Continuous Delivery release notes

These are the new features, enhancements, resolved issues, and deprecations for the Continuous Delivery 5.x release series.

Important information:

  • Migration. To upgrade to the Continuous Delivery 5.x series from a version in the 4.x series, see Migrate 4.x data to 5.x.

Version 5.4.0

Released 7 May 2024.

New in this release:

  • Puppet Enterprise and Puppet Enterprise Advance. The Puppet Enterprise (PE) license now includes Continuous Delivery and Security Compliance Management (formerly Puppet Comply). The Puppet Enterprise Advanced license gives you access to the premium features: Continuous Delivery's Impact Analysis and Security Compliance Enforcement. Please refer to Add or update a license key for instructions on how to add a license to Continuous Delivery.
  • Automatically create a heap dump on OutOfMemory JVM errors. The pipelinesinfra backend service now automatically generates a JVM heap dump when an out-of-memory error is encountered. Download this heap dump by running: 
       bolt plan run cd4peadm::heap_dump
  • Added an API endpoint to provide information about the Continuous Delivery license. Added an API endpoint to Continuous Delivery's implementation of the OpenAPI specification that allows you to view the currently installed license. You can find this information at v1/license.

Updated in this release:

  • Update existing Continuous Delivery roles to include the enterprise_tasks::register_application permission. Updated the Tasks permission to include enterprise_tasks::register_application. This is required to inform Puppet Enterprise (PE) where Continuous Delivery is installed. You need to modify any existing roles to ensure this permission is included.
  • Removed authtokens API from OpenAPI specification. The /v1/authtokens API has been replaced by /v1/tokens, which requires an authentication token in the header.

Resolved in this release:

  • Unable to clone via SSH from ADO Cloud. Upgraded Continuous Delivery's SSH client to support RSA SHA256 and RSA SHA512 handshake algorithms. This was necessary to support SSH connections with ADO Cloud after Microsoft began phasing out support for SHA1 handshakes. Any other providers that also need the newer algorithms (such as GitLab deployed on Red Hat Enterprise Linux (RHEL) 9) are also now supported.
  • Duplicate GitLab integration causing a blank screen. Fixed an issue loading the source control integrations screen caused by accidentally adding duplicate VCS providers.
  • After upgrading to 4.29.2 the commit link on Continuous Delivery redirects to an invalid URL. Fixed invalid commit links when using Azure DevOps as a source control provider.
  • Impact Analysis job link for a module goes to job for a control repo. Fixed an issue navigating between the main control repo view and the Impact Analysis/Deployment screens.
  • Can create an invalid deployment stage. Fixed an issue where it was possible to create a deployment stage pointing at an environment node group with the same name as the branch the pipeline runs from.
  • Module feature branch deployment stages are failing to deploy. Fixed an issue where the module feature branch deployment stages failed to deploy. The missing control repo and branch fields have been added to the module deployment dialog for a regex pipeline.
  • HTTP 403 error when upgrading to Continuous Delivery 4.29.2. Fixed an issue in 4.29.x versions of Continuous Delivery that required the user triggering a manual deployment to be either the owner of the workspace or a root user.
  • UI container on RHEL 9 does not start. Fixed an SELinux error when installing or upgrading to Continuous Delivery 5.3.2 on RHEL 9.
  • CD4PE_JOB_CONTEXT is unavailable unless a secret is added. Fixed an issue where the output of pipeline job tasks were not displaying the value of the CD4PE_JOB_CONTEXT environment variable unless the job had a secret added. The value of CD4PE_JOB_CONTEXT now displays regardless of whether a secret is set or not.
  • 4.x to 5.x migration is failing due to missing directory under /tmp on Continuous Delivery version 5 host. Fixed an issue where localhost migrations from 4.x to 5.x would fail trying to write to a non-existent /tmp directory.
  • Running the Bolt plan to migrate from 4.x to 5.x fails without a configuration file, common.yaml, already present. Fixed an issue where the cd4peadm::install_from_v4 plan would fail if a configuration file was not already present.

Security notices:

  • CVE-2023-49569. Updated go-git to address this vulnerability.
  • CVE-2023-1732. Updated Cloudflare/circl to address this vulnerability.
  • CVE-2024-27304, CVE-2024-27289, CVE-2023-39325. Updated Query Service to 1.8.16 to address these vulnerabilities.

Version 5.3.2

Released 21 March 2024.

New in this release:

  • Created a separate migration plan. Added a new plan, cd4peadm::install_from_v4, to migrate from 4.x to 5.x.

Resolved in this release:

  • Missing Impact analysis (IA) report. Fixed an issue with Impact Analysis and Azure DevOps where Continuous Delivery falsely reports no impacted nodes.
  • Error trying to run an Impact Analysis for a Module. Fixed an issue where users who created a deployment stage on a pipeline may see the Impact Analysis pipeline stage fail with the following error: Cannot invoke "com.distelli.models.ControlRepoId.getDomain()" because "controlRepoId" is null
  • Error in Continuous Delivery Feature branch policy UI. Fixed an error when editing a regex pipeline's deployment stage for a Bitbucket or GitHub control repo.
  • Pull request from Bitbucket Cloud not triggering Continuous Delivery pipeline with pull request trigger. Fixed an issue where pull requests to a Bitbucket cloud repository would not trigger a pipeline.
  • Triggering a regex pipeline against a branch with an existing pipeline runs that pipeline instead. Fixed an issue where manually triggering a regex pipeline against a branch with an existing pipeline would cause the branch pipeline to run rather than the expected regex pipeline.
  • Pressing <TAB> after entering user/email changes focus to Show/hide password instead of Input password. Fixed a minor UI issue in the login screen where pressing <TAB> after entering the user name or email address would focus on the Show/hide password icon instead of the password input field.

Security notice:

  • CVE-2023-49569. Updated go-git to address this vulnerability.
  • CVE-2023-1732. Updated Cloudflare/circl to address this vulnerability.

Version 5.3.1

Released 21 February 2024.

New in this release:

  • Updating a pipeline now requires a new query parameter. The projectType (MODULE or CONTROL_REPO) is now a required query parameter when updating pipelines with /api/v1/pipelines-spec.

Resolved in this release:

  • Unable to run deployments after creating or editing a pipeline. Fixed an issue where deployments were not run for new or edited pipelines.
  • Unable to update a deployment on a regex pipeline. Fixed an issue that prevented updates to a deployment on a regex pipeline.
  • Option to select an environment prefix in the Deployment dialog box. Added the SELECT AN ENVIRONMENT PREFIX option to select a Puppet Enterprise environment prefix when creating a manual deployment or adding a deployment stage to a pipeline.
  • Unable to manually trigger a regex pipeline. Fixed an issue where manually triggering a regex pipeline caused a "branch not found" error. Regex pipelines can now be triggered against branches matching the regex.
  • New Impact Analysis jobs cause list errors. Manual Impact Analysis runs can now be triggered on code projects with custom names without causing an error with the tables on the Control Repos and Modules pages.
  • Unable to select a different view on the Nodes page. Fixed an issue where selecting a different view on the Nodes page resulted in an error.
  • Continuous Delivery approval emails not being sent after changing Bitbucket to GitLab. Fixed an issue where approval notifications were not sent for deployments from GitLab projects in subgroups.

Security notice:

  • CVE-2024-0567. Updated the Debian Docker image to address this vulnerability.

Version 5.3.0

Released 8 February 2024.

New in this release:

  • Personal access token management. You can now create authentication tokens to allow a user to enter their credentials once, then receive an alphanumeric token to access different services or parts of the system infrastructure. To manage personal access tokens, see Manage personal access tokens.
  • OpenAPI support. You can now fetch data and automate your workflows with the Continuous Delivery REST API. To get started using Continuous Delivery public APIs, see REST API.
  • Value reporting. You can now view activity values across all the Puppet Enterprise (PE) instances integrated within a workspace in the Activity report. To view your activity in Continuous Delivery, see Activity reporting.
  • Refreshed Continuous Delivery pipelines UI. The Continuous Delivery pipelines pages have a refreshed appearance.
  • Generate new SSL certificates. Added a cd4peadm::regen_certificates plan to generate new SSL certificates for the app, using the current configuration. After running this plan, use cd4peadm::apply_configuration to upload the new certificates to Continuous Delivery.

Security notice:

  • CVE-2023-39325. Updated several direct and indirect dependencies to address this vulnerability.

Version 5.2.1

Released 5 December 2023.

Resolved in this release:

  • Upgrading to 5.2.0 fails because version file is missing. Fixed an issue where upgrading to 5.2.0 would fail because the version file was missing.

Version 5.2.0

Released 30 November 2023.

New in this release:

  • New node filter feature added to impact analysis. A new node filter feature for Impact Analysis can be configured to run the analysis on a subset of impacted nodes. Nodes can be filtered by percentage of the number of nodes impacted by the change. See the adding Impact Analysis step for your pipelines-as-code to learn how to add this setting to your pipeline. Currently this setting is only available in pipelines-as-code. To enable pipelines-as-code, see Construct pipelines from code.
  • Support for Red Hat Enterprise Linux (RHEL) 9 and Ubuntu 22.04. You can now run Continuous Delivery on RHEL version 9 and Ubuntu version 22.04.
  • Send webhooks to a dedicated port. Continuous Delivery 5.x now supports SSL verification on webhooks. To enable SSL webhooks, set the enable_ssl_webhooksHiera setting to true.
  • Migration improvements. The install plan now checks to ensure the 4.x instance provided during a migration has an up-to-date version of Continuous Delivery.
  • Simplified installation and migration. The install plan now automatically creates a hiera.yaml file and encryption keys when installing 5.x or migrating from 4.x to 5.x.

Resolved in this release:

  • Installation cannot complete on local installs. Fixed an issue where Continuous Delivery installation failed to complete on local installs because /etc/puppetlabs did not exist on the Continuous Delivery host.
  • Fact charts do not always show the correct number of nodes when switching filters. Fixed an issue in the node table so that the fact charts reflect the selected filters.

Security notice:

  • CVE-2023-36478. Continuous Delivery is not vulnerable, but we are now running the updated version of Jetty that addresses this vulnerability.

Version 5.1.2

Released 11 October 2023.

Resolved in this release:

  • Jobs fail with Null pointer exception on trigger events. Fixed an issue where jobs in the first stage of a pipeline would occasionally fail due to a synchronization issue on the backend.

Version 5.1.1

Released 5 October 2023.

Resolved in this release:

  • Escape characters in the 4.x migration causing warnings. Fixed an issue where some escape characters in the 4.x migration generate_config code were causing incomplete migrations.

Version 5.1.0

Released 4 October 2023.

New in this release:

  • Migration improvements. You can now specify which Kubernetes namespace Continuous Delivery 4.x is installed in when migrating to 5.x.
  • Display logs for the Continuous Delivery components from the Bolt runner. Added the logs plan to display the logs for the Continuous Delivery components from the Bolt runner.
  • curl no longer needs to be installed on the Bolt runner host. The Continuous Delivery 5.x installer no longer requires curl be installed on the Bolt runner host.
  • Starting, stopping, and restarting Continuous Delivery component services improvements. Added the ctl plan to start, stop, or restart the Continuous Delivery component services. This plan can also get the status for the Continuous Delivery component services.

Version 5.0.0

Released 7 September 2023.

New in this release:

  • New installer and administration platform. The new Continuous Delivery 5.x platform introduces a streamlined experience for installation, upgrades, license management, troubleshooting, and more.
  • Migrate your 4.x data to a 5.x installation. To upgrade to the Continuous Delivery 5.x series from a version in the 4.x series, see Migrate 4.x data to 5.x.

Removed in this release:

  • Puppet Application Manager. Deprecated support for Puppet Application Manager in version 5.0.0.