Upgrading from CloudBees CI versions older than 2.452.2.3

Issue

CloudBees CI versions 2.401.1.3 through 2.452.1.2 are affected by an HTTP Client leak that can cause severe performance degradation depending on environment configuration and workload. This issue is fixed in CloudBees CI version 2.452.2.3 and later: Operations Center Client leaks HTTP Clients since version 2.401.1.3.

CloudBees CI versions 2.414.1.4 through 2.452.1.2 contain versions of the User Activity Monitoring plugin that have an issue that causes the loss of user activity data. This issue is fixed in CloudBees CI version 2.452.2.3 and later: Why is my user activity missing?

CloudBees CI version 2.414.1.4 contains a version of the CloudBees Pipeline Explorer plugin that causes controller-wide performance issues. This issue is fixed in CloudBees CI version 2.414.2.2 and later: CloudBees Pipeline Explorer 1.4.1

For those on releases older than CloudBees CI version 2.401.1.3, it is not possible to upgrade to the release containing fixes for all of the above issues (2.452.2.3), as CloudBees supports upgrading CloudBees CI to a version up to one year later than your current version: Upgrading between versions.

As a special exception to our normal process, CloudBees has created backports of the fixes to all of these issues for product version 2.414.1.4. This guide has been created to help guide clients through the recommended upgrade path for these product versions older than 2.452.2.3.

Environment

Resolution

CloudBees CI version older than 2.346.4.1

If you are on a CloudBees CI version older than 2.346.4.1, we recommend your first steps are to upgrade to a release one year newer than your current version, targeting to get upgraded to 2.346.4.1. The CloudBees support team can help plan your upgrade and notify you about other environment specific issues via an the Assisted Upgrade.

If you are running a version older than 2.303.1.6 (Released: August 31, 2021) you will have to do multiple upgrades to get to 2.346.4.1 (Released: August 23, 2022), as CloudBees supports upgrading CloudBees CI to a version up to one year later than your current version: Upgrading between versions.

CloudBees CI versions 2.346.4.1 through 2.401.1.3

If you are using CloudBees CI version 2.346.4.1 up to 2.401.1.3 (inclusive), to ensure you are not impacted by these issues in User Activity Monitoring plugin or HTTP Client leaks during your next upgrade, your upgrade target should be 2.414.1.4 (Released: August 28, 2023) with the following instructions:

2.414.1.4 is one of the versions impacted by CloudBees CI 2024-11-13 SSO vulnerability mitigation so the mitigation steps are included below as well.

Open a new ticket with the CloudBees Support team with the Required Data: Assisted Upgrade
1. We will review your cluster details, and use tooling to provide any additional upgrade instructions specific to your environment
2. We will also share the plugins that have the fixes to the issues mentioned above, via a new user-activity-monitoring.hpi, operations-center-agent.hpi, operations-center-client.hpi, operations-center-context.hpi, and cloudbees-pipeline-explorer.hpi
Before upgrading operations center and controllers:
1. Take a backup of your operations center and controllers
2. On your operations center and all controllers ensure automatic upgrades are enabled, and downgrades are disabled
  1. Go to Manage Jenkins → Beekeeper Upgrade Assistant → CAP Configuration
  2. Enable Enroll this instance in the CloudBees Assurance Program
  3. Enable Allow automatic upgrades of plugins on restart
  4. Disable Allow automatic downgrades of plugins on restart
  5. Save the configuration
3. On your operations center and all controllers disable the User Activity Monitoring Plugin
  1. Go to Manage Jenkins → Plugins → Installed plugins
  2. Search for user-activity-monitoring, and toggle the Enabled button to disable the plugin after restart
4. On your operations center and all controllers install the mitigation plugin from CloudBees CI 2024-11-13 SSO vulnerability mitigation
  1. If you are running a version older than 2.361.1.2, or running with Java older than 11, the plugin will fail to load when you install it, but after you upgrade CloudBees CI and Java, it will load and mitigate the vulnerability
Upgrade your CloudBees CI operations center to version 2.414.1.4
1. Upgrading CloudBees CI on modern cloud platforms
2. Upgrading CloudBees CI on traditional platforms
Install the corrected User Activity Monitoring Plugin on the operations center
1. Go to Manage Jenkins → Plugins → Advanced settings
2. Use the Deploy plugin feature to install the user-activity-monitoring.hpi from the first step (feel free to deploy this plugin using your usual process, for example using CasC)
3. Restart the operations center
4. Go to Manage Jenkins → Plugins → Installed plugins
5. Confirm you see User Activity Monitoring Plugin Version 1.50
  1. If you see the expected User Activity Monitoring Plugin version, toggle the Enabled button to enable the plugin after restart
  2. If you see a version different than 1.50 please share a support bundle with CloudBees support and we can work together to understand why the new plugin did not deploy.
Restart the operations center
Upgrade CloudBees CI controllers to version 2.414.1.4
1. Upgrading CloudBees CI on modern cloud platforms
2. Upgrading CloudBees CI on traditional platforms
Install the corrected plugins on all the controllers
1. Go to Manage Jenkins → Plugins → Advanced settings
2. Use the Deploy plugin feature to install the user-activity-monitoring.hpi, operations-center-agent.hpi, operations-center-client.hpi, operations-center-context.hpi, and cloudbees-pipeline-explorer.hpi plugins from the first step (feel free to deploy these plugins using your usual process, for example using CasC)
3. Restart the controller
4. Go to Manage Jenkins → Plugins → Installed plugins
5. Confirm you see:
  1. User Activity Monitoring Plugin Version 1.50
    
    If you see the expected version, toggle the Enabled button to enable the plugin after restart
  2. Operations Center Agent Version 3.0.23.1
  3. Operations Center Client Plugin Version 3.0.23.1
  4. Operations Center Context Version 3.0.23.1
  5. CloudBees Pipeline Explorer Version 1.3.1
6. If you see unexpected versions, please share a support bundle with CloudBees support and we can work together to understand why the new plugin did not deploy.
Restart the controllers
It is expected to see the following warnings under Manage Jenkins → Beekeeper Upgrade Assistant → Plugins, these will be fixed automatically when the next upgrade is performed (following the next section of this page)

CloudBees CI versions 2.401.2.3 through 2.452.1.2

If you are using CloudBees CI 2.401.2.3 up to 2.452.1.2 (inclusive), your upgrade target should be directly to 2.452.2.3 (or newer version that is within our supported policy: Upgrading between versions) with no intermediate upgrade steps. By following this upgrade path, you will avoid being impacted by either issue.

The standard upgrade steps can be followed:

The CloudBees support team can help plan your upgrade and notify you about other environment specific issues via an Assisted Upgrade.