Release Manual 10.1.x

    Upgrade instructions

    The Release upgrade process you use depends on the version from which you are upgrading, and the version to which you want to go.

    For detailed instructions based on your upgrade scenario, refer to Upgrade scenarios.

    If you have hotfixes installed, contact the Support team before upgrading. Release 10.1.0

    Release 10.1.0 is a short-term support (STS) version that will be supported until superseded by the next release. For more information, refer to Short-term support/Long-term support policy.

    Feature highlights Release 10.1 includes these new features:

    • Requires Java 11
    • New GitHub & GitLab integrations
    • OAuth support for integrations
    • Improved password support for shared configuration
    • In-app guides and usage analytics
    • As-code: support for home folder
    • Trigger data purging
    • Cluster stability improvements
    • Helm chart support for Azure and GCP

    Feature breakdown and upgrade notes

    Requires Java 11 Release 10.1 is the first version that requires Java 11; Java 8 is no longer supported as a runtime.

    New GitHub & GitLab integrations

    The GitHub and GitLab integrations are now fully supported and can be downloaded from our distribution site

    Both plugins were previously available as community plugins. The officially supported versions are drop-in replacement and no upgrade is needed. See GitHub Plugin and GitLab Plugin for more information.

    OAuth support for integrations

    Added support for the OAuth authentication protocol on third party endpoints under 'Configuration' (folder level) or 'Shared configuration' (global settings).

    OAuth is available out-of-the-box for plugin implementations that use the provided HttpRequest class under the hood. Plugins that have custom connection implementations (for example those that use the Python requests library) will not have OAuth capability automatically.

    The authentication method on a Configuration object is now a dropdown. Plugins can indicate which authentication methods are supported through configuration in their synthetic.xml.

    All supported plugins have been revised for 10.1 to expose the proper authentication methods.

    Release with Delivery Insights (General Availability)

    The Release with Delivery Insights service integrates with and aggregates data from the following tools to generate rich insights into what's flowing through your software delivery value stream.

    • Issue tracking tools—Jira and Agility
    • SCM tools—GitHub and GitLab With the new Delivery Insights plugin, you can create, promote and deliver package revisions for all your software applications in one place—the Package Progression Board.

    For more information, see Release with Delivery Insights.

    Improved password support for shared configuration

    Password fields on the configuration screen can now have a reference to a folder variable or global variable.

    Effectively this means that third party endpoints can now have their passwords stored in external secrets management like Vault or Conjur.

    To do so, configure the password on the configuration to refer to a folder or global variable and configure the variable to point to the secret management system like Vault or Conjur.

    Private keys are now passwords by default, so they can also be stored in an external secret management system.

    For more information refer Conjur plugin and Hashicorp Vault plugin.

    In-app guides and usage analytics

    The new guide and analytics module allows two things:

    • Provide in-app guides and how-tos
    • Collect usage analytics

    This module runs from the client browser and will contact an external server to download guides and send anonymous usage data to that server. This technology is provided by Pendo.

    The in-app guides and usage analytics is enabled by default and can be disabled on the new Settings > Features screen in the Release UI. This setting is only accessible to admins.

    There are three possibilities

    • Enable for all users (default)
    • Enable, but allow individual users to opt-out. Users will have can opt in or out under User Management > User profile.
    • Disable for all users.


    Various improvements are included in this release making the behavior of xl generate and xl apply more robust for bigger chunks of release content than just templates.

    A new feature flag --home allows you to apply the content that was generated in one folder with the --path flag to another folder.

    For example, get the content of the 'Development' folder

    $ xl generate xl-release --path Development -f my-templates.yaml

    and then put it into 'Production'

    $ xl apply --home Production -f my-templates.yaml

    For more information click here

    Trigger data purging

    Triggers may produce a lot of logging. It is now possible to purge the logs after a certain time.

    Configuration of this feature can be found under Settings > General > Trigger data purging.

    Purging is off by default and needs to be enabled manually.

    For more information click here

    Cluster stability improvements

    We made several improvements to ensure stable operation in a clustered environment.

    Graceful node termination should not cause task failure anymore, all started tasks will be given configurable grace termination timeout, and new tasks will be postponed.

    Task grace termination timeout is configured through xl.timeouts.taskSchedulerGraceShutdownPeriod setting in xl-release.conf.

    Helm chart support for Azure and GCP

    When running in Kubernetes environment, our Helm charts now also support Azure and GCP.

    Additionally, the nginx ingress controller is now supported.

    For more information click here.

    Background job execution is only started on any node after that node fully joins the cluster. Previously background jobs were started independently and it could cause "Futures timed out" error messages in logs, because node did not join cluster yet and messages to other nodes can not be delivered.

    Resource consumption by StuckGateDetectorActor is reduced. For installations that have thousands of gate tasks StuckGateDetectorActor was creating significant pressure.

    Performance improvements

    Unnecessary roles and permissions reads during background task execution are removed, permission data is cached where possible. This should decrease number of database queries during task background execution.

    Re-branded Agility Integration Plugin 10.1.0

    • VersionOne Integration Plugin has been re-branded as Agility Integration Plugin (xlr-agility-integration in Plugin Manager)

    • You can now create Agility assets (Story and Defect) from Agility templates

    • You can now pass comma-separated attribute values for Agility fields

    • The Get Asset task replaces the Get Story task and lets you retrieve an asset's (Story, Defect, Test, Task) data from Agility

      Note: Though the Get Asset task functionally replaces the Get Story task, the Get Story task is not removed completely for backward compatibility purposes. It shows up as Get Story (legacy).

    For more information, see Agility integration plugin.

    Ability to define dynamic UI fields based on the value of an enum property

    The following example synthetic.xml shows how we can further restrict enum values of an existing enum property and show only a subset of all properties (i.e. show only properties associated with selected enum value):

    <type-modification type="some.Server">
        <property name="authenticationMethod" kind="enum"
                  hidden="false" default="None">
                Use enum-values to additionally restrict possible authentication methods
                from [None, Basic, Ntlm, PAT, Oauth2] to [None, Basic, NTLM].
             Define hidden property with the name in the format `<enum_property_name>_DependentProperties`.
             It maps certain enum values to property fields that will be displayed when that value is selected.
             Other properties with the same category (in the example: `Authentication`) will be hidden.
        <property name="authenticationMethod_DependentProperties"
                  default="Basic:username;password,PAT:apiToken" />

    Known issues

    As of Release v.10.1, Unable to install the Release as a service if the service command length exceeds 32768 characters. Release 10.1.0 release notes

    New features

    • [ENG-2474] - As code: Discovered further gaps and CIs to optimize
    • [ENG-2869] - Worked on performance improvements for activity logs on triggers
    • [ENG-3224] - As code: Bucket improvements
    • [ENG-3304] - Make risk calculation and update independent of release actor
    • [ENG-3336] - As code: Inconsistent result when no matches
    • [ENG-3813] - Reduced number of teams/roles/permissions reads during task execution
    • [ENG-3845] - Added OAuth support for plugin
    • [ENG-3846] - Added support for dynamic UI based on selected auth method
    • [ENG-3852] - Changed the default value to false for Stuck gate detector
    • [ENG-3858] - Integrated Pendo into Release
    • [ENG-3860] - Added: Client-side feature toggle
    • [ENG-3946] - Updated java script javax.script.ScriptException: zlib.error: for custom task
    • [ENG-4143] - Use spring-boot with DAI Release
    • [ENG-4169] - Updated metadata builder to work with .xldp
    • [ENG-4198] - As-code: support home metadata in generate
    • [ENG-4201] - Finished Pendo integration
    • [ENG-4339] - Added support personal access token when connecting to Blackduck server
    • [ENG-4367] - Ability to create VersionOne story from template in VersionOne
    • [ENG-4368] - Ability to create VersionOne defect from template in VersionOne
    • [ENG-4371] - Updated Get Story task to pull additional information
    • [ENG-4376] - Get details of single asset (task, defect, test) by providing issue id and Get story task needs to be updated for more coverage
    • [ENG-4401] - Improvement around session management
    • [ENG-4526] - As-code: Generate the kinds and types in proper order
    • [ENG-4550] - Insource xlr-github-plugin
    • [ENG-4551] - Insource xlr-gitlab-plugin
    • [ENG-4607] - Upgrading JDK to 11 (from 8) for Release plugins
    • [ENG-4718] - Ability to restrict enum values for enum class via synthetic
    • [ENG-5089] - Changed the default value to true for gate actor
    • [ENG-5151] - Added timestamp marker to all view
    • [ENG-5237] - Featured flag to support default and oidc plugin
    • [ENG-5251] - Featured Toggle to send email to inactive users
    • [ENG-673] - In XLR cluster, release task stucked in “In progress” state when active node is brought down while task (jython script) is running


    • [ENG-3745] - Added validations on new folder modal
    • [ENG-3906] - Implemented debounce for release progress service
    • [ENG-4283] - RoleIdExtension for archived releases
    • [ENG-4795] - Vault token in plaintext in logs for all tasks in XLR
    • [ENG-4816] - Add option to disable certificate handshake

    Bug fixes

    • [ENG-1723] - Fixed: Discrepancy found while adding Jira Subtask type in XLR for input 'Issue Type Name'
    • [ENG-2156] - Fixed: Calendar dragging doesnt work if touching release blocks
    • [ENG-3547] - Fixed: Blackout popup showing only topmost blackout
    • [ENG-3656] - Fixed: It would be good to highlight current day/week/month/year in Navigation drawer when user opens it
    • [ENG-3658] - Fixed: View selection and date range is not persistent in Calendar if you move across tabs
    • [ENG-3672] - Fixed: user permissions report sorting is not consistent with audit report permissions tab
    • [ENG-3678] - Fixed: SMTP server port number can be set as a negative number
    • [ENG-3781] - Fixed: Not able to delete/edit the color code after "three" letters
    • [ENG-3806] - Fixed: Broken delivery properties screen for long pattern name
    • [ENG-3824] - Fixed: XLR Calendar - Change Day view timeline Date format based on user selection
    • [ENG-3825] - Fixed: Task owner should not change after being completed in advance
    • [ENG-3826] - Fixed: Folder owner wrong calculated for ldap group users
    • [ENG-3830] - Fixed: DuplicateKeyException on session timeout with OIDC Plugin
    • [ENG-3832] - Fixed: As-code: can't import templates with scheduledStartDate in the future
    • [ENG-3833] - Fixed: Unable to edit long folder variable names
    • [ENG-3835] - Fixed: Failing the calendar cypress tests after top month label removal
    • [ENG-3855] - Fixed: Use UTF-8 on Jython HttpRequest
    • [ENG-3928] - Fixed: As code: generating Global only entities with folder name in --path , generates notifications
    • [ENG-3950] - Fixed: Releases that are FAILURE_HANDLER_IN_PROGRESS are not recovered
    • [ENG-3977] - Fixed: Browser History is polluted when calendar view is changed
    • [ENG-4015] - Fixed: As code: can't apply yaml that creates a pattern and template using that pattern at the same time
    • [ENG-4016] - Fixed: Make team member check case insensitive
    • [ENG-4024] - Fixed: SearchReleases public API
    • [ENG-4036] - Fixed: As code: can't apply yaml that creates folder configuration and tasks using that configuration
    • [ENG-4038] - Fixed: As code: referenced folder configuration doesn't include folder name when generated
    • [ENG-4040] - Fixed: Bring the Z-dept of timeline marker to be in front of the releases
    • [ENG-4043] - Fixed: Global notifications screen shows infinite spinner
    • [ENG-4063] - Fixed: As code: can't apply yaml that creates a role and dashboard using the role at the same time
    • [ENG-4068] - Fixed: As-code: triggers should go after templates
    • [ENG-4100] - Fixed: As code: can't generated YAML of dashboard with tile using source template filter
    • [ENG-4101] - Fixed: As code: delivery tasks contain folderId instead of name of folder in generated YAML
    • [ENG-4199] - Fixed: As-code: allow generation of same name templates if they are in different folders
    • [ENG-4244] - Fixed: Triggers uses old shared configuration after update on shared configuration
    • [ENG-4250] - Fixed: ReleaseExecutionActorMessages.CallerContext can't be serialized by Kryo
    • [ENG-4260] - Fixed: Watcher predictive text field not working
    • [ENG-4274] - Fixed: Task fails because irrelevant external variables can't be resolved
    • [ENG-4280] - Fixed: Template owner dictates release owner when release started from template
    • [ENG-4305] - Fixed: Blackduck plugin is throwing NoSuchMethodError
    • [ENG-4310] - Fixed: Search not working when Adding non-exist user to Teams
    • [ENG-4337] - Fixed: As-code: Generating permission for child folder also generates permission for parent folder
    • [ENG-4396] - Fixed: LicenseRegistrationServlet doesn't work after spring dispatcher servlet was enabled
    • [ENG-4574] - Fixed: Can not start xlr distribution from master branch
    • [ENG-4579] - Fixed: Multi-value field cannot be updated using VersionOne plugin
    • [ENG-4593] - Fixed: Jenkins plugin: task should fail if jenkins job is not found
    • [ENG-4632] - Fixed: As code: yaml UI view for templates in nested folders doesn't show correct directories
    • [ENG-4636] - Fixed: Changing the config in a duplicated dashboard causes changes in the config to all duplicated dashboards
    • [ENG-4759] - Fixed: Deadlock on XLR_USER_PROFILES
    • [ENG-4775] - Fixed: Authentication method UI not hidden when navigating through configurations
    • [ENG-4787] - Fixed: Jenkins apiToken is missing from shared configuration
    • [ENG-4804] - Fixed: As-code: unable to remove unused variables from template
    • [ENG-4814] - Fixed: Pendo analytics: Error in browser console after XLR restart and page refresh
    • [ENG-4826] - Fixed: [Spring boot] XlrWebApplicationInitializer is not initialised
    • [ENG-4835] - Fixed: Jira apiToken is missing from shared configuration
    • [ENG-4861] - Fixed: Delete button position not correct on template versioning page
    • [ENG-4892] - Fixed: Redirect to OIDC login page on session timeout
    • [ENG-4919] - Fixed: As-code: change --home-override to --home in cli
    • [ENG-4931] - Fixed: Node stuck if DB upgrade unsuccessful
    • [ENG-4936] - Fixed: MSSQL SQL error in ActivityLogs
    • [ENG-4937] - Fixed: MSSQL SQL error in Spring Sessions
    • [ENG-4957] - Fixed: Failure handler is not saving variables
    • [ENG-4959] - Fixed: MSSQL - deadlocks on deliveries
    • [ENG-4981] - Fixed: As code: UI template YAML view fails with ClassCastException
    • [ENG-4997] - Fixed: Users can't login in 10.1 after upgrade due to spring-session
    • [ENG-5081] - Fixed: As-code: Dependency error on apply when using AsCode to apply environment with a reservation
    • [ENG-5143] - Fixed: Test button is disabled when changing password from text to variable mode
    • [ENG-5144] - Fixed: Random NullPointerException on tasks in Parallel and Sequential Group
    • [ENG-5146] - Fixed: Hide unsupported OAuth 2.0 auth method for git configuration
    • [ENG-5153] - Fixed: Variable support on shared configuration is broken for password with textarea
    • [ENG-5154] - Fixed: type-modification for JGitConnectorConfig is not working
    • [ENG-5158] - Fixed: XLR didn't create same name templates while importing to same folder or in different folders.
    • [ENG-5167] - Fixed: Set proper authenticationMethod for plugins
    • [ENG-5192] - Fixed: Getting error on browser on login/refresh
    • [ENG-5216] - Fixed: Create Release tasks : Template selection pop-up
    • [ENG-5324] - Fixed: Script output attachment is truncated to 32kb
    • [ENG-5348] - Fixed: com.xebialabs.xlrelease.domain.Changes.VariablesChanges#updatedVariablesMap seems to be unused
    • [ENG-5359] - Fixed: Plugin backward compatibility around TaskSoftReference Release 10.1.1 release notes

    Bug fixes

    • [ENG-7613] Fixed the bug for the "Wait for Status" task with OAuth in Servicenow Plugin. Release 10.1.2 release notes

    Bug fixes

    • [ENG-5061] - Fixed the failing Jenkins tasks though the Jenkins server added in the shared configuration
    • [ENG-5152] - Fixed the set_of_string field which used to lost when the template is applied/created through the CLI
    • [ENG-5254] - Fixed: The same object (variable) value is modified from different threads
    • [ENG-5345] - Find or Create Delivery task—Fixed an issue that prevented users from viewing the Pattern/Stage information on Find Or Create Delivery tasks
    • [ENG-5409] - Fixed: Create Release task displays ReleaseId instead of Release Title
    • [ENG-5508] - Fixed the server not shutdown issue via API
    • [ENG-5631] - Fixed an issue that prevented Trigger creation when you import and apply an As Code YAML file that defines:
      • a Release Template and a time-based Trigger—wherein the template's name starts with "Release" and the trigger references this template
      • a Release Template and an event-based Trigger—wherein the template's name starts with "Release" and the trigger references this template
    • [ENG-5634] - Fixed: Password handling in script tasks is inconsistent when override of security is used
    • [ENG-5719] - Fixed an issue that prevented the user from exporting the Release Audit Report
    • [ENG-5840] - Fixed the Password field when becomes blank while starting release from Create Releaser task Release 10.1.3 release notes

    Bug fixes

    • [ENG-5200] - Updated the user interface with the more precise format for Day, Week, and Month
    • [ENG-5504] - Fixed the issue when a large number of environments are present, Deployment tile throws an exception
    • [ENG-6420] - Updated and fixed the ‘User Input’ task detail view UI from two inputs to one and variable field to show the previously added value
    • [ENG-6436] - Removed unwanted encoding of user input, which made special characters look garbled in Jira tasks
    • [ENG-6493] - The XLR task/release is completed with the local/LDAP user credentials once provided in the template property
    • [ENG-6618] - Fixed the issue: ‘Create Release’ task displays the release ID instead of title for the Root level template
    • [ENG-6715] - Updated HttpResponse.class from str to unicode
    • [ENG-6734] - Fixed the remember-me functionality by changing the default value from 1 year to 30 days
    • [ENG-6862] - Fixed the unfunctional Pop-Up menus (Help and Setting) on a Windows machine
    • [ENG-7024] - Fixed the duplicate TaskPreconditionValidated deliveries by clearing the executionId on task.
    • [ENG-7072] - Fixed the issue when Webhook event has triggered with variables having DOT in the name. Release 10.1.4 release notes

    Bug fixes

    • [ENG-7175] - Fixed the issue by increasing the release column width in the release group.
    • [ENG-7186] - Fixed the issue where RolesApi#getRole() property did not return exact role name.
    • [ENG-7282] - Fixed the Trigger failure causes serialization error in cluster mode.
    • [ENG-7296] - Fixed the As Code Apply failing for Custom Script task when Synthetic Property is set as Empty. Release 10.1.5 release notes

    Bug fixes

    • [ENG-7142] Fixed the issue of the Actor crashing in a task inside the group which is scheduled to start, but the group is not started.
    • [ENG-7155] Fixed the template creation in Release.
    • [ENG-7196] Fixed the issue of displaying all folders when creating a new release.
    • [ENG-7412] Fixed the Custom logo alignment in the Email Notifications Footer.
    • [ENG-7487] Fixed the resolved usernames when showing the Roles page by removing the LDAP data search.
    • [ENG-7537] Fixed the issue where Restricting os.path module for Jython script.
    • [ENG-7627] Fixed the issue of Tooltip number which is not visible in the release tile.
    • [ENG-7659] Fixed the issue REOPEN & ESCALATE = Jython not truly patched for XLR 9.8, 10.0.
    • [ENG-7700] Fixing the issue of application in XLR which does not appear in the Deployment Attribute.
    • [ENG-7730] Resolved the As-code generated dashboards that are not resolving filters on all tiles. Release 10.1.6 release notes

    Bug fixes

    • [ENG-7980] - Fixed the broken Jython patch for issues 2618 and 2894. Release 10.1.7 release notes

    Bug fixes

    • [FI-879] - Fix provided for the releases which fail while archiving due to size constraints on columns. Release 10.1.8 release notes

    Bug fixes

    • [FI-892] - Fixed a permission issue with the Release's Script task—Folder > Edit Variables permission is no longer required to read/edit release variables.
    • [FI-912] - Fixed an issue with the Release CLI that caused problems with template export/import. Release 10.1.9 release notes

    Bug fixes

    • [FI-745] - Fixed the trigger consistency issue in clustered environment.
    • [FI-943] - Fixed the "" "/root/.postgresql/postgresql.crt" "read" reporting pool error.
    • [FI-963] - Deploy and Release are not susceptible to log4j vulnerability. Though Deploy and Release were bundled with log4j-to-slf4j and log4j-api files, these JAR files cannot be exploited. While neither these files nor Deploy and Release are susceptible to attack due to this log4j vulnerability, some threat detection systems may flag these files. To avoid any such false positive threat indications in future, the latest log4j library files (interface and supporting third party libraries) were bundled with both Release and Deploy. For more information, see Log4j Vulnerability to Zero-Day Exploit and Release and Deploy. Release 10.1.10 release notes

    Bug fixes

    • [ENG-8302] - Fixed an issue that prevented a release (that was created from a global template) from inheriting folder permissions.

    • [ENG-8545] - Fixed—You can now use variables in the Watchers field of release tasks.

    • [ENG-8812] - Deploy and Release are not susceptible to log4j vulnerability. Though Deploy and Release were bundled with log4j-to-slf4j and log4j-api files, these JAR files cannot be exploited. While neither these files nor Deploy and Release are susceptible to attack due to this log4j vulnerability, some threat detection systems may flag these files. To avoid any such false positive threat indications in future, the latest log4j library files (interface and supporting third party libraries) were bundled with both Release and Deploy. For more information, see this article.

    • [ENG-8952] - Fixed the missing index on XLR_FOLDER_VARIABLES (FOLDER_CI_UID).

    • [ENG-9015] - Fixed the incorrect Release component version in one of the database tables the XL_VERSION table.

      Important: If you are upgrading from one of the following Release versions, you must only upgrade to the latest patch release available for the version of Release you are upgrading to. For example, if you are on Release version 10.0.9 and planning to upgrade to the 10.3 version, you should upgrade to 10.3.8 or later versions of the 10.3 release. Here's the list of Release versions that are affected due this bug: Release 9.7.18, 9.7.19, 9.7.20, 10.0.7, 10.0.8, 10.0.9, 10.0.10, 10.1.6, 10.1.7, 10.1.8, and 10.1.9. The fix for the bug is available on these versions: Release 9.7.21, 10.0.11, 10.1.10, 10.2.10, 10.3.8, and 22.0.1. Release 10.1.11 release notes

    Bug Fixes

    • ENG-9080 — Fixed an issue where the cluster data was not properly persisted in the database.
    • FI-859 — Fixed an issue with Folder variable mapping in the Release properties that prevented users from selecting variables under the Run automated tasks as user field. Release 10.1.13 release notes

    Bug Fixes

    Note: There is no Release version 10.1.12.

    • FI-1018 - Fixed an issue with the Create Release task where the changes to the variable properties (label, description, required Flag) of the release template were not reflecting correctly.
    • ENG-9397 - Fixed an issue where we were unable to apply YAML with the value provider in CRT variables.
    • ENG-9180 - Fixed an issue with the task-transition permission by removing it from Release Owners. Earlier this permission was available by default. Now it has to be configured. Release 10.1.14 release notes

    Bug Fixes

    • D-20318 - Fixed the issue for the CVEs that were detected in the latest Release Docker distribution.
    • D-20645 - Fixed the issue where multiple API calls were made to access the variables in the user-input task. Release 10.1.15 release notes

    Bug Fixes and Field Incidents—10.1.15

    • D-21088 - Issue with the "Watchers" user drop-down list in Task modal—the search text entered to search for a user was also added as a watcher when you select a user using the mouse, which is now fixed.
    • D-21131 - Fixed an issue with the Attributes Rail—on clicking the Delete icon (not the button itself, but trash icon), the Edit Attributes modal opens up. Release 10.1.16 release notes

    Bug Fixes and Field Incidents—10.1.16

    • D-20582 - Fixed the issue that prevented multiline text from being displayed in Output properties of a task.
    • D-21101 - Script tasks, if immediately preceded by a Gate task, fail to read the comments added to the Script task at runtime. This is now fixed.
    • D-21120 - Fixed an issue with the Webhook:Json webhook task that generates wrong authorization token.
    • D-21400 - When a valid Okta user, who is not assigned to the Release application in Okta, tries to login, an indefinite redirect loop occurs. This issue is now fixed.
    • D-21573 - You cannot export an excel report from a release that is completed and archived. This issue is now fixed.
    • D-21886 - After upgrading to 22.0.1, the dependencies that existed in Gate tasks before the upgrade are not available. These Gate tasks display the status as Not Found even when their status is In Progress. This issue is now fixed.