Server 4.8.0 Changelog

Before Upgrading

See the CircleCI server 4.8 release notes and upgrade guide for this release.

NOTE: Vault is being deprecated and will no longer be supported in server 5.0. Refer to our script for steps to migrate to Tink.

What’s New in Release 4.8.0

The v4.8 release introduces further security improvements and support for flexible job dependencies.

NEW FEATURES

• Nomad UI is now accessible.
• Amazon Message Queue (AMQ) is now supported.
• Added support for configuring IOPS and throughput parameters for EC2 instances in the machine provisioner. New parameters can be found in the values.yaml reference.
• CircleCI Server now supports nomad servers externalized from your Kubernetes cluster. You may now deploy nomad servers on your own VM instances. This should improve the performance and stability of your nomad clusters.
• Support for Expression-based job filters
• Support for flexible job dependency.
• Support for Dynamic When Statements for Workflows (Breaking Change)

NEW SERVICE:

• public-api-service

REMOVALS:

• web-ui-user-settings
• web-ui-org-settings
• web-ui-insights
• web-ui-project-settings
• web-ui-runners
• Support for launch-agent
• Already-disabled v2 runner API endpoints.

CHANGES

• Moved from CircleCI fork back to upstream Hashicorp Nomad for improved stability and security updates.
• JSON logging is enabled for Clojure services. This change allows customers to ingest logs from these services to their log aggregators in a familiar and consistent format.
• All containers now run with runAsNonRoot: true
• Telegraf will now include circleci_server_version in all the metrics it collects.
• The frontend container now uses the circleci-www-api image instead of the previously named frontend image.
• Clojure containers have moved to Java 21.
• Kong has been updated to 3.4.2
• Rerun workflow endpoint now has a rate limit of 20 requests per 5 seconds (max burst: 10)
• In server-terraform, the included Nomad images are now based on Ubuntu 22.04 with CgroupsV1 enabled. CgroupsV2 is currently unsupported.

PERFORMANCE IMPROVEMENTS:

• Database Operations: Optimized workflow storage to avoid N+1 database queries, reducing latency and improving concurrency.
• Workflow Status API: Now uses stored workflow status instead of generating it from job data, improving response times.
• Compiled Config Size: Removed unused job definitions from compiled configs, reducing size for customers with large configurations.

BUG FIXES

• Expression based restrictions via API have been fixed.
• Job handlers no longer silently drop on partial failure.
• Fixed broken branch picker functionality.
• SSH reruns in air-gapped installs have been restored.
• Broken pipelines now show triggering information in the UI.

DATABASE MIGRATIONS

The following services will run migrations when upgrading to this version:

• workflows-conductor
• authentication-svc
• builds-service
• branch-service
• contexts-service
• cron-service
• distributor
• domain-service
• insights-service
• machine-provisioner
• orb-service
• permissions-service
• runner-admin

NOTES

Customers that are using “S3-compatible” object storage should ensure that their object storage supports S3’s default data integrity protections. This includes (but is not limited to) Minio RELEASE.2025-01-20T14-49-07Z and Nutanix Objects v5.1.1.

KNOWN ISSUES

• Docker jobs may take an extra 60 seconds to conclude under certain circumstances.
• RDS is not compatible due to certain permissions checks; this will be fixed in 4.8.1.
• Vault may not refresh its client token after a month of uptime. Migrate to Tink to resolve this issue.
• Retry with SSH for jobs using the machine executor advertises a private IP address. For this reason, retry with SSH for jobs using the machine executor works as standard for public installations, but for private installs you would need to ensure that you can access the private IP advertised. For example, by using a VPN into your VPC.

To learn more about Server 4.8 installation, migration, or operations please review our documentation.