Before Upgrading
See the CircleCI server 4.2 release notes for upgrade notes for this release.
When upgrading from server v3.x you will need to install v4.0 before installing this version.
From server v4.2, CircleCI server auto-generates some secrets if they are not present in the Kubernetes namespace. If you are upgrading from v4.1.x to 4.2, and you have managed Kubernetes secrets yourself, you will need to follow the steps outlined in the CircleCI server 4.2 upgrade guide to ensure the system knows some secrets already exist.
What’s New in Release 4.2.0
New Features
- Config policies now available as a preview on server. Use config policies to create organization-level policies to impose rules and scopes to govern which configuration elements are required, allowed, not allowed etc. See the Config policies overview for guidance on setting up config policies. To use config policies CLI commands with server v4.2, append all commands shown in the docs with
--policy-base-url https://<CIRCLECI-SERVER-DOMAIN>.com
- You can now find your current server version by running:
curl http(s)://<CIRCLECI-SERVER-DOMAIN>/version
- The 2xlarge+ resource class (32 vCPUs, 64 GB RAM) is now available for use with the Linux VM execution environment
Changes
- Introduced the ability to disable the org-level concurrency limit in
distributor
. For more information, see the docs - By default, Server 4.2 auto-generates some secrets. If you wish to manage these secrets yourself, you should create these secrets (if not done already) and ensure Helm is aware so that auto-generation is skipped. See the CircleCI server 4.2 upgrade guide for steps.
- RabbitMQ version upgraded from 8.6.4 to 11.15.1.
New Services
The following new services are introduced in this release.
- policy-service
Database Migrations
The following databases will run migrations when upgrading to this version
- builds_service
- cron_service_production
- domain
- insights
- permissions
- conductor_production
Fixes
- Patched various security vulnerabilities.
Known Issues
- Vault may not refresh its client token after a month of uptime.
- Retry with SSH for jobs using the machine executor advertises a private IP address. For this reason, retry with SSH for jobs using the machine executor works as standard for public installations, but for private installs you would need to ensure that you can access the private IP advertised. For example, by using a VPN into your VPC.
- CircleCI 1.0 builds are not supported. If an attempt is made to run a 1.0 build, no feedback will be available in the application to indicate the cause of the issue. If a build is run on your installation and does not show up in the CircleCI application, users should be directed to use the CircleCI CLI to validate the project configuration and get details of the possible cause of the issue.
To learn more about Server 4.2 installation, migration, or operations please see our documentation.