Compare releases

Compare releases and check for compatibility between your existing Octopus Server and new releases.

What's new

These are the most important features you'll get by upgrading from 2019.1.11 to 2019.2.8

Octopus 2019.2

Highlights

User Invitations into Space Teams

We have added the ability to invite new users into Teams that are owned by Spaces. Previously, new Users could only be invited into System-level Teams, but now Spaces and Space Managers can be self sufficient by inviting new Users without needing to ask a more privileged user to first invite the user into a System team.

Improved Date Display

We've done some renovations around how we handle and display dates. Now, we display dates in your local timezone where possible, and if that isn't possible, we include the timezone, so it's much easier to tell when something happened if you're in a distributed team or in a different timezone to your Octopus Server. Unfortunately, this has meant we've had to make some breaking changes, but we believe the impact will be low.

Breaking Changes

  • The LastSeen property on octopusservernodes/ping now returns an ISO8601 date instead of a formatted string
  • The human-readable Completed date on a Task is now formatted with a timezone
  • The human-readable Published date on a Package is now formatted with a timezone
  • The Rank, LastSeen and IsOffline properties have been removed from the /api/OctopusServerNodes/{id} endpoint, and are now available from a new endpoint /api/OctopusServerNodes/summary
  • The EffectiveExpiryDate on the /api/licenses/licenses-current-status endpoint is now formatted with a Date (yyyy-MM-dd) rather than DateTimeOffset data type.
  • The third party libraries we use to read certificates have been upgraded to newer versions which include tighter certificate verification. This may reject incorrectly formatted certificates.
  • The write-verbose PowerShell Cmdlet now mimics native PowerShell behavior more closely - write-verbose "myvar = " $myvar is no longer valid and will throw a positional parameter cannot be found error. Please use write-verbose "myvar = $myvar" instead.

Octopus 2019.1

Highlights

Spaces

To bring in the new year, we are shipping our latest feature. Spaces is a comprehensive set of user interface, API and permission system changes designed to make it easier to configure deployments in busy organizations.

From our documentation:

Spaces let you partition your Octopus server so that different teams can only access the projects, environments, and infrastructure they work with from the spaces they are members of.

Teams & Permissions

We have re-designed the way permissions are assigned to Teams, making it easier than ever to configure and manage permissions for your users. As part of this we have rewritten much of the code that enforces these permissions so that we can make sure Octopus keeps your data safe. There are a few breaking changes involved here, so customers with complex permission configurations may want to pay careful attention to the release notes.

Breaking Changes

Before upgrading to this release, there are some breaking changes in behaviour that you need to be aware of.

Tentacle

Some tentacle operations now necessarily act within a space and the CLI commands accept an optional spaceName parameter. These commands are the register-with, register-worker, deregister-from, deregister-worker and show-configuration commands. Since the deregister-* commands act within a single space, and a single Tentacle can register machines in multiple spaces, these commands no longer remove trust for the Octopus Server. To remove trust, the command Tentacle.exe configure --remove-trust=... must instead be used.

API Changes

A number of API route changes were made in this release. Most routes now include a segment that represents the target Space. We provide a Default Space for backwards compatibility with the old routes.

Disabling the Default Space will turn off backwards compatibility. Anything that leans on the old API routes, integrations, extensions and tools may break when the default spaces is disabled. More information here

Many of these changes are also reflected in Octopus.Client, so it is recommended your integrations update to the latest version of Octopus.Client (at least 5.0.0).

IsMultiTenancyEnabled

The property representing whether multi-tenancy was enabled is no longer exposed through the features endpoint (/api/featuresconfiguration) but is now exposed through the tenancy status endpoint (/api/tenants/status or /api/{spaceId}/tenants/status).

Built in Repository & Feeds

The endpoint responsible for fetching and configuring settings related to the built in package repository (/api/repository/configuration) has been removed. Instead, the built in package repository settings are managed the same way as other feed types, through the feeds api (/api/feeds/{feedId}), where the {feedId} is the Id of the built in package repository. The built in package repository endpoint has moved from /api/serverstatus/nuget to /api/feeds/stats or /api/{spaceId}/feeds/stats

ServerTask links

The Links collection on Tasks (TaskResource) no longer contains Artifacts and Interruptions links for the subset of task types for which they do not apply (i.e. “System” tasks).

UserRoles

UserRoles (UserRoleResource) used to contain a single collection of GrantedPermissions, but now instead contains separate collections for permissions that apply within a space (GrantedSpacePermissions), and permissions that apply at the system level (GrantedSystemPermissions). Similarly, PermissionDescriptions has been replaced by SpacePermissionDescriptions and SystemPermissionDescriptions

Teams

Teams no longer contain scope properties (ProjectGroups, Projects, Environments and Tenants), nor do they reference UserRole. These concepts have been replaced by the new entity type ScopedUserRole.

ScopedUserRoles

This new entity type exists at /api/scopeduserroles. It represents an application of a UserRole to a Team. It also includes the scope properties (ProjectGroups, Project, Environment and Tenants) that apply for that UserRole. This enables UserRoles with different scoped applied to the same Team (i.e. the same group of Users), and also allows the same Team to have access to different Spaces.

Artifacts

Artifacts (Artifactresource) no longer contains RelatedDocumentIds. Instead there is a new property called ServerTaskId to indicate which ServerTask the Artifact was collected from. Artifacts can only be associated with AdHoc Script tasks and Deployment tasks.

Permission changes

The implementation of our permissions system was changed in order to support Spaces. At the same time, we took the opportunity to apply permissions more consistently, so that we could reduce confusion while also making things more secure.

This resulted in some breaking changes to permissions where the old system was not consistent. In most cases, the new system is more restrictive than the old system, so upon upgrade most users should not have more access than they previously had.

Some of these changes require additional permissions to do certain tasks. For users that tend to use built in User Roles, Octopus should continue to behave as it did before and no action is required.

Customers with complex permission configurations may want to pay careful attention to the release notes, as there may be action required after upgrade. While most of these changes affect edge cases that normal users won’t encounter, we recommend testing your permissions after upgrade to ensure they behave as you intend.

In general *Edit and *Delete permissions, now strictly requires the corresponding *View permission.

For example: AccountDelete now also requires AccountView MachinePolicyEdit now also requires MachinePolicyView And so on

Accounts

Retrieving accounts by ID is more restrictive now (to be consistent with the Index endpoint). It used to allow you to see documents with partial scoping (eg. no tenants) when your permissions were scoped, which is no longer the case. Getting the usage of accounts may require ProjectView

Certificates

Retrieving certificates by ID is more restrictive now (to be consistent with the Index endpoint). It used to allow you to see documents with partial scoping (eg. no tenants) when your permissions were scoped, which is no longer the case. Getting the usage of certificates may require ProjectView Viewing the public Octopus Server certificate no longer requires the MachineEdit permission. It is accessible by any authenticated user.

Action Templates

Search and logo retrieval requires ActionTemplateView Get usages of the action template requires ProjectView Updating deployment actions will skip actions that are inaccessible rather than failing Updating deployment actions additionally requires the ProjectView permission

Artifacts

Users with could not view/edit or create a completely unscoped artifact if their permissions were scoped, but now they can.

Audit

AuditView permission has been removed because it is no longer applicable, as you always needed EventView to actually see events via the Audit screen. There is no migration required for this, e.g. if you had AuditView without EventView previously, then you could not see any events anyway.

Cloud Template

The cloud template endpoint no longer requires the ProcessEdit permission. It is accessible by any authenticated user.

Deployment

Creating a deployment additionally requires ReleaseView, ProcessView, ProjectView, EnvironmentView, DeploymentView Modifying a deployment additionally requires EnvironmentView Tenanted deployments additionally require TenantView

Deployment Process

Getting a template requires ReleaseView Getting a list of Deployment processes now requires ProcessView

Events

Events that are scoped to multiple of the same type of document, and your EventView permission are scoped to the same documents then you can now see that event. You can see events that partially match your permissions scopes, instead of needing to match all of your permission scopes.

Feeds

Downloading packages or viewing the delta signature for the built in feed additionally requires the FeedView permission Searching for packages in the built in release feed requires ReleaseView and ProjectView. Modifying configuration for the built in feed now requires the BuiltInFeedAdminister instead of the ConfigureServer permission.

Interruptions

InterruptionViewSubmitResponsible is the only permission required to take responsibility and submit and interruption when that interruption has assigned responsible teams. To view an assigned interruption you may require UserView

Library Variable Sets

LibraryVariableSetView is now consistently checked in all scenarios where a variable set is accessed.

Lifecycles

Lifecycles can be created or edited only when the user has EnvironmentView access to all environments used by that lifecycle EnvironmentView is required to preview a lifecycle ‘ProcessView’ and ‘ProjectView’ are required to view projects connected to a lifecycle The lifecycle progression API now requires ProcessView, DeploymentView, TenantView, EnvironmentView and LifecycleView

Projects & Project Groups

Creating a project group and adding a project no longer requires ProcessView

Packages

When replacing an existing package, the BuiltInFeedPush permission check will take into account the project scopes applied to that permission You can no longer get the delta signature of a package scoped to a project, while your BuiltInFeedDownload permission was scoped to a different project

Releases

Editing a release requires ProcessView and ProjectView Updating release variables requires ProjectView Viewing a release requires ProjectView Getting a release template requires ProcessView and LifecycleView Getting the release progression requires ProcessView and LifecycleView

Server Nodes

Octopus Server Nodes GET endpoints are accessible to authenticated users - they don’t require administrator access. Any modifications still required administrator access.

Tasks

Cancelling a task requires TaskView, and any permissions that would be required to create that type of task (for example, EnvironmentView or MachineEdit for AdHoc Script tasks) Re-running a task requires the same permissions as creating that task. You can now always view the raw task log if you have TaskView for that task and also TaskViewLog. Modifying a task’s state when that task is not a Deployment task now requires TaskEdit scoped to that task, instead of requiring unscoped TaskEdit

Tenants

Getting tenant variables requires ProjectView Getting missing variables for tenants requires LibraryVariableSetView Updating the sort order for tag sets requires TagSetEdit instead of TenantEdit

Users

Getting a list of users will always return at least one result (yourself), even if you lack the UserView permission

Release notes

These are the features and fixes you'll get by upgrading from 2019.1.11 to 2019.2.8.

Changes in Octopus Server 2019.2.8

  • 3748 - Fix for editing a release with a package that doesn't match channel rules
  • 5272 - Octopus Cloud Octopus Manager team doesn't have permissions to export users permission structure
  • 5404 - Fix for broken Project settings page if project was cloned from another project that's not available due to permission/deletion/migration
  • 5422 - Made the getting started guidance available to hosted customers and space managers
  • 5423 - Adding null checking around database upgrade script
  • 5425 - Docker acquisition script moved from Server to Calamari

Changes in Octopus Server 2019.2.7

  • 5285 - Added validation to ensure machine policy timeouts
  • 5407 - Added ability to supply additional arguments in Upgrade Helm Chart step
  • 5409 - Tags entered but not added are now auto-added when saving a tenant tag set
  • 5413 - Added the ability to filter by project and environment on the tenants overview
  • 5417 - Removed unnecessary Tenant Preview buton on Tenant Overview page
  • 5418 - Fix issue where side bar navigation was missing on the Create Subscription page
  • 5420 - Improved the processing speed of the auto-deploy triggers background process

Changes in Octopus Server 2019.2.6

  • 5410 - Fixed crash on node --drain command
  • 5411 - Fixed issue with subscription webhooks using wrong http header type
  • 5414 - Fixed startup issue for a subset of customers by a data consistency script in 2019.2.5

Changes in 2019.2.5 (release was disabled/hidden due to a bug found)

  • 4821 - Fixed issue where expired cron expressions for scheduled deployments were throwing exceptions
  • 4916 - Renamed 'Run a Helm Update' step to 'Upgrade Helm Chart'
  • 5140 - Fixed issue where worker health checks run for deployment targets instead
  • 5370 - Cleaned up callouts in Space Edit screen to improve UX
  • 5379 - fixes scoping for projects when a different project group is scoped on the user role
  • 5381 - Environment section text only shows up if there are environments created on that Octopus instance
  • 5387 - fixes project scoping for user roles when scoped to the projects' group
  • 5391 - fixes dashboard bug when accessing projects in a group the user doesn't have access to
  • 5400 - Added target name to Calamari/Tentacle upgrade task name
  • 5401 - Fix for permission errors when trying to view another users permissions if you do not have access in another space
  • 5405 - Improved cross document links for ScopedUserRoles to Teams and UserRoles in Audit

Changes in Octopus Server 2019.2.4

  • 5208 - Fixed an issue where guided failure does not fail a deployment on the first attempt
  • 5356 - Re-wording message that shows up when a task is suspended because the space queue was stopped
  • 5373 - Added client side input validation for retry attempts in external feeds
  • 5375 - Filter in Teams page should only render after all teams have loaded
  • 5380 - UsernamePassword authentication now accepts email address
  • 5383 - Fixed feed refresh button crashes in several built-in steps
  • 5392 - Sorted the output of show-configuration and the root api responder to make it easier to find things
  • 5393 - fixes an exception during some upgrades due to incorrect assumptions in the UserRole data model
  • 5396 - Migrator.exe no longer fails when importing snapshot VariableSet referencing deleted certificate
  • 5397 - Migrator now remaps deployment action worker pool ID when importing

Changes in Octopus Server 2019.2.3

  • 4243 - Cloning a project now copies all project settings correctly
  • 4349 - Reduce confusion around the select and deselect options for steps excluded from a deployment
  • 4685 - Fixed issue where the "new server version" notification was not appearing
  • 5322 - Fixed issue where Check Tentacle Health summary was not showing details when all targets ended up as HasWarnings or Unhealthy
  • 5357 - Modified the tooltip text for Space and System team chips to make it easier to understand
  • 5363 - Re-indexing the in-built package repository can now run on any node in a multi-node cluster
  • 5364 - Fixed an issue where users without TeamView could not view the configuration for a Space
  • 5366 - Allow deployment of raw YAML to K8S Cluster
  • 5367 - Corrected an issue where the certificate archive would show incorrect results when loading the second and subsequent pages
  • 5368 - Updated the Space Switcher to highlight the active Space
  • 5369 - Added a link to the Space Switcher to allow easy space creation
  • 5371 - Fixed a bug where you could not fetch artifacts for releases with a large number of deployments
  • 5374 - Fixed an issue where the AWS Account variable selector wasn't being displayed
  • 5377 - Allow collapsing environment variables for project variable templates when browsing project variables on a tenant
  • 5378 - Task Queue startup code handles now exceptions correctly

Changes in Octopus Server 2019.2.2

  • 2852 - Added warning to Sensitive text fields regarding ##{ characters escaping
  • 4373 - The environments drop down now updates when selecting a different channel on the variable preview
  • 5340 - No longer logging warnings when private keys are not available when doing a Service Fabric deployment
  • 5344 - UI adding a confirmation to all "Upgrade Tentacle/Calamari" bulk actions
  • 5345 - Resolved issue with HCL templates failing validation in Apply Terraform step
  • 5358 - Fixed "Object reference not set to an instance of an object" when calling /api/projects/all
  • 5359 - Invalid certificates already present before 2018.2.0 release may cause /api/certificates/all request to fail
  • 5362 - Fixed a bug where upgrading from old versions of Octopus (pre 3.15.0) would fail

Changes in Octopus Server 2019.2.1

  • 4897 - Add validation for drop down options for variable templates of type "select"
  • 5303 - 2100 SQL parameter limit hit when updating usages of step templates fixed
  • 5325 - Fixed the api/reporting/deployments/xml endpoint, a bug introduced in 2019.1.0
  • 5338 - Corrupt builtinrepositoryconfigurations-single configuration json column fixed
  • 5343 - Delete project error message does now display the teams blocking the deletion
  • 5346 - Automatic lifecycle promotion after automatic release creation works regardless of the permissions of the user that pushed the package, fixing an issue introduced in 2019.1.0
  • 5349 - Expose ephemeral storage requests and limits in K8S
  • 5351 - Using Tentacle Manager to configure a polling Tentacle does not authenticate with username/password has been fixed
  • 5352 - Fixed an issue where nodes with very long names would show StringTooLongException warnings in the log and were unable to elect a Leader node
  • 5354 - Improve user experience adding a worker when at license limit

Changes in Octopus Server 2019.1.11

  • 5332 - Fix for release promotion being blocked when user could not see complete set of environments that are part of the phases
  • 5334 - JSON formatted output broken by non-formatted message