From f1ace6bff51b0bcd5e27c120d6399541e50f14f7 Mon Sep 17 00:00:00 2001 From: Chad Wilson Date: Fri, 2 Feb 2024 23:44:44 +0800 Subject: [PATCH] Add 24.1.0 release notes --- .../release_notes/_release-24-1-0.md.erb | 113 ++++++++++++++++++ 1 file changed, 113 insertions(+) create mode 100644 source/partials/release_notes/_release-24-1-0.md.erb diff --git a/source/partials/release_notes/_release-24-1-0.md.erb b/source/partials/release_notes/_release-24-1-0.md.erb new file mode 100644 index 0000000000..76b84b9f44 --- /dev/null +++ b/source/partials/release_notes/_release-24-1-0.md.erb @@ -0,0 +1,113 @@ +This release is a maintenance and bug-fix release, although there are two __possibly breaking__ changes to be aware of. + +

Java 17 is now the minimum supported version

+ +Java 17 was released in September 2021, and has had support within GoCD since version 22.1.0, released two years ago +when it was packaged with both GoCD container images & installers (RPM, Debian, Windows, MacOS) by default. + +This has proven to be be very stable with no known issues. As such, we are now making Java 17 the minimum supported +version to reduce maintenance overhead. Note that as of early 2024 GoCD has not been officially validated against Java +21 LTS (or intermediary versions 18-20). + +The suggested upgrade path depends on the current versions of GoCD you are running. To ensure no downtime for your agents +other than the time to bounce/upgrade your GoCD server + +* Ensure your agents are running with Java 17 + * If you are running GoCD + +* If you are running agents on GoCD 22.1.0+ with Java 17 + * No special instructions, upgrade server and agent environments in any order. +* If you are running agents with Java < 17, and agent < 22.1.0 (21.4.0?) + * Server < 22.1.0 ? + * Server >= 22.1.0 ? +* If you are running agents with Java < 17, and/or server < 22.1.0 (21.4.0?) + * Server < 22.1.0 ? + * Server >= 22.1.0 ? +* If yo + +

Server Container image is now based on Wolfi OS

+ +The GoCD server container has always been based on a minimal Linux distribution, previously [Alpine Linux](https://alpinelinux.org/), +but from 24.1.0 has been switched to [Wolfi OS](https://github.com/wolfi-dev). Wolfi OS is a similarly minimal, +security-oriented (un)distro from the folks at [Chainguard](https://www.chainguard.dev/) which is +[optimized for supply-chain security](https://www.chainguard.dev/unchained/introducing-wolfi-the-first-linux-un-distro) - +and uses _glibc_, similar to most other distributions unlike the musl-based Alpine. + +Unfortunately, the use of Alpine has always posed difficulties due to its musl libc base. Most of the time this is an +irrelevant detail to users, however it has posed issues for GoCD packaging of Java runtime environments & providing aarch64 +availability for a variety of reasons stemming from GoCD's dependencies. While GoCD has applied relatively stable +workarounds to support Alpine, these are not recommended and have prevented providing a default GoCD server container +image for _aarch64_/_arm64_ architectures off-the-shelf. + +Wolfi uses the same `apk` package manager as Alpine, with conventional package names, and although packages cannot be +used across the two OSes, the transition should be easy for most folks. The image is now multi-architecture (`amd64`/`x64` and `aarch64`/`arm64`) +making it usable out-of-the-box within arm64 cloud instances and Apple Silicon Macs. + +If you build a child container from the [gocd-server container](https://hub.docker.com/r/gocd/gocd-server), from 24.1.0 +you will need to review your `Dockerfile` to check that +- any additional packages you need to install are [available for Wolfi](https://github.com/wolfi-dev/os). +- any pre-compiled binaries specifically compiled for musl are switched to glibc variants +packages will work just fine. + +There has previously been a non-officially documented multi-arch [server image based on CentOS Stream](https://hub.docker.com/r/gocd/gocd-server-centos-9), +which was the only option on `aarch64`. This will be __removed__, as it is unnecessary now we have a glibc-based image. +If you were using this, please switch back to `gocd/gocd-server` rather than `gocd/gocd-server-centos-*`. + +

Agent container image changes

+ +Matching the server change, a [Wolfi-based agent image](https://hub.docker.com/r/gocdexperimental/gocd-agent-wolfi/tags) is +now available. This will become the default recommended agent image for container-based elastic agents. + +The GoCD Alpine agent images will now become a _rolling_ distribution within the [gocd-agent-alpine](https://hub.docker.com/r/gocd/gocd-agent-alpine) +repository. This means that the repository will not change for each Alpine release (3.18, 3.19 etc) any longer. Alpine releases new +versions each 6 months while maintaining very good compatibility, and maintaining different repositories added unnecessary +maintenance overhead. Each GoCD release will be based on the latest compatible Alpine release, mirroring how [gocd-agent-docker-dind](https://hub.docker.com/r/gocd/gocd-agent-docker-dind) +has always been released. + +

Enhancements

+ +* <%= link_to_issue 12415, 'Change baseline to require Java 17 minimum' %>. +* <%= link_to_issue 12500, 'Replace Alpine with Wolfi as primary server container image, consolidating Alpine agent images' %>. +* <%= link_to_issue 12710, 'Bundle latest Java 17.0.11 release with non-Linux installers & containers' %> + +

Bug fixes

+ +* <%= link_to_issue 4011, 'RPM packages do not install on RHEL unless SELinux is disabled' %> +* <%= link_to_issue 12440, 'Installing Chromium on Alpine 3.18 gocd docker agent causes agent crash loop' %> +* <%= link_to_issue 12535, 'Improve performance of agents API responses and dashboard stage modal' %> +* <%= link_to_issue 12616, 'Improve performance when working with large numbers of server health warnings/errors' %> + +

Security fixes

+ +This release fixes [CVE-2024-28866](https://github.com/gocd/gocd/security/advisories/GHSA-q882-q6mm-mgvh), a theoretical +vulnerability which has not shown to be practically exploitable. Thank you to Aviv Keller ([RedYetiDev](https://github.com/RedYetiDev)) for +discovering and responsibly disclosing this issue. + +We regularly upgrade dependencies to mitigate known vulnerabilities from third party software (regardless of +whether they are known to affect GoCD), so upgrading to the latest release is always recommended from a security perspective. + +

APIs

+ +Improvements, deprecations and breaking changes in the API and plugin API have been moved to their respective changelogs +- <%= link_to_versioned_api '24.1.0','changes-in-24-1-0', 'API changelog for 24.1.0' %> and + <%= link_to_versioned_plugin_api '24.1.0','changes-in-gocd-24-1-0', 'Plugin API changelog for 24.1.0' %>. + +

Contributors

+ +<%= [ + "Aravind SV", + "Aviv Keller / RedYetiDev", + "Chad Wilson", + "brewpark", + "Matthias Kraaz", + "Tim Borrowdale", +].sort.uniq.join(', ') +%> + +

Note

+ +A more comprehensive list of changes for this release can be found <%= link_to_full_changelog 'here.', 'Release 24.1.0' %> + +Found a security issue that needs fixing? Please report it to <%= link_to 'https://hackerone.com/gocd', 'https://hackerone.com/gocd' %> + +Please report any issues that you observe on [GitHub issues](https://github.com/gocd/gocd/issues).