctly when Elasticsearch only has pipeline runs but no release runs.

When a custom data retention policy schedule is set to run once, the data is not purged after archiving. To purge data after archiving, use a repeat schedule or the global data retention setting.

The CloudBees CD/RO UI does not allow you to transfer artifacts across zones.

When using PostgreSQL with change tracking enabled, EcAuditStrategy errors may appear in the server log. This is a known issue, but is not expected to have any effect on the performance of the system.

Events that originate from the default CloudBees CI create default configurations. URLs for these new controllers are not Jenkins configured URLs and cause 401 errors.

When a process step that is not manual is modified to be manual after the process runs, but before the associated job step evaluated, the step hangs and adds a java.lang.IllegalStateException: Unknown step type: manual exception to the log.

The flowRuntime response contains hasCIJobs=1 if a release was started from CloudBees CD/RO and the previous release run was triggered within CloudBees CI.

When running getCIBuildLog for a CloudBees CI build, the build log cannot be accessed without restarting the build CloudBees CI controller. As a workaround, restart your CloudBees CI controller, and set up a number of executors, and getCIBuildLog can then be used to access the CloudBees CI build logs.

On Windows agents, "Export DSL" catalog item fails to export objects that end in spaces.

In CloudBees CI job responses, actual parameters are returned that are not defined within the job. Additionally, saving and reloading the tasks doesn’t clear undefined actual parameters.

Currently, if a formal parameter depends on a dropdown menu to get project parameter dependencies for object-like parameters, such as projectName, you can select multiple options in dropdown menus. However, there is only an object name (or list of names in case of multi-select) in the parameter value with no connection to a project and without the ability to identify which object exists in which projects.

Before upgrading from CloudBees CD/RO v10.2 and earlier, if legacy services exist in your system, upgrades may fail and database consistency break. Additionally, even if the upgrade returns successfully, it may still be impossible to run the validateDatabase API.

Mapping for microservices is not deleted when the source microservice contains fewer mappings than the target microservice. This mismatch of microservices occurs when the following actions are performed.

You may experience SSO sign-in issues when using Kerberos due to a Microsoft known issue.

When updating from v10.2 or earlier to v10.3 or later, your upgrade may fail and break database consistency if legacy services or containers exist in your system. Additionally, even if the upgrade completes successfully with legacy services or containers present, it may still be impossible to run the validateDatabase API.

On DevOps essentials  Platform Home page  Administration  Analytics server, the message WARNING: 'getDevOpsInsightServerConfiguration' API is deprecated. is displayed, because Elasticsearch is no longer supported. Additionally, it is no longer possible to configure CloudBees Analytics from this page, because it is deprecated and will be removed in a future release.

If upgrading from v2023.06.0 or earlier to v2023.10.0 or later, if Administration  Server settings  UI settings  Instance header is Enabled, and has a null value for the UI header label, the navigation may not load after an upgrade.

In the Pipeline Stats dashboard, if your query returns a pipeline with only a few runs, the widget labels on the X-axis may overlap in some cases, which may cause them to be unreadable. This is issue is fixed once a greater number of results are returned.

SyncArtifactVersions procedure completes with success, rather than showing a warning, when manifest is missing and overwrite = false.

When you use the Automation Platform UI to upload and publish artifact files with non-English characters in their file names, the operation fails with the following error: Upload file: Exit code 1: ERROR: Publish failure: Unexpected retrieval exception for repository error.

Modifications of LDAP user data (such as email addresses) on an Active Directory server after registration in CloudBees CD/RO do not appear properly in user details (in the Automation Platform UI, the Deploy UI, or ectool) until the CloudBees CD/RO server is restarted.

(Microsoft Windows platforms only) If the Elasticsearch cluster used by CloudBees Analytics is in the red state (meaning that it only partly functions and some data is unavailable), then upgrade, reconfigure, and uninstall operations will not work. Since the Elasticsearch service cannot be stopped when a cluster is in a red state, you must stop the Elasticsearch service process from the task manager before running the installer for these actions.

The Microsoft Edge® browser does not work with SAML 2.0 and is missing a self-signed certificate during redirection from the identity provider to the service provider. Microsoft Edge® is not recommended for sign-in via SAML 2.0.

The LANG environment variable must be set to en.US.UTF-8; otherwise, the upgrade fails. Refer to KBEC-00452 - Error installing CloudBees CD/RO 10.0.x when Lang environment variable is different than en.US.UTF-8 for details.

Error prompts for runtimes started by a schedule are not visible if the schedule was created with a missing configuration.

The stage inclusion status in the Release Dashboard changes color after a stage is renamed.

If an application process step cannot expand to its child steps (because of an invalid run condition or an invalid formal parameter), then the step is not retried even if it uses retry on error error handling. The job eventually completes with an error.

The retry count for group tasks or rules using automated retry on error is missing from the Pipeline runtime page.

Multiple mapped environments with the same name from different projects are not supported in email notifications.

A project import might not include the path-to-production view.

All subreleases of a release must appear before the release in the DSL for the release-to-subrelease links to be created.

The ability to search by assignee in a Deployment Report is not available in the CloudBees Analytics report editor.

If Release Command Center was set up for Jira for user stories and defects, and the JIRA project name was mapped to the release project name using the field mapping projectName:releaseProjectName, then before upgrading to 10.0, the field mapping must be updated to mention the actual release project name using the following field mapping format: "release-project-name-in-CloudBees CD/RO":releaseProjectName.

Approval by email on manual tasks should not expect parameters.

If you use the ectool export to export your system configuration from a previous release, and then use ectool import to import the same configuration to a CloudBees CD/RO 10.0 server, some out-of-the-box content introduced in the releases since the version from which the full export was done, such as new or updated plugins, new catalog items, and persona-based menu items, may be missing in the CloudBees CD/RO server UI. It is recommended to use ectool export and ectool import only between servers at the same version.

SSO does not work unless PHP configuration is changed due to a security-related request. As a workaround, change session.cookie_samesite to "Strict" in /opt/electriccloud/electriccommander/apache/conf/php.ini and restart the web server.

CloudBees CD/RO v10.1 introduced new triggers and an updated UI for them. Pre-v10.1 triggers will continue to work but there is no UI to review or run them.

Before using the export command to perform a full data export from the CloudBees CD/RO database, delete any legacy definitions and references to service objects from applications and releases.

You can only revert changes for high-level design objects such as applications procedures, procedure steps, workflow definitions, and state definitions.

Enabling Recursively Traverse Group Hierarchy might impact system performance when the LDAP group hierarchy is traversed. The amount of impact varies with the configurations of the CloudBees CD/RO and LDAP servers, the depth of group hierarchy in the LDAP server, and the network latency between the servers. Ensure that your directory provider can handle the additional load for supporting nested group hierarchy traversal.

System performance might decrease if you disable change tracking at the server level and then re-enable it. Change tracking is enabled by default. For details about using change tracking, refer to change tracking.