The project count on app.circleci.com/home was incorrectly including deleted projects. This has now been fixed.

Runner Release 3.0.27

Container Runner:

Upgrade dependencies to address CVEs in the 3.0 container runner agent.

Updates

Bug Fixes

• Various CVE remediations
• Fixed a bug where the job page for OSS repositories could be visible without being logged into CircleCI. Please reach out to your account team for more information.

Image Updates

• branch-service
• branch-service-migrator
• execution-gateway
• runner-admin
• runner-admin-migrator
• web-ui-onboarding

Updates

• Added support for additional certificates for OIDC
• Added support for assume_role_arn to the Machine Provisioner configmap
• Server version now included in support bundles

Bug Fixes

• Fixed a bug causing the /workflow-run api route to give 404 errors
• Various CVE remediations
• Fixed a bug where the job page for OSS repositories could be visible without being logged into CircleCI. Please reach out to your account team for more information.

Image Updates

• execution-gateway
• machine-provisioner
• machine-provisioner-migrator
• web-ui-server-admin
• picard

Updates

• oidc-tasks-service runs migrations before it’s main container is deployed
• Remote Docker and Machine jobs can now assume an IAM role by configuring machine_provisioner.providers.ec2.assumedRoleArn in your values.yaml

Bug Fixes

• /workflow-run/ route has been added to kong. Links for approval jobs will now be correctly routed on GHE
• The OIDC plugin now supports custom certificates
• A docker-provisioner custom config can not be provided in your helm upgrade command via --set-file
• upgraded nextjs to resolve related CVEs

The host OS that Docker jobs run on is being upgraded to support new features and ongoing security and bug patches. This upgrade has now been rolled out to all customers.

Effective April 1, 2025, all Japanese versions of our public documentation will be removed from the site. The language switcher will also be discontinued.

The host OS that Docker jobs run on is being upgraded to support new features and ongoing security and bug patches. This upgrade is being applied to jobs using Docker ARM and IP ranges from now through April 1.

Runner Release 3.1.3

Machine Runner:

Users who land on the user homepage while logged out are now automatically redirected to the login page.

A bug that was causing the loading spinner to spin infinitely when no additional pipelines were available after clicking the ‘See more’ button on the pipelines page has been fixed.

Users of CircleCI’s GitHub App integration would occasionally not be able to see a list of repositories to choose from when creating a new project. This bug has been fixed.

A bug that was causing the “Timing” tab in the CircleCI web app to show UUIDs instead of a string of the step name has been fixed.

A bug that caused a nearly full dark screen when creating a new project in organizations that integrate with CircleCI’s GitHub App has now been fixed.

Changes:

• Patched critical CVEs

See more details here.

• Added quick-start options to make it easier to understand what types of questions can be asked
• Loading screen adjusted to be smoother when a new pipeline is triggered
• Minor copy changes

CircleCI periodically updates the keys used to sign OIDC tokens in alignment with security best practices. No customer action is required to continue using OIDC with previously configured services.

Changes:

• Patched critical CVEs

See more details here.

Runner Release 3.1.2

Container Runner:

The host OS that Docker jobs run on has been upgraded to support new features and ongoing security and bug patches. This upgrade will roll out to all customers over the next few weeks. Affected customers have been notified via email. Learn more about this change in Discuss: Docker Executor Infrastructure Upgrade.

Updates

• Patched critical CVEs in web-ui-insights and webhook-service.

Bug fixes

• Fixed a vulnerability that allowed unauthenticated access to artifacts associated with public repositories.
• Resolved a bug that prevented a job from being rerun using SSH.

Updates

• Patched critical CVEs in web-ui-insights and webhook-service.

Bug fixes

• Fixed a vulnerability that allowed unauthenticated access to artifacts associated with public repositories.

Updates

• Updated the library dependencies for runner-admin
• CVE patches for web-ui-insights and webhook-service

Bug fixes

• Fixed a vulnerability where artifacts relating to public repositories could be accessed without authentication
• Fixed a bug where workflows in a terminal state with blocked jobs were incorrectly cancelled when a new workflow was triggered with redundant pipeline cancellation enabled.

Updates

• Patched critical CVEs in webhook-service.

Bug fixes

• Fixed a vulnerability that allowed unauthenticated access to artifacts associated with public repositories. Server Release 4.5.8

Bug fixes

• Fixed a vulnerability that allowed unauthenticated access to artifacts associated with public repositories.

Runner Release 3.1.1

Container Runner:

We fixed a bug where the organization name would flicker in the org picker when refreshing the Pipelines and Releases pages.

Bug fixes

• Resolved a bug where machine_provisioner.providers.gcp.network_tags were incorrectly assigned as labels on VM instances instead of as tags.

Updates

• The provider manager’s connection pool size is now configurable under domain_service.providersMangerMaxPoolSize. The default is set to 10.

Bug Fixes

• Fixed a bug where OIDC tokens failed to be injected into a job, causing the environment variables $CIRCLE_OIDC_TOKEN and $CIRCLE_OIDC_TOKEN_V2 being missing.
• Resolved a bug where machine_provisioner.providers.gcp.network_tags were incorrectly assigned as labels on VM instances instead of as tags.
• Fixed a bug that prevented remote Docker from working in air-gapped environments. An external reaper container repository has been exposed for this and can be configured via docker_provisioner.reaperContainerRepository.
• Fixed an issue with IRSA roles on AWS GovCloud, which uses the S3 partition aws-us-gov instead of the default aws. This is now exposed in the values file under s3.partition.

New Known Issues

• Setting a custom reaper container repository (via docker_provisioner.reaperContainerRepository) is currently incompatible with Windows VMs and prevents Windows jobs from running.

The role description was not rendering properly in the CircleCI web app when sending an invitation to a new user. This has been fixed.

The “Insights Snapshot Badge” functionality on CircleCI is deprecated and will stop working on a to-be-announced date. We will update our community forum and send communication to impacted users when we have determined an EOL date.

Updates

• The provider manager’s connection pool size is now configurable under domain_service.providersMangerMaxPoolSize. The default is set to 10.

Bug fixes

• Resolved a bug where machine_provisioner.providers.gcp.network_tags were incorrectly assigned as labels on VM instances instead of as tags.
• Fixed a bug that prevented remote Docker from working in air-gapped environments. An external reaper container repository has been exposed for this and can be configured via docker_provisioner.reaperContainerRepository.
• Fixed an issue with IRSA roles on AWS GovCloud, which uses the S3 partition aws-us-gov instead of the default aws. This is now exposed in the values file under s3.partition.

New known issues

• Setting a custom reaper container repository (via docker_provisioner.reaperContainerRepository) is currently incompatible with Windows VMs and prevents Windows jobs from running.

The formatting was not working as expected when viewing “Config Policies” in the CircleCI web app. This has been fixed.

An issue that was causing the “Edit Config” button in the CircleCI web app to lead to a “config not found” error has been fixed.

Updates

• The provider manager’s connection pool size is now configurable under domain_service.providersMangerMaxPoolSize. The default is set to 10.

Bug fixes

• Network tags in GCP now function as expected.
• Fixed a bug that prevented remote Docker from working in air-gapped environments. An external reaper container repository has been exposed for this and can be configured via docker_provisioner.reaperContainerRepository.
• Improved handling of AWS errors by machine-provisioner

Bug Fixes

• Network tags in GCP now function as expected.

Updates

• The provider manager’s connection pool size is now configurable under domain_service.providersMangerMaxPoolSize. The default is set to 10.

Bug Fixes

• Fixed a bug that prevented remote Docker from working in air-gapped environments. An external reaper container repository has been exposed for this and can be configured via docker_provisioner.reaperContainerRepository.
• Fixed an issue with IRSA roles on AWS Gov Cloud, which uses the S3 partition aws-us-gov instead of the default aws. This is now exposed in the values file under s3.partition.

New Known Issues

• Setting a custom reaper container repository (via docker_provisioner.reaperContainerRepository) is currently incompatible with Windows VMs and prevents Windows jobs from running.

In the Manage tab of the Plan page in the CircleCI web app, the copy has been updated for clarity.

We fixed a bug that caused pipelines not to be triggered on force push events that reset the branch or tag to an older commit in the commit history.
This bug only affected GitHub App pipelines.

CircleCI is making an upgrade to its local CLI which will require all local CLI users to upgrade major versions. There are no expected breaking changes to the CLI’s functionality, however, a version upgrade will be required as the existing versions will no longer be supported.

Exact timing is to be determined, follow this community forum post for more details.

Runner Release 3.0.26

Both Machine and Container Runner:

• Patched several high and critical vulnerabilities in indirect Go dependencies.

When a user accepts an invitation to a CircleCI organization that has an org slug that follows the pattern circleci/<UID>, we now send an automated email to the user who sent the invite letting them know that the invitation has been accepted.

You can view your org slug in Organization settings > Overview.

Updates:

• Ability to specify the AWS partition with .object_storage.s3.partition.
• Ability to specify the reaper image (pause:3.6) with .docker_provisioner.reaperContainerRepository.

The component that renders log output on the Job Details page of the CircleCI web app has been updated. If you are seeing issues with the log output when using Firefox, please ensure that you do have disabled any browser extensions that alter page content.

Additionally, the “accessible step output” toggle has moved from the Job Details page to User Settings > Accessibility.

Updates:

• Improved handling of AWS errors by machine-provisioner

We fixed a bug that allowed users to select GitHub App pipelines as “pipeline to run” when creating a Bitbucket Data Center trigger. The “pipeline to run” dropdown now correctly includes only Bitbucket Data Center pipelines.

We have fixed an issue that was causing the Contexts page in the CircleCI web app to crash.

When users clicked the ‘Go back’ button on the repo selection page during project creation, they were being redirected to a 404 error. This issue has been resolved so users are now correctly taken to the pipeline setup page.

We fixed an issue which caused GitHub App pipelines running on the default branch to be incorrectly subject to auto-cancellation if triggered in close sequence. This issue did not affect organizations integrated through GitHub OAuth.

CircleCI will be moving to twice-yearly major and minor version releases of Server. Releases will be targeted for Spring (April) and Fall (October). Patch releases for bugs and security updates will be made monthly as needed.