Runner Release 3.1.7

Both Machine and Container Runner:

Addressed CVEs in dependencies of the runner agent binary.

Container Runner:

The orchestrator init container’s resource requirements are now configurable via orchestrator.resources in the Helm values (chart version v101.1.6+).

Starting November 10, 2025, the default resource class for macOS jobs for Free plan organizations will change from macos.m1.medium.gen1 to m4pro.medium. This means that all macOS jobs for Free plan organizations will run on m4pro.medium, regardless of the resource class specified in your configuration. The m4pro.medium resource class offers significantly better performance and faster build times compared to previously available resources.

Note: This change only affects customers on a Free plan. For customers on Performance or Scale plans, the default resource class change will happen on December 3, 2025, as announced here.

What you should do:

• If you are on a free plan and don’t specify a resource class in your configuration, no action is needed - your jobs will automatically use m4pro.medium.
• If your macOS job configuration explicitly specifies a resource class, we recommend either updating it to m4pro.medium or removing the resource class specification from your configuration. This is important because when M1 and M2 resource classes reach end of life on February 16, 2026 (see deprecation notice), configurations that explicitly reference these deprecated resource classes will fail to parse.
• Note that m4pro.medium is priced at 200 credits/min compared to 150 credits/min for the previous default, though faster execution times may offset the higher per-minute rate

The Xcode 26.1 image is now available to be used in CircleCI pipelines on the M4 Pro resource classes.

Please see the full manifest for information about the software included with this image release.

Known issues:

• OS 26 simulators sporadically freeze during boot and may fail to start. We recommend pre-booting simulators and, if they don’t start within 60 seconds, terminate them and restart them.
• Metal Toolchain is currently non-functional. A workaround is available by running the following commands before use:

    xcodebuild -downloadComponent metalToolchain -exportPath /tmp/MetalExport/
    sed -i '' -e 's/17A5295f/17A5241e/g' /tmp/MetalExport/MetalToolchain-17A5295f.exportedBundle/ExportMetadata.plist
    xcodebuild -importComponent metalToolchain -importPath /tmp/MetalExport/MetalToolchain-17A5295f.exportedBundle

• Device IDs are inconsistently changing across VMs in Xcode 26. This is an OS-level issue that can affect builds relying on consistent device identifiers. We’ve opened a support ticket with Apple and encourage affected users to do the same to help prioritize a fix.

We’ve updated schedule triggers for the GitHub App integration to use standard CRON format instead of our CircleCI-specific scheduling format.

With CRON syntax, you can now schedule pipelines down to specific minutes, giving you more precise control over when your workflows run. The interface displays your CRON string translated into plain English, and includes template buttons for common scheduling patterns.

The minimum scheduling interval remains 5 minutes, and a random delay of up to 10 minutes continues to be applied to all scheduled pipelines for load spreading.

All existing GitHub App schedule triggers have been automatically converted to CRON format. No action is required.

This change applies only to GitHub App schedule triggers. GitHub OAuth and Bitbucket schedule triggers are not affected.

Coming soon:

Natural language translation to CRON syntax will be available in an upcoming release.

The Xcode 26.1 RC (Release Candidate) image is now available to be used in CircleCI pipelines on the M4 Pro resource classes.

Please see the full manifest for information about the software included with this image release.

Known issues:

• OS 26 simulators sporadically freeze during boot and may fail to start. We recommend pre-booting simulators and, if they don’t start within 60 seconds, terminate them and restart them.
• Metal Toolchain is currently non-functional. A workaround is available by running the following commands before use:

    xcodebuild -downloadComponent metalToolchain -exportPath /tmp/MetalExport/
    sed -i '' -e 's/17A5295f/17A5241e/g' /tmp/MetalExport/MetalToolchain-17A5295f.exportedBundle/ExportMetadata.plist
    xcodebuild -importComponent metalToolchain -importPath /tmp/MetalExport/MetalToolchain-17A5295f.exportedBundle

• Device IDs are inconsistently changing across VMs in Xcode 26. This is an OS-level issue that can affect builds relying on consistent device identifiers. We’ve opened a support ticket with Apple and encourage affected users to do the same to help prioritize a fix.

Chunk will now attempt to automatically create a cci-agent-setup.yml file if one doesn’t exist in your repository.

You can also manually generate one by navigating to Organization Settings → Chunk Tasks, selecting the […] menu for your desired task, then going to Chunk Environment and clicking “Create File in GitHub”.

We’ve resolved a bug where the “More Details” section was missing from Chunk pull request descriptions. PR bodies now include a link to view the full task execution in the CircleCI web app, providing quick access to logs and execution details.

On December 3, 2025, the default resource class for macOS jobs will change from macos.m1.medium.gen1 to m4pro.medium for customers on a paid plan (Performance and Scale). Free plan customers transitioned to this default on November 10th. .

What this means:

If you haven’t explicitly specified a resource class in your macOS job configuration:

• your jobs will automatically run on the faster m4pro.medium resource starting December 3rd
• note that m4pro.medium is priced at 200 credits/min compared to 150 credits/min for the previous default, though faster execution times may offset the higher per-minute rate - see our price list for details
• no action is required unless you want to opt in early or select a different resource class

If your jobs are explicitly configured with a specific resource class, they will continue to use those specifications.

Why we’re making this change:

The m4pro resource class offers significantly better performance, resulting in faster build times for most workloads.

What you can do:

• To start using m4pro.medium before December 3rd, update your configuration to explicitly specify the resource class
• To continue using macos.m1.medium.gen1 after December 3rd, you can explicitly specify it in your configuration - however, please note this resource class will reach end of life on February 16, 2026 (see deprecation notice)
• Review our macOS resource class documentation for all available options

We just shipped an update to Active Versions.

What’s new: Active Versions is now prominently displayed at the top of the timeline view, making it effortless to see what’s deployed where.

Why it matters: Previously this was buried in nested menus. Now it’s front and center where teams need it most.

How it works: 3 active version cards appear by default at the top of the timeline. Click “See More” to expand and view up to 9 versions/environments at once.

The Xcode 26.1 Beta 3 image is now available to be used in CircleCI pipelines on the M4 Pro resource classes.

Please see the full manifest for information about the software included with this image release.

Known issues:

• OS 26 simulators sporadically freeze during boot and may fail to start. We recommend pre-booting simulators and, if they don’t start within 60 seconds, terminate them and restart them.
• Metal Toolchain is currently non-functional. A workaround is available by running the following commands before use:

    xcodebuild -downloadComponent metalToolchain -exportPath /tmp/MetalExport/
    sed -i '' -e 's/17A5295f/17A5241e/g' /tmp/MetalExport/MetalToolchain-17A5295f.exportedBundle/ExportMetadata.plist
    xcodebuild -importComponent metalToolchain -importPath /tmp/MetalExport/MetalToolchain-17A5295f.exportedBundle

• Device IDs are inconsistently changing across VMs in Xcode 26. This is an OS-level issue that can affect builds relying on consistent device identifiers. We’ve opened a support ticket with Apple and encourage affected users to do the same to help prioritize a fix.

What’s changing: The CircleCI GitHub App now subscribes to pull_request_review_comment events from GitHub.

What to expect: If you have the CircleCI GitHub App installed, you received an email from GitHub notifying you of this change. When you click “Review permission request” in the email, you’ll see the notice below.

Action required – You’ll need to accept this permission request before CircleCI can start processing these events for your organization. Click “Accept new permissions” in the email or visit your GitHub App settings to approve the change.

The notice shows “unchanged permissions” because the GitHub permissions needed for this event were already granted to the CircleCI App—we’re simply subscribing to an additional event type using those existing permissions.

Why we’re making this change: This event subscription enables two new capabilities:

• Chunk interactions: Trigger pipelines and invoke AI agents directly from PR comments (e.g., @chunk-ai fix flaky tests)
• Future trigger options: Configure pipelines to run based on specific PR comments

You can now guide Chunk with a custom instruction file. Create a fix-flaky-test.md file in your .circleci directory to provide specific guidance about how you want the agent to approach fixing flaky tests in your project. This gives you fine-grained control over the agent’s behavior and lets you encode your team’s testing best practices directly into the fix generation process.

Example .circleci/fix-flaky-test.md file:

## Command Restrictions

- You MUST NOT use the `sleep()` command or `setTimeout()` for delays in any scripts
- You MUST NOT use `eval()` as it poses security risks
- Avoid using shell wildcards in destructive operations (e.g., `rm -rf *`)

## Code Style Preferences

- Prefer functional components over class components in React
- Favor explicit error handling over try-catch-all patterns
- Use async/await syntax over Promise chains for readability

## Security Considerations

- Always flag use of `dangerouslySetInnerHTML` in React components
- Highlight any potential SQL injection vulnerabilities
- Point out hardcoded credentials or API keys
- Flag any use of `eval()` or `Function()` constructors

## Documentation Standards

- Public APIs MUST include JSDoc comments
- Complex algorithms MUST include explanatory comments
- Do NOT proactively create markdown documentation files unless explicitly requested```

Changes

• Active user session timeout reduced from 1 year to 30 days
• Inactive user session timeout reduced from 2 weeks to 3 days

Effective November 30, 2025, CircleCI will reduce the inactive user session timeout from 2 weeks to 3 days and active user session timeout from 1 year to 30 days to align with NIST cybersecurity standards and enhance platform security.

What This Means

Active user sessions will be required to re-authenticate after 30 days (previously 1 year). Inactive accounts will be required to re-authenticate after 3 days (previous 2 weeks). SSO customers can still set custom session timeouts via their IdP provider. This change applies to all CircleCI web interface sessions.

Why We’re Making This Change

This update brings CircleCI in line with NIST (National Institute of Standards and Technology) recommended security practices and reduces the risk of unauthorized access from dormant sessions.

Action Required

No immediate action is required. Users who access CircleCI regularly may notice they need to re-authenticate more often.

Timeline

November 30, 2025: New 30-day session timeout takes effect. Existing active user sessions longer than 30 days will be invalidated on this date. In-active user sessions longer than 3 days will be invalidated on this date.

As part of our ongoing infrastructure improvements, we will be deprecating Mac M1 and M2 resource classes on February 16th, 2026.

Ahead of the deprecation date, we will be performing 24 hour brownouts from 00:00:01 to 23:59:59 UTC, during which these resources will be unavailable. The schedule for brownouts is as follows:

It is possible to opt out of brownouts by disabling the setting at Organization Settings > Advanced > Enable image brownouts. However, please note that access to these resources will be fully removed on February 16th, 2026, regardless of brownout settings.

Please plan to transition to M4 instances (m4pro.medium and m4pro.large) ahead of the deprecation date. Details on M4 resources can be found here.

M4 resources will be made available to organizations on free plans starting November 10th, 2025.

The Xcode 26.1 Beta 2 image is now available to be used in CircleCI pipelines on the M4 Pro resource classes.

Please see the full manifest for information about the software included with this image release.

Known Issues:

• OS 26 simulators sporadically freeze during boot and may fail to start. We recommend pre-booting simulators and, if they don’t start within 60 seconds, terminate them and restart them.
• Metal Toolchain is currently non-functional. A workaround is available by running the following commands before use:

    xcodebuild -downloadComponent metalToolchain -exportPath /tmp/MetalExport/
    sed -i '' -e 's/17A5295f/17A5241e/g' /tmp/MetalExport/MetalToolchain-17A5295f.exportedBundle/ExportMetadata.plist
    xcodebuild -importComponent metalToolchain -importPath /tmp/MetalExport/MetalToolchain-17A5295f.exportedBundle

• Device IDs are inconsistently changing across VMs in Xcode 26. This is an OS-level issue that can affect builds relying on consistent device identifiers. We’ve opened a support ticket with Apple and encourage affected users to do the same to help prioritize a fix.

To streamline the setup of a Chunk environment file, you can now run ad-hoc commands in the environment defined by your cci-agent-setup.yml file and see instant feedback on whether they are working as expected.

Navigate to Organization Settings → Chunk Tasks → Select the gear symbol. Then follow the instructions on our community forum.

We’ve added a new banner that surfaces all your failed deployments across environments in one place so you can catch issues faster and get back to shipping.

Why we built this:

Failed deployments can be easy to miss, especially when managing multiple environments. You need a quick way to see what’s broken at a glance, without hunting through pipelines or workflows.

How it works: When you have failed deployments, you’ll see a banner at the top of your Deploys page with:

• A summary of all failures across your environments
• Namespace and version details when you hover over a specific deployment
• Direct links to the full error details by clicking the arrow on the right

This means less time tracking down what went wrong, and more time fixing it.

Starting November 3rd, CircleCI will begin to gradually roll out a faster checkout method (blobless) as the default checkout method.

Most builds will continue working without changes with blobless checkout. However, you need to take action if your builds require access to historical file contents. For example, tools like Sonar (SonarQube, SonarCloud), Sentry, some coverage or security scanning tools, and custom scripts that rely on git blame, git diff, or git config commands may require full checkout.

To opt into blobless checkout immediately, or to test compatibility, edit your CircleCI YML config to use the “blobless” method.

steps:
  - checkout:
      method: blobless

If your CircleCI job fails, or you prefer to keep the current checkout behavior, edit your config to use the “full” method.

steps:
  - checkout:
      method: full

If you do nothing and your builds break after November 3rd, you will be able to fix them by editing your config to use the “full” method.

Schedule triggers are now available for GitHub App pipelines. This feature allows teams to automatically run pipelines on a time-based schedule, with frequencies ranging from once every 5 minutes to less frequent intervals. Schedule triggers support configuring the actor associated with trigger pipelines, and passing custom parameters.

Getting started

Create GitHub App schedule triggers from the Project settings > Project setup page.

Availability

This functionality is available to all organizations that integrate with GitHub, regardless of whether they also use the GitHub OAuth integration (URLs may include /github/ or /circleci/). To learn more about using the GitHub App integration alongside GitHub OAuth, see the dedicated Docs page.

Notes

• GitHub App pipelines triggered via schedule trigger are never skipped nor auto-cancelled.
• Please note that, as specified in the documentation, a delay of up to 10 minutes may be applied to the configured time. Subsequent runs will maintain the same timing as the initial run.

Current limitations

Schedule triggers for GitHub App pipelines cannot yet be created or managed via API.

What’s next

GitHub App schedule triggers currently use a dropdown interface for frequency selection. We’re planning to transition to cron syntax for more flexible scheduling options. For questions or concerns about this plan, reach out to benedetta@circleci.com.

For more information about schedule triggers, see our documentation.

The Xcode 26.0.1 image is now available to be used in CircleCI pipelines on the M4 Pro resource classes.

Please see the full manifest for information about the software included with this image release.

Known Issues:

• iOS 26 simulators sporadically freeze during boot and may fail to start. We recommend pre-booting simulators and, if they don’t start within 60 seconds, terminate them and restart them.
• Metal Toolchain is currently non-functional. A workaround is available by running the following commands before use:

    xcodebuild -downloadComponent metalToolchain -exportPath /tmp/MetalExport/
    sed -i '' -e 's/17A5295f/17A5241e/g' /tmp/MetalExport/MetalToolchain-17A5295f.exportedBundle/ExportMetadata.plist
    xcodebuild -importComponent metalToolchain -importPath /tmp/MetalExport/MetalToolchain-17A5295f.exportedBundle
  

• Device IDs are inconsistently changing across VMs in Xcode 26. This is an OS-level issue that can affect builds relying on consistent device identifiers. We’ve opened a support ticket with Apple and encourage affected users to do the same to help prioritize a fix.

The Xcode 26.1 Beta 1 image is now available to be used in CircleCI pipelines on the M4 Pro resource classes.

Please see the full manifest for information about the software included with this image release.

Known Issues:

• iOS 26 simulators sporadically freeze during boot and may fail to start. We recommend pre-booting simulators and, if they don’t start within 60 seconds, terminate them and restart them.
• Metal Toolchain is currently non-functional. A workaround is available by running the following commands before use:

    xcodebuild -downloadComponent metalToolchain -exportPath /tmp/MetalExport/
    sed -i '' -e 's/17A5295f/17A5241e/g' /tmp/MetalExport/MetalToolchain-17A5295f.exportedBundle/ExportMetadata.plist
    xcodebuild -importComponent metalToolchain -importPath /tmp/MetalExport/MetalToolchain-17A5295f.exportedBundle
  

• Device IDs are inconsistently changing across VMs in Xcode 26. This is an OS-level issue that can affect builds relying on consistent device identifiers. We’ve opened a support ticket with Apple and encourage affected users to do the same to help prioritize a fix.

CircleCI regularly publishes new images and deprecates older ones used for execution environments. As part of the deprecation process, we run brownouts—short time windows where a soon-to-be retired image is temporarily unavailable. Brownouts help notify users that the image is reaching end-of-life and needs to be upgraded.

To give organizations more control, we’ve added a setting in the CircleCI web app: Organization Settings → Advanced → Enable image brownouts

On (default): Brownouts apply as usual.

Off: Brownouts are disabled for your organization, allowing continued use of the image until it is fully retired.

Note: Changes to this toggle may take up to 10 minutes to take effect. Only organization admins can change this setting.

Users can now specify a checkout method when using the checkout step. In addition to a traditional full clone, we now support blobless clones. Blobless clones reduce the amount of data fetched from the remote by asking the remote to filter out objects that are not attached to the current commit, resulting in faster checkouts for most projects.

You can perform a blobless clone by setting the method key in your checkout step:

jobs:
  build:
    steps:
      - checkout:
          method: blobless

Learn more about the new method key in our documentation.

For customers needing a more granular control, we now support automatic step rerun to complement our existing workflow rerun feature.

Rather than rerunning entire workflows, you can now automatically rerun specific failed steps. Simply specify max_auto_reruns in your run step configuration with a value between 1 and 5. You can also configure an optional auto_rerun_delay (up to 10 minutes) to give temporary issues time to resolve before retrying, such as when resources need time to become available again.

The UI provides clear indicators showing the current attempt number and remaining retries. This feature is available to all CircleCI customers across all plan types.

For more details on configuring automatic step reruns, visit the documentation.