Continuous Delivery for PE release notes
These are the new features, enhancements, resolved issues, and deprecations for the Continuous Delivery for Puppet Enterprise (PE) 4.x release series.
Version 4.33.0
Released 30 October 2024.
-
Added ability to edit a repo. Added an edit button to the control
repo and module list allowing you to update the owner, displayowner, or
provider for that repo. An associated PATCH method was added to the
ControlRepoV1
andModuleV1
API endpoints to accomplish the same task.
Resolved in this release:
- Updated Forgot Password screen. Fixed the wording on the Forgot Password screen to enhance security.
- Updated create Modules and create Control Repos API resonses. Fixed the API responses for create Modules and create Control Repos so they are consistent.
- Alignment on Groups 'All permissions' check box. Fixed an issue with the All permissions check box on the Groups permissions screen.
Version 4.32.0
Released 29 August 2024.
New in this release:
- Postgres repack schedule is now configurable. The schedule used to run the Postgres repack is now configurable. Use the pg_repack Cronjob Run Time setting in the Puppet Application Manager UI to configure this.
- Added option to disable object store related objects. Added a new option in the PAM console to disable the in-cluster object store. This is available once migration of the store data to Postgres is complete, which happens on the first upgrade to version 4.26.0 or later.
-
Added API endpoint to retrieve list of users. Added a new API endpoint,
/v1/users/
, to retrieve a list of users. -
Added API endpoint to retrieve user details. Added a new API endpoint,
/v1/users/{userId}
, to retrieve a details about users.
Resolved in this release:
- Security vulnerability with the username and password in URL path. Fixed an issue with a security vulnerability that involved an API sending sensitive information as part of the URL path. We have replaced this call with a new endpoint that passes sensitive information as part of a request body in a more secure manner.
- Prevent regex pipelines having impact analysis stages. Fixed an issue where you could set an impact analysis stage on a regex pipeline when constructing the pipeline as code. Impact analysis stages are properly prevented on regex pipelines now.
Security notices:
- Cross Origin Resource Sharing (CORS): Arbitrary Origin Trusted. Resolved a security vulnerability related to Cross-Origin Resource Sharing (CORS). An Access-Control-Allow-Origin header is no longer set to the request's origin header on API calls, preventing any unintended exposure of resources to untrusted origins.
Version 4.31.0
Released 10 July 2024.
New in this release:
- Data retention. Added two new configuration options for data retention that allow you to set a retention period for historical pipeline and value reporting data.
-
Added a new PostgreSQL image. Added a new PostgreSQL image which includes
pg_repack
for database maintenance.pg_repack
runs daily to maintain the database.
Resolved in this release:
- Nodes section is blank and has errors after restart. Fixed an issue where the query service token was not properly rotated, causing the Nodes section to be blank and have errors. The query service token is now properly rotated even if Continuous Delivery for PE is not running when the rotation was scheduled, ensuring that node data is fetched properly.
- Puppet Application Manager (PAM) trace logging sometimes failed for Continuous Delivery for PE jobs with UnknownFormatConversionException exceptions. Fixed an issue where a percentage sign (%) in file names caused an issue when writing to Continuous Delivery for PE logs.
Version 4.30.2
Released 14 June 2024.
Resolved in this release:
- Pipeline error: Cannot invoke "com.distelli.models.ControlRepoId.getDomain()" because "controlRepoId" is null. Fixed an issue where custom deployments could not be used if the deployment was added to a pipeline through the UI.
Version 4.30.1
Released 22 May 2024.
Resolved in this release:
- Update default facts displayed on Estate Reporting Node Table. Updated Estate Reporting Node table on the Nodes screen to change the default facts displayed. Previously the table displayed the ipaddress and operatingsystem fact values in the two rightmost columns. These are legacy facts and those two columns have been updated to show the modern networking.ip and os.name facts instead.
- Activity reporting screen showing labels instead of strings after upgrading. Fixed an issue where the activity reporting screen displays incorrect labels after upgrading.
- Direct Deployment Policy MAX_NODE_FAILURE value is being passed to the API from the UI as a string instead of an integer. Fixed an issue where triggering a deployment with the Direct Deployment Policy option selected would fail when a MAX_NODE_FAILURE value is set.
- SSLHandshakeException when trying to use Proxy for Azure DevOps integration. Fixed an issue where trying to use a proxy for Azure DevOps integration would fail. Continuous Delivery for PE now correctly loads the CA certificate chain provided via the External CA Certificate setting in the PAM console.
- Nodes section is blank and full of errors after every restart. Fixed an issue where the Nodes section is blank or shows errors after a restart. The query service token now properly rotates even if Continuous Delivery for PE is not running when the rotation was scheduled, ensuring that node data is fetched properly.
Security notices:
- CVE-2024-29857. Updated bouncycastle to 1.78 to address this vulnerability.
Version 4.30.0
Released 7 May 2024.
Resolved in this release:
- Unable to clone via SSH from ADO Cloud. Upgraded Continuous Delivery for PE's SSH client to support RSA SHA256 and RSA SHA512 handshake algorithms. This was necessary to support SSH connections with ADO Cloud after Microsoft began phasing out support for SHA1 handshakes. Any other providers that also need the newer algorithms (such as GitLab deployed on Red Hat Enterprise Linux (RHEL) 9) are also now supported.
-
Removed authtokens API from OpenAPI specification. The
/v1/authtokens
API has been replaced by/v1/tokens
, which requires an authentication token in the header. - Duplicate GitLab integration causing a blank screen. Fixed an issue loading the source control integrations screen caused by accidentally adding duplicate VCS providers.
- After upgrading to 4.29.2 the commit link on Continuous Delivery for PE redirects to an invalid URL. Fixed invalid commit links when using Azure DevOps as a source control provider.
- Impact Analysis job link for a module goes to job for a control repo. Fixed an issue navigating between the main control repo view and the Impact Analysis/Deployment screens.
- Can create an invalid deployment stage. Fixed an issue where it was possible to create a deployment stage pointing at an environment node group with the same name as the branch the pipeline runs from.
- Module feature branch deployment stages are failing to deploy. Fixed an issue where the module feature branch deployment stages failed to deploy. The missing control repo and branch fields have been added to the module deployment dialog for a regex pipeline.
- HTTP 403 error when upgrading to Continuous Delivery for PE 4.29.2. Fixed an issue in 4.29.x versions of Continuous Delivery for PE that required the user triggering a manual deployment to be either the owner of the workspace or a root user.
- CD4PE_JOB_CONTEXT is unavailable unless a secret is added. Fixed an issue where the output of pipeline job tasks were not displaying the value of the CD4PE_JOB_CONTEXT environment variable unless the job had a Secret added. The value of CD4PE_JOB_CONTEXT now displays regardless of whether a Secret is set or not.
Security notices:
- CVE-2023-49569. Updated go-git to address this vulnerability.
- CVE-2023-1732. Updated Cloudflare/circl to address this vulnerability.
- CVE-2024-27304, CVE-2024-27289, CVE-2023-39325. Updated Query Service to 1.8.16 to address these vulnerabilities.
Version 4.29.2
Released 21 March 2024.
Resolved in this release:
- Missing Impact analysis (IA) report. Fixed an issue with Impact Analysis and Azure DevOps where Continuous Delivery for PE falsely reports no impacted nodes.
-
Error trying to run an Impact Analysis for a Module. Fixed an issue where
users who created a deployment stage on a pipeline may see the Impact Analysis
pipeline stage fail with the following error:
Cannot invoke "com.distelli.models.ControlRepoId.getDomain()" because "controlRepoId" is null
- Error in Continuous Delivery for PE Feature branch policy UI. Fixed an error when editing a regex pipeline's deployment stage for a Bitbucket or GitHub control repo.
- Pull request from Bitbucket Cloud not triggering Continuous Delivery for PE pipeline with pull request trigger. Fixed an issue where pull requests to a Bitbucket cloud repository would not trigger a pipeline.
- Triggering a regex pipeline against a branch with an existing pipeline runs that pipeline instead. Fixed an issue where manually triggering a regex pipeline against a branch with an existing pipeline would cause the branch pipeline to run rather than the expected regex pipeline.
-
Unable to verify Global HTTP read timeout setting. Increased the NGINX
proxy_read_timeout
from 60 seconds to 300 seconds to allow for longer running jobs. - Pressing <TAB> after entering user/email changes focus to Show/hide password instead of Input password. Fixed a minor UI issue in the login screen where pressing <TAB> after entering the user name or email address would focus on the Show/hide password icon instead of the password input field.
Version 4.29.1
Released 21 February 2024.
New in this release:
-
Updating a pipeline now requires a new query parameter. The
projectType (MODULE or CONTROL_REPO)
is now a required query parameter when updating pipelines with/api/v1/pipelines-spec
.
Resolved in this release:
- Unable to run deployments after creating or editing a pipeline. Fixed an issue where deployments were not run for new or edited pipelines.
- Unable to update a deployment on a regex pipeline. Fixed an issue that prevented updates to a deployment on a regex pipeline.
- Option to select an environment prefix in the Deployment dialog box. Added the SELECT AN ENVIRONMENT PREFIX option to select a Puppet Enterprise environment prefix when creating a manual deployment or adding a deployment stage to a pipeline.
- Unable to manually trigger a regex pipeline. Fixed an issue where manually triggering a regex pipeline caused a "branch not found" error. Regex pipelines can now be triggered against branches matching the regex.
- New Impact Analysis jobs cause list errors. Manual Impact Analysis runs can now be triggered on code projects with custom names without causing an error with the tables on the Control Repos and Modules pages.
- Unable to select a different view on the Nodes page. Fixed an issue where selecting a different view on the Nodes page resulted in an error.
- Continuous Delivery for PE approval emails not being sent after changing Bitbucket to GitLab. Fixed an issue where approval notifications were not sent for deployments from GitLab projects in subgroups.
Security notice:
- CVE-2024-0567. Updated the Debian Docker image to address this vulnerability.
Version 4.29.0
Released 8 February 2024.
New in this release:
- Personal access token management. You can now create authentication tokens to allow a user to enter their credentials once, then receive an alphanumeric token to access different services or parts of the system infrastructure. To manage personal access tokens, see Manage personal access tokens.
- OpenAPI support. You can now fetch data and automate your workflows with the Continuous Delivery for Puppet Enterprise (PE) REST API. To get started using Continuous Delivery for PE public APIs, see REST API.
- Value reporting. You can now view activity values across all the Puppet Enterprise (PE) instances integrated within a workspace in the Activity report. To view your activity in Continuous Delivery for PE, see Activity reporting.
- Refreshed Continuous Delivery for PE pipelines UI. The Continuous Delivery for PE pipelines pages have a refreshed appearance.
Security notice:
- CVE-2023-39325. Updated several direct and indirect dependencies to address this vulnerability.
Version 4.28.0
Released 30 November 2023.
New in this release:
- New node filter feature added to impact analysis. A new node filter feature for Impact Analysis can be configured to run the analysis on a subset of impacted nodes. Nodes can be filtered by percentage of the number of nodes impacted by the change. See the adding Impact Analysis step for your pipelines-as-code to learn how to add this setting to your pipeline. Currently this setting is only available in pipelines-as-code. To enable pipelines-as-code, see Construct pipelines from code.
Resolved in this release:
- Fact charts do not always show the correct number of nodes when switching filters. Fixed an issue in the node table so that the fact charts reflect the selected filters.
Security notice:
- CVE-2023-36478. Continuous Delivery for PE is not vulnerable, but we are now running the updated version of Jetty that addresses this vulnerability.
Version 4.27.1
Released 11 October 2023.
Resolved in this release:
- Jobs fail with Null pointer exception on trigger events. Fixed an issue where jobs in the first stage of a pipeline would occasionally fail due to a synchronization issue on the backend.
Version 4.27.0
Released 4 October 2023.
Resolved in this release:
-
Deleting workspace for LDAP user causes issues. Fixed an issue where the
LDAPSyncFunction
task fails and the user is not able to log in to Continuous Delivery for PE. This happened when a deleted workspace was referenced in an LDAP Group Mapping. - Upgraded the query service to version 1.8.14 to update the default configuration to support Continuous Delivery for PE 5.x.
Version 4.26.2
Released 7 September 2023.
- Pipeline jobs no longer intermittently fail with Postgres errors. Fixed an issue where pipeline jobs randomly failed with Postgres errors in Continuous Delivery for PE.
Version 4.26.1
Released 23 August 2023.
- Added new text field under the Config page in Puppet Application Manager called External CA Certificate. The PAM UI now includes the External CA Certificate option under the Config page that allows you to supply a trusted SSL certificate for Continuous Delivery for PE to use when communicating with external services.
Version 4.26.0
Released 22 August 2023.
-
Large object store data is now stored in PostgreSQL.
Continuous Delivery for PE 4.26.0 now uses PostgreSQL for large object storage. New
4.26.0 installations use PostgreSQL from the
outset. For existing users, large object data is migrated for you as part of
the upgrade to version 4.26.0. Note: For existing users, the data migration may cause the 4.26.0 upgrade process to take in excess of 15 minutes.
- Refreshed the Continuous Delivery for PE Control Repos UI. The Continuous Delivery for PE Control Repos pages have a refreshed appearance.
- Refreshed the Continuous Delivery for PE Modules UI. The Continuous Delivery for PE Modules pages have a refreshed appearance.
Resolved in this release:
-
Security fixes. This release upgrades
okio-jvn
to version 3.4.0 to address CVE-2023-3635.
Version 4.25.1
Released 24 July 2023.
- Continuous Delivery for PE does not respect JVM HTTP proxy settings in certain scenarios. We fixed an issue where Continuous Delivery for PE ignored JVM HTTP proxy settings when attempting to proxy requests for Bitbucket Server/Cloud, GitHub/GitHub Enterprise, and GitLab.
Version 4.25.0
Released 11 July 2023.
-
User interface improvements. The following Continuous Delivery for PE pages have a refreshed appearance:
- Page not found (404)
- Runtime error
- Forbidden (403)
- Forgot your password?
- Create a user account
- Continuous Delivery for PE default pipeline impact analysis fails with a non-actionable error message. Updated the error message to make it more descriptive and useful when a pipeline with no deployment stage fails the impact analysis stage.
-
GetJobInstanceV1
returns control repo display name for GitLab. Fixed an issue where links to a GitLab source control repository from the Job details screen wouldn't work if the control repo/module name did not match the GitLab repo name. -
Security fixes. Version 4.25.0 includes several security fixes, including:
- Upgraded
gin-gonic
to version 1.9.1 to address CVE-2023-29401. - Upgraded
guava
to version 32.0.0-android to address CVE-2023-2976.
- Upgraded
Version 4.24.1
Released 28 June 2023.
- Impact Analysis always shows zero changes. We fixed an issue where module impact analysis would not correctly diff module versions when running against Puppet Enterprise deployed with the extra-large architecture. This fix improves logging in module impact analysis around module version diffing and shortens the time it takes the module impact analysis to report a failure when it is unable to compare module versions between environments.
- Documentation improvements. Added a new section to clarify how to Integrate with Azure DevOps Server on prem.
Version 4.24.0
Released 31 May 2023.
- Added AzureDevOps support. Continuous Delivery for PE now supports ADO Server (on prem) integration.
- Refreshed Continuous Delivery for PE user login UI. The Continuous Delivery for PE user login pages have a refreshed appearance.
- Unable to access job details page for jobs under code validation stage. Job detail links from code validation jobs now correctly redirect to the appropriate job details pages, rather than timing out.
-
Security fixes. Version 4.24.0 includes several security fixes, including:
- Upgraded the query service to version 1.8.12 to protect against potential race conditions in the backend query service.
- Upgraded
jackson
to version 2.15.0 to address CVE-2022-1471 insnakeyaml
.
Version 4.23.1
Released 2 May 2023.
- Unable to access Job details pages for jobs in the Code validation stage. We fixed an issue where, after installing or upgrading to version 4.23.0 of Continuous Delivery for PE, the Job details pages for jobs in the Code validation stage of the pipeline were no longer available.
- The version 4.23.1
.airgap
bundle has an updated version ofpuppet-dev-tools
that fixes CVE-2023-27533 and CVE-2023-27536.
Version 4.23.0
Released 18 April 2023.
- Refreshed Continuous Delivery for PE job hardware UI. The Continuous Delivery for PE job hardware pages have a refreshed appearance.
- Refreshed Continuous Delivery for PE Job details UI. The Continuous Delivery for PE Job details page has a refreshed appearance.
- Module subset modal prefix not working. The Module subset modal on the Edit Permissions screen now filters modules by prefix when typing.
- Continuous Delivery for PE misidentifies pull requests coming from a Bitbucket Server. Fixed an issue where webhook events for Bitbucket Server repositories would incorrectly detect a pull request as coming from a forked repository.
- Unable to list commits when branch name contains a "/". Commits are now properly listed when a branch name contains a "/".
-
Creating a new job template with a blank description causes an error.
The Job details page now updates properly when a job
template is created with a blank (
null
) description.
Version 4.22.2
Released 21 March 2023.
- Users unable to manually update token for Puppet Enterprise integration. We fixed an issue where users were unable to manually update their Puppet Enterprise token in the UI.
- Disabling Vault before deploying Continuous Delivery for PE 4.22.0 causes it to crash. We fixed an issue where disabling Enable Vault in the Puppet Application Manager (PAM) UI prior to the initial deployment of Continuous Delivery for PE 4.22.0 causes Continuous Delivery for PE to crash. You can now disable Vault prior to the initial deployment of Continuous Delivery for PE 4.22.0.
- The version 4.22.2
.airgap
bundle has an updated version ofpuppet-dev-tools
that appropriately sets the tag at 4.x.
Version 4.22.1
Released 16 March 2023.
- Console doesn't appear after upgrading. IPv6 was enabled by default, which caused NGINX to fail to start on non-IPv6 environments. IPv6 is now dynamically enabled only on IPv6 environments to prevent this.
Version 4.22.0
Released 8 March 2023.
-
Puppet Application Manager (PAM) UI now has an option to
disable Vault.
The PAM UI now includes the Enable Vault option under Advanced configuration and tuning that allows you to remove Vault. Enable Vault is selected by default to allow for migrations on older Continuous Delivery for PE releases (4.19.0 and older).
Vault can be safely removed on all new installations from this release on. For users upgrading from version 4.19.0 or older, you must complete at least one successful deployment of version 4.20.0 or newer to safely remove Vault using the Enable Vault option in version 4.22.0.
- Refreshed Continuous Delivery for PE Groups Settings UI. The Continuous Delivery for PE workspace Groups Settings pages have a refreshed appearance.
- Refreshed Continuous Delivery for PESource Control Integrations Settings UI. The Continuous Delivery for PE Source Control Integrations Settings pages have a refreshed appearance.
- Login flow for root broken when no workspaces exist. An infinite redirect loop was possible when users logged in as root and there were no workspaces in Continuous Delivery for PE.
- Concurrent catalog compilation throttling is now reset on Continuous Delivery for PE restart. Impact analysis would hang when the maximum number of concurrent compilations on each PE instance was reached.
- 404 error when accessing a node from the node table. Selecting a node from the node table on the Nodes page would result in a 404 error.
- The version 4.22.0
.airgap
bundle has an updated version ofpuppet-dev-tools
that includes PDK 2.6.1 and a fix addressing CVE-2023-23916. -
Security fixes. Version 4.22.0 includes several security fixes, including:
- Upgrading
crypto
to v0.0.0-20211209193657-4570a0811e8b to address CVE-2022-27191. - Upgrading
gin-gonic
to 1.9 to address CVE-2022-41723. - Upgrading
postgresSQL
to 42.4.1 to address CVE-2022-41946.
- Upgrading
- Support for versions of Kubernetes prior to 1.21. Kubernetes version 1.21 or higher is now required for Continuous Delivery for PE and Comply.
Version 4.21.1
Released 6 February 2023.
-
Broken links associated with renaming workspaces. This fix resolves
the following issues:
- Broken links in the UI that pointed to the old name of a workspace that had been renamed.
- Broken links from adding or editing job hardware capabilities from the root console.
- Regex pipeline is triggered by webhook from GitLab when the branch is deleted. Regex pipelines are no longer triggered after merging the GitLab feature branch PRs and deleting the feature branches.
Version 4.21.0
Released 25 January 2023.
-
Documentation improvements. Beginning with 4.18.1 and ending with
this release, we made quality of life changes to the Continuous Delivery for PE documentation. This primarily consisted of
reorganizing some pages in a more logical manner and renaming some pages
with overly-long titles. We rolled out a few changes with each release and
enabled redirects where necessary.Changes in this release include:
- Moved Test Puppet code with jobs, Analyze the impact of code changes, Construct pipelines, and Deploy Puppet code under Test and deploy Puppet code. There was no change to the structure of these sections other than some minor renaming.
- Renamed Structuring a .cd4pe.yaml file to .cd4pe.yaml file structure.
- Renamed Validating your .cd4pe.yaml file to .cd4pe.yaml file validation.
- Renamed Limitations of impact analysis to Impact analysis limitations.
If you have any questions or comments about these changes, please use the feedback form at the bottom of this page to get in touch with our documentation team. Refer to prior release notes for details about previous changes.
- Environment status for cancelled impact analysis tasks was incorrect. Previously, if you cancelled an impact analysis task, the task was actually cancelled, but the Status for each environment would not update after cancellation. If you examined the impact analysis details in the Web UI, it would seem as though impact analysis was still running, when it was actually stopped. Now the environment statuses correctly update after impact analysis is cancelled.
-
OOMKilled error after upgrade. We fixed an issue where the
cd4pe-migrate-object-store
job was OOMKilled on application upgrade, which also caused Continuous Delivery for PE to get stuck initializing. - Pipeline statuses weren't communicated to AzureDevOps. Continuous Delivery for PE sends pipeline status information to AzureDevOps for pull requests.
- Rapid navigation broke some pages. Occasionally, leaving a page before it was fully loaded caused an error.
-
Security fixes. Version 4.21.0 includes several security fixes, including:
- Upgrading
react-hot-loader
to version 4.13.1 to address CVE-2022-37601 and CVE-2022-37603. - Upgrading the query service to version 1.8.8 to address CVE-2022-32149 and CVE-2022-27664.
- Upgrading
express
to version 4.18.2 to address CVE-2022-24999. - Removing
rbac
andrbac-init
images from airgapped bundles for Continuous Delivery for PE. - Upgrading
jackson
to version 2.14.0 to address CVE-2022-41854 and CVE-2022-38752 insnakeyaml
.
- Upgrading
Version 4.20.0
Released 15 November 2022.
-
Refreshed Puppet Enterprise integration UI. The
Puppet Enterprise integration settings screens have
a refreshed appearance.
- Integrations are organized in card format, instead of table format.
- The general process to Integrate with Puppet Enterprise or set up protected environments has not changed, but labels and placement of some fields, icons, and buttons have changed.
- We added an error message to the Protected environments section that appears if you don't have permission to manage protected environments for a particular PE integration.
- Compiler maintenance mode. You can Enable compiler maintenance mode to force code deployments to skip unavailable or offline compilers and replicas.
- Job secrets stored in PostgreSQL. Job secrets are now stored in PostgreSQL instead of Vault. Upon upgrade to 4.20.0 or later, your existing secrets are automatically migrated from Vault to PostgreSQL. After this migration, Vault is no longer used.
- Search all branches when managing pipelines as code. You can now search all branches when selecting a branch to manage pipelines as code. Previously, the list of branches was truncated and wasn't searchable.
- Delete SMTP configuration. You can now delete unwanted SMTP configurations.
-
Impact analysis ignores patch fact generation script files. The
pe_patch_fact_generation.ps1
andpe_patch_fact_generation.sh
files are now excluded from impact analysis reports because these files always report a change ofn/a
ton/a
. This created unnecessary clutter in the reports. -
Documentation improvements. Beginning with 4.18.1, we've begun to
make quality of life changes to the Continuous Delivery for PE
documentation. This primarily consists of reorganizing some pages in a more
logical manner and renaming some pages with overly-long titles. We'll roll
out a few changes with each release and enable redirects where
necessary.Changes in this release include:
- Moved Configure impact analysis under Analyze the impact of code changes so that all impact analysis pages are grouped together.
- Renamed Managing teams and team members to Manage workspaces and access.
- Renamed Configuring and adding integrations to Configure and integrate.
- Renamed Advanced Continuous Delivery for PE configuration to Advanced configuration.
If you have any questions or comments about these changes, please use the feedback form at the bottom of this page to get in touch with our documentation team. Refer to prior release notes for details about previous changes.
- Fixed nested facts in Node Table. Nested facts now display correctly in the Node Table in Node Inventory.
- Corrected error message. When running impact analysis on a module repo, if the specified branch is missing, the error message correctly refers to the repo as a module, instead of a control repo.
- Impact analysis runs could fail in environments with proxies. We fixed an issue where impact analysis runs triggered by webhooks would fail in environments with proxies that use OpenTelemetry tooling.
-
Security fixes. This release upgraded
kurl-proxy
to 1.86.2 to address CVE-2022-40674 and CVE-2022-37434.
Version 4.19.0
Released 4 October 2022.
- Improved impact analysis performance and removed redundant setting. We improved impact analysis performance when calculating impacted nodes. As a result of this, we removed the Environments path setting since it is no longer required to improve impact analysis performance. If you enabled this setting, this setting is removed during the upgrade, and you do not need to take any additional steps.
- Repository menu limited to 10 results. When adding repositories, the Repository dropdown menu shows a maximum of 10 repositories, and you can type a repository name to refresh the results. In this release, we added a message to the dropdown menu clarifying the results limit.
- Return to Login page from Forgot password page. We added a link back to the Login page from the Forgot password page.
- Improved error messages. We improved the error messages shown on the Hardware page when Continuous Delivery for PE can't connect to the selected PE integration.
-
Documentation improvements. Beginning with 4.18.1, we've begun to make
quality of life changes to the Continuous Delivery for PE
documentation. This primarily consists of reorganizing some pages in a more
logical manner and renaming some pages with overly-long titles. We'll roll
out a few changes with each release and enable redirects where
necessary.
If you have any questions or comments about these changes, please use the feedback form at the bottom of this page to get in touch with our documentation team.
No changes were included with 4.19.0. Refer to the 4.18.1 release notes for details about the latest changes.
- Impact analysis queued indefinitely. We fixed an issue that sometimes caused impact analysis tasks to get stuck in the queued state indefinitely.
- Couldn't change a job's hardware capabilities. We fixed an issue that prevented you from selecting or deselecting Hardware capabilities when creating or editing jobs.
-
Browser-specific issues. We resolved a couple of error-handling
issues that occurred in some browsers when running Continuous Delivery for PE in Kubernetes.
- When editing workspace settings, the SSH key tab shows a warning if the workspace doesn't have an SSH key and gives you the option to add one.
- When adding repositories, if webhook setup fails, you'll get a specific pop-up message, rather than a generic error.
- Links to impact analysis documentation. In the Continuous Delivery for PE web UI, a few links to impact analysis documentation were broken. We've fixed those.
- Incomplete list of Azure DevOps projects. When adding repositories from Azure DevOps Services, Continuous Delivery for PE can now show an unlimited number of projects. Previously, there was a cap on the maximum number of projects shown, and you would only hit the limit if you had access permission for a significant number of projects.
-
Security fixes. This release upgraded
kurl-proxy
to 1.83.0 to address CVE-2021-22946, CVE-2022-22576, CVE-2022-27781, and CVE-2022-27782.
Version 4.18.1
Released 27 September 2022.
-
Documentation improvements. With this release, we're beginning to make
quality of life changes to the Continuous Delivery for PE
documentation. This primarily consists of reorganizing some pages in a more
logical manner and renaming some pages with overly-long titles. We'll roll
out a few changes with each release and enable redirects where
necessary.
If you have any questions or comments about these changes, please use the feedback form at the bottom of this page to get in touch with our documentation team.
Changes in this release include:
- Moved Key concepts and the Getting started guide under Welcome to Continuous Delivery for Puppet Enterprise.
- Renamed Set up Continuous Delivery for PE to Install.
- Renamed Upgrading Continuous Delivery for PE to Upgrade.
- Moved Migrate 3.x data to 4.x under Upgrade, since migration is part of the upgrade process.
- Moved Analytics data collection under Configure and integrate, which matches the placement of a similar page in the PE documentation.
- Moved Review node inventory further down in the table of contents.
- GitLab integration configuration issue. Resolved an issue preventing users from configuring GitLab integrations to use HTTP or HTTPS for cloning.
Version 4.18.0
Released 8 September 2022.
-
Java 17 upgrade. This release includes an upgrade to Java 17, which
deprecated some JVM args.Important: If you are passing any custom JVM args, make sure these are compatible with Java 17.
- Impact analysis details page crashes. The impact analysis details page no longer crashes if the filter set in the URL does not exist.
Version 4.17.0
Released 11 August 2022.
-
Impact analysis detects Hiera
.eyaml
files. Previously, impact analysis only detected changes in Hiera files with theyaml
extension. Impact analysis now also detects changes in Hiera files with theeyaml
extension. - Corrected a database issue with pipeline event data. We fixed an issue where triggering a pipeline caused incorrect pipeline event data to be recorded in the database for all pipelines.
-
Security fixes. Version 4.17.0 includes several fixes related to
security, including:
- Upgraded
pam-utils
to address several CVEs. - Fixes to address CVE-2022-31197, CVE-2022-30591, and CVE-2020-29587.
- Upgraded
Version 4.16.1
Released 14 July 2022.
- The Group user attribute wasn't respected when querying LDAP group membership. We fixed an issue where Continuous Delivery for PE incorrectly assumed the Group user attribute value was the same as the user's Distinguished name. This caused failure of group sync tasks and prevented deletion of LDAP group mappings.
- You can delete LDAP group mappings after removing an LDAP configuration. Previously, if you removed an LDAP configuration before removing the associated group mappings, the group mappings were orphaned and impossible to delete.
Version 4.16.0
Released 12 July 2022.
-
You must manually update webhooks after changing the backend service
endpoint. To prevent unexpected and undesired changes to webhooks,
Continuous Delivery for PE no longer automatically updates your
configured webhooks when you change the
CD4PE_BACKEND_SERVICE_ENDPOINT
. Instead, a warning message is logged asking you to Update webhooks manually through the web UI. - Automatic prefix selection when there is only one prefix available. If you use environment prefixes, when you add a deployment stage to a pipeline and there is only one prefix option available, Continuous Delivery for PE automatically selects that prefix. This enhancement resolves an issue where it was unclear that you needed to select an option when there was only one possible choice.
- Minor UI change. We removed the Gravatar icon from the job Details page.
-
Multiple pipelines-as-code issues, including unchanged pipelines suddenly
missing (entirely or partially), unexpected duplicated pipelines,
unfamiliar pipelines, or the Pipelines page loads very slowly.
Webhooks were causing pipelines-as-code to be rebuilt more often than necessary and
retaining extra, unnecessary pipeline data. Important: If you experience any of the above issues, you need to forcefully reload your
.cd4pe.yaml
file, as explained in this Support article: Pipelines-as-code issues in Continuous Delivery for PE 3.0.0 to 4.15.1.
Version 4.15.1
Released 14 June 2022.
- The SMTP port setting is no longer ignored if you enable TLS for your SMTP configuration.
Version 4.15.0
Released 7 June 2022.
- (Experimental) Run impact analysis on fewer nodes. If an environment has a lot of nodes, it might take a long time for impact analysis to run. It is possible to only analyze a subset of your total nodes, but there are tradeoffs. We've described a process you could use to Run impact analysis on fewer nodes. If this feature interests you, please let us know what you think.
- Improved source control integration field validation. When configuring GitLab, GitHub Enterprise, or Bitbucket Server integrations, the field validations are more robust and provide more useful error messages.
- Pipeline runs triggered by pull requests continue to respect PR gates after pipeline promotion. Previously, promoting a pipeline that was triggered by a pull request could discard the PR event type association. This caused any subsequent manual stage promotions to ignore their respective PR gates, because the pipeline run incorrectly appeared as if it were triggered by a commit (instead of a PR). Now, pipelines triggered by PRs maintain their PR event type association throughout the entire pipeline run, and manual pipeline promotions respect PR gates when the pipeline is originally triggered by a PR.
Version 4.14.0
Released 5 May 2022.
- Endpoints properly display errors. We fixed an issue where some endpoints couldn't correctly display errors in certain circumstances.
-
Jobs running longer than 20 minutes no longer fail with exit code
1
. Lengthy jobs now continue running as expected. -
Deploying Continuous Delivery for PE to an OpenShift cluster
resulted in pod failures. To prevent an error where OpenShift can't
find
/sbin/nologin
, a copy of/usr/sbin/nologin
is made to/sbin/nologin
in the newpam-utils
container. -
Security fixes. Version 4.14.0 includes several fixes related to
security, including:
- Fixes to address CVE-2022-0778, CVE-2022-1271, CVE-2022-1233, and CVE-2020-36518.
- Updated teams-ui webpack to v5 to address a security issue with a child dependency of v4.
Version 4.13.0
Released 5 April 2022.
- Improved proxy handling. Continuous Delivery for PE now uses relative, rather than absolute, lookup paths to construct all URLs in the UI. Previously, configuring a proxy required changing the Continuous Delivery for PE service endpoint to avoid CORS errors. This improvement is a more complete resolution to the fix included in version 4.12.1.
-
Accessibility improvements. Version 4.13.0 introduces several
improvements for accessibility in Continuous Delivery for PE, including:
- Removed leading + symbols from some buttons, which could cause incongruity between the accessible name and visible label.
- On the PE settings page, the icons to remove a protected environment and change a token's lifetime now have tooltips correctly describing their functions.
- The exit icon now has a tooltip.
- On the SSH key settings page, the More actions icon now has a tooltip explaining the contents of the menu associated with this button.
- Fixed navigation for super users without workspace membership. A super user who is not a member of any workspace is directed to the root console after logging in. When a super user accesses a workspace they are not a member of, the navigation menu loads correctly.
-
Multi-node clusters don't prevent draining nodes with StatefulSets.
We modified
PodDistruptionBudget
to allow multi-node Continuous Delivery for PE clusters to drain all but the last node. -
Security fixes. Version 4.13.0 includes several bug fixes related to
security, including:
- The kurl-proxy and minIO containers have the latest OS patches.
- Fixes that address CVE-2021-43858 and CVE-2022-0839.
- Upgraded OpenTelemetry to upgrade a Commons-io dependency.
- The build process removes test keys such as those left by the
public-encrypt
package and Bolt installation.
Version 4.12.1
Released 7 March 2022.
- Fixed a reverse proxy configuration issue that caused CORS errors when users tried to login.
Version 4.12.0
Released 2 March 2022.
failed to pull: deployment method
for chart vault has changed
error, upgrade PAM to version 1.64.0 before upgrading Continuous Delivery for PE to version 4.12.0.- Secrets management in Continuous Delivery for PE. You can add secrets to Continuous Delivery for PE jobs, which jobs use while running. To learn more, go to Test Puppet code with jobs.
- Continuous Delivery for PE now supports Kubernetes 1.19 to 1.24. Kubernetes 1.17 and 1.18 are no longer supported.
-
Usability improvements. Version 4.12.0 introduces several
improvements to the design and usability of Continuous Delivery for PE, including:
- The Nodes page has improved button placement and text.
- The Nodes page has a new view selector that allows you to pick which view you want to see.
- Custom view names now become the page title when selected.
- You can edit an existing view or save a new view by clicking Save or Edit in the drop down.
- Fixed the impact analysis filter for failed nodes. This also fixed the Compilation failures link on the impact analysis details view.
- You can use
.cd4pe.yaml
files over 500 lines with Bitbucket Server. - The Disable MinIO option is no longer available in standalone installs. This option only applies to HA installs.
- This release contains fixes that address CVE-2021-43527.
Version 4.11.5
Released 22 February 2022.
- Fixed an issue where running impact analysis against a Bitbucket Cloud control repository detected no changes.
Version 4.11.4
Released 14 February 2022.
- Fixed an issue where you could not run Continuous Delivery for PE jobs without Docker hardware. Now, non-Docker-based jobs run directly on the job runner machine.
- This version's
.airgap
bundle includes an updated version ofpuppet-dev-tools
.
Version 4.11.2
Released 2 February 2022.
- Fixed an issue where you could not add a control repo or module with Bitbucket Cloud.
- This release contains fixes that address CVE-2022-21724.
Version 4.11.1
Released 20 January 2022.
- Installations that use a legacy or high availability (HA) architecture for
Puppet Application Manager no longer receive a
Job cd4pe-migrate-object-store is invalid
error when upgrading to the 4.11.x series.
Version 4.11.0
Released 20 January 2022.
- Compound filters on the Nodes page. You can now build multi-element filters that use logical operators (and and or) to answer complex queries about your nodes. For more information about creating and using compound filters, go to Create filters to focus on specific node sets.
- Endpoint configuration clarified. When you Deploy Continuous Delivery for PE, you can use a NodePort or an Ingress for your webhook and local container registry endpoints. Previously, the Ingress option was only available if you had previously set it. Now, you can always choose from both options.
-
Retrieve impact analysis CSV files through an API call. You can now
reach the
getImpactAnalysisCsvV1
endpoint from the Continuous Delivery for PE deployments module. This means your custom deployment policies can use this endpoint to retrieve impact analysis CSV exports. - Custom deployment policy logging. You can add custom deployment events with message parameters to your custom deployment policies. These appear as arbitrary log messages and, ultimately, on the web UI. This facilitates debugging when creating custom deployment policies.
-
Usability improvements. Version 4.11.0 introduces several
improvements to the design and usability of Continuous Delivery for PE, including:
- The ability to search for nodes in the table by name on the Nodes page.
- To improve reliability of snapshot restores, PostgreSQL now initially listens on localhost during startup.
- Improved impact analysis report filtering, searching, and pagination. When an impact analysis report has multiple pages, searching and filtering refreshes pagination.
- Export impact analysis report functionality restored. From the web UI, you can export CSV files of your impact analysis reports again.
- Improved error handling when changing user email addresses. Changing a user's email address to the user's existing email address no longer triggers an error. Attempting to change a user's email address to an email address belonging to another user returns an error message explaining that another user is using this email address.
- SMTP "from" address defaults to root account's email. If the Send emails from this address field is empty, Continuous Delivery for PE now uses the email address associated with the root user.
- Impact analysis succeeds on GitHub repos with different repo and display names. Impact analysis tasks are now performed correctly on GitHub repositories where the repo name does not match the display name set in Continuous Delivery for PE.
- The Continuous Delivery for PE container restarts successfully. The database migration lock is now automatically removed when the container stops, allowing for a successful restart without manually removing the lock.
Version 4.10.5
Released 20 December 2021.
- This release upgrades the included version of Apache Log4j to 2.17.0.
Version 4.10.4
Released 17 December 2021.
- This release upgrades the included version of Apache Log4j to 2.16.0.
Version 4.10.3
Released 10 December 2021.
- This release contains fixes that address CVE-2021-44228.
Version 4.10.2
Released 9 December 2021.
- When listing Bitbucket Server branches, the first result is no longer omitted from the list.
- Continuous Delivery for PE no longer attempts to set up SSH cloning for GitLab integrations unless explicitly instructed to do so.
- You can now successfully re-add an integration to Bitbucket Server or to GitLab using SSH.
- The value set for Global HTTP write timeout (seconds) in the
Advanced configuration and tuning section of the Config
page in Puppet Application Manager is now also used as the
value for the
CD4PE_MODULE_DEPLOY_READ_TIMEOUT
environment variable in deployment tasks. The default value is 120 seconds. - An issue with database connections has been resolved, and Continuous Delivery for PE now renders pages as expected without requiring you to periodically restart the application.
Version 4.10.1
Released 11 November 2021.
- Requests to the
/v1/authtokens
endpoint are now processed correctly.
Version 4.10.0
Released 9 November 2021.
This version includes a security fix to Continuous Delivery for PE that requires new authentication tokens for all PE integrations. As part of the upgrade process to version 4.10.0, Continuous Delivery for PE attempts to automatically rotate the tokens for all your integrated PE instances. In cases where tokens can not be successfully rotated by the software, you must complete the token rotation process manually.
After upgrading to version 4.10.0, go to the Message Center in the Continuous Delivery for PE web UI for a custom report on the state of your PE tokens and instructions for performing any required manual steps.
Special note for users of PE version 2021.x: The security update revokes all tokens assigned to the Continuous Delivery user in version 2021.x. You must regenerate and reconnect all PE tokens assigned to this user.
- Environments path setting for impact analysis. To improve impact analysis performance for users with certain PE configurations, a new Environments path setting is now available in the Impact analysis credentials section of each Puppet Enterprise instance's credentials. Users who have configured PE to use lockless deploys MUST NOT set the environments path.
- PuppetDB queries are now modified in order to improve impact analysis performance.
- Support bundles are now analyzed correctly and do not throw errors. Upgrade to Puppet Application Manager 1.49.0 or a newer version to apply this fix.
- Support bundle collection now requires less memory for environments experiencing heavy usage.
- Cross-version Puppet Development Kit (PDK) dependencies are now included in Continuous Delivery for PE, so PDK jobs no longer fail in offline (airgapped) environments.
Version 4.9.0
Released 8 September 2021.
- Impact analysis tasks run in parallel on multiple PE instances. When an impact analysis task is triggered to run on multiple PE instances, the task now runs simultaneously on each instance rather than waiting for one instance to finish before starting on the next.
-
Usability improvements. Version 4.9.0 introduces several improvements
to the design and usability of Continuous Delivery for PE, including:
- The Users page is updated with a cleaner, more streamlined design.
- Clicking Documentation in the web UI now correctly directs you to the 4.x documentation set.
- When enabled, the HTTP health check for load balancers now operates as expected.
Version 4.8.2
- Issues with the query service and the interaction between the Nodes page and PuppetDB are now resolved.
Version 4.8.1
Released 24 August 2021.
- An endpoint that was accidentally removed in version 4.8.0 is now restored.
Version 4.8.0
Released 10 August 2021.
- Configure snapshot timeouts. You can now configure the length of time that Puppet Application Manager spends attempting to back up Continuous Delivery for PE components when creating a snapshot. For more information, go to Adjust the timeout period for snapshots.
- When impact analysis tasks are run on a compiler, the resulting report now shows the list of impacted nodes.
- The installation preflight check now correctly requires 50 GB of storage for Ceph.
- You can now successfully restore Continuous Delivery for PE from a snapshot on legacy installations of Puppet Application Manager.
Version 4.7.2
Released 26 July 2021.
- The web UI no longer attempts to fetch remotely hosted fonts, and now loads correctly for installations in offline (airgapped) environments.
- A bug caused database backups in new installations of versions 4.7.0. and 4.7.1 to silently fail. New installations of Continuous Delivery for PE now correctly back up and restore the contents of the PostgreSQL database.
- Users running legacy installations of Puppet Application Manager version 1.44.1 can now successfully upgrade from Continuous Delivery for PE version 4.4.2 or older to the current version.
Version 4.7.1
Released 12 July 2021.
- The LDAP group mappings list now displays up to 200 group mappings.
- If multiple LDAP group mappings use the same LDAP group name and RBAC group name, you can now successfully delete one group mapping without deleting all group mappings that share these names.
Version 4.7.0
Released 8 July 2021.
- Fact charts. You can now see visual representations of Facter fact values on all nodes across the infrastructure you've integrated with Continuous Delivery for PE. The new Fact charts section of each view on the Nodes page displays the distribution of unique values across your inventory for your selected facts. We've included four fact charts to get you started, and you can build custom fact charts for the facts that are relevant to your business goals.
-
Usability improvements. Version 4.7.0 introduces several improvements
to the design and usability of Continuous Delivery for PE, including:
- Several web UI pages have been updated with a cleaner, more streamlined design.
- The Users page now shows the complete list (up to 1,000 users) of users in a workspace.
- New Azure DevOps integrations can now be set up successfully.
- If an empty (memberless) LDAP group map is added to Continuous Delivery for PE, other previously added LDAP group maps now sync correctly.
- When a new workspace is created, jobs in that workspace now default to running on workspace hardware.
- Node filter results are now correctly returned for fact names that use dot notation.
- A change to a saved view created by removing a filter can now be saved.
Version 4.6.1
Released 16 June 2021.
- Login attempts after upgrading to Continuous Delivery for PE 4.6.0 or higher with an older license no longer fail.
- Setting up an external PostgreSQL database no longer requires a separate configuration for the estate reporting service. The estate reporting service now defaults to sharing the Continuous Delivery for PE database. For more information, see Set up external PostgreSQL.
Version 4.6.0
Released 3 June 2021.
-
Promote permission. Previously, the permission to manually promote
changes through pipeline stages was included in the Edit permission for
control repos and modules. The Promote permission is now separate from the
Edit permission, and you can grant or deny these permissions to groups as
needed. Note: The new Promote permission has been automatically assigned to any group that was assigned the Edit permission on control repos or on modules in versions prior to 4.6.0.
- Set group permissions on a subset of control repos. You can now create groups that have permissions on only a subset of the control repos in your workspace.
- Export impact analysis data. You can now download the data generated by an impact analysis task. Click Export on the impact analysis report page to generate a CSV file of the data.
- LDAP group login filtering. You now have the option to enable login filtering for your LDAP configuration. If login filtering is turned on, only those LDAP users who are included in mapped LDAP groups are able to log into Continuous Delivery for PE.
- Increased default memory limits. In order to support higher out-of-the-box load, the default memory configuration for Continuous Delivery for PE now uses higher default memory limits while starting with the same base memory use.
- Run multiple Puppet applications on the same cluster. You can now run multiple supported applications (currently Continuous Delivery for PE version 4.6.0 and newer, and Puppet Comply version 1.0.4 and newer) on a single instance of Puppet Application Manager. Find more information in the Working with Puppet applications section of the Puppet Application Manager documentation.
-
Usability improvements. Version 4.6.0 introduces several improvements
to the design and usability of Continuous Delivery for PE, including:
- Several web UI pages have been updated with a cleaner, more streamlined design.
- Improved error messaging when a webhook cannot be automatically set up for a newly added control repo or module.
- Support bundles now note whether services are unavailable because the We're migrating an existing Continuous Delivery for PE 3.x instance option is enabled.
- The certificate preflight check now accepts a wildcard certificate as valid.
- Custom deployment policies no longer require environment branches.
- If a workspace has no owner, the Workspaces page in the root console now loads correctly so that you can reassign the workspace to a new owner.
- Information about global shared hardware is now correctly displayed when you navigate to the Hardware page in the root console from the individual workspace's Hardware page.
Version 4.5.2
Released 11 May 2021.
- If SAML is enabled for your Continuous Delivery for PE installation, a Log in using single sign-on option is now shown on the login screen, and the pod no longer falls into a restart loop.
- Docker runtime arguments are no longer passed if a job previously run on workspace hardware is updated to run on global shared hardware.
Version 4.5.1
Released 27 April 2021.
- The links provided in deployment approval emails now resolve correctly.
Version 4.5.0
Released 22 April 2021.
- Continuous Delivery for PE version 4.5.0 includes architectural changes that alter the paths of some page URLs and might break previously generated links to pull requests and other pages in your source control.
- If you use the Bolt tasks included in the
puppetlabs-cd4pe
module, upgrade the module to version 3.1.0 in your Bolt project. - Optional. A new version of the platform admin console is available with support for full (instance-level) snapshots. Learn more in the platform admin console release notes. If you'd like to use this feature to back up Continuous Delivery for PE, upgrade to the latest version of the platform admin console.
- Configure the Bolt PCP read timeout period. To prevent job run timeouts caused by file sync delays, you can now adjust the Bolt Puppet Communications Protocol (PCP) timeout period. Learn more in Adjust the timeout period for jobs.
- Reduced resource requirements for high availability (HA) installations. Services that can run multiple replicas now default to running on two replicas in an HA cluster rather than three. This change maintains the former level of failure resistance while reducing resource requirements.
-
Usability improvements. Version 4.5.0 introduces several improvements
to the design and usability of the web UI and platform admin console,
including:
- Display text on the Config page has been updated to clarify the purpose and operation of the optional and advanced configuration sections.
- The correct CA certificate is now passed to agents when switching between certificate generation methods and redeploying the application.
- Graphs shown on the application dashboard in the platform admin console no longer double-count resource use for pods using containerd.
Version 4.4.2
- Webhooks between Continuous Delivery for PE and GitLab repositories that use nested groups now correctly trigger pipeline runs.
- Links on control repo and module details pages to GitLab repositories that use nested groups now resolve correctly.
- When selecting a GitLab repository in the Continuous Delivery for PE web UI, the list of results is now correctly filtered by the selected organization or user.
Version 4.4.1
Released 29 March 2021.
- The impact analysis details page for modules now appears as expected.
- The deployment details page for modules now appears as expected.
- Continuous Delivery for PE now interprets errors from Code Manager correctly, and impact analysis runs are no longer impacted by parsing errors.
- The version 4.4.1
.airgap
bundle includes an updated version ofpuppet-dev-tools
.
Version 4.4.0
Released 11 March 2021.
-
Save and share favorite node table views. You can now save the custom
versions (views) of the node table that you create by using filters and
columns to zero in on the data that's most relevant to your work. When
you've created a view that you want to save and share with the members of
your workspace, click Save view. You can see a list
of all saved views for your workspace, mark your personal favorites for
quick access, and switch between your favorite saved views from the
Nodes page. For more information, see Save custom node table views.
Note: If you're using an external PostgreSQL database with Continuous Delivery for PE, this new feature creates the need to configure an estate reporting database. Find more information in Set up external PostgreSQL.
- Built-in user groups for new workspaces. Newly created workspaces now include three built-in user groups: Administrators, Operators, and Viewers. See the Permissions reference for details on the permissions included in each built-in user group.
- Streamlined workflow for adding users to a workspace. As part of the process of adding a new user to a workspace, you are now prompted to assign the user to one or more user groups (either the new built-in user groups or those you've created).
- Configure login attempt limits. You can now configure the number of unsuccessful login attempts that a user can make on Continuous Delivery for PE before their account is locked, as well as the length of time the account is locked and the length of time before the login attempt counter resets. For more information, see Configure login attempt limits.
-
OpenTelemetry. You now have the option to use OpenTelemetry to
perform distributed tracing on your Continuous Delivery for PE
installation. OpenTelemetry configuration options are available on the
Config page in the platform admin console. Important: When using OpenTelemetry, you can choose to export the gathered data to your logs, to Jaeger over gRPC, or via OTLP. Be aware that if you choose the logging exporter option, the size of your Continuous Delivery for PE logs increases significantly. OpenTelemetry data you collect is not shared with Puppet, except in one specific case: if, while using the logging exporter, you generate and send a support bundle to Puppet, the support bundle contains OpenTelemetry data for your installation.
- Preflight check improvements. Preflight checks now verify that schedulable CPU and memory capacity are available for performing upgrades, and that the system is running Kubernetes version 1.17.0 or newer.
-
Usability improvements. Version 4.4.0 introduces several improvements
to the design and usability of the web UI and platform admin console,
including:
- You'll no longer see an option to reset your password on the login screen if LDAP is enabled for your installation.
- A logout option is now available on the 403 error screen.
- The Config page in the platform admin console has been streamlined in order to help you locate the configuration settings relevant to your installation.
- To improve readability, the dashboard charts in the platform admin console displaying CPU usage and memory usage now only show data for the top five pods.
- Clicking on the Modules breadcrumb at the top of a module's details page no longer results in a 404 error.
- When you update your CA certificate in the platform admin console, the change now takes effect immediately.
- The option to set a PuppetDB connection timeout period has been added back to the Config page in the platform admin console.
Version 4.3.3
Released 23 February 2021.
- The integration between Azure DevOps and Continuous Delivery for PE now works as expected.
- Continuous Delivery for PE now deploys correctly if the root account email address entered on the Config page in the platform admin console contains uppercase letters.
-
Ownership of a workspace can now be successfully transferred to a new owner whose username contains uppercase letters.
Version 4.3.2
- List and filter your nodes by structured fact values. You can now add columns displaying structured fact values in dot notation format (such as docker.Architecture, ec2_metadata.hostname, or loadaverages.15m) to your node table. In addition, you now have the option to use the values within your structured facts when creating a fact value filter on the Nodes page.
- Webhooks for GitLab repositories that exist in nested groups now correctly trigger pipelines.
- Webhooks for Bitbucket Cloud control repos and modules that were added to Continuous Delivery for PE versions 4.2.0 and later now correctly trigger pipelines.
- Invalid characters are no longer present in the repository organization field for Bitbucket Cloud control repos, and jobs now clone these repositories correctly.
- Unnecessary repeated
The requested range is not satisfiable
errors are no longer included in the application log. - Jobs included in pipeline stages no longer fail when attempting to download the control repo and job scripts.
- Support for Puppet Enterprise version 2018.1. PE 2018.1 reached the end of its support lifecycle on 31 January 2021.
Version 4.3.1
Due to an issue discovered after release, we retracted version 4.3.0. Version 4.3.1 is now the first version in the 4.3.x series.
- Support for Red Hat Enterprise Linux (RHEL) 8 and CentOS 8. You can now run Continuous Delivery for PE on RHEL version 8 and CentOS version 8.
-
Ceph replaces MinIO for object storage.
Continuous Delivery for PE 4.x now uses Ceph for object storage
instead of MinIO. New 4.3.1 installations use Ceph from the outset. For
existing 4.x users, MinIO information is migrated to Ceph for you as part of
the upgrade to version 4.3.1. To support this change, Ceph replication
status is now collected as part of the support bundle. Note: For existing 4.x users, the data migration to Ceph may cause the 4.3.1 upgrade process to take in excess of 15 minutes. Monitor the progress of the data export phase of the migration by running
kubectl logs job/cd4pe-migrate-object-store-v2 -c export
and watching the logs for a message similar toDone. Downloaded 12990574 bytes in 63.0 seconds, 201.22 KB/s.
Next, monitor the data import phase of the migration by runningkubectl logs job/cd4pe-migrate-object-store-v2
and watching for a message similar toDone. Uploaded 12990574 bytes in 267.8 seconds, 47.37 KB/s.
When both the export and import phases are shown as done in the logs, the migration is complete. - Default job timeout period increased. The default job timeout period is now 30 minutes. This change reduces the chance that complex jobs time out before completion. See Adjust the timeout period for jobs to learn more.
-
Usability improvements. Version 4.3.1 introduces several improvements
to the design and usability of the web UI, including:
- The delete module icon is now correctly labeled.
- Control repo icons are displayed when selecting a custom deployment policy for a deployment.
- When logging in, users are now correctly directed to the last workspace they visited.
- Long branch names no longer overlap event status indicators in the Events area.
- Users are now less likely to encounter Docker Hub rate limits.
- The object storage migration process is now more robust and issues found in version 4.3.0 have been resolved.
- If an impact analysis task is canceled in a pipeline stage with the "any completed" auto-promotion criteria set, the pipeline run now stops at the canceled stage and does not continue.
- CVE-2020-7946. Source control tokens were displayed in plain text when trace-level logging was enabled. This issue has been resolved.
- CVE-2020-27218. An Eclipse Jetty vulnerability has been resolved.
- CVE-2020-29361, CVE-2020-29362, and CVE-2020-29363. The version of PostgreSQL included in Continuous Delivery for PE has been upgraded to resolve CVE-2020-29361, CVE-2020-29362, and CVE-2020-29363.
Version 4.2.4
Released 17 December 2020.
- An issue with the webhooks for GitLab-based modules that were first added to Continuous Delivery for PE version 4.2.0 or newer has been resolved. Pipeline runs for these modules are now triggered correctly.
Version 4.2.3
Released 17 November 2020.
- Webhooks now correctly trigger pipelines for GitLab repositories with names that include spaces or other unusual characters.
- The platform admin console now rate limits authentication attempts to
prevent brute force attacks. Note: Rate limiting does not currently apply to the Continuous Delivery for PE application web UI.
- This version includes an upgrade of PostgreSQL to version 12.5. Note: The upgrade causes PostgreSQL to restart. In most cases, the downtime is expected to last less than a minute.
Version 4.2.2
Released 12 November 2020.
- Impact analysis tasks on modules now manage prefixed environments correctly.
- This version includes an update to MinIO that addresses critical issues.
Note: This upgrade causes the MinIO service to be temporarily unavailable. In most cases, the downtime only lasts a few minutes.
Version 4.2.1
Released 5 November 2020.
- Jobs no longer fail when triggered by pull requests from Bitbucket Cloud or Bitbucket Server repositories.
- The Bolt tasks included in the
puppetlabs-cd4pe
module version 3.0.1 and newer no longer fail with aConnection reset by peer
error when run against Continuous Delivery for PE version 4.x.Important: You must upgrade thepuppetlabs-cd4pe
module to version 3.0.1 or later in order to use its Bolt tasks.
Version 4.2.0
Released 3 November 2020.
- Available memory setting. A new setting on the Config page in the platform admin console lets you tune the total memory available to the Continuous Delivery for PE application. For more on the Memory available for CD4PE setting, see Adjust available memory.
- Removal of harmful terminology. Documentation for this release replaces the term “PE master” with “PE primary server," and the term "master branch" with "main branch". When adding a new control repo or module, Continuous Delivery for PE now looks for a "main" branch instead of a "master" branch. These changes are part of a company-wide effort to remove harmful terminology from our products.
- The eventual consistency deployment policy now runs more rapidly.
- Code Manager deployments triggered by Continuous Delivery for PE are now automatically retried if certain transient failures occur.
- PostgreSQL logs no longer include errors from health checks.
- If your workspace is connected to multiple PE instances with identically named nodes on each instance, the Nodes page now correctly reports the details of all identically named nodes.
- Impact analysis tasks are now case-insensitive when processing resource names.
- The LDAP group user attribute setting is now correctly applied when querying
LDAP groups that use a custom attribute to identify members.Important: If your installation previously used a group user attribute setting other than
dn
, you must set the group user attribute todn
in the root console after upgrading to version 4.2.0. Failure to do this breaks your installation’s ability to correctly perform LDAP group lookups.
-
CVE-2020-25649. A
jackson-databind
vulnerability has been resolved. - CVE-2020-15250. A JUnit4 vulnerability has been resolved.
- CVE-2020-13956. An Apache HTTPClient vulnerability has been resolved.
- Sonatype-2020-0926. A security scanner may have detected a vulnerability in Continuous Delivery for PE version 4.1.x. However, Continuous Delivery for PE does not exercise the vulnerable code path and is not vulnerable.
Version 4.1.3
Released 15 October 2020.
- Jobs now run successfully on pull requests opened from forked copies of source control repositories. This fix applies to all supported source control providers except Bitbucket Cloud and Bitbucket Server, which do not support pull requests from forks.
- Job logs are now shown correctly for all jobs run in a high availability environment.
- Continuous Delivery for PE no longer attempts to update webhooks on every startup if you have a backend URL that does not end with a trailing slash, or if you've used the webhook update tool in the root console. This fix means that GitHub and GitHub Enterprise no longer receive webhook payloads in an invalid format.
- Network policies now no longer restrict egress, supporting deployment of Continuous Delivery for PE on clusters that use tools such as Calico as a container network interface.
- You can now successfully enable TLS for the webhook proxy on port 8000. In offline installations, the local registry is now exposed on port 9001 for job hardware agents. Requests to these ports no longer time out.
Version 4.1.2
- If your load balancer requires HTTP health checks, you can now opt into
using Ingress settings that do not require Server Name Indication (SNI) for
/status
. Enable this setting in the Customize endpoints section of the Config tab in the platform admin console. - Preflight checks for offline installations no longer hang with an
ImagePullBackoff
error on initial setup. - Long-running deployments and jobs no longer fail with a
504 upstream request timeout
error.
Version 4.1.1
Released 29 September 2020.
- Filter the Nodes page. You can now apply custom filter combinations to your nodes table and zero in on the node data that's most relevant to your work. Available filters include fact value, most recent node change status, operating system, PE server, node group, and no-op status.
-
Snapshots. Snapshots are point-in-time backups of your Continuous Delivery for PE deployment, which can be used to roll back
to a previous state. You can create snapshots manually or set up a schedule
to capture them automatically. To get started, see Configure rollback snapshots. CAUTION: Snapshots are a beta feature. As such, they may not be fully documented or work as expected; please explore them at your own risk.
- Simplified port configuration for new installations. The webhook service now defaults to HTTP on port 8000 and can be switched to HTTPS on the same port. In new offline installations, the local registry is exposed on port 9001 for job hardware agents. No action is required for existing installations that use webhook or registry hostnames; existing configurations work as they did previously.
- Snapshots now successfully save to Amazon S3. In order to save your snapshots to an Amazon S3 bucket, you must upgrade the platform admin console to the latest version after upgrading to Continuous Delivery for PE version 4.1.1. See Upgrade the platform admin console for instructions.
- When exporting node table data, occasional failed queries to PuppetDB are now retried automatically, and no longer result in a failed export.
Version 4.0.1
Released 14 September 2020.
- The export functionality on the 4.x Nodes page now works correctly.
- The container no longer hangs indefinitely in some circumstances after the host is rebooted.
- Network security rules now restrict inter-service communications.
- Local registry credentials are now stored as secrets.
- Certificate validation preflight checks now correctly refer to the local registry during offline installations.
Version 4.0.0
Released 25 August 2020.
- New installer and administration platform. The new Continuous Delivery for PE 4.x platform introduces a streamlined experience for installation, upgrades, license management, troubleshooting, and more. Use the new platform admin console to configure, monitor, upgrade to new versions in the 4.x series, back up, restore, and deploy your Continuous Delivery for PE installation.
- Migrate your 3.x data to a 4.x installation. To upgrade to the Continuous Delivery for PE 4.x series from a version in the 3.x series, see Migrate 3.x data to 4.x.
- Update webhooks. The new Webhooks tool in the root console updates your source control webhooks to point to the current installation. Use this tool as part of the 3.x to 4.x migration process, or any time you change the location of your Continuous Delivery for PE installation.
- Continuous Delivery agent on job hardware. Support for the Continuous Delivery agent was deprecated in version 3.4.0. Puppet agent-based job hardware is still supported.
- Support for external Amazon DynamoDB and MySQL databases. Support for external Amazon DynamoDB and MySQL databases was deprecated in version 3.1.0.
- Support for external object storage. The 4.x series replaces external Artifactory and Amazon S3 object storage with a built-in highly available object storage system.