What’s New in Release 2.19.02
In the LDAP login flow we now use an anonymous form to
POSTLDAP auth state, rather than sending it as a
GETparameter. Previously, when a user authenticated using LDAP, their username and password were sent in plaintext as part of a query parameter in a
GETrequest. As requests are over HTTPS, this left usernames and passwords in request logs, etc. This issue is now fixed.
Optimizely and Zendesk are now removed from Server release images.
Fixed an issue in which setting
CIRCLE_PUBLIC_FACING_SERVER_HTTP_THREADStoo high would prevent the frontend container from starting.
Due to changes in the GitHub API we have removed the use of
?client_id=x&client_secret=yfor GitHub, and GHE versions 2.17 and later.
Fixed an issue that was causing intermittent failures to spin up VMs with DLC in use.
Fixed a bug that was preventing job steps for non-failing builds being logged when proxy settings were used for the job container.
- Removed legacy TLS versions 1.0 and 1.1, in addition, enabled 1.2 and 1.3 TLS, and specified the following ciphersuites
- Fixed a
statsdconfiguration issue that meant some services were not emitting Telegraf metrics.
- If any changes have been made to your networking configuration from the default, you should run the following steps to ensure you can use SSH to inspect your builds:
- For customers using AWS, make sure that you have the latest Launch Configuration configured for Nomad clients, and that exiting Nomad clients were spun up using the Launch Configuration.
- On each Nomad Client machine, create
- This file should contain the public (if aplicable) or private IP of the nomad client
- Classic Load Balancer is no longer available from this version due to the ciphersuite changes listed above. CircleCI no longer accepts requests from Classic Load Balancer, so you should move to Network Load Balancer (NLB) or Application Load Balancer (ALB).