As of today, November 10, 2025, the default resource class for macOS jobs for Free plan organizations changes from macos.m1.medium.gen1 to m4pro.medium.

Starting November 10, 2025, the default resource class for macOS jobs for Free plan organizations will change from macos.m1.medium.gen1 to m4pro.medium. This means that all macOS jobs for Free plan organizations will run on m4pro.medium, regardless of the resource class specified in your configuration. The m4pro.medium resource class offers significantly better performance and faster build times compared to previously available resources.

We’ve resolved an issue where pull request summaries created by Chunk didn’t always match the actual code changes. PR descriptions now accurately reflect the modifications Chunk made.

Chunk now avoids creating pull requests when it cannot verify fixes through either local testing or pipeline monitoring, reducing false positives.

We’ve resolved a bug where the “More Details” section was missing from Chunk pull request descriptions. PR bodies now include a link to view the full task execution in the CircleCI web app, providing quick access to logs and execution details.

On December 3, 2025, the default resource class for macOS jobs will change from macos.m1.medium.gen1 to m4pro.medium for customers on a paid plan (Performance and Scale). Free plan customers transitioned to this default on November 10th. .

We’ve resolved a regression that was causing incomplete output and poor formatting in execution logs when using OpenAI as your model provider. Logs now display complete details with proper formatting, enabling easier troubleshooting.

In the CircleCI web app > Organization settings > Chunk settings > gear icon, the Chunk environment setup page has been simplified for better usability.

Updates

• Ships with a updated version of redis to address CVE-2025-49844
• Fix for fractional byte value warning when performing helm upgrades
• Added missing annotations to secrets so that the secrets may be preserved in the cluster namespace by default in the event of a helm uninstall
• General component dependency updates and CVE fixes
• Updated machine-agent

Image Updates

• web-ui
• permissions-service
• init-known-hosts
• machine-provisioner
• cron-service
• policy-service
• branch-service
• insights-service
• machine-agent

Updates

• Ships with a updated version of redis to address CVE-2025-49844
• Fix for fractional byte value warning when performing helm upgrades
• Added missing annotations to secrets so that the secrets may be preserved in the cluster namespace by default in the event of a helm uninstall
• General component dependency updates and CVE fixes

Image Updates

• web-ui
• web-ui-insights
• web-ui-org-settings
• web-ui-authentication
• web-ui-onboarding
• init-known-hosts
• cron-service
• authentication-service
• orbs-service
• policy-service
• branch-service
• insights-service

Fixes

• Fixed and issues where policies would fail, the neither the UI nor the CLI showed logs as to why the workflow was denied due to builds-service not being able to connect to policy-service on the correct port binding
• dependency update for branch-service

Image Updates

• branch-service

Updates

• Added support for IMDSv1 on ECC2 instances
• Various dependency updates for components
• Update go modules in runner-admin
• Added support communication between docker-provisioner and an externalized nomad server over HTTPS
• Fixes for schema drift
• CVE fixes for circle-www-api, orb-service, workflows-conductor,api-service

Image Updates

• branch-service
• insights-service
• permissions-service
• api-service
• policy-service
• contexts-service
• domain-service
• circle-www-api
• build-agent
• domain-service
• authentication-svc
• orb-service
• workflows-conductor
• cron-service
• builds-service
• machine-provisioner
• policy-service
• init-known-hosts
• ciam-gateway

Updates

• Added support for IMDSv1 on ECC2 instances
• CVE fixes for web-ui components
• Updated golang modules in init-known-hosts, ciam-gateway, authentication-service, permissions-service
• Updated some clojure components
• Fixed a bug that prevented additional tags from being consistently applied to machine resources between helm upgrades

Image Updates

• web-ui
• web-ui-insights
• web-ui-org-settings
• init-known-hosts
• cron-service
• ciam-gateway
• authentication-service
• permissions-service
• machine-provisioner

Chunk’s flaky test fixing capability now runs Sunday thru Thursday @ 22:00 UTC. This only applies to chunk task configurations created on Sep 19 onwards.

Bug Fixes

• Fixed issue where users were unable to access the login page
• Fixed a bug that prevented Remote Docker (setup_remote_docker) builds from using OIDC to pull images from ECR by updating the AWS SDK in docker-provisioner

Image Updates

• machine-provisioner
• branch-service
• docker-provisioner
• insights-service
• context-service
• domain-service
• server-postgres
• web-ui-authentication
• builds-service
• workflows-conductor
• orb-service

Bug Fixes

• Fixed a bug where users would receive a 400 error when attempting to log in caused by a break in web-ui-authentication. This bug was introduced in server 4.7.7

Image Updates

• web-ui-authentication

The Server 4.7.7 Release is broken

We have found a bug in the server 4.7.7 release which breaks logins. We are working on a fix actively. Please avoid upgrading to version 4.7.7

Downloading this helm chart release has been disabled.

Updates

Bug Fixes

• Fixed a bug where “empty pipelines” responses from the API would prevent the UI from loading.
• docker-provisioner-provisioner will roll when a manually provided certificate is changed

Chart Updates

The following charts have moved from Bitnami-hosted to CircleCI-hosted:

NOTE

Please note this release has been marked as broken and should not applied. Fixes will be applied in the 4.7.8 patch.

We have updated our Xcode Image Release, Update, and Deprecation Policy to reflect a change in how new image releases are announced and a change to the number of images we retain.

Updates

• RDS is now compatible with server 4.8.1. We have removed the permissions checks that previously blocked full support.
• When new workflows are stored, job numbers are generated for all jobs in that workflow together.
• Context-service will now use the same method as workflows-conductor to for table name consistency

Bug Fixes

• Fixed an issue that caused a lag between when jobs finished and when they were marked as complete
• Removed the GitHub App pipelines tooltips and pipeline management from the UI as Server does not support GitHub App pipelines at this time.
• SSH rerun now works in air-gap and in installations with a self-signed certificate on GitHub Enterprise.

Image Updates

• audit-log-service
• webhook-service
• cron-service
• branch-service
• feature-flags
• distributor
• execution-gateway
• output
• frontend (underlying container is now circle-www-api)
• builds-service
• orbs-service
• workflows-conductor
• insights-service
• machine-provisioner
• permissions-service
• domain-service
• policy-service
• authentication service
• ciam-service
• ciam-gateway
• contexts-service
• picard
• runner-admin
• step
• web-ui

Known Issues

• Vault may not refresh its client token after a month of uptime. Migrate to Tink to resolve this issue.
• Retry with SSH for jobs using the machine executor advertises a private IP address. For this reason, retry with SSH for jobs using the machine executor works as standard for public installations, but for private installs you would need to ensure that you can access the private IP advertised. For example, by using a VPN into your VPC.

To learn more about Server 4.8 installation, migration, or operations please review our documentation.

The Insights pages in the CircleCI web app & endpoints in the v2 API will be temporarily unavailable for planned maintenance on Sunday, July 27, between 14:00 and 16:00 UTC.

There was a bug that caused some branches to be missing from the branch filter dropdown on the Pipelines page. This has now been fixed and all branches should display as expected.

CircleCI is performing API maintenance on June 30th. No downtime or customer impact is expected. Refer to the CircleCI status page for the most up to date information.

CircleCI will no longer automatically generate “deploy markers”. This functionality is being sunset in favor of more accurate, manually configured deploy markers that help users visualize their deployments in the CircleCI web app.

Questions or concerns? Reach out to aditya.kumar@circleci.com

Updates

Bug Fixes

• CVE fixes
• Fixed a bug where the pipeline page for OSS repositories could be visible without being logged into CircleCI. Please reach out to your account team for more information.
• SSH rerun now works in air-gap and in installations with a self-signed certificate on GitHub Enterprise.

Image Updates

• frontend (underlying container is now circle-www-api)
• builds-service
• orbs-service
• workflows-conductor
• insights-service

Known Issues

• RabbitMQ needs features enabled prior to upgrading

Reminder

Maintenance window for Runner is scheduled for June 3rd, 2025, at 19:00 PST/22:00 EST. The maintenance window will last until 19:10 PST/22:10 EST.

On June 25, 2025, the Insights pages in the CircleCI web app will be updated with the following changes:

Maintenance window for Runner is scheduled for June 3rd, 2025, at 19:00 PST/22:00 EST. The maintenance window will last until 19:10 PST/22:10 EST.

There was a bug that was causing Scheduled Pipelines to show up as Trigger Event = “Push: commit pushed” in the CircleCI web app. This has now been fixed.

CircleCI is making an upgrade to its local CLI which will require all local CLI users to upgrade to v0.1.31425 or higher if using the following two commands:

The project count on app.circleci.com/home was incorrectly including deleted projects. This has now been fixed.

Runner Release 3.0.27

Container Runner:

Upgrade dependencies to address CVEs in the 3.0 container runner agent.

Bug Fixes

• Various CVE remediations
• Fixed a bug where the job page for OSS repositories could be visible without being logged into CircleCI. Please reach out to your account team for more information.

Image Updates

• branch-service
• branch-service-migrator
• execution-gateway
• runner-admin
• runner-admin-migrator
• web-ui-onboarding

Updates

• Added support for additional certificates for OIDC
• Added support for assume_role_arn to the Machine Provisioner configmap
• Server version now included in support bundles

Bug Fixes

• Fixed a bug causing the /workflow-run api route to give 404 errors
• Various CVE remediations
• Fixed a bug where the job page for OSS repositories could be visible without being logged into CircleCI. Please reach out to your account team for more information.

Image Updates

• execution-gateway
• machine-provisioner
• machine-provisioner-migrator
• web-ui-server-admin
• picard

Updates

• oidc-tasks-service runs migrations before it’s main container is deployed
• Remote Docker and Machine jobs can now assume an IAM role by configuring machine_provisioner.providers.ec2.assumedRoleArn in your values.yaml

Bug Fixes

• /workflow-run/ route has been added to kong. Links for approval jobs will now be correctly routed on GHE
• The OIDC plugin now supports custom certificates
• A machine-provisioner custom config can now be provided in your helm upgrade command via --set-file. Machine-provisioner custom config can also be provided inline in the Helm values.yaml.
• Upgraded Next.js to resolve related CVEs

The host OS that Docker jobs run on is being upgraded to support new features and ongoing security and bug patches. This upgrade has now been rolled out to all customers.

Effective April 1, 2025, all Japanese versions of our public documentation will be removed from the site. The language switcher will also be discontinued.

The host OS that Docker jobs run on is being upgraded to support new features and ongoing security and bug patches. This upgrade is being applied to jobs using Docker ARM and IP ranges from now through April 1.

Runner Release 3.1.3

Machine Runner:

Users who land on the user homepage while logged out are now automatically redirected to the login page.

A bug that was causing the loading spinner to spin infinitely when no additional pipelines were available after clicking the ‘See more’ button on the pipelines page has been fixed.

Users of CircleCI’s GitHub App integration would occasionally not be able to see a list of repositories to choose from when creating a new project. This bug has been fixed.

A bug that was causing the “Timing” tab in the CircleCI web app to show UUIDs instead of a string of the step name has been fixed.

A bug that caused a nearly full dark screen when creating a new project in organizations that integrate with CircleCI’s GitHub App has now been fixed.

Changes:

• Patched critical CVEs

See more details here.

• Added quick-start options to make it easier to understand what types of questions can be asked
• Loading screen adjusted to be smoother when a new pipeline is triggered
• Minor copy changes

CircleCI periodically updates the keys used to sign OIDC tokens in alignment with security best practices. No customer action is required to continue using OIDC with previously configured services.

Changes:

• Patched critical CVEs

See more details here.

Runner Release 3.1.2

Container Runner: