What's new?

This release is a minor maintenance and bug-fix release.

Enhancements

• #13148 - Bundle latest Java 21.0.5 release with non-Linux installers & containers
• #13226 - Fail linux installer package post-install scripts if configured Java runtime cannot be found

Bug fixes

• #13214 - GoCD 24.3.0 database migration can hang/be extremely slow in low entropy server environments
• #13232 - Secret references within config repo materials dont work if material not used by any pipeline
• #12764 - Secret resolution failure breaks work allocation in server
• #13008 - Alpine-based images can conflicts with some tools due to inclusion of glibc zlib
• #12872 - function ${escape:} not a valid type errors from UrlRewriting are still appearing

Security fixes

There are no security fixes included in this release (for issues known to affect GoCD).

However, we regularly upgrade dependencies to mitigate known vulnerabilities from third party software (regardless of whether they are known to affect GoCD), so upgrading to the latest release is always recommended from a security perspective.

APIs

Improvements, deprecations and breaking changes in the API and plugin API have been moved to their respective changelogs - API changelog for 24.4.0 and Plugin API changelog for 24.4.0.

Contributors

Aravind SV, Chad Wilson, Jason Smyth, Jochen Lutz, Mitchell R

Note

A more comprehensive list of changes for this release can be found here.

Found a security issue that needs fixing? Please report it to https://hackerone.com/gocd

Please report any issues that you observe on GitHub issues.

This release is a minor maintenance and bug-fix release.

Enhancements

• #12953 - Bundle latest Java 21.0.4 release with non-Linux installers & containers

Bug fixes

• #12943 - Show password button not working properly while creating new config repo

Security fixes

There are no security fixes included in this release (for issues known to affect GoCD).

However, we regularly upgrade dependencies to mitigate known vulnerabilities from third party software (regardless of whether they are known to affect GoCD), so upgrading to the latest release is always recommended from a security perspective.

APIs

Improvements, deprecations and breaking changes in the API and plugin API have been moved to their respective changelogs - API changelog for 24.3.0 and Plugin API changelog for 24.3.0.

Contributors

Aravind SV, Chad Wilson, ysf465639310

Note

A more comprehensive list of changes for this release can be found here.

Found a security issue that needs fixing? Please report it to https://hackerone.com/gocd

Please report any issues that you observe on GitHub issues.

This release is a maintenance and bug-fix release.

Java 21 support

GoCD is now built with, tested against and distributed with Java 21 LTS. Java 17 remains the minimum supported version for bring-your-own-JRE setups. There were no specific changes needed to support Java 21, so the prior release 24.1.0 can be considered the first version that supports Java 21.

Windows installers no longer signed

Windows installers were previously code-signed with a "proper" Thoughtworks-issued OV code-signing certificate from DigiCert that avoided Windows SmartScreen prompts. Due to both certificate cost and changes in requirements for OV code-signing certificates (to have hardware-managed keys), in the short term this is no longer sustainable for GoCD. Therefore installers are not be signed from 24.2.0 onwards.

GoCD can still be installed on Windows subsequent to this change, however users will need to review and accept warnings from Windows during installation. Note that runtime binaries are still signed as before, such as the Java runtime and service wrapper binaries; so this change only affects installation - not runtime.

If you have a suggestion of approach to reinstate Windows code signing for a open-source project with limited funding, or know other projects which have done so, please reach out!

Enhancements

• #12762 - Build, test and package GoCD with Java 21 LTS by default
• #12792 - Make JRE dependencies from RPM and Debian packages optional/recommended
• #12761, #12828 - Add AlmaLinux 9 based GoCD agent image to replace CentOS Stream
• Starting this release, AlmaLinux based docker images for GoCD Agent are available.

Bug fixes

• #12765 - Tasks on gocd-agent-docker-dind:v24.1.0 image cannot interact with Docket socket by default

Security fixes

While we don't regularly release new GoCD versions to address container image dependencies, this release patches git binaries within container images due to CVE-2024-32002 and several other issues of particular concern to a build/deploy automation tool such as GoCD. You can read more about the issues on the GitHub Blog. Note that at time of release, Debian images have not had the most critical patch backported to Debian 11 or 12, so the gocd-agent-debian variants for 24.2.0 are still vulnerable. Ubuntu variants are all patched as are Alpine and Wolfi variants.

We regularly upgrade dependencies to mitigate known vulnerabilities from third party software (regardless of whether they are known to affect GoCD), so upgrading to the latest release is always recommended from a security perspective.

APIs

Improvements, deprecations and breaking changes in the API and plugin API have been moved to their respective changelogs - API changelog for 24.2.0 and Plugin API changelog for 24.2.0.

Contributors

Aravind SV, Chad Wilson, K. S. Ernest (iFire) Lee, Matthias Kraaz, Tewfik Ghariani, nichivo

Note

A more comprehensive list of changes for this release can be found here.

Found a security issue that needs fixing? Please report it to https://hackerone.com/gocd

Please report any issues that you observe on GitHub issues.

This release is a maintenance and bug-fix release, although there are several potentially breaking changes to be aware of:

• Links are no longer force-opened in new tabs
• Java 17 is now the minimum supported version
• Server container image is now based on Wolfi OS

Links are no longer force-opened in new tabs

A long-standing frustration with GoCD's UI is that it used to open new tabs for links, partly to avoid losing your place on the main dashboard when investigating an individual stage/job. However, browsers are now much better at remembering the "back" state; and the previous behaviour was confusing & frustrating.

From now on control will be returned to users - for a new tab to be opened (foreground or background) in most cases users will need to use the browser/OS specific key combination or middle-click equivalent to do so.

If you are interested in making this a configurable option to add back the old behaviour, discussion or pull requests are welcome.

Java 17 is now the minimum supported version

Java 17 was released in September 2021, and has had complete support within GoCD since version 22.1.0, over 2 years ago. Since then it has been packaged with both GoCD container images & installers by default.

This has proven to be be very stable, so to reduce maintenance overhead we are now making Java 17 the minimum supported version.

If you are aiming for minimal agent/server downtime in an upgrade to GoCD 24.1.0+, you can do so by following:

1. Ensure your existing agents are running with Java 17+.
   • If your agents are using GoCD 22.1.0+ from official GoCD containers or packages (RPM, deb)s there is nothing extra to do. These already package and run Java 17+.
   • If your agents are using GoCD 22.1.0+ from other install approaches, they are already Java 17-compatible, if your server is 21.4.0+. Ensure they are running with Java 17+.
2. Ensure your existing server is running with Java 17+.
   • If your server is using GoCD 22.1.0+ from official GoCD containers or packages (RPM, deb)s there is nothing extra to do. These already package and run Java 17+.
   • If your server is using GoCD 21.4.0+ from other install approaches, is is already Java 17-compatible, if your server is 21.4.0+. Ensure they are running with Java 17+.
3. Upgrade your server to GoCD 24.1.0 without worry about Java issues.
   • Older agents running Java 17+ will re-start automatically against a GoCD 24.1.0 server.
   • You can now validate your installation and agents are working fine.
4. (Optionally) You can now upgrade your agents to GoCD 24.1.0 whenever you choose.
   • Technically GoCD agent installs are only a "bootstrapper" which downloads the matching agent code from the server for each release. It is wise to avoid too much discrepancy in versions to make upgrades (like this one!) easier, but it is not critical.

If you have issues, downgrades back to 22.1.0+ should be fine - there have been no breaking database or configuration changes within these versions. If you have any further queries/issues, please ask on GitHub Discussions or the Google Group.

Server container image is now based on Wolfi OS

The GoCD server container has always been based on a minimal Linux distribution, previously Alpine Linux, but from 24.1.0 has been switched to Wolfi OS. Wolfi OS is a similarly minimal, security-oriented (un)distro from the folks at Chainguard which is optimized for supply-chain security - and unlike the musl-based Alpine uses glibc, similar to most other distributions.

Unfortunately, the use of Alpine has always posed difficulties due to its musl libc base. Most of the time this is an irrelevant detail to users, however it has posed issues for GoCD packaging of Java runtime environments & providing aarch64 availability for a variety of reasons stemming from GoCD's dependencies. While GoCD has applied relatively stable workarounds to support Alpine, these are not recommended and have prevented providing a default GoCD server container image for aarch64/arm64 architectures off-the-shelf.

Wolfi uses the same apk package manager as Alpine, with conventional package names, and although packages cannot be used across the two OSes, the transition should be easy for most folks. The image is now multi-architecture (amd64/x64 and aarch64/arm64) making it usable out-of-the-box within arm64 cloud instances and Apple Silicon Macs.

If you build a child container from the gocd-server container, from 24.1.0 you will need to review your Dockerfile to check that:

• any additional packages you need to install are available for Wolfi.
• any pre-compiled binaries specifically compiled for musl should be switched to glibc variants

There has previously been a non-officially documented multi-arch server image based on CentOS Stream, which was the only option on aarch64. This will be removed, as it is unnecessary now we have a glibc-based image. If you were using this, please switch back to gocd/gocd-server rather than gocd/gocd-server-centos-*.

Agent container image changes

1. A Wolfi-based agent image is now available, matching the server image. This will become the default recommended agent image for container-based elastic agents.
2. The Alpine agent images will now become a rolling distribution within the gocd-agent-alpine repository. This means that the repository will not change for each Alpine release (3.18, 3.19 etc) any longer. Alpine releases new versions each 6 months while maintaining very good compatibility, and maintaining different repositories added unnecessary maintenance overhead. Each GoCD release will be based on the latest compatible Alpine release, mirroring how gocd-agent-docker-dind has always been released. GoCD 23.5.0 will be the last version released under version specific repos (3.16, 3.17, 3.18, 3.19).
3. CentOS Stream 8 and 9 based container images will be discontinued after 24.1.0. While these images are stable and well-maintained, they are not as widely used other images, and as a distribution upstream of RHEL, Rocky, Alma etc, CentOS Stream has not proved to get an appropriate level of security/maintenance patches for dependencies, nor the official security bulletins needed for containers tools to accurate scan the images. If you are using these images, and would prefer a Red Hat/RHEL-like image, please open an issue!. We are open to bring back an Alma or Rocky-based image to meet the needs of those who want to keep their agent containers within the RHEL ecosystem.

Windows installers no longer signed after 24.1.0

Windows installers were previously code-signed with a "proper" Thoughtworks-issued OV code-signing certificate from DigiCert that avoided Windows SmartScreen prompts. Due to both certificate cost and changes in requirements for OV code-signing certificates (to have hardware-managed keys), in the short term this is no longer sustainable for GoCD. Therefore installers will likely not be signed from 24.2.0 onwards when the existing certificate expires.

GoCD can still be installed on Windows subsequent to this change, however users will need to review and accept warnings from Windows during installation. Note that runtime binaries are still signed as before, such as the Java runtime and service wrapper binaries; so this change only affects installation - not runtime.

If you have a suggestion of approach to reinstate Windows code signing for a open-source project with limited funding, or know other projects which have done so, please reach out!

Enhancements

• #10520 - Change GoCD to no longer force links to open in new windows/tabs.
• #12415 - Change baseline to require Java 17 minimum.
• #12500 - Replace Alpine with Wolfi as primary server container image, consolidating Alpine agent images.
• #12710 - Bundle latest Java 17.0.11 release with non-Linux installers & containers
• #12712 - Add deb/rpm aarch64 support by replacing bundled x64 JRE with arch-independent package deps
• Starting this release, Wolfi based docker images for GoCD Agent are available.
• Starting this release, Ubuntu 24.04 (Noble Numbat) based docker images for GoCD Agent are available.

Bug fixes

• #4011 - RPM packages do not install on RHEL unless SELinux is disabled
• #12440 - Installing Chromium on Alpine 3.18 gocd docker agent causes agent crash loop
• #12535 - Improve performance of agents API responses and dashboard stage modal
• #12616 - Improve performance when working with large numbers of server health warnings/errors

Security fixes

This release fixes CVE-2024-28866, a theoretical vulnerability which has not shown to be practically exploitable. Thank you to Aviv Keller (RedYetiDev) for discovering and responsibly disclosing this issue.

We regularly upgrade dependencies to mitigate known vulnerabilities from third party software (regardless of whether they are known to affect GoCD), so upgrading to the latest release is always recommended from a security perspective.

APIs

Improvements, deprecations and breaking changes in the API and plugin API have been moved to their respective changelogs - API changelog for 24.1.0 and Plugin API changelog for 24.1.0.

Contributors

Aravind SV, Aviv Keller / RedYetiDev, Chad Wilson, Matthias Kraaz, Tim Borrowdale, brewpark

Note

A more comprehensive list of changes for this release can be found here.

Found a security issue that needs fixing? Please report it to https://hackerone.com/gocd

Please report any issues that you observe on GitHub issues.

This release is a maintenance and bug-fix release.

Enhancements

• #12353 - Starting this release, Alpine 3.19 based container images for GoCD Agent are available.
• #12353 - Build the default GoCD Server image on Alpine 3.19
• #12212 - Make template selector dropdowns alphabetically sorted

Bug fixes

• #12220 - Console view toolbar not shown after scrolling on v23.4.0
• #12305 - Unable to pick stage from Add Material menu in Chrome on MacOS Sonoma
• #12389 - Fix disappearing second+ stages on VSM view after clicking a stage
• #12392 - Correct display of "cancelled by" for stage runs other than that being viewed

Security fixes

There are no security fixes included in this release (for issues known to affect GoCD).

However, we regularly upgrade dependencies to mitigate known vulnerabilities from third party software (regardless of whether they are known to affect GoCD), so upgrading to the latest release is always recommended from a security perspective.

APIs

Improvements, deprecations and breaking changes in the API and plugin API have been moved to their respective changelogs - API changelog for 23.5.0 and Plugin API changelog for 23.5.0.

Contributors

Aravind SV, Chad Wilson, Chris Gillatt, Lewis Jales-Huggins

Note

A more comprehensive list of changes for this release can be found here.

Found a security issue that needs fixing? Please report it to https://hackerone.com/gocd

Please report any issues that you observe on GitHub issues.

This release is mainly a maintenance and bug-fix release.

Jetty web server upgrade

GoCD relies internally upon the Eclipse Jetty web server, which was upgraded from v9 to v10 in this release.

If you customise the configuration of the web server via config/jetty.xml or by overriding the Java system property jetty.xml.file.name, note that any custom configuration will be overridden to ensure compatibility with the new version. After upgrading, shut down your GoCD server and merge back your custom changes from a backup of your config directory / Jetty configuration. You can review the changes to jetty.xml here.

Enhancements

• #12120 - Bundle latest Java 17.0.9 release with non-Linux installers & containers
• #12147 - Speed agent bootstrapping by reducing agent dependencies
• #12051 - Remove subversion & mercurial from default container images

Bug fixes

• #11868, #11893 - Server config can have boolean attributes unintentionally toggled by server at GoCD startup
• #11819 - Agent links from stage details jobs tab no longer work since 23.2.0
• #11866 - GoCD 23.2/23.3 breaks agent mTLS connectivity when private key is encrypted/passphrase protected
• #11969 - GoCD Agent on Java 20+ cant talk to server on Java 17
• #12107 - Improve error logging during agent token acquisition failures

Security fixes

There are no security fixes included in this release (for issues known to affect GoCD).

However, we regularly upgrade dependencies to mitigate known vulnerabilities from third party software (regardless of whether they are known to affect GoCD), so upgrading to the latest release is always recommended from a security perspective.

If you use GoCD container images, note that this release rebuilds GoCD images to include fixes to curl CVE-2023-38545 across all supported platforms.

APIs

Improvements, deprecations and breaking changes in the API and plugin API have been moved to their respective changelogs - API changelog for 23.4.0 and Plugin API changelog for 23.4.0.

Contributors

Aravind SV, Chad Wilson, Mai-Khattab, Victor Sollerhed, jprogin, k-c-p

Note

A more comprehensive list of changes for this release can be found here.

Found a security issue that needs fixing? Please report it to https://hackerone.com/gocd

Please report any issues that you observe on GitHub issues.

This release is a maintenance release to address a couple of unintended regressions in the 23.2.0 release.

Bug fixes

• #11790 - Stage History pagination links are broken on 23.2.0
• #11783 - Build detail timestamp icon is missing on 23.2.0
• #11797 - Some plugin config/report views have missing icons on 23.2.0

Security fixes

There are no security fixes included in this release (for issues known to affect GoCD).

However, we regularly upgrade dependencies to mitigate known vulnerabilities from third party software (regardless of whether they are known to affect GoCD), so upgrading to the latest release is always recommended from a security perspective.

APIs

Improvements, deprecations and breaking changes in the API and plugin API have been moved to their respective changelogs - API changelog for 23.3.0 and Plugin API changelog for 23.3.0.

Contributors

Aravind SV, Chad Wilson

Note

A more comprehensive list of changes for this release can be found here.

Found a security issue that needs fixing? Please report it to https://hackerone.com/gocd

Please report any issues that you observe on GitHub issues.

This release is mainly a maintenance and bug-fix release.

Minor changes that may affect plugins

There have been some changes made to GoCD's UI dependencies to improve loading times which may unintentionally affect certain plugins' views. If you notice a visual problem with a plugin view after updating to 23.2.0, please update to the latest released version of the plugin, and if the issue persists please open an issue on the plugin's GitHub repository.

A small number of third-party community-authored authorization plugins may no longer be compatible if they have not been updated to declare compatibility with the 2.0 extension API and still use the outdated extension version 1.0 deprecated in 2019. All known popular plugins maintained by the community have been updated, so please update your plugins and open an issue with the plugin author if you notice a plugin version compatibility error preventing the plugin from loading.

GoCD Agent DIND container image start-up is now more conservative

The GoCD agent "docker-in-docker" image semantics were changed to ensure that the Docker daemon has started correctly before starting the GoCD agent.

This aligns behavior with the upstream official docker:dind image and resolves a race condition in #11378 that can cause docker-related tasks on GoCD agents to fail due to improvements in GoCD agent work pick-up speed in recent releases.

Prior to GoCD 23.2.0, if the daemon failed to start the agent would continue to work without it. Docker commands within tasks would fail, however the agent would continue. If you were accidentally relying on this behaviour (e.g due to running the agent without the privileged flag, without the appropriate Kubernetes securityContext, or without mounting the host's docker.sock into the container correctly), you will need to update your agent start scripts or elastic agent profile to ensure the daemon has the correct container privileges, OR switch to a non-DIND agent image such as a plain Alpine image.

Keep in mind that you only need to use a DIND agent image if you are relying on docker-in-docker or docker-out-of-docker approaches to build or run nested or sibling containers within your agent host. If you want a drop-in replacement, we recommend that you use an off-the-shelf GoCD Agent Alpine image, or if you need the Docker CLI (without daemon) build your own custom child image, augmenting with apk add docker-cli or similar tooling.

Enhancements

• #11629, #11633 - Ability to store/retrieve session state within GoCD plugins to facilitate increased security OAuth2/OIDC
• #11693 - Starting this release, Debian 12 / Bookworm based container images for GoCD Agent are available.
• #11578 - Starting this release, Alpine 3.18 based container images for GoCD Agent are available.
• #11578 - Build the default GoCD Server image on Alpine 3.18
• #11405 - Reduce size/security attack surface of CentOS Stream 9 based container images (requires use of microdnf instead of dnf)
• #11472, #11449, #11473, #11626, #11627, #11625 - Increase UI loading speed by reducing bundle size
• #11535 - Improve pipeline config tab switch confirmation dialog message
• #11663 - Improve user experience when managing Pluggable SCMs with Auto Update
• #11664 - Improve error messages during config repo material validation
• #11634 - Allow server wrapper-properties customisation within server container images

Bug fixes

• #11378, #11406 - gocd-agent-docker-dind:v23.1.0 image can sometimes fail docker tasks run after agent start
• #11548 - go-agent 23.1.0 does not start when system tmp dir has a noexec mount
• #11376 - Remove unnecessary bloat within CentOS 7 arm64 agent container image
• #11544 - Pipeline config deep links from Pluggable SCMs and Elastic Agents don't work as expected
• #11399 - GoCD Artifacts tab doesn't show artifacts whose name starts with a dot
• #11773 - Fix import of nant_path from nant config repo tasks
• #11772 - Fix export to config repo of fetch artifact tasks without pipeline name set
• #11652 - Fix font display consistency across views
• #2822 - Fix logging ERROR noise from url rewriting logic
• #11513 - Remove misleading reporting of agent "creating properties" in console logs

Security fixes

There are no security fixes included in this release (for issues known to affect GoCD).

However, we regularly upgrade dependencies to mitigate known vulnerabilities from third party software (regardless of whether they are known to affect GoCD), so upgrading to the latest release is always recommended from a security perspective.

APIs

Improvements, deprecations and breaking changes in the API and plugin API have been moved to their respective changelogs - API changelog for 23.2.0 and Plugin API changelog for 23.2.0.

Contributors

Aravind SV, Chad Wilson, FeltIP, James McNee, Jeroen Oortwijn, Ketan Padegaonkar, Marc Ende

Note

A more comprehensive list of changes for this release can be found here.

Found a security issue that needs fixing? Please report it to https://hackerone.com/gocd

Please report any issues that you observe on GitHub issues.

Dashboard personalization enhancements

Personalized views allowing filters for failed or building stages now also allow inclusion of Cancelled or Paused pipelines.

Yum Repo Poller Plugin no longer bundled by default

Due to both its uncommon use and improvement of agent bootstrap speeds the Yum/RPM/DNF Repository Poller Plugin is no longer bundled with GoCD from 23.1.0 onwards.

All plugins impose a marginal startup cost for the server and certain plugins also to all agents. Since it is also currently difficult to override bundled plugins in some GoCD setups, the team have decided to stop bundling this particular plugin.

If you rely upon this plugin, follow these upgrade steps:

1. download the latest version of the plugin from GitHub
2. install the plugin as an external plugin (see plugin user guide)
3. upgrade your server to 23.1.0

You needn't worry about:

• Starting your old server version with the external plugin added. GoCD will ignore it, and prefer the bundled plugin until you upgrade.
• Loss of configuration while starting your server on 23.1.0 before adding the plugin back. Your config will be retained, however your server will not function correctly, and certain pipelines will not be editable until you restore the plugin and restart your server, which you should do as soon as possible.

As always, we recommend that you take a backup before upgrading.

Other Enhancements

• #11341 - Starting this release, Ubuntu, Debian and CentOS based container images are built multi-platform for both amd64 and arm64/aarch64 (example)
• #11053 - Starting this release, Alpine 3.17 based container images for GoCD Agent are available.
• #11053 - Build the default GoCD Server image on Alpine 3.17
• #8544 - Validate and enable GoCD server/agent install on Linux ARM / aarch64 system architecture
• #11286 - Improve agent work pickup speed with an exponential rather than fixed 10s backoff
• #11100 - Guard against out-of-memory errors when handling extremely long log lines from build task output
• #11275, #11285 - Improve artifact upload speed with buffer tweaks
• #11205 - Simplify & improve agent operating system complete name determination
• #11295 - Improve agent logging to avoid confusing double-timestamps
• #11048 - Improve logging of server output to assist with backup debugging
• #11296 - Improve container logging to avoid cut-off lines due to log buffering

Bug fixes

• #266, #11159 - GoCD doesnt correctly parse minified JUnit XML produced by pytest
• #4469, #11317 - Agent Error occurred during loop NullPointerException: Cannot invoke "org.apache.http.Header.getValue()" because "md5Header" is null
• #11222 - Fix occasional issues with container start stalling or crashing due to process wrapper issues
• #10669 - Dragging outside of the pipeline config web config dialogs can close the dialog without saving
• #11004 - Dead docs link on dashboard personalization page
• #11047 - Fix error messages on failure to launch DB backup process
• #11070 - Fix build label handling on VSM and job detail pages
• #11141 - Check server identity by default when talking SMTP over TLS
• #11134 - Stage History API fails with DB error on MySQL 8
• #11260 - Loading materials admin page creates syntax error on MySQL 8

Security fixes

Security fixes in this release were due to vulnerabilities responsibly disclosed by infoatb and CC Bomber, Kitri BoB (tunaf). Many thanks to them for the disclosures, discussions and ideas around mitigation.

Additionally, we regularly upgrade dependencies to mitigate known vulnerabilities from third party software (regardless of whether they are known to affect GoCD), so upgrading to the latest release is always recommended from a security perspective.

APIs

Improvements, deprecations and breaking changes in the API and plugin API have been moved to their respective changelogs - API changelog for 23.1.0 and Plugin API changelog for 23.1.0.

Contributors

Aravind SV, CC Bomber Kitri BoB (tunaf), Chad Wilson, Christian Butcher, Ketan Padegaonkar, Kim Sullivan, Sandro Heinzelmann, iantra, infoatb

Note

A more comprehensive list of changes for this release can be found here.

Found a security issue that needs fixing? Please report it to https://hackerone.com/gocd

Please report any issues that you observe on GitHub issues.

Changes

• #10759 - Improve agent start-up time during agent-to-server version synchronization
• #10924 - Bundle latest Java 17.0.5 patch release with non-Linux installers & containers
• Starting this release, MacOS Apple Silicon (arm64/aarch64) installers and test-drive experience are available.
• Starting this release, CentOS Stream 9 based docker images for GoCD Server are available.

Bug fixes

• #8999 - Agents page layout has overlapping backgrounds on Chromium-based browsers
• #10736 - GoCD 22.2.0 broke display of timestamps in plugin Elastic Agent Status Reports
• #10837 - Job History sidebar dropdown does not display timestamps for previous job runs
• #10891 - Build labels are truncated in pipeline activity page
• #10937 - Support API logs a lot of noisy errors on Java 16+
• #10943 - Fetch Artifact task doesn't provide correct suggestions when switching stages on pipeline config
• #10982 - Fix Postgres backups via pg_dump on Windows

Security fixes

There are no security fixes included in this release (for issues known to affect GoCD).

This release does upgrade a number of important internal components, some of which were EOL. We do not have evidence that the previously vulnerable dependencies pose any specific risk in GoCD's usage, however we endeavour to minimise dependency drift.

Since we regularly upgrade dependencies to mitigate known vulnerabilities from third party software (regardless of whether they are known to affect GoCD), so upgrading to the latest release is always recommended from a security perspective.

APIs

Improvements, deprecations and breaking changes in the API and plugin API have been moved to their respective changelogs - API changelog for 22.3.0 and Plugin API changelog for 22.3.0.

Contributors

Aravind SV, Chad Wilson, Chantry C, Jeroen Oortwijn, Ketan Padegaonkar, Lewis Jales-Huggins, pan Jacek

Note

A more comprehensive list of changes for this release can be found here.

Found a security issue that needs fixing? Please report it to https://hackerone.com/gocd

Please report any issues that you observe on GitHub issues.

Changes

• #10613 - Bundle latest Java 17
• #10518 - Build the default GoCD Server image on Alpine 3.16
• Starting this release, Alpine 3.16 based docker images for GoCD Agent are available.
• Starting this release, CentOS Stream 9 based docker images for GoCD Agent are available.
• Starting this release, Ubuntu 22.04 (Jammy Jellyfish) based docker images for GoCD Agent are available.

Security fixes

In this release, permissions were restricted further on Windows installer GoCD server & agent folders. Thank you to s7331 for responsibly disclosing this issue.

Additionally, we regularly upgrade dependencies to mitigate known vulnerabilities from third party software (regardless of whether they are known to affect GoCD), so upgrading to the latest release is always recommended from a security perspective.

Bug fixes

• #4173 - On Windows, custom commands with spaces in path fail
• #8986 - Git Material authentication fails for second user on the same repository
• #9153 - Git Material credentials cannot be changed
• #9509 - Unable to render VSM page when dependent pipelines are deleted or renamed
• #9964 - Can't add user into a role (and other admin functions) behind CloudFlare minification proxy
• #10036 - HTTP 500 when using external authorization plugins and GoCD site urls are blank
• #10440 - Windows installer does not exit as intended on downgrade attempts
• #10441 - Fix compatibility with JDK 11.0.15+ and 17.0.3+ during server configuration upgrades
• #10555 - Misleading error message logged when agents have connectivity issues with GoCD Server
• #10566 - Job Instance API does not return job state transitions as documented
• #10610 - Custom tabs do not resize correctly to use window height as intended
• #10648 - Plugin Admin page can display stale information after plugins are upgraded
• #10668 - Fetch External (plugin) Artifact task gives generic Unprocessable Entity error for failing plugin validations
• #10675 - Stage Details statistics graph page navigation broken on Chrome/Chromium

APIs

Improvements, deprecations and breaking changes in the API and plugin API have been moved to their respective changelogs - API changelog for 22.2.0 and Plugin API changelog for 22.2.0.

Contributors

Aravind SV, Chad Wilson, Christian Butcher, Ganesh S Patil, Ketan Padegaonkar, Kritika Singh, Mahesh Panchaksharaiah, Marques Lee, Shakir Shakiel, s7331

Note

A more comprehensive list of changes for this release can be found here.

Found a security issue that needs fixing? Please report it to https://hackerone.com/gocd

Please report any issues that you observe on GitHub issues.

Security fixes

This release has important security fixes and upgrades to a number of internal components.

This is an especially important upgrade due to two remote code execution vulnerabilities that could allow existing authenticated users with malicious intent to trigger remote code execution on the GoCD Server, within

• the LDAP Authentication Plugin
• use of Mercurial source control materials or configuration repositories

If you are unable to upgrade immediately, you can mitigate the high severity issues by

1. removing any authorization configurations for the bundled LDAP Authentication plugin
   • if LDAP login is required, consider migrating your configuration to a patched (v4.2.0-73+) version of the LDAP Authorization Plugin, which supports both authentication and (optional) authorization
2. uninstalling the hg/Mercurial binary from the underlying GoCD Server operating system or Docker image

Security fixes in this release were due to vulnerabilities responsibly disclosed by Alessio Della Libera (of the Snyk Security Team), Alexey Solovyev (solev9ev) and SuperXX (Xiao Xiong). Many thanks to them for the disclosures, discussions and ideas around mitigation.

Java 17 support

This release includes compatibility changes within the GoCD Server to support Java 17.

Java 16+ includes a number of restrictions on access to Java Runtime internals that required either GoCD changes or specific "opt-outs" to be included in GoCD server's start-up arguments. Currently, there are no opt-outs known to be required on GoCD agents.

If you use the regular GoCD start-up scripts, and/or the packaged Java Runtime Environments with our installers and/or Docker images, there is nothing extra you should need to do to run with Java 16+.

Plugin compatibility with Java 17

GoCD has many plugins and while we have sanity checked many, it is not practical for us to test every plugin. Plugins are also constrained by these Java Runtime restrictions, and if they either rely on access to Java Runtime internals or use libraries that do so, they may experience issues.

If you experience issues with a plugin, or GoCD Server or a GoCD Agent

• try working around the issue by following this guide
• please report the issue, including a full stack trace from the logs
  • for plugin issues, on the relevant plugin's GitHub repository (these are linked from the Author of each plugin in Admin -> Plugins)
  • for GoCD Server/Agent issues, on our GitHub issues
• if you are not sure if a plugin or GoCD is at fault, feel free to start a discussion in our GitHub discussions or via the GoCD Google Group

Changes

• #9818 - Upgrade GoCD to run and build with Java 17
• #10025 - Build the default GoCD Server image on Alpine 3.15
• #10153 - Drop source/target compatibility back to Java 11 LTS
• #10071 - Support Bitbucket push webhooks that contain multiple changes

Bug fixes

• #9002 - Cannot input multiple lines for Perforce material view
• #9927 - Clean working directory sometimes fails on POSIX file systems with GoCD 21.3
• #10086 - GoCD Server fails to start when commit GPG signing is enabled at system/user level
• #10169 - Correct message displayed when agents are stuck cancelling jobs

APIs

Improvements, deprecations and breaking changes in the API and plugin API have been moved to their respective changelogs - API changelog for 22.1.0 and Plugin API changelog for 22.1.0.

Contributors

Alessio Della Libera (of the Snyk Security Team), Alexey Solovyev (solev9ev), Aravind SV, Chad Wilson, Ganesh S Patil, Jeroen Oortwijn, Ketan Padegaonkar, Kritika Singh, Mahesh Panchaksharaiah, Marques Lee, Sandro Heinzelmann, SuperXX (Xiao Xiong)

Note

A more comprehensive list of changes for this release can be found here.

Found a security issue that needs fixing? Please report it to https://hackerone.com/gocd

Please report any issues that you observe on GitHub issues.

Preparation for Java 17

This release focuses on internal changes, dependency upgrades and build/test automation changes required for GoCD to support Java 17. Since Java 17 is a long-term-support (LTS) release and Java 16 is now end-of-life, we intend to skip specific validation against Java 16.

While we are not quite ready, most required changes are part of the 21.4.0 release, so we expect experimental builds to be made available soon in preparation for a subsequent release.

Security Fixes

This release improves GoCD's security posture further by

• correcting a reflected XSS issue on API error responses. Thank you to dmxjon (aka DiMaX) for responsibly disclosing this issue.
• upgrading a number of internal components, some of which have known vulnerabilities.

We do not have evidence that the upgraded dependencies pose any specific risk in GoCD's usage, however we endeavour to minimise dependency drift.

Changes

• #9828 - Build the default GoCD Server image on Alpine 3.14
• #9966 - Migrate CentOS 8 Agent and Server images to CentOS Stream
• #9922 - Base Debian agent images on "slim" variants
• Starting this release, Alpine 3.15 based docker images for GoCD Agent are available.
• Starting this release, Debian 11 based docker images for GoCD Agent are available.

Bug Fixes

• #9914 - GoCD Server on MacOS not running with packaged JRE by default
• #9992 - Remove broken "more…" link from Job Detail pages

APIs

Improvements, deprecations and breaking changes in the API and plugin API have been moved to their respective changelogs - API changelog for 21.4.0 and Plugin API changelog for 21.4.0.

Contributors

Aravind SV, Chad Wilson, Ganesh S Patil, Ketan Padegaonkar, Kritika Singh, Mahesh Panchaksharaiah, Marques Lee, dmxjon (aka DiMaX)

Note

A more comprehensive list of changes for this release can be found here.

Found a security issue that needs fixing? Please report it to https://hackerone.com/gocd

Please report any issues that you observe on GitHub issues.

Security Fixes

This release has important security fixes and upgrades to lots of internal components. We recommend all users to upgrade to this version to safeguard your GoCD server.

The Business Continuity feature has been disabled as a part of these changes. If you are not able to upgrade immediately, please make sure to disable the route /add-on/business-continuity/* while you make plans to upgrade.

Security fixes in this release were due to vulnerabilities responsibly disclosed by Simon Scannell, Thomas Chauchefoin, and Paul Gerste of SonarSource. Many thanks to them for the disclosures, discussions and ideas around mitigation.

Changes

• All materials URLs for Git, Mercurial, Subversion and TFS materials will now need to start with an alphanumeric character or a /. Please open a GitHub issue if this is a problem for you. There is a temporary flag available for this change.
• #9662 - Remove "Failures" tab in Job Details page.
• #9797 - Build the default GoCD Server image on Alpine 3.13.
• Starting this release, Alpine 3.14 based docker images for GoCD Agent are available.
• Starting this release, Ubuntu 20.04 based docker images for GoCD Agent are available.

Upcoming changes

GoCD doesn't yet work with Java 16+. The upgrade to Java 16 requires quite a few changes, which will be attempted in the near future. Given changes in the Java ecosystem (such as Adoptium not providing a JRE any more), we might need to re-think sticking with the latest JVM and maybe consider LTS releases.

APIs

Improvements, deprecations and breaking changes in the API and plugin API have been moved to their respective changelogs - API changelog for 21.3.0 and Plugin API changelog for 21.3.0.

Contributors

Aravind SV, Chad Wilson, Hussein Kadiri, Mahesh Panchaksharaiah, Marques Lee, Paul Gerste, Simon Scannell, Thomas Chauchefoin

Note

A more comprehensive list of changes for this release can be found here.

Found a security issue that needs fixing? Please report it to https://hackerone.com/gocd

Please report any issues that you observe on GitHub issues.

Security Fixes

This release has important security fixes. We recommend all users to upgrade to this version to safeguard your GoCD server.

Changes

• #9086 - Bundle latest Java 15
• Starting this release, Alpine 3.13 based docker images for GoCD Agent are available.

Bug fixes

• #8899 - "Config Changed" diff marks lines containing dash (-) as removed
• #9073 - Add missing Content-Type check

APIs

Improvements, deprecations and breaking changes in the API and plugin API have been moved to their respective changelogs - API changelog for 21.2.0 and Plugin API changelog for 21.2.0.

Contributors

Aravind SV, Ganesh S Patil, Ketan Padegaonkar, Kritika Singh, Mahesh Panchaksharaiah, Marques Lee, Varsha Varadarajan

Note

A more comprehensive list of changes for this release can be found here.

Found a security issue that needs fixing? Please report it to https://hackerone.com/gocd

Please report any issues that you observe on GitHub issues.

Security Fixes

This release has important security fixes pertaining to Agent-Server communication. We recommend all users to upgrade to this version to safeguard your GoCD server.

These security vulnerabilities were responsibly disclosed by Denis Andzakovic. We want to give users some time to upgrade, before providing more details about the vulnerabilities.

Webhook support for Config Repositories

Starting GoCD 21.1.0, the config repositories can be refreshed or updated via a webhook trigger. The config repositories page will now showcase the URL required to configure the same (if auto update has been turned off).

Improvements

• #8900 - Improve UX - add search functionality on page

Bug fixes

• #8915 - Repeated logging: Could not find file config/cipher and config/go.feature.toggles

APIs

Improvements, deprecations and breaking changes in the API and plugin API have been moved to their respective changelogs - API changelog for 21.1.0 and Plugin API changelog for 21.1.0.

Contributors

Aravind SV, Ganesh S Patil, Ketan Padegaonkar, Kritika Singh, Mahesh Panchaksharaiah, Marques Lee, Varsha Varadarajan

Note

A more comprehensive list of changes for this release can be found here.

Have ideas and want to contribute? Need some help getting started? Search the archives in the GoCD mailing list.

Found a security issue that needs fixing? Please report it to https://hackerone.com/gocd

Please report any issues that you observe on GitHub issues.

Improvements

• 85a721b - Improve UI performance by increasing the polling interval if the window is in background.
• #8729 - Modal UX improvements: for validation failures, errors indicated next to the save button

Bug fixes

• #8730 - Unexplained performance degradation/lock-ups after 20.5.0 to 20.8.0 upgrade
• #8741 - Pipeline Activity column headings not aligned with progress blobs
• #8767 - Agents API is slow when there are too many secure variables in GoCD environment
• #8774 - Agent resource tags are case-sensitive when referenced from a job
• #8775 - Make ignore_for_scheduling field read-only on pipeline config edit SPA, for configs from Config Repo

APIs

Improvements, deprecations and breaking changes in the API and plugin API have been moved to their respective changelogs - API changelog for 20.10.0 and Plugin API changelog for 20.10.0.

Contributors

Aravind SV, Ganesh S Patil, Ketan Padegaonkar, Kritika Singh, Mahesh Panchaksharaiah, Marques Lee, Shakir Shakiel, Varsha Varadarajan

Note

A more comprehensive list of changes for this release can be found here.

Have ideas and want to contribute? Need some help getting started? Search the archives in the GoCD mailing list.

Found a security issue that needs fixing? Please report it to https://hackerone.com/gocd

Please report any issues that you observe on GitHub issues.

Preference Page

As part of the ongoing UI/UX refresh for improving the user experience, the Prefernce page has been rewritten to keep it in sync with other pages, while retaining existing functionality. Feedback/ideas are welcome, please open an issue here to add your comments.

Stage Overview on VSM Page

Staring this release, the users can view the stage overview on VSM page. Earlier, it was available on the Dashboard and Pipeline Activity Page.

In case of stage re-runs, the stage overview now provides an option to view previous stage runs.

Other Improvements

• #1926 - Job Timeout should apply even when the job could not be assigned to an agent
• #5787 - Ability to start server in maintenance mode
• #8170 - Support for webhook integration with Pluggable SCM materials
• #8592 - Add secrets support in elastic agent configurations
• #8599 - Load GoCD configurations from config repositories on GoCD startup
• #8667 - Auto Update of Config Repo materials can be turned off now

Bug fixes

• #8542 - Changes to global Plugin Material Config and Package Config does not reflect on pipeline materials
• #8594 - Feeds API for scheduled jobs will return jobs only for pipeline which can be viewed by the user
• #8601 - Solve issue around missing SCMs coming from config repo
• #8623 - Fix the check connection button text on pluggable scm modal
• #8628 - Do not run database migration for server in standby
• #8643 - Elastic Agent Plugin always migrates the old plugin settings
• #8650 - Fixed the git version mismatch between error message and actual check
• #8653 - Fixed the issue of Duplicate SCM on config repo parsing
• #8655 - Do not purge the config repo defined structures cache on polled fetch on Config Repo Page
• #8685 - Minor Pipeline Comparison UI regressions introduced in 20.3.0
• #8624 - Fix - Postgres with SSL throws "PSQLException: SSL error: null"

Removal

• The CentOS 6 based docker image for GoCD Agent has been removed. CentOS 6 has reached end-of-life in Nov 2020. Please use an image based on a newer version of the CentOS.
• The Alpine 3.9 based docker image for GoCD Agent has been removed. Alpine 3.9 has reached end-of-life in Nov 2020. Please use an image based on a newer version of the Alpine.

APIs

Improvements, deprecations and breaking changes in the API and plugin API have been moved to their respective changelogs - API changelog for 20.9.0 and Plugin API changelog for 20.9.0.

Contributors

Aravind SV, Ganesh S Patil, Ketan Padegaonkar, Kritika Singh, Mahesh Panchaksharaiah, Marques Lee, Varsha Varadarajan

Note

A more comprehensive list of changes for this release can be found here.

Have ideas and want to contribute? Need some help getting started? Search the archives in the GoCD mailing list.

Found a security issue that needs fixing? Please report it to https://hackerone.com/gocd

Please report any issues that you observe on GitHub issues.

Materials Page

We have introduced a new Materials Page which lists all the configured materials. The page provides an ability to trigger a material update. For each material you can view the modifications with a corresponding link to VSM.

Support for Branch and Pull Requests

The GoCD Groovy DSL Configuration Plugin adds support for PR and branches in the latest version of the plugin. The plugin provides an ability to templatize a pipeline or an entire workflow to run your builds against each branch and PR. Once a template is defined, the plugin scans the configured repository at a regular interval and for each available branch/PR it builds the corresponding pipelines.

Refer to the plugin documentation for comprehensive examples to use this feature.

Stage Overview on Pipeline Activity Page

Staring this release, the users can utilize the stage overview on Pipeline Activity page. Earlier, it was only available on the Dashboard.

Other Improvements

• #3962 - Support allowlist for pluggable SCM materials
• #8234 - Support for secrets management interpolation on Pluggable SCM materials
• #8367 - Add support for denylist for plugin materials on the edit material popup
• #8522 - Exponential backoff material update in case of failures
• #8558 - Add support for secrets in Package configurations

Bug fixes

• #8490 - Invalid stage settings link on stage overview when a pipeline is defined from a template
• #8492 - ConfigRepoPlugin should decrypt all of the configuration properties when including them in the request.
• #8502 - Dashboard UI issue: Repeated trigger buttons
• #8511 - Allow group admin users to check connection for Pluggable SCM config
• #8524 - Test Connection with ## in Repository URL doesn't work in Pipeline Wizard
• #8525 - Backup breaks when WRAPPER_CONF_DIR is not set
• #8540 - Fix job rerun icon positioning on stage overview

APIs

Improvements, deprecations and breaking changes in the API and plugin API have been moved to their respective changelogs - API changelog for 20.8.0 and Plugin API changelog for 20.8.0.

Contributors

Aravind SV, Ganesh S Patil, Ketan Padegaonkar, Kritika Singh, Mahesh Panchaksharaiah, Marques Lee, Varsha Varadarajan

Note

A more comprehensive list of changes for this release can be found here.

Have ideas and want to contribute? Need some help getting started? Search the archives in the GoCD mailing list.

Found a security issue that needs fixing? Please report it to https://hackerone.com/gocd

Please report any issues that you observe on GitHub issues.

Dashboard Improvements

In this release, there have been significant improvements to the GoCD dashboard UX:

• We have introduced a new stage overview which provides users with quick access to stage details on the dashboard. The stage overview provides information about all the jobs in a stage, gives an option to re-run jobs and to quickly access the job console from the dashboard.
• The GoCD dashboard now provides an ability to trigger manual stages.

Other Improvements

• Starting this release, Alpine 3.12 based docker images for GoCD Agent are available.
• The bundled yum package material plugin has been updated to work on RHEL 8
• #8411 - Allow only admins and pipeline group admins to perform check connection on pipeline materials.

Bug fixes

• #8416 - Agent SSL Verification with reverse proxy fails
• #8427 - Agents going Lost Contact after a while and warnings in the server about remoteBuildRepository
• #8460 - Mask authentication credentials in urls on materials tab on pipeline config edit page
• #8463 - Fail to perform any GoCD updates due to invalid config repository configuration
• #8464 - Added validation for null arguments for exec command

APIs

Improvements, deprecations and breaking changes in the API and plugin API have been moved to their respective changelogs - API changelog for 20.7.0 and Plugin API changelog for 20.7.0.

Contributors

Aravind SV, Ganesh S Patil, Ketan Padegaonkar, Kritika Singh, Mahesh Panchaksharaiah, Marques Lee, Varsha Varadarajan

Note

A more comprehensive list of changes for this release can be found here.

Have ideas and want to contribute? Need some help getting started? Search the archives in the GoCD mailing list.

Found a security issue that needs fixing? Please report it to https://hackerone.com/gocd

Please report any issues that you observe on GitHub issues.

New Pipeline as code wizard

The Pipeline as code wizard makes it easier for users to define and generate pipeline definitions using the config repo plugin of their choice.

SSL support - Breaking Changes

In GoCD 20.2.0 we had announced the removal of support for TLS on port 8154 using a self-signed certificate. To minimize disruptions, GoCD temporarily provided an option to enable the TLS port.

With this release, GOCD no longer supports configuring TLS within GoCD and will stop bringing up TLS on port 8154. If you have temporarily enabled TLS, and if the agents are configured to use the TLS port 8154 they will have to reconfigured to use port 8153, else the agent will stop connecting to the server.

Business Continuity

GoCD had a failover mechanism to decrease the impact of server failure. This feature was available as part of the paid offering through the Business Continuity Addon. As part of open sourcing all the commercial components, the Business continuity feature has been incorporated into GoCD core. Please refer to the documentation to know more about the Business Continuity feature.

Data Sharing

The Data Sharing feature has been removed from GoCD.

Other Improvements

• #8210 - Allow git material to honor a refSpec as the branch name
• #8263 - Better naming for whitelist/blacklist options
• #6722 - Showcase a help component for concepts on all SPAs
• #8315 - Show help text when plugin role selector is disabled on Roles SPA
• #8327 - Show branch name on materials table

Bug fixes

• #8231 - Fix rule circumvention issue that allows partials from config-repository to be merged even if rules are violated
• #8314 - Fix Users update API to return appropriate status code on update user failure
• #8298 - Fix duplicate error message from the Stage Trigger API
• #8335 - Fix NPE issue while using access token which has reference to invalid authorization configuration
• #8345 - Stale response while using Stage History API
• #8350 - Resolve secret params during check connection
• #8308 - Validate empty tasks in a job
• #8261 - Added toggle icon to view the text while editing for secure environment variables
• #8141 - Improvements and Bug Fixes on Pipeline Config SPA
• #8361 - Add client side validations for environment variables on Pipeline Config SPA

Removal

• The Debian 8 (jessie) based docker image for GoCD Agent has been removed. Debian 8 (jessie) has reached end-of-life in June 2020. Please use an image based on a newer version of the Debian.

APIs

Improvements, deprecations and breaking changes in the API and plugin API have been moved to their respective changelogs - API changelog for 20.6.0 and Plugin API changelog for 20.6.0.

Contributors

Aravind SV, Ganesh S Patil, Ketan Padegaonkar, Kritika Singh, Mahesh Panchaksharaiah, Marques Lee, Steven Streisguth, Varsha Varadarajan

Note

A more comprehensive list of changes for this release can be found here.

Have ideas and want to contribute? Need some help getting started? Search the archives in the GoCD mailing list.

Found a security issue that needs fixing? Please report it to https://hackerone.com/gocd

Please report any issues that you observe on GitHub issues.

Support for multiple databases

GoCD 20.5.0, while continuing to use H2 as the default database, introduces support for PostgreSQL without a need for the (previously used) commercial addon. As part of these changes GoCD moved away from using the unmaintained dbdeploy to liquibase for automated database migrations. These changes require a one-time manual migration of the GoCD database running on versions <= 20.4.0 to one compliant with GoCD 20.5.0 and beyond, even if you decide not to migrate to PostgreSQL.

Please refer to the GoCD Database migration document for steps to migrate your database.

UI/UX refresh

As part of the ongoing UI/UX refresh for improving the user experience, the Templates Authorization page has been rewritten to keep it in sync with other pages, while retaining existing functionality.

Other Improvements

• #150 - Agents API (on GoCD server side) provides information about Agent and Agent Bootstrapper versions.
• #8127 - Improved performance of pipeline edit on Environments page
• #8114 - Agents API to force kill tasks on an agent stuck in Building(Cancelled) state.
• #8223 - Improved help text in UI for artifact cleanup options.

Bug fixes

• #8220 - Fixed bug when adding notifications using the Notification Filters API.

Deprecations

APIs

Improvements, deprecations and breaking changes in the API and plugin API have been moved to their respective changelogs - API changelog for 20.5.0 and Plugin API changelog for 20.5.0.

Contributors

Aravind SV, Ganesh S Patil, Ketan Padegaonkar, Kritika Singh, Mahesh Panchaksharaiah, Marques Lee, Steven Streisguth, Varsha Varadarajan

Note

A more comprehensive list of changes for this release can be found here.

Have ideas and want to contribute? Need some help getting started? Search the archives in the GoCD mailing list.

Found a security issue that needs fixing? Please report it to https://hackerone.com/gocd

Please report any issues that you observe on GitHub issues.

Default permissions on new pipeline groups

Starting from 20.4.0, all pipeline groups with no explicit permissions setup can only be viewed and operated by GoCD system administrators. Earlier, such pipeline groups could be viewed and operated by every valid user. This changes it to be secure by default.

UI/UX refresh

As part of the ongoing UI/UX refresh for improving the user experience, the Pipeline Config edit page has been rewritten to keep it in sync with other pages, while retaining existing functionality. Feedback/ideas are welcome, please open an issue here to add your comments.

Other Improvements

• #8118 - Update Package and Pluggable SCM page to support auto_update
• #8140 - Improving config repository error message while parsing related to rules

Bug fixes

• #8119 - Adding a package material via Package page causes the pipeline to fail
• #8132 - Fixed Template API update failure when parameter resolution has errors

Deprecations

• The Alpine 3.8 based docker image for GoCD Agent has been removed. Alpine 3.8 has reached end-of-life in May 2020. Please use an image based on a newer version of the Alpine.

APIs

Improvements, deprecations and breaking changes in the API and plugin API have been moved to their respective changelogs - API changelog for 20.4.0 and Plugin API changelog for 20.4.0.

Contributors

Aravind SV, Ganesh S Patil, Ketan Padegaonkar, Kritika Singh, Mahesh Panchaksharaiah, Marques Lee, Steven Streisguth, Varsha Varadarajan

Note

A more comprehensive list of changes for this release can be found here.

Have ideas and want to contribute? Need some help getting started? Search the archives in the GoCD mailing list.

Found a security issue that needs fixing? Please report it to https://hackerone.com/gocd

Please report any issues that you observe on GitHub issues.

New Pluggable SCMs Page

We have introduced a new Pluggable SCMs page to create and manage Plugin Materials.

UI/UX refresh

As part of our ongoing UI/UX refresh for improving the user experience, we have rewritten the Packages and Comparisons page to keep it in sync with other pages and retaining the existing functionality.

Packages Page

Comparison Page

Other Improvements

• #2947 - Custom SCM material plugins do not show up in the list of materials when creating a new pipeline
• #7022 - Pipeline creation wizard missing package material type
• #7860 - Pipelines page: disable delete for pipelines with dependent pipelines
• #7889 - [Performace Improvement] Remove unnecessary group by cause while loading dashboard pipeline

Bug fixes

• #2197 - Incorrect error message for invalid template name
• #7865 - PipelineConfig Create API: ensures pipeline group name check is case-insensitive
• #7903 - Maintenance mode message not showed in some pages
• #7982 - Fix fingerprint generation for Plugin and Package materials
• #8012 - PipelineConfig API: incorrect error mapping for stage authorization errors

APIs

Improvements, deprecations and breaking changes in the API and plugin API have been moved to their respective changelogs - API changelog for 20.3.0 and Plugin API changelog for 20.3.0.

Contributors

Aravind SV, Ganesh S Patil, Ketan Padegaonkar, Kritika Singh, Mahesh Panchaksharaiah, Marques Lee, Steven Streisguth, Varsha Varadarajan

Note

A more comprehensive list of changes for this release can be found here.

Have ideas and want to contribute? Need some help getting started? Search the archives in the GoCD mailing list.

Found a security issue that needs fixing? Please report it to https://hackerone.com/gocd

Please report any issues that you observe on GitHub issues.

Support for Rules on Config Repositories (Pipeline as Code)

In order to provide fine-grained access control over the entities that are created by a config repository, GoCD adds support for defining rules on config repositories that specifies which environments, pipeline groups, pipelines the repository can refer to. Please refer to the Specifying rules on Config Repository for more information.

Changes to SSL Support

There are important changes to how GoCD handles SSL support. If you are upgrading to GoCD 20.2.0, agents will have to be reconfigured to connect to the server. Please read the GoCD SSL Changes for more information.

Other Improvements

• Starting this release, Alpine 3.11 and CentOS 8 based docker images for GoCD Server are available.
• #6031 - Improve Pipeline Material auto update mismatch error
• #7736 - Improvements to wrapper properties examples
• #7748 - Improve Logging - Add plugin load/update/remove logs
• #7713 - Provide additional information about GoCD deprecated APIs
• #3194 - Add the possibility to retrieve template parameters through the template API

Bug fixes

• #7737 - Fixed issue with moving pipeline between groups
• #7676 - Fixed invalid run_instance_count during pipeline export
• #7822 - Missing response body error when submitted Pipeline JSON has duplicate job name error
• #7824 - Pipeline Config API does not return any error message for invalid job resources
• #7830 - Don't showcase pending agents in edit agents modal
• #7853 - Improve search on Config Repository SPA
• #7709 - Leading space in commit message breaks material modification check
• #7752 - Modification check failed for material: special characters are not allowed
• #3103 - Missing parameter in dependent pipeline leads to unknown error in template configuration
• #7747 - Operate permission cannot View pipeline group

Breaking Changes

• Starting this release, GoCD Server docker image will be based on Alpine 3.11 instead of Alpine 3.9.
• Starting this release, the newer GoCD release tags will not be published for CentOS 7 based docker image for GoCD Server. CentOS 8 based docker image for GoCD Server is available, and users are encouraged to use it.

APIs

Improvements, deprecations and breaking changes in the API and plugin API have been moved to their respective changelogs - API changelog for 20.2.0 and Plugin API changelog for 20.2.0.

Contributors

Aditya Sood, Akshay Dewan, Ankit Srivastava, Aravind SV, Bhupendrakumar Piprava, Dhanashri Pagar, Ganesh S Patil, Isabelle Carter, Jen Marley, Ketan Padegaonkar, Kiera Radman, Kritika Singh, Louda Peña, Lubaina R, Mahesh Panchaksharaiah, Mansi Shah, Marques Lee, Rajiesh N, Sheroy Marker, Steven Streisguth, Tomasz Setkowski, Varsha Varadarajan, Veerababu Kona, Viraj Patil, Vrushali Waykole

Note

A more comprehensive list of changes for this release can be found here.

Have ideas and want to contribute? Need some help getting started? Search the archives in the GoCD mailing list.

Found a security issue that needs fixing? Please report it to https://hackerone.com/gocd

Please report any issues that you observe on GitHub issues.

Improvements to Role Based Access Control

As part of GoCD release v19.11.0, GoCD roles were enhanced to support granular authorization.

This release adds support to configure access permissions for cluster profiles and elastic agent profiles. Support for other GoCD entities will be added in subsequent releases.

Please refer to the Policy Documentation for Elastic Agent Configurations for more information.

UI/UX refresh

As part of our ongoing effort towards making the UI/UX consistent across all pages of GoCD, in this release we have rebuilt the following pages:

Pipeline Group Authorization Edit Page

Support for Postgres 10 and above

From this release the commercial GoCD PostgreSQL Addon will support Postgres version 10, 11 and 12.

Note: As per earlier announcement this Addon is expected to be open sourced in Q2 of 2020.

Other Improvements

• Starting this release, Alpine 3.11 based docker images for GoCD Agent are available.
• #1364 - Introduce Get Job Instance API
• #2990 - Make 'material name' accessible through Pipeline instance API
• #3326 - History APIs for pipeline/stage/job instances should allow defining page size
• #5717 - Showcase config repository validation errors on separate line
• #7560 - Enable job settings link in elastic agent profile usages modal for pipelines coming from config-repos
• #7575 - Expose current agent resources as GO_AGENT_RESOURCES environment variable

Bug fixes

• #7498 - Handle failing stage status animation
• #7472 - Cancelled icon is not rendered for cancelled jobs on stage details page
• #7509 - Config Repositories does not refresh when an elastic profile is added
• #7534 - Pipeline Group API update gives 200 even when a non-existent role is passed
• #7557 - Unable to run commands with multi-line arguments configured via UI
• #7572 - Dashboard UI not updating on pipeline group authorization updates
• #7603 - CPU Spike while visiting Elastic Agents Configuration page
• #7654 - Fix for 19.12.0 upgrade failures if pipeline label contains package material name.
• #7656 - Pipeline Group Admin should receive a 403 on create pipeline if the group specified does not exist

Deprecations

• The Alpine 3.7 based docker image for GoCD Agent has been removed. Alpine 3.7 has reached end-of-life in Nov 2019. Please use an image based on a newer version of the Alpine.

APIs

Improvements, deprecations and breaking changes in the API and plugin API have been moved to their respective changelogs - API changelog for 20.1.0 and Plugin API changelog for 20.1.0.

Contributors

Aditya Sood, Akshay Dewan, Ankit Srivastava, Aravind SV, Bhupendrakumar Piprava, Dhanashri Pagar, Ganesh S Patil, Isabelle Carter, Jen Marley, Ketan Padegaonkar, Kiera Radman, Kritika Singh, Louda Peña, Lubaina R, Mahesh Panchaksharaiah, Mansi Shah, Marques Lee, Rajiesh N, Sheroy Marker, Steven Streisguth, Tomasz Setkowski, Varsha Varadarajan, Veerababu Kona, Viraj Patil, Vrushali Waykole, Zamfir Catalin Alexandru

Note

A more comprehensive list of changes for this release can be found here.

Have ideas and want to contribute? Need some help getting started? Search the archives in the GoCD mailing list.

Found a security issue that needs fixing? Please report it to https://hackerone.com/gocd

Please report any issues that you observe on GitHub issues.

Read Only View for Config Repository Pipelines

Earlier users had to visit the source control repository to know the pipeline settings of the pipelines defined on config repository. Now, Users will now be able to view configurations of pipelines defined via config repositories in read-only mode within the GoCD application.

Improvements to Role Based Access Control

As part of GoCD release v19.11.0, GoCD added support to configure access permissions to environments using policies at a granular level. This release adds support to configure access permissions for config repositories. Support for other GoCD entities will be added in subsequent releases.

UI/UX refresh

As part of our ongoing effort towards making the UI/UX consistent across all pages of GoCD, in this release we have rebuilt the following pages:

Elastic Agent Configuration Page

Pipeline Activity Page

Agent Job Run History Page

Other Improvements

• #7321 - Introduce Pipeline Comment feature to allow users commenting on a pipeline instance. Please refer to the documentation to know more about pipeline comment feature.
• #7229 - Performance improvements to Pipeline Config updates through UI.
• #3370 - Add pipeline group name to environment variable context during build assignment.
• #7402 - Allow users to rename pipeline group via API.
• #7370 - Environment SPA Improvements.
• #7372 - Add Confirmation modal on server config SPA while switching tabs.
• #7375 - Open new read only templates page upon clicking view templates from pipeline configurations page.
• #7374 - Improve agent's API error message.
• #6897 - Guess webhook repo url for ssh urls.

Bug fixes

• #7481 - Fix persistence issue with secure environment variables of an environment.
• #7432 - Show error message when entity does not exist on SPAs.
• #7356 - Show appropriate error message for disabled pipeline edit icon on templates SPA.
• #7357 - Fix read only templates view jump issue.
• #7359 - Disable deleting environments defined in config repository through API.
• #7345 - Fix export pipeline to generate valid configuration for pipelines consisting of package repository materials.
• #7373 - Fix project management configuration persistence issue.
• #7415 - Allow users to cancel stage on maintainance mode page.
• #7423 - Show validation error message for on cancel task.
• #7456 - Fix loading issues with config repository SPA.
• #7468 - Show appropriate error message when user does not have permissions to edit pipeline configurations.
• #6363 - Show appropriate error message when pipeline does not exists on edit pipeline configurations page.
• #7442 - Fix issue with positioning of tool tip in users management page.
• #7336 - Add missing Send Test Email option on Email Configuration SPA.

APIs

Improvements, deprecations and breaking changes in the API and plugin API have been moved to their respective changelogs - API changelog for 19.12.0 and Plugin API changelog for 19.12.0.

Contributors

Aditya Sood, Akshay Dewan, Andrew Bentley, Ankit Srivastava, Aravind SV, Bhupendrakumar Piprava, Dhanashri Pagar, Ganesh S Patil, Isabelle Carter, Jen Marley, Ketan Padegaonkar, Kiera Radman, Kritika Singh, Louda Peña, Lubaina R, Mahesh Panchaksharaiah, Mansi Shah, Marques Lee, Rajiesh N, Sheroy Marker, Steven Streisguth, Tomasz Setkowski, Varsha Varadarajan, Veerababu Kona, Viraj Patil, Vrushali Waykole

Note

A more comprehensive list of changes for this release can be found here.

Have ideas and want to contribute? Need some help getting started? Search the archives in the GoCD mailing list.

Found a security issue that needs fixing? Please report it to https://hackerone.com/gocd

Please report any issues that you observe on GitHub issues.

Role Based Access Control

Traditionally, a Role in GoCD is a group of users. With this release, we are enhancing the purpose of Roles. Roles can now be used to control the access of different entities in GoCD, which earlier were accessible only by System Administrators.

System Adminstrators can configure permissions for a given role using policies at a granular level. This release adds support to configure access to environments, support for more entities will be added in subsequent releases.

Read the GoCD Policy documentation for more details.

UI/UX refresh

As part of our ongoing effort towards making the UI/UX consistent across all pages of GoCD, in this release we have rebuilt the following pages,

Server Configuration Page

Environments Page

Templates Page

Pipelines Page

Other Improvments

• #7229 - Performance improvements to Pipeline Config updates through UI.
• #6956 - Added support to load multiple plugins as a bundle.

Bug fixes

• #7296 - Fix issue with mounting directories as docker volume, if directories already exist
• #7281 - Fix for Agents page constant shuffle.
• #7285 - Fixed issue with weird lines showing up on agents table
• #7138 - Fix for Agent Job History order inconsistency
• #7212 - Error messages on agents SPA not getting displayed.
• #2048 - Fixed issue with incorrect job cancel, in case of canceling run on all agent job
• #7172 - Set JVM Properties in docker-gocd-agent-ubuntu
• #7177 - Show appropriate error when user does not have permissions to operate on a pipeline or pipeline group.
• #6754 - Fix for systemd not detected on Amazon Linux 2
• #7301 - Include wrapper-config files to the GoCD backup process

APIs

Improvements, deprecations and breaking changes in the API and plugin API have been moved to their respective changelogs - API changelog for 19.11.0 and Plugin API changelog for 19.11.0.

Security

We regularly fix security issues reported by security researchers. Upgrading to the latest release is always recommended. In this release, a security issue responsibly disclosed by Wasin Sae-ngow was fixed.

Contributors

Aditya Sood, Akshay Dewan, Ankit Srivastava, Antonio Masucci, Aravind SV, Bhupendrakumar Piprava, Dhanashri Pagar, Ganesh S Patil, Isabelle Carter, Jen Marley, Ketan Padegaonkar, Kiera Radman, Kritika Singh, Louda Peña, Lubaina R, Mahesh Panchaksharaiah, Mansi Shah, Marques Lee, Rajiesh N, Riko Stave, Sheroy Marker, Steven Streisguth, Tomasz Setkowski, Varsha Varadarajan, Veerababu Kona, Viraj Patil, Vrushali Waykole

Note

A more comprehensive list of changes for this release can be found here.

Have ideas and want to contribute? Need some help getting started? Search the archives in the GoCD mailing list.

Found a security issue that needs fixing? Please report it to https://hackerone.com/gocd

Please report any issues that you observe on GitHub issues.

Database cleanup

There are some unnecessary data in the GoCD database which will be removed upon the first server start after upgrading to 19.10.0. This cleanup will be done only for completed jobs and will remove historical data related to environment variables, artifact plans, resources and job-related metadata. This will not affect any information in GoCD's configuration file.

Depending on the size of your database, you may experience some delay during startup while the data is being removed from the database. Please do not kill the GoCD server until the database upgrade completes. If you do end up killing it, you might need to restore the database from the backup taken before this upgrade.

• 7d5d01f - Delete cruft from the DB for jobs that are completed.

Improved Agents page

Agents page has been improved in this release. Now it will have 2 tabs - Static and Elastic - for easy viewing and searching of static and elastic agents.

Optional upstream dependencies

Introduced ignore_for_scheduling flag at the pipeline dependency level to improve GoCD's ability to model pipelines, as described in this issue. This flag allows run of an upstream pipeline to be ignored by the downstream pipeline. This is useful in cases where a downstream pipeline has multiple materials and wants to have fine-grained control over which materials cause it to run. Previously, this was available only for SCM materials (like git, mercurial, etc). This flag is available on the material edit page, Pipeline Config API and the bundled JSON/YAML config repo plugins.

Other Improvements

• Starting this release, CentOS 8 based images for GoCD Agent are available
• 2c93195 - Bundle Java 13 for all installers.
• #4756 - Provide an option to sort by duration on the job run history page
• #6289 - Expose scm material url and branch as environment variables to tasks
• #6602 - Dashboard will show an info icon instead of settings icon for pipeline-as-code pipelines
• #7113 - Added 'group' property to Get Pipeline Config API
• #7155 - Added support for 'group' attribute in Update Pipeline Config API

Bug fixes

• #7002 - Honour hostname in agent autoregister properties
• #7037 - Bring back UUID support in SVN post commit hook API
• #7064 - Authorization config update API should not need id value
• #7067 - Fix for Notification preferences not persisted
• #7068 - Enable email support link is pointing to wrong link under preferences tab
• #7107 - Fix for job details page error if agent is not yet assigned
• #7126 - Fixed no response on deleting an auth config

Deprecations

• Starting this release, Fedora based docker image for GoCD Agent will not be published. Users can continue to use the older images and the agent will get auto-upgraded.

APIs

Improvements, deprecations and breaking changes in the API and plugin API have been moved to their respective changelogs - API changelog for 19.10.0 and Plugin API changelog for 19.10.0.

Contributors

Aditya Sood, Akshay Dewan, Ankit Srivastava, Aravind SV, Bhupendrakumar Piprava, Dhanashri Pagar, Ganesh S Patil, Isabelle Carter, Jen Marley, Ketan Padegaonkar, Kiera Radman, Kritika Singh, Louda Peña, Lubaina R, Mahesh Panchaksharaiah, Mansi Shah, Marques Lee, Rajiesh N, Rodny, Sheroy Marker, Sneha Patil, Steven Streisguth, Tomasz Setkowski, Varsha Varadarajan, Veerababu Kona, Viraj Patil, Vrushali Waykole

Note

A more comprehensive list of changes for this release can be found here.

Have ideas and want to contribute? Need some help getting started? Search the archives in the GoCD mailing list.

Found a security issue that needs fixing? Please report it to https://hackerone.com/gocd

Please report any issues that you observe on GitHub issues.

Support for Java 8 and 10 removed

Support for Java 8 and 10 has been dropped from this release. This is in line with our official stance on Java we announced earlier this year post the Java Licensing Changes.

Starting 19.9.0, GoCD Server and Agent would only support Java 11 or 12. Support for Java 13 will be introduced soon. GoCD installers from 19.6.0 come with Java Runtime pre-bundled, so users no longer need to install it separately.

Users might need to upgrade the GoCD Agent Bootstrapper. More information can be found here

Other Improvements

• #911 - Moved agent configuration out of the main xml configuration.
• #6919 - Improve performance of artifact download and digesting.

Bug fixes

• 4c54c9b - Fix git failure on CentOS 7 based GoCD agent docker images.
• #6918 - Error on opening on job details in the absence of cluster profile
• #6942 - Rules reordering not working on edit of secret config
• #6952 - GoCD page suddenly asking for client certificate
• #6968 - Materials API return 404 for existing materials and modifications in 19.8.0
• #6973 - Ignore unknown properties while upgrading plugin profile configuration
• #6979 - Add missing working directory replacement during agent duplication

APIs

Improvements, deprecations and breaking changes in the API and plugin API have been moved to their respective changelogs - API changelog for 19.9.0 and Plugin API changelog for 19.9.0.

Contributors

Aditya Sood, Akshay Dewan, Ankit Srivastava, Aravind SV, Bhupendrakumar Piprava, Dhanashri Pagar, Ganesh S Patil, Isabelle Carter, Jen Marley, Jyoti Singh, Ketan Padegaonkar, Kiera Radman, Kritika Singh, Louda Peña, Lubaina R, Mahesh Panchaksharaiah, Mansi Shah, Marques Lee, Rajiesh N, Saurabh Mistry, Sebastian Goral, Sheroy Marker, Sneha Patil, Steven Streisguth, Tomasz Setkowski, Varsha Varadarajan, Veerababu Kona, Viraj Patil, Vrushali Waykole

Note

A more comprehensive list of changes for this release can be found here.

Have ideas and want to contribute? Need some help getting started? Search the archives in the GoCD mailing list.

Found a security issue that needs fixing? Please report it to https://hackerone.com/gocd

Please report any issues that you observe on GitHub issues.

New Pipeline Creation Wizard

We have introduced a new simplified pipeline creation wizard as part of our ongoing UI/UX refresh for improving the user experience.

Feedback/ideas are welcome, please open an issue here to add your comments.

Introduce support for latest API version

GoCD’s APIs are versioned. Accessing an API endpoint requires providing a version number as part of the Accept header. GoCD now allows accessing the latest version of an API by omitting the version number in the header. For instance, you can use Accept: application/vnd.go.cd+json instead of Accept: application/vnd.go.cd.v3+json. More information can be found on GitHub issue #6620.

Ability to trigger a stage only if the previous stage has succeeded

Introduced the attribute allowOnlyOnSuccess for approval at stage level. If the attribute is set to true, the stage can be manually triggered only if the previous stage (if there is one) has resulted in success. More information can be found on GitHub issue #6294.

Java 8 and 10 deprecation

Support for Java 8 and 10 will be removed in the next release of GoCD. GoCD installers come with Java Runtime pre-bundled, so users no longer need to install it separately. The removal of Java versions is in line with the Java Licensing Changes we had announced earlier this year in this blog post.

Other Improvements

• Starting this release, Debian Buster (10) based images for GoCD Agent are available.
• 08f7b6e - Slim down the windows installer sizes.
• #6688 - Allow plugins to execute javascript as part of angular plugin view
• #6802 - Add git, hg, svn, p4 version info to support output
• #6826 - Optimized GoCD server and agent docker image size
• #6832 - Synchronize user info with external sources

Bug fixes

• 6731045 - Fixed issue with analytics not loading up if AdBlock is enabled. A new version of analytics plugin has been released. Users will have to update to the same.
• 35021fb - Fix jetty warning on agent connection.
• fc61beb - Fix the DIND image. Now the docker service is started using root user.
• f10025b - On uninstall, cleanup temp dirs that are left behind by server process.
• #5587 - Re-running failed jobs leaves a warning with null exception in the logs
• #6376 - Rerun old stage failing without providing console output
• #6409 - No indication of failure when subsequent stages are run after material config is changed post first stage run
• #6640 - Pipeline pause message is not shown completely on dashboard
• #6682 - Environments Get API does not honor If-None-Match header
• #6727 - Template Authorization API returns 404
• #6815 - Fix for world-writable files in go-agent and go-server packages.
• #6827 - Upgrading GoCD linux packages from 19.7.0 to 19.8.0 overwrites wrapper-properties.conf file
• #6855 - GoCD server emits "Weak cipher suite" warnings on startup
• #6879 - Sync environments when a config repo is deleted
• #6892 - Fixed issue with GoCD installation on Windows

APIs

Improvements, deprecations and breaking changes in the API and plugin API have been moved to their respective changelogs - API changelog for 19.8.0 and Plugin API changelog for 19.8.0.

Contributors

Aditya Sood, Akshay Dewan, Ankit Srivastava, Aravind SV, Bhupendrakumar Piprava, Dhanashri Pagar, Ganesh S Patil, Isabelle Carter, Jen Marley, Jyoti Singh, Ketan Padegaonkar, Kiera Radman, Kritika Singh, Louda Peña, Lubaina R, Mahesh Panchaksharaiah, Mansi Shah, Marques Lee, Naveen Bhaskar, Rajiesh N, Saurabh Mistry, Sheroy Marker, Sneha Patil, Steven Streisguth, Tomasz Setkowski, Varsha Varadarajan, Veerababu Kona, Viraj Patil, Vrushali Waykole

Note

A more comprehensive list of changes for this release can be found here.

Have ideas and want to contribute? Need some help getting started? Search the archives in the GoCD mailing list.

Found a security issue that needs fixing? Please report it to https://hackerone.com/gocd

Please report any issues that you observe on GitHub issues.

Bug Fixes

• #6666 - Fixes issue with GoCD server/agent not automatically starting on a server restart.
• #6674 - Fixes issues with migrating user defined Environment Variables on upgrade to 19.6.0
• #6677 - Disable directory listing for assets directory.
• #6684 - Bring back GO_ENVIRONMENT_NAME environment variable as part of Job Console.
• #6690 - Fixes issue with dependency on sysvinit-tools for RPM distros.
• #6699 - Allow exiting running GoCD docker containers by sending SIGINT ctrl-c signal.

Versions of Java this release of GoCD works with

• Java 8 (Deprecated)
• Java 10 (Deprecated)
• Java 11
• Java 12

Deprecations

• The Elastic Agents plugin extension v4 has been deprecated. This version will be removed in a release scheduled for August 2019. Plugin developers should use version 5 of the plugin API.
• The notification plugin extension version 3 has been deprecated. This version will be removed in an upcoming release. Plugin developers should use version 4 of the notification plugin api.
• The analytics plugin extension version 1 has been deprecated. This version will be removed in an upcoming release. Plugin developers should use version 2 of the analytics plugin api.
• The Get Server Info processor version 1 has been deprecated. This version will be removed in an upcoming release. Plugin developers should use version 2 of the Get Server Info processor.
• The Pipeline config API version 6 has been deprecated. This version will be removed in a release scheduled for Aug 2019. Version 8 of the API is available, and users are encouraged to use it.
• The Config repo API version 1 has been deprecated. This version will be removed in a release scheduled for Aug 2019. Version 2 of the API is available, and users are encouraged to use it.
• Support for Java 8 has been deprecated. The support for the same will be removed in a release scheduled for November 2019.
• The Plugin Info API version 5 has been deprecated. This version will be removed in a release scheduled for Sept 2019. Version 6 of the API is available, and users are encouraged to use it.
• The Pipeline config API version 7 has been deprecated. This version will be removed in a release scheduled for Oct 2019. Version 8 of the API is available, and users are encouraged to use it.
• Unversioned get all materials API has been deprecated in favor of get all materials API v1. This version will be removed in a release scheduled for Oct 2019.

Contributors

Aditya Sood, Akshay Dewan, Ankit Srivastava, Aravind SV, Bhupendrakumar Piprava, Dhanashri Pagar, Ganesh S Patil, Isabelle Carter, Jen Marley, Jyoti Singh, Ketan Padegaonkar, Kiera Radman, Kritika Singh, Louda Peña, Lubaina R, Mahesh Panchaksharaiah, Mansi Shah, Marques Lee, Naveen Bhaskar, Rajiesh N, Saurabh Mistry, Sheroy Marker, Steven Streisguth, Tomasz Setkowski, Varsha Varadarajan, Viraj Patil, Vrushali Waykole

Note

A more comprehensive list of changes for this release can be found here.

Have ideas and want to contribute? Need some help getting started? Search the archives in the GoCD mailing list.

Found a security issue that needs fixing? Please report it to https://hackerone.com/gocd

Please report any issues that you observe on GitHub issues.

Secrets Management

We have enhanced support for managing secrets in GoCD. GoCD now provides an ability to refer to secrets defined in an external Secret Manager. With this, apart from referring to secrets, users can manage permissions for these secrets and rotate them without any changes to GoCD configuration.

Support for Secrets Management is provided using plugins. We have introduced a new secrets extension using which plugin authors can write a plugin to support a Secret Manager of their choice. We have built a File based Secret Management plugin which is bundled along with GoCD.

Please refer to the Secret Management Documentation for more information.

GoCD Installer Changes

There is some variation in how GoCD server and agents across multiple different operating systems and installer types need to be managed by system admins. To reduce the maintenance overhead and cognitive load, all the installers have undergone varying degrees of changes.

Running Dockerized GoCD Containers as Non Root

Starting from this release, GoCD containers run as non-root user, by default. The Dockerized GoCD application will run as go:root (uid:1000, gid:0) user instead of running as root:root (uid:0, gid:0). For more information, checkout Running Dockerized GoCD Containers as Non Root blog post.

Simpler HTTP authentication for agent-server communication

Historically, GoCD agent server communication required SSL/TLS mutual authentication using X509 certificates. GoCD version 19.6 disables mutual TLS by default. This will allow GoCD administrators to terminate agent-server communication at load balancers or reverse proxies.

To turn on the old behavior and enable mutual TLS, set the environment variable GO_USE_TOKEN_AUTH to false.

Versions of Java this release of GoCD works with

• Java 8 (Deprecated)
• Java 10 (Deprecated)
• Java 11
• Java 12

API Improvements

• #6061 - Introduced version 1 of Secret Config API.
• #6231 - Introduced version 6 of Plugin Info API.
• #6287 - Introduced version 8 of pipeline config API.
• #6618 - Introduced version 1 of backup config API.
• #6324 - Introduced version 1 of Materials API.

Other Improvements

• Starting this release, Alpine 3.10 based docker images for GoCD Agent are available.
• #6567 - Order pipeline group names in alphabetical order when cloning a pipeline.
• #6225 - Introduce stage building animation on dashboard.
• #6471 - Display pipelines and environments defined by config repository.
• #6423 - Collect Metrics for Trial XP in GoCD as part of GoCD data sharing.

Security

We regularly fix security issues reported by security researchers. Upgrading to the latest release is always recommended. In this release, a security issue responsibly disclosed by Heinrich was fixed.

Bug fixes

• #6628 - Fix internal server error on consuming Packages Index API.
• #6630 - Fix internal server error on consuming Package Repositories Index API.
• #6615 - Fix Job requiring elastic agent starves forever in case of multiple reschedule.
• #6468 - Shouldn't allow to save pipeline config with empty template.
• #6328 - Cancel the scheduled elastic agent jobs on GoCD upgrade from version prior to 19.3.0.
• #6565 - Show spinner in modal when performing save/update.
• #6547 - Update footer banner message when server is in maintenance mode.
• #6017 - Improved error messages in APIs consuming environment variables.
• #6350 - Show Raw console logs of a building job.
• 2ad7510 - fixed subversion SASL auth error when subversion material use the svn protocol.

New Deprecations

• The Plugin Info API version 5 has been deprecated. This version will be removed in a release scheduled for Sept 2019. Version 6 of the API is available, and users are encouraged to use it.
• The Pipeline config API version 7 has been deprecated. This version will be removed in a release scheduled for Oct 2019. Version 8 of the API is available, and users are encouraged to use it.
• Unversioned get all materials API has been deprecated in favor of get all materials API v1. This version will be removed in a release scheduled for Oct 2019.

Deprecations

• The Elastic Agents plugin extension v4 has been deprecated. This version will be removed in a release scheduled for August 2019. Plugin developers should use version 5 of the plugin API.
• The notification plugin extension version 3 has been deprecated. This version will be removed in an upcoming release. Plugin developers should use version 4 of the notification plugin api.
• The analytics plugin extension version 1 has been deprecated. This version will be removed in an upcoming release. Plugin developers should use version 2 of the analytics plugin api.
• The Get Server Info processor version 1 has been deprecated. This version will be removed in an upcoming release. Plugin developers should use version 2 of the Get Server Info processor.
• The Pipeline config API version 6 has been deprecated. This version will be removed in a release scheduled for Aug 2019. Version 8 of the API is available, and users are encouraged to use it.
• The Config repo API version 1 has been deprecated. This version will be removed in a release scheduled for Aug 2019. Version 2 of the API is available, and users are encouraged to use it.
• Support for Java 8 has been deprecated. The support for the same will be removed in a release scheduled for November 2019.

Breaking Changes

• The Fedora 28 based docker image for GoCD Agent has been removed. Fedora 28 has reached end-of-life in June 2019. Please use an image based on a newer version of the Fedora.
• The Stage History unversioned API has been removed. Version 1 of the API is available, and users are encouraged to use it.
• The Plugin Info API version 4 has been removed. Version 6 of the API is available, and users are encouraged to use it.

Contributors

Aditya Sood, Akshay Dewan, Ankit Srivastava, Aravind SV, Bhupendrakumar Piprava, Chandrakanth Nagaraj, Dhanashri Pagar, Ganesh S Patil, Huimin Li, Isabelle Carter, Jen Marley, Jyoti Singh, Ketan Padegaonkar, Kiera Radman, Kritika Singh, Louda Peña, Lubaina R, Mahesh Panchaksharaiah, Mansi Shah, Marques Lee, Naveen Bhaskar, Rajiesh N, Saurabh Mistry, Sheroy Marker, Steven Streisguth, Tomasz Setkowski, Varsha Varadarajan, Viraj Patil, Vrushali Waykole

Note

A more comprehensive list of changes for this release can be found here.

Have ideas and want to contribute? Need some help getting started? Search the archives in the GoCD mailing list.

Found a security issue that needs fixing? Please report it to https://hackerone.com/gocd

Please report any issues that you observe on GitHub issues.

Replacing X.509 with simpler HTTPs token-based authentication for Agent-Server Communication - Beta feature

This is a beta feature: agent-server commnication can be toggled to use token-based authentication instead of self-signed X.509 certificates from the GoCD server. To enable token-based auth, set the environment variable GO_USE_TOKEN_AUTH on the GoCD agent to true.

With token-based authentication enabled, agents can use load balancers or reverse proxy DNS names and not GoCD server DNS/IP. It is also not required to expose port 8154 on the GoCD server. TLS termination can happen at the reverse proxy instead.

Other Improvements

• #6299 - A new request has been added to the plugin API endpoint to allow elastic agent plugins to log messages to the job console.

Bug fixes

• #6295 - Improved errors UI in Config Repo.
• #5667 - Do not validate plugin properties while deleting a plugin profile entity.
• #6278 - All rails APIs return strong Etag.
• #6337 - Start Docker deamon process for dind image.
• #6325 - Supress warnings thrown in server logs when a user visits job console of jobs either not assigned or not started writing to console.

Versions of Java this release of GoCD works with

• Java 8 (Deprecated)
• Java 10 (Deprecated)
• Java 11
• Java 12

Please refer to this blog post for GoCD official stance on supported Java versions.

Deprecations

• The notification plugin extension version 3 has been deprecated. This version will be removed in an upcoming release. Plugin developers should use version 4 of the notification plugin api.
• The analytics plugin extension version 1 has been deprecated. This version will be removed in an upcoming release. Plugin developers should use version 2 of the analytics plugin api.
• The Get Server Info processor version 1 has been deprecated. This version will be removed in an upcoming release. Plugin developers should use version 2 of the Get Server Info processor.
• Unversioned get stage history API has been deprecated in favor of get stage history API v1. This version will be removed in a release scheduled for July 2019.
• The Plugin Info API version 4 has been deprecated. This version will be removed in a release scheduled for July 2019. Version 5 of the API is available, and users are encouraged to use it.

Breaking Changes

• The Dashboard API version 2 has been removed. Version 3 of the API is available, and users are encouraged to use it.
• The Fedora 28 based docker image for GoCD Agent has been removed. Fedora 28 has reached end-of-life in June 2019. Please use an image based on a newer version of the Fedora.

Contributors

Aditya Sood, Akshay Dewan, Ankit Srivastava, Aravind SV, Bhupendrakumar Piprava, Dhanashri Pagar, Ganesh S Patil, Huimin Li, Isabelle Carter, Jen Marley, Ketan Padegaonkar, Kiera Radman, Kritika Singh, Louda Peña, Lubaina R, Mahesh Panchaksharaiah, Mansi Shah, Marques Lee, Naveen Bhaskar, Rajiesh N, Saurabh Mistry, Sheroy Marker, Steven Streisguth, Tomasz Setkowski, Varsha Varadarajan, Viraj Patil, Vrushali Waykole

Note

A more comprehensive list of changes for this release can be found here.

Have ideas and want to contribute? Need some help getting started? Search the archives in the GoCD mailing list.

Found a security issue that needs fixing? Please report it to https://hackerone.com/gocd

Please report any issues that you observe on GitHub issues.

Improved Git and Mercurial material configurations

Introduced username and password (or encryptedPassword) attributes on Git and Mercurial materials. Users can now use these fields to setup credentials in a secure manner, instead of putting credentials in the URL. The YAML, JSON and Groovy config repo plugins have been updated to allow these additional fields on material definitions.

Users can also utilize the newly introduced branch attribute on Mercurial materials to specify the branch instead of specifying in the URL.

Introduced support for Java 12

Starting this release, GoCD has now added support for Java 12. All the docker images and installers for Windows and OSX are bundled with a supported version of Java (not necessarily 12).

Please refer to this blog post for our official stance on supported Java versions going forward.

Versions of Java this release of GoCD works with

• Java 8 (Deprecated)
• Java 10 (Deprecated)
• Java 11
• Java 12

API Improvements

• #6218 - Introduced version 7 of pipeline config API.
• #6220 - Introduced version 2 of config repo API.

Other Improvements

• Starting this release, Fedora 30 based docker images for GoCD Agent are available.
• #6131 - Show the affected pipelines in Server Health Messages when material update fails.
• #6245 - Remove redundant pluginId attribute from agentProfile tag.
• #5923 - Improve logging for Access Token API requests.

Bug fixes

• #6216 - Fix encryption API to honour "go.encryption.api.max.requests" system property.
• #6030 - Modification check failed for material for pipelines that polling is disabled and or are paused.
• #6143 - Config Save successfully completes without updating the changes.
• #6304 - Allow editing pipelines, agents and env vars for environment with special characters in name.
• #6228 - Personal access tokens taking too long to generate.
• #6030 - Server health message noise for disabled or paused pipelines with failed modification checks
• A security fix regarding GoCD cruise-config.xml save has been identified and fixed in the current release. Users are advised to update their GoCD servers to the latest version.

New Deprecations

• The Pipeline config API version 6 has been deprecated. This version will be removed in a release scheduled for Aug 2019. Version 7 of the API is available, and users are encouraged to use it.
• The Config repo API version 1 has been deprecated. This version will be removed in a release scheduled for Aug 2019. Version 2 of the API is available, and users are encouraged to use it.
• Support for Java 8 and Java 10 has been deprecated. The support for the same will be removed in a release scheduled for September 2019.

Deprecations

• The notification plugin extension version 3 has been deprecated. This version will be removed in an upcoming release. Plugin developers should use version 4 of the notification plugin api.
• The analytics plugin extension version 1 has been deprecated. This version will be removed in an upcoming release. Plugin developers should use version 2 of the analytics plugin api.
• The Get Server Info processor version 1 has been deprecated. This version will be removed in an upcoming release. Plugin developers should use version 2 of the Get Server Info processor.
• Unversioned get stage history API has been deprecated in favor of get stage history API v1. This version will be removed in a release scheduled for July 2019.
• The Dashboard API version 2 has been deprecated. This version will be removed in a release scheduled for June 2019. Version 3 of the API is available, and users are encouraged to use it.
• The Plugin Info API version 4 has been deprecated. This version will be removed in a release scheduled for July 2019. Version 5 of the API is available, and users are encouraged to use it.
• The Fedora 28 based docker image for GoCD Agent has been deprecated and will not be built after June 2019 release of GoCD. This will be done as Fedora 28 will reach end-of-life in June 2019.

Breaking Changes

• TFS workspace location on GoCD agents has been changed to be a server workspace, rather than a local workspace. See: #5427 - for more information. This can affect users who use TFS materials.
• The Alpine 3.6 based docker image for GoCD Agent has been removed. Alpine 3.6 has reached end-of-life in May 2019. Please use an image based on a newer version of the Alpine.

Contributors

Aditya Sood, Akshay Dewan, Ankit Srivastava, Aravind SV, Bhupendrakumar Piprava, Chandrakanth Nagaraj, Dhanashri Pagar, Ganesh S Patil, Huimin Li, Isabelle Carter, Jen Marley, Jyoti Singh, Ketan Padegaonkar, Kiera Radman, Kritika Singh, Louda Peña, Lubaina R, Mahesh Panchaksharaiah, Mansi Shah, Marques Lee, Naveen Bhaskar, Prateek Baheti, Rahul Pargaonkar, Rajiesh N, Sheroy Marker, Steven Streisguth, Tomasz Setkowski, Varsha Varadarajan, Viraj Patil, Vishal Devgire, Vrushali Waykole

Note

A more comprehensive list of changes for this release can be found here.

Have ideas and want to contribute? Need some help getting started? Search the archives in the GoCD mailing list.

Found a security issue that needs fixing? Please report it to https://hackerone.com/gocd

Please report any issues that you observe on GitHub issues.

Multi-cluster support for Elastic Agent

Now elastic agent can be created in different cluster based on the cluster profile. Elastic Profiles SPA is updated to reflect cluster profiles and elastic agent profiles.

To know more about about Cluster Profiles click here.

Introduced elastic agent extension v5 to support cluster profiles. For more info refer Elastic Agent Plugin Endpoint documentation.

Improved Backup SPA

SPA is updated to show real-time progress of your GoCD server backup.

API Improvements

• #5781 - Introduced version 2 of Backup API.
• #6007 - Introduced version 5 of Plugin Info API.
• #5983 - Introduced version 2 of Elastic Agent Profiles API.
• #5938 - Introduced version 1 of Cluster Profiles API.
• #5620 - Introduced version 1 of Stage History API.
• #5886 - Introduced version 5 of Agents API.

Other Improvements

• #6036 - Improvements to the user management page.
• #2123 - Git shallow clone will also apply to submodules.
• #6190 - Improved login page design and added a logout page.
• #5885 - Provided an option to create pipeline within a group from dashboard.
• #5978 - Added webhook endpoint for hosted bitbucket servers.
• #6043 - Allow reordering of pipelines from config repositories. This adds an optional display_order property for pipelines defined in config repositories, which allow you to order pipelines.
• Improve consistency of some error messages generated by GoCD server.
• macOS installers will no longer ship as osx .app files. The installers now ship as a zip file, with a shell script. We believe this provides much better flexibility and allows users to run the GoCD agent and server in a location of their choice.

Bug fixes

• #5956 - Fixed issue with environments API incorrectly rendering encrypted variables as ****** instead of the correct encrypted value.
• #5886 - Do not allow assigning an agent to an environment defined in config repository environment.
• #5968 - Fix spurious e.map is not a function javascript error for notifications.
• #5974 - Unable to expand/collapse environments with name containing special characters.
• #5962 - GoCD shows HTTP Basic Auth dialog when after user is logged out.
• #6011 - Fix errors with parsing git log when coloring is turned on using .gitconfig.
• #5967 - Environments api will accept either encrypted_value or value.
• #3635 - GoCD can update git submodules if a custom name is provided for one.
• #5973 - Fixed issue with expanding environment panel with name containing special characters

New Deprecations

• The Elastic Agents plugin extension v4 has been deprecated. This version will be removed in a release scheduled for August 2019. Plugin developers should use version 5 of the plugin API.

Deprecations

• The notification plugin extension version 3 has been deprecated. This version will be removed in an upcoming release. Plugin developers should use version 4 of the notification plugin api.
• The analytics plugin extension version 1 has been deprecated. This version will be removed in an upcoming release. Plugin developers should use version 2 of the analytics plugin api.
• The Get Server Info processor version 1 has been deprecated. This version will be removed in an upcoming release. Plugin developers should use version 2 of the Get Server Info processor.
• Unversioned get stage history API has been deprecated in favor of get stage history API v1. This version will be removed in a release scheduled for July 2019.
• The Dashboard API version 2 has been deprecated. This version will be removed in a release scheduled for June 2019. Version 3 of the API is available, and users are encouraged to use it.
• The Plugin Info API version 4 has been deprecated. This version will be removed in a release scheduled for July 2019. Version 5 of the API is available, and users are encouraged to use it.
• The Alpine 3.6 based docker image for GoCD Agent has been deprecated and will not be built after May 2019 release of GoCD. This will be done as Alpine 3.6 will reach end-of-life in May 2019.
• The Fedora 28 based docker image for GoCD Agent has been deprecated and will not be built after June 2019 release of GoCD. This will be done as Fedora 28 will reach end-of-life in June 2019.

Breaking Changes

• The Elastic Agent Profiles API version 1 has been removed. Version 2 of the API is available, and users are encouraged to use it. With the introduction of support for clusters all Elastic Agent Profiles need to be associated with a cluster. Since version 1 of the API does not support clusters, as an exception this API had to be removed without deprecation.
• The Dashboard API version 1 has been removed. Version 3 of the API is available, and users are encouraged to use it.
• The System Admins API version 1 has been removed. Version 2 of the API is available, and users are encouraged to use it.
• The Roles API version 1 has been removed. Version 2 of the API is available, and users are encouraged to use it.
• The Users API version 2 has been removed. Version 3 of the API is available, and users are encouraged to use it.
• Unversioned Get Stage Instance API has been removed in favor of Get Stage Instance API v1.
• The Ubuntu 14.04 based docker image for GoCD Agent has been removed. Ubuntu 14.04 has reached end-of-life in April 2019. Please use an image based on a newer version of the Ubuntu.
• The elastic agent plugin extension version 3 has been removed. Plugin developers should use version 4 of the elastic agent plugin api to allow adding support for job completion request. Users should upgrade their plugins to the latest version to see these new features.
• GoCD will now require minimum git version 1.9. This has been done to improve support for cloning git submodules.
• For Pipelines using git materials, ignored files will also be cleaned from the working directory. The command has been changed to git clean -dffx instead of git clean -dff.

Contributors

Aditya Sood, Akshay Dewan, Ankit Srivastava, Aravind SV, Bhupendrakumar Piprava, Chandrakanth Nagaraj, Dhanashri Pagar, Ganesh S Patil, Huimin Li, Isabelle Carter, Jen Marley, Jyoti Singh, Ketan Padegaonkar, Ketan Sangle, Kiera Radman, Kritika Singh, Louda Peña, Lubaina R, Mahesh Panchaksharaiah, Mansi Shah, Marques Lee, Naveen Bhaskar, Prateek Baheti, Rahul Pargaonkar, Rajiesh N, Sandro Heinzelmann, Sheroy Marker, Steven Streisguth, Tomasz Setkowski, Varsha Varadarajan, Viraj Patil, Vishal Devgire, Vrushali Waykole

Note

A more comprehensive list of changes for this release can be found here.

Have ideas and want to contribute? Need some help getting started? Search the archives in the GoCD mailing list.

Found a security issue that needs fixing? Please report it to https://hackerone.com/gocd

Please report any issues that you observe on GitHub issues.

Access Tokens

We have introduced support for personal access tokens. GoCD users can now generate tokens through the application or the Access Token API and use them to access the GoCD APIs rather than passing their username & password. The tokens inherit the privileges of the user who created them.

Personal Access Token:

Access Token Management

To know more about about Access Tokens click here.

Github Oauth, GitLab Oauth and LDAP authorization plugins are migrated to authorization extension v2 to support access token based authentication for APIs. Please provide feedback/ideas by opening a GitHub issue on respective repository.

Google Oauth plugin is upgraded to use authorization extension v2 however it does not have support for access token based API authentication.

Improved pipeline pause information

Paused pipelines now show the time at which they were paused, along with the reason for pausing.

New User Management Page

We have rewritten the User summary page, now known as User Management, to improve the user experience. Please provide feedback / ideas by opening a GitHub issue

Config Repo Improvements

• b2c6384 - Reparse and merge ConfigRepos on any change in Config Repo configuration. (#5792)
• ed02069 - Allow users to configure empty secure environment variables.
• 738f763 - Better error messages on Config Repo SPA in case of invalid ID.
• d9d3c0a - Expand the Config Repo panels that are in an error state. (#5650)
• #5756 - Added support to add global SCMs through config repo.
• #5579 - Introduced Config Repo preflight API v1 endpoint.

API Improvements

• #5354 - Introduced v1 of Personal Access Tokens.
• Introduced v3 of Dashboard API

Authorization extension version 2

• 32cfcc5 - Introduced Authorization Extension version 2.

Other Improvements

• 3317123 - Show maintenance mode updated by timestamp along with date. (#5786)
• 2b64f3f - Better error messages on plugins page when an installed plugin is incompatible with the GoCD server. (#5614)
• 6a560ee - Display pause timestamp on the dashboard when a pipeline is paused. (#5719)
• 2665b54 - Show agents assigned to environments via config repository. (#5761)
• 3317123 - Added time stamp for the last triggered maintenance mode. (#5786)

Bug fixes

• 9a1eaf3 - Do not remove MaterialHealthStateScope for Config Repo materials. (#5651)
• ba49547 - Disable job settings link for pipelines defined in Config Repo on elastic profiles page. (#5604)
• 3f2fc49 - Made status report button state on elastic profiles page consistent with the status report button on plugins page. (#5776)
• 6c4da91 - Fixed environments api version 2 etag generation issue. (#5807)
• 38e68d0 - Render console log containing new line character ("\n"). (#5037)
• #5705 - Fix for high CPU usage on console logs/tests page.
• #5897 - Killing agent via stop command honors the process ID.
• #5788 - Fixed back button navigation on dashboard.

New Deprecations

• The Fedora 28 based docker image for gocd agent has been deprecated and will not be built after June 2019 release of GoCD. This will be done as Fedora 28 will reach end-of-life in June 2019.
• The Dashboard API v2 has been deprecated. This version of the API will be removed in a release scheduled for June 2019. Version 3 of the API is available, and users are encouraged to use it.

Deprecations

• The elastic agent plugin extension version 3 has been deprecated. This version will be removed in a release scheduled for Mar 2019. Plugin developers should use version 4 of the elastic agent plugin api to allow adding support for job completion request. The docker, docker swarm, kubernetes and ecs plugins have been migrated to the new versions, and users should upgrade their plugins to the latest version to see these new features.
• The notification plugin extension version 3 has been deprecated. This version will be removed in a release scheduled for Mar 2019. Plugin developers should use version 4 of the notification plugin api.
• The analytics plugin extension version 1 has been deprecated. This version will be removed in a release scheduled for Mar 2019. Plugin developers should use version 2 of the analytics plugin api.
• The Get Server Info processor version 1 has been deprecated. This version will be removed in a release scheduled for April 2019. Plugin developers should use version 2 of the Get Server Info processor.
• The Dashboard API v1 has been deprecated. This version of the API will be removed in a release scheduled for March 2019. Version 2 of the API is available, and users are encouraged to use it.
• Unversioned Get Stage Instance API has been deprecated in favor of Get Stage Instance API v1. This version will be removed in a release scheduled for April 2019.
• The Users API v2 has been deprecated. This version of the API will be removed in a release scheduled for April 2019. Version 3 of the API is available, and users are encouraged to use it.
• The System Admins API v1 has been deprecated. This version of the API will be removed in a release scheduled for April 2019. Version 2 of the API is available, and users are encouraged to use it.
• The Roles API v1 has been deprecated. This version of the API will be removed in a release scheduled for April 2019. Version 2 of the API is available, and users are encouraged to use it.
• The Ubuntu 14.04 based docker image for gocd agent has been deprecated and will not be built after April 2019 release of GoCD. This will be done as Ubuntu 14.04 will reach end-of-life in April 2019.
• The Alpine 3.6 based docker image for gocd agent has been deprecated and will not be built after May 2019 release of GoCD. This will be done as Alpine 3.6 will reach end-of-life in May 2019.

Breaking Changes

• f12cbf3 - Remove the pipeline quick edit SPA.
• 74e4e3c - Support for DES was deprecated as part of 18.7.0 release in favor of AES. The support for DES is removed as part of this release. Users who have defined encrypted values in their configuration repositories should update them to use AES encryption. (#5646)

Contributors

Aditya Sood, Akshay Dewan, Ankit Srivastava, Aravind SV, Bhupendrakumar Piprava, Chandrakanth Nagaraj, Ganesh S Patil, Huimin Li, Isabelle Carter, Jen Marley, Jyoti Singh, Ketan Padegaonkar, Kiera Radman, Kritika Singh, Louda Peña, Lubaina R, Mahesh Panchaksharaiah, Mansi Shah, Marques Lee, Naveen Bhaskar, Prateek Baheti, Rahul Pargaonkar, Rajiesh N, Sanjana Bayya, Sheroy Marker, Steven Streisguth, Tomasz Setkowski, Varsha Varadarajan, Vishal Devgire, Vrushali Waykole

Note

A more comprehensive list of changes for this release can be found here.

Have ideas and want to contribute? Need some help getting started? Search the archives in the GoCD mailing list.

Found a security issue that needs fixing? Please report it to https://hackerone.com/gocd

Please report any issues that you observe on GitHub issues.

GoCD Maintenance mode

GoCD maintenance mode can be utilized by the GoCD system administrator to safely restart or upgrade the GoCD server without having any running jobs reschedule when the server is back up. Initiating maintenance mode will cause various sub-systems of GoCD to stop working making sure server is not performing any operation.

To know more about about GoCD Maintenance Mode click here.

Improved Pipeline as Code experience.

Continuing on the road towards improving GoCD's pipelines as code / config repositories experience, this release introduces the ability to export a GoCD pipeline to a format which can be used by the config repository plugins (for instance, YAML or JSON plugins). You can then check in these pipeline definitions to a repository and remove them from GoCD's config.

More improvements to this feature are in pipeline. Add your feedback or suggestions here

• 45aab5e - Show validation errors on config repo SPA. (#5711)

• 6c88929 - Performance improvement to loading multiple Config Repos on server restart. (#5663)

API Improvements

• #5619 - Introduce v1 of Stage Instance.
• #5665 - Introduced v2 of Roles.
• #5661 - Introduce v2 of System Admins.
• #5558 - Introduced v3 of Users.

Plugin API improvements

• b851373 - Adding Server version information in v2 ServerInfoProcessor. (#5686)

Other Improvements

• d6f7b49 - Allow user to override server keystore password using system environment. (#5592)
• 51919ab - Set extra properties for the agent, from server. (#5666)
• 143054f - Plugin Info request processor versioning. (#5654)
• 792ae61 - Show cancelled by on the dashboard on hovering over a stage. (#5683)
• a06b497 - Improved performance of Envrionments API. (#5698)

Bug fixes

• 9a1eaf3 - Do not remove MaterialHealthStateScope for config repo materials. (#5651)
• 773b68d - Fix for header issue on edit pipeline. (#5596)
• e6fd8f7 - Show error on delete when artifact store is referred in pipelines. (#5634)
• 90e2523 - Plugin settings modal show save failure error. (#5645)
• ee08190 - Decrease z-index to make admin menu render on top of console controls. (#5659)
• a9812de - Toggle TFS workspace location on agent. (#5427)
• c647a96 - Artifact store delete message was not visible on error.
• 70f9448 - Updated clone auth config message to use newly created auth config id.

Deprecations

• The elastic agent plugin extension version 3 has been deprecated. This version will be removed in a release scheduled for Mar 2019. Plugin developers should use version 4 of the elastic agent plugin api to allow adding support for job completion request. The docker, docker swarm, kubernetes and ecs plugins have been migrated to the new versions, and users should upgrade their plugins to the latest version to see these new features.
• The notification plugin extension version 3 has been deprecated. This version will be removed in a release scheduled for Mar 2019. Plugin developers should use version 4 of the notification plugin api.
• The analytics plugin extension version 1 has been deprecated. This version will be removed in a release scheduled for Mar 2019. Plugin developers should use version 2 of the analytics plugin api.
• The Get Server Info processor version 1 has been deprecated. This version will be removed in a release scheduled for April 2019. Plugin developers should use version 2 of the Get Server Info processor.
• The Dashboard API v1 has been deprecated. This version of the API will be removed in a release scheduled for March 2019. Version 2 of the API is available, and users are encouraged to use it.
• Unversioned Get Stage Instance API has been deprecated in favor of Get Stage Instance API v1. This version will be removed in a release scheduled for April 2019.
• The Users API v2 has been deprecated. This version of the API will be removed in a release scheduled for April 2019. Version 3 of the API is available, and users are encouraged to use it.
• The System Admins API v1 has been deprecated. This version of the API will be removed in a release scheduled for April 2019. Version 2 of the API is available, and users are encouraged to use it.
• The Roles API v1 has been deprecated. This version of the API will be removed in a release scheduled for April 2019. Version 2 of the API is available, and users are encouraged to use it.
• The Ubuntu 14.04 based docker image for gocd agent has been deprecated and will not be built after April 2019 release of GoCD. This will be done as Ubuntu 14.04 will reach end-of-life in April 2019.
• The Alpine 3.6 based docker image for gocd agent has been deprecated and will not be built after May 2019 release of GoCD. This will be done as Alpine 3.6 will reach end-of-life in May 2019.

Breaking Changes

• f12cbf3 - Remove the pipeline quick edit spa.
• 74e4e3c - Support for DES was deprecated as part of 18.7.0 release in favor of AES.The support for DES is removed as part of this release. Users who have defined encrypted values in their configuration repositories should update them to use AES encryption. (#5646)

Contributors

Aditya Sood, Akshay Dewan, Ankit Srivastava, Aravind SV, Bhupendrakumar Piprava, Chandrakanth Nagaraj, Eric Cheung, Ganesh S Patil, Huimin Li, Isabelle Carter, Jen Marley, Jyoti Singh, Ketan Padegaonkar, Kiera Radman, Kritika Singh, Louda Peña, Lubaina R, Mahesh Panchaksharaiah, Mansi Shah, Marques Lee, Naveen Bhaskar, Prateek Baheti, Rahul Pargaonkar, Rajiesh N, Sanjana Bayya, Sheroy Marker, Steven Streisguth, Tomasz Setkowski, Varsha Varadarajan, Vishal Devgire, Vrushali Waykole

Note

A more comprehensive list of changes for this release can be found here.

Have ideas and want to contribute? Need some help getting started? Search the archives in the GoCD mailing list.

Found a security issue that needs fixing? Please report it to https://hackerone.com/gocd

Please report any issues that you observe on GitHub issues.

Manage Config Repositories through UI

We have added a new Config Repositories page. This page lists existing config repos and allows CRUD (Create-Read-Update-Delete) operations for a config repo. This page has the ability to show errors and allows users to force a check of the repository.

UI/UX Improvements

The Elastic agent profiles page now provides the ability to view jobs configured for an elastic profile.

Admin Menu has been improved for better accessibility.

Other Improvements

• 0a15ede - Performance improvement to loading multiple Config Repos on server restart. (#5010)
• df76be9 - GoCD Admins can now configure the server to set HSTS header as part of HTTPs response. (#5557) Refer docs for configuring the header.

API Improvements

• Introduce V2 of Dashboard API.

Security

We regularly fix security issues reported by security researchers. Upgrading to the latest release is always recommended. In this release, a security issue responsibly disclosed by Jake and Imran Siddiqui was fixed.

Bug fixes

• cb9ab57 - Fixed an issue where the first personalization tab showed all pipelines on page load. (#5512)
• bbeebad - Fix for email notification not sent on job cancellation due to timeout. (#5370)
• 0efb7d0 - Allow javascript to be executed in the plugin settings modal. (#4797)
• b00b026 - Fixed links pointing to pipeline dependency graph. (#5535)

Installer Changes

• OSX installers are now bundled with adoptopenjdk JRE 8, commit 6814d48 - fixes an issue with Server and Agent not working on JRE >=9. (#3934)

• Support for Java 11 was introduced in 18.10.0. Windows installers have been changed to bundle with OpenJDK 11.

Deprecations

• With the introduction of AES for encryption/decryption in release 18.7.0, we are deprecating support for DES. Support for DES is retained to support DES cipher-texts configured in config-repos and will be available till the last release of GoCD for the year 2018. The Encryption API is updated to return a AES cipher-text, users are encouraged to update their DES cipher-texts in config-repos using this API.
• The elastic agent plugin extension version 3 has been deprecated. This version will be removed in a release scheduled for Mar 2019. Plugin developers should use version 4 of the elastic agent plugin api to allow adding support for job completion request. The docker, docker swarm, kubernetes and ecs plugins have been migrated to the new versions, and users should upgrade their plugins to the latest version to see these new features.
• The notification plugin extension version 3 has been deprecated. This version will be removed in a release scheduled for Mar 2019. Plugin developers should use version 4 of the notification plugin api.
• The analytics plugin extension version 1 has been deprecated. This version will be removed in a release scheduled for Mar 2019. Plugin developers should use version 2 of the analytics plugin api.
• The Dashboard API v1 has been deprecated in this release. This version of the API will be removed in a release scheduled for March 2019. Version 2 of the API is available, and users are encouraged to use it.

Breaking Changes

• Windows installers are now bundled with OpenJDK 11. In absence of 32 bit JDK distributions from OpenJDK we have stopped providing 32 bit windows installers from this release.
• With this release there will be limited support for IE11. Visual bugs can be expected on this browser.

Contributors

Aditya Sood, Akshay Dewan, Ankit Srivastava, Aravind SV, Armin G Jazi, Bhupendrakumar Piprava, Chandrakanth Nagaraj, Ganesh S Patil, Huimin Li, Isabelle Carter, Jen Marley, Jyoti Singh, Ketan Padegaonkar, Kiera Radman, Kritika Singh, Louda Peña, Lubaina R, Mahesh Panchaksharaiah, Marques Lee, Naveen Bhaskar, Pranav Bansod, Rahul Pargaonkar, Rajiesh N, Sana Jahan, Steven Streisguth, Tomasz Setkowski, Varsha Varadarajan, Vishal Devgire, Vrushali Waykole

Note

A more comprehensive list of changes for this release can be found here.

Have ideas and want to contribute? Need some help getting started? Search the archives in the GoCD mailing list.

Found a security issue that needs fixing? Please report it to https://hackerone.com/gocd

Please report any issues that you observe on GitHub issues.

Improvements

• 7203cb3 - Allow artifact plugins to introduce new environment variables to be used by subsequent tasks. (#5188)

Performance Improvements

• In this release, users with ~100 or above agents will see a significant performance improvement on the agents page and when invoking the agents API. In 18.10, due to upgrading some libraries to support Java 9 (and beyond) there were some performance regressions with the agents page (and the agents API).
• 451cef0 - Improve performance of some pipeline lookups in the database by removing a cast operation.
• dcf69b0 - Do not lookup pipelines by both label and counter, prefer a counter. (#5256)
• f0d1a6e - Use byte arrays (instead of strings) to represent the config XML. This improves performance of some of the admin pages and also quickly renders large configuration XML.

New APIs

Introduced APIs to

• Run/rerun a stage.
• Run failed jobs in a stage
• Run selected jobs in a stage

Bug fixes

• ad87a7c - Ensure that the GoCD server health check API returns an HTTP 200 OK status code when backup is in progress. (#5416)
• 69e4b39 - Render the dashboard again after backup is completed. (#5391)
• 98853a2 - Fix a NullPointerException in the logs when a pipeline that is building is removed from the config file.
• aabbf06 - Fix 500 server error when calling pipeline config API by ensuring that the default artifact directory is not null. (#5342)
• 6fddce6 - Prevent console logs of cancelled jobs running on elastic agents from being lost. (#5325)
• e95e88b - Agent will ensure that plugins are loaded before performing any jobs. (#5169)
• 49d7413 - Do not send email notification if user account is disabled. (#5277)
• 13be966 - Re-enable pipeline operation buttons on dashboard if pipeline trigger fails. (#5153)

Docker Images

We have added support for the GoCD agents for Fedora-28 and Fedora-29.

Deprecations

• With the introduction of AES for encryption/decryption in release 18.7.0, we are deprecating support for DES. Support for DES is retained to support DES cipher-texts configured in config-repos and will be available till the last release of GoCD for the year 2018. The Encryption API is updated to return an AES cipher-text and users are encouraged to update their DES cipher-texts in config-repos using this API.
• The elastic agent plugin extension version 3 has been deprecated. This version will be removed in a release scheduled for Mar 2019. Plugin developers should use version 4 of the elastic agent plugin api to allow adding support for job completion request. The docker, docker swarm, kubernetes and ecs plugins have been migrated to the new versions, and users should upgrade their plugins to the latest version to see these new features.
• The notification plugin extension version 3 has been deprecated. This version will be removed in a release scheduled for Mar 2019. Plugin developers should use version 4 of the notification plugin api.
• The analytics plugin extension version 1 has been deprecated. This version will be removed in a release scheduled for Mar 2019. Plugin developers should use version 2 of the analytics plugin api.

Breaking Changes

• The alpine 3.5 based docker image for GoCD agent has been removed since alpine 3.5 has reached end of life.
• The Template Config API v3 has been removed. Version 4 of the API is available, and users are encouraged to use it.
• The Pipeline Config API v5 has been removed. Version 6 of the API is available, and users are encouraged to use it.
• The Feeds API for getting a Stage no longer supports the pipeline_label URL parameter. Users should use the pipeline_counter parameter instead.

Contributors

Aditya Sood, Akshay Dewan, Ankit Srivastava, Aravind SV, Bhupendrakumar Piprava, Chandrakanth Nagaraj, Ganesh S Patil, Huimin Li, Isabelle Carter, Jen Marley, Jyoti Singh, Ketan Padegaonkar, Kiera Radman, Louda Peña, Lubaina R, Mahesh Panchaksharaiah, Marques Lee, Naveen Bhaskar, Pranav Bansod, Rahul Pargaonkar, Rajiesh N, Sana Jahan, Steven Streisguth, Varsha Varadarajan, Vishal Devgire

Note

A more comprehensive list of changes for this release can be found here.

Have ideas and want to contribute? Need some help getting started? Search the archives in the GoCD mailing list.

Found a security issue that needs fixing? Please report it to https://hackerone.com/gocd

Please report any issues that you observe on GitHub issues.

Support for Java 10 and 11

While we continue to support Java 8, GoCD has now added support for Java 10 and 11. With Oracle moving towards a 6 month cadence for newer releases we are evaluating the process to keep in sync with the new cadence. Watch this space for more information in the coming releases.

Environments Page

Originally the Environments page grouped the pipelines by environment with an option for admins to edit the environment. With the introduction of the new pipeline dashboard users have an option to group the pipelines by Pipeline Group or Environment.

With this release we have moved the environments page under the Admin tab. This page lists all the configured environments with an option to edit them.

Elastic Agent Extension V4

Upgraded the Elastic Agent Extension to Version 4. With this version GoCD notifies the plugin on completion of Job run by an elastic agent.

New APIs

• #2404 - Introduced an API for Admins to manage Pipeline Groups.

Improvements

• 69559f9 - Added support for referencing Environment Variable in Pipeline Label. (#5180)
• 1ed99a0 - Allow non-admins to view all analytics other than dashboard analytics. (#5237)

Bug fixes

• 7b83e68 - Validate fetch artifact config before save. (#5202)
• 9f17781 - Set status 503 when backup is in progress. (#5222)
• fa31d58 - Fix for email notification filter not acknowledging 'Only if it contains my check-ins'. (#5238)
• 1cce495 - Fix ETag computation for DataSharing Settings API. (#5184)
• 0349a02 - Timer triggered pipelines are not scheduled on a standby server. (#5234)

Deprecations

• The alpine 3.5 based docker image for gocd agent has been deprecated and will not be built after November 2018 release of GoCD. This will be done as alpine 3.5 will reach end-of-life in November 2018.
• With the introduction of AES for encryption/decryption in release 18.7.0, we are deprecating support for DES. Support for DES is retained to support DES cipher-texts configured in config-repos and will be available till the last release of GoCD for the year 2018. The Encryption API is updated to return a AES cipher-text, users are encouraged to update their DES cipher-texts in config-repos using this API.
• The Pipeline Config API v5 has been deprecated in release 18.7.0. This version of the API will be removed in a release scheduled for November 2018. Version 6 of the API is available, and users are encouraged to use it.
• The Template Config API v3 has been deprecated in release 18.7.0. This version of the API will be removed in a release scheduled for November 2018. Version 4 of the API is available, and users are encouraged to use it.
• The elastic agent plugin extension version 3 has been deprecated. This versions will be removed in a release scheduled for Mar 2019. Plugin developers should use version 4 of the elastic agent plugin api to allow adding support for job completion request. The docker, docker swarm, kubernetes and ecs plugins have been migrated to the new versions, and users should upgrade their plugins to the latest version to see these new features.
• The notification plugin extension version 3 has been deprecated. This versions will be removed in a release scheduled for Mar 2019. Plugin developers should use version 4 of the notification plugin api.
• The analytics plugin extension version 1 has been deprecated. This versions will be removed in a release scheduled for Mar 2019. Plugin developers should use version 2 of the analytics plugin api.

Breaking Changes

• We have stopped building ubuntu 12.04 based docker image for gocd agent as ubuntu 12.04 is now end-of-life.

Contributors

Aditya Sood, Akshay Dewan, Ankit Srivastava, Aravind SV, Bhupendrakumar Piprava, Chandrakanth Nagaraj, Danilo Sato, Ganesh S Patil, Huimin Li, Isabelle Carter, Jen Marley, Jyoti Singh, Ketan Padegaonkar, Kiera Radman, Kosta Welke, Louda Peña, Lubaina R, Mahesh Panchaksharaiah, Marques Lee, Naveen Bhaskar, Pranav Bansod, Rahul Pargaonkar, Rajiesh N, Ravi Ranjan, Senthil R, Steven Streisguth, Tina Vinod, Varsha Varadarajan, Vishal Devgire

Note

A more comprehensive list of changes for this release can be found here.

Have ideas and want to contribute? Need some help getting started? Search the archives in the GoCD mailing list.

Found a security issue that needs fixing? Please report it to https://hackerone.com/gocd

Please report any issues that you observe on GitHub issues.

Backups on a schedule

This release allows performing a backup on schedule. GoCD now allows executing a script once the backup completes. This feature removes the need for GoCD administrators to execute and monitor custom "cron-like" jobs to ensure that backups are completed.

For example: Users can now add the following snippet to the config XML to perform a backup once a night at 10pm on weekdays and call the /usr/local/bin/upload-to-s3 script after the backup is done:

<server>
  ...
  <backup schedule="0 0 22 ? * MON-FRI" 
          postBackupScript="/usr/local/bin/upload-to-s3"
          emailOnSuccess="false"
          emailOnFailure="true"/>
</server>

Analytics Extension V2

Upgraded the Analytics Extension to Version 2. This version adds support for showing analytics on the Agents and Value Stream Map(VSM) page.

Notification Extension V4

Version 4 of the Notification Extension enchances the existing Stage Status notification message to include the material fingerprint. It also provides details of previous stage(if any) responsible for triggering the current stage.

Bug fixes

• 8e0966d - Fixed scroll behaviour of filter tabs on the dashboard when navigating using the tabs dropdown. (#5097)
• 0fdfe21 - Fix the search box width on the add/edit views modal on the dashboard.

Deprecations

• The ubuntu 12.04 based docker image for gocd agent has been deprecated and will not be built in the upcoming releases of GoCD. This is done because ubuntu 12.04 is now end-of-life.
• The alpine 3.5 based docker image for gocd agent has been deprecated and will not be built after November 2018 release of GoCD. This will be done as alpine 3.5 will reach end-of-life in November 2018.
• With the introduction of AES for encryption/decryption in release 18.7.0, we are deprecating support for DES. Support for DES is retained to support DES cipher-texts configured in config-repos and will be available till the last release of GoCD for the year 2018. The Encryption API is updated to return a AES cipher-text, users are encouraged to update their DES cipher-texts in config-repos using this API.
• The Pipeline Config API v5 has been deprecated in release 18.7.0. This version of the API will be removed in a release scheduled for October 2018. Version 6 of the API is available, and users are encouraged to use it.
• The Template Config API v3 has been deprecated in release 18.7.0. This version of the API will be removed in a release scheduled for October 2018. Version 4 of the API is available, and users are encouraged to use it.

Contributors

Aditya Sood, Akshay Dewan, Ankit Srivastava, Aravind SV, Bhupendrakumar Piprava, Chandrakanth Nagaraj, Ganesh S Patil, Huimin Li, Isabelle Carter, Jen Marley, Jyoti Singh, Ketan Padegaonkar, Kiera Radman, Louda Peña, Lubaina R, Mahesh Panchaksharaiah, Marques Lee, Naveen Bhaskar, Pranav Bansod, Rahul Pargaonkar, Rajiesh N, Senthil R, Steven Streisguth, Tina Vinod, Varsha Varadarajan, Vishal Devgire

Note

A more comprehensive list of changes for this release can be found here.

Have ideas and want to contribute? Need some help getting started? Search the archives in the GoCD mailing list.

Found a security issue that needs fixing? Please report it to https://hackerone.com/gocd

Please report any issues that you observe on GitHub issues.

Flexible & Personalized Dashboard

We have made several improvements to the pipeline view on the new dashboard to make it more personal and relevant to our users.

Group pipelines either by pipeline groups or environments

Create personalizations based on your preference

Make views more relevant by showing only those pipelines that are building or failed

Re-order views to your liking

Accessibility Improvements

We have made some accessibility improvements which makes it easier for people using screenreaders to use the new dashboard.

Data Sharing Update

As of this release (18.8), GoCD collects information regarding jobs run by elastic agents and pipelines added through config repo. These metrics help us gauge the effectiveness of the pipeline as code feature and elastic agent plugins.

New APIs

• #4936 - Introduced an API to configure GoCD system admin users.

Improvements

• 1ca78a3 - Improve log messages at server startup when plugins are not configured.
• #5041 - Pipelines created via the PipelineConfig API are not paused by default now
• GoCD server image is now updated to alpine 3.8.
• Published 2 new GoCD agent images for docker based on alpine 3.8 and ubuntu 18.04.

Performance Improvements

• #4965 - Improve performance of config saves when config repositories are configured.

Breaking changes

• GoCD is no longer an OAuth provider. This integration was primarily used for integration with Mingle and the commercial business-continuity addon. Users who have been using GoCD's OAuth provider for the commercial business-continuity addon should read the business-continuity release notes before upgrading their GoCD servers.

Bug fixes

• d5fd967 - Fetch artifact task should support ./ as source directory for backward compatability. (#4810)
• #4971 - Do not expose gocd server class-loader to a plugin.
• #5020 - Request logging broken after loading indicator was introduced in version 18.7.0.
• #3390 - Deleting pipeline config via API don't notify scheduleService to cancel job
• dfa0d22 - Fixed config repo cloning using API. (#5013)

Deprecations

• The ubuntu 12.04 based docker image for gocd agent has been deprecated and will not be built in the upcoming releases of GoCD. This is done because ubuntu 12.04 is now end-of-life.
• The alpine 3.5 based docker image for gocd agent has been deprecated and will not be built after November 2018 release of GoCD. This will be done as alpine 3.5 will reach end-of-life in November 2018.
• With the introduction of AES for encryption/decryption in release 18.7.0, we are deprecating support for DES. Support for DES is retained to support DES cipher-texts configured in config-repos and will be available till the last release of GoCD for the year 2018. The Encryption API is updated to return a AES cipher-text, users are encouraged to update their DES cipher-texts in config-repos using this API.
• The Pipeline Config API v5 has been deprecated in release 18.7.0. This version of the API will be removed in a release scheduled for October 2018. Version 6 of the API is available, and users are encouraged to use it.
• The Template Config API v3 has been deprecated in release 18.7.0. This version of the API will be removed in a release scheduled for October 2018. Version 4 of the API is available, and users are encouraged to use it.

Contributors

Aditya Sood, Akshay Dewan, Anisha Roofi, Ankit Srivastava, Aravind SV, Bhupendrakumar Piprava, Chandrakanth Nagaraj, Dilip Nandakumar, Ganesh S Patil, Huimin Li, Isabelle Carter, Jen Marley, Jyoti Singh, Ketan Padegaonkar, Kiera Radman, Louda Peña, Lubaina R, Mahesh Panchaksharaiah, Marques Lee, Naveen Bhaskar, Noah Huppert, Pranav Bansod, Rahul Pargaonkar, Rajiesh N, Reuben James, Senthil R, Steven Streisguth, Tina Vinod, Varsha Varadarajan, Victor Sollerhed, Vishal Devgire

Note

A more comprehensive list of changes for this release can be found here.

Have ideas and want to contribute? Need some help getting started? Search the archives in the GoCD mailing list.

Found a security issue that needs fixing? Please report it to https://hackerone.com/gocd

Please report any issues that you observe on GitHub issues.

External Artifacts

Introduced support for publishing and fetching artifacts from an external artifacts store.

• We have introduced a new Artifacts Plugin Extension for plugin authors to write plugins which support artifact stores of their choice.
• Introduced Artifact Plugin for Docker Registry to store and fetch docker images from the docker registry.

Better encryption

We have moved towards using AES for encryption/decryption over DES. All DES cipher-text in cruise-config.xml will be migrated to AES cipher-text. Support for DES is retained to handle DES cipher-texts configured in config-repos. DES encryption is deprecated, check the deprecation notes for more details.

Data Sharing

GoCD now shares some (non-personally identifiable) information about the instance, to help improve the experience and performance. All GoCD system administrators will see a notification message about it and will have a chance to review the information sent and make a decision about it.

New Loading... screen

The GoCD server now starts up into a "Loading …" screen early on in the process. So, if you have scripts waiting on the port to be open, instead use the server health API, which will succeed with an HTTP status of 200 once the server is up. Till then, it'll fail with an HTTP status of 503.

API Improvements

• 26cc0ec - Introduced Pipeline Config API V6 to support external artifact config. (#4760).

• 00df580 - Introduced Template Config API V4 to support external artifact config. (#4891).

Bug fixes

• 9edcd29 - Fixed issue with webhook authentication. (#4945)
• db8652b - This fixes issue with analytics not showing up on GoCD instance running on Windows. (#4923)
• 941d93f - Fixed an issue with Jobs being hung when agent goes to missing state. (#4823)
• 3a1933d - Fixed infinite redirect issue for password and web based plugin. (#4853)
• eb7c461 - Fix for Agent not honoring GO_AGENT_LOG_DIR directive in service_mode. (#4718)
• 44264c3 - Fixed an issue with VSM pin showing incorrectly. (#3775)
• 0d18844 - Fixed missing Stage detail page link for a failing Stage. (#4909)

Breaking changes

• As of release 18.2.0 the following (unversioned) APIs had been deprecated and have been removed in 18.7.0.
  • The pipeline pause api.
  • The pipeline unpause api.
  • The pipeline unlock api.
  • The pipeline schedule api.

  These APIs have been replaced with a versioned API and users are encouraged to use these instead.

• The Plugin Info API v3 deprecated in 18.3.0 has been removed in 18.7.0. Version 4 of the API is available, and users are encouraged to use it.

Deprecations

• With the introduction of AES for encryption/decryption in this release, we are deprecating support for DES. Support for DES is retained to support DES cipher-texts configured in config-repos and will be available till the last release of GoCD for the year 2018. The Encryption API is updated to return a AES cipher-text, users are encouraged to update their DES cipher-texts in config-repos using this API.
• The Pipeline Config API v5 has been deprecated as of this release. This version of the API will be removed in a release scheduled for October 2018. Version 6 of the API is available, and users are encouraged to use it.
• The Template Config API v3 has been deprecated as of this release. This version of the API will be removed in a release scheduled for October 2018. Version 4 of the API is available, and users are encouraged to use it.

Contributors

Aditya Sood, Akshay Dewan, Akshay Mayekar, Ankit Srivastava, Ankur K, Aravind SV, Bhupendrakumar Piprava, Ganesh S Patil, Isabelle Carter, Jyoti Singh, Ketan Padegaonkar, Kiera Radman, Louda Peña, Lubaina R, Mahesh Panchaksharaiah, Marques Lee, Naveen Bhaskar, Pranav Bansod, Rajiesh N, Senthil R, Tomasz Sętkowski, Varsha Varadarajan, ralcini

Note

A more comprehensive list of changes for this release can be found here.

Have ideas and want to contribute? Need some help getting started? Search the archives in the GoCD mailing list.

Found a security issue that needs fixing? Please report it to https://hackerone.com/gocd

Please report any issues that you observe on GitHub issues.

Improvements

• 3541529 - Upgrade to TFS SDK version 14.118.0.
• ebdfb7d - Do not log server info at shutdown.

Library upgrades

In order to move towards supporting JRE version 9 and upwards, this release upgrades several libraries used by GoCD, including spring, hibernate, mybatis. See #4785, #4749 and #4768.

Breaking changes

• APIs now respond with an HTTP status code 403(Forbidden) instead of the 401(Unauthorized) when authenticated users are not authorized to view or perform operations on a resource.
• URLs containing any un-normalized paths (/../, ./ and /.), semicolon (; and %3B), encoded forward-slash (%2F), backslash (\, %5C), encoded percent (%25) will be rejected.
• The pipeline config API version 3 and version 4 have been removed. Please use version 5 of the pipeline config API.
• The elastic agent plugin extension version 1 and (a development version 2) has been removed. Plugin developers should use version 3 of the elastic agent plugin api to allow adding support for agent status report and plugin status report. The docker, docker swarm, and ecs plugins have been migrated to the new versions, and users should upgrade their plugins to the latest version to see these new features. Users using ECS plugin >= 4.0.0, docker swarm plugin >= 3.0.0, docker plugin >= 0.9.0 and kubernetes elastic agent >= 1.0.0 need not upgrade.

Bug fixes

• #4737 - Secure variables that were not masked in task plugins are now masked properly.
• #4805 - Pipeline history page pagination was broken.
• #4757 - Fix Mac installer to use Java 1.8 only.
• #4751 - Fix incorrect cache key generation.
• #4746 - Fix issue with user preferences page on Microsoft Edge browser.
• #4338 - QuickEdit does not allow delete of only stage in pipeline.
• #4775 - Dashboard UI rendering duplicate pipeline information.
• 5eb1121 - Fix the roles configuration link in the admin dropdown menu.

Deprecations

• As of release 18.2.0 the following (unversioned) APIs have been deprecated and will be removed in a release scheduled for July 2018:
  • The pipeline pause api.
  • The pipeline unpause api.
  • The pipeline unlock api.
  • The pipeline schedule api.

  These APIs have been replaced with a versioned API and users are encouraged to use these instead.

• The Plugin Info API v3 has been deprecated as part of 18.3.0. This version of the API will be removed in a release scheduled for July 2018. Version 4 of the API is available, and users are encouraged to use it.

Contributors

Aditya Sood, Akshay Dewan, Akshay Mayekar, Ankit Srivastava, Ankur K, Aravind SV, Bhupendrakumar Piprava, Ganesh S Patil, Isabelle Carter, Jyoti Singh, Ketan Padegaonkar, Kiera Radman, Louda Peña, Lubaina R, Mahesh Panchaksharaiah, Marques Lee, Naveen Bhaskar, Rajiesh N, Senthil R, Tomasz Sętkowski, Varsha Varadarajan

Note

A more comprehensive list of changes for this release can be found here.

Have ideas and want to contribute? Need some help getting started? Search the archives in the GoCD mailing list.

Found a security issue that needs fixing? Please report it to https://hackerone.com/gocd

Please report any issues that you observe on GitHub issues.

Bug fixes

• #4724 - Fixed issue with duplicate pipeline instances showing on dashboard due to config-save operations via different methods.
• #4727 - Fix spaces in template message in quick edit view.

Contributors

Aditya Sood, Akshay Dewan, Akshay Mayekar, Ankit Srivastava, Ankur K, Aravind SV, Bhupendrakumar Piprava, Ganesh S Patil, Isabelle Carter, Jyoti Singh, Ketan Padegaonkar, Kiera Radman, Louda Peña, Lubaina R, Mahesh Panchaksharaiah, Marques Lee, Naveen Bhaskar, Rajiesh N, Senthil R, Tomasz Sętkowski, Varsha Varadarajan

Note

A more comprehensive list of changes for this release can be found here.

Have ideas and want to contribute? Need some help getting started? Search the archives in the GoCD mailing list.

Found a security issue that needs fixing? Please report it to https://hackerone.com/gocd

Please report any issues that you observe on GitHub issues.

Previously, there was a warning about not upgrading to 18.4. In 18.5, an issue around pipelines created using the pipeline config API showing twice on the dashboard was fixed. We haven't been able to replicate issue #4723 around pipelines created using JSON and YAML plugins, we suspect it might be an issue with the individual's setup. [Updated: 2018 May 11, 11:45 UTC]

Performance fix

This release primarily addresses performance issue caused by a config save, which slows down several requests because of a long-running database query executed in order to update the dashboard.

We have performed some optimizations in order to significantly reduce the number of SQL calls executed. Read more about it at #4706 and #4705.

Improvements

• #4664 - Improved logging on GoCD server when agent registration fails.
• #4610 - Add an origin attribute on fetch task. The origin attribute indicates where to fetch the artifact from. For all artifacts fetched from the gocd server, the value is 'gocd'
• #4630 - Upgrade jetty to version 9.4.9.

Bug fixes

• #4675 - Server side timestamps are rendered properly when daylight saving is in effect.
• #4691 - Allow logged in users to access PluginInfos API.
• #4673 - Allow null environment variable value in config repo plugins.
• #3908 - Allow admin to change selected user in the User summary page.
• #4690 - Fixed some issues with case-insensitive renames of pipeline names.
• #4698 - Do not truncate long pipeline name.
• #4682 - Do not send a HTTP basic authentication challenge for API requests sent by the browser over AJAX.

Bundled plugins

• Upgraded the bundled LDAP authentication plugin to version 1.0.2. See the plugin CHANGELOG for more details.
• Upgraded the bundled file based authentication plugin to version 1.0.2. See the plugin CHANGELOG for more details.

Deprecations

• As of release 18.2.0 the following (unversioned) APIs have been deprecated and will be removed in a release scheduled for June 2018:
  • The pipeline pause api.
  • The pipeline unpause api.
  • The pipeline unlock api.
  • The pipeline schedule api.

  These APIs have been replaced with a versioned API and users are encouraged to use these instead.

• The pipeline config API version 3 and version 4 have been deprecated as part of 18.2.0 and will be removed in a release scheduled for June 2018. Version 5 of the pipeline config API has been introduced to add the new pipeline unlock behavior attribute (#3943).

• The elastic agent plugin extension version 1 and (a development verion 2) has been deprecated. These versions will be removed in a release scheduled for June 2018. Plugin developers should use version 3 of the elastic agent plugin api to allow adding support for agent status report and plugin status report. The docker, docker swarm, and ecs plugins have been migrated to the new versions, and users should upgrade their plugins to the latest version to see these new features.

• The Plugin Info API v3 has been deprecated as part of 18.3.0. This version of the API will be removed in a release scheduled for July 2018. Version 4 of the API is available, and users are encouraged to use it.

Breaking changes

• The Agent Docker Image for Debian 7 will not be built with newer version of GoCD. Users wanting to build a gocd agent image for debian 7 can fork the repository to build an image.

Known Issues

• There are a few known minor issues when triggering pipelines on the new dashboard:
  • #4647 - Trigger buttons do not get disabled if the pipeline was force triggered and material update is in progress
  • #4452 - Horizontal scroll appears in Trigger With Options Materials popup
  • #4481 - CCTray corner cases: NullPointerException because of a pipeline not being in the config when the dashboard looks to update itself.

Contributors

Aditya Sood, Akshay Dewan, Akshay Mayekar, Ankit Srivastava, Ankur K, Aravind SV, Bhupendrakumar Piprava, Ganesh S Patil, Isabelle Carter, Jyoti Singh, Ketan Padegaonkar, Kiera Radman, Louda Peña, Lubaina R, Mahesh Panchaksharaiah, Marques Lee, Naveen Bhaskar, Rajiesh N, Senthil R, Tomasz Sętkowski, Varsha Varadarajan

Note

A more comprehensive list of changes for this release can be found here.

Have ideas and want to contribute? Need some help getting started? Search the archives in the GoCD mailing list.

Found a security issue that needs fixing? Please report it to https://hackerone.com/gocd

Please report any issues that you observe on GitHub issues.

New Dashboard Page out of Beta

After we released the improved GoCD Dashboard (beta) in 18.2.0, we made several bug fixes and performance improvements based on feedback from our users. The GoCD dashboard improves performance for large GoCD instances with thousands of pipelines. In 18.3.0, we have replaced the older version of the dashboard with this improved dashboard which will be available as the default option to all GoCD users.

Enhancements to GoCD's Plugin Architecture

We have been working on a few improvements to our plugin architecture.

Support for adding plugin alerts to GoCD's Errors and Warnings section: GoCD provides an ability for plugins to add Error and Warning messages. These messages will show up along with the GoCD's own Errors and Warnings. Plugins now have an ability to notify users with any plugin error or warning messages which shows up in GoCD.

Multiple Extension Support for Plugins: Plugins can now implement multiple extensions. This will allow plugin developers to create a single plugin to support multiple extensions which complement each other. E.g This would allow one to write a new GitHub PR workflow plugin with both SCM and Notification extensions.

The plugin info API v4 has been introduced to represent plugins which implement multiple extensions. The two changes are:

• "type" is no longer at plugin level. It's at an extension level.
• "extension_info" was an attribute. It's now a list called "extensions".

Notification Extension V3: Introduced Version 3 of Notification Extension. This version adds a new message to notify agent state changes.

Analytics Extension Point: There is a new analytics extension point which allows analytics to be embedded into GoCD. We are continuing to work on it and you'll hear more about it soon.

Docker Images

A new Docker image GoCD Agent is available for Debian 9.

Improvements

• #4644 - Environments page no longer lists the pipeline instances, this page is only for listing the available environments and editing them.
• #4617 - Ability to turn-off logging of JVM-args and Environment variables to STDERR on GoCD Agent and Server startup.
• #4607 - Remove flash filter from agent remoting endpoint
• #4278 - Change in Build and Test Artifact XML representation
• #4559 - Upgraded Objenesis library to fix performance issues around object cloning.
• #4557 - Plugin settings api improvements
• #4435 - Add the blacklist textarea to other scm materials in the pipeline creation wizard
• #4432 - Setting up one listener per notification plugin to avoid one plugin interfering with others
• #4521 - Update config-repo yaml plugin to 0.6.2

Bug fixes

• #4656 - Serialise lastBuildTime for CCTray in UTC with timezone
• #4466 - Make JSON output invalid on error
• #4569 - Update mail sender with mailhost config every time while performing backup.
• #4474 - Fixed issue with SPAs popping up a login dialog after session timeout
• #4542 - Fix plugin logging concurrency issue
• #4496 - Show only pipelines that the user has admin permissions to extract a template.
• #4501 - Ensure cancelled stage has lastTransitionedTime.

Deprecations

• As of release 18.2.0 the following (unversioned) APIs have been deprecated and will be removed in a release scheduled for June 2018:
  • The pipeline pause api
  • The pipeline unpause api
  • The pipeline unlock api
  • The pipeline schedule api

  These APIs have been replaced with a versioned API and users are encouraged to use these instead.

• The pipeline config API version 3 and version 4 have been deprecated as part of 18.2.0 and will be removed in a release scheduled for June 2018. Version 5 of the pipeline config API has been introduced to add the new pipeline unlock behavior attribute (#3943).

• The elastic agent plugin extension version 1 and (a development verion 2) has been deprecated. These versions will be removed in a release scheduled for June 2018. Plugin developers should use version 3 of the elastic agent plugin api to allow adding support for agent status report and plugin status report. The docker, docker swarm, and ecs plugins have been migrated to the new versions, and users should upgrade their plugins to the latest version to see these new features.

• The Plugin Info API v3 has been deprecated as part of 18.3.0. This version of the API will be removed in a release scheduled for July 2018. Version 4 of the API is available, and users are encouraged to use it.

• The Agent Docker Image for Debian 7 is deprecated as part of 18.3.0 and will be removed in a release scheduled for May 2018. Users should upgrade to a newer version of the Debian image.

Breaking changes

• The old plugins page which was deprecated in 18.2.0 has been removed

Known Issues

• There are a few known minor issues when triggering pipelines on the new dashboard:
  • #4647 - Trigger buttons do not get disabled if the pipeline was force triggered and material update is in progress
  • #4452 - Horizontal scroll appears in Trigger With Options Materials popup
  • #4481 - CCTray corner cases: NullPointerException because of a pipeline not being in the config when the dashboard looks to update itself.

• There is a known issue with API authentication:

  API requests that wait for a authentication challenge before sending the credentials in the Authorization header fail with 401. This is due to a bug introduced in the pull request #4585 - 'SPAs - redirect to login page if unauthorized'. The bug essentially responded with a 401 http response before the WWW-Authenticate header could be added. More details can be found in the github issue #4682.

Contributors

Aditya Sood, Akshay Dewan, Akshay Mayekar, Ankit Srivastava, Ankur K, Aravind SV, Bhupendrakumar Piprava, Christoph Burgmer, Ganesh S Patil, Isabelle Carter, John Eismeier, Jyoti Singh, Ketan Padegaonkar, Kiera Radman, Louda Peña, Lubaina R, Mahesh Panchaksharaiah, Marques Lee, Naveen Bhaskar, Rafael Nunes, Rajiesh N, Senthil R, Steven Streisguth, Ted Timmons, Tomasz Sętkowski, Varsha Varadarajan

Note

A more comprehensive list of changes for this release can be found here.

Have ideas and want to contribute? Need some help getting started? Search the archives in the GoCD mailing list.

Found a security issue that needs fixing? Please report it to https://hackerone.com/gocd

Please report any issues that you observe on GitHub issues.

New Dashboard Page (Beta)

New Dashboard Page

This release of GoCD ships with a 'preview' version of the new dashboard page (can be accessed using '/go/dashboard'). This improves performance for large GoCD instances with thousands of pipelines. It does so by:

• keeping track of the state of the dashboard in memory (instead of being pulled from the DB).
• rendering the response as a JSON (instead of HTML). This improves the rendering time by several hundred times on the server.
• a javascript based frontend that is several thousand times faster on large instances, reducing the CPU usage of your browser. Your laptop battery will thank you. :)
• reduces the polling rate when the dashboard is shown in a browser tab that is hidden.

Please report any issues that you observe on GitHub issues. This new dashboard will replace the existing dashboard in one of the upcoming releases of GoCD.

This feature can be turned off by executing:

curl https://your-go-server/go/api/admin/feature_toggles/quicker_dashboard_key \
  -d toggle_value=off \
  -H 'Confirm:true' \
  -u username:password

Elastic Agent Status Report

Elastic Agent Status Report

To make it easier to see information about your elastic agent and check logs in case of issues, elastic agent plugins can now provide an elastic agent status report. This report is available from the agents page, and from the job detail page. Docker, Docker Swarm, and Amazon ECS plugins implement this status report feature.

Elastic Agent Plugin Status Report

Elastic Agent Plugin Status Report

To make it easier to see information about elastic agent cluster, elastic agent plugins can provide a report about all running agents and the state of the cluster. This report is available from the plugins page. Docker, Docker Swarm, and Amazon ECS plugins implement this status report feature.

API Improvements

• 612c66a - Introduction of pipeline pause api and unpause api. (#4076).

  The old pause/unpause APIs have been deprecated and users should upgrade to the new API.

• b52aff7 - Introduction of pipeline unlock API. (#4237).

  The old pipeline unlock API has been deprecated and users should upgrade to the new API.

• 666b206 - Introduction of pipeline schedule API. (#4319).

  The old pipeline schedule API has been deprecated and users should upgrade to the new API.

• 6dfa18f - Introduction of server health messages API. (#4256).

  This endpoint will render the warnings and errors that were earlier visible only when clicking on the "errors and warnings" modal on the GoCD server

• 0353bb6 - Introduction of Template Authorization API. (#3081).

• 9c4829e - Support gitlab@ urls for gitlab webhooks. (#4211)

  Many GitLab installations use gitlab@ as a git user. This was once a default user for GitLab installs. Due to this the urls for ssh connections from gitlab can include this user.

Improvements

• Introduce environment variables GO_MATERIAL_HAS_CHANGED and GO_MATERIAL_${material name or dest}_HAS_CHANGED to indicate if materials have changed from the previous pipeline run, and if materials have changed, which materials have changed. Read more about these variables in the help documentation.

Docker images

We have introduced the GoCD Agent Docker in Docker image. This can be used to run the docker related tasks such as building a docker image, pushing to a registry etc. Advanced use-cases include containerizing the application and running tests using DInD.

Read more about changes with docker images for the server docker image and agent docker image.

Bug fixes

• With the introduction of the server health messages API, we can now show server health messages on some of the pages introduced in the last several releases, viz. roles, authorization configuration, agents, elastic profiles, plugin settings.

• #3899 - Fixed an infinite redirect issue when logging in using web based authentication plugins

• #3926 - Handle console logs better with utf-8 encoding

• 157f12d - Enforce http(s) URL scheme for tracking tools. (#4356)

  This will add an http:// prefix to tracking tool links that do not start with http:// or https://.

• The plugin settings request is supported for the SCM and Package repository extensions on the plugins SPA. The plugin settings that can be configured for scm and package repo plugins are made use of only on the server side.

Deprecations

• As of release 18.2 the following (unversioned) APIs have been deprecated and will be removed in 18.5 (scheduled to be released in May 2018):
  • The pipeline pause api
  • The pipeline unpause api
  • The pipeline unlock api
  • The pipeline schedule api

  These APIs have been replaced with a versioned API and users are encouraged to use these instead.

• The pipeline config API version 3 and version 4 have been deprecated and will be removed in 18.5 (scheduled to be released in May 2018). Version 5 of the pipeline config API has been introduced to add the new pipeline unlock behavior attribute (#3943).

• The elastic agent api version 1 and (a development verion 2) has been deprecated. These versions will be removed in 18.5 (scheduled to be released in May 2018). Plugin developers should use version 3 of the elastic agent plugin api to allow adding support for agent status report and plugin status report. The docker, docker swarm, and ecs plugins have been migrated to the new versions, and users should upgrade their plugins to the latest version to see these new features.

• Plugins upload form has been removed from the new plugins page. It is still available in the old plugins page, which will be removed in release 18.3.0 (scheduled to be released in March 2018).

Breaking changes

• Version 1 of the users api has been removed. Version 2 of the API is available, and users are encouraged to use it.

Known issues

• There are a few known issues when triggering pipelines using the trigger with options feature on the new dashboard:
  • #4488 - If for a material no revision selected on trigger with options, schedules with latest revision
  • #4489 - If invalid revision specified do not trigger pipeline
  • #4448 - Pipeline with lock behavior specified continues to be locked after run completion under certain conditions

Contributors

Akshay Dewan, Akshay Mayekar, Ankit Srivastava, Ankur K, Aravind SV, Bhupendrakumar Piprava, Charles Bryant, Christian Lövsund, Don Stewart, Ganesh S Patil, Isabelle Carter, Jyoti Singh, Ketan Padegaonkar, Kiera Radman, Louda Peña, Lubaina R, Mahesh Panchaksharaiah, Marques Lee, Naveen Bhaskar, Paul Thomas, Rajiesh N, Senthil R, Varsha Varadarajan

Note

A more comprehensive list of changes for this release can be found here.

Have ideas and want to contribute? Need some help getting started? Search the archives in the GoCD mailing list.

Found a security issue that needs fixing? Please report it to https://hackerone.com/gocd

Bug Fixes

• f9ad399 - Validate roles assigned to stage authorization on template update through API. (#4185) #4176
• 63d7d0f - Test artifacts configured using config-repo is uploaded to GoCD server's build artifacts' default location. (#4083) #4071
• 1442a09 - Get Pipeline Config API failed to find pipeline for remote configured pipelines. (#4010) #4008
• addf343 - Fix path of logback-include.xml. (#4145)
• d409d23 - Fix whitelist in configrepo hg material. (#4191)
• 8971a71 - Do not allow agent to register with duplicate elastic agent id. (#4133)

Docker Images

• Published an updated GoCD Server and Agent docker image for the latest version of Alpine (3.7)

Breaking Changes

• As of release 17.5, authentication plugin endpoints have been deprecated. Support for authentication plugin endpoints has been removed in 18.1 release. The following plugins will not work unless been migrated to use the Authorization Plugins endpoint:

  • Google OAuth Login (Alternative: Google OAuth Authorization Plugin)

  • GitHub OAuth Login (Alternative: GitHub OAuth Authorization Plugin)

  • GitLab(CE) OAuth Login (Alternative: GitLab OAuth Authorization Plugin)

  • TLS Client Certificates Login (Use latest version of TLS Client Certificates Login instead.)

  • Strong Auth Plugin (Use the bundled gocd-filebased-authentication-plugin instead.)

  • Guest Login (Alternative: Guest Login Plugin)

• 23eb465 - Delete cruft for new jobs as they complete. (#4219)

  This bug fix breaks jobs feed API. We will no longer render the environment variables, resources and build artifacts in the job xml api

• Version 2 of the plugin info API which was deprecated in 17.9.0 release is removed in this release. Version 3 of the API is available.

• The pipeline pause API now results in Conflict (HTTP 409) with an error if the pipeline is already paused.

• The pipeline unpause API now results in Conflict (HTTP 409) with an error if the pipeline is already unpaused.

Deprecations

• As of release 17.11, version 1 of the users API is deprecated. This version of the API will be removed in 18.2.0 release (scheduled to be released in February 2018). Version 2 of the API is available, and users are encouraged to use it.
• Plugins upload form has been removed from the new plugins page. It is still available in the old plugins page, which will be removed in release 18.2 (scheduled to be released in February 2018).

Contributors

Aditya Sood, Akshay Dewan, Ankit Srivastava, Ankur K, Aravind SV, Bhupendrakumar Piprava, Emily Luke, Ganesh S Patil, Isabelle Carter, Jyoti Singh, Ketan Padegaonkar, Kiera Radman, Louda Peña, Lubaina R, Mahesh Panchaksharaiah, Marques Lee, Naveen Bhaskar, Rajiesh N, Senthil R, Tomasz Setkowski, Varsha Varadarajan

Note

A more comprehensive list of changes for this release can be found here.

Have ideas and want to contribute? Need some help getting started? Search the archives in the GoCD mailing list.

Found a security issue that needs fixing? Please report it to https://hackerone.com/gocd

UX Changes

• 0e92610 - Newer plugins page. (#4030).

  As a part of an ongoing UI/UX refresh, we have introduced the new plugins page:

Other Improvements

• 0ee52b3 - Disallow an authenticated user from re-authentication. (#3940)

  With this change, an authenticated user is re-directed to home page on trying to access the login page.

• 6fda2f5 - Add new unlock behavior. (#3943) #106

  As a part of this change, two types of locking behavior are introduced:

  • Run single instance of pipeline at a time ("Lock behavior: Unlock when finished")

  • Run single instance of pipeline and lock on failure ("Lock behavior: Lock on failure")

  More information can be found in the docs.

• 979fa50 - Addition of pipeline count information to about page. (#3960)

Bug Fixes

• ab1ccf8 - Fix config file validation to not use file system to validate paths. This caused issues in certain cases where the server working directories were using symlinks. (#4026) #3984
• 6660a1b - Show 'console log not available' error in build details page's console tab when console.log file is not available. (#3998) #3773 #3650
• e48d958 - Fixes console.log file not being available at server if websocket connection is closed while waiting for logs. (#3999) #3986
• ee992e6 - Fixes issue in agent zip installers in which agents fail to register if their log directories' path have spaces in them. (#3976) #3966
• e6c9b3a - Fixes issue with stale cache being used in CCtray which caused users associated with plugin-roles to not see pipelines which they were authorized to see otherwise. (#3955) #3954
• 449cbc3 - Allows overriding default Go server ports when using windows service. (#4038) #3982

Security Fixes

• 488712d - Token based approach for agent registration. (#4014)

  • Adds a new endpoint to get token from server in exchange of agent uuid. The token for a given agent is issued for unknown agents only - already registered or pending agents cannot request for a token.
  • Agent requests for a token before registration if required. This token is stored on agent's disk and reused for registration calls.

  Note: As a result of this fix, Go-lang agents need to be updated to work with GoCD server versions 17.12 or higher, else the agent's registration would fail. Golang agent users can follow up with the author on this issue.

API Changes

• Introduction of version 1 for Config Repo API.

• Introduction of version 5 for Pipeline config API (#106)

  This version accommodates changes made to pipeline locking behavior. In addition to this, the representation of the origin attribute has also changed.

Docker Images

• Addition of ability to run custom scripts while starting up the gocd-server or gocd-agent using the official GoCD docker images. #46

Breaking Changes

• cdf6722 - Remove code related to starting vncserver. (#4028) #4005

  Alternatives to using the VNC flag are mentioned in this comment.

Deprecations

• As of release 17.11, version 1 of the users API is deprecated. This version of the API will be removed in 18.1.0 release (scheduled to be released in January 2018). Version 2 of the API is available, and users are encouraged to use it.
• As of release 17.5, authentication plugin endpoints have been deprecated. Support for these plugins will be removed in 18.1 (scheduled to be released in January 2018). Plugin developers are encouraged to migrate their plugins to use the Authorization Plugins that were introduced. The following plugins are affected by this deprecation:

  • Google OAuth Login (Alternative: Google OAuth Authorization Plugin)

  • GitHub OAuth Login (Alternative: GitHub OAuth Authorization Plugin)

  • GitLab(CE) OAuth Login (Alternative: GitLab OAuth Authorization Plugin)

  • TLS Client Certificates Login (Use latest version of TLS Client Certificates Login instead.)

  • Strong Auth Plugin (Use the bundled gocd-filebased-authentication-plugin instead.)

  • Guest Login

• Plugins upload form has been removed from the new plugins page. It is still available in the old plugins page, which will be removed in release 18.2 (scheduled to be released in February 2018).
• As of release 17.9, version 2 of the plugin info API is deprecated. This version of the API will be removed in 18.1.0 release (scheduled to be released in January 2018). Version 3 of the API is available, and users are encouraged to use it.

Contributors

Aditya Sood, Akshay Dewan, Ankit Srivastava, Ankur K, Aravind SV, Bhupendrakumar Piprava, Emily Luke, EugenMayer, Ganesh S Patil, Isabelle Carter, Jyoti Singh, Ketan Padegaonkar, Louda Peña, Lubaina R, Mahesh Panchaksharaiah, Naveen Bhaskar, Rajiesh N, Senthil R, Szymon Chojnacki, Tomasz Setkowski, Varsha Varadarajan

Note

A more comprehensive list of changes for this release can be found here.

Have ideas and want to contribute? Need some help getting started? Search the archives in the GoCD mailing list.

Found a security issue that needs fixing? Please report it to https://hackerone.com/gocd

UX Changes

• 67f1605 - Find Value Stream Map (VSM) more easily and show pipeline run duration in VSM. (#3705) (#3858)

  Pipeline instances have an explicit link to VSM across the application for better discoverability.

  

  Pipeline run duration shown in VSM:

  

Improvements

• a8d09f3 - Added support for parameters and template references in config repo pipelines. (#3851) (#3849)
• 36b675e - Added support for bitbucket webhook. (#3862)
• 6320d55 - Added support for gitlab webhook. (#3862)
• 2cb4c00 - GoCD Server session timeout has been made configurable. (#3856) (docs)
• e51f3b6 - GoCD Agent supports configuring proxies. (#995)

Breaking Changes

• f501efc - Move over to logback from log4j for logging. (#3831)

  • Switching to logback solves a number of logging related issues such as #3588, #3557 and #3403
  • The users should now configure logging using corresponding logback.xml instead of log4j.properties for both server and agents (docs).
  • This has been marked as a breaking change since GoCD would no longer honour log4j.properties file. Users managing log4j.properties file externally would have to update their scripts to use the logback.xml instead.

• Support for phusion based docker server and agent images have been removed this release. We provide support for the docker images for GoCD agents across the following operating systems - Alpine 3.5, CentOS 6 & 7 , Debian 7 & 8, Ubuntu 12.04, 14.04 & 16.04

Performance Fixes

• eb7305e - Fixes memory leak issue in agent-bootstrapper/launcher caused by server upgrades. (#3792)

Bug Fixes

• cef6649 - Fixes a race condition during Job reschedule. (#3891)
• a1f9945 - Improves checksums for agent jar(s) download. (#3884)
• 4db7e52 - Does not show the settings icon for config repo pipelines on VSM. (#3892) (#3881)
• 686c76d - Fixes issue with users authenticated using WebBasedAuthentication not assigned the right permissions. (#3878)

API Changes

• cba778c - Introduced health check API for Server. (#3912)
• 97df2bf - Introduced health check api for agent. (#3781) (#3074)
• e4d041b - Introduced v2 of Users API to support bulk deletion. (#3720)

Docker Images

• We have made a few changes to the GoCD Server (Changelog) and the GoCD Agent (Changelog) Docker images.

Deprecations

• As of release 17.9, version 2 of the plugin info API is deprecated. This version of the API will be removed in 17.12.0 release (scheduled to be released in November 2017). Version 3 of the API is available, and users are encouraged to use it.
• As of release 17.11, version 1 of the users API is deprecated. This version of the API will be removed in 18.1.0 release (scheduled to be released in January 2018). Version 2 of the API is available, and users are encouraged to use it.
• As of release 17.5, authentication plugin endpoints have been deprecated. Support for these plugins will be removed in 18.1 (scheduled to be released in January 2018). Plugin developers are encouraged to migrate their plugins to use the Authorization Plugins that were introduced. The following plugins are affected by this deprecation:

  • Google OAuth Login (Alternative: Google OAuth Authorization Plugin)

  • GitHub OAuth Login (Alternative: GitHub OAuth Authorization Plugin)

  • GitLab(CE) OAuth Login (Alternative: GitLab OAuth Authorization Plugin)

  • TLS Client Certificates Login (Use latest version of TLS Client Certificates Login instead.)

  • Strong Auth Plugin

  • Guest Login

Note

• With release 17.5.0 support for in-built password file and LDAP/AD authentication had been deprecated. In this release support for this has been removed in favour of the bundled LDAP and Password File plugins respectively.

Contributors

Ankit Srivastava, Ankur K, Aravind SV, Bhupendrakumar Piprava, Drew J. Sonne, Emily Luke, Ganesh S Patil, Isabelle Carter, Jyoti Singh, Ketan Padegaonkar, Louda Peña, Lubaina R, Mahesh Panchaksharaiah, Mikhail Advani, Naveen Bhaskar, Rajiesh N, Senthil R, stayclassychicago, Suzie Prince, Tomasz Setkowski, Varsha Varadarajan

Note

A more comprehensive list of changes for this release can be found here.

Have ideas and want to contribute? Need some help getting started? Search the archives in the GoCD mailing list.

Found a security issue that needs fixing? Please report it to https://hackerone.com/gocd

Important: After the 17.9 release, we made an announcement asking users to hold off upgrading their GoCD instance. We found an issue (#3834) affecting a small set of users. This release provides a fix for the same.

Critical Bug Fixes

• 05598d8 - Unable to start the server after 17.9.0 upgrade. (#3834)

Other Changes

• 176ebc2 - Fix for no plugins visible after 17.9.0 upgrade. (#3829)

Docker Images

• We have made a few changes to the GoCD Server and the GoCD Agent Docker images.

Contributors

Ankit Srivastava, Ankur K, Aravind SV, Bhupendrakumar Piprava, Emily Luke, Ganesh S Patil, Jyoti Singh, Ketan Padegaonkar, Louda Peña, Lubaina R, Mahesh Panchaksharaiah, Naveen Bhaskar, Rajiesh N, Roman Gorodeckij, Senthil R, Suzie Prince, Varsha Varadarajan

Note

Have ideas and want to contribute? Need some help getting started? Search the archives in the GoCD mailing list.

Found a security issue that needs fixing? Please report it to https://hackerone.com/gocd

Improvements

• 928c585 - Grouping elastic profile by plugin ID. (#3772)

  We have created an organized view of the elastic agent profiles. Now, you can view them by the type of elastic agent plugin (Docker Swarm, OpenStack, ECS etc.), making it easier to find a particular profile.

  

• 1c1f2fe - Administrators can choose to edit a Pipeline with one-click from the Value Stream Map.

  

• ca7c3fa - Addition of a request processor to allow plugin authors to query information from the GoCD server. (#3401)

API Changes

• 0587f21 - Introduction of version 3 of Plugin Info API to include extension related information. (#3719)
• d53ed38 - Introduction of Plugin Settings API v1. (#3599)

Bug Fixes

• 4c9e3c9 - Removed memory leaks from agent bootstrapper.

  GoCD agents are designed to automatically upgrade themselves when the GoCD server is upgraded. This requires the currently running agent to release all resources before exiting and handing over control to a newer version of the agent process. There were some file system resource and memory leaks that have been identified which affect versions of go-agent bootstrapper between 17.4 and 17.8. We recommend that users either upgrade their gocd server and agent versions to the latest version, or restart the agent process to release any memory and filesystem resources that may be locked by the agent process.

• e538ba0 - Check if agent is disabled before job assignment.
• d47180f - Addition of a few more fields to materials form which is used in creation of pipelines.
• 8f6cc6c - Send request headers from server to plugins.
• 0eab696 - Stage and job related warnings should not be logged for a rerun stage/job. (#3753)
• 8f66499 - Fixes select all bug on admin edit in environment page. (#3737)
• 793d198 - Redirect authenticated user to home page on re-authentication.

Docker Images

• GoCD images make logs available to docker by writing them to STDOUT. Users can access the logs anytime by executing   docker logs   in both server and agent containers.
• We've launched an updated GoCD Agent docker image for the latest version of Alpine (3.6)

Breaking Changes

If you are using the commercial Amazon ECS Elastic Agent Plugin, upgrading to GoCD 17.9.0 would require a plugin upgrade to V2.0.0.

Deprecations

• As of release 17.9, version 2 of the plugin info API is deprecated. This version of the API will be removed in 17.12.0 release (scheduled to be released in December 2017). Version 3 of the API is available, and users are encouraged to use it.
• As of release 17.5, authentication plugin endpoints have been deprecated. Support for this plugin will be removed in 18.1 (scheduled to be released in January 2018). Plugin developers are encouraged to migrate their plugins to use the Authorization Plugins that were introduced.

  Authentication plugins

  • Google OAuth Login

  • GitHub OAuth Login

  • GitLab(CE) OAuth Login

  • TLS Client Certificates Login

  • Strong Auth Plugin

  • Guest Login

• As of 17.5, support for in-built password file and LDAP/AD authentication have been deprecated. Support for these authentication mechanisms would be removed in 17.10 release (scheduled to be released in October 2017). Existing configuration will be automatically migrated to use the new in-built password file and LDAP/AD authentication plugins. No other actions necessary.

• As of 17.8, the phusion based docker server and agent images are deprecated in favour of the new docker server and agent images. Support for the phusion images will be removed in 17.11.0 (scheduled to be released in November 2017). We provide support for the docker images for GoCD agents across the following operating systems - Alpine 3.5, CentOS 6 & 7 , Debian 7 & 8, Ubuntu 12.04, 14.04 & 16.04

Other Changes

• dc39953 - Config repo change attribute "plugin" to "pluginId". (#3672)
• 3c9a8f1 - Addition of a toggle to make pipeline quick edit page as a default page. (#3722)
• 19210e4 - Always open console tab when job name is clicked. (#3742)

Contributors

Ankit Srivastava, Ankur K, Aravind SV, Bhupendrakumar Piprava, Emily Luke, Ganesh S Patil, Jyoti Singh, Ketan Padegaonkar, Louda Peña, Lubaina R, Mahesh Panchaksharaiah, Naveen Bhaskar, Pedro Carriço, Rajiesh N, Senthil R, Stephen Murby, Suzie Prince, Tim Brown, Varsha Varadarajan

Note

A more comprehensive list of changes for this release can be found here.

Have ideas and want to contribute? Need some help getting started? Search the archives in the GoCD mailing list.

Found a security issue that needs fixing? Please report it to https://hackerone.com/gocd

Pipeline as Code

With this release, GoCD supports Pipeline as code, out of the box. We've bundled the JSON config repo plugin and the YAML config repo plugin with the GoCD server. A shout out to our core contributor Tomasz Sętkowski for maintaining these plugins.

Amazon ECS Elastic Agent Plugin

Thoughtworks now offers a new commercial plugin which allows you to run elastic agents on Amazon ECS. The plugin takes care of spinning up and shutting down EC2 instances based on the need of your deployment pipeline. For more information about this, click here.

Improvements

• 1ccb029 - Ensure order of auth_config is used to authenticate users. (#3608)
• 36d546e - Removed support for Team Foundation Server 2010. Users can continue to use GoCD with TFS 2012, 2013, 2015 and Visual Studio Team Services.
• d7c4d16 - Display pause text in pipeline history. (#2784)
• 52ac924 - Save agent hostname and ip address as part of build history. This information will be displayed on the job details page for all kinds of agents. (#3368)

Docker Images

• Some improvements have been made to reduce the size of the docker GoCD server image. Please check the changelog here.
• Some improvements have been made to create slimmer docker GoCD agent images. Please check the changelog here. We provide support for the docker images for GoCD agents across the following operating systems - Alpine 3.5, CentOS 6 & 7 , Debian 7 & 8, Ubuntu 12.04, 14.04 & 16.04

Deprecations

Features that become superseded or irrelevant become deprecated, and are scheduled to be removed in some timeframe.

The following features have been deprecated. Please note the timeframe of when they will be removed.

• As of 17.5, support for in-built password file and LDAP/AD authentication have been deprecated. Support for these authentication mechanisms would be removed in 17.9 release (scheduled to be released in September 2017). Existing configuration will be automatically migrated to use the new in-built password file and LDAP/AD authentication plugins. No other action necessary.

• As of 17.5, authentication plugin endpoints have been deprecated. Support for this plugin will be removed in 18.1 (scheduled to be released in January 2018). Plugin developers are encouraged to migrate their plugins to use the Authorization Plugins that were introduced.

  Authentication plugins

  • Google OAuth Login

  • GitHub OAuth Login

  • GitLab(CE) OAuth Login

  • TLS Client Certificates Login

  • Strong Auth Plugin

  • Guest Login

• As of 17.8, the phusion based docker server and agent images are deprecated in favour of the new docker server and agent images. Support for the phusion images will be removed in 17.11.0. We provide support for the docker images for GoCD agents across the following operating systems - Alpine 3.5, CentOS 6 & 7 , Debian 7 & 8, Ubuntu 12.04, 14.04 & 16.04

Contributors

Ankit Srivastava, Ankur K, Aravind SV, Bhupendrakumar Piprava, Emily Luke, Huimin Li, Isabelle Carter, Jyoti Singh, Ketan Padegaonkar, Kyle Olivo, Louda Peña, Lubaina R, Mahesh Panchaksharaiah, Marques Lee, Naveen Bhaskar, Rajiesh N, Senthil R, Suzie Prince, Tomasz Sętkowski, Varsha Varadarajan, Victor Nascimento

Note

A more comprehensive list of changes for this release can be found here.

Have ideas and want to contribute? Need some help getting started? Search the archives in the GoCD mailing list.

Found a security issue that needs fixing? Please report it to https://hackerone.com/gocd

Security Fixes

Important: This release comes on the back of 17.6.0 as we have identified a critical security vulnerability with 17.5.0 and 17.6.0. If you are on 17.5.0 or 17.6.0, please upgrade immediately to this version to keep your GoCD server secure. We want to give sometime for users to upgrade before disclosing the details of the vulnerability.

Important

There has been a critical security vulnerability identified with this release, fixes for the same have been provided in 17.7.0. If you are on 17.6.0, please upgrade immediately to 17.7.0 to keep your GoCD sever and agent secure.

Security Fixes

This release has critical security fixes to prevent CSRF, XSS and Session hijacking exploits. We highly recommend users to upgrade to keep your GoCD server and agent secure. Thanks 4cad for reporting these issues.

Improvements

• 42c681d - Added option to skip agent startup on windows. (#3577)

  This adds a /START_AGENT=NO to prevent the agent service from starting up when performing a headless installation on windows. See the documentation for more details.

• 2c95a10 - Improve timestamp rendering on some pages. (#3574)

  This improves the timestamp rendering on the job details, stage details and pipeline compare pages. You will now see timestamps in your local timezone.

  

  

• 9450dba - Add a "Rerun Failed" button to rerun failed jobs. (#3570)

  

• The in-built password file authentication plugin now supports bcrypt, which is a stronger password hashing function. GoCD server administrators should migrate SHA1 passwords to use bcrypt instead.

API Enhancements

• Introduced a GitHub webhook API to accept push events on a GitHub repository or repositories in a GitHub organization.

Bug Fixes

• 88f1678 - Disable trigger with options button for view user in the environments page. (#3602)

• dba8212 - Javascript error when saving user preferences. (#3576)

• 30615dc - Reduce the amount of plugins that an agent downloads and initializes. (#3584)

  This should reduce the amount of data an agent downloads when a plugin is installed, or the server is upgraded. This will also help reduce the amount of memory used by the GoCD agent process.

Breaking Changes

• 8dfb1a9 - Removed Environments Config API v1. (#3606)

  Version 1 of the Environment Config API was deprecated in 17.3. Version 2 of the API is available, and users are encouraged to use it.

Deprecations

Features that become superseded or irrelevant become deprecated, and are scheduled to be removed in some timeframe.

The following features have been deprecated. Please note the timeframe of when they will be removed.

• As of 17.5, support for in-built password file and LDAP/AD authentication have been deprecated. Support for these authentication mechanisms would be removed in 17.9 release (scheduled to be released in September 2017). Existing configuration will be automatically migrated to use the new in-built password file and LDAP/AD authentication plugins. No other action necessary.

• The Authorization Plugin endpoints were introduced as an extension to the existing Authentication Plugin endpoints, with this Authentication Plugin endpoint were deprecated as of 17.5.0. Support for this plugin would be removed in 18.1 (scheduled to be release in January 2018). Plugin developers are encouraged to migrate their plugins to use the new Authorization Plugins.

  Authentication plugins

  • Google OAuth Login

  • GitHub OAuth Login

  • GitLab(CE) OAuth Login

  • TLS Client Certificates Login

  • Strong Auth Plugin

  • Guest Login

Contributors

Ankit Srivastava, Aravind SV, Bhupendrakumar Piprava, Drew Sonne, Jyoti Singh, Kerry Wilson, Ketan Padegaonkar, Lubaina R, Mahesh Panchaksharaiah, Naveen Bhaskar, Rajiesh N, Sean Escriva, Stephen Murby, Varsha Varadarajan

Security researchers

https://hackerone.com/gocd/thanks

Note

A more comprehensive list of changes for this release can be found here.

Have ideas and want to contribute? Need some help getting started? Search the archives in the GoCD mailing list.

Found a security issue that needs fixing? Please report it to https://hackerone.com/gocd

Important

There has been a critical security vulnerability identified with this release, fixes for the same have been provided in 17.7.0. If you are on 17.5.0, please upgrade immediately to 17.7.0 to keep your GoCD sever and agent secure.

Authorization Plugin

Authorization Plugin extension was released as beta in GoCD 17.2.0, over the last couple of releases there has been more work done around fine tuning the endpoint. With this release we are taking the Authorization Plugin endpoint out of beta.

Action required: Early adopters of this extension will have to update their plugins to handle the updated API calls before upgrading GoCD. Refer to the Authorization Plugin Endpoint documentation for the latest changes.

The built-in LDAP and password file based authentication mechanisms have been deprecated and disabled in favor of separate plugins which implement the new Authorization Plugin extensions. The new plugins provide more functionality, with the benefit of allowing users to customize the behavior of these plugins. These plugins are bundled with the GoCD server, so no action will be required from users. Existing passwordFile and ldap configuration would be migrated to make use of these plugins.

• LDAP/AD authentication plugin

  The bundled LDAP/AD authentication plugin will now allow users to connect to and authenticate with multiple LDAP/AD servers in their organizations. Early adopters of this plugin using the experimental build will have to make changes to their config. Refer to the plugin changelog to see the changes between experimental release to latest stable release.

• Password File Authentication Plugin

  The bundled Password File Authentication Plugin currently supports only SHA1 hashed passwords, but support for other hashing functions is on its way.

There are 2 new sets of pages that allows configuring the authorization plugins and mapping of GoCD roles to users.

API Enhancements

• Introduced a current user API that allows the logged in user to manage their profile.
• Introduced a notification filters API that allows the logged in user to manage their email notification subscriptions.
• Introduced a authorization configuration API that allows admins to configure Authorization plugins.
• Introduced a roles API that allows admins to manage user roles.

Bug Fixes

• 9cec83f - Stop very large file systems (EFS) from being identified as having no space. (#3426)

  Large filesystems like EFS, have an amount of storage that exceeds what can be addressed with a java long type (263-1). Any storage space greater than 263-1, will be shown to be 263-1.

• 2b06534 - Pipeline not getting unlocked upon a successful run. (#3497)

  Fixed a issue of pipelines not getting unlocked even upon a successful run of the last stage during a race condition.

• 26bfeab - Avoid catastrophic regex backtracking during config save. (#3551)

  Fixed an issue to avoid catastrophic regex backtracking during xsd validation of custom task command.

• 2a21e7c - Using UTF-8 to read console to fix encoding issue. (#3486)

• e89fdb6 - CCTray permission bug fix. (#3516)

  Allow users to see all pipelines in CCTray when no global superadmins are setup to make the behavior consistent with dashboard.

Breaking Changes

• bd64d11 - Removed Templates API v2. (#3441)

  Version 2 of the Templates API was deprecated in 17.1. Version 3 of the API is available, and users are encouraged to use it.

Deprecations

Features that become superseded or irrelevant become deprecated, and are scheduled to be removed in some timeframe.

The following features have been deprecated. Please note the timeframe of when they will be removed.

• Support for in-built password file and LDAP/AD authentication have been deprecated as of this release. Support for these authentication mechanisms would be removed in 17.9 release (scheduled to be released in September 2017).

• As of release 17.3, version 1 of the Environment Config API was deprecated. This version of the API will be removed in 17.6 release (scheduled to be released in June 2017). Version 2 of the API is available, and users are encouraged to use it.

• The Authorization Plugin endpoints were introduced as an extension to the existing Authentication Plugin endpoints, with this we are deprecating the Authentication Plugin endpoint. Support for this plugin would be removed in 18.1 (scheduled to be release in January 2018). Plugin developers are encouraged to migrate their plugins to use the new Authorization Plugins.

  Authentication plugins

  • Google OAuth Login

  • GitHub OAuth Login

  • GitLab(CE) OAuth Login

  • TLS Client Certificates Login

  • Strong Auth Plugin

  • Guest Login

Contributors

Ankit Srivastava, Aravind SV, Badri J, Bhupendrakumar Piprava, Chris Northwood, David Rice, Emily Luke, Huimin Li, Isabelle Carter, Jen Marley, Jyoti Singh, Ketan Padegaonkar, Kiera Radman, Kyle Olivo, Louda Peña, Lubaina R, Mahesh Panchaksharaiah, Marques Lee, Rajiesh N, Suzie Prince, Varsha Varadarajan

Note

A more comprehensive list of changes for this release can be found here.

Have ideas and want to contribute? Need some help getting started? Search the archives in the GoCD mailing list.

Found a security issue that needs fixing? Please report it to https://hackerone.com/gocd

UI Enhancements

• d6d59fb - Enhanced console log view with an option to expand/collapse outputs of comamnds. (#3199)

  

• a4d669c - Full screen mode for console logs. (#3293)

  

• 8bcc3c7 - Add toggles to timestamps. (#3199)

  

• f4a3b07 - Job run history dropdown. (#3299)

  

• 87b223c - Errors/warnings box in the header. (#3378)

  

• b9e1c20 - Colored border to bottom of job details header. (#3408)

  

Authorization Plugin (Beta)

There has been more work done around fine tuning the Authorization Plugin endpoints, as part of this some of the plugin API calls have changed. Action required: Early adopters of this extension will have to update their plugins to handle the updated API calls before upgrading Go. Refer Authorization Plugin Endpoint documentation for the latest changes.

• eddecb7 - Verify Connection API response has status, message and errors. (#3395)

Performance Improvements

• 11f19db - Moving pipeline state to a separate table which for now contains locked information about the pipeline. Read locks is held only if we are loading the state from db. (#3204)

Other Improvements

• 0ac7678 - Displaying pipeline schedule time as localtime on dashboard, environments page and pipeline-history page. Users can hover over it to see timezone information. (#3417)
• d13f81a - Switch agent-bootstrapper to use the new logging mechanism. The bootstrapper now has its own agent-bootstrapper-log4j.properties file under the config directory. (#3267)
• 567820c - Switch agent-launcher to use the new logging mechanism. The launcher now has its own agent-launcher-log4j.properties file under the config directory.
• b1af25f - Display plugin name instead of plugin id in the dropdown in the elastic agent profiles page. (#3324)

Bug Fixes

• ba510ad - Server now checks if the elastic agent is brought up by the same plugin as was expected by the scheduled elastic job during assignment. (#3418)
• b0f4359 - Handle pluggable task view when task plugin is missing. (#3320)
• 404002e - Render the elastic agent icon only if the plugin info exists for the elastic agent. (#3314)

Security Fixes

• 51de8bc - Encrypting secure variables for Elastic Agent plugin settings. (#3356)

Breaking Changes

• #3267 - On GoCD agents installed on windows or if using the zip installers, logs will now be written to logs directory instead of the working directory. This would be a breaking change only if there are custom scripts relying on the logs location.

Deprecations

Features that become superseded or irrelevant become deprecated, and are scheduled to be removed in some timeframe.

The following features have been deprecated, along with the timeframe when they will be removed.

• As of release 17.1, version 2 of the Templates API was deprecated. This version of the API will be removed in 17.5 release (scheduled to be released in April 2017). Version 3 of the API is available, and users are encouraged to use it.

• As of release 17.3, version 1 of the Environment Config API was deprecated. This version of the API will be removed in 17.6 release (scheduled to be released in June 2017). Version 2 of the API is available, and users are encouraged to use it.

Docker Images and AMIs

• The GoCD server docker image is now alpine based with support for volume mounts.
  • To find out what changed in the docker server image, please refer to the changelog.
• You can download the docker images for GoCD agents across the following operating systems - CentOS 6 & 7 , Debian 7 & 8, Ubuntu 12.04, 14.04 & 16.04
  • To find out what changed in the docker agent images, please refer to the changelog.
• We have an Amazon Linux based AMI for the GoCD Server making it very simple to launch GoCD server on your AWS EC2 instance.
• We have an Amazon Linux based AMI for a demo GoCD Server and Agent making it very simple to get started with GoCD on your AWS EC2 instance.

Feedback is appreciated. Please log your feedback or issues on github for the following -

• GoCD Server - https://github.com/gocd/docker-gocd-server
• GoCD Agent - https://github.com/gocd/docker-gocd-agent
• GoCD AMI - https://github.com/gocd/gocd-cloud

Contributors

Ankit Srivastava, Aravind SV, Badri Janakiraman, Bhupendrakumar Piprava, Ganesh S Patil, Isabelle Carter, Jyoti Singh, Ketan Padegaonkar, Kiera Radman, Lubaina R, Mahesh Panchaksharaiah, Markandan R, Marques Lee, Rajiesh N, Suzie Prince, Varsha Varadarajan

Security researchers

https://hackerone.com/gocd/thanks

Note

A more comprehensive list of changes for this release can be found here.

Have ideas and want to contribute? Need some help getting started? We're here to help. Reach out to us.

Found a security issue that needs fixing? Please report it to https://hackerone.com/gocd

UI Enhancements

• 320f223 - Enhanched job/stage status accessibility with addition of symbols to signify stage and job statuses. (#3233)

  

• cfc778e - Build status indicator moved from build summary to breadcrumb toolbar. (#3270)

  

• 5478a54 - Agents page improvement for better identification of elastic agents by addition of icon related to the type of agent in use. (#3276)

  

API Enhancements

6986dcc - Added v2 of Environment Config API with support to PATCH environment-variables. (#3080)

Authorization Plugin (Beta)

There has been more work done around fine tuning the Authorization Plugin endpoints, as part of this some of the plugin API calls have changed. Action required: Early adopters of this extension will have to update their plugins to handle the updated API calls before upgrading Go. Refer Authorization Plugin Endpoint documentation for the latest changes.

Other Improvements

• 262c107 - Pipeline Quick Edit, disable edit until save completes. (#3266)

Bug Fixes

• 8224568 - This fixes 17.2.0 upgrade failures in cases where cruise_config xml had encrypted values with spaces. (#3244)
• 4db0550 - Agents page retain sort order across page refresh. (#3226)
• 73e0292 - Elastic Agents, fixed reduntant agent creation calls to the plugin. (#3193)
• 5d75f45 - Agents page memory leak fix. (#3217)

Breaking Changes

• On GoCD servers installed on windows or if using the zip installers, logs will now be written to logs directory instead of the working directory. This would be a breaking change only if there are custom scripts relying on the logs location.
• The gocd/gocd-server docker image now uses alpine as the base image.
• The gocd/gocd-server docker image no longer recognizes the latest tag. Please use docker pull gocd/gocd-server:v17.3.0 instead.
• The gocd/gocd-agent docker image no longer exists. We have a variety of agent images for different distributions.

Deprecations

Features that become superseded or irrelevant become deprecated, and are scheduled to be removed in some timeframe.

The following features have been deprecated, along with the timeframe when they will be removed.

• As of release 17.1, version 2 of the Templates API was deprecated. This version of the API will be removed in 17.4 release (scheduled to be released in April 2017). Version 3 of the API is available, and users are encouraged to use it.

• As of release 17.3, version 1 of the Environment Config API is deprecated. This version of the API will be removed in 17.6 release (scheduled to be released in June 2017). Version 2 of the API is available, and users are encouraged to use it.

Docker Images and AMIs

• The GoCD server docker image is now alpine based with support for volume mounts, with this going forward there will be no more support for phusion based images.
• You can download the docker images for GoCD agents across the following operating systems - CentOS 6 & 7 , Debian 7 & 8, Ubuntu 12.04, 14.04 & 16.04
• We have also introduced an Amazon Linux based AMI for the GoCD Server making it very simple to launch GoCD server on your AWS EC2 instance.

Feedback is appreciated. Please log your feedback or issues on github for the following -

• GoCD Server - https://github.com/gocd/docker-gocd-server
• GoCD Agent - https://github.com/gocd/docker-gocd-agent
• GoCD AMI - https://github.com/gocd/gocd-cloud

Contributors

Ankit Srivastava, Aravind SV, Barrow KwanBhupendrakumar Piprava, Etienne Dysli Metref, Ganesh S Patil, Isabelle Carter, Junaid Shah, Jyoti Singh, Karel Bemelmans, Ketan Padegaonkar, Kiera Radman, Kyle Olivo, Lubaina R, Mahesh Panchaksharaiah, Marques Lee, Naveen Bhaskar, Rajiesh Narayanan, Varsha Varadarajan

Security researchers

https://hackerone.com/gocd/thanks

Note

A more comprehensive list of changes for this release can be found here.

Have ideas and want to contribute? Need some help getting started? We're here to help. Reach out to us.

Found a security issue that needs fixing? Please report it to https://hackerone.com/gocd

Authorization Plugin Endpoint (beta)

GoCD currently supports password-file, LDAP and plugin based authentication.

In addition to authentication, GoCD offers authorization by restricting certain operations to specific users and groups of users ("roles").

Without the use of authorization plugins, roles can only be managed through GoCD and it does not provide an ability to use roles defined in systems used for authentication (for example in LDAP groups). With this limitation, administrators need to configure roles in multiples places.

The introduction of the authorization plugin endpoint (Beta) allows GoCD to delegate both authentication and authorization of users to plugins. The plugins will have the flexibility to use any identity service providers like LDAP, Google, GitHub etc.

Authorization Plugin Endpoint (beta) documentation is available. We have built LDAP Authentication plugin using the Authorization Plugin Endpoint, this plugin supports only authentication. We would recommend developers to write plugins which support both authentication and authorization and provide us feedback to enhance this endpoint.

Feature Enhancements

• c088435 - Template Authorization UI and API enhancements.

  • All pipeline group admins by default provided view permission to templates. Super admin can restrict this access.
  • Super admin can provide template view access to users/roles.
  • Allow template admins to delete templates via UI and API

  

Other Improvements

• 3b9f54b - Go server/agent services do not get started on a new installation for debian and rpm based installations in order to allow users to make configuration changes before starting them up. (#3119)

Bug Fixes

• 7ddf84e - User search functionality - Search through plugins implementing AuthenticationExtension. (#3107)
• ad1a118 - Sort resources and environments alphabetically on agents page selector dropdown. (#3134)
• Multiple UI fixes on the old and new themes.

Security Fixes

• a837fc0 - Ensures passwords in git or hg material url's is masked before logging or using in server health message. (#3171)

Breaking changes

• 8f88269 - Removed support for API based plugins. (#3102)

  Below is the list of plugins that will stop working in 17.2.0

  Package plugins

  • Maven (Nexus) repository poller
  • Docker Registry Poller - 1
  • Docker Registry Poller - 2
  • Puppet Forge repository poller

  Task plugins

  • MSBuild Task
  • XUnit Converter
  • Publish to S3
  • Fetch from S3
  • Powershell Task
  • RapidDeploy Package Builder
  • RapidDeploy Job Runner
  • Maven Task Plugin
  • Publish to Artifactory

• a6f1fac - Removed Pipeline Config API V2. (#3174)

  As of release 16.12, version 2 of the Pipeline Config API was deprecated. Version 3 of the API is available going forward. Users are encouraged to use it.

• 5a208ba - Removed Plugin Info API V1. (#3143)

  As of release 16.12, version 1 of the Plugin Info API was deprecated. Version 2 of the API is available going forward. Users are encouraged to use it.

• Stopped support for git versions older than 1.9.

  As of release 16.12, git versions older than 1.9 were deprecated. Users are recommended to upgrade git on the GoCD server and agents (if git is used as a material). We are aware that the linux distributions have an older version of git installed by default. Please refer to this to upgrade git.

Deprecations

Features that become superseded or irrelevant become deprecated, and are scheduled to be removed in some timeframe.

The following features have been deprecated, along with the timeframe when they will be removed.

• As of release 17.1, version 2 of the Templates API was deprecated. This version of the API will be removed in 17.4 release (scheduled to be released in April 2017). Version 3 of the API is available, and users are encouraged to use it.

Contributors

Aravind SV, Bhupendrakumar Piprava, Dmitry Ledentsov, Ganesh S Patil, Isabelle Carter, Jyoti Singh, Ketan Padegaonkar, Kyle Olivo, Lubaina R, Mahesh Panchaksharaiah, Markandan R, NaveenBhaskar, Rajiesh Narayanan, Stephen Gran, Sumanth Kumar Mora, Varsha Varadarajan, cnenning

Security researchers

https://hackerone.com/gocd/thanks

Note

A more comprehensive list of changes for this release can be found here.

Have ideas and want to contribute? Need some help getting started? We're here to help. Reach out to us.

Found a security issue that needs fixing? Please report it to https://hackerone.com/gocd

Performance Improvement

• 2ae7fdb - Full config save optimization. (#2912)

  Optimization to full config save through UI and API to give significant improvements in the config save time. Our performance runs show full config save times reduced by half.

API Enhancements

• 467cf5f - Encryption API to encrypt plain text. (#3031)
• 2789aa8 - Allow template admin to view and edit templates via API. (#2967)

Plugin enhancements

• 3c001b1 - V2 of Notification endpoint. (#3030)

Other Improvements

• c094e90 - Added environment variables to the server api page. (#3073)
• 0802c7e - Added CPU time in api/support for the threads. (#3006)
• c749c47 - Added a link to pipeline settings in the pipeline history page. (#2939)

Bug Fixes

• Multiple UI fixes and tweaks on the new theme that was introduced in 16.12.
• e9611f8 - Refresh ElasticAgent-OperatingSystem and ElasticAgent-UsableSpace while initializing the runtimeInfo. (#3078)
• b66bddc - Refactor agent controller to switch between http and websockets. (#2864)
• c26f118 - Mask password entered for materials of type svn, tfs, perforce. (#2937)
• 4b684ee - Provide template admin authorization to users within a role. (#2989)
• df85694 - Additional validations for templates API. (#3035)

Breaking changes

• 920b7ee - Removed support for Java 7.

  Starting with the 17.1 release of GoCD, Server and Agents will only run with Java 8. Users are encouraged to upgrade to the latest release of GoCD with Java 8.

  Windows installations of GoCD need not install Java 8 separately since the Windows installer comes bundled with a JRE. However this may require users to upgrade the agent installer on Windows.

  If you have trouble while upgrading to Go version 17.1, please take a look at the troubleshooting page in the documentation.

• 7a48c1a - Removed GoCD OpenSocial Gadget (Card activity tab) and Pipeline Dashboard Widget in Mingle. (#1908)

  As of release 16.12, the OpenSocial gadgets was deprecated. This feature is now removed because of a couple of reasons — (a) there's not enough evidence of many users using this feature in a way that'll impact their usage of GoCD (b) the underlying implementation framework (Apache Shindig) hasn't been maintained for quite some time and contained several security vulnerabilities.

• 7274d23 - Removed Version 2 and 3 of the Agents API. (#2984)

  As of release 16.12, version 2 and version 3 of the Agents API was deprecated. Version 2 of Agents API was introduced in 15.3.0 and version 3 of the API was introduced in 16.8. These versions of the API have been removed in favor of version 4 of this API. This API is backward compatible, and users are encouraged to use it.

• 1e48c42 - Removed Templates API Version 1.

  As of release 16.11, version 1 of the Templates API was deprecated. Users are encouraged to use Version 3 of the API which is backward compatible with Version 1.

• f2ac6b1 - Removed support for text based API support log. (#2975)

• da61c2b - Removed old Agents page. (#3015)

Deprecations

The following features have been deprecated, along with the timeframe when they will be removed.

• As of release 16.12, git versions older than 1.9 are deprecated. Support for git versions older than 1.9 will be stopped in 17.2 (scheduled to be released in February 2017). Users are recommended to upgrade git on the GoCD server and agents (if git is used as a material). We are aware that the linux distributions have an older version of git installed by default. Please refer to this to upgrade git.
• As of release 16.12, version 1 of the Plugin Info API is deprecated. This version of the API will be removed in 17.2 release (scheduled to be released in Feb 2017). Version 2 of the API is available, and users are encouraged to use it.
• As of release 17.1, version 2 of the Templates API is deprecated. This version of the API will be removed in 17.4 release (scheduled to be released in April 2017). Version 3 of the API is available, and users are encouraged to use it.
• As of release 16.12, version 2 of the Pipeline Config API is deprecated. This version of the API will be removed in 17.2 release (scheduled to be released in Feb 2017). Version 3 of this API is backward compatible, and users are encouraged to use it.

• As of release 16.7, Java API based Go Plugins have been deprecated. Support for running these plugins will be removed in 17.2 (scheduled to be released in February 2017). Plugin developers are encouraged to upgrade their plugins to use JSON message based plugin API. to build plugins.

  Below is the list of plugins that will stop working in 17.2.

  Note: The GoCD team has built a shim that allows migration of all plugins with minimal change. We are actively working with plugin authors to ensure that these plugins are migrated over in time for 17.2.

  Package plugins

  • Maven (Nexus) repository poller
  • Docker Registry Poller - 1
  • Docker Registry Poller - 2
  • Puppet Forge repository poller
  • Debian repository poller

  Task plugins

  • MSBuild Task
  • XUnit Converter
  • Publish to S3
  • Fetch from S3
  • Powershell Task
  • RapidDeploy Package Builder
  • RapidDeploy Job Runner
  • Maven Task Plugin
  • Publish to Artifactory

Contributors

Alison Polton-Simon, Aravind SV, Bhupendrakumar Piprava, Ganesh S Patil, Jyoti Singh, Ketan Padegaonkar, Mahesh Panchaksharaiah, Markandan R, Naveen Bhaskar, Padma Mullagiri, Rajiesh Narayanan, Sallie Walecka, Sumanth Kumar Mora, Tomasz Setkowski, Varsha Varadarajan, Zabil Cheriya Maliackal

Security researchers

https://hackerone.com/gocd/thanks

Note

A more comprehensive list of changes for this release can be found here.

Have ideas and want to contribute? Need some help getting started? We're here to help. Reach out to us.

Found a security issue that needs fixing? Please report it to https://hackerone.com/gocd

UI Refresh

The entire application has been refreshed to sport a flat look.

If you have feedback or issues with the new look please log them at GitHub.

Agents Page

A brand new snappy and light-weight replacement for viewing and managing agents!

The old page is still available as a toggle. If you have feedback or issues with the new agents page please log them at GitHub.

Elastic Agents

Elastic agents is now a fully supported feature in GoCD.

To be able to use elastic agents, you should install an existing elastic-agent plugin, or write your own. Once the plugin is installed you must configure an "elastic agent profile" that you can associate with the jobs that require elastic agents.

TFS Upgrade

We have upgraded to TEE SDK 14.0.3. Users will now be able to use GoCD with TFS 2012, 2013, 2015 and Visual Studio Team Services. Please file an issue if you're having issues connecting to TFS repositories. Earlier versions of TFS are no longer supported and may not work.

Pipeline Edit Link

Users can now directly navigate to the pipeline settings page from the stage and job detail page.

API Enhancements

• 8952af2 - API to manage packages.
• e599a23 - API to manage package repositories.
• 9aabf48 - Introduced version 2 of Plugin Info API to provide complete metadata for plugin type package-repository and icons for plugins that provide it.

Other Improvements

• fddc9fe - Improve performance of downloading of agent jars on a server upgrade. (#2813)
• 5387e21 - Handling cleanup of agent and launcher jars from previous version of agent during an upgrade. (#2789)

• b97b635 - Generate additional windows installers to be able to package 32 bit and 64 bit JRE.

  There are two flavors of Server and Agent installers for Windows, one packaged with 64 bit JRE and the other with 32 bit JRE. 32-bit JREs only allow up-to 2GB of memory. Because large GoCD servers usually need more than 2GB of heap size, we recommend using a Server with 64 bit JRE. Agents should continue to use 32 bit JRE unless required.

• b763d31 - Generate SHA-256 webserver certs instead of SHA-1. (#2842)

  The self-signed web-server certificate that GoCD generates is now a SHA-256 certificate instead of a SHA-1 certificate. SHA1 certificates have been deprecated by most browser vendors and users will start to see a warning in their browsers.

  Any new installations of GoCD will generate a SHA-256 certificate. For existing installations, users should remove the file config/keystore to allow GoCD to regenerate a new server certificate. Depending on your end-to-end transport security settings you may need to configure the -rootCertFile argument to the GoCD agent.

Bug Fixes

• b34da2d - Bug fixes to ensure that git gc on the config repository works as expected.
• a34c6dc - Allow dots in the repository and package id. (#2844)
• Miscellaneous fixes to the new quick edit and agents pages.

Library upgrades

• 4aa1c56 - Bump JRuby to 1.7.26 from 1.7.11.
• f4bce94 - Upgrading JGit to 4.5.0.201609210915-r.

Breaking changes

• 5052154 - Removed Pipeline Config API V1. This API was deprecated since 16.7 and has been replaced with version 3. Version 3 of the API is available, and users are encouraged to use it.

• Microsoft Internet Explorer versions older than 11 are no longer supported. Please use IE 11 or higher. Microsoft Edge is recommended.

Deprecations

Features that become superseded or irrelevant become deprecated, and are scheduled to be removed in some timeframe.

The following features have been deprecated, along with the timeframe when they will be removed.

• We shall be stopping support for git versions older than 1.9 in three months time (Feb 2017). Users are recommended to upgrade git on the GoCD server and agents (if git is used as a material). We are aware that the linux distributions have an older version of git installed by default. Please refer to this to upgrade git.
• The GoCD api support page http://your-server:8153/go/api/support supports JSON and plain-text outputs. JSON has been the default since release 16.6. We will be removing the plain-text output in release 17.1 (scheduled to be released in Jan 2017). It is much simpler to consume the JSON output than the plain-text output.
• As of release 16.12, the OpenSocial gadgets have been deprecated. This feature will be removed in 17.1 (scheduled to be released in Jan 2017). This has been done for a few of reasons — (a) there's not enough evidence of many users using this feature in a way that'll impact their usage of GoCD (b) the underlying implementation framework (Apache Shindig) hasn't been maintained for quite some time and contain several security vulnerabilities.
• As of release 16.12, version 1 of the Plugin Info API is deprecated. This version of the API will be removed in 17.2 release (scheduled to be released in Feb 2017). Version 2 of the API is available, and users are encouraged to use it.
• As of release 16.11, version 1 of the Templates API is deprecated. This version of the API will be removed in 17.1 release (scheduled to be released in Jan 2017). Version 2 of the API is available, and users are encouraged to use it.
• As of release 16.12, version 2 and version 3 of the Agents API is deprecated. Version 2 of Agents API was introduced in 15.3.0 and version 3 of the API was introduced in 16.8. These versions of the API will be removed in 17.1 release (scheduled to be released in Jan 2017). Version 4 of this API is backward compatible, and users are encouraged to use it.
• As of release 16.5, Java 7 support was deprecated. Java 7 support will be removed in 17.1 release (scheduled to be released in January 2017). GoCD works great with Java 8, and users are encouraged to use it.
• As of release 16.12, version 2 of the Pipeline Config API is deprecated. This version of the API will be removed in 17.2 release (scheduled to be released in Feb 2017). Version 3 of this API is backward compatible, and users are encouraged to use it.

• As of release 16.7, Java API based Go Plugins have been deprecated. Support for running these plugins will be removed in 17.1 (scheduled to be released in January 2017). Plugin developers are encouraged to upgrade their plugins to use JSON message based plugin API. to build plugins.

  Below is the list of plugins that will stop working in 17.1.

  Note: The GoCD team has built a shim that allows migration of all plugins with minimal change. We are actively working with plugin authors to ensure that these plugins are migrated over in time for 17.1.

  Package plugins

  • Maven (Nexus) repository poller [PR submitted]
  • Docker Registry Poller - 1
  • Docker Registry Poller - 2
  • Puppet Forge repository poller [PR submitted]
  • Debian repository poller [PR submitted]
  • Cloud Foundry poller [PR submitted]
  • Nuget repository poller [Rewritten - New release available]
  • Generic Artifactory poller [New release available]
  • NPM repository poller [New release available]

  Task plugins

  • MSBuild Task
  • XUnit Converter
  • Publish to S3
  • Fetch from S3
  • Powershell Task
  • RapidDeploy Package Builder
  • RapidDeploy Job Runner
  • Maven Task Plugin
  • Publish to Artifactory

Contributors

Alison Polton-Simon, Aravind SV, Bhupendrakumar Piprava, ByteFlinger, Ganesh S Patil, Jyoti Singh, Ketan Padegaonkar, Mahesh Panchaksharaiah, Markandan R, Naveen Bhaskar, Padma Mullagiri, Rajiesh Narayanan, Sallie Walecka, Sumanth Kumar Mora, Tomasz Setkowski, Varsha Varadarajan, Walmyr (wlsf82 on GitHub), Zabil Cheriya Maliackal

Security researchers

https://hackerone.com/gocd/thanks

Note

A more comprehensive list of changes for this release can be found here.

Have ideas and want to contribute? Need some help getting started? Search the archives in the GoCD mailing list.

Found a security issue that needs fixing? Please report it to https://hackerone.com/gocd

API enhancements

fb24522 - Added new API to manage elastic agent profiles.

Quick Edit (Beta) Changes/Fixes

1a345c0 - Working directory validation on the new pipeline config page.

e116274 - Added tooltip for material filter input.

761b411 - Show server side timer validation on new pipeline config page.

Bug fixes

ec51570 - Do not raise an exception when duplicate modifications are seen in the database.

40999af - Improve handling of weak etags with deflate.

c69c1c4 - Having fixed-delay does not honour the git gc cron.

4509fe7 - Fixing VSM show more link.

e3d3360 - Allow pipeline group admins to create or update SCMs.

d646cfc - Added a blank check for build tasks' attributes.

5a54b2b - Change current directory of agent's batch file in windows 8.

008f4f4 - Fix the checkbox to allow known users to login in server configuration page.

e49cac1 - Handling empty responses from package material plugins.

Breaking changes

No breaking changes in this release.

Deprecations

Features that become superseded or irrelevant become deprecated, and are scheduled to be removed in some timeframe.

The following features have been deprecated, along with the timeframe when they will be removed

• As of release 16.11, version 1 of the Templates API is deprecated. This version of the API will be removed in 17.1 release (scheduled to be released in January 2017). Version 2 of the API is available, and users are encouraged to use it.

• As of release 16.5, Java 7 support was deprecated. Java 7 support will be removed in 17.1 release (scheduled to be released in January 2017). GoCD works great with Java 8, and users are encouraged to use it.

• As of release 16.7, version 1 of the Pipeline Config API was deprecated. This version of the API will be removed in 16.10 release (scheduled to be released in Oct 2016). Version 2 of this API is backward compatible, and users are encouraged to use it.

• As of release 16.7, Java API based Go Plugins have been deprecated. Support for running these plugins will be removed in 17.1 (scheduled to be released in January 2017). Plugin developers are encouraged to upgrade their plugins to use JSON message based plugin API. to build plugins.

  Below is the list of plugins that will stop working in 17.1, unless those changes are made.

  Package plugins

  • Maven (Nexus) repository poller

  • Docker Registry Poller - 1

  • Docker Registry Poller - 2

  • Puppet Forge repository poller

  • Debian repository poller

  • Cloud Foundry poller

  • Nuget repository poller

  • Generic Artifactory poller

  • NPM repository poller

  Task plugins

  • MSBuild Task

  • XUnit Converter

  • Publish to S3

  • Fetch from S3

  • Powershell Task

  • RapidDeploy Package Builder

  • RapidDeploy Job Runner

  • Maven Task Plugin

  • Publish to Artifactory

Contributors

Alison Polton-Simon, Aravind SV, ByteFlinger, Ganesh S Patil, Ketan Padegaonkar, Mahesh Panchaksharaiah, Naveen Bhaskar, Rajiesh Narayanan, Sallie Walecka, Sumanth Kumar Mora, Tomasz Sętkowski, Varsha Varadarajan, Zabil Cheriya Maliackal

Security researchers

Note

A more comprehensive list of changes for this release can be found here.

Have ideas and want to contribute? Need some help getting started? Search the archives in the GoCD mailing list.

Found a security issue that needs fixing? Please report it to https://hackerone.com/gocd

Agents page (Beta)

This is a new page for managing agents, which should feel a lot more light weight and snappier than the existing agents page.

We would really appreciate your feedback to make this page better. If you notice any issues or bugs with this page, please submit a bug report on GitHub

How do I use this?

Click on the "Check out the new agents page" on the agents page that you're familiar with.

Known issues

#2735 - Agents Bulk update API: Enabling a pending agent returns 400 bad request

Improvements

53d0d42 - Show details about linux distribution flavors and versions. (#2608)

cc69476 - Filter for pipeline history view. (#2391)

API enhancements

687d454 - Added new API to manage pipeline templates. (#2233)

f8ab50a - Added PATCH support for environments update API, this will allow you to specify pipelines and agents that should be added and/or removed in a single API call.

09c864e - Added Agents API V4. This adds a 'build_details' property with relevant links to the job that is currently building on the agent.

Bug fixes

2d8ec07 - Spaces are not trimmed from environment variables. (#1411)

845ee9b - Tweak the agent registration protocol a bit. (#2558)

ee9cdae - Escape the jar URL to allow symbols such as # (needed when running GoCD on Mesos).

Security fixes

1f2a189 - Do not display the value of secure environment variable in templates view. (#2652)

Performance improvements

53ab276 - Removed an extra post merge validation. (#2594)

Breaking changes

No breaking changes in this release

Deprecations

Features that become superseded or irrelevant become deprecated, and are scheduled to be removed in some timeframe.

The following features have been deprecated, along with the timeframe when they will be removed

• As of release 16.5, Java 7 support was deprecated. Java 7 support will be removed in 17.1 release (scheduled to be released in January 2017). GoCD works great with Java 8, and users are encouraged to use it.

• As of release 16.7, version 1 of the Pipeline Config API was deprecated. This version of the API will be removed in 16.10 release (scheduled to be released in Oct 2016). Version 2 of this API is backward compatible, and users are encouraged to use it.

• As of release 16.7, Java API based Go Plugins have been deprecated. Support for running these plugins will be removed in 17.1 (scheduled to be released in January 2017). Plugin developers are encouraged to upgrade their plugins to use JSON message based plugin API. to build plugins.

  Below is the list of plugins that will stop working in 17.1, unless those changes are made.

  Package plugins

  • Maven (Nexus) repository poller

  • Docker Registry Poller - 1

  • Docker Registry Poller - 2

  • Puppet Forge repository poller

  • Debian repository poller

  • Cloud Foundry poller

  • Nuget repository poller

  • Generic Artifactory poller

  • NPM repository poller

  Task plugins

  • MSBuild Task

  • XUnit Converter

  • Publish to S3

  • Fetch from S3

  • Powershell Task

  • RapidDeploy Package Builder

  • RapidDeploy Job Runner

  • Maven Task Plugin

  • Publish to Artifactory

Contributors

Aravind SV, Ganesh S Patil, Juhi Jariwala, Ketan Padegaonkar, Mahesh Panchaksharaiah, Matt Devlin (Mdevlin4 on GitHub), Sumanth Kumar Mora, Naveen Bhaskar, Rajiesh Narayanan, Tim Anderegg, Tomasz Sętkowski, Varsha Varadarajan, Venkata Jaswanth, Zabil Cheriya Maliackal

Security researchers

Note

A more comprehensive list of changes for this release can be found here.

Have ideas and want to contribute? Need some help getting started? Search the archives in the GoCD mailing list.

Found a security issue that needs fixing? Please report it to https://hackerone.com/gocd

Quick Edit (Beta)

Currently, editing a pipeline means navigating through multiple pages (and page refreshes), for modifying stages, jobs with tabs for options and environment variables, etc. Quick edit to make it smoother.

With this feature, you can change a pipeline's materials/stages/jobs/tasks simultaneously and update it as single operation. This feature also uses the new pipeline config API to make your configuration changes quicker.

Click on "Quick Edit" button on the pipeline edit page.

Click on "Normal Edit" button to get back to old edit page.

We are working on adding few missing features like:

• Package materials (like yum, maven, artifactory plugins)

• Pipeline template editing, pipelines that use templates can only update Pipeline Settings and Materials

Missing API validation for a few attributes, they are tracked below:

• Pipeline Config API: Stage operate permission user not validated (#2629)

• Pipeline Config API: Validation missing for parameter name used in the custom task argument (#2628)

• Missing validation errors on pipeline_config API (#2553)

We really appreciate your feedback to make this page better.

Going forward, once all the features are in, we plan to use this page as the default view for modifying configuration.

Submit your feedback by creating github issue at https://github.com/gocd/gocd/issues

API Enhancements

d662685 - Provided Git and git-gc stats in the support api. (#2578)

Library upgrades

973cbf2 - Upgraded jetty minor version to 9.2.18.v20160721.

74b8b47 - Upgraded logging jars.

Bug fixes

dc78601 - Added validation of the encryptedPassword attribute of password aware materials - SVN, P4, TFS.

Security Fixes

faa6a2a - Removed displaying url's from the not found page. (#2584)

ca7ff9c - Changed the package material check-connection request from GET to POST. (#2550)

Deprecations

Features that become superseded or irrelevant become deprecated, and are scheduled to be removed in some timeframe.

The following features have been deprecated, along with the timeframe when they will be removed

• As of release 16.5, Java 7 support was deprecated. Java 7 support will be removed in 17.1 release (scheduled to be released in January 2017). GoCD works great with Java 8, and users are encouraged to use it.

• As of release 16.7, version 1 of the Pipeline Config API was deprecated. This version of the API will be removed in 16.10 release (scheduled to be released in Oct 2016). Version 2 of this API is backward compatible, and users are encouraged to use it.

• As of release 16.7, Java API based Go Plugins have been deprecated. Support for running these plugins will be removed in 17.1 (scheduled to be released in January 2017). Plugin developers are encouraged to upgrade their plugins to use JSON message based plugin API. to build plugins.

  Below is the list of plugins that will stop working in 17.1.

  Package plugins

  • Maven (Nexus) repository poller

  • Docker Registry Poller - 1

  • Docker Registry Poller - 2

  • Puppet Forge repository poller

  • Debian repository poller

  • Cloud Foundry poller

  • Nuget repository poller

  • Generic Artifactory poller

  • NPM repository poller

  Task plugins

  • MSBuild Task

  • XUnit Converter

  • Publish to S3

  • Fetch from S3

  • Powershell Task

  • RapidDeploy Package Builder

  • RapidDeploy Job Runner

  • Maven Task Plugin

  • Publish to Artifactory

Contributors

Ganesh S Patil, Ketan Padegaonkar, Mahesh Panchaksharaiah, Naveen Bhaskar, Rajiesh Narayanan, Sumanth Kumar Mora, Tomasz Sętkowski, Varsha Varadarajan, Zabil Cheriya Maliackal

Security researchers

Note

A more comprehensive list of changes for this release can be found here.

Have ideas and want to contribute? Need some help getting started? Search the archives in the GoCD mailing list.

Found a security issue that needs fixing? Please report it to https://hackerone.com/gocd

Beta Feature - Elastic agents

The new extension point allows the gocd server (with the help of plugins) to spin up and shut down agents on demand. This extension point allows plugin developers to write plugins that allow GoCD to hook into and leverage various technologies like Docker, AWS, GCE, Kubernetes.

Developers can start building their own elastic agent plugins by forking the skeleton plugin and looking at a sample docker plugin as an example reference implementation. The plugin API documentation can be found here.

API Enhancements

ee281ec - Added v3 of agents API to render (read-only) elastic agent attributes.

Security Fixes

d8cd812 - Disallowed directory listing of certain folders on the GoCD server.

d05746b - Added a friendlier error message on failing to send test email.

fb32102 - Disallowed Plugin Interact endpoint for non Authentication Plugins.

4d871a6 - Add cache control and pragma header to login page.

Breaking Changes

e7bb87b - Added a custom header to the Create Backup API.

914974d - Added a custom header for the Create Artifact API.

Performance fixes

670df79 - Re-use SSL connections by specifying a user principal as part of all remoting connections.

4c472e1 - Used fixed delay instead rate execution of agent ping thread.

Deprecations

Features that become superseded or irrelevant become deprecated, and are scheduled to be removed in some timeframe.

The following features have been deprecated, along with the timeframe when they will be removed

• As of release 16.5, Java 7 support was deprecated. Java 7 support will be removed in 17.1 release (scheduled to be released in January 2017). GoCD works great with Java 8, and users are encouraged to use it.
• As of release 16.7, version 1 of the Pipeline Config API was deprecated. This version of the API will be removed in 16.10 release (scheduled to be released in Oct 2016). Version 2 of this API is backward compatible, and users are encouraged to use it.
• As of release 16.7, Java API based Go Plugins have been deprecated. Support for running these plugins will be removed in 17.1 (scheduled to be released in January 2017). Plugin developers are encouraged to upgrade their plugins to use JSON message based plugin API. to build plugins.

For GoCD developers

8806f6b - Added a vagrant file to allow local development and testing of GoCD.

Contributors

Aravind SV, Ganesh Patil, Jyoti Singh, Ken Mugrage, Ketan Padegaonkar, Mahesh Panchaksharaiah, Naveen Bhaskar, norcnorc, Rajiesh Narayanan, Sumanth M, Tomasz Setkowski, Varsha Varadarajan, Zabil Cheriya Maliackal

Security researchers

https://hackerone.com/gocd/thanks

Note

A more comprehensive list of changes for this release can be found here.

Have ideas and want to contribute? Need some help getting started? Search the archives in the GoCD mailing list.

Found a security issue that needs fixing? Please report it to https://hackerone.com/gocd

GoCD configuration under SCM (a.k.a Config repositories)

Manage pipeline configurations from one or more source-control repositories (think "git repository") and modify them externally. You can find more details about it here, and watch a quick demo of this feature here.

Known issues

Upgrading the agent to 16.7.0 before upgrading the server is known to cause issues. Users are advised to first upgrade the server to 16.7.0 before they upgrade the agent.

In case you are seeing issues with the agent not starting up after the upgrade, please see this comment.

Important bug fixes

3e88caf - Windows Installer fixes.

Improvements

b283b42 - Display the correct ip-address of agents running on virtualized instances or containers. (#1657)

API enhancements

34e05b6 - New API for viewing, creating and editing Pluggable SCMs. (#1508)

642d7f4 - New API for creating and editing environments. (#966)

79c7168 - New API for bulk updating agents. (#2340)

99e2707 - New API for viewing Plugin Information. (#1873)

d4a7639 - Support for updating whitelists using pipeline configuration API.

Security fixes

103340c - Upgraded all agent-server communication to use HTTPS by default. Read more about how to improve security of your GoCD setup.

3d2afad - Pluggable tasks secure configurations are encrypted before saving to xml configuration. (#903)

657feb3 - Added missing security headers on a few pages to activate web browser protection.

6909484 - Escaped the error message in the repositories page. (XSS).

Breaking changes

f58e900 - Removed Agents API v1, users should use version 2 of the. Agents API

5602048 - Removed old backup API, users should user version 1 of the. Backup API

Deprecations

Features that become superseded or irrelevant become deprecated, and are scheduled to be removed in some timeframe.

The following features have been deprecated, along with the timeframe when they will be removed

• As of release 16.5, Java 7 support was deprecated. Java 7 support will be removed in 17.1 release (scheduled to be released in January 2017). GoCD works great with Java 8, and users are encouraged to use it.
• As of release 16.7, version 1 of the Pipeline Config API was deprecated. This version of the API will be removed in 16.10 release (scheduled to be released in Oct 2016). Version 2 of this API is backward compatible, and users are encouraged to use it.
• As of release 16.7, Java API based Go Plugins have been deprecated. Support for running these plugins will be removed in 17.1 (scheduled to be released in January 2017). Plugin developers are encouraged to upgrade their plugins to use JSON message based plugin API. to build plugins.

  Below is the list of plugins that will stop working in 17.1.

  Package plugins

  • Maven (Nexus) repository poller
  • Docker Registry Poller - 1
  • Docker Registry Poller - 2
  • Puppet Forge repository poller
  • Debian repository poller
  • Cloud Foundry poller
  • Nuget repository poller
  • Generic Artifactory poller
  • NPM repository poller

  Task plugins

  • MSBuild Task
  • XUnit Converter
  • Publish to S3
  • Fetch from S3
  • Powershell Task
  • RapidDeploy Package Builder
  • RapidDeploy Job Runner
  • Maven Task Plugin
  • Publish to Artifactory

  Task plugins

  • MSBuild Task
  • XUnit Converter
  • Publish to S3
  • Fetch from S3
  • Powershell Task
  • RapidDeploy Package Builder
  • RapidDeploy Job Runner
  • Maven Task Plugin
  • Publish to Artifactory

For GoCD developers

d395806 - Migrated build scripts to Gradle.

Contributors

Aravind SV, adeshmukh-sf, Dominic Tootell, Ganesh Patil, Jyoti Singh, Ketan Padegaonkar, Mahesh Panchaksharaiah, norcnorc, Rajiesh Narayanan, Sumanth M, Ted Sheibar, Tomasz Sętkowski, Varsha Varadarajan, Venkata Jaswanth, Viktor Sadovnikov, Zabil Cheriya Maliackal

Security researchers

Note

A more comprehensive list of changes for this release can be found here.

Have ideas and want to contribute? Need some help getting started? Search the archives in the GoCD mailing list.

Found a security issue that needs fixing? Please report it to https://hackerone.com/gocd

Whitelist support for SCM materials

#2314 - Handling the triggering of a pipeline for monolithic repositories using a whitelist.

For example, in a repository 'baz' with folders/projects 'foo/bar' and 'foo/qux' one can trigger the pipeline only on changes to 'foo/bar' by configuring it as a whitelisted folder.

API Enhancements

#2240 - Added a URL endpoint to grab a snapshot of the GoCD config git repository. For example, backup the config repo 'config-repository' using:

git clone https://ci.example.com/go/api/config-repository.git

#2283 - Changed the existing API /api/support to return information in JSON format for easier parsing. This end point also returns more information to identify performance bottlenecks.

#2239 - Added a version API to get the version of Go server.

Performance Improvements

#2248 - Improved page load performance across the board.

Deprecations

Features that become superseded or irrelevant become deprecated, and are scheduled to be removed in some timeframe.

The following features have been deprecated, along with the timeframe when they will be removed

• As of release 16.5, Java 7 support was deprecated. Java 7 support will be removed in 17.1 release (scheduled to be released in January 2017). GoCD works great with Java 8, and users are encouraged to use it.

Upcoming Feature - Config in a repository

This release also adds foundation for reading pipeline configuration from the material's repository. This feature is still in development and more details can be found here.

Note

A more comprehensive list of changes for this release can be found here.

Contributors

Thanks to Aravind SV, Carlos Villela, Ganesh S Patil, Joakim Lahtinen, Jyoti Singh, Ketan Padegaonkar, Lubaina Rangwala, Mahesh Panchaksharaiah, Marina, Naveen Bhaskar, Paul Nilsson, Rajiesh Narayanan, Ted Sheibar, Tomasz Sętkowski, Varsha V, Xiao Li, Zabil C.M for making GoCD better!

Support for Java 8

We've graduated from being Java 8 compatible to officially supporting it! You can see our journey to this milestone here.

GoCD will continue to support Java 7 till release 17.1 scheduled for January 2017. Post that, we will exclusively support Java 8. We recommend that you plan for and upgrade to Java 8 (for both GoCD server and agents) before the 17.1 release.

Performance

#2145 - Handle large modifications made to SCM materials without memory issues on the agent.

Materials

Fixes around handling git rebase

#2110 - Fix automatic build loop after a git rebase.

#985 - Fix git history rewrite causing errors.

User interface

#2136 - Warnings on VSM if pipeline is built with incompatible revisions.

Deprecations

Features that become superseded or irrelevant become deprecated, and are scheduled to be removed in some timeframe.

The following features have been deprecated, along with the timeframe when they will be removed

• As of release 16.5, Java 7 support is deprecated. Java 7 support will be removed in 17.1 release (scheduled to be released in January 2017). GoCD works great with Java 8, and users are encouraged to use it.

Note

A more comprehensive list of changes for this release can be found here.

Contributors

Thanks to Aravind SV, Brett Cave, Ganesh S Patil, Jen Marley, Jyoti Singh, Ketan Padegaonkar, Moritz Lenz, Mahesh Panchaksharaiah, Naveen Bhaskar, Rajiesh Narayanan, Tomasz Sętkowski, Varsha V, vmignot, Zabil C.M for making GoCD better!

Security

Important: There are several security fixes to prevent XSS, CSRF and remote execution exploits. We highly recommend this upgrade to keep your GoCD server and agent secure.

Performance

#2106 - Handle eviction/expiry of composite-keys from GoCache.

Note

A more comprehensive list of changes for this release can be found here.

Contributors

Special thanks again to drrb for reporting and verifying all of the security vulnerabilities in this release.

Thanks to Aravind SV, Austin Guest, David Rice, Ganesh S Patil, Jen Marley, Jyoti Singh, Juhi Jariwala, Ketan Padegaonkar, Mahesh Panchaksharaiah, Naveen Bhaskar, Rajiesh Narayanan, Rami, Varsha V, WPC, Xiao Li, Zabil C.M for making GoCD better!

Security

Important: This release fixes several XSS and CSRF vulnerabilities which can be exploited in earlier versions. As the changes are extensive, patches for older releases will not be provided. We recommend all users to upgrade to this version to safeguard your GoCD server.

These security vulnerabilities were responsibly disclosed by drrb. We want to give users some time to upgrade, before providing more details about the vulnerabilities. We will work with drrb on the specifics of providing these details, soon.

Notable features

Materials

• Make git material clone use -n (--no-checkout) option
• Use shallow clones of Git materials for faster checkouts and lower disk usage

Configuration

• Using unique string for cipher generation

Installers

• Support for silent install of GoCD server on windows

API changes

The following APIs now require an extra request header Confirm: true (due to security-related changes):

• Cancel stage
• Pause pipeline
• Unpause pipeline
• Releasing pipeline lock
• Scheduling pipeline
• Notify SVN materials
• Notify Git materials
• Notify Mercurial materials
• Create property

Deprecations

• The old java API-based plugin extensions for tasks and package repositories has been deprecated. Developers are encouraged to use the new JSON message-based APIs to author plugins.

  These APIs will be removed in the September release of GoCD.

• In light of downward trend in Solaris installers, we are now considering a timeline to stop providing Solaris installers for GoCD. Users can continue to use the generic zip files to run GoCD on Solaris. However the support for Solaris will be on a best-effort basis.

  We will stop providing Solaris installers from the July release of GoCD.

Note

A more comprehensive list of changes for this release can be found here.

Contributors

Special thanks to drrb for reporting and verifying all of the security vulnerabilities in this release.

Thanks to Andre Moeller, Aravind SV, bradeac, Chris Northwood, Daniel Somerfield, David Rice, Dmitry Ledentsov, Fredrik Wendt, Glenn Lewis, Jan Fabry, Jovan Alleyne, Jyoti Singh, Juhi Jariwala, Juha Siponen, Ketan Padegaonkar, Mahesh Panchaksharaiah, Rajiesh Narayanan, Tomasz Sętkowski, Varsha V, WPC, Xiao Li, Zabil C.M for making GoCD better!

Important: 16.2 has been removed from the downloads page because it had an issue which caused problems while installing windows agents.

Fixes

• Error on windows agent 16.2 update

What's new in GoCD 16.2

Features and bug fixes

• Select a range of agents by shift-clicking checkboxes
• Fix system call to kill processes on agents running Java 8
• [Security] When editing SVN, TFS, P4 materials, the plain password is printed in html.
• Output environment variables once per job instead of per task
• [Performance] Turn off JRuby's invokedynamic on to improve performance on servers running Java 8
• Git material is always cloned if branch is set to empty string
• [Config] Do not allow blank users in "authorization"

Note

A more comprehensive list of changes for this release can be found here.

Contributors

Aravind SV, Graham Christensen, Jyoti Singh, Juhi Jariwala, Ketan Padegaonkar, Mahesh Panchaksharaiah, Mark Crossfield, Rajiesh Narayanan, Tomasz Sętkowski, Varsha V, WPC, Xiao Li, Zabil C.M

What's new in GoCD 16.1

We are moving to a more regular release schedule, and so you might see releases with mostly issues fixed, while bigger level features are in progress across releases.

Important features and bug fixes in this release -

• Don't send 'Server:' header from Jetty
• GoCD 15.2's config schema (cruise-config.xsd) causes validation errors
• Throwing BadCredentialsException when user is not found in configured…
• Pipeline Config validation fixes
• Pipeline API: updating a lot of pipelines stops working
• Check approvers properly against allowed roles
• Fix some compatibility when installing RPM packages on RHEL5 and derivatives (#1766)

Note

The comprehensive list of changes for this release can be found here.

Thanks!

Tomasz Setkowski, Sean Escriva for making this release of GoCD better!

What's new in GoCD 15.3.1

Important: 15.3.1 has been removed from the downloads page because it had an issue which could have caused problems during configuration save. The issue mentioned is fixed in 16.1.0. The rest of the issues mentioned below are a part of 16.1.0 as well. We highly recommend upgrading to 16.1.0.

Important bug fixes in this release -

• File handle leak that causes windows agents to not cleanup properly
• Fix OOM on agents when parsing large xml test artefacts

Note

The comprehensive list of changes for this release can be found here.

New API for editing pipelines

A convenience JSON HAL compliant API for modifying pipelines. Check api.gocd.org for usage details.

Get informed about updates

A new version of Go CD is released every few months, with this feature you'll now be notified about the latest supported release (if you are running an older version).

Other notable features

• Add Environment to the parameters of the Update Agent API
• Integrate periodic garbage collection for config.git
• Allow agents API to update resources that an agent is associated with (#1522)
• Add API endpoint to create a user.
• Pipeline paused by and comment to the pipeline status API.
• Make embedded SQL cross compatible

Important bug fixes

• Upgrade commons-collections to library version 3.2.2
• Formatted console output with incorrect formatting
• Pipeline Configuration Peforce, unable to specify "ssl:"
• UI reports agent as "disabled (building)", API only reports "disabled"
• check paths in zip archive before unzipping during artifact upload
• New console log - last lines obscured

Note

The comprehensive list of changes for this release can be found here.

Thanks!

Tomasz Setkowski, Steve Hill, Alex Schwartz, Pooja R, Srinivas Upadhya, Xiao Li, Sandy Gordon, Arun Kumar, Björn Andersson, Federica Luraschi, Graham Christensen, Parker Shelton, Justin, Max Griffiths, Ashok Gowtham M, Massood, Ben Overmyer,James M. Greene, Ashwanth Kumar, Jakub Narloch, Alex Voitau, Joakim Wånggren, Paul Clarkin, X O and markuswehrle for making Go better.

Improvements to the console log

GoCD now supports rendering of ANSI color codes to show you much more beautiful console logs. Additionally, Go will automatically follow the logs as your build produces it, very much like your favorite terminal program.

Authentication end-point

With the newly exposed authentication end-point, Go users can now add custom authentication schemes through plugins. Read the blog post for details.

Setup hostname when auto-registering agents

You can now specify a property agent.auto.register.hostname to setup the hostname when auto-registering an agent.

API Improvements

Go's APIs are fairly old, have inconsistent and unpredictable content types (csv, xml, json, plain text).

We have now migrated the Agents API, Users API, Backups API to use JSON hypermedia API (using JSON+HAL).

Going forward, we would like to announce an ongoing effort to improve and migrate existing APIs to use something that is more modern, easy to discover, learn and build API clients for.

Learn more about the new API on our new api documentation site.

Other notable features

• #194 - Allow secure variables (environment) on environments, stages and jobs.
• #1121 - Ability for plugins to CRUD global configuration.
• #958 - API method for renaming agent.
• #264 - Agent API to assign resource.
• #1261 - Port over Users API.
• #1292 - Port over Backup API.
• #1087 - Switching to Jetty 9 by default
• #1210 - SSL connection errors/warnings with modern browsers
• #1306 - Upgrade jre packaged with windows installers to java 7u79

Bug fixes

• #68 - Re-scheduled pipeline does not show the updated Agent IP details on the Job details page
• #1089 - Re-scheduled Jobs not being marked as completed on completion
• #1060 - Assets (and content) could be served as gzip
• #1061 - UTF-8 characters not getting displayed correctly when the job is running or when it is rescheduled
• #1291 and #1249 - Fan-in performance improvements.
• #1039 - Fix for relative root paths in SVN 1.5+ externals.
• #1109 - XSS vulnerability on user settings page.
• #1219 - XSS vulnerability via SCM commit messages.
• #649 - Destination folder inside flyweight gets deleted in case a material is specified twice in the config (with and without destination).
• #1297 - UI fix to display file in artifact tab if it contains only blank spaces as file name.
• #1199 - Could not fetch artifact with '+' symbol in filename
• #1012 - Unable to change configuration after making one of the pipelines use a template
• #1201 - Session tracking mode changed to be cookie only

Note

The comprehensive list of changes for this release can be found here.

Thanks!

@ctorpe, @thenathanjones, @nfisher, @paulclarkin, @skarlso for making Go better.

New plugin endpoint for "Materials"

This new plugin endpoint introduced in 15.1 allows Go's already long list of source code materials to be extended without making changes to the core!

Support for this endpoint brought along support for GitHub pull requests, contributed by an external contributor @ashwanthkumar (so exciting!), with support from a Go core contributor, @srinivasupadhya. You'll never need to wish that Go supported your favorite kind of material repository, you can implement support for it yourself!

You can see all the SCM material plugins on the Go Community plugins. See how to write one, here.

Here's how the GitHub pull requests plugin looks in action (below). Read more about it in this blog post. Watch out for more improvements in the UI around this area.

New plugin endpoint for "Notifications"

Continuing on the path of opening up different parts of Go for extension, Go 15.1 introduces a new plugin endpoint for notifications. At this point, Go notifies the plugin of changes in the status of every stage, as it happens! This allows for quite a lot of use cases, and we are excited to see plugins written against this endpoint even before release (yay, open source!).

@matt-richardson has written a really nice generic notification plugin, which sends build notifications to any websocket listener! @ashwanthkumar has written a great plugin to notify Slack about build status changes. @srinivasupadhya has written a couple of nice notification plugins to update pull request statuses in GitHub and Atlassian Stash.

You can see all of those plugins on the Go Community plugins page/plugins/index.html. See how to write one yourself, here.

Pipeline label shortening

This contribution by @alexschwartz helps declutter the Go Dashboard, by allowing the pipeline label to be trimmed, per material. This feature is really useful when dealing with unwieldy 40 character SHAs in pipelines with git/mercurial materials in them. This feature allows this:

to be changed into this:

Read more about this feature in the documentation.

Timestamps in console logs

Starting from Go 15.1, Go's console logs will have timestamps for every line. This is very useful for finding out long-running parts of tasks. Here's how it looks:

More ...

This release is filled with many other notable features, changes and fixes, such as:

• #848 - Support for Mercurial versions 2.0 and greater.
• #781 - Post-commit hook for Mercurial (contribution by Go team alumnus, @sachinsudheendra).
• #768 - A beta feature to upload plugins directly from within the Go plugins tab (contribution by @pwen and @pamo).
• #700 - Run multiple agents as services - for Linux (contribution by @bernardn).
• #400 - Large part of a long-pending upgrade from Jetty 6 to Jetty 9 (turned off, by default in 15.1 - Waiting for some performance fixes on Jetty's side).
• #104 - Agents do not restart because of a server restart, any more (plugin sync issue fixed).
• #725 - Pipeline instance information through APIs.
• #941 - Small improvement around config save -Look for a lot more around this area soon!
• #877 - Performance improvements around CCTray and APIs.

New Features

• 719 - JSON message based Plugin APIs (docs - package, task)
• 44 - Revise how new pipelines appear under 'Personalize'. Thanks @mmb for the contribution. (docs)
• 699 - Users can comment on pipeline run history. (docs)
  Note: This feature needs some improvements listed here. Therefore the feature is turned 'off' for this release. To turn 'on' the feature, see details. Thanks @mmb, @gajwani,@fkotsian & @bsnchancontribution.

Bug Fixes

• 716 - Multiline commit comments don't trigger notifications. Thanks @mythgarr for the contribution.
• 360 - Unable to 'clean working directory' when recursive symlinks are present. Also, improved logging for error scenario. Thanks @mmb & @gajwani for the contribution.
• 770 - 'Check connection' for package materials fails in 'new pipeline creation' wizard when there are many other task plugins registered.

Others

• 688 - Change command error stream prefix to STDERR. Thanks @mmb for the contribution.
• 769 - Remove unnecessary logging from test environment. Thanks @hammerdr for the contribution.

New Features

• 396 - Automate running 'X' instances of a particular job and achieve faster results by parallelization. (docs)
• 225, 394 & 395 - New APIs.
• • Pipeline History API
  • Stage History API
  • Job History API
  • Agent Job Run History API
  • Material Modification Listing API
  • Configuration Repository Modification Listing API
  • Pipeline Group Listing API
  • Material Listing API

Enhancements

• 435 - Value Stream Map for a commit. (docs)
• 466 - Setting up e-mail notifications is now easier with 'any pipeline' and 'any stage' options. Thanks @lcs777 for the contribution. (docs)
• 460 - Enhanced search which hide pipelines. Thanks @ciotlosm for the contribution.
• 310 - Plugin logger now allows logging exceptions. Thanks @tusharm for the contribution.

Tech Debt

• 130 - Upgrade Rails 2.3.14 to 4.0.4. Thanks @juniorz for your ideas and contributions during the early days of migration.
• 401 - Moved four database tables to Hibernate from iBatis. Not something we expected to get a PR for, kudos to @RikTyer for this one.

Bug Fixes

• 315 - Pipeline label was not getting resolved in case of auto trigger.
• 403 - If Go server has firewall restrictions on outgoing connections, Xml test artifacts with dtd specified used to cause problems while uploading.
• 469 - Fixed logged in session timeout. Thanks @greenmoss for reporting the issue.
• 297 - Resource and personalise drop-downs were not showing up properly on some versions of chrome.
• 482 - In Value Stream Map, material circle was not being rendered properly. Thanks @dvarchev for investigating and sending a patch.
• 548 - Polling and builds used to fail when a git submodule URL changed. Thanks @mmb for the contribution.
• 314 - Don't allow leading/trailing spaces in commands. Thanks @sahilm for the patch.
• 525 - Output working directory in console output and when polling fails. Thanks @mmb for the patch.

Other

• 659 - Go has new user documentation. A big thank you to @afoster for the commits. Thanks @gregoriomelo and @mastojun for your contributions.

Enhancements

• 190 - Git post commit hook to trigger Go pipeline.
• 271 - Make card activity gadget work with mingle saas instance.
• 185 - Adding a layer of database connection configurations.
• 203 - Adding verbosity to exception message while loading DatabaseProvider.
• 114 - Move OSX packaging from ant to buildr.

Bug Fixes

• 286 - Go server logs for mac installers are not coming up.
• 196 - Cannot save a job which has colon (:) in its Nant Path.
• 223 - Large artifact fail to upload.
• 246 - Pipeline history view flashes for long pipelines.
• 91 - The pipeline activity page does not show the revision completely even on hovering on it.

Others

• 213 - Removing unused filter code.

Enhancements

• Added capability to create a Task plugin.

Bug Fixes

• Fixed a corner case issue around job reschedule.
• Fixed issue where SVN post-commit hook was not passing along credentials.
• Fixed issue with adding users via UI with a . (dot) in the username.
• Go Agent handles UnknownHostException by substituting host name with a generated name.
• Task running executables in the working directory should now be prefixed with ./.