Skip to main content
Version: Deploy 22.1

Digital.ai Deploy 22.1.1

Digital.ai Deploy 22.1.1 includes the following new features:

  • OIDC Private Key authentication support
  • Kubernetes Operator-based installer enhancements
  • Plugin Manager enhancements
  • Support for Microsoft Edge based on Chromium
  • Version upgrades—supported databases

And more bug fixes and enhancements.

Support Policy

See Digital.ai Support Policy.

Upgrade Instructions

The Digital.ai Deploy upgrade process you use depends on the version from which you are upgrading, and the version to which you want to go.

For detailed instructions based on your upgrade scenario, refer to Upgrade Deploy.

Digital.ai Deploy 22.1.1 New Features

Here's what is new with Digital.ai Deploy 22.1.1.

Private Key JWT and Client Secret JWT Authentication Methods

  • Digital.ai Deploy—22.1 and later—support client_secret_jwt and private_key_jwt methods to authenticate clients with OIDC-based ID providers such as Keycloak.
  • The JWT assertion must be digitally signed using a private key in asymmetric cryptography.
  • Digital.ai Deploy—22.1 and later—support signed JWTs only—it does not extend to encrypted JWTs encoded in a JSON Web Encryption (JWE) structure.

OIDC Private Key JWT Authentication

Digital.ai Deploy supports client authentication using the private_key_jwt method.

The following JSON Web Algorithms (JWA) are supported:

  • RS256 (RSASSA-PKCS1-v1_5 using SHA-256)​​—this is the default if you use the private_key_jwt authentication method
  • RS384 (RSASSA-PKCS1-v1_5 using SHA-384)​
  • RS512 (RSASSA-PKCS1-v1_5 using SHA-512)​
  • ES256 (ECDSA using P-256 and SHA-256)​
  • ES384 (ECDSA using P-384 and SHA-384)​
  • ES512 (ECDSA using P-521 and SHA-512)​
  • PS256 (RSASSA-PSS using SHA-256 and MGF1 with SHA-256)​
  • PS384 (RSASSA-PSS using SHA-384 and MGF1 with SHA-384)​
  • PS512 (RSASSA-PSS using SHA-512 and MGF1 with SHA-512)​

Here's an example deploy-oidc.yaml file that uses the private_key_jwt authentication method.

privatekeyjwt

OIDC Client Secret JWT Authentication

Digital.ai Deploy supports client authentication using the client_secret_jwt method.

The following JSON Web Algorithms (JWA) are supported:

  • HS256 (HMAC using SHA-256)​—this is the default if you use the client_secret_jwt authentication method
  • HS384 (HMAC using SHA-384)​
  • HS512 (HMAC using SHA-512)

You can configure the desired JWS algorithm using the deploy.security.auth.providers.oidc.clientAuthJwt.jwsAlg​ key.

Here's an example deploy-oidc.yaml file that uses the client_secret_jwt authentication method.

clientsecretjwt

For more information, see Set Up the OpenID Connect (OIDC) Authentication for Deploy.

Kubernetes Operator-based Installer Enhancements

With Deploy 22.1.1, the Kubernetes Operator-based installer offers the following enhancements:

  • Improvements to the installer to enhance stability
    • Upgrade process improvements
    • Uninstallation process improvements
  • Keycloak is the default authentication manager when you log in to the Digital.ai Deploy interface.
  • Central Configuration as a Standalone service is started by default when you install Digital.ai Deploy using Kubernetes Operator installer.

Plugin Manager Enhancements

With Deploy 22.1.1, you can now set the value of the -plugin-source flag when running the system as a service on Windows or Linux operating system. For more information, see Plugin Synchronization.

Support for Microsoft Edge Based on Chromium

Deploy 22.1 has been qualified to work with Microsoft Edge based on Chromium.

Version Upgrades—Supported Databases

Deploy 22.1 supports the following databases.

DatabaseVersions Supported
PostgreSQL12.9, 13.5, and 14.2
MySQL5.7 and 8.0
Oracle12c and 19c
Microsoft SQL Server2017 and 2019
DB211.1 and 11.5

Plugins and Integrations

Here's what's new with plugins and integrations.

AWS Plugin

  • A new field, Repository Credentials has been added to pass the Amazon Resource Name (ARN) of the secret, which stores the private repository credentials.

    ECS Repo Credentials

  • Fixed the HTTPS proxy connection issue, which was throwing a connection failure.

  • Fixed dependencies for the UTC attribute not found issue.

  • Modified the ECS Service update strategy to update task revision rather than destroying and recreating it every time.

  • New parameters added for ECS service: PidMode and IpcMode.

  • New parameters added for ECS task: dnsSearchDomains, dnsServers, entryPoint, startTimeout, stopTimeout, essential, hostname, pseudoTerminal, user, readonlyRootFilesystem, dockerLabels, healthCheck, environmentFiles, resourceRequirements, ulimits, secrets, extraHosts, systemControls, and linuxParameters.

Azure Plugin

  • Fixed the HTTPS proxy connection issue, which was throwing a connection failure.

  • Fixed dependencies for the UTC attribute not found issue.

  • A new field, Application Settings has been added to add or modify the application settings in azure.FunctionAppZip.

    Application Settings

Docker Plugin

Fixed the HTTPS proxy connection issue, which was throwing a connection failure.

Internet Information Services Plugin

Fixed the issue, which was not removing the virtual directory from the IIS server.

Kubernetes Plugin

  • Fixed the HTTPS proxy connection issue, which was throwing a connection failure.

  • Fixed dependencies for the UTC attribute not found issue.

Terraform Plugin

Fixed the issue for the Terraform output variables, which were not captured for a remote backend.

Tomcat Plugin

Fixed the shell and batch scripts with validations for the start, stop, and status commands.

WebSphere Application Server Plugin

  • Creates datasource with default properties defined in WebSphere.

    WAS Datasource Properties

  • Fixed the issue with update of classloader order during a deployment update of was.Ear file.

WebLogic Server Plugin

  • Supports Oracle WebLogic Server 14c.

    WLS Version

  • Fixed the deployment order for side-by-side deployments. Note that, side-by-side deployment works only when a new version of the application is deployed next to an existing version.

Bug Fixes—22.1.17

  • S-92929 - Fixed an issue with Abort and Stop operations not working on hung tasks.

Bug Fixes—22.1.16

  • D-23763 - Fixed the issue with non-admin users being unable to see deployments in reports.
  • D-23851 - Fixed the issue with some reports missing from Reports > Deployments panel after upgrade.
  • D-24093 - Fixed the maximum number of expressions in a list is 1000 error when non-admin users try to view placeholders and there are more than 1000 directories that don't inherit permission from their parent.
  • D-25223 - Fixed an issue that caused deployments to fail when customers used credentials stored in overthere.SshJumpStation instead of the username and password combination.

Bug Fixes—22.1.15

  • D-23711 - Fixed issue with folder permissions that caused existing permissions to be removed when new permissions are added using the 'Select All' option.
  • D-23962 - Fixed the permissions error encountered by non-admin users when searching for Dictionary values using the search by placeholder option in Explorer.
  • D-23172 - Added a fix to expire all active user sessions when a user resets their password.

Bug Fixes—22.1.14

  • D-24065 - Fixed the CheckConnection issue with the Deploy Task Engine when setting up a multi-node cluster with OIDC.
  • D-24174 - Fixed the CannotLocateArtifactException issue while deploying Maven artifacts.
  • D-23170 - Fixed an issue with the GET /api/v1/roles API to prevent unauthenticated users from viewing role names and IDs of other users.
  • S-89672 - Optimized the support .zip output to include information based on supportpackagasettings configuration in deploy-server.yaml.

Bug Fixes—22.1.13

  • D-22947 - Fixed issue with user privileges that allowed users to modify other user accounts.
  • D-23171 - Fixed issue with user privileges that allowed users to view information about other user accounts.

Bug Fixes—22.1.12

  • D-23001 - Fixed the 'Repository Entity not found' error caused when opening an environment or dictionary associated with directories containing ampersand (&) in their name.
  • D-23336 - Fixed the Master/Work directory cleanup activity to remove all data associated with archived tasks.
  • D-23407 - Added support for IBM-1047 encoding.

Bug Fixes—22.1.11

This version was skipped and 22.1.12 was released in its place.

Bug Fixes—22.1.10

  • S-88593 - Fixed CVE-2022-33980 and CVE-2022-42889 vulnerabilities.
  • D-23240 - Fixed the incorrect syntax issue that caused the package retention policy to fail when MS SQL Server database is used.
  • D-23474 - If you uncomment any properties in the type-defaults.properties file, all backslash () characters will be dropped after server restart. To avoid this, add another backslash as an escape character before all backslash characters.

Bug Fixes—22.1.9

  • D-21145 - Dictionary version number is out of order in Digital.ai Deploy. This issue is now fixed.
  • D-22125 - Fixed an issue with the Terraform plugin for Digital.ai Deploy that crashes the server.
  • D-22869 - After upgrading Deploy, the non-admin users are unable to view the tasks and reports created by them earlier. This issue is now fixed.

Bug Fixes—22.1.8

  • D-22547 - Importing a deployment package file with dependent application results in Null Point Exception error. This issue is now fixed.

Bug Fixes—22.1.7

  • D-22446 - Fixed an issue that prevented users from secondary LDAP servers (on sites with multiple LDAP servers and OIDC enabled) from logging on to Digital.ai Deploy.
  • D-22038 - If you resume a task after restarting Digital.ai Deploy, the task fails by getting stuck in the Stage artifacts step. It occurs when staging is enabled, and this issue is now fixed.
  • D-22298 - A deployment task with a failed step is not resuming because the server is down. However, it does not resume even after the server is operational. This issue occurs with parallel deployments and is fixed now.
  • D-22344 - Upgraded ssh library to support latest ssh ciphers.
  • D-22385 - Fixed the principal name case-sensitive issue that occurs while fetching permissions.
  • D-21472 - Fixed the duplication of records issue in reports dashboard and deployment task page for non-admin users. This occurs with Oracle database.
  • D-22223 - Custom release conditions are not working as expected even though users have proper permission in LDAP and OIDC. This issue is now fixed.
  • D-21723 - Fixed the blueprint.yaml and daideploy_cr.yaml files to better handle the values of the parameters for which there are no entry/value found in the Keycloak OIDC configuration file (external Keycloak).
  • S-87313 - Fixed the configuration to support the graceful shutdown of Digital.ai Deploy.

Bug Fixes—22.1.6

  • D-20322 - If you use any regex pattern-based property such as file.File.textFileNamesRegex, Deploy escapes the backslash character \ so that it is not lost in server restarts. Should you modify these properties with any other custom values, you must make sure to escape the \ character with another backslash. For example, file.File.textFileNamesRegex=.+\.(cfg | conf | config | ini | properties | props | txt | xml) must have two backslashes as shown in the following example: file.File.textFileNamesRegex=.+\\.(cfg | conf | config | ini | properties | props | txt | xml).
  • D-21122 - When you navigate to the next page in the Edit permissions page of an Application or folder, it displays the Error while fetching permissions error message or an empty page. It occurs in Digital.ai Deploy using the MSSQL database. This issue is now fixed.
  • D-21064 - Fixed a permissions issue that prevented the POST /repository/cis/read API from reading multiple configuration items from the repository.
  • D-21691 - Fixed an issue that prevented the Digital.ai Deploy users from being logged out automatically at the expiry of the set idle time.
  • D-22016 - The Operator-based installer of Deploy has the following fix:
    • The jmx-exporter.yaml file has been added to the deploy.configurationManagement.master.configuration.resetFiles and deploy.configurationManagement.worker.configuration.resetFiles keys of the Deploy's Operator-based installer's daideploy_cr.yaml file.
  • D-21725 - You can now add TLS configuration details in the Digital.ai Deploy Operator-based installer's daideploy_cr.yaml file.
  • D-21883 - Fresh installation of 10.3.x version of Release and Deploy operators from the branch in OpenShift fails as the operator docker image is not up-to-date. This issue is now fixed.
  • D-21681 - When you upgrade from the helm chart to the latest operator using the upgrade utility, the RabbitMQ pod fails to spin up and the utility does not populate the storage class for RabbitMQ.
  • D-21724 - When you change the license in the CR file, the value is not updated in the Release and Deploy file systems. This issue is now fixed.
  • D-21726 - The memory limit of the operator is too low. This issue is now fixed by increasing the memory limits from 90 Mi to 200 Mi.
  • D-21772 - Fixed an issue with the Operator-based installer that prevented upgrades from Deploy 10.3.x (default namespace) to 22.2.x (custom namespace with Keycloak enabled).

Bug Fixes—22.1.5

  • D-21089 - If there are more than 1000 directories that don't inherit permission from their parent, then non-admin users will not be able to view any CIs. This issue is now fixed.
  • D-21099 - Fixed a configuration issue in the export folder of Deploy.
  • D-21492 - You cannot import applications with XLD CLI that has CI with file artifacts in an external repository. It is because the CI fails to authenticate with the repository. This issue is now fixed.

Bug Fixes—22.1.4

  • D-18337 - Fixed a UI issue with the Resolved Placeholders table to show the lengthy Dictionary entries (with ellipses) fully when hovered over.
  • D-19883 - Fixed an issue that removed the Digital.ai logo up on adding a custom logo.
  • D-20191 - Fixed the Bad Request error (when roles were created) that occurred on sites with standalone Deploy permission service.
  • D-21367 - Fixed a UI issue that prevented long Dictionary title from being shown in the Dictionaries section of the Environment view.
  • D-21443 - Fixed an issue that caused deployments with long Dictionary title to error out.

Bug Fixes—22.1.3

  • D-18895 - Fixed an issue with the user session expiry for a deleted user, who has the permission or access to an active session. Now, a deleted user will be denied access to an active session.
  • D-20538 - Fixed the deadlock issue within the Lock plugin.
  • D-20452 - Fixed an issue with Deploy that is set up in HA mode, which shows a Null pointer exception while making changes in Instance customization.
  • D-20857 - Fixed an issue with the permissions service REST API results, which were returning all configuration items instead of the folders.

Bug Fixes—22.1.2

  • D-20597 - Fixed an issue with the Digital.ai Deploy Oracle Service Bus (OSB) plugin that prevented users from being able to deploy packages with placeholders.
  • ENG-9087 - Fixed an issue with install-service.sh and install-service.bat by updating them to include the plugin-source=database flag.
  • ENG-7906 - Fixed an issue due to which only users with Report-View permission were able to download the generated report.
  • D-20598 - Fixed the INTERACTIVE_SUDO connection type vulnerability.
  • D-20732 - Fixed a UI issue due to which the spinner was not displayed when you drag and drop the application and environment CIs to the deployment section.
  • D-22411 - Fixed an issue that prevented users from creating new ResourceGroups on Azure clusters.

Bug Fixes—22.1.1

  • ENG-9219 - Fixed an issue that was displaying an error message while choosing the current month in the Date Range drop-down list of the Reports Dashboard section.
  • ENG-5298 - Fixed an issue with the resolved placeholders that were not storing the values while deploying the iis.WebContent to the overthere.SmbHost.
  • ENG-9080 - Fixed an issue where the cluster data was not properly persisted in the database.
  • FI-1022 - Fixed an issue that caused constant execution of PermissionServiceAttachUpgrade task upon server restart.
  • FI-1011 - Fixed an issue that prevented the Run.sh command from starting the satellite with wrapper Java options.
  • FI-1006 - Fixed an issue that prevented the display of a particular activity in the monitoring and report pages.
  • FI-982 - Fixed an issue that displayed an error in the Register Deployed section even after deployment was cancelled.
  • FI-954 - Fixed a UI issue that prevented automatic user session timeouts past the threshold idle time.
  • FI-953 - Fixed an issue that created a deployment task and indefinitely queued it when wrong hostname was entered for the wls.Domain type.