Before upgrading
See the CircleCI server 4.5 release notes and upgrade guide for this release.
Vault is being deprecated and will no longer be supported in server 5.0. Refer to our script for steps to migrate to Tink.
What’s new in Release 4.5.0
The v4.5 release introduces security and performance improvements.
New features
- You can now restrict access to contexts using expression restrictions. Read more in the docs.
- You can now configure the Nomad Autoscaler
evaluation_interval
and cooldown
.
Changes
- Very large and complex configuration files, notably those using a high number of pipeline parameters, will now have a shorter compile time.
- Optimizations have been made in orb-service for a reduction in both storage space used and timeouts for very large configuration compilation.
- The login page has been replaced with a new one. When logging in to server now you will be redirected to
/server-login
. The banner from the login page has been removed.
- Selecting items in the navigation bars of the settings pages no longer triggers a full page reload.
- Project and personal access tokens are now hashed rather than being stored as plaintext.
- Obsolete caches have been removed leading to improve Workflows Conductor performance and reduced Redis usage.
- Required
domain-service
caching variables are now defined by default.
- Various changes have been made in the UI to standardize style and icon usage.
Bug fixes
- Fixed a bug that was causing duplicate workflows showing in the UI.
- Fixed a bug that was causing config compliation checks to attempt to access an invalid subdomain.
- The self-hosted runners Create Resource Class button in the web app has been fixed.
New services
New services introduced with this release:
ciam-gateway
ciam
web-ui-authentication
Database migrations
The following databases will run migrations when upgrading to this version:
builds_service
permissions
runneradmin
conductor_production
Known issues
- Vault may not refresh its client token after a month of uptime. Migrate to Tink to resolve this issue.
- Retry with SSH for jobs using the machine executor advertises a private IP address. For this reason, retry with SSH for jobs using the machine executor works as standard for public installations, but for private installs you would need to ensure that you can access the private IP advertised. For example, by using a VPN into your VPC.
- CircleCI 1.0 builds are not supported. If an attempt is made to run a 1.0 build, no feedback will be available in the application to indicate the cause of the issue. If a build is run on your installation and does not show up in the CircleCI application, use the CircleCI CLI to validate the project configuration and get details of the possible cause of the issue.
- Customers installing Server to GKE should wait to upgrade until further notice. There is an issue preventing a successful upgrade. New installations are not impacted.
To learn more about Server 4.5 installation, migration, or operations please review our documentation.