What’s New in Release 2.19.02
Fixes
-
In the LDAP login flow we now use an anonymous form to
POST
LDAP auth state, rather than sending it as aGET
parameter. Previously, when a user authenticated using LDAP, their username and password were sent in plaintext as part of a query parameter in aGET
request. As requests are over HTTPS, this left usernames and passwords in request logs, etc. This issue is now fixed. -
Optimizely and Zendesk are now removed from Server release images.
-
Fixed an issue in which setting
CIRCLE_ADMIN_SERVER_HTTP_THREADS
orCIRCLE_PUBLIC_FACING_SERVER_HTTP_THREADS
too high would prevent the frontend container from starting. -
Due to changes in the GitHub API we have removed the use of
?client_id=x&client_secret=y
for GitHub, and GHE versions 2.17 and later. -
Fixed an issue that was causing intermittent failures to spin up VMs with DLC in use.
-
Fixed an issue that was preventing the customization of proxy settings for Docker containers. See the Nomad Client Proxy and Service Configuration Overrides guides for more infomation.
-
Fixed a bug that was preventing job steps for non-failing builds being logged when proxy settings were used for the job container.
- Removed legacy TLS versions 1.0 and 1.1, in addition, enabled 1.2 and 1.3 TLS, and specified the following ciphersuites
- ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384
- Fixed a
statsd
configuration issue that meant some services were not emitting Telegraf metrics.
Known Issues
- If any changes have been made to your networking configuration from the default, you should run the following steps to ensure you can use SSH to inspect your builds:
- For customers using AWS, make sure that you have the latest Launch Configuration configured for Nomad clients, and that exiting Nomad clients were spun up using the Launch Configuration.
- On each Nomad Client machine, create
/etc/circleci/public-ipv4
- This file should contain the public (if aplicable) or private IP of the nomad client
- Classic Load Balancer is no longer available from this version due to the ciphersuite changes listed above. CircleCI no longer accepts requests from Classic Load Balancer, so you should move to Network Load Balancer (NLB) or Application Load Balancer (ALB).