Continuous Delivery for PE release notes

Sections

These are the new features, enhancements, resolved issues, and deprecations for the Continuous Delivery for Puppet Enterprise (PE) 3.x release series.

To upgrade to the Continuous Delivery for PE 3.x series from a version in the 2.x series, see Upgrading to 3.x.

Version 3.2.1

Released 5 February 2020

Resolved in this version:
  • CVE-2020-7238. This Netty vulnerability has been resolved.

Version 3.2.0

Released 4 February 2020

New in this version:
  • Feature branch deployment policy support for modules managed as code. Deployments using the feature branch deployment policy can now be included in a module regex branch pipeline that is managed with a .cd4pe.yaml file.
  • Store custom deployment policies in /site. Continuous Delivery for PE now looks for custom deployment policies in the /site directory of your control repo as well as in the /module and /site-module directories.
  • Usability improvements. Version 3.2.0 introduces several improvements to the design and usability of the web UI, including:
    • When LDAP is enabled, the login screen asks for an LDAP username instead of an email address. This LDAP username maps to the User attribute setting from your LDAP configuration.
    • The YAML code validation tool shows an error message if your pipeline's YAML code includes an invalid regular expression.

Resolved in this version:

  • The deployment_policy_branch parameter is now correctly applied when it is included in a .cd4pe.yaml file.
  • Approval request emails are now delivered to members of the approval group.
  • An appropriate message is shown in the web UI when a deployment approval request is declined.

Version 3.1.1

Released 28 January 2020

Resolved in this version:
  • CVE-2019-16869. This Netty vulnerability has been resolved.

Version 3.1.0

Released 22 January 2020

New in this release:
  • Delete users. Super users and the root user can now permanently delete user accounts from your Continuous Delivery for PE installation. Perform this action with caution: deleting a user also deletes all artifacts created by that user in Continuous Delivery for PE, including workspaces, jobs, integrations, pipelines, control repos, and module repos. For more information, see Delete a user.
  • Impact analysis includes Hiera data referenced in root-level hiera.yaml files. Impact analysis reports now include changes to the Hiera data housed in locations referenced in the hiera.yaml file located at the root level of your control repo or module repo. If your control repo or module repo does not include a hiera.yaml file at the root level, Continuous Delivery for PE will fall back to analyzing Hiera changes in the /data and /hieradata directories.
  • Usability improvements. Version 3.1.0 introduces several improvements to the design and usability of the web UI, including:
    • Better handling of long pipeline names.
    • Clearer messaging when creating a regex branch pipeline.
    • Validation of the selected Docker image name when a new Docker-based job is created.
    • An improved experience and clearer error message if a deployment fails because the target environment node group contains no nodes.
Resolved in this release:
  • Impact analysis tasks can now be included in a module pipeline that is managed with a .cd4pe.yaml file.
  • If a code manager task fails during a deployment attempt, the deployment details page now shows a FAILED status for that event instead of a DONE status.
  • Newly created Docker-based jobs now use the correct default Docker image name.
  • A duplicate description field is no longer present when you configure a manual deployment for a module.
  • The associated control repo is automatically selected when you create an impact analysis stage in a module's pipeline.
  • A deployment to a protected environment no longer shows a PENDING status after the deployment is approved.
  • A Bolt error no longer occurs if a deployment using the temporary branch deployment policy is cancelled prior to the approval step.
  • When Continuous Delivery for PE fails to correctly parse a .cd4pe.yaml file, it logs the parsing error in the application logs and displays it in the web UI.
  • The status of Puppet runs is now correctly displayed on each deployment's details page.
Security notice:
  • CVE-2019-16869 is detectable in version 3.1.0. A security scanner may detect a Netty vulnerability with a 5.0 CVSS score in Continuous Delivery for PE. However, Continuous Delivery for PE does not exercise the vulnerable code path and so is not vulnerable.
Deprecated in this release:
  • Support for MySQL and DynamoDB external databases. As part of our effort to streamline the installation process and ensure Continuous Delivery for PE meets performance standards, support for MySQL and Amazon DynamoDB external databases is deprecated in version 3.1.0, and will be removed in a future release. Before support ends, we'll provide information about how to migrate your external database to a supported option.

Version 3.0.2

Released 19 December 2019

Resolved in this release:
  • Deployments failed for any module regex branch deploying to a PE instance using prefixed environments where the selected prefix was "No prefix."
    Note: If you created a deployment of this type while using Continuous Delivery for PE version 3.0.0 or 3.0.1, you must delete and recreate the deployment for it to work properly.
  • In control repo regex branch pipelines that were converted to management with code, deployments using the feature branch deployment policy failed validation.
  • Module deployments could not be canceled.
  • Control repo and module regex branch pipelines that are managed with code did not trigger correctly.
  • Environment prefixes were not added to target environment names in deployments using the feature branch deployment policy from control repos. As a result, these deployments were not completed correctly.
  • When a root or super user updated the Docker image used as global shared job hardware, the updated image was not used for jobs running on the shared job hardware.

Version 3.0.1

Released 16 December 2019

Resolved in this release:
  • If you attempted to manage a pipeline as code that included a deployment using the feature branch policy, a Parameter specified as non-null is null error occurred and the pipeline did not successfully transition to management with code.
  • Continuous Delivery for PE did not correctly default to looking for custom deployment policy files on the Production branch if a branch had not been set explicitly.

Version 3.0.0

Released 11 December 2019

New in this release:
  • Construct and manage your pipelines as code. You now have the option to use a .cd4pe.yaml file housed in your control repo or module repo to construct, update, and manage your pipelines. Managing pipelines with code creates a version-controlled record of pipeline changes over time. For more information, see Constructing pipelines from code.
  • View Hiera changes in impact analysis reports. When you update a YAML file in your Hiera data directory, impact analysis reports will now report what systems will be impacted and how their desired state will change. For the first version of this feature, Continuous Delivery for PE analyzes changes in /data and /hieradata directories in your control repo or module.
    Important: Hiera changes in impact analysis reports are only supported on PE 2019.2.0 and newer versions.
  • Usability improvements. Version 3.0.0 introduces several improvements to the design and usability of the web UI, including:
    • A redesigned deployment details view featuring a new sequential list of the events that make up a deployment, with details about each event.
    • An updated pipelines design with clearer controls and a refreshed color palette.
    • A new Manual actions selector used for initiating on-demand impact analysis reports, deployments, or pipeline runs.
  • Improved deployment approval messaging. The message sent to designated deployment approvers now contains more information about the proposed deployment, including the URL of the module or control repo, the name of the user who initiated the deployment, the name of the pipeline, and a list of the commits included in the deployment.
  • Fewer stacktrace exceptions included in log files. We've reduced the number of stacktrace exceptions that resulted from checking for dependencies and approvals. You'll no longer see long stacktrace errors for the following:
    com.puppet.pipelines.cdpe.cdpeTaskUtils.CDPETaskInterruptedException: Dependency check attempt maxtime exceeded.
    com.puppet.pipelines.cdpe.cdpeTaskUtils.CDPETaskInterruptedException: Approval check attempts maxiumum exceeded. Thread should yeild and try again.
Special beta feature in this release:
  • Custom deployment policies. We've learned from our users that the deployment policies built into Continuous Delivery for PE don't always align with the deployment work you need to do. In response, we're introducing the ability to compose your own set of steps for deploying Puppet code. For more information, see Creating custom deployment policies.
    CAUTION: Custom deployment policies are a beta feature. As such, they may not be fully documented or work as expected; please explore them at your own risk.
Resolved in this release:
  • The name of the default Docker container is now consistently shown in the Docker Image Name field on the job creation page if no other Docker image is defined.
Security notices:
  • CVE-2019-16869 is detectable in version 3.0.0. A security scanner may detect a Netty vulnerability with a 7.5 CVSS score in Continuous Delivery for PE. However, Continuous Delivery for PE does not exercise the vulnerable code path and so is not vulnerable.
  • Sonatype-2019-0115 is detectable in version 3.0.0. This vulnerability is detected by the Sonatype Nexus scanner. However, Continuous Delivery for PE does not use the library that triggers the vulnerability and so is not vulnerable.
Removed in this release:
  • Incremental branch and blue-green branch deployment policies. We've removed the incremental branch and blue-green branch deployment policies. If your pipeline included a deployment using one of these policies, the deployment has been removed from the pipeline. These policies were deprecated in Continuous Delivery for PE version 2.7.0.
  • Module deployment reports. We've removed this feature from version 3.x.
How helpful was this page?
Puppet sites use proprietary and third-party cookies. By using our sites, you agree to our cookie policy.