Bug Fixes

• Fixed a bug where users would receive a 400 error when attempting to log in caused by a break in web-ui-authentication. This bug was introduced in server 4.7.7

Image Updates

• web-ui-authentication

The Server 4.7.7 Release is broken

We have found a bug in the server 4.7.7 release which breaks logins. We are working on a fix actively. Please avoid upgrading to version 4.7.7

Downloading this helm chart release has been disabled.

Updates

Bug Fixes

• Fixed a bug where “empty pipelines” responses from the API would prevent the UI from loading.
• docker-provisioner-provisioner will roll when a manually provided certificate is changed

Chart Updates

The following charts have moved from Bitnami-hosted to CircleCI-hosted:

NOTE

Please note this release has been marked as broken and should not applied. Fixes will be applied in the 4.7.8 patch.

We have updated our Xcode Image Release, Update, and Deprecation Policy to reflect a change in how new image releases are announced and a change to the number of images we retain.

Updates

• RDS is now compatible with server 4.8.1. We have removed the permissions checks that previously blocked full support.
• When new workflows are stored, job numbers are generated for all jobs in that workflow together.
• Context-service will now use the same method as workflows-conductor to for table name consistency

Bug Fixes

• Fixed an issue that caused a lag between when jobs finished and when they were marked as complete
• Removed the GitHub App pipelines tooltips and pipeline management from the UI as Server does not support GitHub App pipelines at this time.
• SSH rerun now works in air-gap and in installations with a self-signed certificate on GitHub Enterprise.

Image Updates

• audit-log-service
• webhook-service
• cron-service
• branch-service
• feature-flags
• distributor
• execution-gateway
• output
• frontend (underlying container is now circle-www-api)
• builds-service
• orbs-service
• workflows-conductor
• insights-service
• machine-provisioner
• permissions-service
• domain-service
• policy-service
• authentication service
• ciam-service
• ciam-gateway
• contexts-service
• picard
• runner-admin
• step
• web-ui

Known Issues

• Vault may not refresh its client token after a month of uptime. Migrate to Tink to resolve this issue.
• Retry with SSH for jobs using the machine executor advertises a private IP address. For this reason, retry with SSH for jobs using the machine executor works as standard for public installations, but for private installs you would need to ensure that you can access the private IP advertised. For example, by using a VPN into your VPC.

To learn more about Server 4.8 installation, migration, or operations please review our documentation.

The Insights pages in the CircleCI web app & endpoints in the v2 API will be temporarily unavailable for planned maintenance on Sunday, July 27, between 14:00 and 16:00 UTC.

There was a bug that caused some branches to be missing from the branch filter dropdown on the Pipelines page. This has now been fixed and all branches should display as expected.

CircleCI is performing API maintenance on June 30th. No downtime or customer impact is expected. Refer to the CircleCI status page for the most up to date information.

CircleCI will no longer automatically generate “deploy markers”. This functionality is being sunset in favor of more accurate, manually configured deploy markers that help users visualize their deployments in the CircleCI web app.

Questions or concerns? Reach out to aditya.kumar@circleci.com

Updates

Bug Fixes

• CVE fixes
• Fixed a bug where the pipeline page for OSS repositories could be visible without being logged into CircleCI. Please reach out to your account team for more information.
• SSH rerun now works in air-gap and in installations with a self-signed certificate on GitHub Enterprise.

Image Updates

• frontend (underlying container is now circle-www-api)
• builds-service
• orbs-service
• workflows-conductor
• insights-service

Known Issues

• RabbitMQ needs features enabled prior to upgrading

Reminder

Maintenance window for Runner is scheduled for June 3rd, 2025, at 19:00 PST/22:00 EST. The maintenance window will last until 19:10 PST/22:10 EST.

On June 25, 2025, the Insights pages in the CircleCI web app will be updated with the following changes:

Maintenance window for Runner is scheduled for June 3rd, 2025, at 19:00 PST/22:00 EST. The maintenance window will last until 19:10 PST/22:10 EST.

There was a bug that was causing Scheduled Pipelines to show up as Trigger Event = “Push: commit pushed” in the CircleCI web app. This has now been fixed.

CircleCI is making an upgrade to its local CLI which will require all local CLI users to upgrade to v0.1.31425 or higher if using the following two commands:

The project count on app.circleci.com/home was incorrectly including deleted projects. This has now been fixed.

Runner Release 3.0.27

Container Runner:

Upgrade dependencies to address CVEs in the 3.0 container runner agent.

Updates

Bug Fixes

• Various CVE remediations
• Fixed a bug where the job page for OSS repositories could be visible without being logged into CircleCI. Please reach out to your account team for more information.

Image Updates

• branch-service
• branch-service-migrator
• execution-gateway
• runner-admin
• runner-admin-migrator
• web-ui-onboarding

Updates

• Added support for additional certificates for OIDC
• Added support for assume_role_arn to the Machine Provisioner configmap
• Server version now included in support bundles

Bug Fixes

• Fixed a bug causing the /workflow-run api route to give 404 errors
• Various CVE remediations
• Fixed a bug where the job page for OSS repositories could be visible without being logged into CircleCI. Please reach out to your account team for more information.

Image Updates

• execution-gateway
• machine-provisioner
• machine-provisioner-migrator
• web-ui-server-admin
• picard

Updates

• oidc-tasks-service runs migrations before it’s main container is deployed
• Remote Docker and Machine jobs can now assume an IAM role by configuring machine_provisioner.providers.ec2.assumedRoleArn in your values.yaml

Bug Fixes

• /workflow-run/ route has been added to kong. Links for approval jobs will now be correctly routed on GHE
• The OIDC plugin now supports custom certificates
• A docker-provisioner custom config can not be provided in your helm upgrade command via --set-file
• upgraded nextjs to resolve related CVEs

The host OS that Docker jobs run on is being upgraded to support new features and ongoing security and bug patches. This upgrade has now been rolled out to all customers.

Effective April 1, 2025, all Japanese versions of our public documentation will be removed from the site. The language switcher will also be discontinued.

The host OS that Docker jobs run on is being upgraded to support new features and ongoing security and bug patches. This upgrade is being applied to jobs using Docker ARM and IP ranges from now through April 1.

Runner Release 3.1.3

Machine Runner:

Users who land on the user homepage while logged out are now automatically redirected to the login page.

A bug that was causing the loading spinner to spin infinitely when no additional pipelines were available after clicking the ‘See more’ button on the pipelines page has been fixed.

Users of CircleCI’s GitHub App integration would occasionally not be able to see a list of repositories to choose from when creating a new project. This bug has been fixed.

A bug that was causing the “Timing” tab in the CircleCI web app to show UUIDs instead of a string of the step name has been fixed.

A bug that caused a nearly full dark screen when creating a new project in organizations that integrate with CircleCI’s GitHub App has now been fixed.

Changes:

• Patched critical CVEs

See more details here.

• Added quick-start options to make it easier to understand what types of questions can be asked
• Loading screen adjusted to be smoother when a new pipeline is triggered
• Minor copy changes

CircleCI periodically updates the keys used to sign OIDC tokens in alignment with security best practices. No customer action is required to continue using OIDC with previously configured services.

Changes:

• Patched critical CVEs

See more details here.

Runner Release 3.1.2

Container Runner:

The host OS that Docker jobs run on has been upgraded to support new features and ongoing security and bug patches. This upgrade will roll out to all customers over the next few weeks. Affected customers have been notified via email. Learn more about this change in Discuss: Docker Executor Infrastructure Upgrade.

Updates

• Patched critical CVEs in web-ui-insights and webhook-service.

Bug fixes

• Fixed a vulnerability that allowed unauthenticated access to artifacts associated with public repositories.
• Resolved a bug that prevented a job from being rerun using SSH.

Updates

• Patched critical CVEs in web-ui-insights and webhook-service.

Bug fixes

• Fixed a vulnerability that allowed unauthenticated access to artifacts associated with public repositories.

Updates

• Updated the library dependencies for runner-admin
• CVE patches for web-ui-insights and webhook-service

Bug fixes

• Fixed a vulnerability where artifacts relating to public repositories could be accessed without authentication
• Fixed a bug where workflows in a terminal state with blocked jobs were incorrectly cancelled when a new workflow was triggered with redundant pipeline cancellation enabled.

Updates

• Patched critical CVEs in webhook-service.

Bug fixes

• Fixed a vulnerability that allowed unauthenticated access to artifacts associated with public repositories. Server Release 4.5.8

Bug fixes

• Fixed a vulnerability that allowed unauthenticated access to artifacts associated with public repositories.

Runner Release 3.1.1

Container Runner:

We fixed a bug where the organization name would flicker in the org picker when refreshing the Pipelines and Releases pages.

Bug fixes

• Resolved a bug where machine_provisioner.providers.gcp.network_tags were incorrectly assigned as labels on VM instances instead of as tags.

Updates

• The provider manager’s connection pool size is now configurable under domain_service.providersMangerMaxPoolSize. The default is set to 10.

Bug Fixes

• Fixed a bug where OIDC tokens failed to be injected into a job, causing the environment variables $CIRCLE_OIDC_TOKEN and $CIRCLE_OIDC_TOKEN_V2 being missing.
• Resolved a bug where machine_provisioner.providers.gcp.network_tags were incorrectly assigned as labels on VM instances instead of as tags.
• Fixed a bug that prevented remote Docker from working in air-gapped environments. An external reaper container repository has been exposed for this and can be configured via docker_provisioner.reaperContainerRepository.
• Fixed an issue with IRSA roles on AWS GovCloud, which uses the S3 partition aws-us-gov instead of the default aws. This is now exposed in the values file under s3.partition.

New Known Issues

• Setting a custom reaper container repository (via docker_provisioner.reaperContainerRepository) is currently incompatible with Windows VMs and prevents Windows jobs from running.

The role description was not rendering properly in the CircleCI web app when sending an invitation to a new user. This has been fixed.

Updates

• The provider manager’s connection pool size is now configurable under domain_service.providersMangerMaxPoolSize. The default is set to 10.

Bug fixes

• Resolved a bug where machine_provisioner.providers.gcp.network_tags were incorrectly assigned as labels on VM instances instead of as tags.
• Fixed a bug that prevented remote Docker from working in air-gapped environments. An external reaper container repository has been exposed for this and can be configured via docker_provisioner.reaperContainerRepository.
• Fixed an issue with IRSA roles on AWS GovCloud, which uses the S3 partition aws-us-gov instead of the default aws. This is now exposed in the values file under s3.partition.

New known issues

• Setting a custom reaper container repository (via docker_provisioner.reaperContainerRepository) is currently incompatible with Windows VMs and prevents Windows jobs from running.

The formatting was not working as expected when viewing “Config Policies” in the CircleCI web app. This has been fixed.

An issue that was causing the “Edit Config” button in the CircleCI web app to lead to a “config not found” error has been fixed.

Updates

• The provider manager’s connection pool size is now configurable under domain_service.providersMangerMaxPoolSize. The default is set to 10.

Bug fixes

• Network tags in GCP now function as expected.
• Fixed a bug that prevented remote Docker from working in air-gapped environments. An external reaper container repository has been exposed for this and can be configured via docker_provisioner.reaperContainerRepository.
• Improved handling of AWS errors by machine-provisioner