These release notes describe recent changes to Deploy.

Digital.ai Deploy 22.2.0

Digital.ai Deploy 22.2.0 includes the following new features:

• Enable Profiling Logs for SQL Queries
• Operator-based installer—install Deploy in a Custom Namespace
• Additional parameters in OIDC configuration
• Downloadable Usage Summary Report
• Deployment API performance improvements
• Plugins and integrations

And more bug fixes and enhancements.

Support Policy

See Digital.ai Support Policy.

Upgrade Instructions

The Digital.ai Deploy upgrade process you use depends on the version from which you are upgrading, and the version to which you want to go.

For detailed instructions based on your upgrade scenario, refer to Upgrade Deploy.

Digital.ai Deploy 22.2.0 New Features

Here's what's new with Digital.ai Deploy 22.2.0.

Enable Profiling Logs for SQL Queries

• Profiling can be enabled in Deploy which lets you log query details such as query parameters and time taken by a query to the XL_DEPLOY_SERVER_HOME/log/profiling.log file.

• The XL_DEPLOY_SERVER_HOME/log/profiling.log file is rotated the same way as other log files are.

  

For more information, see Enable Profiling Logs for SQL Queries.

Operator-based Installer—Install Deploy in a Custom Namespace

Installing Digital.ai Deploy in a custom name space is one of the salient cloud-native features added to Digital.ai Deploy 22.2. You can now install Digital.ai Deploy in a custom namespace if:

• You would like to install multiple Deploy instances on the same cluster.
• You do not want to install Deploy in the default namespace: digitalai.

For more information, see: Install Deploy in a Custom Namespace.

Additional Parameters in OIDC Configuration

You can now send additional parameters to the OIDC provider as part of the OIDC authentication request.

Here's an example, in which you can find two additional parameters—param1 and param2.

deploy.security:
  auth:
    providers:
     oidc:
      clientId: "<Your client ID>"
      clientSecret: "<Your client secret>"
      clientAuthMethod: "<Your client authentication method here>"
      issuer: "<Enter the Open ID Provider Issuer>"
      keyRetrievalUri: "https://oidc.example.com/endpoint/keys"
      accessTokenUri: "<The redirect URI to use for returning the access token>"                  
      userAuthorizationUri: "<The authorize endpoint to request tokens or authorization codes via the browser>"
      logoutUri: "<The logout endpoint to revoke token via the browser>"
      redirectUri: "https://xl-deploy.example.com/login/external-login"
      postLogoutRedirectUri: "https://xl-deploy.example.com/login/external-login"
      idTokenJWSAlg: "<The ID token signature verification algorithm>"
      rolesClaimName: "<Your roles claim>"
      userNameClaimName: "<Your username claim>"
      additionalParameters:
       param1: false
       param2: "str"

With such a configuration, the additional parameters are passed in the login URL as shown in the following example request URL.

https://example.oktapreview.com/oauth2/.../.../code_challenge=xyz&`param1=false&param2=str`

Downloadable Usage Summary Report

With Deploy 22.2, you can now download the usage summary report for a given time period in Excel format. For more information, see Download Usage Summary Reports.

Version Upgrades

Supported Databases

Deploy 22.2 supports the following databases.

Database	Versions Supported
PostgreSQL	13.6 and 14.2
MySQL	5.7 and 8.0
Oracle	12c and 19c
Microsoft SQL Server	2017 and 2019
DB2	11.1 and 11.5

Deployment API Performance Improvements

The Digital.ai Deploy 22.2 includes a series of performance improvements around deployment APIs.

Plugins and Integrations

Here's what's new and changed with plugins and integrations.

HashiCorp Vault Plugin

Introduced a new type of authentication called AppRole in the HashiCorp Vault plugin.

For more information, see Hashicorp vault

AWS Plugin

• Fixed the issue with the deployment target path in the S3 Bucket folder.
• Assume role with SSO/Temporary credentials is supported.
• Added missing parameters for ECS service and Task definition.
  • ECS Service parameters:  ipcMode and pidMode
  • Task Definition parameters: environmentFiles, resourceRequirements, ulimits, secrets, extraHosts, systemControls, linuxParameters, dnsSearchDomains, dnsServers, entryPoint, startTimeout, stopTimeout, essential, hostname, pseudoTerminal, user, readonlyRootFilesystem, dockerLabels, and healthCheck

For more information, see AWS

Kubernetes Plugin

Assume role with SSO/Temporary credentials is now supported by the Kuberbetes plugin.

Podman Plugin

With the Podman plugin, you can deploy Podman images to create containers. In addition, you can create network and volumes for these containers.

Here's a list of tasks supported by the Podman plugin:

• ContainerSpec
• NetworkSpec
• PodSpec
• VolumeSpec
• File/FolderSpec

For more information, see Podman

WAS Plugin

Fixed the data source creation failure issue in the WAS plugin by making changes to the condition of the admintask flow.

Tomcat Plugin

With the Tomcat plugin, the port field is now set to optional and control task scripts are updated.

Cloud Foundry Plugin

Fixed the connection error issue in the Cloud Foundry plugin by updating the Cloud Foundry SDK libraries.

Bug Fixes and Field Incidents—22.2.15

• S-93742 - Fixed CVE-2021-35515 vulnerability.
• S-93816 - Fixed CVE-2022-45868 vulnerability.
• D-25271 - Fixed an issue with the HashiCorp Vault plugin that did not allow you to save multiple lookup values in the "Authentication AppRole" section.
• D-25760 - Modified the xld_ci_properties table id column type from integer to bigint to accommodate large number of records.
• D-25558 - Fixed an issue with deploying provisioning packages when CI names contain contextual placeholders.
• S-93426 - Fixed the host header injection JavaScript vulnerability in Digital.ai Deploy.
• D-23577 - Fixed archive mappings in the deploy-artifact-resolver.yaml file that caused issues with placeholder replacement.

Bug Fixes and Field Incidents—22.2.14

This version was skipped and 22.2.15 was released in its place.

Bug Fixes and Field Incidents—22.2.13

• D-25096 - Fixed an issue with the Deployment screen that caused multiple errors upon clicking the Finish button.
• S-93329 - Fixed CVE-2023-20883 vulnerability.
• S-92929 - Fixed an issue with Abort and Stop operations not working on hung tasks.

Bug Fixes and Field Incidents—22.2.12

• D-23332 - Fixed the issue with saving two lookup values—role ID and secret ID—in secrets.hashicorp.vault.Server.
• D-23763 - Fixed the issue with non-admin users being unable to see deployments in reports.
• D-23851 - Fixed the issue with some reports missing from Reports > Deployments panel after upgrade.
• D-24093 - Fixed the maximum number of expressions in a list is 1000 error when non-admin users try to view placeholders and there are more than 1000 directories that don't inherit permission from their parent.
• D-25223 - Fixed an issue that caused deployments to fail when customers used credentials stored in overthere.SshJumpStation instead of the username and password combination.

Bug Fixes and Field Incidents—22.2.11

• D-23711 - Fixed issue with folder permissions that caused existing permissions to be removed when new permissions are added using the 'Select All' option.
• D-23962 - Fixed the permissions error encountered by non-admin users when searching for Dictionary values using the search by placeholder option in Explorer.
• D-23172 - Added a fix to expire all active user sessions when a user resets their password.

Bug Fixes and Field Incidents—22.2.10

• D-24065 - Fixed the CheckConnection issue with the Deploy Task Engine when setting up a multi-node cluster with OIDC.
• D-24174 - Fixed the CannotLocateArtifactException issue while deploying Maven artifacts.
• D-23170 - Fixed an issue with the GET /api/v1/roles API to prevent unauthenticated users from viewing role names and IDs of other users.
• S-89672 - Optimized the support .zip output to include information based on supportpackagasettings configuration in deploy-server.yaml.

Bug Fixes and Field Incidents—22.2.9

• D-22947 - Fixed issue with user privileges that allowed users to modify other user accounts.
• D-23171 - Fixed issue with user privileges that allowed users to view information about other user accounts.

Bug Fixes and Field Incidents—22.2.8

• D-23001 - Fixed the 'Repository Entity not found' error caused when opening an environment or dictionary associated with directories containing ampersand (&) in their name.
• D-23336 - Fixed the Master/Work directory cleanup activity to remove all data associated with archived tasks.
• D-23407 - Added support for IBM-1047 encoding.

Bug Fixes and Field Incidents—22.2.7

This version was skipped and 22.2.8 was released in its place.

Bug Fixes and Field Incidents—22.2.6

• S-88593 - Fixed CVE-2022-33980 and CVE-2022-42889 vulnerabilities.
• D-23240 - Fixed the incorrect syntax issue that caused the package retention policy to fail when MS SQL Server database is used.
• D-23474 - If you uncomment any properties in the type-defaults.properties file, all backslash () characters will be dropped after server restart. To avoid this, add another backslash as an escape character before all backslash characters.

Bug Fixes and Field Incidents—22.2.5

• D-21145 - Dictionary version number is out of order in Digital.ai Deploy. This issue is now fixed.
• D-22125 - Fixed an issue with the Terraform plugin for Digital.ai Deploy that crashes the server.

Bug Fixes and Field Incidents—22.2.4

• D-22547 - Importing a deployment package file with dependent application results in Null Point Exception error. This issue is now fixed.

Bug Fixes and Field Incidents—22.2.3

• D-22446 - Fixed an issue that prevented users from secondary LDAP servers (on sites with multiple LDAP servers and OIDC enabled) from logging on to Digital.ai Deploy.
• D-22038 - If you resume a task after restarting Digital.ai Deploy, the task fails by getting stuck in the Stage artifacts step. It occurs when staging is enabled, and this issue is now fixed.
• D-22298 - A deployment task with a failed step is not resuming because the server is down. However, it does not resume even after the server is operational. This issue occurs with parallel deployments and is fixed now.
• D-22344 - Upgraded ssh library to support latest ssh ciphers.
• D-22385 - Fixed the principal name case-sensitive issue that occurs while fetching permissions.
• D-21472 - Fixed the duplication of records issue in reports dashboard and deployment task page for non-admin users. This occurs with Oracle database.
• D-22223 - Custom release conditions are not working as expected even though users have proper permission in LDAP and OIDC. This issue is now fixed.
• D-21723 - Fixed the blueprint.yaml and daideploy_cr.yaml files to better handle the values of the parameters for which there are no entry/value found in the Keycloak OIDC configuration file (external Keycloak).
• S-87313 - Fixed the configuration to support the graceful shutdown of Digital.ai Deploy.

Bug Fixes and Field Incidents—22.2.2

• D-20322 - If you use any regex pattern-based property such as file.File.textFileNamesRegex, Deploy escapes the backslash character \ so that it is not lost in server restarts. Should you modify these properties with any other custom values, you must make sure to escape the \ character with another backslash. For example, file.File.textFileNamesRegex=.+\.(cfg | conf | config | ini | properties | props | txt | xml) must have two backslashes as shown in the following example: file.File.textFileNamesRegex=.+\\.(cfg | conf | config | ini | properties | props | txt | xml).
• D-21122 - When you navigate to the next page in the Edit permissions page of an Application or folder, it displays the Error while fetching permissions error message or an empty page. It occurs in Digital.ai Deploy using the MSSQL database. This issue is now fixed.
• D-21064 - Fixed a permissions issue that prevented the POST /repository/cis/read API from reading multiple configuration items from the repository.
• D-21691 - Fixed an issue that prevented the Digital.ai Deploy users from being logged out automatically at the expiry of the set idle time.
• D-22016 - The Operator-based installer of Deploy has the following fix:
  • The jmx-exporter.yaml file has been added to the deploy.configurationManagement.master.configuration.resetFiles and deploy.configurationManagement.worker.configuration.resetFiles keys of the Deploy's Operator-based installer's daideploy_cr.yaml file.
• D-21725 - You can now add TLS configuration details in the Digital.ai Deploy Operator-based installer's daideploy_cr.yaml file.
• D-21883 - Fresh installation of 10.3.x version of Release and Deploy operators from the branch in OpenShift fails as the operator docker image is not up-to-date. This issue is now fixed.
• D-21681 - When you upgrade from the helm chart to the latest operator using the upgrade utility, the RabbitMQ pod fails to spin up and the utility does not populate the storage class for RabbitMQ.
• D-21724 - When you change the license in the CR file, the value is not updated in the Release and Deploy file systems. This issue is now fixed.
• D-21726 - The memory limit of the operator is too low. This issue is now fixed by increasing the memory limits from 90 Mi to 200 Mi.
• D-21730 - When you upgrade from helm to the latest operator it fails to add the embedded Keycloak. This issue is now fixed.
• D-21772 - Fixed an issue with the Operator-based installer that prevented upgrades from Deploy 10.3.x (default namespace) to 22.2.x (custom namespace with Keycloak enabled).

Bug Fixes and Field Incidents—22.2.1

• D-21089 - If there are more than 1000 directories that don't inherit permission from their parent, then non-admin users will not be able to view any CIs. This issue is now fixed.
• D-21099 - Fixed a configuration issue in the export folder of Deploy.
• D-21492 - You cannot import applications with XLD CLI that has CI with file artifacts in an external repository. It is because the CI fails to authenticate with the repository. This issue is now fixed.
• D-21652 - Fixed the auto-refresh issue for newly created users that was occurring during CI creation and deployments.
• D-21742 - When you create a cluster with a managed server in WebSphere, it fails. This issue is now fixed.
• D-21745 - When you create a proxy-server cluster with a managed server in WebSphere, it fails. This issue is now fixed.

Bug Fixes and Field Incidents—22.2.0

• D-18895 - Fixed a user session expiry issue for deleted users. The user session of a deleted user expires as soon as you delete the user.
• D-18894 - Fixed an issue after which only users with the Report-View permission are able to download the generated report.
• D-20538 - Fixed the deadlock issue with the Lock plugin.
• D-20857 - Fixed an issue with the permissions service REST API results, which were returning all configuration items instead of the folders.
• D-18337 - Fixed a UI issue with the Resolved Placeholders table to show the lengthy Dictionary entries (with ellipses) fully when hovered over.
• D-21652 - Fixed the auto-refresh issue for newly created users that was occurring during CI creation and deployments.
• D-20191 - Fixed the Bad Request error (when roles were created) that occurred on sites with standalone Deploy permission service.
• D-20544 - Fixed the issue with the lookup.SimpleLookupValueProvider Configuration CI for the ssh check connection in the encryptedEntries key-value map.
• D-20695 - Fixed the issue with the Invalid archive (jar file) that was not getting copied when Replace Placeholders option is enabled.
• D-21655 - Fixed the issue with the Digital.ai icon that was broken in the Registration page.
• D-21747 - Fixed the issue with the active-user-sessions-enabled, which when set to false in centralConfiguration/deploy-server.yaml , is shutting down the server with an error.
• D-19883 - Fixed an issue that removed the Digital.ai logo up on adding a custom logo.
• D-21347 - Fixed the issue with the Deploy server startup that was failing when the permission service is configured as standalone microservice.
• D-21448 - Fixed the issue with the connection leak in Active/Active HA setup.