Blog

Enhancements

• You can now edit users in the DevOps Portal and add them to the sonar-quality-admins group by checking "Administer Quality Gates and Quality Profiles" in the SonarQube fieldset. Press Save when done.

  

Improvements

• In addition to the existing projects in Harbor, a new set of projects with the suffix "-helm" has been added to support the upcoming migration from Chart Museum to OCI Charts. Currently, Container images and Helm charts are located in the same project. In the future, it will be necessary to store Helm charts in a separate project, since Rancher doesn't support having container images in an OCI Chart project. For the moment, the *-helm projects are write-protected. This will be changed when the migration plan has been published.
• Users which are authenticated using an external identity provider are now marked with the label IDP in their status.
• A webhook is now automatically added to Harbor which notifies Jenkins about finished Trivy security scans. This was necessary to support the new feature in Jenkins Shared Library v3.7.0.
• The user selection on the project page can now be controlled using keystrokes.
• When hovering with the mouse over a table, the current row is marked for easier reading. Will be changed in the next version to stand out even more.
• Pop-up messages are now shown for 10 seconds, not just for 3.
• Updated Spring Boot.

Bugfixes

• Some rare special characters in project names could show error 400. This has been fixed.

Enhancements

• For more governance concerning usage of tools, customers can now opt in for some restrictions concerning editing and viewing tools in projects. When the first feature toggle is enabled, only Portal Admins can add tools to projects, but Project Admins cannot. In addition, another feature toggle is available, which defines if unassigned tools for users or projects can be viewed on the respective detail pages. Users, who have edit rights, will always see all available tools independently of this switch.
• Customers can opt in to define a default project for which new users will automatically receive a VIEWER role. While this can be used to offer internal documentation at a central place, it has the disadvantage that it weakens the data privacy implemented by organizations. If users have a role in the same project, they can see each other in the DevOps Portal, even when they are in different organizations.

Improvements

• Grafana is now a default tool. This means, it is preselected as a tool when new projects or users are created.

Bugfixes

• Some pixels were cut from the icons in the main menu on the left-hand side.
• Minor text fixes in notification mails.
• An issue happening just for some customers was fixed, which could redirect back to the users page when typing something on another page.

Enhancements

• Implemented Just-in-Time (JiT) provisioning for users authenticated by external identity providers (IdPs).
• It's now possible to manage Rancher Tech Users in the Portal. Assigning a Rancher Tech User to a project will only make it visible to the project members. It will not get automatically access to any cluster resources in Rancher. For this, you have to manually assign cluster roles to the "local" copy of the Tech User in Rancher. Login with the Technical User Name (without any '@domain' suffix). The page Creation of API Tokens for Technical Users shows the next steps which are necessary before you can use your Rancher Tech User for API calls into Rancher.

Improvements

• Reduced number of external dependencies in own code.
• Improved German translations of notification emails.

Bugfixes

• Fixed visibility for Dependency Track projects, so that it works for all versions of an analyzed project.

Enhancements

• A new "Reset 2FA" button has been added to the user details page and is also available in the More menu on the users page. Reset 2FA makes sense, when a user switched to a new mobile phone but forgot to back up the 2FA code configuration.
• Prepared the DevOps Portal to support external identity providers (IdPs) in the future.
• Since gitlab implemented a soft delete for organizations, the consequence is, that projects deleted in the DevOps Portal will stay for 7 more days in gitlab. Since this would block creating a new project in the portal with the name that was previously used, the DevOps Portal is now renaming deleted organizations in gitlab to a unique name to avoid any collisions.

Improvements

• The aggregation logic for collection projects in Dependency Track has been changed to sum up the number of findings of sub projects only when they are marked as "last version".
• Updated the Portal to Angular v20.
• The optional feature for automatically locking inactive users has been improved and is now sending mails with dates formatted to the locale of the user.
• Improved pod affinity settings to avoid scheduling problems after cluster restarts.
• Improved design of project and tech user delete dialogs.

Bugfixes

• On the Tech User edit page, the flickering caused by the password strength check has been fixed.
• Fixed a bug in the localization that could lead to UI errors for some users. 

Enhancements

• Customers can now opt in to an automated procedure that aims to lock inactive users. This makes sense to increase security, but also helps to save paid licenses, since all license assignments are removed from a user when it's locked.
  The default config of the feature will send emails twice a week to users which have not logged in for 90 days to any tool or the DevOps Portal. The email asks the user to simply log in to the DevOps Portal or any other tool to be regarded again as active. If this is not done, and the grace period of 10 days has passed, the user is locked.
• For continuous operation of Portal API scripts, it's now possible to create and administer Technical Portal Users on the technical users page. Use with care, since these Portal Tech Users have the full power of Portal Admins and therefore could delete all projects and users! Like the Portal API itself, the feature is only enabled on request of the customer. In addition, Portal Tech Users can only call the API from well-defined IP addresses of the customer.

Improvements

• Improved error messages when outdated or already used activation links are called. The presented information is balanced between the best possible user feedback and security requirements.
• Keycloak update

New Tool

Dependency-Track was added as an optional tool to DevOps-as-a-Service.

Dependency-Track is an open-source Software Composition Analysis (SCA) tool that helps organizations manage and secure their software supply chain. It automatically generates and maintains a Software Bill of Materials (SBOM) for projects and the continuously monitors dependencies for known vulnerabilities. In addition, it tracks license compliance of open-source components, giving teams greater visibility and control. By integrating seamlessly into DevOps and CI/CD pipelines, Dependency-Track makes it easier to embed security throughout the development lifecycle.

The Jenkins Shared Library will automatically create SBOM files for maven projects and upload them to Dependency-Track.

For more information, see Dependency-Track.

Improvements

• The description field on the project details page was moved more towards the top to make clear that it's a general field and not tool-specific.

Security

• The internal representation of a user in Jenkins is now automatically deleted, when the user is deleted in the DevOps Portal. This ensures that API tokens of deleted users are no longer usable.

Bugfixes

• The sorting functionality in the audit log was not consistently working across all fields, and some fields exhibited instability both in graphical representation and sorting behavior.

Improvements

• The "Manage Watcher list" permission in Jira projects is now granted to the ADMIN and MASTER role.
• For RETIRED projects, the tool links are no longer clickable.

Bugfixes

• If a lot of artifacts were pushed to a Harbor project it could happen, that the project could not be properly deleted. This is fixed now.
• For some cases, it could happen that a change of the display language was not properly saved. This is fixed now.
• It could happen when a Portal Admin tried to delete a retired project that the error message which says that the project has to spend more time in the RETIRED stated was not properly displayed.

Improvements

• Upgraded Portal back-end from Java 17 to 21.
• Reinvites are now recorded in the audit log.
• The version number on the bottom left of the dashboard is now linked to this blog with the release notes.

Bugfixes

• The Jira Agile Board Management Change mentioned in DevOps Portal 1.9.3 was not applied correctly to boards named only "PKEY". This has been fixed.
• Due to a race condition on the project details page, it could happen that all default tools were shown as selected, instead of the tools which were indeed part of the project. The bug was present in 2.0.0 only.

New Design

• The main menu was moved from the top to the left to better match the 16:9 layout of current screens. For more clearness, the expanded menu with icons and labels can be used:
  
  Or for a maximum of available space, the collapsed menu just with icons:

• 

Enhancements

• The DevOps Portal was upgraded to Angular 19.
• Prepared the upcoming feature for technical users which can access the Portal Rest API.

Improvements

• All sub wikis in XWiki now automatically get the same magenta theme like the main wiki.

Improvements

• Improved Rest API concerning checks for missing arguments and providing more defaults.
• Improved content of some mail notifications on user and role changes.

Bugfixes

• A column header on the Users page was lost in 1.9.3, but is back again.
• Fixed formatting on password change page.