Compare releases
Compare releases and check for compatibility between your existing Octopus Server and new releases.
What's new
These are the most important features you'll get by upgrading from 2019.1.11 to 2019.2.6
Octopus 2019.2
Highlights
User Invitations into Space Teams
We have added the ability to invite new users into Teams that are owned by Spaces. Previously, new Users could only be invited into System-level Teams, but now Spaces and Space Managers can be self sufficient by inviting new Users without needing to ask a more privileged user to first invite the user into a System team.
Improved Date Display
We've done some renovations around how we handle and display dates. Now, we display dates in your local timezone where possible, and if that isn't possible, we include the timezone, so it's much easier to tell when something happened if you're in a distributed team or in a different timezone to your Octopus Server. Unfortunately, this has meant we've had to make some breaking changes, but we believe the impact will be low.
Breaking Changes
- The
LastSeen
property onoctopusservernodes/ping
now returns an ISO8601 date instead of a formatted string - The human-readable
Completed
date on aTask
is now formatted with a timezone - The human-readable
Published
date on aPackage
is now formatted with a timezone - The
Rank
,LastSeen
andIsOffline
properties have been removed from the/api/OctopusServerNodes/{id}
endpoint, and are now available from a new endpoint/api/OctopusServerNodes/summary
- The
EffectiveExpiryDate
on the/api/licenses/licenses-current-status
endpoint is now formatted with aDate
(yyyy-MM-dd) rather thanDateTimeOffset
data type. - The third party libraries we use to read certificates have been upgraded to newer versions which include tighter certificate verification. This may reject incorrectly formatted certificates.
- The
write-verbose
PowerShell Cmdlet now mimics native PowerShell behavior more closely -write-verbose "myvar = " $myvar
is no longer valid and will throw apositional parameter cannot be found
error. Please usewrite-verbose "myvar = $myvar"
instead.
Octopus 2019.1
Highlights
Spaces
To bring in the new year, we are shipping our latest feature. Spaces is a comprehensive set of user interface, API and permission system changes designed to make it easier to configure deployments in busy organizations.
From our documentation:
Spaces let you partition your Octopus server so that different teams can only access the projects, environments, and infrastructure they work with from the spaces they are members of.
Teams & Permissions
We have re-designed the way permissions are assigned to Teams, making it easier than ever to configure and manage permissions for your users. As part of this we have rewritten much of the code that enforces these permissions so that we can make sure Octopus keeps your data safe. There are a few breaking changes involved here, so customers with complex permission configurations may want to pay careful attention to the release notes.
Breaking Changes
Before upgrading to this release, there are some breaking changes in behaviour that you need to be aware of.
Tentacle
Some tentacle operations now necessarily act within a space and the CLI commands accept an optional spaceName
parameter. These commands are the register-with
, register-worker
, deregister-from
, deregister-worker
and show-configuration
commands. Since the deregister-*
commands act within a single space, and a single Tentacle can register machines in multiple spaces, these commands no longer remove trust for the Octopus Server. To remove trust, the command Tentacle.exe configure --remove-trust=...
must instead be used.
API Changes
A number of API route changes were made in this release. Most routes now include a segment that represents the target Space. We provide a Default Space
for backwards compatibility with the old routes.
Disabling the Default Space
will turn off backwards compatibility. Anything that leans on the old API routes, integrations, extensions and tools may break when the default spaces is disabled. More information here
Many of these changes are also reflected in Octopus.Client, so it is recommended your integrations update to the latest version of Octopus.Client (at least 5.0.0
).
IsMultiTenancyEnabled
The property representing whether multi-tenancy was enabled is no longer exposed through the features endpoint (/api/featuresconfiguration
) but is now exposed through the tenancy status endpoint (/api/tenants/status
or /api/{spaceId}/tenants/status
).
Built in Repository & Feeds
The endpoint responsible for fetching and configuring settings related to the built in package repository (/api/repository/configuration
) has been removed. Instead, the built in package repository settings are managed the same way as other feed types, through the feeds api (/api/feeds/{feedId}
), where the {feedId}
is the Id of the built in package repository.
The built in package repository endpoint has moved from /api/serverstatus/nuget
to /api/feeds/stats
or /api/{spaceId}/feeds/stats
ServerTask links
The Links collection on Tasks (TaskResource
) no longer contains Artifacts
and Interruptions
links for the subset of task types for which they do not apply (i.e. “System” tasks).
UserRoles
UserRoles (UserRoleResource
) used to contain a single collection of GrantedPermissions
, but now instead contains separate collections for permissions that apply within a space (GrantedSpacePermissions
), and permissions that apply at the system level (GrantedSystemPermissions
). Similarly, PermissionDescriptions
has been replaced by SpacePermissionDescriptions
and SystemPermissionDescriptions
Teams
Teams no longer contain scope properties (ProjectGroups, Projects, Environments and Tenants), nor do they reference UserRole
. These concepts have been replaced by the new entity type ScopedUserRole
.
ScopedUserRoles
This new entity type exists at /api/scopeduserroles
. It represents an application of a UserRole to a Team. It also includes the scope properties (ProjectGroups, Project, Environment and Tenants) that apply for that UserRole. This enables UserRoles with different scoped applied to the same Team (i.e. the same group of Users), and also allows the same Team to have access to different Spaces.
Artifacts
Artifacts (Artifactresource
) no longer contains RelatedDocumentIds
. Instead there is a new property called ServerTaskId to indicate which ServerTask the Artifact was collected from.
Artifacts can only be associated with AdHoc Script tasks and Deployment tasks.
Permission changes
The implementation of our permissions system was changed in order to support Spaces. At the same time, we took the opportunity to apply permissions more consistently, so that we could reduce confusion while also making things more secure.
This resulted in some breaking changes to permissions where the old system was not consistent. In most cases, the new system is more restrictive than the old system, so upon upgrade most users should not have more access than they previously had.
Some of these changes require additional permissions to do certain tasks. For users that tend to use built in User Roles, Octopus should continue to behave as it did before and no action is required.
Customers with complex permission configurations may want to pay careful attention to the release notes, as there may be action required after upgrade. While most of these changes affect edge cases that normal users won’t encounter, we recommend testing your permissions after upgrade to ensure they behave as you intend.
In general *Edit
and *Delete
permissions, now strictly requires the corresponding *View
permission.
For example:
AccountDelete
now also requires AccountView
MachinePolicyEdit
now also requires MachinePolicyView
And so on
Accounts
Retrieving accounts by ID is more restrictive now (to be consistent with the Index endpoint). It used to allow you to see documents with partial scoping (eg. no tenants) when your permissions were scoped, which is no longer the case.
Getting the usage of accounts may require ProjectView
Certificates
Retrieving certificates by ID is more restrictive now (to be consistent with the Index endpoint). It used to allow you to see documents with partial scoping (eg. no tenants) when your permissions were scoped, which is no longer the case.
Getting the usage of certificates may require ProjectView
Viewing the public Octopus Server certificate no longer requires the MachineEdit
permission. It is accessible by any authenticated user.
Action Templates
Search and logo retrieval requires ActionTemplateView
Get usages of the action template requires ProjectView
Updating deployment actions will skip actions that are inaccessible rather than failing
Updating deployment actions additionally requires the ProjectView
permission
Artifacts
Users with could not view/edit or create a completely unscoped artifact if their permissions were scoped, but now they can.
Audit
AuditView
permission has been removed because it is no longer applicable, as you always needed EventView
to actually see events via the Audit screen. There is no migration required for this, e.g. if you had AuditView
without EventView
previously, then you could not see any events anyway.
Cloud Template
The cloud template endpoint no longer requires the ProcessEdit
permission. It is accessible by any authenticated user.
Deployment
Creating a deployment additionally requires ReleaseView
, ProcessView
, ProjectView
, EnvironmentView
, DeploymentView
Modifying a deployment additionally requires EnvironmentView
Tenanted deployments additionally require TenantView
Deployment Process
Getting a template requires ReleaseView
Getting a list of Deployment processes now requires ProcessView
Events
Events that are scoped to multiple of the same type of document, and your EventView
permission are scoped to the same documents then you can now see that event.
You can see events that partially match your permissions scopes, instead of needing to match all of your permission scopes.
Feeds
Downloading packages or viewing the delta signature for the built in feed additionally requires the FeedView
permission
Searching for packages in the built in release feed requires ReleaseView
and ProjectView
.
Modifying configuration for the built in feed now requires the BuiltInFeedAdminister
instead of the ConfigureServer
permission.
Interruptions
InterruptionViewSubmitResponsible is the only permission required to take responsibility and submit and interruption when that interruption has assigned responsible teams.
To view an assigned interruption you may require UserView
Library Variable Sets
LibraryVariableSetView
is now consistently checked in all scenarios where a variable set is accessed.
Lifecycles
Lifecycles
can be created or edited only when the user has EnvironmentView
access to all environments used by that lifecycle
EnvironmentView
is required to preview a lifecycle
‘ProcessView’ and ‘ProjectView’ are required to view projects connected to a lifecycle
The lifecycle progression API now requires ProcessView
, DeploymentView
, TenantView
, EnvironmentView
and LifecycleView
Projects & Project Groups
Creating a project group and adding a project no longer requires ProcessView
Packages
When replacing an existing package, the BuiltInFeedPush
permission check will take into account the project scopes applied to that permission
You can no longer get the delta signature of a package scoped to a project, while your BuiltInFeedDownload
permission was scoped to a different project
Releases
Editing a release requires ProcessView
and ProjectView
Updating release variables requires ProjectView
Viewing a release requires ProjectView
Getting a release template requires ProcessView
and LifecycleView
Getting the release progression requires ProcessView
and LifecycleView
Server Nodes
Octopus Server Nodes GET endpoints are accessible to authenticated users - they don’t require administrator access. Any modifications still required administrator access.
Tasks
Cancelling a task requires TaskView
, and any permissions that would be required to create that type of task (for example, EnvironmentView
or MachineEdit
for AdHoc Script tasks)
Re-running a task requires the same permissions as creating that task.
You can now always view the raw task log if you have TaskView
for that task and also TaskViewLog
.
Modifying a task’s state when that task is not a Deployment task now requires TaskEdit
scoped to that task, instead of requiring unscoped TaskEdit
Tenants
Getting tenant variables requires ProjectView
Getting missing variables for tenants requires LibraryVariableSetView
Updating the sort order for tag sets requires TagSetEdit
instead of TenantEdit
Users
Getting a list of users will always return at least one result (yourself), even if you lack the UserView
permission
Release notes
These are the features and fixes you'll get by upgrading from 2019.1.11 to 2019.2.6.
Changes in Octopus Server 2019.2.6
- 5410 - Fixed crash on
node --drain
command - 5411 - Fixed issue with subscription webhooks using wrong http header type
- 5414 - Fixed startup issue for a subset of customers by a data consistency script in 2019.2.5
Changes in 2019.2.5 (release was disabled/hidden due to a bug found)
- 4821 - Fixed issue where expired cron expressions for scheduled deployments were throwing exceptions
- 4916 - Renamed 'Run a Helm Update' step to 'Upgrade Helm Chart'
- 5140 - Fixed issue where worker health checks run for deployment targets instead
- 5370 - Cleaned up callouts in
Space Edit
screen to improve UX - 5379 - fixes scoping for projects when a different project group is scoped on the user role
- 5381 - Environment section text only shows up if there are environments created on that Octopus instance
- 5387 - fixes project scoping for user roles when scoped to the projects' group
- 5391 - fixes dashboard bug when accessing projects in a group the user doesn't have access to
- 5400 - Added target name to Calamari/Tentacle upgrade task name
- 5401 - Fix for permission errors when trying to view another users permissions if you do not have access in another space
- 5405 - Improved cross document links for ScopedUserRoles to Teams and UserRoles in Audit
Changes in Octopus Server 2019.2.4
- 5208 - Fixed an issue where guided failure does not fail a deployment on the first attempt
- 5356 - Re-wording message that shows up when a task is suspended because the space queue was stopped
- 5373 - Added client side input validation for retry attempts in external feeds
- 5375 - Filter in
Teams
page should only render after all teams have loaded - 5380 - UsernamePassword authentication now accepts email address
- 5383 - Fixed feed refresh button crashes in several built-in steps
- 5392 - Sorted the output of
show-configuration
and the root api responder to make it easier to find things - 5393 - fixes an exception during some upgrades due to incorrect assumptions in the UserRole data model
- 5396 - Migrator.exe no longer fails when importing snapshot VariableSet referencing deleted certificate
- 5397 - Migrator now remaps deployment action worker pool ID when importing
Changes in Octopus Server 2019.2.3
- 4243 - Cloning a project now copies all project settings correctly
- 4349 - Reduce confusion around the select and deselect options for steps excluded from a deployment
- 4685 - Fixed issue where the "new server version" notification was not appearing
- 5322 - Fixed issue where Check Tentacle Health summary was not showing details when all targets ended up as
HasWarnings
orUnhealthy
- 5357 - Modified the tooltip text for Space and System team chips to make it easier to understand
- 5363 - Re-indexing the in-built package repository can now run on any node in a multi-node cluster
- 5364 - Fixed an issue where users without TeamView could not view the configuration for a Space
- 5366 - Allow deployment of raw YAML to K8S Cluster
- 5367 - Corrected an issue where the certificate archive would show incorrect results when loading the second and subsequent pages
- 5368 - Updated the Space Switcher to highlight the active Space
- 5369 - Added a link to the Space Switcher to allow easy space creation
- 5371 - Fixed a bug where you could not fetch artifacts for releases with a large number of deployments
- 5374 - Fixed an issue where the AWS Account variable selector wasn't being displayed
- 5377 - Allow collapsing environment variables for project variable templates when browsing project variables on a tenant
- 5378 -
Task Queue
startup code handles now exceptions correctly
Changes in Octopus Server 2019.2.2
- 2852 - Added warning to Sensitive text fields regarding
##{
characters escaping - 4373 - The environments drop down now updates when selecting a different channel on the variable preview
- 5340 - No longer logging warnings when private keys are not available when doing a Service Fabric deployment
- 5344 - UI adding a confirmation to all "Upgrade Tentacle/Calamari" bulk actions
- 5345 - Resolved issue with HCL templates failing validation in Apply Terraform step
- 5358 - Fixed "Object reference not set to an instance of an object" when calling
/api/projects/all
- 5359 - Invalid certificates already present before 2018.2.0 release may cause
/api/certificates/all
request to fail - 5362 - Fixed a bug where upgrading from old versions of Octopus (pre
3.15.0
) would fail
Changes in Octopus Server 2019.2.1
- 4897 - Add validation for drop down options for variable templates of type "select"
- 5303 - 2100 SQL parameter limit hit when updating usages of step templates fixed
- 5325 - Fixed the
api/reporting/deployments/xml
endpoint, a bug introduced in2019.1.0
- 5338 - Corrupt
builtinrepositoryconfigurations-single
configuration json column fixed - 5343 - Delete project error message does now display the teams blocking the deletion
- 5346 - Automatic lifecycle promotion after automatic release creation works regardless of the permissions of the user that pushed the package, fixing an issue introduced in 2019.1.0
- 5349 - Expose ephemeral storage requests and limits in K8S
- 5351 - Using Tentacle Manager to configure a polling Tentacle does not authenticate with username/password has been fixed
- 5352 - Fixed an issue where nodes with very long names would show StringTooLongException warnings in the log and were unable to elect a Leader node
- 5354 - Improve user experience adding a worker when at license limit