CloudBees CD/RO v2026.03.0

The okio-jvm is upgraded from version 3.0.0 to 3.16.4 to address a security issue.

Jackson-core has been upgraded to version 2.21.1 in the following plugins to address a security vulnerability:

The EC-Helm plugin in CloudBees CD/RO now supports OCI Registry for Helm-based microservice deployments. This enhancement enables the deployment of Helm charts hosted in OCI-compliant registries such as JFrog Artifactory, Google Artifact Registry, and Docker Hub OCI registries using the EC-Helm plugin. OCI registries provide reliable and scalable Helm operations, especially in environments where non-OCI approaches may become inefficient or unstable.

Starting with release 2025.06.0, CloudBees CD/RO supports Oracle 26ai.

Added support for attaching credentials to release and pipeline tasks of type Command and Procedure.

The EC-Rest plugin configuration now includes the Check Connection Resource option to validate connectivity from specified resources.

Added support for Pipelines and releases to automatically inherit the resource pool assigned at the project level, eliminating the need to specify resources for every stage or task. Existing pipelines and releases that use the default resource pool will now use the resource pool associated with the parent project.

The dslsync CLI now has the All option to export all entities within an object in both Groovy and YAML formats. This export functionality is supported for all objects.

CloudBees CD/RO now allows you to configure automated retry for procedure steps when an error occurs, ensuring workflows do not hang due to transient failures. When configured, a failed procedure step can automatically retry after a specified interval for a predefined number of attempts. This feature is useful for handling temporary issues such as network interruptions or resource unavailability.

Starting with CloudBees CD/RO version 2026.03.0, the cloudbees-flow Helm chart introduces optional support for the Kubernetes Gateway API. With Ingress-NGINX officially reaching end-of-life (EOL) in March 2026, CloudBees will remove the bundled Ingress NGINX subchart from the cloudbees-flow chart starting from CloudBees CD/RO version 2026.06.0. CloudBees recommends that customers begin evaluating the Kubernetes Gateway API or any alternative ingress controller, and configuring the required controller-specific policies. Starting from this release, customers can already opt to manage their own ingress or Gateway API controller independently. If you are currently using the Ingress NGINX controller bundled with cloudbees-flow, check if Ingress NGINX is enabled and set to true in your Helm values. In CloudBees CD/RO version 2026.03.0, Ingress is the default option while the Gateway API is currently optional. For more information, refer to How to configure Gateway API.

Users under System administrator persona can now sign in and access CloudBees CD/RO during maintenance mode.

Added support in dslsync CLI for exporting system-level access controls in Groovy and YAML formats.

Added a new global server setting to enable the usage of unattached credentials for procedure steps. When enabled, the credential is referenced at the procedure level, eliminating the need to define the credential in steps.

Added support for stamping and exposing the lastRunTimestamp field in getRelease, getProcedure, getPipeline, getApplication, and findObjects.

Configuring Analytics on the legacy Analytics server UI results in an error message because the page is deprecated and Elasticsearch is no longer supported. To configure Analytics, navigate to Administration  Configuration > Analytics server.

Spelling mistake in the system property name defaultBackgroundPluginStatistcisSchedule was identified which caused configuration issues across environments. The spelling is now corrected ensuring proper updates across environments and databases.

Fixed an issue in the getGroups API that caused inconsistent group naming for active and inactive groups in direct API results and Groovy iteration.

Fixed a Null pointer exception error observed in DispatchApiOperation during CloudBees CD/RO server startup when an API request is sent to the CloudBees CD/RO server.

Fixed an issue to prevent administrators getting lockout during maintenance mode.

Fixed the following issue that was logged multiple times during high-concurrency scenarios, such as multiple pipelines, deployments, or related operations executing simultaneously within the same project. The fix ensures consistent reuse of the parentACL entity within the Hibernate session.

Fixed intermittent IllegalStateException errors during async response writes caused by stricter state enforcement in Jetty 12.

Fixed invalid cookie header warnings in DSLSync caused by Jetty 12’s RFC 1123 date format in Set-Cookie headers.

SyncArtifactVersions procedure completes with success, rather than showing a warning, when manifest is missing and overwrite = false.

When you use the Automation Platform UI to upload and publish artifact files with non-English characters in their file names, the operation fails with the following error: Upload file: Exit code 1: ERROR: Publish failure: Unexpected retrieval exception for repository error.

Modifications of LDAP user data (such as email addresses) on an Active Directory server after registration in CloudBees CD/RO do not appear properly in user details (in the Automation Platform UI, the Deploy UI, or ectool) until the CloudBees CD/RO server is restarted.

(Microsoft Windows platforms only) If the Elasticsearch cluster used by CloudBees Analytics is in the red state (meaning that it only partly functions and some data is unavailable), then upgrade, reconfigure, and uninstall operations will not work. Since the Elasticsearch service cannot be stopped when a cluster is in a red state, you must stop the Elasticsearch service process from the task manager before running the installer for these actions.

The Microsoft Edge® browser does not work with SAML 2.0 and is missing a self-signed certificate during redirection from the identity provider to the service provider. Microsoft Edge® is not recommended for sign-in via SAML 2.0.

The LANG environment variable must be set to en.US.UTF-8; otherwise, the upgrade fails. Refer to link:https://docs.cloudbees.com/d/kb-360046953992[KBEC-00452 - Error installing CloudBees CD/RO 10.0.x when the LANG environment variable is different than en.US.UTF-8 for details.

Error prompts for runtimes started by a schedule are not visible if the schedule was created with a missing configuration.

The stage inclusion status in the Release Dashboard changes color after a stage is renamed.

If an application process step cannot expand to its child steps (because of an invalid run condition or an invalid formal parameter), then the step is not retried even if it uses retry on error error handling. The job eventually completes with an error.

The retry count for group tasks or rules using automated retry on error is missing from the Pipeline runtime page.

Multiple mapped environments with the same name from different projects are not supported in email notifications.

A project import might not include the path-to-production view.

All subreleases of a release must appear before the release in the DSL for the release-to-subrelease links to be created.

The ability to search by assignee in a Deployment Report is not available in the CloudBees Analytics report editor.

If Release Command Center was set up for Jira for user stories and defects, and the JIRA project name was mapped to the release project name using the field mapping projectName:releaseProjectName, then before upgrading to 10.0, the field mapping must be updated to mention the actual release project name using the following field mapping format: "release-project-name-in-CloudBees CD/RO":releaseProjectName.

Approval by email on manual tasks should not expect parameters.

If you use the ectool export to export your system configuration from a previous release, and then use ectool import to import the same configuration to a CloudBees CD/RO 10.0 server, some out-of-the-box content introduced in the releases since the version from which the full export was done, such as new or updated plugins, new catalog items, and persona-based menu items, may be missing in the CloudBees CD/RO server UI. It is recommended to use ectool export and ectool import only between servers at the same version.

SSO does not work unless PHP configuration is changed due to a security-related request. As a workaround, change session.cookie_samesite to "Strict" in /opt/electriccloud/electriccommander/apache/conf/php.ini and restart the web server.

CloudBees CD/RO v10.1 introduced new triggers and an updated UI for them. Pre-v10.1 triggers will continue to work but there is no UI to review or run them.

Before using the export command to perform a full data export from the CloudBees CD/RO database, delete any legacy definitions and references to service objects from applications and releases.

You can only revert changes for high-level design objects such as applications procedures, procedure steps, workflow definitions, and state definitions.

Enabling Recursively Traverse Group Hierarchy might impact system performance when the LDAP group hierarchy is traversed. The amount of impact varies with the configurations of the CloudBees CD/RO and LDAP servers, the depth of group hierarchy in the LDAP server, and the network latency between the servers. Ensure that your directory provider can handle the additional load for supporting nested group hierarchy traversal.

System performance might decrease if you disable change tracking at the server level and then re-enable it. Change tracking is enabled by default. For details about using change tracking, refer to change tracking.