Compare releases

Compare releases

Find out what's new in the latest Octopus Deploy release, or compare the latest release to what you're currently running to see what's changed.

Highlights

These are the most important features you'll get by upgrading from 2018.10.2 to 2019.1.5

Octopus 2018.11

Highlights

This release is our first fast lane release after the 2018.10 LTS release with long term support. If you're not sure what this means to you, please read the announcement to help decide which lane works best for you.

Even though it's been released at the start of January 2019, its a wrap up of all the work we did at the end of 2018. It mainly contains UI updates, but also a bunch of important fixes.

Cloud Dependency Updates

All the Cloud dependencies that ship with Octopus have had an update:

  • Azure PowerShell modules upgraded to 6.11.0 (Requires PowerShell 5.1)
  • Azure CLI upgraded to 2.0.50
  • AWS PowerShell modules upgraded to 3.3.390.0
  • AWS CLI upgraded to 1.16.52
  • Terraform CLI upgraded to 0.11.10
  • Terraform AzureRm plugin upgraded to 1.19.0
  • Terraform AWS plugin upgraded to 1.51.0
  • Terraform Azure plugin upgraded to 0.1.1

Database performance updates

At the end of the installation process, Octopus will rebuild or reorganize database indexes that are fragmented to ensure the database performs at its best. This may take some time, depending on the size of your database.

As normal, all of the usual steps for upgrading Octopus Deploy apply.

Octopus 2018.12

This release consists of a few important bug fixes and enhancements. Most notable is updating our Azure support to handle deprecated management certificate better.

Octopus 2019.1


Highlights

Spaces

To bring in the new year, we are shipping our latest feature. Spaces is a comprehensive set of user interface, API and permission system changes designed to make it easier to configure deployments in busy organizations.

From our documentation:

Spaces let you partition your Octopus server so that different teams can only access the projects, environments, and infrastructure they work with from the spaces they are members of.

Teams & Permissions

We have re-designed the way permissions are assigned to Teams, making it easier than ever to configure and manage permissions for your users. As part of this we have rewritten much of the code that enforces these permissions so that we can make sure Octopus keeps your data safe. There are a few breaking changes involved here, so customers with complex permission configurations may want to pay careful attention to the release notes.


Release Notes

Issues and Bugfixes

  • 5226 - Breaking change Increased the speed of artifact retrieval and cascade deletion when there are many artifacts
  • 5239 - Added Tentacle support for spaces. Breaking change Deregister commands no longer remove trust for the server

Upgrading

As with any upgrade for self hosted customers, we recommend taking a database backup first. Given there are some breaking changes to how the built in feed is structured on disk, we also recommend taking a filesystem backup too.

In order to make use of the new Spaces feature, Tentacles should be updated to version 4.0.0, Octopus.Client dependencies should be updated to 5.0.0 and any other integrations should be updated to their latest version.

Breaking Changes

Before upgrading to this release, there are some breaking changes in behaviour that you need to be aware of.

Tentacle

Some tentacle operations now necessarily act within a space and the CLI commands accept an optional spaceName parameter. These commands are the register-with, register-worker, deregister-from, deregister-worker and show-configuration commands. Since the deregister-* commands act within a single space, and a single Tentacle can register machines in multiple spaces, these commands no longer remove trust for the Octopus Server. To remove trust, the command Tentacle.exe configure --remove-trust=... must instead be used.

API Changes

A number of API route changes were made in this release. Most routes now include a segment that represents the target Space. We provide a Default Space for backwards compatibility with the old routes.

Disabling the Default Space will turn off backwards compatibility. Anything that leans on the old API routes, integrations, extensions and tools may break when the default spaces is disabled. More information here

Many of these changes are also reflected in Octopus.Client, so it is recommended your integrations update to the latest version of Octopus.Client (at least 5.0.0).

IsMultiTenancyEnabled

The property representing whether multi-tenancy was enabled is no longer exposed through the features endpoint (/api/featuresconfiguration) but is now exposed through the tenancy status endpoint (/api/tenants/status or /api/{spaceId}/tenants/status).

Built in Repository & Feeds

The endpoint responsible for fetching and configuring settings related to the built in package repository (/api/repository/configuration) has been removed. Instead, the built in package repository settings are managed the same way as other feed types, through the feeds api (/api/feeds/{feedId}), where the {feedId} is the Id of the built in package repository. The built in package repository endpoint has moved from /api/serverstatus/nuget to /api/feeds/stats or /api/{spaceId}/feeds/stats

ServerTask links

The Links collection on Tasks (TaskResource) no longer contains Artifacts and Interruptions links for the subset of task types for which they do not apply (i.e. “System” tasks).

UserRoles

UserRoles (UserRoleResource) used to contain a single collection of GrantedPermissions, but now instead contains separate collections for permissions that apply within a space (GrantedSpacePermissions), and permissions that apply at the system level (GrantedSystemPermissions). Similarly, PermissionDescriptions has been replaced by SpacePermissionDescriptions and SystemPermissionDescriptions

Teams

Teams no longer contain scope properties (ProjectGroups, Projects, Environments and Tenants), nor do they reference UserRole. These concepts have been replaced by the new entity type ScopedUserRole.

ScopedUserRoles

This new entity type exists at /api/scopeduserroles. It represents an application of a UserRole to a Team. It also includes the scope properties (ProjectGroups, Project, Environment and Tenants) that apply for that UserRole. This enables UserRoles with different scoped applied to the same Team (i.e. the same group of Users), and also allows the same Team to have access to different Spaces.

Artifacts

Artifacts (Artifactresource) no longer contains RelatedDocumentIds. Instead there is a new property called ServerTaskId to indicate which ServerTask the Artifact was collected from. Artifacts can only be associated with AdHoc Script tasks and Deployment tasks.

Permission changes

The implementation of our permissions system was changed in order to support Spaces. At the same time, we took the opportunity to apply permissions more consistently, so that we could reduce confusion while also making things more secure.

This resulted in some breaking changes to permissions where the old system was not consistent. In most cases, the new system is more restrictive than the old system, so upon upgrade most users should not have more access than they previously had.

Some of these changes require additional permissions to do certain tasks. For users that tend to use built in User Roles, Octopus should continue to behave as it did before and no action is required.

Customers with complex permission configurations may want to pay careful attention to the release notes, as there may be action required after upgrade. While most of these changes affect edge cases that normal users won’t encounter, we recommend testing your permissions after upgrade to ensure they behave as you intend.

In general *Edit and *Delete permissions, now strictly requires the corresponding *View permission.

For example: AccountDelete now also requires AccountView MachinePolicyEdit now also requires MachinePolicyView And so on

Accounts

Retrieving accounts by ID is more restrictive now (to be consistent with the Index endpoint). It used to allow you to see documents with partial scoping (eg. no tenants) when your permissions were scoped, which is no longer the case. Getting the usage of accounts may require ProjectView

Certificates

Retrieving certificates by ID is more restrictive now (to be consistent with the Index endpoint). It used to allow you to see documents with partial scoping (eg. no tenants) when your permissions were scoped, which is no longer the case. Getting the usage of certificates may require ProjectView Viewing the public Octopus Server certificate no longer requires the MachineEdit permission. It is accessible by any authenticated user.

Action Templates

Search and logo retrieval requires ActionTemplateView Get usages of the action template requires ProjectView Updating deployment actions will skip actions that are inaccessible rather than failing Updating deployment actions additionally requires the ProjectView permission

Artifacts

Users with could not view/edit or create a completely unscoped artifact if their permissions were scoped, but now they can.

Audit

AuditView permission has been removed because it is no longer applicable, as you always needed EventView to actually see events via the Audit screen. There is no migration required for this, e.g. if you had AuditView without EventView previously, then you could not see any events anyway.

Cloud Template

The cloud template endpoint no longer requires the ProcessEdit permission. It is accessible by any authenticated user.

Deployment

Creating a deployment additionally requires ReleaseView, ProcessView, ProjectView, EnvironmentView, DeploymentView Modifying a deployment additionally requires EnvironmentView Tenanted deployments additionally require TenantView

Deployment Process

Getting a template requires ReleaseView Getting a list of Deployment processes now requires ProcessView

Events

Events that are scoped to multiple of the same type of document, and your EventView permission are scoped to the same documents then you can now see that event. You can see events that partially match your permissions scopes, instead of needing to match all of your permission scopes.

Feeds

Downloading packages or viewing the delta signature for the built in feed additionally requires the FeedView permission Searching for packages in the built in release feed requires ReleaseView and ProjectView. Modifying configuration for the built in feed now requires the BuiltInFeedAdminister instead of the ConfigureServer permission.

Interruptions

InterruptionViewSubmitResponsible is the only permission required to take responsibility and submit and interruption when that interruption has assigned responsible teams. To view an assigned interruption you may require UserView

Library Variable Sets

LibraryVariableSetView is now consistently checked in all scenarios where a variable set is accessed.

Lifecycles

Lifecycles can be created or edited only when the user has EnvironmentView access to all environments used by that lifecycle EnvironmentView is required to preview a lifecycle ‘ProcessView’ and ‘ProjectView’ are required to view projects connected to a lifecycle The lifecycle progression API now requires ProcessView, DeploymentView, TenantView, EnvironmentView and LifecycleView

Projects & Project Groups

Creating a project group and adding a project no longer requires ProcessView

Packages

When replacing an existing package, the BuiltInFeedPush permission check will take into account the project scopes applied to that permission You can no longer get the delta signature of a package scoped to a project, while your BuiltInFeedDownload permission was scoped to a different project

Releases

Editing a release requires ProcessView and ProjectView Updating release variables requires ProjectView Viewing a release requires ProjectView Getting a release template requires ProcessView and LifecycleView Getting the release progression requires ProcessView and LifecycleView

Server Nodes

Octopus Server Nodes GET endpoints are accessible to authenticated users - they don’t require administrator access. Any modifications still required administrator access.

Tasks

Cancelling a task requires TaskView, and any permissions that would be required to create that type of task (for example, EnvironmentView or MachineEdit for AdHoc Script tasks) Re-running a task requires the same permissions as creating that task. You can now always view the raw task log if you have TaskView for that task and also TaskViewLog. Modifying a task’s state when that task is not a Deployment task now requires TaskEdit scoped to that task, instead of requiring unscoped TaskEdit

Tenants

Getting tenant variables requires ProjectView Getting missing variables for tenants requires LibraryVariableSetView Updating the sort order for tag sets requires TagSetEdit instead of TenantEdit

Users

Getting a list of users will always return at least one result (yourself), even if you lack the UserView permission

Details

Changes in Octopus 2018.10.2 LTS

  • 5246 - New-OctopusAzureWebAppTarget command slot name parameter is now honoured

Changes in Octopus 2018.10.3 LTS

  • 5287 - Prevented infinite polling loop when navigation happens while request is in flight

Changes in Octopus 2018.10.4 LTS

  • 5314 - Save terraform sensitive values as Octopus sensitive values (CVE-2019-8944)

Changes in Octopus 2018.10.5 LTS

  • 5336 - Database upgrade script failed with a InvalidOperationException

Changes in Octopus 2018.10.6 LTS

  • [5438/droyad] - Improved the performance the Projects API when many projects use features that are based on step names
  • [5439/droyad] - Improved the speed of the automatic release creation after a package upload
  • [5456/droyad] - Improved the performance of the permission loading that occurs after a Team, User or Role is changed

Changes in Octopus 2018.10.7 LTS

  • 5433 - Update to Halibut to ignore unnecessary ACL failures that were causing deployments to fail

Changes in Octopus 2018.10.8 LTS

  • 5552 - Improve Performance of Dashboard by indexing temp table
  • 5758 - Updating no-javascript link to https

Changes in Octopus 2018.10.9 LTS

  • 5758 - Updating no-javascript link to https

Changes in Octopus 2018.11.0

  • 5128 - Provide support for --tiller-namespace, --tiller-connection-timeout and --timeout on helm upgrade command
  • 5134 - Added --user as an alias for --username to the command line interface
  • 5138 - Improved how the task log is displayed, most notably when conditions are used and in failure scenarios
  • 5162 - Added an overflow menu to the step edit page to delete and enable/disable the step
  • 5168 - Corrected the order of Tenant Tags in the summary text for step conditions to match the order defined on the Tenant Tag Set
  • 5169 - Updated the task list task type filter to support the full range of task types
  • 5172 - Improved the UI layout for checkbox validation messages and fixed overlapping validation and actions on tenant variables
  • 5176 - Flag HA server node as offline when shutting down
  • 5178 - Fixed an issue that prevented script types other than PowerShell from running during Azure steps
  • 5180 - Okta authentication provider now allows override of the claim used to determine the user's username
  • 5181 - Fragmented database indexes are automatically rebuilt or reorganized after other upgrade script have run
  • 5182 - Included a link to the project group on the project edit screen
  • 5183 - Added code folding support to the code editor
  • 5184 - Task re-run permission corrected in user interface, now operates same as the original adhoc-task run
  • 5185 - Cloned K8S deployment steps no longer delete K8S resources deployed by other projects
  • 5186 - Fixed an issue where the incorrect radio button for certificates on a HTTPS binding was selected by default
  • 5188 - Remove ability to use old (pre 4.0) portal
  • 5189 - Added missing validation for packages to the Deploy to NGINX step
  • 5190 - UI fix for variable editor popover menus being visually cut off
  • 5193 - Updated a number of dev dependencies and run-time dependencies including moment and lodash
  • 5012 - Updated Web App deployments to use XML publish endpoint enabling deployments for Linux based Web Apps using web deploy

Changes in Octopus 2018.11.1

  • 5194 - UI wording updates to SSH target and .NET framework options
  • 5195 - Fixed a bug where deleting an unsaved step from the overflow menu would delete the last step in the deployment process instead

Changes in Octopus 2018.11.2

  • 4891 - Fix an issue meaning Infrastructure tab didn't load correctly for some permission scoping combinations
  • 4929 - TLS certificates can now be configured on Kubernetes Ingress
  • 5118 - Resolved issue preventing Kubernetes custom resource YAML containing variable expression from being saved
  • 5146 - Bugfix: Support additional values file sourced from helm chart package
  • 5177 - Fix and issue where deployments to cloud services would fail to authenticate after migrating from old versions of octopus
  • 5179 - Squashed bug resulting from removing package references from cloned steps
  • 5199 - Made the capitalization of headings on the project settings page consistent
  • 5200 - Fixed an issue on slow connections where attempting to edit a newly cloned step caused a page refresh rather than navigating to the edit step page
  • 5201 - Made the Machine Policy field on a new deployment target always visible to reduce confusion
  • 5202 - Kubernetes Service fields now displayed before Ingress fields on Deploy Kubernetes Containers step
  • 5203 - Ensure K8S lifecycle hooks encode each command line as a string
  • 5209 - Fixed an issue preventing new steps from being added and or modified when a step uses an account variable selector such as AWS and Terraform steps
  • 5212 - Fix grammar in the summary text for a child step when used in a rolling deployment

Changes in Octopus 2018.11.3

  • 5210 - Resolved JSON encoding issue with k8s config maps and secrets
  • 5215 - Improved handling of transient I/O errors when writing server logs
  • 5217 - Steps can now be cloned to a different project
  • 5218 - Fix for resource searching that incorrectly escaped left square brace, resulting in incomplete query results
  • 5221 - Downgraded Octopus.Dependencies.AzureCmdlets to v6.8.1

Changes in Octopus 2018.12.0

  • 5045 - Reduced the key size of the index IXServerTask_Common so it no longer exceeds the maximum key size
  • 5205 - Upgrade to latest version of Azure libraries in Octopus Server means breaking some management certificate support
  • 5216 - Turn off context autosave in AzureRM powershell scripts
  • 5219 - Allow step templates to be created from a step
  • 5222 - Server can now download all NuGet packages created with the latest version of NuGet
  • 5227 - Bugfix - Referencing PackageVersion variable from another step is not evaluating correctly
  • 4287 - Fix for TaskView check incorrectly operating on health check tasks when scoped.

Changes in Octopus 2018.12.1

  • 2521 - Polling Tentacle timeout can now be configured via the machine policy, replacing the Octopus.Server.exe.config settings. If you are using those settings, open each machine policy, check the settings and save the policy
  • 5124 - Added support for touch screens when reordering lists (e.g. when re-ordering steps)
  • 5174 - Attempt to cancel any running tasks when shutting down the Octopus service
  • 5204 - SSH and Tentacle connection timeouts and limits can now be configured via the machine policy
  • 5229 - External feed URLs are now trimmed to prevent validation errors
  • 5231 - Squashed null reference error in Deploy Kubernetes Containers step when secret has no data
  • 5233 - Added support for AWS S3 and CloudFormation steps to run on ssh Linux targets
  • 5237 - Fix for incorrect permission warning on Project overview screen if user only had ProjectView scoped on group dimension

Changes in Octopus 2019.1.0

  • 5226 - Breaking change Increased the speed of artifact retrieval and cascade deletion when there are many artifacts
  • 5239 - Added Tentacle support for spaces. Breaking change Deregister commands no longer remove trust for the server
  • 3055 - Fix for inconsistencies in EventView permission calculations.
  • 4362 - Tentacle Manager no longer overwrites Tentacle instances with the same name.
  • 4831 - Tentacle Manager now properly handles selecting and creating of Roles that include spaces

Changes in Octopus 2019.1.1

  • 4562 - Added option to exclude unhealthy targets at the beginning of a deployment
  • 5141 - Allow overriding namespace in Helm Upgrade step
  • 5234 - Added Python 3 support for script steps, ad-hoc scripts and custom deployment scripts
  • 5238 - Steps that are skipped due to not finding any deployment targets to run on are now marked as skipped rather than successful, resolving an issue where the incorrect run time was shown
  • 5240 - UI fix for package version rendering issues on Create Release screen
  • 5241 - Octopus.Migrator.exe now uses the ID to name exported certificate files to ensure all certifcates are exported correctly, even superseded certificates
  • 5244 - New-OctopusAzureWebAppTarget command slot name parameter is now honoured
  • 5245 - Variable expressions that reference a non existent JSON property now evaluate to an empty string
  • 5248 - The server now completes it startup sequence before processing a shutdown request
  • 5249 - Fix for a user with Tenant scoped ProcessEdit would prevent UI from showing Create Release action
  • 5250 - Fix for ProcessEdit permission correctly operating with Tenant dimension to show add channel button
  • 5251 - Fix for ProjectEdit permission correctly operating with Project Group dimension to allow settings editing and tenant linking
  • 5252 - Fix to ensure post installation scripts correctly refresh views

Changes in Octopus 2019.1.2

  • 5247 - Fixed a bug where the Feeds endpoints would not return a backwards compatible FeedResource for old versions of octo.exe
  • 5253 - AWS now correctly uses the EC2 instance role metadata
  • 5254 - Package upload dates are now shown again (when available) on the previous versions dialog
  • 5255 - The refresh feed list button on the Run a Helm Update step no longer crashes
  • 5256 - Stopped showing the (unsupported) built in feed for the Run a Helm Update step
  • 5257 - Fix for permission error on Releases screen when user had valid Tenant scoped ReleaseView and ProcessView permissions

Changes in Octopus 2019.1.3

  • 5258 - Fix for update deployment process returning incorrect error for missing ProcessEdit permission when it's Tenant scoped
  • 5259 - Resolved migrator issue where attachments were causing '$' to be left in IDs
  • 5260 - Fix for Tenant scoped ProcessEdit permission warning when updating Action Templates
  • 5262 - Fixes errors during upgrade for instances that cannot access the package roots parent directory

Changes in Octopus 2019.1.4

  • 5266 - Fixed error when health checking Tenant scoped targets in 2019.1.0 and later
  • 5268 - Fixed UI bug with exclude unhealthy targets setting

Changes in Octopus 2019.1.5

  • 5267 - Resolved error when cloning a channel-scoped step to another project
  • 5273 - Fix a bug when navigating to a community action template
  • 5275 - Fix for scheduled deployments that contain a deploy a release step failing with a permission exception