Check out "Enhancements" and "Bug fixes" for specific versions of GoCD below. As always, feel free to tell us what you think, or file a bug on GitHub.
We try our best to credit all contributors. Apologies if we miss you out. Let us know and we will change this.Thanks to everyone for contributing patches, feature requests, reporting issues and participating in various discussions.
In order to move towards supporting JRE version 9 and upwards, this release upgrades several libraries used by GoCD, including spring, hibernate, mybatis. See #4785, #4749 and #4768.
Breaking changes
APIs now respond with an HTTP status code 403(Forbidden) instead of the 401(Unauthorized) when authenticated users are not authorized to view or perform operations on a resource.
URLs containing any un-normalized paths (/../, ./ and /.), semicolon (; and %3B), encoded forward-slash (%2F), backslash (\, %5C), encoded percent (%25) will be rejected.
The pipeline config API version 3 and version 4 have been removed. Please use version 5 of the pipeline config API.
The elastic agent plugin extension version 1 and (a development version 2) has been removed. Plugin developers should use version 3 of the elastic agent plugin api to allow adding support for agent status report and plugin status report. The docker, docker swarm, and ecs plugins have been migrated to the new versions, and users should upgrade their plugins to the latest version to see these new features. Users using ECS plugin >= 4.0.0, docker swarm plugin >= 3.0.0, docker plugin >= 0.9.0 and kubernetes elastic agent >= 1.0.0 need not upgrade.
Bug fixes
#4737 - Secure variables that were not masked in task plugins are now masked properly.
#4805 - Pipeline history page pagination was broken.
These APIs have been replaced with a versioned API and users are encouraged to use these instead.
The Plugin Info API v3 has been deprecated as part of 18.3.0. This version of the API will be removed in a release scheduled for July 2018. Version 4 of the API is available, and users are encouraged to use it.
Please report any issues that you observe on GitHub issues.
18.4.0
Previously, there was a warning about not upgrading to 18.4. In 18.5, an issue around pipelines created using the pipeline config API showing twice on the dashboard was fixed. We haven't been able to replicate issue #4723 around pipelines created using JSON and YAML plugins, we suspect it might be an issue with the individual's setup. [Updated: 2018 May 11, 11:45 UTC]
Performance fix
This release primarily addresses performance issue caused by a config save, which slows down several requests because of a long-running database query executed in order to update the dashboard.
We have performed some optimizations in order to significantly reduce the number of SQL calls executed. Read more about it #4706 - here and #4705 - here.
Improvements
#4664 - Improved logging on GoCD server when agent registration fails.
#4610 - Add an origin attribute on fetch task. The origin attribute indicates where to fetch the artifact from. For all artifacts fetched from the gocd server, the value is 'gocd'
These APIs have been replaced with a versioned API and users are encouraged to use these instead.
The pipeline config API version 3 and version 4 have been deprecated as part of 18.2.0 and will be removed in a release scheduled for June 2018. Version 5 of the pipeline config API has been introduced to add the new pipeline unlock behavior attribute (#3943).
The elastic agent plugin extension version 1 and (a development verion 2) has been deprecated. These versions will be removed in a release scheduled for June 2018. Plugin developers should use version 3 of the elastic agent plugin api to allow adding support for agent status report and plugin status report. The docker, docker swarm, and ecs plugins have been migrated to the new versions, and users should upgrade their plugins to the latest version to see these new features.
The Plugin Info API v3 has been deprecated as part of 18.3.0. This version of the API will be removed in a release scheduled for July 2018. Version 4 of the API is available, and users are encouraged to use it.
Please report any issues that you observe on GitHub issues.
18.3.0
New Dashboard Page out of Beta
After we released the improved GoCD Dashboard (beta) in 18.2.0, we made several bug fixes and performance improvements based on feedback from our users. The GoCD dashboard improves performance for large GoCD instances with thousands of pipelines. In 18.3.0, we have replaced the older version of the dashboard with this improved dashboard which will be available as the default option to all GoCD users.
Enhancements to GoCD's Plugin Architecture
We have been working on a few improvements to our plugin architecture.
Support for adding plugin alerts to GoCD's Errors and Warnings section:
GoCD provides an ability for plugins to add Error and Warning messages. These messages will show up along with the GoCD's own Errors and Warnings. Plugins now have an ability to notify users with any plugin error or warning messages which shows up in GoCD.
Multiple Extension Support for Plugins:
Plugins can now implement multiple extensions. This will allow plugin developers to create a single plugin to support multiple extensions which complement each other. E.g This would allow one to write a new GitHub PR workflow plugin with both SCM and Notification extensions.
The plugin info API v4 has been introduced to represent plugins which implement multiple extensions. The two changes are:
"type" is no longer at plugin level. It's at an extension level.
"extension_info" was an attribute. It's now a list called "extensions".
Notification Extension V3:
Introduced Version 3 of Notification Extension. This version adds a new message to notify agent state changes.
Analytics Extension Point:
There is a new analytics extension point which allows analytics to be embedded into GoCD. We are continuing to work on it and you'll hear more about it soon.
Docker Images
A new Docker image GoCD Agent is available for Debian 9.
Improvements
#4644 - Environments page no longer lists the pipeline instances, this page is only for listing the available environments and editing them.
#4617 - Ability to turn-off logging of JVM-args and Environment variables to STDERR on GoCD Agent and Server startup.
#4607 - Remove flash filter from agent remoting endpoint
#4278 - Change in Build and Test Artifact XML representation
#4559 - Upgraded Objenesis library to fix performance issues around object cloning.
These APIs have been replaced with a versioned API and users are encouraged to use these instead.
The pipeline config API version 3 and version 4 have been deprecated as part of 18.2.0 and will be removed in a release scheduled for June 2018. Version 5 of the pipeline config API has been introduced to add the new pipeline unlock behavior attribute (#3943).
The elastic agent plugin extension version 1 and (a development verion 2) has been deprecated. These versions will be removed in a release scheduled for June 2018. Plugin developers should use version 3 of the elastic agent plugin api to allow adding support for agent status report and plugin status report. The docker, docker swarm, and ecs plugins have been migrated to the new versions, and users should upgrade their plugins to the latest version to see these new features.
The Plugin Info API v3 has been deprecated as part of 18.3.0. This version of the API will be removed in a release scheduled for July 2018. Version 4 of the API is available, and users are encouraged to use it.
The Agent Docker Image for Debian 7 is deprecated as part of 18.3.0 and will be removed in a release scheduled for May 2018. Users should upgrade to a newer version of the Debian image.
Breaking changes
The old plugins page which was deprecated in 18.2.0 has been removed
Known Issues
There are a few known minor issues when triggering pipelines on the new dashboard:
#4647 - Trigger buttons do not get disabled if the pipeline was force triggered and material update is in progress
#4452 - Horizontal scroll appears in Trigger With Options Materials popup
#4481 - CCTray corner cases: NullPointerException because of a pipeline not being in the config when the dashboard looks to update itself.
There is a known issue with API authentication:
API requests that wait for a authentication challenge before sending the credentials in the Authorization header fail with 401.
This is due to a bug introduced in the pull request #4585 - 'SPAs - redirect to login page if unauthorized'.
The bug essentially responded with a 401 http response before the WWW-Authenticate header could be added. More details can be found in the github issue #4682.
Contributors
Aditya Sood, Akshay Dewan, Akshay Mayekar, Ankit Srivastava, Ankur K, Aravind SV, Bhupendrakumar Piprava, Christoph Burgmer, Ganesh S Patil, Isabelle Carter, John Eismeier, Jyoti Singh, Ketan Padegaonkar, Kiera Radman, Louda Peña, Lubaina R, Mahesh Panchaksharaiah, Marques Lee, Naveen Bhaskar, Rafael Nunes, Rajiesh N, Senthil R, Steven Streisguth, Ted Timmons, Tomasz Sętkowski, Varsha Varadarajan
Note
A more comprehensive list of changes for this release can be found here.
Have ideas and want to contribute? Need some help getting started? We're here to help. Reach out to us at support@thoughtworks.com.
Please report any issues that you observe on GitHub issues.
18.2.0
New Dashboard Page (Beta)
New Dashboard Page
This release of GoCD ships with a 'preview' version of the new dashboard page (can be accessed using '/go/dashboard'). This improves performance for large GoCD instances with thousands of pipelines. It does so by:
keeping track of the state of the dashboard in memory (instead of being pulled from the DB).
rendering the response as a JSON (instead of HTML). This improves the rendering time by several hundred times on the server.
a javascript based frontend that is several thousand times faster on large instances, reducing the CPU usage of your browser. Your laptop battery will thank you. :)
reduces the polling rate when the dashboard is shown in a browser tab that is hidden.
Please report any issues that you observe on GitHub issues. This new dashboard will replace the existing dashboard in one of the upcoming releases of GoCD.
To make it easier to see information about your elastic agent and check logs in case of issues, elastic agent plugins can now provide an elastic agent status report. This report is available from the agents page, and from the job detail page. Docker, Docker Swarm, and Amazon ECS plugins implement this status report feature.
Elastic Agent Plugin Status Report
Elastic Agent Plugin Status Report
To make it easier to see information about elastic agent cluster, elastic agent plugins can provide a report about all running agents and the state of the cluster. This report is available from the plugins page. Docker, Docker Swarm, and Amazon ECS plugins implement this status report feature.
The old pipeline schedule API has been deprecated and users should upgrade to the new API.
6dfa18f - Introduction of server health messages API. (#4256).
This endpoint will render the warnings and errors that were earlier visible only when clicking on the "errors and warnings" modal on the GoCD server
0353bb6 - Introduction of Template Authorization API. (#3081).
9c4829e - Support gitlab@ urls for gitlab webhooks. (#4211)
Many GitLab installations use gitlab@ as a git user. This was once a default user for GitLab installs. Due to this the urls for ssh connections from gitlab can include this user.
Improvements
Introduce environment variables GO_MATERIAL_HAS_CHANGED and GO_MATERIAL_${material name or dest}_HAS_CHANGED to indicate if materials have changed from the previous pipeline run, and if materials have changed, which materials have changed. Read more about these variables in the help documentation.
Docker images
We have introduced the GoCD Agent Docker in Docker image. This can be used to run the docker related tasks such as building a docker image, pushing to a registry etc. Advanced use-cases include containerizing the application and running tests using DInD.
With the introduction of the server health messages API, we can now show server health messages on some of the pages introduced in the last several releases, viz. roles, authorization configuration, agents, elastic profiles, plugin settings.
#3899 - Fixed an infinite redirect issue when logging in using web based authentication plugins
#3926 - Handle console logs better with utf-8 encoding
157f12d - Enforce http(s) URL scheme for tracking tools. (#4356)
This will add an http:// prefix to tracking tool links that do not start with http:// or https://.
The plugin settings request is supported for the SCM and Package repository extensions on the plugins SPA. The plugin settings that can be configured for scm and package repo plugins are made use of only on the server side.
Deprecations
As of release 18.2 the following (unversioned) APIs have been deprecated and will be removed in 18.5 (scheduled to be released in May 2018):
These APIs have been replaced with a versioned API and users are encouraged to use these instead.
The pipeline config API version 3 and version 4 have been deprecated and will be removed in 18.5 (scheduled to be released in May 2018). Version 5 of the pipeline config API has been introduced to add the new pipeline unlock behavior attribute (#3943).
The elastic agent api version 1 and (a development verion 2) has been deprecated. These versions will be removed in 18.5 (scheduled to be released in May 2018). Plugin developers should use version 3 of the elastic agent plugin api to allow adding support for agent status report and plugin status report. The docker, docker swarm, and ecs plugins have been migrated to the new versions, and users should upgrade their plugins to the latest version to see these new features.
Plugins upload form has been removed from the new plugins page. It is still available in the old plugins page, which will be removed in release 18.3.0 (scheduled to be released in March 2018).
Breaking changes
Version 1 of the users api has been removed. Version 2 of the API is available, and users are encouraged to use it.
Known issues
There are a few known issues when triggering pipelines using the trigger with options feature on the new dashboard:
#4488 - If for a material no revision selected on trigger with options, schedules with latest revision
#4489 - If invalid revision specified do not trigger pipeline
#4448 - Pipeline with lock behavior specified continues to be locked after run completion under certain conditions
Contributors
Akshay Dewan, Akshay Mayekar, Ankit Srivastava, Ankur K, Aravind SV, Bhupendrakumar Piprava, Charles Bryant, Christian Lövsund, Don Stewart, Ganesh S Patil, Isabelle Carter, Jyoti Singh, Ketan Padegaonkar, Kiera Radman, Louda Peña, Lubaina R, Mahesh Panchaksharaiah, Marques Lee, Naveen Bhaskar, Paul Thomas, Rajiesh N, Senthil R, Varsha Varadarajan
Note
A more comprehensive list of changes for this release can be found here.
Have ideas and want to contribute? Need some help getting started? We're here to help. Reach out to us at support@thoughtworks.com.
f9ad399 - Validate roles assigned to stage authorization on template update through API. (#4185) #4176
63d7d0f - Test artifacts configured using config-repo is uploaded to GoCD server's build artifacts' default location. (#4083) #4071
1442a09 - Get Pipeline Config API failed to find pipeline for remote configured pipelines. (#4010) #4008
addf343 - Fix path of logback-include.xml. (#4145)
d409d23 - Fix whitelist in configrepo hg material. (#4191)
8971a71 - Do not allow agent to register with duplicate elastic agent id. (#4133)
Docker Images
Published an updated GoCD Server and Agent docker image for the latest version of Alpine (3.7)
Breaking Changes
As of release 17.5, authentication plugin endpoints have been deprecated. Support for authentication plugin endpoints has been removed in 18.1 release. The following plugins will not work unless been migrated to use the Authorization Plugins endpoint:
23eb465 - Delete cruft for new jobs as they complete. (#4219)
This bug fix breaks jobs feed API. We will no longer render the environment variables, resources and build artifacts in the job xml api
Version 2 of the plugin info API which was deprecated in 17.9.0 release is removed in this release. Version 3 of the API is available.
The pipeline pause API now results in Conflict (HTTP 409) with an error if the pipeline is already paused.
The pipeline unpause API now results in Conflict (HTTP 409) with an error if the pipeline is already unpaused.
Deprecations
As of release 17.11, version 1 of the users API is deprecated. This version of the API will be removed in 18.2.0 release (scheduled to be released in February 2018). Version 2 of the API is available, and users are encouraged to use it.
Plugins upload form has been removed from the new plugins page. It is still available in the old plugins page, which will be removed in release 18.2 (scheduled to be released in February 2018).
979fa50 - Addition of pipeline count information to about page. (#3960)
Bug Fixes
ab1ccf8 - Fix config file validation to not use file system to validate paths. This caused issues in certain cases where the server working directories were using symlinks. (#4026) #3984
6660a1b - Show 'console log not available' error in build details page's console tab when console.log file is not available. (#3998) #3773#3650
e48d958 - Fixes console.log file not being available at server if websocket connection is closed while waiting for logs. (#3999) #3986
ee992e6 - Fixes issue in agent zip installers in which agents fail to register if their log directories' path have spaces in them. (#3976) #3966
e6c9b3a - Fixes issue with stale cache being used in CCtray which caused users associated with plugin-roles to not see pipelines which they were authorized to see otherwise. (#3955) #3954
449cbc3 - Allows overriding default Go server ports when using windows service. (#4038) #3982
Security Fixes
488712d - Token based approach for agent registration. (#4014)
Adds a new endpoint to get token from server in exchange of agent uuid. The token for a given agent is issued for unknown agents only - already registered or pending agents cannot request for a token.
Agent requests for a token before registration if required. This token is stored on agent's disk and reused for registration calls.
Note: As a result of this fix, Go-lang agents need to be updated to work with GoCD server versions 17.12 or higher, else the agent's registration would fail.
Golang agent users can follow up with the author on this issue.
Alternatives to using the VNC flag are mentioned in this comment.
Deprecations
As of release 17.11, version 1 of the users API is deprecated. This version of the API will be removed in 18.1.0 release (scheduled to be released in January 2018). Version 2 of the API is available, and users are encouraged to use it.
As of release 17.5, authentication plugin endpoints have been deprecated. Support for these plugins will be removed in 18.1 (scheduled to be released in January 2018). Plugin developers are encouraged to migrate their plugins to use the Authorization Plugins that were introduced. The following plugins are affected by this deprecation:
Plugins upload form has been removed from the new plugins page. It is still available in the old plugins page, which will be removed in release 18.2 (scheduled to be released in February 2018).
As of release 17.9, version 2 of the plugin info API is deprecated. This version of the API will be removed in 18.1.0 release (scheduled to be released in January 2018). Version 3 of the API is available, and users are encouraged to use it.
f501efc - Move over to logback from log4j for logging. (#3831)
Switching to logback solves a number of logging related issues such as #3588, #3557 and #3403
The users should now configure logging using corresponding logback.xml instead of log4j.properties for both server and agents (docs).
This has been marked as a breaking change since GoCD would no longer honour log4j.properties file. Users managing log4j.properties file externally would have to update their scripts to use the logback.xml instead.
Support for phusion based docker server and agent images have been removed this release. We provide support for the docker images for GoCD agents across the following operating systems - Alpine 3.5, CentOS 6 & 7 , Debian 7 & 8, Ubuntu 12.04, 14.04 & 16.04
Performance Fixes
eb7305e - Fixes memory leak issue in agent-bootstrapper/launcher caused by server upgrades. (#3792)
Bug Fixes
cef6649 - Fixes a race condition during Job reschedule. (#3891)
a1f9945 - Improves checksums for agent jar(s) download. (#3884)
4db7e52 - Does not show the settings icon for config repo pipelines on VSM. (#3892) (#3881)
686c76d - Fixes issue with users authenticated using WebBasedAuthentication not assigned the right permissions. (#3878)
API Changes
cba778c - Introduced health check API for Server. (#3912)
e4d041b - Introduced v2 of Users API to support bulk deletion. (#3720)
Docker Images
We have made a few changes to the GoCD Server (Changelog) and the GoCD Agent (Changelog) Docker images.
Deprecations
As of release 17.9, version 2 of the plugin info API is deprecated. This version of the API will be removed in 17.12.0 release (scheduled to be released in November 2017). Version 3 of the API is available, and users are encouraged to use it.
As of release 17.11, version 1 of the users API is deprecated. This version of the API will be removed in 18.1.0 release (scheduled to be released in January 2018). Version 2 of the API is available, and users are encouraged to use it.
As of release 17.5, authentication plugin endpoints have been deprecated. Support for these plugins will be removed in 18.1 (scheduled to be released in January 2018). Plugin developers are encouraged to migrate their plugins to use the Authorization Plugins that were introduced. The following plugins are affected by this deprecation:
With release 17.5.0 support for in-built password file and LDAP/AD authentication had been deprecated. In this release support for this has been removed in favour of the bundled LDAP and Password File plugins respectively.
Important: After the 17.9 release, we made an announcement asking users to hold off upgrading their GoCD instance. We found an issue (#3834) affecting a small set of users. This release provides a fix for the same.
Critical Bug Fixes
05598d8 - Unable to start the server after 17.9.0 upgrade. (#3834)
Other Changes
176ebc2 - Fix for no plugins visible after 17.9.0 upgrade. (#3829)
Sep 11 13:00 UTC 2017: We are investigating an issue (#3834) with upgrades affecting a small number of users. Please hold off on upgrading to 17.9.0 until further notice.
Improvements
928c585 - Grouping elastic profile by plugin ID. (#3772)
We have created an organized view of the elastic agent profiles. Now, you can view them by the type of elastic agent plugin (Docker Swarm, OpenStack, ECS etc.), making it easier to find a particular profile.
1c1f2fe - Administrators can choose to edit a Pipeline with one-click from the Value Stream Map.
4c9e3c9 - Removed memory leaks from agent bootstrapper.
GoCD agents are designed to automatically upgrade themselves when the GoCD server is upgraded. This requires the currently running agent to release all resources before exiting and handing over control to a newer version of the agent process. There were some file system resource and memory leaks that have been identified which affect versions of go-agent bootstrapper between 17.4 and 17.8. We recommend that users either upgrade their gocd server and agent versions to the latest version, or restart the agent process to release any memory and filesystem resources that may be locked by the agent process.
e538ba0 - Check if agent is disabled before job assignment.
d47180f - Addition of a few more fields to materials form which is used in creation of pipelines.
8f6cc6c - Send request headers from server to plugins.
0eab696 - Stage and job related warnings should not be logged for a rerun stage/job. (#3753)
8f66499 - Fixes select all bug on admin edit in environment page. (#3737)
793d198 - Redirect authenticated user to home page on re-authentication.
Docker Images
GoCD images make logs available to docker by writing them to STDOUT. Users can access the logs anytime by executing docker logs in both server and agent containers.
We've launched an updated GoCD Agent docker image for the latest version of Alpine (3.6)
Breaking Changes
If you are using the commercial Amazon ECS Elastic Agent Plugin, upgrading to GoCD 17.9.0 would require a plugin upgrade to V2.0.0.
Deprecations
As of release 17.9, version 2 of the plugin info API is deprecated. This version of the API will be removed in 17.12.0 release (scheduled to be released in December 2017). Version 3 of the API is available, and users are encouraged to use it.
As of release 17.5, authentication plugin endpoints have been deprecated. Support for this plugin will be removed in 18.1 (scheduled to be released in January 2018). Plugin developers are encouraged to migrate their plugins to use the Authorization Plugins that were introduced.
As of 17.5, support for in-built password file and LDAP/AD authentication have been deprecated. Support for these authentication mechanisms would be removed in 17.10 release (scheduled to be released in October 2017). Existing configuration will be automatically migrated to use the new in-built password file and LDAP/AD authentication plugins. No other actions necessary.
As of 17.8, the phusion based docker server and agent images are deprecated in favour of the new docker server and agent images. Support for the phusion images will be removed in 17.11.0 (scheduled to be released in November 2017). We provide support for the docker images for GoCD agents across the following operating systems - Alpine 3.5, CentOS 6 & 7 , Debian 7 & 8, Ubuntu 12.04, 14.04 & 16.04
Other Changes
dc39953 - Config repo change attribute "plugin" to "pluginId". (#3672)
3c9a8f1 - Addition of a toggle to make pipeline quick edit page as a default page. (#3722)
19210e4 - Always open console tab when job name is clicked. (#3742)
Contributors
Ankit Srivastava, Ankur K, Aravind SV, Bhupendrakumar Piprava, Emily Luke, Ganesh S Patil, Jyoti Singh, Ketan Padegaonkar, Louda Peña, Lubaina R, Mahesh Panchaksharaiah, Naveen Bhaskar, Pedro Carriço, Rajiesh N, Senthil R, Stephen Murby, Suzie Prince, Tim Brown, Varsha Varadarajan
Note
A more comprehensive list of changes for this release can be found here.
Have ideas and want to contribute? Need some help getting started? We're here to help. Reach out to us at support@thoughtworks.com.
ThoughtWorks now offers a new commercial plugin which allows you to run elastic agents on Amazon ECS. The plugin takes care of spinning up and shutting down EC2 instances based on the need of your deployment pipeline. For more information about this, click here.
Improvements
1ccb029 - Ensure order of auth_config is used to authenticate users. (#3608)
36d546e - Removed support for Team Foundation Server 2010. Users can continue to use GoCD with TFS 2012, 2013, 2015 and Visual Studio Team Services.
d7c4d16 - Display pause text in pipeline history. (#2784)
52ac924 - Save agent hostname and ip address as part of build history. This information will be displayed on the job details page for all kinds of agents. (#3368)
Docker Images
Some improvements have been made to reduce the size of the docker GoCD server image. Please check the changelog here.
Some improvements have been made to create slimmer docker GoCD agent images. Please check the changelog here.
We provide support for the docker images for GoCD agents across the following operating systems - Alpine 3.5, CentOS 6 & 7 , Debian 7 & 8, Ubuntu 12.04, 14.04 & 16.04
Deprecations
Features that become superseded or irrelevant become deprecated, and are scheduled to be removed in some timeframe.
The following features have been deprecated. Please note the timeframe of when they will be removed.
As of 17.5, support for in-built password file and LDAP/AD authentication have been deprecated. Support for these authentication mechanisms would be removed in 17.9 release (scheduled to be released in September 2017). Existing configuration will be automatically migrated to use the new in-built password file and LDAP/AD authentication plugins. No other action necessary.
As of 17.5, authentication plugin endpoints have been deprecated. Support for this plugin will be removed in 18.1 (scheduled to be released in January 2018). Plugin developers are encouraged to migrate their plugins to use the Authorization Plugins that were introduced.
As of 17.8, the phusion based docker server and agent images are deprecated in favour of the new docker server and agent images. Support for the phusion images will be removed in 17.11.0.
We provide support for the docker images for GoCD agents across the following operating systems - Alpine 3.5, CentOS 6 & 7 , Debian 7 & 8, Ubuntu 12.04, 14.04 & 16.04
Important: This release comes on the back of 17.6.0 as we have identified a critical security vulnerability with 17.5.0 and 17.6.0. If you are on 17.5.0 or 17.6.0, please upgrade immediately to this version to keep your GoCD server secure. We want to give sometime for users to upgrade before disclosing the details of the vulnerability.
17.6.0
Important
There has been a critical security vulnerability identified with this release, fixes for the same have been provided in 17.7.0. If you are on 17.6.0, please upgrade immediately to 17.7.0 to keep your GoCD sever and agent secure.
Security Fixes
This release has critical security fixes to prevent CSRF, XSS and Session hijacking exploits. We highly recommend users to upgrade to keep your GoCD server and agent secure.
Thanks 4cad for reporting these issues.
Improvements
42c681d - Added option to skip agent startup on windows. (#3577)
This adds a /START_AGENT=NO to prevent the agent service from starting up when performing a headless installation on windows. See the documentation for more details.
2c95a10 - Improve timestamp rendering on some pages. (#3574)
This improves the timestamp rendering on the job details, stage details and pipeline compare pages. You will now see timestamps in your local timezone.
9450dba - Add a "Rerun Failed" button to rerun failed jobs. (#3570)
The in-built password file authentication plugin now supports bcrypt, which is a stronger password hashing function. GoCD server administrators should migrate SHA1 passwords to use bcrypt instead.
API Enhancements
Introduced a GitHub webhook API to accept push events on a GitHub repository or repositories in a GitHub organization.
Bug Fixes
88f1678 - Disable trigger with options button for view user in the environments page. (#3602)
dba8212 - Javascript error when saving user preferences. (#3576)
30615dc - Reduce the amount of plugins that an agent downloads and initializes. (#3584)
This should reduce the amount of data an agent downloads when a plugin is installed, or the server is upgraded. This will also help reduce the amount of memory used by the GoCD agent process.
Breaking Changes
8dfb1a9 - Removed Environments Config API v1. (#3606)
Version 1 of the Environment Config API was deprecated in 17.3. Version 2 of the API is available, and users are encouraged to use it.
Deprecations
Features that become superseded or irrelevant become deprecated, and are scheduled to be removed in some timeframe.
The following features have been deprecated. Please note the timeframe of when they will be removed.
As of 17.5, support for in-built password file and LDAP/AD authentication have been deprecated. Support for these authentication mechanisms would be removed in 17.9 release (scheduled to be released in September 2017). Existing configuration will be automatically migrated to use the new in-built password file and LDAP/AD authentication plugins. No other action necessary.
The Authorization Plugin endpoints were introduced as an extension to the existing Authentication Plugin endpoints, with this Authentication Plugin endpoint were deprecated as of 17.5.0. Support for this plugin would be removed in 18.1 (scheduled to be release in January 2018). Plugin developers are encouraged to migrate their plugins to use the new Authorization Plugins.
There has been a critical security vulnerability identified with this release, fixes for the same have been provided in 17.7.0. If you are on 17.5.0, please upgrade immediately to 17.7.0 to keep your GoCD sever and agent secure.
Authorization Plugin
Authorization Plugin extension was released as beta in GoCD 17.2.0, over the last couple of releases there has been more work done around fine tuning the endpoint. With this release we are taking the Authorization Plugin endpoint out of beta.
Action required: Early adopters of this extension will have to update their plugins to handle the updated API calls before upgrading GoCD. Refer to the Authorization Plugin Endpoint documentation for the latest changes.
The built-in LDAP and password file based authentication mechanisms have been deprecated and disabled in favor of separate plugins which implement the new Authorization Plugin extensions. The new plugins provide more functionality, with the benefit of allowing users to customize the behavior of these plugins. These plugins are bundled with the GoCD server, so no action will be required from users. Existing passwordFile and ldap configuration would be migrated to make use of these plugins.
LDAP/AD authentication plugin
The bundled LDAP/AD authentication plugin will now allow users to connect to and authenticate with multiple LDAP/AD servers in their organizations. Early adopters of this plugin using the experimental build will have to make changes to their config. Refer to the plugin changelog to see the changes between experimental release to latest stable release.
Introduced a roles API that allows admins to manage user roles.
Bug Fixes
9cec83f - Stop very large file systems (EFS) from being identified as having no space. (#3426)
Large filesystems like EFS, have an amount of storage that exceeds what can be addressed with a java long type (263-1). Any storage space greater than 263-1, will be shown to be 263-1.
2b06534 - Pipeline not getting unlocked upon a successful run. (#3497)
Fixed a issue of pipelines not getting unlocked even upon a successful run of the last stage during a race condition.
26bfeab - Avoid catastrophic regex backtracking during config save. (#3551)
Fixed an issue to avoid catastrophic regex backtracking during xsd validation of custom task command.
2a21e7c - Using UTF-8 to read console to fix encoding issue. (#3486)
Version 2 of the Templates API was deprecated in 17.1. Version 3 of the API is available, and users are encouraged to use it.
Deprecations
Features that become superseded or irrelevant become deprecated, and are scheduled to be removed in some timeframe.
The following features have been deprecated. Please note the timeframe of when they will be removed.
Support for in-built password file and LDAP/AD authentication have been deprecated as of this release. Support for these authentication mechanisms would be removed in 17.9 release (scheduled to be released in September 2017).
As of release 17.3, version 1 of the Environment Config API was deprecated. This version of the API will be removed in 17.6 release (scheduled to be released in June 2017). Version 2 of the API is available, and users are encouraged to use it.
The Authorization Plugin endpoints were introduced as an extension to the existing Authentication Plugin endpoints, with this we are deprecating the Authentication Plugin endpoint. Support for this plugin would be removed in 18.1 (scheduled to be release in January 2018). Plugin developers are encouraged to migrate their plugins to use the new Authorization Plugins.
87b223c - Errors/warnings box in the header. (#3378)
b9e1c20 - Colored border to bottom of job details header. (#3408)
Authorization Plugin (Beta)
There has been more work done around fine tuning the Authorization Plugin endpoints, as part of this some of the plugin API calls have changed. Action required: Early adopters of this extension will have to update their plugins to handle the updated API calls before upgrading Go. Refer Authorization Plugin Endpoint documentation for the latest changes.
eddecb7 - Verify Connection API response has status, message and errors. (#3395)
Performance Improvements
11f19db - Moving pipeline state to a separate table which for now contains locked information about the pipeline. Read locks is held only if we are loading the state from db. (#3204)
Other Improvements
0ac7678 - Displaying pipeline schedule time as localtime on dashboard, environments page and pipeline-history page. Users can hover over it to see timezone information. (#3417)
d13f81a - Switch agent-bootstrapper to use the new logging mechanism. The bootstrapper now has its own agent-bootstrapper-log4j.properties file under the config directory. (#3267)
567820c - Switch agent-launcher to use the new logging mechanism. The launcher now has its own agent-launcher-log4j.properties file under the config directory.
b1af25f - Display plugin name instead of plugin id in the dropdown in the elastic agent profiles page. (#3324)
Bug Fixes
ba510ad - Server now checks if the elastic agent is brought up by the same plugin as was expected by the scheduled elastic job during assignment. (#3418)
b0f4359 - Handle pluggable task view when task plugin is missing. (#3320)
404002e - Render the elastic agent icon only if the plugin info exists for the elastic agent. (#3314)
#3267 - On GoCD agents installed on windows or if using the zip installers, logs will now be written to logs directory instead of the working directory. This would be a breaking change only if there are custom scripts relying on the logs location.
Deprecations
Features that become superseded or irrelevant become deprecated, and are scheduled to be removed in some timeframe.
The following features have been deprecated, along with the timeframe when they will be removed.
As of release 17.1, version 2 of the Templates API was deprecated. This version of the API will be removed in 17.5 release (scheduled to be released in April 2017). Version 3 of the API is available, and users are encouraged to use it.
As of release 17.3, version 1 of the Environment Config API was deprecated. This version of the API will be removed in 17.6 release (scheduled to be released in June 2017). Version 2 of the API is available, and users are encouraged to use it.
Docker Images and AMIs
The GoCD server docker image is now alpine based with support for volume mounts.
To find out what changed in the docker server image, please refer to the changelog.
You can download the docker images for GoCD agents across the following operating systems - Centos 6 & 7 , Debian 7 & 8, Ubuntu 12.04, 14.04 & 16.04
To find out what changed in the docker agent images, please refer to the changelog.
The old phusion based docker images have been moved, they can found under gocd-server-deprecated and gocd-agent-deprecated. We shall stop support for these images in release 17.7 (scheduled to be released in July 2017).
We have an Amazon Linux based AMI for the GoCD Server making it very simple to launch GoCD server on your AWS EC2 instance.
We have an Amazon Linux based AMI for a demo GoCD Server and Agent making it very simple to get started with GoCD on your AWS EC2 instance.
Feedback is appreciated. Please log your feedback or issues on github for the following -
There has been more work done around fine tuning the Authorization Plugin endpoints, as part of this some of the plugin API calls have changed. Action required: Early adopters of this extension will have to update their plugins to handle the updated API calls before upgrading Go. Refer Authorization Plugin Endpoint documentation for the latest changes.
Other Improvements
262c107 - Pipeline Quick Edit, disable edit until save completes. (#3266)
Bug Fixes
8224568 - This fixes 17.2.0 upgrade failures in cases where cruise_config xml had encrypted values with spaces. (#3244)
4db0550 - Agents page retain sort order across page refresh. (#3226)
73e0292 - Elastic Agents, fixed reduntant agent creation calls to the plugin. (#3193)
On GoCD servers installed on windows or if using the zip installers, logs will now be written to logs directory instead of the working directory. This would be a breaking change only if there are custom scripts relying on the logs location.
The gocd/gocd-server docker image now uses alpine as the base image. The phusion images are still supported for GoCD 17.3.0 and can be found at gocd-server-deprecated should you wish to use it.
The gocd/gocd-server docker image no longer recognizes the latest tag. Please use docker pull gocd/gocd-server:v17.3.0 instead.
The gocd/gocd-agent docker image no longer exists. We have a variety of agent images for different distributions. If you wish to continue with the old agent image, please use gocd-agent-deprecated instead.
Deprecations
Features that become superseded or irrelevant become deprecated, and are scheduled to be removed in some timeframe.
The following features have been deprecated, along with the timeframe when they will be removed.
As of release 17.1, version 2 of the Templates API was deprecated. This version of the API will be removed in 17.4 release (scheduled to be released in April 2017). Version 3 of the API is available, and users are encouraged to use it.
As of release 17.3, version 1 of the Environment Config API is deprecated. This version of the API will be removed in 17.6 release (scheduled to be released in June 2017). Version 2 of the API is available, and users are encouraged to use it.
Docker Images and AMIs
The GoCD server docker image is now alpine based with support for volume mounts, with this going forward there will be no more support for phusion based images.
You can download the docker images for GoCD agents across the following operating systems - Centos 6 & 7 , Debian 7 & 8, Ubuntu 12.04, 14.04 & 16.04
We have also introduced an Amazon Linux based AMI for the GoCD Server making it very simple to launch GoCD server on your AWS EC2 instance.
GoCD currently supports password-file, LDAP and plugin based authentication.
In addition to authentication, GoCD offers authorization by restricting certain operations to specific users and groups of users ("roles").
Without the use of authorization plugins, roles can only be managed through GoCD and it does not provide an ability to use roles defined in systems used for authentication (for example in LDAP groups). With this limitation, administrators need to configure roles in multiples places.
The introduction of the authorization plugin endpoint (Beta) allows GoCD to delegate both authentication and authorization of users to plugins. The plugins will have the flexibility to use any identity service providers like LDAP, Google, GitHub etc.
Authorization Plugin Endpoint (beta) documentation is available. We have built LDAP Authentication plugin using the Authorization Plugin Endpoint, this plugin supports only authentication. We would recommend developers to write plugins which support both authentication and authorization and provide us feedback to enhance this endpoint.
Feature Enhancements
c088435 - Template Authorization UI and API enhancements.
All pipeline group admins by default provided view permission to templates. Super admin can restrict this access.
Super admin can provide template view access to users/roles.
Allow template admins to delete templates via UI and API
Other Improvements
3b9f54b - Go server/agent services do not get started on a new installation for debian and rpm based installations in order to allow users to make configuration changes before starting them up. (#3119)
Bug Fixes
7ddf84e - User search functionality - Search through plugins implementing AuthenticationExtension. (#3107)
ad1a118 - Sort resources and environments alphabetically on agents page selector dropdown. (#3134)
Multiple UI fixes on the old and new themes.
Security Fixes
a837fc0 - Ensures passwords in git or hg material url's is masked before logging or using in server health message. (#3171)
Breaking changes
8f88269 - Removed support for API based plugins. (#3102)
Below is the list of plugins that will stop working in 17.2.0
As of release 16.12, version 2 of the Pipeline Config API was deprecated. Version 3 of the API is available going forward. Users are encouraged to use it.
As of release 16.12, version 1 of the Plugin Info API was deprecated. Version 2 of the API is available going forward. Users are encouraged to use it.
Stopped support for git versions older than 1.9.
As of release 16.12, git versions older than 1.9 were deprecated. Users are recommended to upgrade git on the GoCD server and agents (if git is used as a material). We are aware that the linux distributions have an older version of git installed by default. Please refer to this and/or this to upgrade git.
Deprecations
Features that become superseded or irrelevant become deprecated, and are scheduled to be removed in some timeframe.
The following features have been deprecated, along with the timeframe when they will be removed.
As of release 17.1, version 2 of the Templates API was deprecated. This version of the API will be removed in 17.4 release (scheduled to be released in April 2017). Version 3 of the API is available, and users are encouraged to use it.
Optimization to full config save through UI and API to give significant improvements in the config save time. Our performance runs show full config save times reduced by half.
Starting with the 17.1 release of GoCD, Server and Agents will only run with Java 8. Users are encouraged to upgrade to the latest release of GoCD with Java 8.
Windows installations of GoCD need not install Java 8 separately since the Windows installer comes bundled with a JRE. However this may require users to upgrade the agent installer on Windows.
If you have trouble while upgrading to Go version 17.1, please take a look at the
troubleshooting page in the
documentation.
7a48c1a - Removed GoCD OpenSocial Gadget (Card activity tab) and Pipeline Dashboard Widget in Mingle. (#1908)
As of release 16.12, the OpenSocial gadgets was deprecated. This feature is now removed because of a couple of reasons —
(a) there's not enough evidence of many users using this feature in a way that'll impact their usage of GoCD
(b) the underlying implementation framework (Apache Shindig) hasn't been maintained for quite some time and contained several security vulnerabilities.
7274d23 - Removed Version 2 and 3 of the Agents API. (#2984)
As of release 16.12, version 2 and version 3 of the Agents API was deprecated. Version 2 of Agents API was introduced in 15.3.0 and version 3 of the API was introduced in 16.8. These versions of the API have been removed in favor of version 4 of this API. This API is backward compatible, and users are encouraged to use it.
As of release 16.11, version 1 of the Templates API was deprecated. Users are encouraged to use Version 3 of the API which is backward compatible with Version 1.
f2ac6b1 - Removed support for text based API support log. (#2975)
The following features have been deprecated, along with the timeframe when they will be removed.
As of release 16.12, git versions older than 1.9 are deprecated. Support for git versions older than 1.9 will be stopped in 17.2 (scheduled to be released in February 2017). Users are recommended to upgrade git on the GoCD server and agents (if git is used as a material). We are aware that the linux distributions have an older version of git installed by default. Please refer to this and/or this to upgrade git.
As of release 16.12, version 1 of the Plugin Info API is deprecated. This version of the API will be removed in 17.2 release (scheduled to be released in Feb 2017). Version 2 of the API is available, and users are encouraged to use it.
As of release 17.1, version 2 of the Templates API is deprecated. This version of the API will be removed in 17.4 release (scheduled to be released in April 2017). Version 3 of the API is available, and users are encouraged to use it.
As of release 16.12, version 2 of the Pipeline Config API is deprecated. This version of the API will be removed in 17.2 release (scheduled to be released in Feb 2017). Version 3 of this API is backward compatible, and users are encouraged to use it.
As of release 16.7, Java API based Go Plugins have been deprecated. Support for running these plugins will be removed in 17.2 (scheduled to be released in February 2017). Plugin developers are encouraged to upgrade their plugins to use JSON message based plugin API. to build plugins.
Below is the list of plugins that will stop working in 17.2.
Note: The GoCD team has built a shim that allows migration of all plugins with minimal change. We are actively working with plugin authors to ensure that these plugins are migrated over in time for 17.2.
The entire application has been refreshed to sport a flat look.
If you have feedback or issues with the new look please log them at GitHub.
Agents Page
A brand new snappy and light-weight replacement for viewing and managing agents!
The old page is still available as a toggle.
If you have feedback or issues with the new agents page please log them at GitHub.
Elastic Agents
Elastic agents is now a fully supported feature in GoCD.
To be able to use elastic agents, you should install an existing elastic-agent plugin, or write your own. Once the plugin is installed you must configure an "elastic agent profile" that you can associate with the jobs that require elastic agents.
TFS Upgrade
We have upgraded to TEE SDK 14.0.3. Users will now be able to use GoCD with TFS 2012, 2013, 2015 and Visual Studio Team Services. Please file an issue if you're having issues connecting to TFS repositories. Earlier versions of TFS are no longer supported and may not work.
Pipeline Edit Link
Users can now directly navigate to the pipeline settings page from the stage and job detail page.
9aabf48 - Introduced version 2 of Plugin Info API to provide complete metadata for plugin type package-repository and icons for plugins that provide it.
Other Improvements
fddc9fe - Improve performance of downloading of agent jars on a server upgrade. (#2813)
5387e21 - Handling cleanup of agent and launcher jars from previous version of agent during an upgrade. (#2789)
b97b635 - Generate additional windows installers to be able to package 32 bit and 64 bit JRE.
There are two flavors of Server and Agent installers for Windows, one packaged with 64 bit JRE and the other with 32 bit JRE. 32-bit JREs only allow up-to 2GB of memory. Because large GoCD servers usually need more than 2GB of heap size, we recommend using a Server with 64 bit JRE. Agents should continue to use 32 bit JRE unless required.
b763d31 - Generate SHA-256 webserver certs instead of SHA-1. (#2842)
The self-signed web-server certificate that GoCD generates is now a SHA-256 certificate instead of a SHA-1 certificate. SHA1 certificates have been deprecated by most browser vendors and users will start to see a warning in their browsers.
Any new installations of GoCD will generate a SHA-256 certificate. For existing installations, users should remove the file config/keystore to allow GoCD to regenerate a new server certificate. Depending on your end-to-end transport security settings you may need to configure the -rootCertFile argument to the GoCD agent.
Bug Fixes
b34da2d - Bug fixes to ensure that git gc on the config repository works as expected.
a34c6dc - Allow dots in the repository and package id. (#2844)
Miscellaneous fixes to the new quick edit and agents pages.
5052154 - Removed Pipeline Config API V1. This API was deprecated since 16.7 and has been replaced with version 3. Version 3 of the API is available, and users are encouraged to use it.
Microsoft Internet Explorer versions older than 11 are no longer supported. Please use IE 11 or higher. Microsoft Edge is recommended.
Deprecations
Features that become superseded or irrelevant become deprecated, and are scheduled to be removed in some timeframe.
The following features have been deprecated, along with the timeframe when they will be removed.
We shall be stopping support for git versions older than 1.9 in three months time (Feb 2017). Users are recommended to upgrade git on the GoCD server and agents (if git is used as a material). We are aware that the linux distributions have an older version of git installed by default. Please refer to this and/or this to upgrade git.
The GoCD api support page http://your-server:8153/go/api/support supports JSON and plain-text outputs. JSON has been the default since release 16.6. We will be removing the plain-text output in release 17.1 (scheduled to be released in Jan 2017). It is much simpler to consume the JSON output than the plain-text output.
As of release 16.12, the OpenSocial gadgets have been deprecated. This feature will be removed in 17.1 (scheduled to be released in Jan 2017). This has been done for a few of reasons —
(a) there's not enough evidence of many users using this feature in a way that'll impact their usage of GoCD
(b) the underlying implementation framework (Apache Shindig) hasn't been maintained for quite some time and contain several security vulnerabilities.
As of release 16.12, version 1 of the Plugin Info API is deprecated. This version of the API will be removed in 17.2 release (scheduled to be released in Feb 2017). Version 2 of the API is available, and users are encouraged to use it.
As of release 16.11, version 1 of the Templates API is deprecated. This version of the API will be removed in 17.1 release (scheduled to be released in Jan 2017). Version 2 of the API is available, and users are encouraged to use it.
As of release 16.12, version 2 and version 3 of the Agents API is deprecated. Version 2 of Agents API was introduced in 15.3.0 and version 3 of the API was introduced in 16.8. These versions of the API will be removed in 17.1 release (scheduled to be released in Jan 2017). Version 4 of this API is backward compatible, and users are encouraged to use it.
As of release 16.5, Java 7 support was deprecated. Java 7 support will be removed in 17.1 release (scheduled to be released in January 2017). GoCD works great with Java 8, and users are encouraged to use it.
As of release 16.12, version 2 of the Pipeline Config API is deprecated. This version of the API will be removed in 17.2 release (scheduled to be released in Feb 2017). Version 3 of this API is backward compatible, and users are encouraged to use it.
As of release 16.7, Java API based Go Plugins have been deprecated. Support for running these plugins will be removed in 17.1 (scheduled to be released in January 2017). Plugin developers are encouraged to upgrade their plugins to use JSON message based plugin API. to build plugins.
Below is the list of plugins that will stop working in 17.1.
Note: The GoCD team has built a shim that allows migration of all plugins with minimal change. We are actively working with plugin authors to ensure that these plugins are migrated over in time for 17.1.
e3d3360 - Allow pipeline group admins to create or update SCMs.
d646cfc - Added a blank check for build tasks' attributes.
5a54b2b - Change current directory of agent's batch file in windows 8.
008f4f4 - Fix the checkbox to allow known users to login in server configuration page.
e49cac1 - Handling empty responses from package material plugins.
Breaking changes
No breaking changes in this release.
Deprecations
Features that become superseded or irrelevant become deprecated, and are scheduled to be removed in some timeframe.
The following features have been deprecated, along with the timeframe when they will be removed
As of release 16.11, version 1 of the Templates API is deprecated.
This version of the API will be removed in 17.1 release (scheduled to be released in January 2017).
Version 2 of the API is available, and users are encouraged to use it.
As of release 16.5, Java 7 support was deprecated.
Java 7 support will be removed in 17.1 release (scheduled to be released in January 2017).
GoCD works great with Java 8, and users are encouraged to use it.
As of release 16.7, version 1 of the Pipeline Config API was deprecated.
This version of the API will be removed in 16.10 release (scheduled to be released in Oct 2016).
Version 2 of this API is backward compatible, and users are encouraged to use it.
As of release 16.7, Java API based Go Plugins have been deprecated.
Support for running these plugins will be removed in 17.1 (scheduled to be released in January 2017).
Plugin developers are encouraged to upgrade their plugins to use JSON message based plugin API. to build plugins.
Below is the list of plugins that will stop working in 17.1, unless those changes are made.
This is a new page for managing agents, which should feel a lot more light weight and snappier than the existing agents page.
We would really appreciate your feedback to make this page better. If you notice any issues or bugs with this page, please submit a bug report on GitHub
How do I use this?
Click on the "Check out the new agents page" on the agents page that you're familiar with.
Known issues
#2735 - Agents Bulk update API: Enabling a pending agent returns 400 bad request
Improvements
53d0d42 - Show details about linux distribution flavors and versions. (#2608)
cc69476 - Filter for pipeline history view. (#2391)
API enhancements
687d454 - Added new API to manage pipeline templates. (#2233)
f8ab50a - Added PATCH support for environments update API, this will allow you to specify pipelines and agents that should be added and/or removed in a single API call.
09c864e - Added Agents API V4. This adds a 'build_details' property with relevant links to the job that is currently building on the agent.
Bug fixes
2d8ec07 - Spaces are not trimmed from environment variables. (#1411)
845ee9b - Tweak the agent registration protocol a bit. (#2558)
ee9cdae - Escape the jar URL to allow symbols such as # (needed when running GoCD on Mesos).
Security fixes
1f2a189 - Do not display the value of secure environment variable in templates view. (#2652)
Performance improvements
53ab276 - Removed an extra post merge validation. (#2594)
Breaking changes
No breaking changes in this release
Deprecations
Features that become superseded or irrelevant become deprecated, and are scheduled to be removed in some timeframe.
The following features have been deprecated, along with the timeframe when they will be removed
As of release 16.5, Java 7 support was deprecated.
Java 7 support will be removed in 17.1 release (scheduled to be released in January 2017).
GoCD works great with Java 8, and users are encouraged to use it.
As of release 16.7, version 1 of the Pipeline Config API was deprecated.
This version of the API will be removed in 16.10 release (scheduled to be released in Oct 2016).
Version 2 of this API is backward compatible, and users are encouraged to use it.
As of release 16.7, Java API based Go Plugins have been deprecated.
Support for running these plugins will be removed in 17.1 (scheduled to be released in January 2017).
Plugin developers are encouraged to upgrade their plugins to use JSON message based plugin API. to build plugins.
Below is the list of plugins that will stop working in 17.1, unless those changes are made.
Aravind SV, Ganesh S Patil, Juhi Jariwala, Ketan Padegaonkar, Mahesh Panchaksharaiah, Matt Devlin (Mdevlin4 on GitHub), Sumanth Kumar Mora, Naveen Bhaskar, Rajiesh Narayanan, Tim Anderegg, Tomasz Sętkowski, Varsha Varadarajan, Venkata Jaswanth, Zabil Cheriya Maliackal
Currently, editing a pipeline means navigating through multiple pages (and page refreshes), for modifying stages, jobs with tabs for options and environment variables, etc. Quick edit to make it smoother.
With this feature, you can change a pipeline's materials/stages/jobs/tasks simultaneously and update it as single operation. This feature also uses the new pipeline config API to make your configuration changes quicker.
How do I use this?
Click on "Quick Edit" button on the pipeline edit page.
Click on "Normal Edit" button to get back to old edit page.
Why is this beta?
We are working on adding few missing features like:
dc78601 - Added validation of the encryptedPassword attribute of password aware materials - SVN, P4, TFS.
Security Fixes
faa6a2a - Removed displaying url's from the not found page. (#2584)
ca7ff9c - Changed the package material check-connection request from GET to POST. (#2550)
Deprecations
Features that become superseded or irrelevant become deprecated, and are scheduled to be removed in some timeframe.
The following features have been deprecated, along with the timeframe when they will be removed
As of release 16.5, Java 7 support was deprecated.
Java 7 support will be removed in 17.1 release (scheduled to be released in January 2017).
GoCD works great with Java 8, and users are encouraged to use it.
As of release 16.7, version 1 of the Pipeline Config API was deprecated.
This version of the API will be removed in 16.10 release (scheduled to be released in Oct 2016).
Version 2 of this API is backward compatible, and users are encouraged to use it.
As of release 16.7, Java API based Go Plugins have been deprecated.
Support for running these plugins will be removed in 17.1 (scheduled to be released in January 2017).
Plugin developers are encouraged to upgrade their plugins to use JSON message based plugin API. to build plugins.
Below is the list of plugins that will stop working in 17.1.
The new extension point allows the gocd server (with the help of plugins) to spin up and shut down agents on demand.
This extension point allows plugin developers to write plugins that allow GoCD to hook into and leverage various technologies
like Docker, AWS,
GCE, Kubernetes.
Developers can start building their own elastic agent plugins by forking the
skeleton plugin
and looking at a sample docker plugin
as an example reference implementation. The plugin API documentation can be found here.
API Enhancements
ee281ec - Added v3 of agents API to render (read-only) elastic agent attributes.
Security Fixes
d8cd812 - Disallowed directory listing of certain folders on the GoCD server.
d05746b - Added a friendlier error message on failing to send test email.
fb32102 - Disallowed Plugin Interact endpoint for non Authentication Plugins.
4d871a6 - Add cache control and pragma header to login page.
Breaking Changes
e7bb87b - Added a custom header to the Create Backup API.
914974d - Added a custom header for the Create Artifact API.
Performance fixes
670df79 - Re-use SSL connections by specifying a user principal as part of all remoting connections.
4c472e1 - Used fixed delay instead rate execution of agent ping thread.
Deprecations
Features that become superseded or irrelevant become deprecated, and are scheduled to be removed in some timeframe.
The following features have been deprecated, along with the timeframe when they will be removed
As of release 16.5, Java 7 support was deprecated.
Java 7 support will be removed in 17.1 release (scheduled to be released in January 2017).
GoCD works great with Java 8, and users are encouraged to use it.
As of release 16.7, version 1 of the Pipeline Config API was deprecated.
This version of the API will be removed in 16.10 release (scheduled to be released in Oct 2016).
Version 2 of this API is backward compatible, and users are encouraged to use it.
As of release 16.7, Java API based Go Plugins have been deprecated.
Support for running these plugins will be removed in 17.1 (scheduled to be released in January 2017).
Plugin developers are encouraged to upgrade their plugins to use JSON message based plugin API. to build plugins.
For GoCD developers
8806f6b - Added a vagrant file to allow local development and testing of GoCD.
Contributors
Aravind SV, Ganesh Patil, Jyoti Singh, Ken Mugrage, Ketan Padegaonkar, Mahesh Panchaksharaiah, Naveen Bhaskar, norcnorc, Rajiesh Narayanan, Sumanth M, Tomasz Setkowski, Varsha Varadarajan, Zabil Cheriya Maliackal
GoCD configuration under SCM (a.k.a Config repositories)
Manage pipeline configurations from one or more source-control repositories (think "git repository") and modify them externally.
You can find more details about it here,
and watch a quick demo of this feature here.
Known issues
Upgrading the agent to 16.7.0 before upgrading the server is known to cause issues. Users are advised to first upgrade the server to 16.7.0 before they upgrade the agent.
In case you are seeing issues with the agent not starting up after the upgrade, please see this comment.
d4a7639 - Support for updating whitelists using pipeline configuration API.
Security fixes
103340c - Upgraded all agent-server communication to use HTTPS by default. Read more about how to improve security of your GoCD setup.
3d2afad - Pluggable tasks secure configurations are encrypted before saving to xml configuration. (#903)
657feb3 - Added missing security headers on a few pages to activate web browser protection.
6909484 - Escaped the error message in the repositories page. (XSS).
Breaking changes
f58e900 - Removed Agents API v1, users should use version 2 of the. Agents API
5602048 - Removed old backup API, users should user version 1 of the. Backup API
Deprecations
Features that become superseded or irrelevant become deprecated, and are scheduled to be removed in some timeframe.
The following features have been deprecated, along with the timeframe when they will be removed
As of release 16.5, Java 7 support was deprecated.
Java 7 support will be removed in 17.1 release (scheduled to be released in January 2017).
GoCD works great with Java 8, and users are encouraged to use it.
As of release 16.7, version 1 of the Pipeline Config API was deprecated.
This version of the API will be removed in 16.10 release (scheduled to be released in Oct 2016).
Version 2 of this API is backward compatible, and users are encouraged to use it.
As of release 16.7, Java API based Go Plugins have been deprecated.
Support for running these plugins will be removed in 17.1 (scheduled to be released in January 2017).
Plugin developers are encouraged to upgrade their plugins to use JSON message based plugin API. to build plugins.
Below is the list of plugins that will stop working in 17.1.
#2314 - Handling the triggering of a pipeline for monolithic repositories using a whitelist.
For example, in a repository 'baz' with folders/projects 'foo/bar' and 'foo/qux' one
can trigger the pipeline only on changes to 'foo/bar' by configuring it as a whitelisted folder.
API Enhancements
#2240 - Added a URL endpoint to grab a snapshot of the GoCD config git repository.
For example, backup the config repo 'config-repository' using:
#2283 - Changed the existing API /api/support to return information in JSON format for easier parsing.
This end point also returns more information to identify performance bottlenecks.
#2239 - Added a version API to get the version of Go server.
Performance Improvements
#2248 - Improved page load performance across the board.
Deprecations
Features that become superseded or irrelevant become deprecated, and are scheduled to be removed in some timeframe.
The following features have been deprecated, along with the timeframe when they will be removed
As of release 16.5, Java 7 support was deprecated.
Java 7 support will be removed in 17.1 release (scheduled to be released in January 2017).
GoCD works great with Java 8, and users are encouraged to use it.
Upcoming Feature - Config in a repository
This release also adds foundation for reading pipeline configuration from the material's repository.
This feature is still in development and more details can be found
here.
Note
A more comprehensive list of changes for this release can be found here.
We've graduated from being Java 8 compatible to officially supporting it!
You can see our journey to this milestone
here.
GoCD will continue to support Java 7 till release 17.1 scheduled for January 2017. Post that, we will exclusively support Java 8. We recommend that you plan for and upgrade to Java 8 (for both GoCD server and agents) before the 17.1 release.
Performance
#2145 - Handle large modifications made to SCM materials without memory issues on the agent.
Materials
Fixes around handling git rebase
#2110 - Fix automatic build loop after a git rebase.
#2136 - Warnings on VSM if pipeline is built with incompatible revisions.
Deprecations
Features that become superseded or irrelevant become deprecated, and are scheduled to be removed in some timeframe.
The following features have been deprecated, along with the timeframe when they will be removed
As of release 16.5, Java 7 support is deprecated.
Java 7 support will be removed in 17.1 release (scheduled to be released in January 2017).
GoCD works great with Java 8, and users are encouraged to use it.
Note
A more comprehensive list of changes for this release can be found here.
Important: There are several security fixes to prevent XSS, CSRF and remote execution exploits. We highly recommend this upgrade to keep your GoCD server and agent secure.
Performance
#2106 - Handle eviction/expiry of composite-keys from GoCache.
Note
A more comprehensive list of changes for this release can be found here.
Contributors
Special thanks again to drrb for reporting and verifying all of the security vulnerabilities in this release.
Important: This release fixes several XSS and CSRF vulnerabilities which can be exploited in earlier versions. As the changes are extensive, patches for older releases will not be provided. We recommend all users to upgrade to this version to safeguard your GoCD server.
These security vulnerabilities were responsibly disclosed by drrb. We want to give users some time to upgrade, before providing more details about the vulnerabilities. We will work with drrb on the specifics of providing these details, soon.
The old java API-based plugin extensions for tasks and package repositories has been deprecated. Developers are encouraged to use the new JSON message-based APIs to author plugins.
These APIs will be removed in the September release of GoCD.
In light of downward trend in Solaris installers, we are now considering a timeline to stop providing Solaris installers for GoCD. Users can continue to use the generic zip files to run GoCD on Solaris. However the support for Solaris will be on a best-effort basis.
We will stop providing Solaris installers from the July release of GoCD.
Note
A more comprehensive list of changes for this release can be found here.
Contributors
Special thanks to drrb for reporting and verifying all of the security vulnerabilities in this release.
We are moving to a more regular release schedule, and so you might see releases with mostly issues fixed, while bigger level features are in progress across releases.
Important features and bug fixes in this release -
The comprehensive list of changes for this release can be found here.
Thanks!
Tomasz Setkowski, Sean Escriva for making this release of GoCD better!
15.3.1
What's new in GoCD 15.3.1
Important: 15.3.1 has been removed from the downloads page because it had an issue which could have caused problems during configuration save. The issue
mentioned is fixed in 16.1.0. The rest of the issues mentioned below are a part of 16.1.0 as well. We highly recommend upgrading to 16.1.0.
The comprehensive list of changes for this release can be found here.
15.3.0
New API for editing pipelines
A convenience JSON HAL compliant API for modifying pipelines. Check
api.gocd.org for usage details.
Get informed about updates
A new version of Go CD is released every few months, with this feature you'll now be notified about the latest supported release (if you are running an older version).
The comprehensive list of changes for this release can be found
here.
Thanks!
Tomasz Setkowski, Steve Hill, Alex Schwartz, Pooja R, Srinivas Upadhya, Xiao Li, Sandy Gordon, Arun Kumar, Björn Andersson, Federica Luraschi, Graham Christensen, Parker Shelton, Justin, Max Griffiths, Ashok Gowtham M, Massood, Ben Overmyer,James M. Greene, Ashwanth Kumar, Jakub Narloch, Alex Voitau, Joakim Wånggren, Paul Clarkin, X O and markuswehrle for making Go better.
15.2.0
Improvements to the console log
GoCD now supports rendering of ANSI color codes to show you much more beautiful console logs. Additionally, Go will automatically follow the logs as your build produces it, very much like your favorite terminal program.
Authentication end-point
With the newly exposed authentication end-point, Go users can now add custom authentication schemes through plugins. Read the blog
post for details.
Setup hostname when auto-registering agents
You can now specify a property agent.auto.register.hostname to setup the hostname when
auto-registering an agent.
API Improvements
Go's APIs are fairly old, have inconsistent and unpredictable content types (csv, xml, json, plain text).
Going forward, we would like to announce an ongoing effort to improve and migrate existing APIs to use something that is more modern, easy to discover, learn and build API clients for.
This new plugin endpoint introduced in 15.1 allows Go's already long list of source code materials to be extended without making changes to the core!
Support for this endpoint brought along support for GitHub pull requests, contributed by an external contributor @ashwanthkumar (so exciting!), with support from a Go core contributor, @srinivasupadhya.
You'll never need to wish that Go supported your favorite kind of material repository, you can implement support for it yourself!
Here's how the GitHub pull requests plugin looks in action (below). Read more about it in this blog post. Watch out for more improvements in the UI around this area.
New plugin endpoint for "Notifications"
Continuing on the path of opening up different parts of Go for extension, Go 15.1 introduces a new plugin endpoint for notifications. At this point, Go notifies the plugin of changes in the status of every stage, as it happens! This allows
for quite a lot of use cases, and we are excited to see plugins written against this endpoint even before release (yay, open source!).
@matt-richardson has written a really nice generic notification plugin, which sends build notifications to any websocket listener! @ashwanthkumar has written a great plugin to notify Slack about build status changes. @srinivasupadhya has written a couple of nice notification plugins to update pull request statuses in GitHub and Atlassian
Stash.
This contribution by @alexschwartz helps declutter the Go Dashboard, by allowing the pipeline label to be trimmed, per material. This feature is really useful when dealing with unwieldy 40 character
SHAs in pipelines with git/mercurial materials in them. This feature allows this:
Starting from Go 15.1, Go's console logs will have timestamps for every line. This is very useful for finding out long-running parts of tasks. Here's how it looks:
More ...
This release is filled with many other notable features, changes and fixes, such as:
#848 - Support for Mercurial versions 2.0 and greater.
#781 - Post-commit hook for Mercurial (contribution by Go team alumnus, @sachinsudheendra).
#768 - A beta feature to upload plugins directly from within the Go plugins tab (contribution by @pwen and @pamo).
#700 - Run multiple agents as services - for Linux (contribution by @bernardn).
#400 - Large part of a long-pending upgrade from Jetty 6 to Jetty 9 (turned off, by default in 15.1 - Waiting for some performance fixes on Jetty's side).
#104 - Agents do not restart because of a server restart, any more (plugin sync issue fixed).
#725 - Pipeline instance information through APIs.
#941 - Small improvement around config save -Look for a lot more around this area soon!
#877 - Performance improvements around CCTray and APIs.
44 - Revise how new pipelines appear under 'Personalize'. Thanks @mmb for the contribution. (docs)
699 - Users can comment on pipeline run history. (docs) Note: This feature needs some improvements
listed here. Therefore the feature is turned 'off' for this release. To turn 'on' the feature, see details.
Thanks @mmb, @gajwani,@fkotsian & @bsnchancontribution.
Bug Fixes
716 - Multiline commit comments don't trigger notifications. Thanks @mythgarr for the contribution.
360 - Unable to 'clean working directory' when recursive symlinks are present. Also, improved logging for error scenario. Thanks @mmb & @gajwani for the contribution.
770 - 'Check connection' for package materials fails in 'new pipeline creation' wizard when there are many other task plugins registered.
Others
688 - Change command error stream prefix to STDERR. Thanks @mmb for the contribution.
769 - Remove unnecessary logging from test environment. Thanks @hammerdr for the contribution.
14.3.0
New Features
396 - Automate running 'X' instances of a particular job and achieve faster results by parallelization. (docs)
