Version: Deploy 25.1

Digital.ai Deploy 25.1.x Release Notes

Support Policy

For each version of Deploy, we provide maintenance support for 15 months. For more information, see Digital.ai Support Policy.

Upgrade Instructions

The Digital.ai Deploy upgrade process you use depends on the version from which you are upgrading, and the version to which you want to go.

For upgrade instructions, see:

Breaking Changes

Breaking changes in Deploy 25.1 require your attention before upgrading:

Starting with Deploy version 25.1 and later, License version 3 will no longer be supported.

Required Action: Upgrade to a valid version 4 license.
Impact: Deploy instances using a version 3 license will stop functioning after the upgrade.

For more information on checking your current license version and upgrading, refer to the relevant documentation:

For assistance, contact Digital.ai Support.

End-of-life Notifications

Here's what is being deprecated or going out of support.

Support for AWS SDK for Java v1.x Being Deprecated

Starting from Deploy 25.1, support for the AWS SDK for Java v1.x (including awsCredentials and awsRegions) in XL CLI Blueprints is marked as deprecated. While it remains functional in Deploy 25.1, its use is no longer recommended, and upgrading to AWS SDK for Java v2.x is advised.

In Deploy 25.3 and later, this support is completely removed, meaning any functionality relying on AWS SDK for Java v1.x will no longer work.

z/OS File Deployment Enhancements

Deploying files to z/OS systems is now easier and more efficient with the introduction of the new SSH-SFTP connection, designed to streamline and enhance file transfers.

Previously, deployments to z/OS relied on SCP or SFTP without built-in encoding conversion.
The new SSH-SFTP connection enables automatic text file conversion to EBCDIC (CP1047) during transfers, eliminating the need for manual conversion.

Automatic Text File Transcoding

The new SSH-SFTP connection enables seamless conversion of text files to z/OS-compatible EBCDIC (CP1047) encoding. This feature includes:

Configurable file pattern matching to select files for transcoding.
Built-in exclusion patterns to prevent binary files from being transcoded.

Placeholder Replacement

The new SSH-SFTP connection supports variable substitution in z/OS files, ensuring seamless integration with deployment processes. This feature includes:

Configurable placeholder scanning based on file patterns.
Smooth integration with existing deployment workflows.

Configuration Options

The new SSH-SFTP connection offers flexible configuration options for seamless file deployments to z/OS:

Customizable regex patterns for file transcoding.
Flexible infrastructure setup through SSH/SFTP connections.

For more information, see z/OS Deployment Overview and z/OS File.file Deployment.

XL CLI Enhancements

The xl generate command now exports Configuration Items (CIs) based on the user's assigned permissions. This enhancement improves security and control when sharing or migrating configuration items. For more information, see Export Configuration Items With xl generate.

Server Name Indication (SNI) Check

To ensure SSL communication on the Deploy server works correctly, the built-in Jetty server allows customization of the SNI host check through the sni-check-enabled setting in deploy-server.yaml.

sni-check-enabled is set to false(default): SSL communication works even if the TLS certificate does not include a Subject Alternative Name (SAN), useful to create certificates without SAN entries.
When sni-check-enabled is set to true: SSL communication will only work if the TLS certificate includes a SAN with all required domain names.

For more information, see deploy-server.yaml Properies.

Enabling Database Connection on Custom Port and TLS Support

Non-Standard Ports: SQL Server uses the default port (like 1433) for communication, but some setups may require custom ports. You can now use custom ports for SQL Server by changing the TCP/IP settings and updating the connection string (JDBC URL) that Java applications use to connect to the database.
Encryption Support: Allows TLS encryption with a CA certificate by configuring the Trust Store and enabling SSL.

Encrypting Secrets in Configuration files

Any secrets in the configuration file with the password or secret suffix will now be automatically encrypted, ensuring sensitive data is protected.
Previously, certain fields—such as OIDC client secrets and keystore passwords—were stored in plain text. This update enhances security by preventing plaintext storage of sensitive information.

For more information, see Store encrypted passwords in Deploy.

Kubernetes Installation Updates

The Kubernetes blueprints now support separate image version entries for Digital.ai Release and Digital.ai Deploy. This allows you to define different versions for each product in the same blueprint, providing more flexibility for managing upgrades and cross-version compatibility.
Added the new xl kube images command to XL CLI. The xl kube images command helps manage Docker images used in Deploy or Release operator installations. You can list images, pack them into a package file, or unpack images from a package file into local Docker. For more information, see XL CLI Command Reference.
The xl kube command's --local-repo flag has been deprecated. Use the new --repo flag instead. For more information, see XL CLI Command Reference.

New Versioning Scheme for Deploy

Starting with Deploy 25.1, we have implemented a new versioning scheme that aligns with semantic versioning principles.

Current Format

Examples:

General Availability (GA): Product-Major.Minor.Patch - xl-deploy-25.1.0-server.zip
Early Access (EA): Product-Major.Minor.Patch-beta.Number - xl-deploy-25.3.0-beta.1-server.zip
Maintenance Release (MR): Product-Major.Minor.Patch - xl-deploy-25.1.1-server.zip

The format components are:

Component	Description	Example
Major	Last two digits of year	25
Minor	Release quarter (1-4) or feature version	1
Patch	Maintenance version number	0
beta.Number	Optional beta release number	beta.1

New Format

Examples:

General Availability (GA): Product-Major.Minor.Patch-MMDD.Build - xl-deploy-25.1.0-422.113-server.zip
Early Access (EA): Product-Major.Minor.Patch-beta.MMDD - xl-deploy-25.3.0-beta.407-server.zip
Maintenance Release (MR): Product-Major.Minor.Patch-MMDD.Build - xl-deploy-25.1.7-1222.113-server.zip

The new format is: MAJOR.MINOR.PATCH[-Build Metadata] where:

Component	Description	Example
Major	Last two digits of year	25
Minor	Release quarter (1-4) or feature version	1
Patch	Maintenance version number	0
Build Metadata	Build metadata including date (MMDD) and build number. `beta.MMDD` is used for EA versions.	`1222-113`, `beta.407`

note

For all formats, MM represents month (1-9 for Jan-Sep, 10-12 for Oct-Dec).

Early Access (EA) releases use format Major.Minor.0-beta.MMDD (example: xl-deploy-25.3.0-beta.407-server.zip). Files are stored in https://dist.xebialabs.com/customer/early-access/. Patch is always 0.
Maintenance Releases (MR) use format Major.Minor.Patch-MMDD.Build (example: xl-deploy-25.1.1-522.113-server.zip). Files are stored in product-specific directories at https://dist.xebialabs.com/customer/. Patch is a positive number.
General Availability (GA) releases use format Major.Minor.0-MMDD.Build (example: xl-deploy-25.1.0-422.113-server.zip). Files are stored in product-specific directories at https://dist.xebialabs.com/customer/. Patch is always 0.

This new versioning scheme provides clearer indication of the impact of updates and helps with upgrade planning.

Plugins and Integrations

Here's what's new and changed with plugins and integrations.

AWS Plugin

The Deploy AWS Plugin now supports folder synchronization when uploading to Amazon S3. Two new properties, Sync Folder and Remove deleted files on Sync, have been added to aws.s3.Folder to manage this functionality. By default, both these properties are set to false.

When Sync Folder is enabled, the plugin uses file size and checksum comparison to upload only files that have changed
Enabling Remove deleted files on Sync ensures that files deleted from the local package are also removed from the S3 bucket during synchronization.

For more information, see Create and Upload Artifacts to Amazon S3.

AWS Secrets Manager

The plugin now uses AWS SDK version 2, making it compatible with Java 17. For more information, see Managing secrets using AWS SecretsManager.

Azure Plugin

Added support for Azure API Management (APIM) to the Azure plugin in Digital.ai Deploy. With this integration, you can automate the import and management of APIs into Azure APIM directly from your deployment workflows. For more information, see Azure API Management.

Helm Plugin

Fixed an issue where the plugin couldn’t process UTF-8 characters in the response from HelmClient. For more information, see Helm Plugin.

Kubernetes Plugin

You can now access Azure Kubernetes Service (AKS) clusters using Azure credentials, eliminating the need for a kubeconfig file. For more information, see Setting up the k8s.Master with Azure Kubernetes Service (AKS) .

Liquibase Plugin

The Liquibase integration with Digital.ai Deploy helps simplify database schema management and automation. This plugin enables you to apply database updates, track schema changes, and perform rollbacks when needed.

For more information, see Liquibase Plugin.

Podman Plugin

Podman plugin supports SSH-based CLI connections using the Overthere to connect to both local and remote Podman hosts. For more information, see Setting Up an CLI-Based Connection to Podman.

Terraform Plugin

Fixed an issue where the latest Terraform client failed to capture output after deployment unless the state was explicitly fetched from the remote backend. Outputs are now correctly retrieved post-deployment without requiring manual intervention. For more information, see Terraform Plugin.

Websphere Plugin

Special character issue in StringNamespaceBinding has been resolved to ensure correct handling of values containing special characters.
Fixed an issue with WmqConnectionFactory TransportType check.
Improved discovery of multiple CIs, addressing gaps that previously caused incomplete or inconsistent results during CI discovery.

For more information, see Websphere Plugin.

Bug Fixes—25.1.0

D-37104 - Fixed an issue where tar files with placeholders and PNG files were corrupted when deployed to Linux hosts using file.Archive, file.File, or file.Folder CI type.
D-37665 - Fixed an issue where file.Archive failed to replace placeholders in archives with custom extensions.
D-38410 - Fixed an issue where the Deploy server failed to start after an upgrade. This was caused by the deletion of the PVC, which removed the repository encryption key required to load sensitive configurations.
D-39229 - Fixed an issue where upgrading the operator on OpenShift failed because only the latest (N) version was available in the channel, while OpenShift requires both N and N-1 versions for a successful upgrade.
S-114701 - Fixed CVE-2022-46337, CVE-2024-38816, CVE-2024-7254, CVE-2023-22102 vulnerabilities.
S-117337 - Fixed CVE-2024-12798, CVE-2021-31811, CVE-2024-38827, CVE-2021-31812, CVE-2024-38829, CVE-2021-27906, CVE-2021-27807, CVE-2021-37714, CVE-2022-36033 vulnerabilities.

Support Policy​

Upgrade Instructions​

Breaking Changes​

Breaking Changes Related to License Version​

End-of-life Notifications​

Support for AWS SDK for Java v1.x Being Deprecated​

z/OS File Deployment Enhancements​

Automatic Text File Transcoding​

Placeholder Replacement​

Configuration Options​

XL CLI Enhancements​

Server Name Indication (SNI) Check​

Enabling Database Connection on Custom Port and TLS Support​

Encrypting Secrets in Configuration files​

Kubernetes Installation Updates​

New Versioning Scheme for Deploy​

Current Format​

New Format​

Plugins and Integrations​

AWS Plugin​

AWS Secrets Manager​

Azure Plugin​

Helm Plugin​

Kubernetes Plugin​

Liquibase Plugin​

Podman Plugin​

Terraform Plugin​

Websphere Plugin​

Bug Fixes—25.1.0​