Compare releases

Compare releases and check for compatibility between your existing Octopus Server and new releases.

Release notes

These are the features and fixes you'll get by upgrading from 2020.2.20 to 2020.3.10.

Changes in Octopus 2020.3.10

  • 6640 - Fix WebSocket polling endpoint possibly allowing untrusted connections - CVE: CVE-2020-27155

Changes in Octopus 2020.3.9

  • 6613 - Fix issue where a large number of polling Tentacles can significantly slow down Octopus Server

Changes in Octopus 2020.3.8

  • 6618 - df command in healthchecks can hang on CentOS
  • 6627 - Fix bug where Self-hosted Octopus susceptible to host-header injection attacks (CVE-2020-26161)

Changes in Octopus 2020.3.7

  • 6606 - Fix bug where bash script can reveal sensitive variable values - CVE: CVE-2020-25825

Changes in Octopus 2020.3.6

  • 6573 - Fixed validation check for Action Container Image step to work with Docker Server
  • 6579 - Relaxed requirements for hosting Octopus Server back to SQL Server 2016

Changes in Octopus 2020.3.5

  • 6545 - Fixes error that occurs when configuring AWS ECR external feeds
  • 6560 - Fix crash in¬†lost-master-key¬†command

Changes in Octopus 2020.3.4

  • 6490 - UI fixes to get publishing buttons showing in the primary Runbook layouts
  • 6520 - UI fix to show step information in deployment preview
  • 6534 - UI fixing expanders in step editor and library variable sets
  • 6543 - Fix server task log files being left open
  • 6563 - Fix bug where certain passwords are written to the deployment log in plain-text - CVE: CVE-2020-24566

Changes in Octopus 2020.3.3

  • 6529 - Breaking change Certificates and accounts used by deployment targets must now be scoped to all tenants the deployment target belongs to - CVE: CVE-2020-16197
  • 6321 - Accounts can now be selected without refreshing on the tenant common variables screen
  • 6500 - Default variables are displayed again on tenant variable selection screens
  • 6509 - fixes issue that prevented worker pools being selectable for deployment targets
  • 6512 - Octopus Server service will keep running when version control project's background sync throws an SQL timeout exception
  • 6507 - Fix regression in Octopus Server Manager to allow using an existing database if the master-key is known

Changes in Octopus 2020.3.2

  • 5862 - Fix filter alignment on multiple pages
  • 6485 - Fixes to include the CORS headers and any custom cookie domain to the integrated-challenge endpoint response
  • 6491 - Azure accounts scoped to tenanted and untenanted deployment mode are validated correctly for untenanted deployments
  • 6515 - Fixed the Download as JSON menu item for runbooks

Changes in Octopus 2020.3.1

  • 5691 - Fixed an issue where worker pool selection reset to default when changing execution location
  • 6080 - Removes an incorrect note when setting sensitive fields in tenant variables
  • 6182 - Fixed an issue where the Kubernetes Container Step wasn't allowing Variables for the "Volume Name"
  • 6252 - Fixed a bug where packageId variables could not be scoped to a process
  • 6277 - Pre-releases now correctly show the current release changes only
  • 6336 - Adds variable to set a non-default Azure CLI Extensions Folder
  • 6348 - Maven artifacts can optionally be specified by packaging and classifier, for example org.example:myartifact:jar, org.example:myartifact:zip or org.example:myartifact:jar:sources
  • 6355 - Helm charts can now be stored in the built-in feed
  • 6357 - The task log now changes it's refresh based on the speed of the response and the state of the deployment
  • 6359 - Improved validation on the build information endpoint
  • 6360 - Prevent Docker login warning from causing deployments to fail on Windows
  • 6361 - Upgrading a Linux Tentacle no longer updates all system packages
  • 6363 - Added AccountView permission to built-in Project viewer role
  • 6364 - Fixed Powershell script highlighting
  • 6366 - To prevent potential data corruption, Octopus Server will actively prevent downgrading to an older version before it starts
  • 6368 - Add support for DNS options and termination message in K8S deployment step
  • 6369 - Show a missing resource chip on the Deploy a Release step if the target project is not accessible
  • 6370 - Include more detail on permission exceptions
  • 6374 - Changed the background job scheduler to keep state between nodes and not rely on there being a leader node
  • 6376 - Skip inaccessible certificate stores when deploying HTTPS bindings to an IIS website
  • 6377 - Breaking Change Removed the node Rank (Follower/Leader) and IsLeader
  • 6383 - Added diagnostic logging and verification of files in the Octopus Server directory on launch
  • 6384 - External ID now available when assuming an IAM role
  • 6385 - Azure passwords with leading dash work as expected
  • 6386 - Fix to support object parameter default values in ARM templates entered as JSON
  • 6388 - Prevent SQL Timeouts crashing the Releases and Tasks Page for users with complex permissions
  • 6392 - Upgrade Helm Chart step can now be configured with worker pool
  • 6394 - Fixed generation of Swagger Api Documentation to ensure it's valid according to http://swagger.io|swagger.io
  • 6398 - When using OpenID Connect authentication, ignore unsupported JWKs
  • 6401 - Adjusted security to allow downloads in Chrome 83
  • 6404 - Fixed Library variables are not included in unpublished runbook previews
  • 6405 - Fixed a bug where expandable sections were incorrectly collapsed by default when creating new resources
  • 6420 - UI introducing a multi-step process-editing experience
  • 6423 - Fixed confusing UX when the value for a parameter is empty
  • 6426 - Environment Scoping for Runbooks
  • 6427 - Collapse Deployments / Operations menus in Projects
  • 6428 - Added default guided failure mode to runbook settings
  • 6430 - Added support for specifying the session duration when assuming an AWS role
  • 6432 - Added configurable retention policies for runbooks
  • 6433 - Fixed a bug where Upgrade a Helm Chart Step templates created before 2019.12.2 may be using the wrong helm client version
  • 6436 - Task duration now updates every second
  • 6437 - Fixed rendering of error page
  • 6443 - Added formatting for multiple line commit messages in build information and package pages
  • 6455 - Add support for ingressClassName in Kubernetes Ingress steps
  • 6457 - Fix issue when editing K8S YAML when package is used for project versioning
  • 6458 - Fixed misleading error when creating or upgrading an octopus database using an unsupported version of SQL Server
  • 6461 - Fixed an issue where existing deployment processes with tenant tags caused the UI to error
  • 6462 - Fixed bug where docker image package names weren't being validated correctly when sending build information
  • 6469 - Fixed an issue where the process editor wasn't showing run trigger options
  • 6470 - Fixed an issue where failure run conditions not being shown in process editor
  • 6471 - Fixes an issue where a caller passes an empty string to a tag ID instead of a null and the empty string fails validation
  • 6483 - Reduce storage used by audit events
  • 6484 - Improve view of audit events

Changes in Octopus 2020.2.20

  • 6607 - Fix bug where bash script can reveal sensitive variable values - CVE: CVE-2020-25825