Before Upgrading
See the CircleCI server 4.7 release notes and upgrade guide for this release.
NOTE: Vault is being deprecated and will no longer be supported in server 5.0. Refer to our script for steps to migrate to Tink.
What’s New in Release 4.7.0
The v4.7 release introduces security improvements with the implementation of rootless containers.
NEW FEATURES
- Approval jobs can now be canceled through the CircleCI UI or via the API.
CHANGES
- Server components now run as rootless containers, enhancing security.
- The Nomad server
ReplicaSet
is now scaled to 5 pods by default, which improves execution stability at scale.
- Configuration for the RabbitMQ
PersistantVolumeClaim
(PVC) is now exposed through server Helm values. For more details, see the docs.
BUG FIXES
- Resolved an issue where
frontend
pods would not automatically detect and apply a new server license.
- Fixed a bug where a workflow could be prematurely marked as failed before all non-blocking jobs were run.
- Fixed a configuration issue that could cause connection refusals between Kong and Soketi following an upgrade to version 1 of Soketi.
- Addressed a typo in the Helm values for
machine_provisioner.machine_agent_base_url
. The correct template value should be machine_provisioner.agent_base_url
.
SERVICE CHANGES
Deprecated components removed with this release:
web-ui-404
: Previously served the 404 error page. Its functionality has now been merged into the main web-ui
component.
- Support for GitHub Enterprise versions <= 2.2: Code supporting these versions has been removed, as they are no longer supported by GitHub.
DATABASE MIGRATIONS
The following databases will run migrations when upgrading to this version:
authenticationservice
conductor_production
KNOWN ISSUES
- SSH reruns in air-gap will time out, leaving the job in an error state
- Vault may not refresh its client token after a month of uptime. Migrate to Tink to resolve this issue.
- Retry with SSH for jobs using the machine executor advertises a private IP address. For this reason, retry with SSH for jobs using the machine executor works as standard for public installations, but for private installs you would need to ensure that you can access the private IP advertised. For example, by using a VPN into your VPC.
- CircleCI 1.0 builds are not supported. If an attempt is made to run a 1.0 build, no feedback will be available in the application to indicate the cause of the issue. If a build is run on your installation and does not show up in the CircleCI application, use the CircleCI CLI to validate the project configuration and get details of the possible cause of the issue.
To learn more about Server 4.7 installation, migration, or operations please review our documentation.