View entire changelog

Release 2.19.02

Apr 15, 2020

Maintenance

What’s New in Release 2.19.02

Fixes

  • In the LDAP login flow we now use an anonymous form to POST LDAP auth state, rather than sending it as a GET parameter. Previously, when a user authenticated using LDAP, their username and password were sent in plaintext as part of a query parameter in a GET request. As requests are over HTTPS, this left usernames and passwords in request logs, etc. This issue is now fixed.

  • Optimizely and Zendesk are now removed from Server release images.

  • Fixed an issue in which setting CIRCLE_ADMIN_SERVER_HTTP_THREADS or CIRCLE_PUBLIC_FACING_SERVER_HTTP_THREADS too high would prevent the frontend container from starting.

  • Due to changes in the GitHub API we have removed the use of ?client_id=x&client_secret=y for GitHub, and GHE versions 2.17 and later.

  • Fixed an issue that was causing intermittent failures to spin up VMs with DLC in use.

  • Fixed an issue that was preventing the customization of proxy settings for Docker containers. See the Nomad Client Proxy and Service Configuration Overrides guides for more infomation.

  • Fixed a bug that was preventing job steps for non-failing builds being logged when proxy settings were used for the job container.

  • Removed legacy TLS versions 1.0 and 1.1, in addition, enabled 1.2 and 1.3 TLS, and specified the following ciphersuites
    • ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384
  • Fixed a statsd configuration issue that meant some services were not emitting Telegraf metrics.

Known Issues

  • If any changes have been made to your networking configuration from the default, you should run the following steps to ensure you can use SSH to inspect your builds:
    • For customers using AWS, make sure that you have the latest Launch Configuration configured for Nomad clients, and that exiting Nomad clients were spun up using the Launch Configuration.
    • On each Nomad Client machine, create /etc/circleci/public-ipv4
    • This file should contain the public (if aplicable) or private IP of the nomad client
  • Classic Load Balancer is no longer available from this version due to the ciphersuite changes listed above. CircleCI no longer accepts requests from Classic Load Balancer, so you should move to Network Load Balancer (NLB) or Application Load Balancer (ALB).

Previous changes

Apr 09, 2020

Page Load Time Improvements on the New UI Job Page    

Enhancement

Apr 07, 2020

RAM Disks    

Enhancement