These are the new features, enhancements, resolved issues, and deprecations for the Continuous Delivery for Puppet Enterprise (PE) 4.x release series.
To upgrade to the Continuous Delivery for PE 4.x series from a version in the 3.x series, see Migrating 3.x data to 4.x.
Released 17 December 2020
- An issue with the webhooks for GitLab-based modules that were first added to Continuous Delivery for PE version 4.2.0 or newer has been resolved. Pipeline runs for these modules are now triggered correctly.
Released 17 November 2020
- Webhooks now correctly trigger pipelines for GitLab repositories with names that include spaces or other unusual characters.
- The platform admin console now rate limits authentication attempts to
prevent brute force attacks. Note: Rate limiting does not currently apply to the Continuous Delivery for PE application web UI.
- This version includes an upgrade of PostgreSQL to version 12.5. Note: The upgrade will cause PostgreSQL to restart. In most cases, the downtime is expected to last less than a minute.
Released 12 November 2020
- Impact analysis tasks on modules now manage prefixed environments correctly.
- This version includes an update to MinIO that addresses critical issues.
Note: The upgrade will cause the MinIO service to be temporarily unavailable. In most cases, the downtime is expected to last only a few minutes.
Released 5 November 2020
- Jobs no longer fail when triggered by pull requests from Bitbucket Cloud or Bitbucket Server repositories.
- The Bolt tasks included in the
puppetlabs-cd4pemodule version 3.0.1 and newer no longer fail with a
Connection reset by peererror when run against Continuous Delivery for PE version 4.x.Important: You must upgrade the
puppetlabs-cd4pemodule to version 3.0.1 or later in order to use its Bolt tasks.
Released 3 November 2020
- Available memory setting. A new setting on the Config page in the platform admin console lets you tune the total memory available to the Continuous Delivery for PE application. For more on the Memory available for CD4PE setting, see Adjusting available memory.
- Removal of harmful terminology. Documentation for this release replaces the term “PE master” with “PE primary server," and the term "master branch" with "main branch". When adding a new control repo or module, Continuous Delivery for PE now looks for a "main" branch instead of a "master" branch. These changes are part of a company-wide effort to remove harmful terminology from our products.
- The eventual consistency deployment policy now runs more rapidly.
- Code Manager deployments triggered by Continuous Delivery for PE are now automatically retried if certain transient failures occur.
- PostgreSQL logs no longer include errors from health checks.
- If your workspace is connected to multiple PE instances with identically named nodes on each instance, the Nodes page now correctly reports the details of all identically named nodes.
- Impact analysis tasks are now case-insensitive when processing resource names.
- The LDAP group user attribute setting is now correctly applied when querying
LDAP groups that use a custom attribute to identify members.Important: If your installation previously used a group user attribute setting other than
dn, you must set the group user attribute to
dnin the root console after upgrading to version 4.2.0. Failure to do so will break your installation’s ability to correctly perform LDAP group lookups.
- CVE-2020-25649. A
jackson-databindvulnerability has been resolved.
- CVE-2020-15250. A JUnit4 vulnerability has been resolved.
- CVE-2020-13956. An Apache HTTPClient vulnerability has been resolved.
- Sonatype-2020-0926. A security scanner may have detected a vulnerability in Continuous Delivery for PE version 4.1.x. However, Continuous Delivery for PE does not exercise the vulnerable code path and is not vulnerable.
Released 15 October 2020
- Jobs now run successfully on pull requests opened from forked copies of source control repositories. This fix applies to all supported source control providers except Bitbucket Cloud and Bitbucket Server, which do not support pull requests from forks.
- Job logs are now shown correctly for all jobs run in a high availability environment.
- Continuous Delivery for PE no longer attempts to update webhooks on every startup if you have a backend URL that does not end with a trailing slash, or if you've used the webhook update tool in the root console. This fix means that GitHub and GitHub Enterprise no longer receive webhook payloads in an invalid format.
- Network policies now no longer restrict egress, supporting deployment of Continuous Delivery for PE on clusters that use tools such as Calico as a container network interface.
- You can now successfully enable TLS for the webhook proxy on port 8000. In offline installations, the local registry is now exposed on port 9001 for job hardware agents. Requests to these ports no longer time out.
- If your load balancer requires HTTP health checks, you can now opt into
using Ingress settings that do not require Server Name Indication (SNI) for
/status. Enable this setting in the Customize endpoints section of the Config tab in the platform admin console.
- Preflight checks for offline installations no longer hang with an
ImagePullBackofferror on initial setup.
- Long-running deployments and jobs no longer fail with a
504 upstream request timeouterror.
Released 29 September 2020
- Filter the Nodes page. You can now apply custom filter combinations to your nodes table and zero in on the node data that's most relevant to your work. Available filters include fact value, most recent node change status, operating system, PE server, node group, and no-op status.
- Snapshots. Snapshots are point-in-time backups of your Continuous Delivery for PE deployment, which can be used to roll back
to a previous state. You can create snapshots manually or set up a schedule
to capture them automatically. To get started, see Configure rollback snapshots.
CAUTION: Snapshots are a beta feature. As such, they may not be fully documented or work as expected; please explore them at your own risk.
- Simplified port configuration for new installations. The webhook service now defaults to HTTP on port 8000 and can be switched to HTTPS on the same port. In new offline installations, the local registry is exposed on port 9001 for job hardware agents. No action is required for existing installations that use webhook or registry hostnames; existing configurations will work as previously.
- Snapshots now successfully save to Amazon S3. In order to save your snapshots to an Amazon S3 bucket, you must upgrade the platform admin console to the latest version after upgrading to Continuous Delivery for PE version 4.1.1. See Upgrade the platform admin console for instructions.
- When exporting node table data, occasional failed queries to PuppetDB are now retried automatically, and no longer result in a failed export.
Released 14 September 2020
- The export functionality on the 4.x Nodes page now works correctly.
- The container no longer hangs indefinitely in some circumstances after the host is rebooted.
- Network security rules now restrict inter-service communications.
- Local registry credentials are now stored as secrets.
- Certificate validation preflight checks now correctly refer to the local registry during offline installations.
Released 25 August 2020
- New installer and administration platform. The new Continuous Delivery for PE 4.x platform introduces a streamlined experience for installation, upgrades, licence management, troubleshooting, and more. Use the new platform admin console to configure, monitor, upgrade to new versions in the 4.x series, back up, restore, and deploy your Continuous Delivery for PE installation.
- Migrate your 3.x data to a 4.x installation. To upgrade to the Continuous Delivery for PE 4.x series from a version in the 3.x series, see Migrating 3.x data to 4.x.
- Update webhooks. The new Webhooks tool in the root console updates your source control webhooks to point to the current installation. Use this tool as part of the 3.x to 4.x migration process, or any time you change the location of your Continuous Delivery for PE installation.
- Continuous Delivery agent on job hardware. Support for the Continuous Delivery agent was deprecated in version 3.4.0. Puppet agent-based job hardware is still supported.
- Support for external Amazon DynamoDB and MySQL databases. Support for external Amazon DynamoDB and MySQL databases was deprecated in version 3.1.0.
- Support for external object storage. The 4.x series replaces external Artifactory and Amazon S3 object storage with a built-in highly available object storage system.