ISD 4.0.x Release Notes
Last updated
Was this helpful?
Last updated
Was this helpful?
Installation Guide:
OpsMx Enterprise Spinnaker Version 1.33.3
For more information on Spinnaker versions, see .
ISD is now enhanced to export telemetry data (metrics) in a vendor-neutral way (using OpenTelemetry) thus allowing it to support monitoring tools other than Prometheus (e.g. Datadog)
Apache Kafka support is added, in addition to the existing RabbitMQ as a message broker in ISD.
The option to disable the auto-pilot service is added.
Custom environment mapping based on pipeline names is supported in the Deployment Insights page.
The library packages have been updated to address critical security vulnerabilities. See the table below for reference:
Sl No
CVE
Package
Upgrade From
Upgrade To
Service Name
1
CVE-2021-22573
com.google.oauth-client:google-oauth-client
1.31.0
1.33.3
clouddriver, fiat, echo, igor, gate, rosco
2
CVE-2023-52428
com.nimbusds:nimbus-jose-jwt
7.9
9.37.2
clouddriver, fiat, echo, front 50, orca, halyard, gate
3
CVE-2023-3635
com.squareup.okio:okio, com.squareup.okio:okio-jvm
2.8.0
3.4.0, 1.17.6
clouddriver, igor, halyard, gate, rosco
4
CVE-2022-40151, CVE-2022-41966
com.thoughtworks.xstream:xstream
1.4.19
1.4.20
clouddriver, fiat, echo, front 50, orca, igor, gate, rosco
5
CVE-2023-1428, CVE-2023-32731
io.grpc:grpc-protobuf
1.45.1
1.53.0
clouddriver, fiat, echo, front 50, orca, igor,halyard, gate, rosco
6
CVE-2023-34054
io.projectreactor.netty:reactor-netty-core
1.1.9
1.1.13, 1.0.39
clouddriver, fiat, echo, front 50, orca, igor,halyard, gate, rosco
7
CVE-2023-34062
io.projectreactor.netty:reactor-netty-http
1.1.9
1.1.13, 1.0.39
clouddriver, fiat, echo, front 50, orca, igor,halyard, gate, rosco
8
CVE-2022-46751
org.apache.ivy:ivy
2.5.1
2.5.2
clouddriver
9
CVE-2023-31582
org.bitbucket.b_c:jose4j
0.9.2
0.9.3
clouddriver
10
CVE-2021-37714
org.jsoup:jsoup
1.10.3
1.14.2
clouddriver, echo, front 50, orca, igor,halyard, gate, rosco
11
CVE-2023-34455, CVE-2023-43642, CVE-2023-34453, CVE-2023-34454
org.xerial.snappy:snappy-java
1.1.8.4
1.1.10.1
isd-gate
12
CVE-2023-2976
com.google.guava:guava
32.0.0-android
32.0.0-jre
kork
13
CVE-2021-43618
gmp
1:6.1.2-10.el8
1:6.1.2-11.el8
gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo
14
CVE-2024-0553
gnutls
3.6.16-6.el8_7
3.6.16-8.el8_9
gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo
15
CVE-2023-2953
openldap
2.4.46-18.el8
2.4.46-19.el8_10
gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo
16
CVE-2022-48560,CVE-2024-6232
platform-python,python3-libs
3.6.8-67.el8_10
3.6.8-69.el8_10
gate,kayenta,orca,rosco,front50,fiat,igor,echo
17
CVE-2024-3651
python3-idna
2.5-5.el8
2.5-7.el8_10
gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo
18
CVE-2024-25062
python3-libxml2
2.9.7-16.el8_8.1
2.9.7-18.el8_10.1
gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo
19
CVE-2023-43804
python3-urllib3
1.24.2-5.el8
1.24.2-5.el8_9.2
gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo
20
CVE-2023-7104
sqlite-libs
3.26.0-18.el8_8
3.26.0-19.el8_9
gate,kayenta,orca,rosco,front50,fiat,clouddriver,igor,echo
The following issue are fixed in this release:
The Bake Stage fails when multiple pipelines are executed simultaneously, causing pipeline execution issues.
In the Audit page, the search functionality takes too long to respond and the error bar is displayed multiple times.
Timeout errors occur in platforms when using secured Redis with TLS.
Occurrence of IndexOutOfBounds Exceptions in the audit service page are handled.
The following fixes have been made in the Environment Mapping page:
Unable to add an environment using the Bulk Import option.
Unable to save environment names if the account name and namespace are the same.
When attempting to import data when it's not available, an incorrect message is displayed.
The search feature is not working as expected and displays wrong data.
OpsMx Enterprise Spinnaker Version 1.33.3
Deployments Insights - A new insights page named Deployments is introduced in this release. This captures two graphs namely;
Change Lead Time - that shows the time duration between two deployments of a change over a period of time.
No. of Successful Deployments that shows the number of successful deployments (to any environment) over a period of time.
OPA FailOpen Feature - Fail-open feature is added in the OPA plugin to identify the criticality of the OPA server when escalated to avoid bypassing the need for OPA response during OPA server connectivity issues or OOM errors.
The license key for Fusion charts is renewed and updated in the UI.
ISD is now able to consume Spinnaker events via webhook and publish that to audit service via RabbitMQ.
The library packages have been updated to address critical security vulnerabilities. See the table below for reference:
Sl. No
CVE
Package
Upgraded from Version
Upgraded to Version
Services
1
CVE-2023-29824 CVE-2022-29361
Werkzeug
2.0.1
2.1.1
datascience
2
CVE-2023-29824 CVE-2022-29361
scipy
1.5.4
1.8.0
datascience
3
CVE-2022-23806
CVE-2024-24790
KUBECTL_VERSION
v1.22.0
v1.31.0
halyard
4
CVE-2019-12900
bzip2-libs
1.0.6-26.el8
1.0.6-27.el8_10
clouddriver, deck, rosco,kayenta,igor,gate, front50,fiat,echo, orca
5
CVE-2018-12699
binutils
2.30-123.el8
halyard
The following issue are fixed in this release:
GCR Docker Registry’s Accounts' tags and organization fail to load in the UI.
No data is visible on the Insights page when Spinnaker is not connected.
Installation Guide:
OpsMx Enterprise Spinnaker Version 1.33.3
OPA policy is enhanced to restrict the users from deleting the applications.
Collapse button is added to the bottom of the side navigation in all the pages.
SSH keys authentication option is added to the GitHub integration page.
The following issues are fixed in this release:
Verification gate log analysis is not working for Datadog Integration.
Unable to generate metrics for oes-gate using Datadog.
Pipeline configurations having large green circles are being replaced with ? during pipeline updates.
ISD Group Listing Mechanism should restrict the view of unwanted groups.
Search functionality in the User Audit page is not working.
Less than symbol (<) is showing besides the OpsMx icon in the home page.
For pipelines with higher number of stages, the Spinnaker UI becomes unresponsive when clicked on the pipeline configuration.
For some applications when the number of stages is more, clicking on the pipeline executions throws an error in the Spinnaker UI.
OpsMx Enterprise Spinnaker Version 1.30.1 (Non CVE)
ISD UI displays the Spinnaker version.
The following issues are fixed in this release:
Webhook trigger is not working with non CVE OES.
The Spinnaker applications do not sync with ISD when the application description is longer than 255 characters.
OpsMx Enterprise Spinnaker Version 1.30.1
User Insights - New page named user insights is added to the Insights tab. This page gives a summary of all the user activities such as Active Users, Count Of Users Triggered Pipelines, Failed Login Attempts, Count of Entities That Triggered Pipelines and Top Apps By Pipeline Executions.
ISD CVEs are reduced. A total of 63 critical and 142 high CVEs are fixed.
A new panel named Pipeline Success Rate, to calculate the success rate of a pipeline is added in the pipeline insights page.
The Slowest Pipelines and Fastest Pipelines panels are removed from the pipeline insights page.
The ability to enable or disable the insights pages through configuration changes is added.
CVEs are reduced for Spinnaker 1.30.1
The following issue is fixed in this release:
Sapor gate failing with dependency on ISD services is fixed.
OpsMx Enterprise Spinnaker Version 1.30.1
Enhanced Insights - New insights charts for pipeline levels and stage levels have been added under the Insights tab. The redesigned insights allow for customizations to the Insights pages, including the ability to modify the dashboard by adding, removing, or editing panels.
Monitoring Multiple Spinnakers in one ISD - The Application Dashboard, Audit and Insights pages are upgraded to show data from multiple Spinnakers.
Introduced a Custom Date filter option for audit pages, enabling users to narrow down audit events within their desired date range.
Rolling Restart, previously available as a deployment action on the infrastructure page, is now also accessible as a dedicated pipeline stage. This enhancement empowers users to restart their deployments seamlessly using pipelines.
OpsMx Enterprise for Spinnaker (OES) version 1.30.1 brings significant improvements in security by reducing the number of Common Vulnerabilities and Exposures (CVEs).
Following are the issues fixed in this release:
Users page (under Audit) now shows Last Session Duration for ACTIVE, AWAY and INACTIVE users.
OES based on OSS Spinnaker Version 1.30.1
User Audit : A new page has been added under the audit menu that displays a list of all the users along with their current status and last login information.
User Info: A new user info menu has been added that displays the user information along with the list of user’s roles and cloud accounts they have access to.
The pipeline audit page now includes a new column named Modifications that displays the details of any changes made to the pipeline.
The ability to search (search box) has been added to the User Role and Feature Visibility pages.
Users can now resize the column widths of all the tables across all the ISD pages.
Following are the issues fixed in this release:
The artefacts on the pipeline audit page does not have the version/tag.
Clicking on approval/verification/policy evaluation should open the corresponding stage execution. Note : This issue was fixed in previous release 4.0.4 with a limitation that required data migration to fix affected pipelines. This limitation is now addressed.
Various ISD pages that involve search box functionality displayed filtered data even after navigating away from the page and returning back to the page.
Connectors on the approval page should be displayed in the same order as configured by the user.
The pipeline create/update timestamp is not populated in the csv files that are downloaded from the Pipeline Audit page.
OES based on OSS Spinnaker Version 1.30.1
Pipeline level RBAC restrictions are now feature flag enabled, meaning, the users can decide whether to enable RBAC for pipelines during installation by enabling/disabling this feature flag.
Sorting option is introduced in the Approvals and Verification History page.
For Automated Approval, the Approver Group is not mandatory now.
Added support to display deployments through Jenkins deploy stage.
In the Approval Gate Configuration tab, the integrator JFROG is renamed to JFROG X-ray scanning.
templatePath is made an optional field for the PubSub integrator in the integrations page.
Basic authentication type for Bitbucket cloud is removed as Spinnaker no longer supports it.
Connectors are made optional to be added while creating the approval gate.
Enhanced help texts.
UI enhancements on different pages.
Following are the issues fixed in this release:
Adding Jenkins integrations through the integration page was failing.
Overall result computation when the computed score is equal to marginal score is wrong.
Disable OpsMx hyperlink to the website in the home page.
Deployment history should show all deployments (including records shown under current deployment).
The corresponding stage execution should open upon clicking on approval/verification/policy evaluation.
OES based on OSS Spinnaker Version 1.28.4
Validation: The option to skip validation while configuring an integration (Spinnaker Integrations and Cloud Targets) is added.
Pipeline Template: The option to create pipelines using Pipeline Template within ISD Gates.
Data Retention Policy: Data retention policy (Periodic cleanup of historic data in ISD DB) is implemented and enforced.
The pipeline builder menu is removed. All pipeline builder functionalities are integrated in the pipeline status page.
Policy Configuration in the pipeline displays a short description along with the name of the policy.
The pipeline audit is enhanced to capture the complete list of approvers along with the stage name and time of approval
Reviewer information of multiple manual judgement stages is added.
Following are the issues fixed in this release:
Performance improvements to overcome ISD page loading issues.
Missing of cluster information in the verification report page.
Termination of Pipeline when two or more approval gates are created with the same name.
Requiring manual resave of policies when OPA pod is restarted.
Ability to fetch usage metrics from an ISD instance.
OES based on OSS Spinnaker Version 1.28.4
Expanded Dynamic Account Support: Create and modify AWS EC2 and AWS ECS accounts dynamically without having restart halyard service.
Restrict Target (Omit) Namespaces: Ability to restrict users from deploying to a list of namespaces on each cloud target.
Observability-Plugin Support: Added support for observability-plugin that allows monitoring tools using OpenMetrics integration to work without the Spinnaker monitoring daemon.
Restart ServerGroups Support: Added the ability to restart ServerGroups from the application’s infrastructure view.
Following are the issues fixed in this release:
Pipeline or stage name containing spaces causes error while executing the pipeline.
Unable to load the user groups when pipeline RBAC is enabled.
Edit application attributes button missing from the application configuration page.
Fixed sorting issue on the policy audit and pipeline execution audit page.
OES based on OSS Spinnaker Version 1.28.1
Following issue fixed in this release:
Security fix: ISD will encrypt the JSON files and store them as a Kubernetes secret for Spinnaker to access the GCP account.
OES based on OSS Spinnaker Version 1.28.1
Following are the issues fixed in this release:
Mismatch in deployment history and deployment count
UI changes for Azure cloud provider integration
User is redirected to the pipeline status page after the last pipeline execution
UI enhancements on the AWS Deployment Server Group action tab
Generic git repo integration not working for providers other than GitHub
OES based on OSS Spinnaker Version 1.28.1
Following are the issues fixed in this release:
Mismatch in the currently logged-in users table in Usage insights.
Displaying help text properly in a browser with low resolution.
The user is not able to configure the Spinnaker pipeline from the pipeline status page.
The user is not able to trigger multiple approvals, verification, and policy gates with the same name in a single pipeline.
Resolved critical CVEs for the autopilot services.
OES based on OSS Spinnaker Version 1.27.0
A new enhanced developer workflow that allows the user to seamlessly create and deploy applications.
A new enhanced application dashboard that allows the user to manage applications, monitor and takes actions on alerts such as pipeline failures, verification failures, policy violations, and pending approvals.
Ability to start new deployments directly from the application dashboard.
New Application Specific Dashboard that allows the user to manage services, pipelines, deployments, and intelligent gates for an application.
Ability to view cluster, number of instances, and sync status on the deployments page.
Following are the issues fixed in this release:
In the Delivery Insights, a mismatch in pipeline allows the user to manage applications, monitor and take
For a large number of applications, performance has improved with summary boxes in the application dashboard.
Audit event data storage has been optimized.
Unable to activate two approval gates simultaneously.
Gateway timeout error with SAML environment resolved.
Refer to the below link for the detailed instructions for Agent Installation.
ISD can be upgraded to 2024.12.00 from version 2024.06.00 or later versions. The upgrade instructions can be found .
Installation Guide:
For more information on Spinnaker versions, see .
For upgraded Spinnaker packages, refer
ISD can be upgraded to 2024.12.00 from version 2024.06.00 or later versions. The upgrade instructions can be found .
The Spinnaker version is upgraded from v1.30.1 to v1.33.3. For more information on Spinnaker versions, see .
ISD can be upgraded to 2024.06.00 from version 4.0.3.1 or later versions. The upgrade instructions can be found .
Installation Guide:
Users can upgrade the ISD v4.0.3.1 to ISD v4.0.4.3. The upgrade instructions can be found .
Installation Guide:
Users can upgrade the ISD v4.0.4.1 to ISD v4.0.4.2. The upgrade instructions can be found .
Installation Guide:
Users can upgrade the ISD v4.0.3.1 or ISD v4.0.4 to ISD v4.0.4.1. The upgrade instructions can be found .
Installation Guide:
Users can upgrade the ISD v3.12.x to ISD v4.0.3. The upgrade instructions can be found .
Users can upgrade the ISD v4.0.3.1 to ISD v4.0.4 The upgrade instructions can be found .
Installation Guide:
Users can upgrade the ISD v3.12.x to ISD v4.0.3. The upgrade instructions can be found .
Users can upgrade the ISD v4.0.3 to ISD v4.0.3.1 The upgrade instructions can be found .
Installation Guide:
Users can upgrade the ISD v3.12.x to ISD v4.0.3. The upgrade instructions can be found .
Users can upgrade the ISD v4.0.2 to ISD v4.0.3. The upgrade instructions can be found .
Installation Guide:
Installation Guide:
: ISD has the ability to control Read, Write and Edit access to pipelines for a specific user or user groups.
New Custom Stage for : Ability to perform Ansible AWX configuration management tasks as part of ISD pipelines.
Upgrade instructions: Users can upgrade the ISD v3.12.x to ISD v4.0.2. The upgrade instructions can be found . Users can upgrade the ISD v4.0.1 to ISD v4.0.2. The upgrade instructions can be found .
Installation Guide:
Upgrade Scripts and Config Changes: No upgrade script changes from ISD4.0 to 4.0.1. upgrade instructions, script file, and config changes can be used for upgrading ISD 3.12.x to 4.0.x.
Installation Guide:
Upgrade Scripts and Config Changes: Users can upgrade the ISD v3.12.x to ISD v4.0. The upgrade instructions, Script file, and Config changes can be found .
