Skip to main content
Version: Deploy 23.3

Digital.ai Deploy 23.3.x Release Notes

Digital.ai Deploy 23.3.0 includes the following new features:

  • Migrate from Active/Hot-standby Setup to Active-Active Setup
  • clientSecret Encryption
  • Pendo
  • Enhancements
  • Operator Improvements

And more bug fixes and enhancements.

Support Policy

See Digital.ai Support Policy.

Upgrade Instructions

The Digital.ai Deploy upgrade process you use depends on the version from which you are upgrading, and the version to which you want to go.

For upgrade instructions, see:

Migrate from Active/Hot-standby Setup to Active-Active Setup

Given the success of Active-Active setup with our customers, we have determined that the Deploy Active/Hot-standby mode is no longer the recommended configuration for achieving High Availability due to its inherent limitations. To ensure a more reliable and efficient solution, we strongly recommend migrating to the Active-Active setup.

Important: Plan and execute the migration from Deploy Active/Hot-standby to Active-Active before the designated deprecation date, which is the 1st of May, 2024.

To facilitate the transition, see the implementation details of the Active-Active setup. If you have any further questions or concerns regarding the Active-Active setup implementation, contact our Support team and your Customer Success Manager at Digital.ai.

After the deprecation date, support and updates for the Deploy Active/Hot-standby setup will not be available. Migrating to Active-Active is essential to maintain uninterrupted service and take advantage of the enhanced capabilities.

Note: We would like to take the opportunity to bring to your attention the Product and Support Lifecycle of Digital.ai Deploy. If you're using an unsupported version and need support with upgrading, contact your Customer Success Manager.

clientSecret Encryption

While implementing OIDC, the clientSecret key is now encrypted and added to the encrypted field list in the deploy-oidc.yaml file. This implementation enhances the security in Deploy.

Pendo

With Deploy 23.3, some statistics are sent to Pendo for more accurate analyses and quicker troubleshooting.

Enhancements

  • Added xl-cli support for Apple M1 and M2 architecture.
  • Fixed the host header injection JavaScript vulnerability in Digital.ai Deploy.
  • Fixed archive mappings in the deploy-artifact-resolver.yaml file that caused issues with placeholder replacement.
  • ollowing API endpoints are now secured and cannot be accessed without authentication:
    • /xldeploy/internal/configuration/license-info
    • /xldeploy/server/logo/xl-deploy
  • efactored roles to allow users to install Deploy operator without requiring access to cluster role resources.
  • dded Operator support for installation on multiple flavors of Openshift. We support any flavor of Openshift with:
    • Kubernetes server (versions 1.20–1.25)
    • A storage class that supports RWO and RWX access modes (for Deploy)
  • dded additional logging of Akka Actor lifecycle events and task flows for easier debugging of task execution.
  • For Deploy that is running on the Kubernetes cluster, you can now configure the correct setup of the canonical and bind addresses on the master and worker to communicate with the satellite that is running outside of the Kubernetes cluster.
  • Added support for Azure Bicep deployment.
  • Retained the TAR entities permissions when deployed the file.archive CI type to the Linux hosts.
  • Added concurrency limits for deployment. For more information, see Concurrent Deployments Limit

Operator Improvements

Important: For operator installation on various Kubernetes platforms, there is a limitation regarding the length of the namespace (or project). This limitation is based on the fact that custom namespaces play a crucial role in naming all resources created within the cluster. To ensure uniqueness across cluster resources generated by the operator, a maximum namespace length of 13 characters is supported. However, for OpenShift installations, the maximum namespace length is 9 characters.

  • You can now set up truststore to secure communication with trusted parties. For more information, see Set up Truststore.
  • You can now set up JVM arguments for Application containers. For more information, see Set up JVM Arguments.
  • You can now set up an external message queue. For more information, see Set up External Message Queue.
  • You can now set up an external database. For more information, see Set up External Database.
  • You can now set up diagnostic mode to check the application pods. For more information, see Set up Diagnostic Mode.
  • You can now set up custom context root to define the path at which the Deploy application is accessible within the URL structure. For more information, see Set up Custom Context Root.
  • You can now use the custom resource definition file (CR file) to change the Digital.ai Deploy's license on sites installed using the Operator-based installer. For more information, see Updating the Digital.ai Deploy License—Kubernetes Setup.
  • XL CLI allows you to use the xl plugin deploy [command] to install and update plugins in Deploy. It also allows you to cancel plugins that are ready to be installed. For more information, see Manage Plugins in Kubernetes Environment.
  • Deprecated xl up command from XL CLI.
  • You can now change the configuration of the application to use an external database, instead of the one provided with the operator itself.
  • You can now change the configuration of the application to use an external message queue, instead of the one provided with the operator itself. For more information, see Using an External Message Queue
  • Support introduced for separate sections for master, worker, and centralConfiguration for the server-specific configuration.
  • Support introduced for the setup of Deploy with external satellite.
  • Removed the Openshift standalone image for the operator.
  • Removed the Keycloak subchart.

Improved naming conventions of the values in operator CR.

  • All value keys must start with a lowercase
  • Custom labels and annotations can be defined
  • More change can be done in values/CR in the created resources

Upgraded versions of all operator’s Helm chart dependencies.

  • postgresql 12.8.5 (postgresql server version 15.4.0)
  • rabbitmq 12.0.13 (rabbitmq server version 3.12.3)
  • haproxy-ingress 0.14.2
  • nginx-ingress-controller 9.3.32

Docker Update

Important: In line with the Docker-recommended best practices, the latest version tag is no longer supported for Deploy and Release docker images. This means that the docker pull command and image descriptors (used in as-code files)—without a valid version tag—will not succeed—after 01 Nov, 2024.

Correct

docker pull docker.io/xebialabs/xl-deploy:23.3
version: "2"
services:
 xl-release:
  image: xebialabs/xl-release:23.3
  container_name: xl-release
 xl-deploy:
  image: xebialabs/xl-deploy:23.3
  container_name: xl-deploy

Incorrect

docker pull docker.io/xebialabs/xl-deploy
version: "2"
services:
 xl-release:
  image: xebialabs/xl-release
  container_name: xl-release
 xl-deploy:
  image: xebialabs/xl-deploy
  container_name: xl-deploy

Known Issues

D-25989 - Upgrade from 22.3.11 to 23.3.0-beta.3 is failing due to ArchiveDateColumnUpgrader.

Version Upgrades—Supported Databases

Deploy 23.3 supports the following databases.

DatabaseVersions Supported
PostgreSQL14.8 and 15.3
MySQL5.7 and 8.0
Oracle19c
Microsoft SQL Server2019 and 2022

For more information, about the other system requirements, see Installation Prerequisites.

Plugins and Integrations

Here's what's new and changed with plugins and integrations.

Helm Plugin

  • An issue occurs during the rollback action when deploying the helm chart. This issue is now fixed.
  • Fixed an issue with the xld-helm-plugin 22.0.0 that had compatibility issues with xld-openshift-plugin 22.3.0.
  • Added support for UTF-8 by adding a new encoding type field to properly read and display the helm files.
  • Deploy converts Helm charts into the final Kubernetes yaml files as a pre-plan step.
  • Helm plugin allows you to view the differences in charts that are being deployed.

Kubernetes Plugin

  • An authentication token field is now created in the Namespace properties page, which overrides the token set in Kubernetes master properties.
  • The output variable list is configured and captured in the create_update_dict.py file.
  • The Kubernetes plugin picks the default configuration even when you specify the location of the custom configuration file. This issue is now fixed.
  • Added Discovery mechanism for Kubernetes that allows users to discover and auto-create Kubernetes CIs using the Deploy Kubernetes plugin.

Terraform Plugin

  • Fixed an issue with the preview step in the Terraform plugin that was failing.
  • Fixed an issue with the Terraform plugin that was displaying logs with sensitive information during terraform deployment.
  • Fixed an issue with the Terraform plugin that was not allowing users to copy the hidden Terraform version file.

Azure Plugin

  • When you use the Azure plugin to deploy AzureWebAppCode spec, a certification error is thrown related to the destination host. This issue is now fixed.
  • Fixed web app code deployment issues with the Azure plugin.
  • Added bicep support in Deploy Azure plugin.

Azure Key Vault Plugin

The Azure Key Vault integration allows you to configure external dictionaries that can be used with your environments. You can also define a Azure Key Vault-based lookup provider that can reference and resolve a key/value pair stored in key vault secrets. Deploy does not save or cache the key/value information stored in Azure key vault in the Deploy system. For more information, see Manage secrets using Azure Keyvault

AWS Secrets Manager Plugin

You now have the AWS Secrets Manager plugin to retrieve secrets from AWS SecretsManager for use in your tasks and automations. The integration also lets you create, update and delete secrets in the AWS Secrets Manager from Deploy.

AWS Plugin

  • Fixed an issue that was causing problems in pushing files to AWS S3 subfolders.
  • Added ability to start and stop EC2 instances using the AWS plugin.

Bug Fixes and Field Incidents—23.3.11

  • D-34646 - Fixed the Deploy vulnerabilities from AquaScan.

Bug Fixes and Field Incidents—23.3.9

  • D-34534 - Fixed an issue with the Json patch dictionary CI in the Environment section that caused an error while manually executing a query during deployment.

Bug Fixes and Field Incidents—23.3.8

Note: There are no fixes for the Release version 23.3.8.

Bug Fixes and Field Incidents—23.3.7

  • D-25092 - Fixed an issue where users were unable to edit placeholders upon clicking on a deployed application.
  • D-33442 - Fixed an issue of excessive API requests and continuous polling in the Deploy web interface when viewing tasks.
  • D-33745 - Fixed an issue related with the Freemarker library version that appeared in logs. The Freemarker library has been upgraded to version 2.3.32.

Bug Fixes and Field Incidents—23.3.6

  • S-104674 - Fixed CVE-2024-22243 vulnerability.
  • D-33430 - Fixed an issue with setting up a truststore from custom resource (CR) in Deploy.

Bug Fixes and Field Incidents—23.3.5

  • D-32918 - Fixed an error that occurred when trying to import a package in Deploy, specifically when running it as a service on Windows.

Bug Fixes and Field Incidents—23.3.4

  • D-32611 - Fixed an error that occurred when setting permissions manually within a folder, the new permissions were not saved.
  • D-32379 - Fixed an issue that blocked a successful check connection when the infrastructure CI path includes special characters.
  • S-104302 - You can now install Deploy as non-root user in operator based installation.
  • S-103585 - Upgraded images in the Helm charts to the latest versions.

Bug Fixes and Field Incidents—23.3.3

  • D-26046 - Fixed an issue where the application could not be deleted as rollback failed to update Infra-CI with the correct version.
  • D-26297 - Fixed an issue that blocked non-admin users to view active monitored tasks after upgrading to v23.1.4.
  • D-31833 - Fixed an issue that prevented the active connections in the connection pool from returning on time. The connections in the pool were getting returned only on a restart.
  • D-32039 - If the helm binary is not available in the system, the Deploy remote runner installation fails. Fixed this issue by adding a question to check if the the helm binary is already available or not.
  • D-32103 - Fixed an issue where the client session time-out displayed a white screen.
  • D-32116 - Fixed an issue that was displaying an invalid error "Error while generating document: can't find cookie 'JSESSIONID" when you connect to Deploy via CLI with a wrong password. The error is now optimized and made more readable and meaningful.

Bug Fixes and Field Incidents—23.3.2

  • D-27061 - Fixed an issue with the help command in xl kube upgrade --help to display the correct upgrade instructions.
  • D-27083 - Fixed an issue with the import functionality that was blocking the import of a DAR (DAR file of an application), which included a reference to another CI.
  • D-27160 - Fixed an issue with the installation of Deploy in Azure using a custom private registry that was failing to pull the central-configuration image from the registry.
  • D-27221 - Fixed an issue where selecting external-oidc as the first value during the installation process without moving up or down in the options would display that no-oidc was selected.
  • D-27226 - Fixed an issue where upgrading Deploy from version 23.1.7 to 23.3.0 with external-oidc configured in 23.1.7 resulted in failure, causing an error in the master pod.
  • D-27237 - Fixed an issue where upgrading Deploy from version 9.7.4 to 22.3.6 resulted in an error when attempting to import a new DAR file for an application.

Bug Fixes and Field Incidents—23.3.1

  • D-27144 - Release or Deploy installation using the private registry fails as it is unable to pull the image xlprivate7c.azurecr.io/myrepo/busybox:stable. This issue is now fixed.
  • D-26870 - When you install a plugin in Deploy using the Basic authentication method the installation fails. This issue is now fixed.

Bug Fixes and Field Incidents—23.3.0

  • D-24130 - Fixed the incoming request has too many parameters error when non-admin users tried to access Deploy reports.
  • D-25223 - Fixed an issue that caused deployments to fail when customers used credentials stored in overthere.SshJumpStation instead of the username and password combination.
  • D-24625 - Fixed an issue with starting Deploy after upgrading from version 22.2.x to 22.3.x.
  • D-26151 - Fixed an issue with xld-deployment-package-status queue consumer, which was growing infinitely with no signs that Deploy is processing the items.
  • D-25760 - Modified the xld_ci_properties table id column type from integer to bigint to accommodate large number of records.
  • D-23332 - Fixed the issue with saving two lookup values—role ID and secret ID—in secrets.hashicorp.vault.Server.
  • D-25271 - Fixed an issue with the HashiCorp Vault plugin that did not allow you to save multiple lookup values in the Authentication AppRole section.
  • D-25837 - When you use a jumpstation to deploy with WinRM over HTTPS on a Windows host with an overthere.SmbHost or overthere.CifsHost CI. A TLS validation exception is thrown because localhost host is detected by Deploy as a peer. This issue is now fixed.