Digital.ai Release 22.1.1

Digital.ai Release 22.1.1 includes the following new features:

• Retention policy for archived releases
• New folder permission: Perform task transition in advance
• Export Dashboards as PDF
• Simplified license renewal in Release clusters
• Validations in GitOps-enabled folder version control
• HTTP security enhancements
• OIDC Private Key authentication support
• Support for Microsoft Edge based on Chromium
• Version upgrades—supported databases
• Abort Long-running Tasks
• Scripts to upgrade, back up, and restore H2 database
• Kubernetes Operator-based installer enhancements
• Plugin Manager enhancements
• Plugins and integrations

And more bug fixes and enhancements.

Support Policy

See Digital.ai Support Policy.

Upgrade Instructions

The Digital.ai Release upgrade process you use depends on the version from which you are upgrading, and the version to which you want to go.

For detailed instructions based on your upgrade scenario, refer to Upgrade Release.

New H2 Database Version

Important: H2 database for Release is used only for testing and demo purposes. It is not one of the supported databases for production environments.

With Release 22.1 the H2 database has been updated to version 2.1.210 in order to mitigate CVE security issues related to the old 1.4.x version.

In case you are using the embedded H2 database in one of your development environments, you must migrate your data from H2 1.4.x (or earlier) to H2 2.1.x (or later) to bridge the incompatibility between the two versions (such as differences in file format in default MVStore storage engine).

Release 22.1 brings you scripts for both backing up and restoring the H2 database. You can use these upgrade scripts to backup and restore your H2 1.4.x (or earlier) to H2 2.1.x (or later). For more information, see xebialabs-community/xlr-backup-restore-script.

Known Issues

• D-20779 - Unable to use Release 22.1.1 with trial and temporary licenses with the embedded H2 database. As a workaround please use a full license or a production supported database.The issue will be fixed in the next maintenance version of Release.

New Features

Here's what's new with Digital.ai Release 22.1.1.

Retention Policy for Archived Releases

You can now purge archived releases (from the archive database) that are being held after the expiration of the configured retention period. This allows for automatic cleanup of releases that are not required per your company's audit or governance policy.

The purge process is disabled by default and needs to be activated by the Administrator on the System settings -> General screen.

Before the releases are removed from the database, their content will automatically be exported to the file system location configured in the System settings. The exported releases will be organized in subdirectories by their end date so each zip will be in the purged/<year>/<month>/<day>/<release-id>.zip format.

Here's an example for the contents of a purged release zip file:

Exempt Releases from Being Archived

• A new configuration option, Allow releases to skip archiving, has been added (System settings -> General) to exempt selected releases from being archived.
• When this option is enabled, the Allow releases to skip archiving check box shows up on the template and release Properties sub-pages.
• By marking a release to skip archive, the completed/aborted release is deleted instead of being moved to the archive database.
• This is useful for transient releases, which has no business value and are to be excluded from reporting and statistics.

New folder permission: Perform task transition in advance

• Task permission model has been extended with a new Release Tasks -> Perform task transitions in advance permission.
• Teams with the Perform task transitions in advance permission are allowed to Complete or Skip a task in advance.
• By default, this new permission is assigned to all the teams that are assigned with the Perform task transitions permission.

Note: There is a change in behavior for release owners with regards to performing tasks transitions. From Release 22.1.1, release owners will not have an implicit permission to complete or skip tasks. They will require an explicit task transition permission or be assigned to the task.

Export Dashboards as PDF

Custom dashboards on global and folder level have now been enhanced with an Export to PDF option for sharing dashboards with ease.

Simplified license renewal in Release clusters

With Digital.ai Release 22.1.1 license installation on one of the Release nodes in a cluster will automatically propagate to other nodes in the cluster, thus removing the need to renew the license on each node individually.

Warning: In case when cluster nodes already have licenses on disk, the license of the node last joining the cluster will be the one applied to all. To ensure the right license is applied, please update the license using the UI when all nodes are running or make sure all outdated licenses are previously removed from the filesystem.

For more information, see Licensing the Release Product.

Validations in GitOps-enabled Folder Version Control

• Enhanced the validation flow in folder Version Control with listing of external dependencies defined outside the folder.
• When creating a new version, all external dependencies will be listed for informative purposes.
• When applying a version, unresolved external dependencies are listed with deep-links for quick reparation.

HTTP Security Enhancements

• For better security, Digital.ai Release 22.1 and later support the sameSite attribute of the Set-Cookie HTTP response header allowing session cookies to be restricted to a first-party or same-site context.
• Valid values for the new xl.server.http.cookie.sameSite configuration parameter are Lax and Strict.
• For sites that use OIDC, the sameSite parameter must always be set to Lax.
• For remember-me, the sameSite parameter must always be set to Strict.

Example sameSite Cookie Configuration in the xl-release.conf file

Private Key JWT and Client Secret JWT Authentication Methods

• Digital.ai Release—22.1 and later—support client_secret_jwt and private_key_jwt methods to authenticate clients with OIDC-based ID providers such as Keycloak.
• The JWT assertion must be digitally signed using a private key in asymmetric cryptography.
• Digital.ai Release—22.1 and later—support signed JWTs only—it does not extend to encrypted JWTs encoded in a JSON Web Encryption (JWE) structure.

OIDC Private Key JWT Authentication

Digital.ai Release supports client authentication using the private_key_jwt method.

The following JSON Web Algorithms (JWA) are supported:

• RS256 (RSASSA-PKCS1-v1_5 using SHA-256)​​—this is the default if you use the private_key_jwt authentication method
• RS384 (RSASSA-PKCS1-v1_5 using SHA-384)​
• RS512 (RSASSA-PKCS1-v1_5 using SHA-512)​
• ES256 (ECDSA using P-256 and SHA-256)​
• ES384 (ECDSA using P-384 and SHA-384)​
• ES512 (ECDSA using P-521 and SHA-512)​
• PS256 (RSASSA-PSS using SHA-256 and MGF1 with SHA-256)​
• PS384 (RSASSA-PSS using SHA-384 and MGF1 with SHA-384)​
• PS512 (RSASSA-PSS using SHA-512 and MGF1 with SHA-512)​

Here's an example xl-release.conf file that uses the private_key_jwt authentication method.

OIDC Client Secret JWT Authentication

Digital.ai Release supports client authentication using the client_secret_jwt method.

The following JSON Web Algorithms (JWA) are supported:

• HS256 (HMAC using SHA-256)​—this is the default if you use the client_secret_jwt authentication method
• HS384 (HMAC using SHA-384)​
• HS512 (HMAC using SHA-512)

You can configure the desired JWS algorithm using the xl.security.auth.providers.oidc.clientAuthJwt.jwsAlg​ key.

Here's an example xl-release.conf file that uses the client_secret_jwt authentication method.

As an additional improvement to OIDC, support for nested claims for Release roles mapping has been added. The . acts as a path separator and if needed can be escaped with backslash \\..

For more information, see Set Up the OpenID Connect (OIDC) Authentication for Release.

Support for Microsoft Edge Based on Chromium

Release 22.1 has been qualified to work with Microsoft Edge based on Chromium.

Version Upgrades—Supported Databases

Release 22.1 supports the following databases.

Database	Versions Supported
PostgreSQL	12.9, 13.5, and 14.2
MySQL	5.7 and 8.0
Oracle	12c and 19c
Microsoft SQL Server	2017 and 2019
DB2	11.1 and 11.5

Abort Long-running Tasks

You can set up timeout threshold (in seconds) for certain task types and have Digital.ai Release abort such tasks automatically when they run for a long time. This feature is disabled by default. You can enable task execution limits and set up timeouts for the following task types:

• Script Task
• Custom Script Task
• Precondition Task

Here's the list of parameters available to set up the task execution limits. To enable the task execution limits and set up timeouts, add the following parameters to the xl-release.conf file.

Once you enable and configure the task execution limits, long-running tasks—such as Script Tasks, Custom Script Tasks, or Precondition Tasks—are automatically aborted when they cross the defined timeout limit.

Kubernetes Operator-based Installer Enhancements

With Release 22.1.1, the Kubernetes Operator-based installer offers the following enhancements:

• Improvements to the installer to enhance stability
  • Upgrade process improvements
  • Uninstallation process improvements
• Keycloak is the default authentication manager when you log in to the Digital.ai Release interface.

Plugin Manager Enhancements

With Release 22.1.0, you can now set the value of the -plugin-source flag when running the system as a service on Windows or Linux operating system. For more information, see Plugin Synchronization.

Plugins and Integrations

Here's what's new with plugins and integrations.

Checkmarx Plugin

Fixed the issue where the Checkmarx enconding was failing for passwords with special characters.

Continuous Testing Plugin

Introduced a new task called Create Manual Report Template, which is used for manual testing and displays the results with a link to the Continuous testing report.

GitLab Plugin

Fixed the issue for the Tag trigger task execution.

Octopus Plugin

• New fields, Retry Count and Retry Waiting Time are introduced.

  

• Fixed the Octopus performance issue that occurs during peak loads.

VSTS-TFS (Azure Devops) Plugin

Fixed the issue for the Queue build execution.

SonarQube Plugin

Fixed the issue for the KeyError field.

ServiceNow Plugin

A new field, External OAuth URL is added to provide External OAuth server support for authentication.

Bug Fixes and Field Incidents—22.1.17

• D-25777 - Fixed the third party security vulnerabilities for Release.
• D-25891 - When you upgrade a plugin via the Plugin Manager UI, the upgrade fails and an error is thrown. It updates the plugin only in the file system and not in the database. This is a known issue.

Bug Fixes and Field Incidents—22.1.16

• D-24193 - When the Release Owner is changed in the Create Release page, the Create Release button is getting disabled. To enable the Create Release button, you must click inside the Release Owner field again. This issue is now fixed.
• D-24566 - Fixed the issue with the DeliveryApi where the API call to complete a track item with the Release ID was not being exposed.
• D-24639 - Fixed an issue with the gate tasks that are not being completed properly.
• D-24687 - Fixed an issue where log output was getting cut off in the Task modal when using markdown format in the Comments and Description fields in Release tasks. This issue only occurred in the Task modal and not in the new Task drawer.
• D-24966 - Fixed the issue with the autocomplete height for the Dashboard owner field, which was causing scrolling issues for users. The autocomplete height has been adjusted to ensure a seamless scrolling experience for users.
• D-24976 - Fixed the copyright clause in the About Digital.ai Release section with the correct year.
• D-25034 - Fixed the tool tip message of the Perform task transitions in advance permission to avoid confusion in the permission behaviour between the Perform task transitions and Perform task transitions in advance permissions.
• D-25057 - Fixed an issue with the Confirm leave modal on Webhook event triggers, which was being displayed unnecessarily even when no changes were made.
• D-25106 - Fixed an issue where importing a template with a Create Delivery or Find or Create Delivery task failed due to the presence of a defined folder property.
• D-25194 - Fixed the quartz configuration for cluster environment to ensure that quartz jobs are being executed on a different node during shutdown.
• D-25234 - Implemented improved exception handling for tasks to ensure that when a task fails, an exception is properly logged, and relevant logs are made available for troubleshooting and analysis.
• D-25076 - Fixed the configuration for host aliases in operator based deployment of Release.
• D-25144 - Fixed the issue with the way the changes were logged for the Folder variables using the activity log event handler.

Bug Fixes and Field Incidents—22.1.15

• D-23964 - Improved response time on the Folder listing page.
• D-24458 - Fixed the help icon link in the Warnings page of the Version Control screen.

Bug Fixes and Field Incidents—22.1.14

• D-23740 - The task gets executed even if it's attribute check fails with an error. This issue is now fixed.
• D-24044 - Fixed UI bug that was showing Edited flag for new comments.
• D-23959 - Fixed an issue with delivery patterns, which automatically completed all stages before allowing the addition of any linked or tracked items.
• D-24206 - Multi-line descriptions are displayed incorrectly in the deployit-defaults.properties file and throws a syntax error. This issue is now fixed.

Bug Fixes and Field Incidents—22.1.13

• D-23185 - Fixed the security vulnerabilities for Release.
• D-23789 - After upgrading Release, the server selected via the Connections field in a task disappears intermittently. Sometimes, it disappears during the template and release creation process. It occurs in tasks like JIRA, Jenkins, and other tasks in which you can make connection to a server. This issue occurs only in a cluster installation and is now fixed.
• D-23816 - The tiles in dashboards were breaking when viewed in full screen mode. This issue is now fixed.
• D-23819/D-23820 - In the Release flow editor, the Export drop-down list only worked when the text of the drop-down options was clicked. Now, the drop-down options can be clicked anywhere and the export works properly. This issue is now fixed.
• D-23835 - Variable interpolation was not working in the Failure handler script. This issue is now fixed.

Bug Fixes and Field Incidents—22.1.12

Note: There is no Release version 22.1.11.

• D-22536 - Fixed an issue that prevented the custom tiles from being exported to PDF.
• D-22950 - Updated activemq-all library for docker images.
• D-23071 - When you open an User Input task from an archived release it throws a 404 error. This issue is now fixed.
• D-23383 - Fixed an issue that was breaking the markdown tables created in task descriptions of the task drawer.
• D-23482 - Fixed an issue that prevented the Retry button from being displayed for a failed task.
• D-23493 / D-23696 - Fixed an issue that was throwing a 500 error while opening a folder in Release.
• D-23672 - When resolving references to configurations, system checks multiple times if the configuration exists. Caching is introduced to improve the performance.

Bug Fixes and Field Incidents—22.1.10

• D-22677 - Fixed an issue that prevented tasks from reading the latest comment at runtime.
• D-22319 - The server.url property was ignored when OIDC is enabled and SSL/TLS termination is done by the load balancer without the X-Forwarded-Proto (XFP) header or irules (nginx).
• D-22968 - Fixed an issue that prevented the local users from running the Plugin Manager REST API commands successfully.
• D-23110 - When saving variable values in the User Input task, the operation times out occasionally in clustered environments. This issue is now fixed.
• D-23330 - Fixed the display issue in the custom dashboards.
• D-23263 - Dashboard tiles are not saving the passwords when you click the back to view mode button. This issue is now fixed.
• D-23438 - The folder dashboard prevents users from adding the Active releases tile. This issue is now fixed.

Bug Fixes and Field Incidents—22.1.9

• D-22452 - Upgraded spring version dependency to resolve security vulnerabilities.
• D-22905 - Context-sensitive tooltip messages are improved for various permissions in Digital.ai Release.
• D-22969 - Users with Edit Folder Notification permission in the Sub folder and not in the Root folder were unable to access the Notification tab in Sub folders. This issue is now fixed.
• D-22995 - An error is being thrown when upgrading Digital.ai Release using IBM Semeru OpenJDK 11. This issue is now fixed.
• D-23050 - In the Template or Release properties page, the Run automated tasks as user field must be auto-populated when you enter a text. This issue is now fixed.
• D-23117 - At the folder level, a new folder variable button is displayed even when you do not have the Edit Folder Variable permission. This issue is now fixed.
• D-23024 - When an OIDC user logs out an error is thrown. This issue is now fixed.

Bug Fixes and Field Incidents—22.1.8

• D-22618 - When you set a blank value for the Number variable in the Variable screen, the value is automatically set to 0. However, when you do the same in the Release properties screen, it throws a 400 HTTP status code. This issue is now fixed.
• D-19049 - The Release name field accepts more than 1024 characters when you create a release. However, when you edit the release name and save the changes. It throws an error and this issue is now fixed.

Bug Fixes and Field Incidents—22.1.7

• D-20546 - Random Jenkins tasks are stuck in the In-progress state when their respective Jenkins jobs are already completed. This issue is now fixed.
• D-20665 - Liquibase error occurs while upgrading Digital.ai Release from 10.0.4 to 22.0.2. This issue is now fixed by adding a validCheckSum property in the 14-a changeset.
• D-22263 - Create Release task fails when the subfolder depth is greater than 4. It is because the ROOT_RELEASE_ID column is too short to hold the value. This issue is now fixed.
• D-22429 - Template name is not displayed when you filter the source template via the drop-down list on the Dashboard tile. It's because the template is not displayed in the top one hundred when you list it in alphabetical order. This issue is now fixed by increasing the list size to 1000 from 100.
• D-22296 - Updating watchers for a current task using Jython Task API fails. This issue is now fixed.
• D-21723 - Fixed the blueprint.yaml and dairelease_cr.yaml files to better handle the values of the parameters for which there are no entry/value found in the Keycloak OIDC configuration file (external Keycloak).
• S-87313 - Fixed the configuration to support the graceful shutdown of Digital.ai Release.

Bug Fixes and Field Incidents—22.1.6

• D-22021 - When you open a task with thousands of users assigned to it, there is a delay in opening that task. This issue is now fixed.
• D-21043 - When you upgrade Digital.ai Release from 9.5.x to versions (22.2.2, 22.1.6, and 22.0.8), the upgrade fails with an SQL query error. This occurs in the 9.5.x version when you create a template and add a trigger to that template. This issue is now fixed.
• D-22090 - In the left-navigation pane, select Overview > Tasks and click any task. The Task Drawer disappears but the scheduling is active. This issue is now fixed.
• D-22221 - A gate task in a release fails when it has a dependency in another release and that release is aborted. This dependency issue is now fixed.
• D-22016 - The Operator-based installer of Release has the following fix:
  • The jmx-exporter.yaml file has been added to the release.configurationManagement.master.configuration.resetFiles and release.configurationManagement.worker.configuration.resetFiles keys of the Release's Operator-based installer's dairelease_cr.yaml file.
• D-21883 - Fresh installation of 10.3.x version of Release and Deploy operators from the branch in OpenShift fails as the operator docker image is not up-to-date. This issue is now fixed.
• D-21681 - When you upgrade from the helm chart to the latest operator using the upgrade utility, the RabbitMQ pod fails to spin up and the utility does not populate the storage class for RabbitMQ.
• D-21724 - When you change the license in the CR file, the value is not updated in the Release and Deploy file systems. This issue is now fixed.
• D-21726 - The memory limit of the operator is too low. This issue is now fixed by increasing the memory limits from 90 Mi to 200 Mi.

Bug Fixes and Field Incidents—22.1.5

• D-20582 - Fixed the issue that prevented multiline text from being displayed in the Output properties of a task.
• D-21101 - Script tasks, if immediately preceded by a Gate task, fail to read the comments added to the Script task at runtime. This is now fixed.
• D-21120 - Fixed an issue with the Webhook:Json webhook task that generates wrong authorization token.
• D-21278 - A new template created at the global level (outside the folder) does not display its template name when opened in a new tab. This issue is now fixed.
• D-21470 - When you import an already exported template from one instance to another, it breaks the folder. It is because the passwords are encrypted with different encryption key. The issue is now fixed.
• D-21576 - Fixed an issue that allowed users to generate personal access tokens that are made of nothing but two or more spaces.
• D-21612 - Ignored a few URLs that cause log troubles.
• D-21812 - When a template is imported using the XL CLI, the Script task prevents the variables in it from automatically being updated on the variable screen. This issue is now fixed.
• D-21836 - Fixed the Dashboard details page to fit all screen sizes.
• D-21400 - When a valid Okta user, who is not assigned to the Digital.ai Release application in Okta, tries to login, an indefinite redirect loop occurs. This issue is now fixed.
• D-21573 - You cannot export an excel report from a release that is completed and archived. This issue is now fixed.
• D-21886 - After upgrading to 22.0.1, the dependencies that existed in Gate tasks before the upgrade are not available. These Gate tasks display the status as Not Found when their status is In Progress. This issue is now fixed.

Bug Fixes and Field Incidents—22.1.4

• D-21088 - Issue with the "Watchers" user drop-down list in Task modal—the search text entered to search for a user was also added as a watcher when you select a user using the mouse, which is now fixed.
• D-21131 - Fixed an issue with the Attributes Rail—on clicking the Delete icon (not the button itself, but trash icon), the Edit Attributes modal opens up.
• D-21231 - Fixed—missing colors on the trigger activity logs.
• D-21430 - Fixed an issue (with values selected for mandatory list boxes) that prevented user input tasks from being completed.

Bug Fixes and Field Incidents—22.1.3

• D-20863 - Fixed the issue with the loading spinner icon, which was not getting displayed. This loading spinner icon indicates whether the Digital.ai Release is searching for releases and if there is any data being processed in the background.
• D-20898 - Fixed a usability issue with the Tab key, which occurs during runtime when the release has a user-input task. When you press the Tab key it should move to the next variable, and it has been fixed now.
• D-20318 - Fixed the issue for the CVEs that were detected in the latest Release Docker distribution.
• D-20645 - Fixed the issue where multiple API calls were made to access the variables in the user-input task.
• D-20706 - Fixed the issue where importing java classes in jython script tasks was not possible.
• D-20761 - Fixed the issue with the script task, which was unable to instantiate a condition subclass.

Bug Fixes and Field Incidents—22.1.2

• ENG-9087 - Fixed an issue with install-service.sh and install-service.bat by updating them to include the plugin-source=database flag.
• D-20575 - Fixed an RBAC issue with external users that prevented users assigned to an LDAP user group from being able to assign tasks to themselves.
• FI-1018 - Fixed an issue with the Create Release task where the changes to the variable properties (label, description, required Flag) of the release template were not reflecting correctly.
• ENG-9404 - Fixed an issue with the Null Pointer Exception (NPE) that was displaying when selecting a release.
• ENG-9397 - Fixed an issue where we were unable to apply YAML with the value provider in CRT variables.
• ENG-9180 - Fixed an issue with the task-transition permission by removing it from Release Owners. Earlier this permission was available by default. Now it has to be configured.

Bug Fixes and Field Incidents—22.1.1

• ENG-9273 - Fixed an issue with the Remember-me functionality.

• ENG-9017 - Fixed the Groovy script task execution issue where the task is kept in progress due to java.lang.Error.

• ENG-9015 - Fixed the incorrect Digital.ai Release component version in one of the database tables the XL_VERSION table.

  Important: If you are upgrading from one of the following Digital.ai Release versions, you must only upgrade to the latest patch release available for the version of Release you are upgrading to. For example, if you are on Digital.ai Release version 10.0.9 and planning to upgrade to the 10.3 version, you should upgrade to 10.3.8 or later versions of the 10.3 release. Here's the list of Release versions that are affected due this bug: Digital.ai Release 9.7.18, 9.7.19, 9.7.20, 10.0.7, 10.0.8, 10.0.9, 10.0.10, 10.1.6, 10.1.7, 10.1.8, and 10.1.9. The fix for the bug is available on these versions: Digital.ai Release 9.7.21, 10.0.11, 10.1.10, 10.2.10, 10.3.8, 22.0.1, and 22.1.1.

• ENG-8952 - Fixed the missing index on XLR_FOLDER_VARIABLES (FOLDER_CI_UID).

• ENG-8604 - The Apply Changes button will not be displayed to the users who do not have the permission instead of the Forbidden Access message.

• ENG-8302 - Fixed an issue that prevented a release (that was created from a global template) from inheriting folder permissions.

• ENG-6730 - Fixed an issue with the GitConnectionSettings for ThreadLocal security and memory leak.

• ENG-9080 - Fixed an issue where the cluster data was not properly persisted in the database.

• FI-947 - Fixed an issue related to RiskService that was occurring during login after the upgrade.

• FI-946 - Fixed JavaScript Exception: KeyError: Set-Cookie when Crowd and Strict Crumb plugins are used in Jenkins.

• D-20457 - Fixed the missing sidebar issue when creating a delivery.

• D-20387 - Unable to select a "time" when creating a new reservation (Environments > New reservation).

• D-20363 - Release calendar—Fixed the broken filter-based-on-status feature.

• D-20168 - Fixed the incorrect Settings page title.

• D-20230 - Fixed a form validation issue with the Edit Environment page.

• D-20171 - Fixed an issue (duplicate data issue when the page was refreshed) with the Audit Report page.

• D-20588 - Fixed an issue with the notification e-mail, which was not getting triggered when your e-mail address is inputted using the Assigned To field via release_variable task. Note that, only Username must be used to assign tasks.