Check out "Enhancements" and "Bug fixes" for specific versions of Go below. As always, feel free to tell us what you think, or file a bug on GitHub.
We try our best to credit all contributors. Apologies if we miss you out. Let us know and we will change this. Thanks to everyone for contributing patches, feature requests, reporting issues and participating in various discussions.
Important: This release comes on the back of 17.6.0 as we have identified a critical security vulnerability with 17.5.0 and 17.6.0. If you are on 17.5.0 or 17.6.0, please upgrade immediately to this version to keep your GoCD server secure. We want to give sometime for users to upgrade before disclosing the details of the vulnerability.
There has been a critical security vulnerabilty identified with this release, fixes for the same have been provided in 17.7.0. If you are on 17.6.0, please upgrade immediately to 17.7.0 to keep your GoCD sever and agent secure.
This release has critical security fixes to prevent CSRF, XSS and Session hijacking exploits. We highly recommend users to upgrade to keep your GoCD server and agent secure. Thanks 4cad for reporting these issues.
42c681d - Added option to skip agent startup on windows. (#3577)
This adds a /START_AGENT=NO to prevent the agent service from starting up when performing a headless installation on windows. See the documentation for more details.
2c95a10 - Improve timestamp rendering on some pages. (#3574)
This improves the timestamp rendering on the job details, stage details and pipeline compare pages. You will now see timestamps in your local timezone.
9450dba - Add a "Rerun Failed" button to rerun failed jobs. (#3570)
The in-built password file authentication plugin now supports bcrypt, which is a stronger password hashing function. GoCD server adminstrators should migrate SHA1 passwords to use bcrypt instead.
88f1678 - Disable trigger with options button for view user in the environments page. (#3602)
dba8212 - Javascript error when saving user preferences. (#3576)
30615dc - Reduce the amount of plugins that an agent downloads and initializes. (#3584)
This should reduce the amount of data an agent downloads when a plugin is installed, or the server is upgraded. This will also help reduce the amount of memory used by the GoCD agent process.
8dfb1a9 - Removed Environments Config API v1. (#3606)
Version 1 of the Environment Config API was deprecated in 17.3. Version 2 of the API is available, and users are encouraged to use it.
Features that become superseded or irrelevant become deprecated, and are scheduled to be removed in some timeframe.
The following features have been deprecated. Please note the timeframe of when they will be removed.
Support for in-built password file and LDAP/AD authentication have been deprecated as of 17.5.0. Support for these authentication mechanisms would be removed in 17.9 release (scheduled to be released in September 2018).
The Authorization Plugin endpoints were introduced as an extension to the existing Authentication Plugin endpoints, with this Authentication Plugin endpoint were deprecated as of 17.5.0. Support for this plugin would be removed in 18.1 (scheduled to be release in January 2018). Plugin developers are encouraged to migrate their plugins to use the new Authorization Plugins.
Ankit Srivastava, Aravind SV, Bhupendrakumar Piprava, Drew Sonne, Jyoti Singh, Kerry Wilson, Ketan Padegaonkar, Lubaina R, Mahesh Panchaksharaiah, Naveen Bhaskar, Rajiesh N, Sean Escriva, Stephen Murby, Varsha Varadarajan
https://hackerone.com/gocd/thanks
A more comprehensive list of changes for this release can be found here.
Have ideas and want to contribute? Need some help getting started? We're here to help. Reach out to us at support@thoughtworks.com.
Found a security issue that needs fixing? Please report it to https://hackerone.com/gocd
There has been a critical security vulnerabilty identified with this release, fixes for the same have been provided in 17.7.0. If you are on 17.5.0, please upgrade immediately to 17.7.0 to keep your GoCD sever and agent secure.
Authorization Plugin extension was released as beta in GoCD 17.2.0, over the last couple of releases there has been more work done around fine tuning the endpoint. With this release we are taking the Authorization Plugin endpoint out of beta.
Action required: Early adopters of this extension will have to update their plugins to handle the updated API calls before upgrading GoCD. Refer to the Authorization Plugin Endpoint documentation for the latest changes.
The built-in LDAP and password file based authentication mechanisms have been deprecated and disabled in favor of separate plugins which implement the new Authorization Plugin extensions. The new plugins provide more functionality, with the benefit of allowing users to customize the behavior of these plugins. These plugins are bundled with the GoCD server, so no action will be required from users. Existing passwordFile and ldap configuration would be migrated to make use of these plugins.
LDAP/AD authentication plugin
The bundled LDAP/AD authentication plugin will now allow users to connect to and authenticate with multiple LDAP/AD servers in their organizations. Early adopters of this plugin using the experimental build will have to make changes to their config. Refer to the plugin changelog to see the changes between experimental release to latest stable release.
Password File Authentication Plugin
The bundled Password File Authentication Plugin currently supports only SHA1 hashed passwords, but support for other hashing functions is on its way.
There are 2 new sets of pages that allows configuring the authorization plugins and mapping of GoCD roles to users.
9cec83f - Stop very large file systems (EFS) from being identified as having no space. (#3426)
Large filesystems like EFS, have an amount of storage that exceeds what can be addressed with a java long type (263-1). Any storage space greater than 263-1, will be shown to be 263-1.
2b06534 - Pipeline not getting unlocked upon a successful run. (#3497)
Fixed a issue of pipelines not getting unlocked even upon a successful run of the last stage during a race condition.
26bfeab - Avoid catastrophic regex backtracking during config save. (#3551)
Fixed an issue to avoid catastrophic regex backtracking during xsd validation of custom task command.
2a21e7c - Using UTF-8 to read console to fix encoding issue. (#3486)
e89fdb6 - CCTray permission bug fix. (#3516)
Allow users to see all pipelines in CCTray when no global superadmins are setup to make the behavior consistent with dashboard.
bd64d11 - Removed Templates API v2. (#3441)
Version 2 of the Templates API was deprecated in 17.1. Version 3 of the API is available, and users are encouraged to use it.
Features that become superseded or irrelevant become deprecated, and are scheduled to be removed in some timeframe.
The following features have been deprecated. Please note the timeframe of when they will be removed.
Support for in-built password file and LDAP/AD authentication have been deprecated as of this release. Support for these authentication mechanisms would be removed in 17.9 release (scheduled to be released in September 2018).
As of release 17.3, version 1 of the Environment Config API was deprecated. This version of the API will be removed in 17.6 release (scheduled to be released in June 2017). Version 2 of the API is available, and users are encouraged to use it.
The Authorization Plugin endpoints were introduced as an extension to the existing Authentication Plugin endpoints, with this we are deprecating the Authentication Plugin endpoint. Support for this plugin would be removed in 18.1 (scheduled to be release in January 2018). Plugin developers are encouraged to migrate their plugins to use the new Authorization Plugins.
Ankit Srivastava, Aravind SV, Badri J, Bhupendrakumar Piprava, Chris Northwood, David Rice, Emily Luke, Huimin Li, Isabelle Carter, Jen Marley, Jyoti Singh, Ketan Padegaonkar, Kiera Radman, Kyle Olivo, Louda Peña, Lubaina R, Mahesh Panchaksharaiah, Marques Lee, Rajiesh N, Suzie Prince, Varsha Varadarajan
A more comprehensive list of changes for this release can be found here.
Have ideas and want to contribute? Need some help getting started? We're here to help. Reach out to us at support@thoughtworks.com.
Found a security issue that needs fixing? Please report it to https://hackerone.com/gocd
d6d59fb - Enhanced console log view with an option to expand/collapse outputs of comamnds. (#3199)
a4d669c - Full screen mode for console logs. (#3293)
8bcc3c7 - Add toggles to timestamps. (#3199)
f4a3b07 - Job run history dropdown. (#3299)
87b223c - Errors/warnings box in the header. (#3378)
b9e1c20 - Colored border to bottom of job details header. (#3408)
There has been more work done around fine tuning the Authorization Plugin endpoints, as part of this some of the plugin API calls have changed. Action required: Early adopters of this extension will have to update their plugins to handle the updated API calls before upgrading Go. Refer Authorization Plugin Endpoint documentation for the latest changes.
11f19db - Moving pipeline state to a separate table which for now contains locked information about the pipeline. Read locks is held only if we are loading the state from db. (#3204)0ac7678 - Displaying pipeline schedule time as localtime on dashboard, environments page and pipeline-history page. Users can hover over it to see timezone information. (#3417)d13f81a - Switch agent-bootstrapper to use the new logging mechanism. The bootstrapper now has its own agent-bootstrapper-log4j.properties file under the config directory. (#3267)567820c - Switch agent-launcher to use the new logging mechanism. The launcher now has its own agent-launcher-log4j.properties file under the config directory.b1af25f - Display plugin name instead of plugin id in the dropdown in the elastic agent profiles page. (#3324)ba510ad - Server now checks if the elastic agent is brought up by the same plugin as was expected by the scheduled elastic job during assignment. (#3418)b0f4359 - Handle pluggable task view when task plugin is missing. (#3320)404002e - Render the elastic agent icon only if the plugin info exists for the elastic agent. (#3314)Features that become superseded or irrelevant become deprecated, and are scheduled to be removed in some timeframe.
The following features have been deprecated, along with the timeframe when they will be removed.
As of release 17.1, version 2 of the Templates API was deprecated. This version of the API will be removed in 17.5 release (scheduled to be released in April 2017). Version 3 of the API is available, and users are encouraged to use it.
As of release 17.3, version 1 of the Environment Config API was deprecated. This version of the API will be removed in 17.6 release (scheduled to be released in June 2017). Version 2 of the API is available, and users are encouraged to use it.
The old phusion based docker images have been moved, they can found under gocd-server-deprecated and gocd-agent-deprecated. We shall stop support for these images in release 17.7 (scheduled to be released in July 2017).
Feedback is appreciated. Please log your feedback or issues on github for the following -
Ankit Srivastava, Aravind SV, Badri Janakiraman, Bhupendrakumar Piprava, Ganesh S Patil, Isabelle Carter, Jyoti Singh, Ketan Padegaonkar, Kiera Radman, Lubaina R, Mahesh Panchaksharaiah, Markandan R, Marques Lee, Rajiesh N, Suzie Prince, Varsha Varadarajan
https://hackerone.com/gocd/thanks
A more comprehensive list of changes for this release can be found here.
Have ideas and want to contribute? Need some help getting started? We're here to help. Reach out to us.
Found a security issue that needs fixing? Please report it to https://hackerone.com/gocd
320f223 - Enhanched job/stage status accessibility with addition of symbols to signify stage and job statuses. (#3233)
cfc778e - Build status indicator moved from build summary to breadcrumb toolbar. (#3270)
5478a54 - Agents page improvement for better identification of elastic agents by addition of icon related to the type of agent in use. (#3276)
6986dcc - Added v2 of Environment Config API with support to PATCH environment-variables. (#3080)
There has been more work done around fine tuning the Authorization Plugin endpoints, as part of this some of the plugin API calls have changed. Action required: Early adopters of this extension will have to update their plugins to handle the updated API calls before upgrading Go. Refer Authorization Plugin Endpoint documentation for the latest changes.
8224568 - This fixes 17.2.0 upgrade failures in cases where cruise_config xml had encrypted values with spaces. (#3244)4db0550 - Agents page retain sort order across page refresh. (#3226)73e0292 - Elastic Agents, fixed reduntant agent creation calls to the plugin. (#3193)5d75f45 - Agents page memory leak fix. (#3217)latest tag. Please use docker pull gocd/gocd-server:v17.3.0 instead.gocd/gocd-agent docker image no longer exists. We have a variety of agent images for different distributions. If you wish to continue with the old agent image, please use gocd-agent-deprecated instead.Features that become superseded or irrelevant become deprecated, and are scheduled to be removed in some timeframe.
The following features have been deprecated, along with the timeframe when they will be removed.
As of release 17.1, version 2 of the Templates API was deprecated. This version of the API will be removed in 17.4 release (scheduled to be released in April 2017). Version 3 of the API is available, and users are encouraged to use it.
As of release 17.3, version 1 of the Environment Config API is deprecated. This version of the API will be removed in 17.6 release (scheduled to be released in June 2017). Version 2 of the API is available, and users are encouraged to use it.
Feedback is appreciated. Please log your feedback or issues on github for the following -
Ankit Srivastava, Aravind SV, Barrow KwanBhupendrakumar Piprava, Etienne Dysli Metref, Ganesh S Patil, Isabelle Carter, Junaid Shah, Jyoti Singh, Karel Bemelmans, Ketan Padegaonkar, Kiera Radman, Kyle Olivo, Lubaina R, Mahesh Panchaksharaiah, Marques Lee, Naveen Bhaskar, Rajiesh Narayanan, Varsha Varadarajan
https://hackerone.com/gocd/thanks
A more comprehensive list of changes for this release can be found here.
Have ideas and want to contribute? Need some help getting started? We're here to help. Reach out to us.
Found a security issue that needs fixing? Please report it to https://hackerone.com/gocd
GoCD currently supports password-file, LDAP and plugin based authentication.
In addition to authentication, GoCD offers authorization by restricting certain operations to specific users and groups of users ("roles").
Without the use of authorization plugins, roles can only be managed through GoCD and it does not provide an ability to use roles defined in systems used for authentication (for example in LDAP groups). With this limitation, administrators need to configure roles in multiples places.
The introduction of the authorization plugin endpoint (Beta) allows GoCD to delegate both authentication and authorization of users to plugins. The plugins will have the flexibility to use any identity service providers like LDAP, Google, GitHub etc.
Authorization Plugin Endpoint (beta) documentation is available. We have built LDAP Authentication plugin using the Authorization Plugin Endpoint, this plugin supports only authentication. We would recommend developers to write plugins which support both authentication and authorization and provide us feedback to enhance this endpoint.
c088435 - Template Authorization UI and API enhancements.
3b9f54b - Go server/agent services do not get started on a new installation for debian and rpm based installations in order to allow users to make configuration changes before starting them up. (#3119)7ddf84e - User search functionality - Search through plugins implementing AuthenticationExtension. (#3107)ad1a118 - Sort resources and environments alphabetically on agents page selector dropdown. (#3134)a837fc0 - Ensures passwords in git or hg material url's is masked before logging or using in server health message. (#3171)8f88269 - Removed support for API based plugins. (#3102)
Below is the list of plugins that will stop working in 17.2.0
Package plugins
Task plugins
a6f1fac - Removed Pipeline Config API V2. (#3174)
As of release 16.12, version 2 of the Pipeline Config API was deprecated. Version 3 of the API is available going forward. Users are encouraged to use it.
5a208ba - Removed Plugin Info API V1. (#3143)
As of release 16.12, version 1 of the Plugin Info API was deprecated. Version 2 of the API is available going forward. Users are encouraged to use it.
Stopped support for git versions older than 1.9.
As of release 16.12, git versions older than 1.9 were deprecated. Users are recommended to upgrade git on the GoCD server and agents (if git is used as a material). We are aware that the linux distributions have an older version of git installed by default. Please refer to this and/or this to upgrade git.
Features that become superseded or irrelevant become deprecated, and are scheduled to be removed in some timeframe.
The following features have been deprecated, along with the timeframe when they will be removed.
Aravind SV, Bhupendrakumar Piprava, Dmitry Ledentsov, Ganesh S Patil, Isabelle Carter, Jyoti Singh, Ketan Padegaonkar, Kyle Olivo, Lubaina R, Mahesh Panchaksharaiah, Markandan R, NaveenBhaskar, Rajiesh Narayanan, Stephen Gran, Sumanth Kumar Mora, Varsha Varadarajan, cnenning
https://hackerone.com/gocd/thanks
A more comprehensive list of changes for this release can be found here.
Have ideas and want to contribute? Need some help getting started? We're here to help. Reach out to us.
Found a security issue that needs fixing? Please report it to https://hackerone.com/gocd
2ae7fdb - Full config save optimization. (#2912)
Optimization to full config save through UI and API to give significant improvements in the config save time. Our performance runs show full config save times reduced by half.
467cf5f - Encryption API to encrypt plain text. (#3031)2789aa8 - Allow template admin to view and edit templates via API. (#2967)3c001b1 - V2 of Notification endpoint. (#3030)c094e90 - Added environment variables to the server api page. (#3073)0802c7e - Added CPU time in api/support for the threads. (#3006)c749c47 - Added a link to pipeline settings in the pipeline history page. (#2939)e9611f8 - Refresh ElasticAgent-OperatingSystem and ElasticAgent-UsableSpace while initializing the runtimeInfo. (#3078)b66bddc - Refactor agent controller to switch between http and websockets. (#2864)c26f118 - Mask password entered for materials of type svn, tfs, perforce. (#2937)4b684ee - Provide template admin authorization to users within a role. (#2989)df85694 - Additional validations for templates API. (#3035)920b7ee - Removed support for Java 7.
Starting with the 17.1 release of GoCD, Server and Agents will only run with Java 8. Users are encouraged to upgrade to the latest release of GoCD with Java 8.
Windows installations of GoCD need not install Java 8 separately since the Windows installer comes bundled with a JRE. However this may require users to upgrade the agent installer on Windows.
If you have trouble while upgrading to Go version 17.1, please take a look at the troubleshooting page in the documentation.
7a48c1a - Removed GoCD OpenSocial Gadget (Card activity tab) and Pipeline Dashboard Widget in Mingle. (#1908)
As of release 16.12, the OpenSocial gadgets was deprecated. This feature is now removed because of a couple of reasons — (a) there's not enough evidence of many users using this feature in a way that'll impact their usage of GoCD (b) the underlying implementation framework (Apache Shindig) hasn't been maintained for quite some time and contained several security vulnerabilities.
7274d23 - Removed Version 2 and 3 of the Agents API. (#2984)
As of release 16.12, version 2 and version 3 of the Agents API was deprecated. Version 2 of Agents API was introduced in 15.3.0 and version 3 of the API was introduced in 16.8. These versions of the API have been removed in favor of version 4 of this API. This API is backward compatible, and users are encouraged to use it.
1e48c42 - Removed Templates API Version 1.
As of release 16.11, version 1 of the Templates API was deprecated. Users are encouraged to use Version 3 of the API which is backward compatible with Version 1.
f2ac6b1 - Removed support for text based API support log. (#2975)
The following features have been deprecated, along with the timeframe when they will be removed.
As of release 16.7, Java API based Go Plugins have been deprecated. Support for running these plugins will be removed in 17.2 (scheduled to be released in February 2017). Plugin developers are encouraged to upgrade their plugins to use JSON message based plugin API. to build plugins.
Below is the list of plugins that will stop working in 17.2.
Note: The GoCD team has built a shim that allows migration of all plugins with minimal change. We are actively working with plugin authors to ensure that these plugins are migrated over in time for 17.2.
Package plugins
Task plugins
Alison Polton-Simon, Aravind SV, Bhupendrakumar Piprava, Ganesh S Patil, Jyoti Singh, Ketan Padegaonkar, Mahesh Panchaksharaiah, Markandan R, Naveen Bhaskar, Padma Mullagiri, Rajiesh Narayanan, Sallie Walecka, Sumanth Kumar Mora, Tomasz Setkowski, Varsha Varadarajan, Zabil Cheriya Maliackal
https://hackerone.com/gocd/thanks
A more comprehensive list of changes for this release can be found here.
Have ideas and want to contribute? Need some help getting started? We're here to help. Reach out to us.
Found a security issue that needs fixing? Please report it to https://hackerone.com/gocd
The entire application has been refreshed to sport a flat look.
If you have feedback or issues with the new look please log them at GitHub.
A brand new snappy and light-weight replacement for viewing and managing agents!
The old page is still available as a toggle. If you have feedback or issues with the new agents page please log them at GitHub.
Elastic agents is now a fully supported feature in GoCD.
To be able to use elastic agents, you should install an existing elastic-agent plugin, or write your own. Once the plugin is installed you must configure an "elastic agent profile" that you can associate with the jobs that require elastic agents.
We have upgraded to TEE SDK 14.0.3. Users will now be able to use GoCD with TFS 2012, 2013, 2015 and Visual Studio Team Services. Please file an issue if you're having issues connecting to TFS repositories. Earlier versions of TFS are no longer supported and may not work.
Users can now directly navigate to the pipeline settings page from the stage and job detail page.
8952af2 - API to manage packages.e599a23 - API to manage package repositories.9aabf48 - Introduced version 2 of Plugin Info API to provide complete metadata for plugin type package-repository and icons for plugins that provide it.fddc9fe - Improve performance of downloading of agent jars on a server upgrade. (#2813)5387e21 - Handling cleanup of agent and launcher jars from previous version of agent during an upgrade. (#2789)b97b635 - Generate additional windows installers to be able to package 32 bit and 64 bit JRE.
There are two flavors of Server and Agent installers for Windows, one packaged with 64 bit JRE and the other with 32 bit JRE. 32-bit JREs only allow up-to 2GB of memory. Because large GoCD servers usually need more than 2GB of heap size, we recommend using a Server with 64 bit JRE. Agents should continue to use 32 bit JRE unless required.
b763d31 - Generate SHA-256 webserver certs instead of SHA-1. (#2842)
The self-signed web-server certificate that GoCD generates is now a SHA-256 certificate instead of a SHA-1 certificate. SHA1 certificates have been deprecated by most browser vendors and users will start to see a warning in their browsers.
Any new installations of GoCD will generate a SHA-256 certificate. For existing installations, users should remove the file config/keystore to allow GoCD to regenerate a new server certificate. Depending on your end-to-end transport security settings you may need to configure the -rootCertFile argument to the GoCD agent.
b34da2d - Bug fixes to ensure that git gc on the config repository works as expected.a34c6dc - Allow dots in the repository and package id. (#2844)5052154 - Removed Pipeline Config API V1. This API was deprecated since 16.7 and has been replaced with version 3. Version 3 of the API is available, and users are encouraged to use it.
Microsoft Internet Explorer versions older than 11 are no longer supported. Please use IE 11 or higher. Microsoft Edge is recommended.
Features that become superseded or irrelevant become deprecated, and are scheduled to be removed in some timeframe.
The following features have been deprecated, along with the timeframe when they will be removed.
http://your-server:8153/go/api/support supports JSON and plain-text outputs. JSON has been the default since release 16.6. We will be removing the plain-text output in release 17.1 (scheduled to be released in Jan 2017). It is much simpler to consume the JSON output than the plain-text output.As of release 16.7, Java API based Go Plugins have been deprecated. Support for running these plugins will be removed in 17.1 (scheduled to be released in January 2017). Plugin developers are encouraged to upgrade their plugins to use JSON message based plugin API. to build plugins.
Below is the list of plugins that will stop working in 17.1.
Note: The GoCD team has built a shim that allows migration of all plugins with minimal change. We are actively working with plugin authors to ensure that these plugins are migrated over in time for 17.1.
Package plugins
Task plugins
Alison Polton-Simon, Aravind SV, Bhupendrakumar Piprava, ByteFlinger, Ganesh S Patil, Jyoti Singh, Ketan Padegaonkar, Mahesh Panchaksharaiah, Markandan R, Naveen Bhaskar, Padma Mullagiri, Rajiesh Narayanan, Sallie Walecka, Sumanth Kumar Mora, Tomasz Setkowski, Varsha Varadarajan, Walmyr (wlsf82 on GitHub), Zabil Cheriya Maliackal
https://hackerone.com/gocd/thanks
A more comprehensive list of changes for this release can be found here.
Have ideas and want to contribute? Need some help getting started? We're here to help. Reach out to us at support@thoughtworks.com.
Found a security issue that needs fixing? Please report it to https://hackerone.com/gocd
fb24522 - Added new API to manage elastic agent profiles.
1a345c0 - Working directory validation on the new pipeline config page.
e116274 - Added tooltip for material filter input.
761b411 - Show server side timer validation on new pipeline config page.
ec51570 - Do not raise an exception when duplicate modifications are seen in the database.
40999af - Improve handling of weak etags with deflate.
c69c1c4 - Having fixed-delay does not honour the git gc cron.
4509fe7 - Fixing VSM show more link.
e3d3360 - Allow pipeline group admins to create or update SCMs.
d646cfc - Added a blank check for build tasks' attributes.
5a54b2b - Change current directory of agent's batch file in windows 8.
008f4f4 - Fix the checkbox to allow known users to login in server configuration page.
e49cac1 - Handling empty responses from package material plugins.
No breaking changes in this release.
Features that become superceeded or irrelevant become deprecated, and are scheduled to be removed in some timeframe.
The following features have been deprecated, along with the timeframe when they will be removed
As of release 16.11, version 1 of the Templates API is deprecated. This version of the API will be removed in 17.1 release (scheduled to be released in January 2017). Version 2 of the API is available, and users are encouraged to use it.
As of release 16.5, Java 7 support was deprecated. Java 7 support will be removed in 17.1 release (scheduled to be released in January 2017). GoCD works great with Java 8, and users are encouraged to use it.
As of release 16.7, version 1 of the Pipeline Config API was deprecated. This version of the API will be removed in 16.10 release (scheduled to be released in Oct 2016). Version 2 of this API is backward compatible, and users are encouraged to use it.
As of release 16.7, Java API based Go Plugins have been deprecated. Support for running these plugins will be removed in 17.1 (scheduled to be released in January 2017). Plugin developers are encouraged to upgrade their plugins to use JSON message based plugin API. to build plugins.
Below is the list of plugins that will stop working in 17.1, unless those changes are made.
Alison Polton-Simon, Aravind SV, ByteFlinger, Ganesh S Patil, Ketan Padegaonkar, Mahesh Panchaksharaiah, Naveen Bhaskar, Rajiesh Narayanan, Sallie Walecka, Sumanth Kumar Mora, Tomasz Sętkowski, Varsha Varadarajan, Zabil Cheriya Maliackal
A more comprehensive list of changes for this release can be found here.
Have ideas and want to contribute? Need some help getting started? We're here to help. Reach out to us at support@thoughtworks.com.
Found a security issue that needs fixing? Please report it to https://hackerone.com/gocd
This is a new page for managing agents, which should feel a lot more light weight and snappier than the existing agents page.
We would really appreciate your feedback to make this page better. If you notice any issues or bugs with this page, please submit a bug report on GitHub
How do I use this?
Click on the "Check out the new agents page" on the agents page that you're familiar with.
Known issues
#2735 - Agents Bulk update API: Enabling a pending agent returns 400 bad request
53d0d42 - Show details about linux distribution flavors and versions. (#2608)
cc69476 - Filter for pipeline history view. (#2391)
687d454 - Added new API to manage pipeline templates. (#2233)
f8ab50a - Added PATCH support for environments update API, this will allow you to specify pipelines and agents that should be added and/or removed in a single API call.
09c864e - Added Agents API V4. This adds a 'build_details' property with relevant links to the job that is currently building on the agent.
2d8ec07 - Spaces are not trimmed from environment variables. (#1411)
845ee9b - Tweak the agent registration protocol a bit. (#2558)
ee9cdae - Escape the jar URL to allow symbols such as # (needed when running GoCD on Mesos).
1f2a189 - Do not display the value of secure environment variable in templates view. (#2652)
53ab276 - Removed an extra post merge validation. (#2594)
No breaking changes in this release
Features that become superceeded or irrelevant become deprecated, and are scheduled to be removed in some timeframe.
The following features have been deprecated, along with the timeframe when they will be removed
As of release 16.5, Java 7 support was deprecated. Java 7 support will be removed in 17.1 release (scheduled to be released in January 2017). GoCD works great with Java 8, and users are encouraged to use it.
As of release 16.7, version 1 of the Pipeline Config API was deprecated. This version of the API will be removed in 16.10 release (scheduled to be released in Oct 2016). Version 2 of this API is backward compatible, and users are encouraged to use it.
As of release 16.7, Java API based Go Plugins have been deprecated. Support for running these plugins will be removed in 17.1 (scheduled to be released in January 2017). Plugin developers are encouraged to upgrade their plugins to use JSON message based plugin API. to build plugins.
Below is the list of plugins that will stop working in 17.1, unless those changes are made.
Aravind SV, Ganesh S Patil, Juhi Jariwala, Ketan Padegaonkar, Mahesh Panchaksharaiah, Matt Devlin (Mdevlin4 on GitHub), Sumanth Kumar Mora, Naveen Bhaskar, Rajiesh Narayanan, Tim Anderegg, Tomasz Sętkowski, Varsha Varadarajan, Venkata Jaswanth, Zabil Cheriya Maliackal
A more comprehensive list of changes for this release can be found here.
Have ideas and want to contribute? Need some help getting started? We're here to help. Reach out to us at support@thoughtworks.com.
Found a security issue that needs fixing? Please report it to https://hackerone.com/gocd
Currently, editing a pipeline means navigating through multiple pages (and page refreshes), for modifying stages, jobs with tabs for options and environment variables, etc. Quick edit to make it smoother.
With this feature, you can change a pipeline's materials/stages/jobs/tasks simultaneously and update it as single operation. This feature also uses the new pipeline config API to make your configuration changes quicker.
How do I use this?Click on "Quick Edit" button on the pipeline edit page.
Click on "Normal Edit" button to get back to old edit page.
We are working on adding few missing features like:
Package materials (like yum, maven, artifactory plugins)
Pipeline template editing, pipelines that use templates can only update Pipeline Settings and Materials
Missing API validation for a few attributes, they are tracked below:
Pipeline Config API: Stage operate permission user not validated (#2629)
Pipeline Config API: Validation missing for parameter name used in the custom task argument (#2628)
Missing validation errors on pipeline_config API (#2553)
We really appreciate your feedback to make this page better.
Going forward, once all the features are in, we plan to use this page as the default view for modifying configuration.
Submit your feedback by creating github issue at https://github.com/gocd/gocd/issues
d662685 - Provided Git and git-gc stats in the support api. (#2578)
973cbf2 - Upgraded jetty minor version to 9.2.18.v20160721.
74b8b47 - Upgraded logging jars.
dc78601 - Added validation of the encryptedPassword attribute of password aware materials - SVN, P4, TFS.
faa6a2a - Removed displaying url's from the not found page. (#2584)
ca7ff9c - Changed the package material check-connection request from GET to POST. (#2550)
Features that become superceeded or irrelevant become deprecated, and are scheduled to be removed in some timeframe.
The following features have been deprecated, along with the timeframe when they will be removed
As of release 16.5, Java 7 support was deprecated. Java 7 support will be removed in 17.1 release (scheduled to be released in January 2017). GoCD works great with Java 8, and users are encouraged to use it.
As of release 16.7, version 1 of the Pipeline Config API was deprecated. This version of the API will be removed in 16.10 release (scheduled to be released in Oct 2016). Version 2 of this API is backward compatible, and users are encouraged to use it.
As of release 16.7, Java API based Go Plugins have been deprecated. Support for running these plugins will be removed in 17.1 (scheduled to be released in January 2017). Plugin developers are encouraged to upgrade their plugins to use JSON message based plugin API. to build plugins.
Below is the list of plugins that will stop working in 17.1.
Ganesh S Patil, Ketan Padegaonkar, Mahesh Panchaksharaiah, Naveen Bhaskar, Rajiesh Narayanan, Sumanth Kumar Mora, Tomasz Sętkowski, Varsha Varadarajan, Zabil Cheriya Maliackal
A more comprehensive list of changes for this release can be found here.
Have ideas and want to contribute? Need some help getting started? We're here to help. Reach out to us at support@thoughtworks.com.
Found a security issue that needs fixing? Please report it to https://hackerone.com/gocd
The new extension point allows the gocd server (with the help of plugins) to spin up and shut down agents on demand. This extension point allows plugin developers to write plugins that allow GoCD to hook into and leverage various technologies like Docker, AWS, GCE, Kubernetes.
Developers can start building their own elastic agent plugins by forking the skeleton plugin and looking at a sample docker plugin as an example reference implementation. The plugin API documentation can be found here.
ee281ec - Added v3 of agents API to render (read-only) elastic agent attributes.
d8cd812 - Disallowed directory listing of certain folders on the GoCD server.
d05746b - Added a friendlier error message on failing to send test email.
fb32102 - Disallowed Plugin Interact endpoint for non Authentication Plugins.
4d871a6 - Add cache control and pragma header to login page.
e7bb87b - Added a custom header to the Create Backup API.
914974d - Added a custom header for the Create Artifact API.
670df79 - Re-use SSL connections by specifying a user principal as part of all remoting connections.
4c472e1 - Used fixed delay instead rate execution of agent ping thread.
Features that become superceeded or irrelevant become deprecated, and are scheduled to be removed in some timeframe.
The following features have been deprecated, along with the timeframe when they will be removed
8806f6b - Added a vagrant file to allow local development and testing of GoCD.
Aravind SV, Ganesh Patil, Jyoti Singh, Ken Mugrage, Ketan Padegaonkar, Mahesh Panchaksharaiah, Naveen Bhaskar, norcnorc, Rajiesh Narayanan, Sumanth M, Tomasz Setkowski, Varsha Varadarajan, Zabil Cheriya Maliackal
https://hackerone.com/gocd/thanks
A more comprehensive list of changes for this release can be found here.
Have ideas and want to contribute? Need some help getting started? We're here to help. Reach out to us at support@thoughtworks.com.
Found a security issue that needs fixing? Please report it to https://hackerone.com/gocd
Manage pipeline configurations from one or more source-control repositories (think "git repository") and modify them externally. You can find more details about it here, and watch a quick demo of this feature here.
Upgrading the agent to 16.7.0 before upgrading the server is known to cause issues. Users are advised to first upgrade the server to 16.7.0 before they upgrade the agent.
In case you are seeing issues with the agent not starting up after the upgrade, please see this comment.
3e88caf - Windows Installer fixes.
b283b42 - Display the correct ip-address of agents running on virtualized instances or containers. (#1657)
34e05b6 - New API for viewing, creating and editing Pluggable SCMs. (#1508)
642d7f4 - New API for creating and editing environments. (#966)
79c7168 - New API for bulk updating agents. (#2340)
99e2707 - New API for viewing Plugin Information. (#1873)
d4a7639 - Support for updating whitelists using pipeline configuration API.
103340c - Upgraded all agent-server communication to use HTTPS by default. Read more about how to improve security of your GoCD setup.
3d2afad - Pluggable tasks secure configurations are encrypted before saving to xml configuration. (#903)
657feb3 - Added missing security headers on a few pages to activate web browser protection.
6909484 - Escaped the error message in the repositories page. (XSS).
f58e900 - Removed Agents API v1, users should use version 2 of the. Agents API
5602048 - Removed old backup API, users should user version 1 of the. Backup API
Features that become superceeded or irrelevant become deprecated, and are scheduled to be removed in some timeframe.
The following features have been deprecated, along with the timeframe when they will be removed
Below is the list of plugins that will stop working in 17.1.
d395806 - Migrated build scripts to Gradle.
Aravind SV, adeshmukh-sf, Dominic Tootell, Ganesh Patil, Jyoti Singh, Ketan Padegaonkar, Mahesh Panchaksharaiah, norcnorc, Rajiesh Narayanan, Sumanth M, Ted Sheibar, Tomasz Sętkowski, Varsha Varadarajan, Venkata Jaswanth, Viktor Sadovnikov, Zabil Cheriya Maliackal
A more comprehensive list of changes for this release can be found here.
Have ideas and want to contribute? Need some help getting started? We're here to help. Reach out to us at support@thoughtworks.com.
Found a security issue that needs fixing? Please report it to https://hackerone.com/gocd
#2314 - Handling the triggering of a pipeline for monolithic repositories using a whitelist.
For example, in a repository 'baz' with folders/projects 'foo/bar' and 'foo/qux' one can trigger the pipeline only on changes to 'foo/bar' by configuring it as a whitelisted folder.
#2240 - Added a URL endpoint to grab a snapshot of the GoCD config git repository. For example, backup the config repo 'config-repository' using:
git clone https://ci.example.com/go/api/config-repository.git#2283 - Changed the existing API /api/support to return information in JSON format for easier parsing. This end point also returns more information to identify performance bottlenecks.
#2239 - Added a version API to get the version of Go server.
#2248 - Improved page load performance across the board.
Features that become superceeded or irrelevant become deprecated, and are scheduled to be removed in some timeframe.
The following features have been deprecated, along with the timeframe when they will be removed
This release also adds foundation for reading pipeline configuration from the material's repository. This feature is still in development and more details can be found here.
A more comprehensive list of changes for this release can be found here.
Thanks to Aravind SV, Carlos Villela, Ganesh S Patil, Joakim Lahtinen, Jyoti Singh, Ketan Padegaonkar, Lubaina Rangwala, Mahesh Panchaksharaiah, Marina, Naveen Bhaskar, Paul Nilsson, Rajiesh Narayanan, Ted Sheibar, Tomasz Sętkowski, Varsha V, Xiao Li, Zabil C.M for making GoCD better!
We've graduated from being Java 8 compatible to officially supporting it! You can see our journey to this milestone here.
GoCD will continue to support Java 7 till release 17.1 scheduled for January 2017. Post that, we will exclusively support Java 8. We recommend that you plan for and upgrade to Java 8 (for both GoCD server and agents) before the 17.1 release.
#2145 - Handle large modifications made to SCM materials without memory issues on the agent.
Fixes around handling git rebase
#2110 - Fix automatic build loop after a git rebase.
#985 - Fix git history rewrite causing errors.
#2136 - Warnings on VSM if pipeline is built with incompatible revisions.
Features that become superceeded or irrelevant become deprecated, and are scheduled to be removed in some timeframe.
The following features have been deprecated, along with the timeframe when they will be removed
A more comprehensive list of changes for this release can be found here.
Thanks to Aravind SV, Brett Cave, Ganesh S Patil, Jen Marley, Jyoti Singh, Ketan Padegaonkar, Moritz Lenz, Mahesh Panchaksharaiah, Naveen Bhaskar, Rajiesh Narayanan, Tomasz Sętkowski, Varsha V, vmignot, Zabil C.M for making GoCD better!
Important: There are several security fixes to prevent XSS, CSRF and remote execution exploits. We highly recommend this upgrade to keep your GoCD server and agent secure.
#2106 - Handle eviction/expiry of composite-keys from GoCache.
A more comprehensive list of changes for this release can be found here.
Special thanks again to drrb for reporting and verifying all of the security vulnerabilities in this release.
Thanks to Aravind SV, Austin Guest, David Rice, Ganesh S Patil, Jen Marley, Jyoti Singh, Juhi Jariwala, Ketan Padegaonkar, Mahesh Panchaksharaiah, Naveen Bhaskar, Rajiesh Narayanan, Rami, Varsha V, WPC, Xiao Li, Zabil C.M for making GoCD better!
Important: This release fixes several XSS and CSRF vulnerabilities which can be exploited in earlier versions. As the changes are extensive, patches for older releases will not be provided. We recommend all users to upgrade to this version to safeguard your GoCD server.
These security vulnerabilities were responsibly disclosed by drrb. We want to give users some time to upgrade, before providing more details about the vulnerabilities. We will work with drrb on the specifics of providing these details, soon.
The following APIs now require an extra request header Confirm: true (due to security-related changes):
The old java API-based plugin extensions for tasks and package repositories has been deprecated. Developers are encouraged to use the new JSON message-based APIs to author plugins.
These APIs will be removed in the September release of GoCD.
In light of downward trend in Solaris installers, we are now considering a timeline to stop providing Solaris installers for GoCD. Users can continue to use the generic zip files to run GoCD on Solaris. However the support for Solaris will be on a best-effort basis.
We will stop providing Solaris installers from the July release of GoCD.
A more comprehensive list of changes for this release can be found here.
Special thanks to drrb for reporting and verifying all of the security vulnerabilities in this release.
Thanks to Andre Moeller, Aravind SV, bradeac, Chris Northwood, Daniel Somerfield, David Rice, Dmitry Ledentsov, Fredrik Wendt, Glenn Lewis, Jan Fabry, Jovan Alleyne, Jyoti Singh, Juhi Jariwala, Juha Siponen, Ketan Padegaonkar, Mahesh Panchaksharaiah, Rajiesh Narayanan, Tomasz Sętkowski, Varsha V, WPC, Xiao Li, Zabil C.M for making GoCD better!
Important: 16.2 has been removed from the downloads page because it had an issue which caused problems while installing windows agents.
A more comprehensive list of changes for this release can be found here.
Aravind SV, Graham Christensen, Jyoti Singh, Juhi Jariwala, Ketan Padegaonkar, Mahesh Panchaksharaiah, Mark Crossfield, Rajiesh Narayanan, Tomasz Sętkowski, Varsha V, WPC, Xiao Li, Zabil C.M
We are moving to a more regular release schedule, and so you might see releases with mostly issues fixed, while bigger level features are in progress across releases.
The comprehensive list of changes for this release can be found here.
Tomasz Setkowski, Sean Escriva for making this release of GoCD better!
Important: 15.3.1 has been removed from the downloads page because it had an issue which could have caused problems during configuration save. The issue mentioned is fixed in 16.1.0. The rest of the issues mentioned below are a part of 16.1.0 as well. We highly recommend upgrading to 16.1.0.
The comprehensive list of changes for this release can be found here.
A convenience JSON HAL compliant API for modifying pipelines. Check api.gocd.org for usage details.
A new version of Go CD is released every few months, with this feature you'll now be notified about the latest supported release (if you are running an older version).
The comprehensive list of changes for this release can be found here.
Tomasz Setkowski, Steve Hill, Alex Schwartz, Pooja R, Srinivas Upadhya, Xiao Li, Sandy Gordon, Arun Kumar, Björn Andersson, Federica Luraschi, Graham Christensen, Parker Shelton, Justin, Max Griffiths, Ashok Gowtham M, Massood, Ben Overmyer,James M. Greene, Ashwanth Kumar, Jakub Narloch, Alex Voitau, Joakim Wånggren, Paul Clarkin, X O and markuswehrle for making Go better.
GoCD now supports rendering of ANSI color codes to show you much more beautiful console logs. Additionally, Go will automatically follow the logs as your build produces it, very much like your favorite terminal program.
With the newly exposed authentication end-point, Go users can now add custom authentication schemes through plugins. Read the blog post for details.
You can now specify a property agent.auto.register.hostname to setup the hostname when
auto-registering an agent.
Go's APIs are fairly old, have inconsistent and unpredictable content types (csv, xml, json, plain text).
We have now migrated the Agents API, Users API, Backups API to use JSON hypermedia API (using JSON+HAL).
Going forward, we would like to announce an ongoing effort to improve and migrate existing APIs to use something that is more modern, easy to discover, learn and build API clients for.
Learn more about the new API on our new api documentation site.
The comprehensive list of changes for this release can be found here.
@ctorpe, @thenathanjones, @nfisher, @paulclarkin, @skarlso for making Go better.
This new plugin endpoint introduced in 15.1 allows Go's already long list of source code materials to be extended without making changes to the core!
Support for this endpoint brought along support for GitHub pull requests, contributed by an external contributor @ashwanthkumar (so exciting!), with support from a Go core contributor, @srinivasupadhya. You'll never need to wish that Go supported your favorite kind of material repository, you can implement support for it yourself!
You can see all the SCM material plugins on the Go community plugins page. See how to write one, here.
Here's how the GitHub pull requests plugin looks in action (below). Read more about it in this blog post. Watch out for more improvements in the UI around this area.
Continuing on the path of opening up different parts of Go for extension, Go 15.1 introduces a new plugin endpoint for notifications. At this point, Go notifies the plugin of changes in the status of every stage, as it happens! This allows for quite a lot of use cases, and we are excited to see plugins written against this endpoint even before release (yay, open source!).
@matt-richardson has written a really nice generic notification plugin, which sends build notifications to any websocket listener! @ashwanthkumar has written a great plugin to notify Slack about build status changes. @srinivasupadhya has written a couple of nice notification plugins to update pull request statuses in GitHub and Atlassian Stash.
You can see all of those plugins on the Go community plugins page. See how to write one yourself, here.
This contribution by @alexschwartz helps declutter the Go Dashboard, by allowing the pipeline label to be trimmed, per material. This feature is really useful when dealing with unwieldy 40 character SHAs in pipelines with git/mercurial materials in them. This feature allows this:
to be changed into this:
Read more about this feature in the documentation.
Starting from Go 15.1, Go's console logs will have timestamps for every line. This is very useful for finding out long-running parts of tasks. Here's how it looks:
This release is filled with many other notable features, changes and fixes, such as: