Platform release notes
These release notes describe recent changes to Harness Platform.
- Progressive deployment: Harness deploys changes to Harness SaaS clusters on a progressive basis. This means that the features described in these release notes may not be immediately available in your cluster. To identify the cluster that hosts your account, go to your Account Overview page in Harness. In the new UI, go to Account Settings, Account Details, General, Account Details, and then Platform Service Versions.
- Security advisories: Harness publishes security advisories for every release. Go to the Harness Trust Center to request access to the security advisories.
- More release notes: Go to Harness Release Notes to explore all Harness release notes, including module, delegate, Self-Managed Enterprise Edition, and FirstGen release notes.
Important feature change notice
This is a notification for a feature change aimed at enhancing your experience with Harness. Here's what you need to know:
-
Harness uses connectors to external secret managers (e.g. Google Secret Manager or Hashicorp Vault) to resolve/store secrets used by pipelines and elsewhere in the Harness platform. External secret manager connectors require configuration, including a means to authenticate to the external Secret Manager. On December 11, 2023, Harness added a restriction that users can only use Harness Built-in Secret Manager to store authentication credentials for access to the corresponding Secret Manager.
-
Continuity Assured: There is no impact on your existing pipelines. They remain compatible with the way secrets were referenced before this feature change. Note that this includes using an external secret manager other than the Harness Built-in Secret Manager to store the authentication secret.
Why did Harness make this change?
Our previous setup allowed configurations where credentials from one secret manager were stored within another, resulting in complexities that could be challenging to navigate. Moreover, these configurations might introduce vulnerabilities, posing potential security risks. For example, in a recent incident, our thread pool designated for secret manager resolution was exhausted.
Moving forward, we've implemented several validations, such as the disabling of self-references. Furthermore, with the introduction of the aforementioned restriction on secret managers, configurations is simpler to comprehend and maintain. This change aims to streamline the process, enhancing clarity and reducing potential security vulnerabilities.
Below is further explanation for each type of secret manager Harness currently supports and the changes associated with it.
-
Harness supports three authentication methods for AWS Key Management Service (KMS) and AWS Secrets Manager:
-
AWS Access Key: Access Key Id, Secrets Access Key, and AWS ARN need to be stored in Harness Built-in Secret Manager.
-
Assume IAM role on delegate: AWS ARN must be stored in Harness Built-in Secret Manager.
-
Assume Role using STS on delegate: AWS ARN must be stored in Harness Built-in Secret Manager.
-
-
Harness supports the following five authentication methods for Hashicorp Vault:
- AppRole secret IDs must be stored in the Harness Built-in Secret Manager.
- Token secret IDs must be stored in the Harness Built-in Secret Manager.
- AWS Auth secret IDs must be stored in the Harness Built-in Secret Manager.
- Vault Agent: Secret storage is not required in the Harness Built-in Secret Manager.
- Kubernetes Auth: Secret storage is not required in the Harness Built-in Secret Manager.
-
Harness supports two authentication methods for Azure Key Vault:
- With the credentials option, the Azure Authentication key must be stored in the Harness Built-in Secret Manager.
- With the credentials of a specific Harness Delegate option, secret storage is not required in Harness Built-in Secret Manager.
-
Harness supports only one authentication method for GCP Key Management Service, for which the GCP KMS Credentials file must be stored in the Harness Built-in Secret Manager.
-
Harness supports two authentication methods for GCP Secrets Manager:
- With the credentials option, the Google Secrets Manager Credentials File must be stored in the Harness Built-in Secret Manager.
- With the credentials of a specific Harness Delegate option, secret storage is not required in Harness Built-in Secret Manager.
-
For Custom Secrets Manager, if any secret is needed in the template as a variable, then it can only be stored in the Harness Built-in Secret Manager.
Deprecation notice
The following deprecated API endpoints are longer supported:
- [GET | PUT | POST | DELETE] api/resourcegroup/{identifier}
- POST api/resourcegroup/filter
- GET api/resourcegroup
April 2024
Version 1.31.4
Fixed issues
-
Fixed an issue where the Delegate Selector dropdown wasn't populating delegates when roles were configured with specific delegates instead of all. (PL-48292, ZD-59504)
-
Fixed an issue where the scope was derived from the open URL instead of the WinRM Secret's scope when editing WinRM secrets through a reference component, causing secret edits to fail. Scope details are now picked up from the WinRM secret being edited. (PL-48323)
March 2024
Version 1.30.7
New features and enhancements
-
harness-ingress-controller
arguments are now configurable through overrides. (PL-46366, ZD-55035)They can be controlled by the following YAML configuration.
nginx:
controller:
watchNamespace: ""
updateStatus: true
httpPort: 8080
httpsPort: 8443
watchIngressWithoutClass: true
defaultSSLCertificate: ""
configMap: ""
defaultBackendService: ""
publishService: ""
electionId: ""
controllerClass: ""-
You can provide any extra arguments like this:
nginx:
controller:
extraCommandArgs:
- --argument=example-argument -
Ingress controller can now be deployed with a
ClusterRole
:nginx:
clusterRole:
create: true
-
-
In the recent update to
ng-manager
version 1.28.0, we have implemented enhancements to the validation mechanism for secret identifiers. We now provide more flexibility and precision in validating secret identifiers, particularly regarding hyphen usage. While previously disallowed, secret identifiers can now contain hyphens. However, there are specific rules governing their usage. Hyphens are now permitted anywhere in the secret identifier, including at the end of the string. The updated validation allows for multiple occurrences of hyphens within the secret identifier. Secret identifiers cannot start with a hyphen, following best practices. This item requires Harness Delegate version 24.03.82600. For information about Harness Delegate features that require a specific delegate version, go to the Delegate release notes. (PL-46959)
Fixed issues
-
The delegate metrics endpoint
/api/metrics
had its content type set asapplication/json
, causing scraping issues with certain versions of Prometheus due to content type incompatibility. Attempts to switch to text/plain resulted in a 406 response code. We have revised the endpoint to deliver metrics inplainText
. You can now specify the desired content formatplainText
orJSON
by setting the "Accept" header in your request, ensuring broader compatibility with different Prometheus versions. This item requires Harness Delegate version 24.03.82600. For information about Harness Delegate features that require a specific delegate version, go to the Delegate release notes. (PL-46976, ZD-57489) -
Actions to create, edit, or delete Streaming Destinations were not being recorded in Audit Trails. This issue has been fixed, and these actions are now correctly captured in Audit Trails. (PL-47910)
Version 1.29.6
Fixed issues
-
Upgrade attempts from Harness Helm Chart 0.13.4 to 0.14.0 or 0.14.1 resulted in change-data-capture pod failures. We have resolved the initialization issue with the change-data-capture pod, which stemmed from the fileLogging parameters. (PL-47993)
-
In the old Git sync flow, the system failed to fetch connector details because the
branch
andyamlGitRef
attributes were not included in the query process after the method was changed to utilize scope uniqueId and identifier. We have updated the system to account for thebranch
andyamlGitRef
parameters, ensuring connector details now load correctly. (PL-47942, ZD-58953, ZD-59089) -
The user aggregate API did not support selected view permissions, leading to errors when a user was granted view permission for specific user groups due to the lack of permissions on the
USERGROUP
resource as a whole. We have resolved this issue by allowing users to be granted view permissions for selected user groups. Now, only those user groups specified will be visible to the user. (PL-31279)
Version 1.28.11
New features and enhancements
-
You can now add multiple emails to User Group notifications. This support allows you to include Harness Users or add emails separated by commas. (PL-46480)
-
The UI has been updated to include an HTTP Event Collector (HEC) Auth Token option in the Splunk Connector, allowing users to select HEC-type authentication. (PL-46977)
-
Upgraded
org.eclipse.jetty.*
from v9.4.53.v20231009 to 9.4.54.v20240208. (PL-47854) -
The delegate list page now shows the latest delegate version beside the New Delegate button. This will help you compare your delegate version with the latest supported delegate version. This item is available with Harness Platform version 1.28.11 and does not require a new delegate version. For information about Harness Delegate features that require a specific delegate version, go to the Delegate release notes. (PL-47049)
-
OPA policy enforcement has been introduced to three new entities, namely Service Accounts, API Keys, and Tokens. For Service Accounts and API Keys, naming convention policies are enforced, while for Tokens, Time-To-Live (TTL) policies are enforced. These enforcement mechanisms are seamlessly integrated into both create and update operations, ensuring adherence to predefined standards during the onSave action. (PL-41877)
-
Introduced separate environment variables to manage delegate resource thresholds for CPU and Memory when dynamic handling is enabled. Use
CPU_USAGE_THRESHOLD
for CPU control (default: no limit). UseMEMORY_USAGE_THRESHOLD
for memory control (default: 80%). If you are usingRESOURCE_USAGE_THRESHOLD
(deprecated), it exclusively controls the memory threshold. This item requires Harness Delegate version 24.03.82502. For information about Harness Delegate features that require a specific delegate version, go to the Delegate release notes. (PL-47746) -
OPA policy enforcement has been introduced to three new entities: Service Accounts, API Keys, and Tokens. For Service Accounts and API Keys, naming convention policies are enforced, while for Tokens, Time-To-Live (TTL) policies are enforced. These enforcement mechanisms are seamlessly integrated into both create and update operations, ensuring adherence to predefined standards during the
onSave
action. This item requires Harness Delegate version 24.03.82502. For information about Harness Delegate features that require a specific delegate version, go to the Delegate release notes. (PL-46778) -
Support added to enable OPA policy for naming convention enforcement while creating or updating a service account. This item requires Harness Delegate version 24.03.82502. For information about Harness Delegate features that require a specific delegate version, go to the Delegate release notes. (PL-46777)
Fixed issues
-
Delegate logs were unavailable due to the system not automatically switching to app.harness.io as the remote logging service when GCP was blocked by a firewall. The auto-switching mechanism for the remote logging destination is fixed, ensuring accessibility to delegate logs when GCP is blocked by a firewall. This item is available with Harness Platform version 1.28.11 and does not require a new delegate version. For information about Harness Delegate features that require a specific delegate version, go to the Delegate release notes. (PL-46958, ZD-57844)
-
Perpetual tasks experienced significant delays in reassignment after the current delegate was shut down. We have addressed the issue of prolonged delays in perpetual task reassignment following delegate shutdowns by increasing the frequency of cron jobs that reset the perpetual task state for reassignment. This item is available with Harness Platform version 1.28.11 and does not require a new delegate version. For information about Harness Delegate features that require a specific delegate version, go to the Delegate release notes. (PL-47781, ZD-58497, ZD-58522, ZD-58650)
-
Fixed the issue that allowed the creation of user Personal Access Tokens (PATs) at the organization and project scope via API, ensuring consistent listing and management in the UI. PATs can only be created at the account scope. (PL-47558)
-
Attempts to use the
harness_platform_user
resource to create or delete users resulted in an error. The message "Request failed as you have an older version of an entity, please reload the page and try again" was displayed and the Terraform state went out of sync with Harness. This issue has been fixed. This item requires Harness Delegate version 24.03.82502. For information about Harness Delegate features that require a specific delegate version, go to the Delegate release notes. (PL-39870, ZD-47107)
Version 1.27.10
New features and enhancements
-
Support added to enable OPA policy for TTL enforcement while creating or updating an API Key Token. (PL-46779)
-
Invitation emails now include the inviter's username and email address, enhancing clarity for recipients. (PL-47694)
Additionally, the name of the account to which the user is being added is now specified in the invite, providing better context for the invitation.
Fixed issues
-
After adding users to an Azure AD group, which then propagated to Harness, not all users were reflected in the "All Account Users" and "Harness Prod Users" user groups. The "Harness Prod Users" group, tied to SCIM, did not automatically include all newly created users in Harness, affecting the Harness STO module go-live. (PL-47669, ZD-55559, ZD-57091, ZD-58412, ZD-58486)
We have fixed this issue with concurrent updates to user groups during user synchronization through SCIM, ensuring complete sync of all users in user groups from Azure AD to Harness.
February 2024
Version 1.26.14
Fixed issues
-
Creating or updating a project with an org identifier absent in the account used to throw error code: 500. (PL-47059, ZD-58093)
Now, the UI displays the following improved error message if the provided org identifier is absent:
Organisation with identifier "OrgId" does not exist in accountIdentifier: "accountId"
. -
The retry interval for attempting to create or read secrets from HashiCorp Vault was fixed at 1 second after each failure. (PL-46595, ZD-57053)
The retry interval has now been modified to increase by a factor of 2 times the number of failures. Consequently, after the first failure, the second attempt will occur after a 2-second delay, and the third attempt will be made after a 4-second delay, enhancing the robustness of secret management operations.
This item requires Harness Delegate version 24.02.82402. For information about Harness Delegate features that require a specific delegate version, go to the Delegate release notes.
-
When linking an SSO group with over 1,000 users, only 1,000 users were syncing in Harness due to a limitation with LDAP groups syncing. (PL-46492, ZD-56741)
Implemented LDAP to perform paginated queries by default for large groups, with a fallback to non-paginated calls, ensuring complete user synchronisation.
This item requires Harness Delegate version 24.02.82402. For information about Harness Delegate features that require a specific delegate version, go to the Delegate release notes.
-
Pipelines were failing due to errors related to the inability to acquire delegate tasks. (PL-42600, ZD-54025, ZD-54324)
The logic for calculating CPU and Memory usage has been improved, specifically for scenarios utilizing the dynamic task request handling feature in delegates, enhancing the reliability of task allocation and pipeline execution.
This item requires Harness Delegate version 24.02.82402. For information about Harness Delegate features that require a specific delegate version, go to the Delegate release notes.
Version 1.25.5
New features and enhancements
-
Harness has updated the default HPA in the Harness Delegate YAML to use
autoscaling/v2
instead ofautoscaling/v1
which was used in earlier delegate versions. (PL-43686)With this update, the delegate default scaling metrics are now 70% of CPU and 70% of memory utilization.
---
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: kubernetes-delegate-hpa
namespace: harness-delegate-ng
labels:
harness.io/name: kubernetes-delegate
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: kubernetes-delegate
minReplicas: 1
maxReplicas: 1
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 70
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: 70
---Since
autoscaling/v2
has been GA with Kubernetes 1.23 and higher, if you have a Kubernetes version lower than 1.23, you must manually change theapiVersion
in theHorizontalPodAutoscaler
of your delegate YAML toautoscaling/v1
.For more information, go to Configure Harness Delegate autoscaling using replicas for Kubernetes.
This update only affects new delegate installations. Your existing, running delegates are not affected.
-
Added ability to write delegate logs in JSON format using logstash-logback-encoder library. This can be useful if logs are injected into third party services like DataDog which works better with JSON format. (PL-43525)
This item is available with Harness Platform version 1.25.5 and does not require a new delegate version. For information about Harness Delegate features that require a specific delegate version, go to the Delegate release notes.
-
Enhanced the
override-delegate-tag
API documentation to include details onvalidForDays
andvalidTillNextRelease
parameters. Additionally, the default value forvalidForDays
has been updated to 180 days, extending from the previous 30 days. For more information, go to Override delegate image tag in the API documentation. (PL-46879)This item is available with Harness Platform version 1.25.5 and does not require a new delegate version. For information about Harness Delegate features that require a specific delegate version, go to the Delegate release notes.
Fixed issues
-
Errors occurred when creating a connector with an identifier (Account, Organization, or Project Identifier) that did not exist, displaying a generic "something went wrong, please contact Harness Support" message. (PL-46909, ZD-57678)
The code has been updated to provide accurate error messages and the current status code when the provided identifiers are incorrect or absent, enhancing clarity and user guidance.
-
Delegates were restarting in the middle of execution, disrupting ongoing tasks. (PL-46793)
Implemented a fix to wait for the task response to complete before marking it as expired or failed during the delegate's unregistering process, preventing premature restarts.
This item is available with Harness Platform version 1.25.5 and does not require a new delegate version. For information about Harness Delegate features that require a specific delegate version, go to the Delegate release notes.
-
API keys created using the harness_platform_apikey Terraform provider were expiring even when no expiration date was set. (PL-43308)
You can now view the API key expiration date at the top of the API Key table on the user profile page. Additionally, for API key’s tokens where the expiration was intended to be set as No Expiration, you can see the default expiration date, clarifying the token's validity period.
Version 1.24.7
New features and enhancements
-
You can now enable file logging for supported services through override in Harness Self-Managed Enterprise Edition (On-prem) installations. (PL-44211)
To enable file logging, add the following to your
override.yaml
file in theglobal
section:global:
fileLogging:
enabled: true
logFilename: /opt/harness/logs/pod.log #provide log filename
maxFileSize: 50MB #max single file size, for log archiving
maxBackupFileCount: 10 #max count of files
totalFileSizeCap: 1GB -
Added support for encrypted assertions in the SAML response. (PL-43353)
-
Added support for selecting the environment in the manual credentials option while creating an Azure key vault connector. (PL-46485)
Fixed issues
-
The authentication mechanism of a secret manager couldn't be changed from a non-password-based to a password-based mechanism due to a bug in the secret manager update API. (PL-46657)
This issue has been fixed, enabling the modification of the authentication mechanism for secret managers to a password-based mechanism.
-
Git connectors worked intermittently and failed with a
Please provide valid git repository url Provided repo url is invalid. Invalid request: Couldn't connect to given repo
error message. (PL-43598, ZD-55236)This issue has been resolved. Now, if there are multiple connectors whose secrets are stored in a secret manager connector, when you update the connector's secret, Harness updates the PPTs of all the linked connectors, along with the secret manager connector.
This item is available with Harness Platform version 1.24.7 and does not require a new delegate version. For information about Harness Delegate features that require a specific delegate version, go to the Delegate release notes.
-
When linking an SSO group with over 1,000 users, only 1,000 users were syncing in Harness due to a limitation with LDAP groups syncing. (PL-46492, ZD-56741)
Implemented LDAP to perform paginated queries by default for large groups, with a fallback to non-paginated calls, ensuring complete user synchronization.
Version 1.23.5
New features and enhancements
-
You can now hide sensitive log information in the Harness UI based on regular expression patterns. (PL-46531, ZD-56849)
For more information, go to hide log information using regex patterns.
This item requires Harness Delegate version 24.01.82110 or later. For information about features that require a specific delegate version, go to the Delegate release notes.
Fixed issues
-
The
helm-init-container
images lacked a versioned tag and the pull policy forwaitForInitContainers
was not configurable. This led to the usage of unstable images in some places, which were not updated to the stable image because of the cached image with the same tag and image digest. (PL-46444)This has been resolved by adding configuration options for image, resources, and security, which can be controlled at global and service levels in the overrides and the versioned image of
helm-init-container
is now being used. The image pull policy is also set toAlways
as the default.
January 2024
Version 1.22.3
New features and enhancements
-
Removed the unused
org.redisson:redisson
library dependency from the delegate. (PL-42485, ZD-53588, ZD-53760) -
Deletion of SCIM-managed user groups was not allowed. (PL-39439, ZD-53340)
You can now delete SCIM-managed user groups via the delete API for user groups.
infoHarness does not currently support the ability to delete SCIM-managed user groups in the UI.
Fixed issues
-
K8S_WATCH
perpetual tasks remainedTASK_ASSIGNED
despite being assigned to non-existent delegates. (PL-43973)This issue was fixed by implementing a CronJob to reset perpetual tasks associated with invalid delegates, ensuring proper handling of Kubernetes events.
This item is available with Harness Platform version 1.22.3 and does not require a new delegate version. For information about Harness Delegate features that require a specific delegate version, go to the Delegate release notes.
-
Running
terraform apply
for an existing SSO-linked user group resulted in an empty user list. (PL-43763, ZD-55505)This issue has been resolved. Now, when the user group payload is SSO-linked, the existing users are maintained as is, and the users list in the payload is ignored.
- In cases where the existing user group is SSO-linked and needs to be overridden and delinked in the update payload, the existing users will be replaced with the users list provided in the payload.
-
The
platform-service
was not publishing the response count metric. (PL-43123)This has been resolved, and the
platform-service
will now consistently publish the response count metrics.
Version 1.21.5
Fixed issues
- Tooltips in the left navigation were incorrectly displayed behind the stage execution details panel. Now, tooltips are visible on the Execution page. (PL-43993)
- Fixed the ACL list roles API to correctly display
HarnessManaged
,CreatedAt
, andLastModifiedAt
date fields, ensuring accurate role management data in responses. (PL-43952) - Multi-select dropdowns would reset to the top after each selection. This issue is fixed for all multi-select dropdowns unless explicitly specified by the user. (PL-43925)
- When editing user group data, member data was not added as expected. Now, the user group data related to the user group members is not lost when the user group is updated. (PL-43855, ZD-55944)
- Fixed an issue where searching for user groups containing special characters resulted in a 500 error due to invalid regex patterns in the search term. Now, the
usergroup
list API validates regex patterns and provides a clear error message for invalid search terms. (PL-43761) - The Azure endpoints were not being set based on the Azure environment selected. This led to Azure connectors working correctly only for Azure public cloud and not for other variants of Azure cloud (like Azure Gov, Azure China, and so on). Now, the correct Azure resource manager endpoint will be chosen based on the environment selected in the connector. (PL-43333, ZD-54717)
Version 1.20.9
New features and enhancements
-
Configure an absolute session timeout for your account (PL-43587)
A new Absolute Session Timeout (in minutes) setting is available on the Authentication page. When the Absolute Session Timeout (in minutes) is set, users will be logged out of their account after the configured timeout, regardless of any activity.
The default absolute session timeout is 0, which means that it is not set. You can set this to a maximum of 4320 minutes (3 days). The field automatically converts the minutes you enter to higher units of time, and displays the result under the field. For example, if you enter 1440, the UI shows 1 day below the field.
noteWhen both the session inactivity timeout and the absolute session timeout are set, the condition that is met first will be honored.
-
You can now toggle between the legacy UI navigation and the new navigation by enabling the feature flag
CDS_NAV_PREFS
for your account. (PL-43772)
Early access features
-
Grant public access to Harness pipelines (PL-43499)
You can now grant public access to Harness pipelines. New settings on the Authentication page and in pipeline Advanced Options allow you to grant public access to pipeline executions.
When you activate the Allow public resources authentication setting, you can then enable public view for your pipelines by setting the Mark this pipeline for public view option in the pipeline's Advanced Options.
Pipeline executions for pipelines marked for public view will be accessible without the need to authenticate in Harness. You can share pipeline execution URLs, which include console logs for the pipeline steps.
For more information, go to Allow public access to pipeline executions.
This is behind the feature flag
PL_ALLOW_TO_SET_PUBLIC_ACCESS
. -
Allowlist verification for delegate registration (PL-42471)
noteCurrently, allowlist verification for delegate registration is behind the feature flag
PL_ENFORCE_DELEGATE_REGISTRATION_ALLOWLIST
. Contact Harness Support to enable the feature.Without this feature flag enabled, delegates with an immutable image type can register without allowlist verification. With this feature flag enabled, delegates with an immutable image type can register if their IP/CIDR address is included in the allowed list received by Harness Manager. The IP address/CIDR should be that of the delegate or the last proxy between the delegate and Harness Manager in the case of a proxy.
Harness Manager verifies registration requests by matching the IP address against an approved list and allows or denies registration accordingly. For more information, go to Add and manage IP allowlists.
This item requires Harness Delegate version 24.01.82108. For information about features that require a specific delegate version, go to the Delegate release notes.
Fixed issues
-
Intermittent errors occurred when pulling secrets from a Custom Secret Manager. (PL-43193, ZD-54236, ZD-54555, ZD-55919)
This issue has been resolved by adding a timeout (in seconds) to fetch secrets from a custom provider in the Custom Secret Manager settings. The process interrupts and fails when it takes longer than the configured timeout to fetch the secret. The default value is 20 seconds.
This item requires Harness Delegate version 24.01.82108. For information about features that require a specific delegate version, go to the Delegate release notes.
Version 1.19.6
New features and enhancements
- Upgraded MinIO to
bitnami/minio:2023.10.7-debian-11-r2
. (PL-42019)
Early access
Allowlist verification for delegate registration (PL-42471)
Currently, allowlist verification for delegate registration is behind the feature flag PL_ENFORCE_DELEGATE_REGISTRATION_ALLOWLIST
. Contact Harness Support to enable the feature.
Without this feature flag enabled, delegates with an immutable image type can register without allowlist verification.
With this feature flag enabled, delegates with an immutable image type can register if their IP/CIDR address is included in the allowed list received by Harness Manager.
The IP address/CIDR should be that of the delegate or the last proxy between the delegate and Harness Manager in the case of a proxy.
Harness Manager verifies registration requests by matching the IP address against an approved list and allows or denies registration accordingly. For more information, go to Add and manage IP allowlists.
Fixed issues
-
The delegate was rejecting tasks due to an issue where the CPU and memory calculation wasn't showing the latest usage value. This was caused by the dynamic request handling feature that rejects tasks if the CPU and memory usage exceeds a certain threshold. The pods weren't scaled by HPA because the CPU and memory usage within the pods was within the limit. (PL-42600, ZD-54025, ZD-54324)
Harness improved the CPU/Memory calculation algorithm, resolving the issue.
This item is available with Harness Platform version 1.19.6 and does not require a new delegate version. For information about Harness Delegate features that require a specific delegate version, go to the Delegate release notes.
-
In the Add new Encrypted Text dialog, the Regions list for Google Secrets Manager integration included unsupported values.(PL-43575, ZD-55268)
This issue has been resolved and the Regions list has been updated with the correct GCP regions.
-
When Harness user groups were created during SCIM sync, dots were not converted to underscores in Harness for user group IDs. (PL-43576, ZD-55266)
This issue has been resolved. Now, SCIM group names that contain dots are converted to underscores in Harness for group identifiers. For example, a SCIM group named "abc.xyz" is created as follows:
UserGroupIdentifier: "abc_xyz"
UserGroupName: "abc.xyz"
-
Perpetual tasks weren't assigned after a delegate restart. (PL-43646, ZD-55426, ZD-55572)
Fixed race condition where a perpetual task was assigned at the same time as the delegate abruptly shutting down due to a pod restart.
This item is available with Harness Platform version 1.19.6 and does not require a new delegate version. For information about Harness Delegate features that require a specific delegate version, go to the Delegate release notes.
Version 1.17.8
New features and enhancements
- Upgraded the
yq
library from version 4.35.2 to 4.40.5. (PL-42548)
Fixed issues
-
For user groups provisioned from SCIM to Harness, for the corresponding user groups created in Harness, the user group
identifier
is derived from the display name of the user group in the SCIM provider. Harness replaces.
(dots) and-
(dashes) with an_
(underscore). All other special characters (#
,?
,%
, and so on) and spaces are removed. Leading digits0
through9
and$
are also removed. (PL-42535, ZD-53830, ZD-55294)All special characters except
.
,-
, and non-leading$
and digits0
through9
are removed.Example 1: For a user group in SCIM with the name
Harness.Group?Next#Gen-First
, the user group created in Harness will have theidentifier
:Harness_GroupNextGen_First
.Example 2: For a user group in SCIM with the name
123#One.$Two.$Three.123
, the user group created in Harness will have theidentifier
:One_$Two_$Three_123
.The existing behavior of
.
and-
changed to_
has been retained.The name of the corresponding user group created in Harness will retain the special symbols as present in the user group of the SCIM provider. Example: For a user group in SCIM with the name
Harness.Group?Next#Gen-First
, the user group created in Harness will have the samename
:Harness.Group?Next#Gen-First
.This item requires Harness Delegate version 23.12.82000. For information about features that require a specific delegate version, go to the Delegate release notes.
Previous releases
2023 releases
2023 releases
December 2023
Version 1.16.6
New features and enhancements
-
Upgraded Janino to version 3.1.11. (PL-43320, ZD-54505)
-
Upgraded
ch.qos.logback
from version 1.2.11 to 1.2.13. (PL-43260) -
Upgraded YamlBeans to version 1.17. (PL-42905, ZD-51149, ZD-53760, ZD-53919)
Fixed issues
-
The role assignment list API was returning incorrect role assignments. This problem occurred because of the use of a regex query to match the scope for role assignments. The issue specifically affected projects or organizations under the same account that had overlapping project or organization identifiers, particularly when the filter INCLUDED_CHILD_SCOPES was used. This issue has been addressed and corrected. (PL-39051)
-
Execution links were not available in pipeline failure Slack notifications. (PL-42974, ZD-53195)
This issue has been resolved. Now, in Slack notifications, the "Node status" keyword, such as "failed," is a hyperlink that provides direct access to the associated node execution URL.
-
Added RBAC checks to the delegate list API. Now, only delegates for which users have permission are shown in the list on the Delegates page. (PL-42268, ZD-52174)
This item is available with Harness Platform version 1.16.6 and does not require a new delegate version. For information about Harness Delegate features that require a specific delegate version, go to the Delegate release notes.
Version 81820
New features and enhancements
- The LDAP configuration wizard now includes a Delegates Setup step, allowing you to select delegates and ensuring that all LDAP delegate tasks go to a particular delegate. (PL-28202)