Continuous Delivery for PE release notes

These are the new features, enhancements, resolved issues, and deprecations for the Continuous Delivery for Puppet Enterprise (PE) 4.x release series.

Note: Migrate 3.x data to 4.x explains how to upgrade to the Continuous Delivery for PE 4.x series from a version in the 3.x series.

Version 4.29.2

Released 21 March 2024.

Resolved in this release:

  • Missing Impact analysis (IA) report. Fixed an issue with Impact Analysis and Azure DevOps where Continuous Delivery for PE falsely reports no impacted nodes.
  • Error trying to run an Impact Analysis for a Module. Fixed an issue where users who created a deployment stage on a pipeline may see the Impact Analysis pipeline stage fail with the following error: Cannot invoke "com.distelli.models.ControlRepoId.getDomain()" because "controlRepoId" is null
  • Error in Continuous Delivery for PE Feature branch policy UI. Fixed an error when editing a regex pipeline's deployment stage for a Bitbucket or GitHub control repo.
  • Pull request from Bitbucket Cloud not triggering Continuous Delivery for PE pipeline with pull request trigger. Fixed an issue where pull requests to a Bitbucket cloud repository would not trigger a pipeline.
  • Triggering a regex pipeline against a branch with an existing pipeline runs that pipeline instead. Fixed an issue where manually triggering a regex pipeline against a branch with an existing pipeline would cause the branch pipeline to run rather than the expected regex pipeline.
  • Unable to verify Global HTTP read timeout setting. Increased the NGINX proxy_read_timeout from 60 seconds to 300 seconds to allow for longer running jobs.
  • Pressing <TAB> after entering user/email changes focus to Show/hide password instead of Input password. Fixed a minor UI issue in the login screen where pressing <TAB> after entering the user name or email address would focus on the Show/hide password icon instead of the password input field.

Version 4.29.1

Released 21 February 2024.

New in this release:

  • Updating a pipeline now requires a new query parameter. The projectType (MODULE or CONTROL_REPO) is now a required query parameter when updating pipelines with /api/v1/pipelines-spec.

Resolved in this release:

  • Unable to run deployments after creating or editing a pipeline. Fixed an issue where deployments were not run for new or edited pipelines.
  • Unable to update a deployment on a regex pipeline. Fixed an issue that prevented updates to a deployment on a regex pipeline.
  • Option to select an environment prefix in the Deployment dialog box. Added the SELECT AN ENVIRONMENT PREFIX option to select a Puppet Enterprise environment prefix when creating a manual deployment or adding a deployment stage to a pipeline.
  • Unable to manually trigger a regex pipeline. Fixed an issue where manually triggering a regex pipeline caused a "branch not found" error. Regex pipelines can now be triggered against branches matching the regex.
  • New Impact Analysis jobs cause list errors. Manual Impact Analysis runs can now be triggered on code projects with custom names without causing an error with the tables on the Control Repos and Modules pages.
  • Unable to select a different view on the Nodes page. Fixed an issue where selecting a different view on the Nodes page resulted in an error.
  • Continuous Delivery for PE approval emails not being sent after changing Bitbucket to GitLab. Fixed an issue where approval notifications were not sent for deployments from GitLab projects in subgroups.

Security notice:

  • CVE-2024-0567. Updated the Debian Docker image to address this vulnerability.

Version 4.29.0

Released 8 February 2024.

New in this release:

  • Personal access token management. You can now create authentication tokens to allow a user to enter their credentials once, then receive an alphanumeric token to access different services or parts of the system infrastructure. To manage personal access tokens, see Manage personal access tokens.
  • OpenAPI support. You can now fetch data and automate your workflows with the Continuous Delivery for Puppet Enterprise (PE) REST API. To get started using Continuous Delivery for PE public APIs, see REST API.
  • Value reporting. You can now view activity values across all the Puppet Enterprise (PE) instances integrated within a workspace in the Activity report. To view your activity in Continuous Delivery for PE, see Activity reporting.
  • Refreshed Continuous Delivery for PE pipelines UI. The Continuous Delivery for PE pipelines pages have a refreshed appearance.

Security notice:

  • CVE-2023-39325. Updated several direct and indirect dependencies to address this vulnerability.

Version 4.28.0

Released 30 November 2023.

New in this release:

  • New node filter feature added to impact analysis. A new node filter feature for Impact Analysis can be configured to run the analysis on a subset of impacted nodes. Nodes can be filtered by percentage of the number of nodes impacted by the change. See the adding Impact Analysis step for your pipelines-as-code to learn how to add this setting to your pipeline. Currently this setting is only available in pipelines-as-code. To enable pipelines-as-code, see Construct pipelines from code.

Resolved in this release:

  • Fact charts do not always show the correct number of nodes when switching filters. Fixed an issue in the node table so that the fact charts reflect the selected filters.

Security notice:

  • CVE-2023-36478. Continuous Delivery for PE is not vulnerable, but we are now running the updated version of Jetty that addresses this vulnerability.

Version 4.27.1

Released 11 October 2023.

Resolved in this release:

  • Jobs fail with Null pointer exception on trigger events. Fixed an issue where jobs in the first stage of a pipeline would occasionally fail due to a synchronization issue on the backend.

Version 4.27.0

Released 4 October 2023.

Resolved in this release:

  • Deleting workspace for LDAP user causes issues. Fixed an issue where the LDAPSyncFunction task fails and the user is not able to log in to Continuous Delivery for PE. This happened when a deleted workspace was referenced in an LDAP Group Mapping.
  • Upgraded the query service to version 1.8.14 to update the default configuration to support Continuous Delivery for PE 5.x.

Version 4.26.2

Released 7 September 2023.

Fixed in this release:
  • Pipeline jobs no longer intermittently fail with Postgres errors. Fixed an issue where pipeline jobs randomly failed with Postgres errors in Continuous Delivery for PE.

Version 4.26.1

Released 23 August 2023.

New in this release:
  • Added new text field under the Config page in Puppet Application Manager called External CA Certificate. The PAM UI now includes the External CA Certificate option under the Config page that allows you to supply a trusted SSL certificate for Continuous Delivery for PE to use when communicating with external services.

Version 4.26.0

Released 22 August 2023.

New in this release:
  • Large object store data is now stored in PostgreSQL. Continuous Delivery for PE 4.26.0 now uses PostgreSQL for large object storage. New 4.26.0 installations use PostgreSQL from the outset. For existing users, large object data is migrated for you as part of the upgrade to version 4.26.0.
    Note: For existing users, the data migration may cause the 4.26.0 upgrade process to take in excess of 15 minutes.
  • Refreshed the Continuous Delivery for PE Control Repos UI. The Continuous Delivery for PE Control Repos pages have a refreshed appearance.
  • Refreshed the Continuous Delivery for PE Modules UI. The Continuous Delivery for PE Modules pages have a refreshed appearance.

Resolved in this release:

  • Security fixes. This release upgrades okio-jvn to version 3.4.0 to address CVE-2023-3635.

Version 4.25.1

Released 24 July 2023.

Resolved in this release:
  • Continuous Delivery for PE does not respect JVM HTTP proxy settings in certain scenarios. We fixed an issue where Continuous Delivery for PE ignored JVM HTTP proxy settings when attempting to proxy requests for Bitbucket Server/Cloud, GitHub/GitHub Enterprise, and GitLab.

Version 4.25.0

Released 11 July 2023.

New in this release:
  • User interface improvements. The following Continuous Delivery for PE pages have a refreshed appearance:
    • Page not found (404)
    • Runtime error
    • Forbidden (403)
    • Forgot your password?
    • Create a user account
Resolved in this release:
  • Continuous Delivery for PE default pipeline impact analysis fails with a non-actionable error message. Updated the error message to make it more descriptive and useful when a pipeline with no deployment stage fails the impact analysis stage.
  • GetJobInstanceV1 returns control repo display name for GitLab. Fixed an issue where links to a GitLab source control repository from the Job details screen wouldn't work if the control repo/module name did not match the GitLab repo name.
  • Security fixes. Version 4.25.0 includes several security fixes, including:
    • Upgraded gin-gonic to version 1.9.1 to address CVE-2023-29401.
    • Upgraded guava to version 32.0.0-android to address CVE-2023-2976.

Version 4.24.1

Released 28 June 2023.

Resolved in this release:
  • Impact Analysis always shows zero changes. We fixed an issue where module impact analysis would not correctly diff module versions when running against Puppet Enterprise deployed with the extra-large architecture. This fix improves logging in module impact analysis around module version diffing and shortens the time it takes the module impact analysis to report a failure when it is unable to compare module versions between environments.
  • Documentation improvements. Added a new section to clarify how to Integrate with Azure DevOps Server on prem.

Version 4.24.0

Released 31 May 2023.

New in this release:
  • Added AzureDevOps support. Continuous Delivery for PE now supports ADO Server (on prem) integration.
  • Refreshed Continuous Delivery for PE user login UI. The Continuous Delivery for PE user login pages have a refreshed appearance.
Resolved in this release:
  • Unable to access job details page for jobs under code validation stage. Job detail links from code validation jobs now correctly redirect to the appropriate job details pages, rather than timing out.
  • Security fixes. Version 4.24.0 includes several security fixes, including:
    • Upgraded the query service to version 1.8.12 to protect against potential race conditions in the backend query service.
    • Upgraded jackson to version 2.15.0 to address CVE-2022-1471 in snakeyaml.

Version 4.23.1

Released 2 May 2023.

Resolved in this release:
  • Unable to access Job details pages for jobs in the Code validation stage. We fixed an issue where, after installing or upgrading to version 4.23.0 of Continuous Delivery for PE, the Job details pages for jobs in the Code validation stage of the pipeline were no longer available.
  • The version 4.23.1 .airgap bundle has an updated version of puppet-dev-tools that fixes CVE-2023-27533 and CVE-2023-27536.

Version 4.23.0

Released 18 April 2023.

New in this release:
  • Refreshed Continuous Delivery for PE job hardware UI. The Continuous Delivery for PE job hardware pages have a refreshed appearance.
  • Refreshed Continuous Delivery for PE Job details UI. The Continuous Delivery for PE Job details page has a refreshed appearance.
Resolved in this release:
  • Module subset modal prefix not working. The Module subset modal on the Edit Permissions screen now filters modules by prefix when typing.
  • Continuous Delivery for PE misidentifies pull requests coming from a Bitbucket Server. Fixed an issue where webhook events for Bitbucket Server repositories would incorrectly detect a pull request as coming from a forked repository.
  • Unable to list commits when branch name contains a "/". Commits are now properly listed when a branch name contains a "/".
  • Creating a new job template with a blank description causes an error. The Job details page now updates properly when a job template is created with a blank (null) description.

Version 4.22.2

Released 21 March 2023.

Resolved in this release:
  • Users unable to manually update token for Puppet Enterprise integration. We fixed an issue where users were unable to manually update their Puppet Enterprise token in the UI.
  • Disabling Vault before deploying Continuous Delivery for PE 4.22.0 causes it to crash. We fixed an issue where disabling Enable Vault in the Puppet Application Manager (PAM) UI prior to the initial deployment of Continuous Delivery for PE 4.22.0 causes Continuous Delivery for PE to crash. You can now disable Vault prior to the initial deployment of Continuous Delivery for PE 4.22.0.
  • The version 4.22.2 .airgap bundle has an updated version of puppet-dev-tools that appropriately sets the tag at 4.x.

Version 4.22.1

Released 16 March 2023.

Resolved in this release:
  • Console doesn't appear after upgrading. IPv6 was enabled by default, which caused NGINX to fail to start on non-IPv6 environments. IPv6 is now dynamically enabled only on IPv6 environments to prevent this.

Version 4.22.0

Released 8 March 2023.

New in this release:
  • Puppet Application Manager (PAM) UI now has an option to disable Vault.

    The PAM UI now includes the Enable Vault option under Advanced configuration and tuning that allows you to remove Vault. Enable Vault is selected by default to allow for migrations on older Continuous Delivery for PE releases (4.19.0 and older).

    Vault can be safely removed on all new installations from this release on. For users upgrading from version 4.19.0 or older, you must complete at least one successful deployment of version 4.20.0 or newer to safely remove Vault using the Enable Vault option in version 4.22.0.

  • Refreshed Continuous Delivery for PE Groups Settings UI. The Continuous Delivery for PE workspace Groups Settings pages have a refreshed appearance.
  • Refreshed Continuous Delivery for PESource Control Integrations Settings UI. The Continuous Delivery for PE Source Control Integrations Settings pages have a refreshed appearance.
Resolved in this release:
  • Login flow for root broken when no workspaces exist. An infinite redirect loop was possible when users logged in as root and there were no workspaces in Continuous Delivery for PE.
  • Concurrent catalog compilation throttling is now reset on Continuous Delivery for PE restart. Impact analysis would hang when the maximum number of concurrent compilations on each PE instance was reached.
  • 404 error when accessing a node from the node table. Selecting a node from the node table on the Nodes page would result in a 404 error.
  • The version 4.22.0 .airgap bundle has an updated version of puppet-dev-tools that includes PDK 2.6.1 and a fix addressing CVE-2023-23916.
  • Security fixes. Version 4.22.0 includes several security fixes, including:
    • Upgrading crypto to v0.0.0-20211209193657-4570a0811e8b to address CVE-2022-27191.
    • Upgrading gin-gonic to 1.9 to address CVE-2022-41723.
    • Upgrading postgresSQL to 42.4.1 to address CVE-2022-41946.
Removed in this release:
  • Support for versions of Kubernetes prior to 1.21. Kubernetes version 1.21 or higher is now required for Continuous Delivery for PE and Comply.

Version 4.21.1

Released 6 February 2023.

Resolved in this release:
  • Broken links associated with renaming workspaces. This fix resolves the following issues:
    • Broken links in the UI that pointed to the old name of a workspace that had been renamed.
    • Broken links from adding or editing job hardware capabilities from the root console.
  • Regex pipeline is triggered by webhook from GitLab when the branch is deleted. Regex pipelines are no longer triggered after merging the GitLab feature branch PRs and deleting the feature branches.

Version 4.21.0

Released 25 January 2023.

New in this release:
  • Documentation improvements. Beginning with 4.18.1 and ending with this release, we made quality of life changes to the Continuous Delivery for PE documentation. This primarily consisted of reorganizing some pages in a more logical manner and renaming some pages with overly-long titles. We rolled out a few changes with each release and enabled redirects where necessary.
    Changes in this release include:

    If you have any questions or comments about these changes, please use the feedback form at the bottom of this page to get in touch with our documentation team. Refer to prior release notes for details about previous changes.

Resolved in this release:
  • Environment status for cancelled impact analysis tasks was incorrect. Previously, if you cancelled an impact analysis task, the task was actually cancelled, but the Status for each environment would not update after cancellation. If you examined the impact analysis details in the Web UI, it would seem as though impact analysis was still running, when it was actually stopped. Now the environment statuses correctly update after impact analysis is cancelled.
  • OOMKilled error after upgrade. We fixed an issue where the cd4pe-migrate-object-store job was OOMKilled on application upgrade, which also caused Continuous Delivery for PE to get stuck initializing.
  • Pipeline statuses weren't communicated to AzureDevOps. Continuous Delivery for PE sends pipeline status information to AzureDevOps for pull requests.
  • Rapid navigation broke some pages. Occasionally, leaving a page before it was fully loaded caused an error.
  • Security fixes. Version 4.21.0 includes several security fixes, including:
    • Upgrading react-hot-loader to version 4.13.1 to address CVE-2022-37601 and CVE-2022-37603.
    • Upgrading the query service to version 1.8.8 to address CVE-2022-32149 and CVE-2022-27664.
    • Upgrading express to version 4.18.2 to address CVE-2022-24999.
    • Removing rbac and rbac-init images from airgapped bundles for Continuous Delivery for PE.
    • Upgrading jackson to version 2.14.0 to address CVE-2022-41854 and CVE-2022-38752 in snakeyaml.

Version 4.20.0

Released 15 November 2022.

New in this release:
  • Refreshed Puppet Enterprise integration UI. The Puppet Enterprise integration settings screens have a refreshed appearance.
    • Integrations are organized in card format, instead of table format.
    • The general process to Integrate with Puppet Enterprise or set up protected environments has not changed, but labels and placement of some fields, icons, and buttons have changed.
    • We added an error message to the Protected environments section that appears if you don't have permission to manage protected environments for a particular PE integration.
  • Compiler maintenance mode. You can Enable compiler maintenance mode to force code deployments to skip unavailable or offline compilers and replicas.
  • Job secrets stored in PostgreSQL. Job secrets are now stored in PostgreSQL instead of Vault. Upon upgrade to 4.20.0 or later, your existing secrets are automatically migrated from Vault to PostgreSQL. After this migration, Vault is no longer used.
  • Search all branches when managing pipelines as code. You can now search all branches when selecting a branch to manage pipelines as code. Previously, the list of branches was truncated and wasn't searchable.
  • Delete SMTP configuration. You can now delete unwanted SMTP configurations.
  • Impact analysis ignores patch fact generation script files. The pe_patch_fact_generation.ps1 and pe_patch_fact_generation.sh files are now excluded from impact analysis reports because these files always report a change of n/a to n/a. This created unnecessary clutter in the reports.
  • Documentation improvements. Beginning with 4.18.1, we've begun to make quality of life changes to the Continuous Delivery for PE documentation. This primarily consists of reorganizing some pages in a more logical manner and renaming some pages with overly-long titles. We'll roll out a few changes with each release and enable redirects where necessary.
    Changes in this release include:

    If you have any questions or comments about these changes, please use the feedback form at the bottom of this page to get in touch with our documentation team. Refer to prior release notes for details about previous changes.

Resolved in this release:
  • Fixed nested facts in Node Table. Nested facts now display correctly in the Node Table in Node Inventory.
  • Corrected error message. When running impact analysis on a module repo, if the specified branch is missing, the error message correctly refers to the repo as a module, instead of a control repo.
  • Impact analysis runs could fail in environments with proxies. We fixed an issue where impact analysis runs triggered by webhooks would fail in environments with proxies that use OpenTelemetry tooling.
  • Security fixes. This release upgraded kurl-proxy to 1.86.2 to address CVE-2022-40674 and CVE-2022-37434.

Version 4.19.0

Released 4 October 2022.

New in this release:
  • Improved impact analysis performance and removed redundant setting. We improved impact analysis performance when calculating impacted nodes. As a result of this, we removed the Environments path setting since it is no longer required to improve impact analysis performance. If you enabled this setting, this setting is removed during the upgrade, and you do not need to take any additional steps.
  • Repository menu limited to 10 results. When adding repositories, the Repository dropdown menu shows a maximum of 10 repositories, and you can type a repository name to refresh the results. In this release, we added a message to the dropdown menu clarifying the results limit.
  • Return to Login page from Forgot password page. We added a link back to the Login page from the Forgot password page.
  • Improved error messages. We improved the error messages shown on the Hardware page when Continuous Delivery for PE can't connect to the selected PE integration.
  • Documentation improvements. Beginning with 4.18.1, we've begun to make quality of life changes to the Continuous Delivery for PE documentation. This primarily consists of reorganizing some pages in a more logical manner and renaming some pages with overly-long titles. We'll roll out a few changes with each release and enable redirects where necessary.

    If you have any questions or comments about these changes, please use the feedback form at the bottom of this page to get in touch with our documentation team.

    No changes were included with 4.19.0. Refer to the 4.18.1 release notes for details about the latest changes.

Resolved in this release:
  • Impact analysis queued indefinitely. We fixed an issue that sometimes caused impact analysis tasks to get stuck in the queued state indefinitely.
  • Couldn't change a job's hardware capabilities. We fixed an issue that prevented you from selecting or deselecting Hardware capabilities when creating or editing jobs.
  • Browser-specific issues. We resolved a couple of error-handling issues that occurred in some browsers when running Continuous Delivery for PE in Kubernetes.
    • When editing workspace settings, the SSH key tab shows a warning if the workspace doesn't have an SSH key and gives you the option to add one.
    • When adding repositories, if webhook setup fails, you'll get a specific pop-up message, rather than a generic error.
  • Links to impact analysis documentation. In the Continuous Delivery for PE web UI, a few links to impact analysis documentation were broken. We've fixed those.
  • Incomplete list of Azure DevOps projects. When adding repositories from Azure DevOps Services, Continuous Delivery for PE can now show an unlimited number of projects. Previously, there was a cap on the maximum number of projects shown, and you would only hit the limit if you had access permission for a significant number of projects.
  • Security fixes. This release upgraded kurl-proxy to 1.83.0 to address CVE-2021-22946, CVE-2022-22576, CVE-2022-27781, and CVE-2022-27782.

Version 4.18.1

Released 27 September 2022.

New in this release:
  • Documentation improvements. With this release, we're beginning to make quality of life changes to the Continuous Delivery for PE documentation. This primarily consists of reorganizing some pages in a more logical manner and renaming some pages with overly-long titles. We'll roll out a few changes with each release and enable redirects where necessary.

    If you have any questions or comments about these changes, please use the feedback form at the bottom of this page to get in touch with our documentation team.

    Changes in this release include:

Resolved in this release:
  • GitLab integration configuration issue. Resolved an issue preventing users from configuring GitLab integrations to use HTTP or HTTPS for cloning.

Version 4.18.0

Released 8 September 2022.

New in this release:
  • Java 17 upgrade. This release includes an upgrade to Java 17, which deprecated some JVM args.
    Important: If you are passing any custom JVM args, make sure these are compatible with Java 17.
Resolved in this release:
  • Impact analysis details page crashes. The impact analysis details page no longer crashes if the filter set in the URL does not exist.

Version 4.17.0

Released 11 August 2022.

Resolved in this release:
  • Impact analysis detects Hiera .eyaml files. Previously, impact analysis only detected changes in Hiera files with the yaml extension. Impact analysis now also detects changes in Hiera files with the eyaml extension.
  • Corrected a database issue with pipeline event data. We fixed an issue where triggering a pipeline caused incorrect pipeline event data to be recorded in the database for all pipelines.
  • Security fixes. Version 4.17.0 includes several fixes related to security, including:
    • Upgraded pam-utils to address several CVEs.
    • Fixes to address CVE-2022-31197, CVE-2022-30591, and CVE-2020-29587.

Version 4.16.1

Released 14 July 2022.

Resolved in this release:
  • The Group user attribute wasn't respected when querying LDAP group membership. We fixed an issue where Continuous Delivery for PE incorrectly assumed the Group user attribute value was the same as the user's Distinguished name. This caused failure of group sync tasks and prevented deletion of LDAP group mappings.
  • You can delete LDAP group mappings after removing an LDAP configuration. Previously, if you removed an LDAP configuration before removing the associated group mappings, the group mappings were orphaned and impossible to delete.

Version 4.16.0

Released 12 July 2022.

New in this release:
  • You must manually update webhooks after changing the backend service endpoint. To prevent unexpected and undesired changes to webhooks, Continuous Delivery for PE no longer automatically updates your configured webhooks when you change the CD4PE_BACKEND_SERVICE_ENDPOINT. Instead, a warning message is logged asking you to Update webhooks manually through the web UI.
  • Automatic prefix selection when there is only one prefix available. If you use environment prefixes, when you add a deployment stage to a pipeline and there is only one prefix option available, Continuous Delivery for PE automatically selects that prefix. This enhancement resolves an issue where it was unclear that you needed to select an option when there was only one possible choice.
  • Minor UI change. We removed the Gravatar icon from the job Details page.
Resolved in this release:
  • Multiple pipelines-as-code issues, including unchanged pipelines suddenly missing (entirely or partially), unexpected duplicated pipelines, unfamiliar pipelines, or the Pipelines page loads very slowly. Webhooks were causing pipelines-as-code to be rebuilt more often than necessary and retaining extra, unnecessary pipeline data.
    Important: If you experience any of the above issues, you need to forcefully reload your .cd4pe.yaml file, as explained in this Support article: Pipelines-as-code issues in Continuous Delivery for PE 3.0.0 to 4.15.1.

Version 4.15.1

Released 14 June 2022.

Resolved in this release:
  • The SMTP port setting is no longer ignored if you enable TLS for your SMTP configuration.

Version 4.15.0

Released 7 June 2022.

New in this release:
  • (Experimental) Run impact analysis on fewer nodes. If an environment has a lot of nodes, it might take a long time for impact analysis to run. It is possible to only analyze a subset of your total nodes, but there are tradeoffs. We've described a process you could use to Run impact analysis on fewer nodes. If this feature interests you, please let us know what you think.
  • Improved source control integration field validation. When configuring GitLab, GitHub Enterprise, or Bitbucket Server integrations, the field validations are more robust and provide more useful error messages.
Resolved in this release:
  • Pipeline runs triggered by pull requests continue to respect PR gates after pipeline promotion. Previously, promoting a pipeline that was triggered by a pull request could discard the PR event type association. This caused any subsequent manual stage promotions to ignore their respective PR gates, because the pipeline run incorrectly appeared as if it were triggered by a commit (instead of a PR). Now, pipelines triggered by PRs maintain their PR event type association throughout the entire pipeline run, and manual pipeline promotions respect PR gates when the pipeline is originally triggered by a PR.

Version 4.14.0

Released 5 May 2022.

Resolved in this release:
  • Endpoints properly display errors. We fixed an issue where some endpoints couldn't correctly display errors in certain circumstances.
  • Jobs running longer than 20 minutes no longer fail with exit code 1. Lengthy jobs now continue running as expected.
  • Deploying Continuous Delivery for PE to an OpenShift cluster resulted in pod failures. To prevent an error where OpenShift can't find /sbin/nologin, a copy of /usr/sbin/nologin is made to /sbin/nologin in the new pam-utils container.
  • Security fixes. Version 4.14.0 includes several fixes related to security, including:
    • Fixes to address CVE-2022-0778, CVE-2022-1271, CVE-2022-1233, and CVE-2020-36518.
    • Updated teams-ui webpack to v5 to address a security issue with a child dependency of v4.

Version 4.13.0

Released 5 April 2022.

New in this release:
  • Improved proxy handling. Continuous Delivery for PE now uses relative, rather than absolute, lookup paths to construct all URLs in the UI. Previously, configuring a proxy required changing the Continuous Delivery for PE service endpoint to avoid CORS errors. This improvement is a more complete resolution to the fix included in version 4.12.1.
  • Accessibility improvements. Version 4.13.0 introduces several improvements for accessibility in Continuous Delivery for PE, including:
    • Removed leading + symbols from some buttons, which could cause incongruity between the accessible name and visible label.
    • On the PE settings page, the icons to remove a protected environment and change a token's lifetime now have tooltips correctly describing their functions.
    • The exit icon now has a tooltip.
    • On the SSH key settings page, the More actions icon now has a tooltip explaining the contents of the menu associated with this button.
Resolved in this release:
  • Fixed navigation for super users without workspace membership. A super user who is not a member of any workspace is directed to the root console after logging in. When a super user accesses a workspace they are not a member of, the navigation menu loads correctly.
  • Multi-node clusters don't prevent draining nodes with StatefulSets. We modified PodDistruptionBudget to allow multi-node Continuous Delivery for PE clusters to drain all but the last node.
  • Security fixes. Version 4.13.0 includes several bug fixes related to security, including:
    • The kurl-proxy and minIO containers have the latest OS patches.
    • Fixes that address CVE-2021-43858 and CVE-2022-0839.
    • Upgraded OpenTelemetry to upgrade a Commons-io dependency.
    • The build process removes test keys such as those left by the public-encrypt package and Bolt installation.

Version 4.12.1

Released 7 March 2022.

Resolved in this release:
  • Fixed a reverse proxy configuration issue that caused CORS errors when users tried to login.

Version 4.12.0

Released 2 March 2022.

Important: Puppet Application Manager (PAM) version 1.64.0 is now available. To avoid a failed to pull: deployment method for chart vault has changed error, upgrade PAM to version 1.64.0 before upgrading Continuous Delivery for PE to version 4.12.0.
New in this release:
  • Secrets management in Continuous Delivery for PE. You can add secrets to Continuous Delivery for PE jobs, which jobs use while running. To learn more, go to Test Puppet code with jobs.
  • Continuous Delivery for PE now supports Kubernetes 1.19 to 1.24. Kubernetes 1.17 and 1.18 are no longer supported.
  • Usability improvements. Version 4.12.0 introduces several improvements to the design and usability of Continuous Delivery for PE, including:
    • The Nodes page has improved button placement and text.
    • The Nodes page has a new view selector that allows you to pick which view you want to see.
    • Custom view names now become the page title when selected.
    • You can edit an existing view or save a new view by clicking Save or Edit in the drop down.
Resolved in this release:
  • Fixed the impact analysis filter for failed nodes. This also fixed the Compilation failures link on the impact analysis details view.
  • You can use .cd4pe.yaml files over 500 lines with Bitbucket Server.
  • The Disable MinIO option is no longer available in standalone installs. This option only applies to HA installs.
  • This release contains fixes that address CVE-2021-43527.

Version 4.11.5

Released 22 February 2022.

Resolved in this release:
  • Fixed an issue where running impact analysis against a Bitbucket Cloud control repository detected no changes.

Version 4.11.4

Note: Due to an issue discovered after release, we retracted version 4.11.3.

Released 14 February 2022.

Resolved in this release:
  • Fixed an issue where you could not run Continuous Delivery for PE jobs without Docker hardware. Now, non-Docker-based jobs run directly on the job runner machine.
  • This version's .airgap bundle includes an updated version of puppet-dev-tools.

Version 4.11.2

Released 2 February 2022.

Resolved in this release:
  • Fixed an issue where you could not add a control repo or module with Bitbucket Cloud.
  • This release contains fixes that address CVE-2022-21724.

Version 4.11.1

Released 20 January 2022.

Resolved in this release:
  • Installations that use a legacy or high availability (HA) architecture for Puppet Application Manager no longer receive a Job cd4pe-migrate-object-store is invalid error when upgrading to the 4.11.x series.

Version 4.11.0

Released 20 January 2022.

New in this release:
  • Compound filters on the Nodes page. You can now build multi-element filters that use logical operators (and and or) to answer complex queries about your nodes. For more information about creating and using compound filters, go to Create filters to focus on specific node sets.
  • Endpoint configuration clarified. When you Deploy Continuous Delivery for PE, you can use a NodePort or an Ingress for your webhook and local container registry endpoints. Previously, the Ingress option was only available if you had previously set it. Now, you can always choose from both options.
  • Retrieve impact analysis CSV files through an API call. You can now reach the getImpactAnalysisCsvV1 endpoint from the Continuous Delivery for PE deployments module. This means your custom deployment policies can use this endpoint to retrieve impact analysis CSV exports.
  • Custom deployment policy logging. You can add custom deployment events with message parameters to your custom deployment policies. These appear as arbitrary log messages and, ultimately, on the web UI. This facilitates debugging when creating custom deployment policies.
  • Usability improvements. Version 4.11.0 introduces several improvements to the design and usability of Continuous Delivery for PE, including:
    • The ability to search for nodes in the table by name on the Nodes page.
    • To improve reliability of snapshot restores, PostgreSQL now initially listens on localhost during startup.
Resolved in this release:
  • Improved impact analysis report filtering, searching, and pagination. When an impact analysis report has multiple pages, searching and filtering refreshes pagination.
  • Export impact analysis report functionality restored. From the web UI, you can export CSV files of your impact analysis reports again.
  • Improved error handling when changing user email addresses. Changing a user's email address to the user's existing email address no longer triggers an error. Attempting to change a user's email address to an email address belonging to another user returns an error message explaining that another user is using this email address.
  • SMTP "from" address defaults to root account's email. If the Send emails from this address field is empty, Continuous Delivery for PE now uses the email address associated with the root user.
  • Impact analysis succeeds on GitHub repos with different repo and display names. Impact analysis tasks are now performed correctly on GitHub repositories where the repo name does not match the display name set in Continuous Delivery for PE.
  • The Continuous Delivery for PE container restarts successfully. The database migration lock is now automatically removed when the container stops, allowing for a successful restart without manually removing the lock.

Version 4.10.5

Released 20 December 2021.

Resolved in this release:
  • This release upgrades the included version of Apache Log4j to 2.17.0.

Version 4.10.4

Released 17 December 2021.

Resolved in this release:
  • This release upgrades the included version of Apache Log4j to 2.16.0.

Version 4.10.3

Released 10 December 2021.

Resolved in this release:

Version 4.10.2

Released 9 December 2021.

Resolved in this release:
  • When listing Bitbucket Server branches, the first result is no longer omitted from the list.
  • Continuous Delivery for PE no longer attempts to set up SSH cloning for GitLab integrations unless explicitly instructed to do so.
  • You can now successfully re-add an integration to Bitbucket Server or to GitLab using SSH.
  • The value set for Global HTTP write timeout (seconds) in the Advanced configuration and tuning section of the Config page in Puppet Application Manager is now also used as the value for the CD4PE_MODULE_DEPLOY_READ_TIMEOUT environment variable in deployment tasks. The default value is 120 seconds.
  • An issue with database connections has been resolved, and Continuous Delivery for PE now renders pages as expected without requiring you to periodically restart the application.

Version 4.10.1

Released 11 November 2021.

Resolved in this release:
  • Requests to the /v1/authtokens endpoint are now processed correctly.

Version 4.10.0

Released 9 November 2021.

Important:

This version includes a security fix to Continuous Delivery for PE that requires new authentication tokens for all PE integrations. As part of the upgrade process to version 4.10.0, Continuous Delivery for PE attempts to automatically rotate the tokens for all your integrated PE instances. In cases where tokens can not be successfully rotated by the software, you must complete the token rotation process manually.

After upgrading to version 4.10.0, go to the Message Center in the Continuous Delivery for PE web UI for a custom report on the state of your PE tokens and instructions for performing any required manual steps.

Special note for users of PE version 2021.x: The security update revokes all tokens assigned to the Continuous Delivery user in version 2021.x. You must regenerate and reconnect all PE tokens assigned to this user.

New in this release:
  • Environments path setting for impact analysis. To improve impact analysis performance for users with certain PE configurations, a new Environments path setting is now available in the Impact analysis credentials section of each Puppet Enterprise instance's credentials. Users who have configured PE to use lockless deploys MUST NOT set the environments path.
Resolved in this release:
  • PuppetDB queries are now modified in order to improve impact analysis performance.
  • Support bundles are now analyzed correctly and do not throw errors. Upgrade to Puppet Application Manager 1.49.0 or a newer version to apply this fix.
  • Support bundle collection now requires less memory for environments experiencing heavy usage.
  • Cross-version Puppet Development Kit (PDK) dependencies are now included in Continuous Delivery for PE, so PDK jobs no longer fail in offline (airgapped) environments.

Version 4.9.0

Released 8 September 2021.

New in this release:
  • Impact analysis tasks run in parallel on multiple PE instances. When an impact analysis task is triggered to run on multiple PE instances, the task now runs simultaneously on each instance rather than waiting for one instance to finish before starting on the next.
  • Usability improvements. Version 4.9.0 introduces several improvements to the design and usability of Continuous Delivery for PE, including:
    • The Users page is updated with a cleaner, more streamlined design.
Resolved in this release:
  • Clicking Documentation in the web UI now correctly directs you to the 4.x documentation set.
  • When enabled, the HTTP health check for load balancers now operates as expected.

Version 4.8.2

Released 31 August 2021.
Important: You must upgrade to version 4.8.2 before installing Puppet Enterprise 2021.3 or 2019.8.8. Version 4.8.2 resolves a PuppetDB issue that prevented the generation of new fact charts on the Nodes page.
Resolved in this release:
  • Issues with the query service and the interaction between the Nodes page and PuppetDB are now resolved.

Version 4.8.1

Released 24 August 2021.

Resolved in this release:
  • An endpoint that was accidentally removed in version 4.8.0 is now restored.

Version 4.8.0

Released 10 August 2021.

New in this release:
  • Configure snapshot timeouts. You can now configure the length of time that Puppet Application Manager spends attempting to back up Continuous Delivery for PE components when creating a snapshot. For more information, go to Adjust the timeout period for snapshots.
Resolved in this release:
  • When impact analysis tasks are run on a compiler, the resulting report now shows the list of impacted nodes.
  • The installation preflight check now correctly requires 50 GB of storage for Ceph.
  • You can now successfully restore Continuous Delivery for PE from a snapshot on legacy installations of Puppet Application Manager.

Version 4.7.2

Released 26 July 2021.

Resolved in this release:
  • The web UI no longer attempts to fetch remotely hosted fonts, and now loads correctly for installations in offline (airgapped) environments.
  • A bug caused database backups in new installations of versions 4.7.0. and 4.7.1 to silently fail. New installations of Continuous Delivery for PE now correctly back up and restore the contents of the PostgreSQL database.
  • Users running legacy installations of Puppet Application Manager version 1.44.1 can now successfully upgrade from Continuous Delivery for PE version 4.4.2 or older to the current version.

Version 4.7.1

Released 12 July 2021.

Resolved in this release:
  • The LDAP group mappings list now displays up to 200 group mappings.
  • If multiple LDAP group mappings use the same LDAP group name and RBAC group name, you can now successfully delete one group mapping without deleting all group mappings that share these names.

Version 4.7.0

Released 8 July 2021.

New in this release:
  • Fact charts. You can now see visual representations of Facter fact values on all nodes across the infrastructure you've integrated with Continuous Delivery for PE. The new Fact charts section of each view on the Nodes page displays the distribution of unique values across your inventory for your selected facts. We've included four fact charts to get you started, and you can build custom fact charts for the facts that are relevant to your business goals.
  • Usability improvements. Version 4.7.0 introduces several improvements to the design and usability of Continuous Delivery for PE, including:
    • Several web UI pages have been updated with a cleaner, more streamlined design.
    • The Users page now shows the complete list (up to 1,000 users) of users in a workspace.
Resolved in this release:
  • New Azure DevOps integrations can now be set up successfully.
  • If an empty (memberless) LDAP group map is added to Continuous Delivery for PE, other previously added LDAP group maps now sync correctly.
  • When a new workspace is created, jobs in that workspace now default to running on workspace hardware.
  • Node filter results are now correctly returned for fact names that use dot notation.
  • A change to a saved view created by removing a filter can now be saved.

Version 4.6.1

Released 16 June 2021.

Resolved in this release:
  • Login attempts after upgrading to Continuous Delivery for PE 4.6.0 or higher with an older license no longer fail.
  • Setting up an external PostgreSQL database no longer requires a separate configuration for the estate reporting service. The estate reporting service now defaults to sharing the Continuous Delivery for PE database. For more information, see Set up external PostgreSQL.

Version 4.6.0

Released 3 June 2021.

New in this release:
  • Promote permission. Previously, the permission to manually promote changes through pipeline stages was included in the Edit permission for control repos and modules. The Promote permission is now separate from the Edit permission, and you can grant or deny these permissions to groups as needed.
    Note: The new Promote permission has been automatically assigned to any group that was assigned the Edit permission on control repos or on modules in versions prior to 4.6.0.
  • Set group permissions on a subset of control repos. You can now create groups that have permissions on only a subset of the control repos in your workspace.
  • Export impact analysis data. You can now download the data generated by an impact analysis task. Click Export on the impact analysis report page to generate a CSV file of the data.
  • LDAP group login filtering. You now have the option to enable login filtering for your LDAP configuration. If login filtering is turned on, only those LDAP users who are included in mapped LDAP groups are able to log into Continuous Delivery for PE.
  • Increased default memory limits. In order to support higher out-of-the-box load, the default memory configuration for Continuous Delivery for PE now uses higher default memory limits while starting with the same base memory use.
  • Run multiple Puppet applications on the same cluster. You can now run multiple supported applications (currently Continuous Delivery for PE version 4.6.0 and newer, and Puppet Comply version 1.0.4 and newer) on a single instance of Puppet Application Manager. Find more information in the Working with Puppet applications section of the Puppet Application Manager documentation.
  • Usability improvements. Version 4.6.0 introduces several improvements to the design and usability of Continuous Delivery for PE, including:
    • Several web UI pages have been updated with a cleaner, more streamlined design.
    • Improved error messaging when a webhook cannot be automatically set up for a newly added control repo or module.
    • Support bundles now note whether services are unavailable because the We're migrating an existing Continuous Delivery for PE 3.x instance option is enabled.
    • The certificate preflight check now accepts a wildcard certificate as valid.
Resolved in this release:
  • Custom deployment policies no longer require environment branches.
  • If a workspace has no owner, the Workspaces page in the root console now loads correctly so that you can reassign the workspace to a new owner.
  • Information about global shared hardware is now correctly displayed when you navigate to the Hardware page in the root console from the individual workspace's Hardware page.

Version 4.5.2

Released 11 May 2021.

Resolved in this release:
  • If SAML is enabled for your Continuous Delivery for PE installation, a Log in using single sign-on option is now shown on the login screen, and the pod no longer falls into a restart loop.
  • Docker runtime arguments are no longer passed if a job previously run on workspace hardware is updated to run on global shared hardware.

Version 4.5.1

Released 27 April 2021.

Resolved in this release:
  • The links provided in deployment approval emails now resolve correctly.

Version 4.5.0

Released 22 April 2021.

Important:
  • Continuous Delivery for PE version 4.5.0 includes architectural changes that alter the paths of some page URLs and might break previously generated links to pull requests and other pages in your source control.
  • If you use the Bolt tasks included in the puppetlabs-cd4pe module, upgrade the module to version 3.1.0 in your Bolt project.
  • Optional. A new version of the platform admin console is available with support for full (instance-level) snapshots. Learn more in the platform admin console release notes. If you'd like to use this feature to back up Continuous Delivery for PE, upgrade to the latest version of the platform admin console.
New in this release:
  • Configure the Bolt PCP read timeout period. To prevent job run timeouts caused by file sync delays, you can now adjust the Bolt Puppet Communications Protocol (PCP) timeout period. Learn more in Adjust the timeout period for jobs.
  • Reduced resource requirements for high availability (HA) installations. Services that can run multiple replicas now default to running on two replicas in an HA cluster rather than three. This change maintains the former level of failure resistance while reducing resource requirements.
  • Usability improvements. Version 4.5.0 introduces several improvements to the design and usability of the web UI and platform admin console, including:
    • Display text on the Config page has been updated to clarify the purpose and operation of the optional and advanced configuration sections.
Resolved in this release:
  • The correct CA certificate is now passed to agents when switching between certificate generation methods and redeploying the application.
  • Graphs shown on the application dashboard in the platform admin console no longer double-count resource use for pods using containerd.

Version 4.4.2

Released 13 April 2021.
Important: Version 4.4.2 includes several fixes that impact how Continuous Delivery for PE interacts with GitLab repositories that use nested groups (also called subgroups). In order to take advantage of these fixes, you must delete and re-add any control repos or modules in Continuous Delivery for PE created in version 4.4.1 or earlier that connect to GitLab repositories that use nested groups.
Resolved in this release:
  • Webhooks between Continuous Delivery for PE and GitLab repositories that use nested groups now correctly trigger pipeline runs.
  • Links on control repo and module details pages to GitLab repositories that use nested groups now resolve correctly.
  • When selecting a GitLab repository in the Continuous Delivery for PE web UI, the list of results is now correctly filtered by the selected organization or user.

Version 4.4.1

Released 29 March 2021.

Resolved in this release:
  • The impact analysis details page for modules now appears as expected.
  • The deployment details page for modules now appears as expected.
  • Continuous Delivery for PE now interprets errors from Code Manager correctly, and impact analysis runs are no longer impacted by parsing errors.
  • The version 4.4.1 .airgap bundle includes an updated version of puppet-dev-tools.

Version 4.4.0

Released 11 March 2021.

New in this release:
  • Save and share favorite node table views. You can now save the custom versions (views) of the node table that you create by using filters and columns to zero in on the data that's most relevant to your work. When you've created a view that you want to save and share with the members of your workspace, click Save view. You can see a list of all saved views for your workspace, mark your personal favorites for quick access, and switch between your favorite saved views from the Nodes page. For more information, see Save custom node table views.
    Note: If you're using an external PostgreSQL database with Continuous Delivery for PE, this new feature creates the need to configure an estate reporting database. Find more information in Set up external PostgreSQL.
  • Built-in user groups for new workspaces. Newly created workspaces now include three built-in user groups: Administrators, Operators, and Viewers. See the Permissions reference for details on the permissions included in each built-in user group.
  • Streamlined workflow for adding users to a workspace. As part of the process of adding a new user to a workspace, you are now prompted to assign the user to one or more user groups (either the new built-in user groups or those you've created).
  • Configure login attempt limits. You can now configure the number of unsuccessful login attempts that a user can make on Continuous Delivery for PE before their account is locked, as well as the length of time the account is locked and the length of time before the login attempt counter resets. For more information, see Configure login attempt limits.
  • OpenTelemetry. You now have the option to use OpenTelemetry to perform distributed tracing on your Continuous Delivery for PE installation. OpenTelemetry configuration options are available on the Config page in the platform admin console.
    Important: When using OpenTelemetry, you can choose to export the gathered data to your logs, to Jaeger over gRPC, or via OTLP. Be aware that if you choose the logging exporter option, the size of your Continuous Delivery for PE logs increases significantly. OpenTelemetry data you collect is not shared with Puppet, except in one specific case: if, while using the logging exporter, you generate and send a support bundle to Puppet, the support bundle contains OpenTelemetry data for your installation.
  • Preflight check improvements. Preflight checks now verify that schedulable CPU and memory capacity are available for performing upgrades, and that the system is running Kubernetes version 1.17.0 or newer.
  • Usability improvements. Version 4.4.0 introduces several improvements to the design and usability of the web UI and platform admin console, including:
    • You'll no longer see an option to reset your password on the login screen if LDAP is enabled for your installation.
    • A logout option is now available on the 403 error screen.
    • The Config page in the platform admin console has been streamlined in order to help you locate the configuration settings relevant to your installation.
    • To improve readability, the dashboard charts in the platform admin console displaying CPU usage and memory usage now only show data for the top five pods.
Resolved in this release:
  • Clicking on the Modules breadcrumb at the top of a module's details page no longer results in a 404 error.
  • When you update your CA certificate in the platform admin console, the change now takes effect immediately.
  • The option to set a PuppetDB connection timeout period has been added back to the Config page in the platform admin console.

Version 4.3.3

Released 23 February 2021.

Resolved in this release:
  • The integration between Azure DevOps and Continuous Delivery for PE now works as expected.
  • Continuous Delivery for PE now deploys correctly if the root account email address entered on the Config page in the platform admin console contains uppercase letters.

  • Ownership of a workspace can now be successfully transferred to a new owner whose username contains uppercase letters.

Version 4.3.2

Released 3 February 2021.
Note: Based on the results of ongoing internal testing along with feedback from users, we increased our recommended minimum system resource requirements for Continuous Delivery for PE 4.x. See system requirements for the current guidance.
New in this release:
  • List and filter your nodes by structured fact values. You can now add columns displaying structured fact values in dot notation format (such as docker.Architecture, ec2_metadata.hostname, or loadaverages.15m) to your node table. In addition, you now have the option to use the values within your structured facts when creating a fact value filter on the Nodes page.
Resolved in this release:
  • Webhooks for GitLab repositories that exist in nested groups now correctly trigger pipelines.
  • Webhooks for Bitbucket Cloud control repos and modules that were added to Continuous Delivery for PE versions 4.2.0 and later now correctly trigger pipelines.
  • Invalid characters are no longer present in the repository organization field for Bitbucket Cloud control repos, and jobs now clone these repositories correctly.
  • Unnecessary repeated The requested range is not satisfiable errors are no longer included in the application log.
  • Jobs included in pipeline stages no longer fail when attempting to download the control repo and job scripts.
Removed in this release:
  • Support for Puppet Enterprise version 2018.1. PE 2018.1 reached the end of its support lifecycle on 31 January 2021.

Version 4.3.1

Due to an issue discovered after release, we retracted version 4.3.0. Version 4.3.1 is now the first version in the 4.3.x series.

Released 26 January 2021.
Note: A new version of the platform admin console was released on 7 December 2020. Please review the release notes and upgrade to the latest version of the platform admin console before upgrading Continuous Delivery for PE to version 4.3.1.
New in this release:
  • Support for Red Hat Enterprise Linux (RHEL) 8 and CentOS 8. You can now run Continuous Delivery for PE on RHEL version 8 and CentOS version 8.
  • Ceph replaces MinIO for object storage. Continuous Delivery for PE 4.x now uses Ceph for object storage instead of MinIO. New 4.3.1 installations use Ceph from the outset. For existing 4.x users, MinIO information is migrated to Ceph for you as part of the upgrade to version 4.3.1. To support this change, Ceph replication status is now collected as part of the support bundle.
    Note: For existing 4.x users, the data migration to Ceph may cause the 4.3.1 upgrade process to take in excess of 15 minutes. Monitor the progress of the data export phase of the migration by running kubectl logs job/cd4pe-migrate-object-store-v2 -c export and watching the logs for a message similar to Done. Downloaded 12990574 bytes in 63.0 seconds, 201.22 KB/s. Next, monitor the data import phase of the migration by running kubectl logs job/cd4pe-migrate-object-store-v2 and watching for a message similar to Done. Uploaded 12990574 bytes in 267.8 seconds, 47.37 KB/s. When both the export and import phases are shown as done in the logs, the migration is complete.
  • Default job timeout period increased. The default job timeout period is now 30 minutes. This change reduces the chance that complex jobs time out before completion. See Adjust the timeout period for jobs to learn more.
  • Usability improvements. Version 4.3.1 introduces several improvements to the design and usability of the web UI, including:
    • The delete module icon is now correctly labeled.
    • Control repo icons are displayed when selecting a custom deployment policy for a deployment.
Resolved in this release:
  • When logging in, users are now correctly directed to the last workspace they visited.
  • Long branch names no longer overlap event status indicators in the Events area.
  • Users are now less likely to encounter Docker Hub rate limits.
  • The object storage migration process is now more robust and issues found in version 4.3.0 have been resolved.
  • If an impact analysis task is canceled in a pipeline stage with the "any completed" auto-promotion criteria set, the pipeline run now stops at the canceled stage and does not continue.
Security notice:
  • CVE-2020-7946. Source control tokens were displayed in plain text when trace-level logging was enabled. This issue has been resolved.
  • CVE-2020-27218. An Eclipse Jetty vulnerability has been resolved.
  • CVE-2020-29361, CVE-2020-29362, and CVE-2020-29363. The version of PostgreSQL included in Continuous Delivery for PE has been upgraded to resolve CVE-2020-29361, CVE-2020-29362, and CVE-2020-29363.

Version 4.2.4

Released 17 December 2020.

Resolved in this release:
  • An issue with the webhooks for GitLab-based modules that were first added to Continuous Delivery for PE version 4.2.0 or newer has been resolved. Pipeline runs for these modules are now triggered correctly.

Version 4.2.3

Released 17 November 2020.

Resolved in this release:
  • Webhooks now correctly trigger pipelines for GitLab repositories with names that include spaces or other unusual characters.
  • The platform admin console now rate limits authentication attempts to prevent brute force attacks.
    Note: Rate limiting does not currently apply to the Continuous Delivery for PE application web UI.
  • This version includes an upgrade of PostgreSQL to version 12.5.
    Note: The upgrade causes PostgreSQL to restart. In most cases, the downtime is expected to last less than a minute.

Version 4.2.2

Released 12 November 2020.

Resolved in this release:
  • Impact analysis tasks on modules now manage prefixed environments correctly.
  • This version includes an update to MinIO that addresses critical issues.
    Note: This upgrade causes the MinIO service to be temporarily unavailable. In most cases, the downtime only lasts a few minutes.

Version 4.2.1

Released 5 November 2020.

Resolved in this release:
  • Jobs no longer fail when triggered by pull requests from Bitbucket Cloud or Bitbucket Server repositories.
  • The Bolt tasks included in the puppetlabs-cd4pe module version 3.0.1 and newer no longer fail with a Connection reset by peer error when run against Continuous Delivery for PE version 4.x.
    Important: You must upgrade the puppetlabs-cd4pe module to version 3.0.1 or later in order to use its Bolt tasks.

Version 4.2.0

Released 3 November 2020.

New in this release:
  • Available memory setting. A new setting on the Config page in the platform admin console lets you tune the total memory available to the Continuous Delivery for PE application. For more on the Memory available for CD4PE setting, see Adjust available memory.
  • Removal of harmful terminology. Documentation for this release replaces the term “PE master” with “PE primary server," and the term "master branch" with "main branch". When adding a new control repo or module, Continuous Delivery for PE now looks for a "main" branch instead of a "master" branch. These changes are part of a company-wide effort to remove harmful terminology from our products.
Resolved in this release:
  • The eventual consistency deployment policy now runs more rapidly.
  • Code Manager deployments triggered by Continuous Delivery for PE are now automatically retried if certain transient failures occur.
  • PostgreSQL logs no longer include errors from health checks.
  • If your workspace is connected to multiple PE instances with identically named nodes on each instance, the Nodes page now correctly reports the details of all identically named nodes.
  • Impact analysis tasks are now case-insensitive when processing resource names.
  • The LDAP group user attribute setting is now correctly applied when querying LDAP groups that use a custom attribute to identify members.
    Important: If your installation previously used a group user attribute setting other than dn, you must set the group user attribute to dn in the root console after upgrading to version 4.2.0. Failure to do this breaks your installation’s ability to correctly perform LDAP group lookups.
Security notice:
  • CVE-2020-25649. A jackson-databind vulnerability has been resolved.
  • CVE-2020-15250. A JUnit4 vulnerability has been resolved.
  • CVE-2020-13956. An Apache HTTPClient vulnerability has been resolved.
  • Sonatype-2020-0926. A security scanner may have detected a vulnerability in Continuous Delivery for PE version 4.1.x. However, Continuous Delivery for PE does not exercise the vulnerable code path and is not vulnerable.

Version 4.1.3

Released 15 October 2020.

Resolved in this release:
  • Jobs now run successfully on pull requests opened from forked copies of source control repositories. This fix applies to all supported source control providers except Bitbucket Cloud and Bitbucket Server, which do not support pull requests from forks.
  • Job logs are now shown correctly for all jobs run in a high availability environment.
  • Continuous Delivery for PE no longer attempts to update webhooks on every startup if you have a backend URL that does not end with a trailing slash, or if you've used the webhook update tool in the root console. This fix means that GitHub and GitHub Enterprise no longer receive webhook payloads in an invalid format.
  • Network policies now no longer restrict egress, supporting deployment of Continuous Delivery for PE on clusters that use tools such as Calico as a container network interface.
  • You can now successfully enable TLS for the webhook proxy on port 8000. In offline installations, the local registry is now exposed on port 9001 for job hardware agents. Requests to these ports no longer time out.

Version 4.1.2

Released 8 October 2020.
Note: To upgrade to version 4.1.2 from version 4.0.1 or 4.0.0, you must first Upgrade Continuous Delivery for PE and then upgrade the platform admin console. Offline users, please see Upgrade Continuous Delivery for PE offline.
Resolved in this release:
  • If your load balancer requires HTTP health checks, you can now opt into using Ingress settings that do not require Server Name Indication (SNI) for /status. Enable this setting in the Customize endpoints section of the Config tab in the platform admin console.
  • Preflight checks for offline installations no longer hang with an ImagePullBackoff error on initial setup.
  • Long-running deployments and jobs no longer fail with a 504 upstream request timeout error.

Version 4.1.1

Released 29 September 2020.

Note: To upgrade to version 4.1.1, you must first Upgrade Continuous Delivery for PE and then upgrade the platform admin console. Offline users, please see Upgrade Continuous Delivery for PE offline.
New in this release:
  • Filter the Nodes page. You can now apply custom filter combinations to your nodes table and zero in on the node data that's most relevant to your work. Available filters include fact value, most recent node change status, operating system, PE server, node group, and no-op status.
  • Snapshots. Snapshots are point-in-time backups of your Continuous Delivery for PE deployment, which can be used to roll back to a previous state. You can create snapshots manually or set up a schedule to capture them automatically. To get started, see Configure rollback snapshots.
    CAUTION: Snapshots are a beta feature. As such, they may not be fully documented or work as expected; please explore them at your own risk.
  • Simplified port configuration for new installations. The webhook service now defaults to HTTP on port 8000 and can be switched to HTTPS on the same port. In new offline installations, the local registry is exposed on port 9001 for job hardware agents. No action is required for existing installations that use webhook or registry hostnames; existing configurations work as they did previously.
Resolved in this release:
  • Snapshots now successfully save to Amazon S3. In order to save your snapshots to an Amazon S3 bucket, you must upgrade the platform admin console to the latest version after upgrading to Continuous Delivery for PE version 4.1.1. See Upgrade the platform admin console for instructions.
  • When exporting node table data, occasional failed queries to PuppetDB are now retried automatically, and no longer result in a failed export.

Version 4.0.1

Released 14 September 2020.

Resolved in this release:
  • The export functionality on the 4.x Nodes page now works correctly.
  • The container no longer hangs indefinitely in some circumstances after the host is rebooted.
  • Network security rules now restrict inter-service communications.
  • Local registry credentials are now stored as secrets.
  • Certificate validation preflight checks now correctly refer to the local registry during offline installations.

Version 4.0.0

Released 25 August 2020.

New in this release:
  • New installer and administration platform. The new Continuous Delivery for PE 4.x platform introduces a streamlined experience for installation, upgrades, license management, troubleshooting, and more. Use the new platform admin console to configure, monitor, upgrade to new versions in the 4.x series, back up, restore, and deploy your Continuous Delivery for PE installation.
  • Migrate your 3.x data to a 4.x installation. To upgrade to the Continuous Delivery for PE 4.x series from a version in the 3.x series, see Migrate 3.x data to 4.x.
  • Update webhooks. The new Webhooks tool in the root console updates your source control webhooks to point to the current installation. Use this tool as part of the 3.x to 4.x migration process, or any time you change the location of your Continuous Delivery for PE installation.
Removed in this release:
  • Continuous Delivery agent on job hardware. Support for the Continuous Delivery agent was deprecated in version 3.4.0. Puppet agent-based job hardware is still supported.
  • Support for external Amazon DynamoDB and MySQL databases. Support for external Amazon DynamoDB and MySQL databases was deprecated in version 3.1.0.
  • Support for external object storage. The 4.x series replaces external Artifactory and Amazon S3 object storage with a built-in highly available object storage system.