CloudBees is pleased to announce this CloudBees CD/RO security patch release. You can find specific information about this release in the following sections:

Security fixes

The following security fixes and improvements have been made as part of this release:

CloudBees CD/RO v2024.03.0 contains a critical security vulnerability that could result in attackers:

  • Gaining unauthorized access to sensitive data.

  • Modifying or deleting data in your environment.

  • Deleting instances or disabling agents, causing service disruptions.

This vulnerability has been fixed in v2024.03.1 release. If you are using v2024.03.0, CloudBees recommends immediately upgrading to v2024.03.0.

New features

The following new features are introduced as part of this release:

Feature enhancements

The following feature enhancements have been made as part of this release:

Resolved issues

The following issues have been resolved as part of this release:

Fixed XXE authentication issue in CloudBees CD/RO components

Security vulnerabilities were identified in how CloudBees CD/RO parsed XML requests related to XML External Entity (XXE) processing. These vulnerabilities could lead to:

  • Unauthorized access to sensitive data.

  • The ability to modify or delete data.

  • The potential to delete instances or disable agents, causing service disruption.

    This issue has been fixed, and CloudBees CD/RO now protects against XXE processing.

Known issues

The following issues are included as known issues in this release:

MeanLeadTime report does not work correctly without release runs

The MeanLeadTime report does not work correctly when Elasticsearch only has pipeline runs but no release runs.

Artifacts can’t be transferred across zones using UI

The CloudBees CD/RO UI does not allow you to transfer artifacts across zones.

Data from a custom data retention policy schedule is not purged for single runs

When a custom data retention policy schedule is set to run once, the data is not purged after archiving. To purge data after archiving, use a repeat schedule or the global data retention setting.

Using PostgreSQL change tracking may generate errors

When using PostgreSQL with change tracking enabled, EcAuditStrategy errors may appear in the server log. This is a known issue, but is not expected to have any effect on the performance of the system.

Events generated from CloudBees CI create URLs that cause 401 errors

Events that originate from the default CloudBees CI create default configurations. URLs for these new controllers are not Jenkins configured URLs and cause 401 errors.

Kerberos SSO sign-in issues

You may experience SSO sign-in issues when using Kerberos due to a Microsoft known issue.

Process steps modified during runs to be manual will hang

When a process step that is not manual is modified to be manual after the process runs, but before the associated job step evaluated, the step hangs and adds a java.lang.IllegalStateException: Unknown step type: manual exception to the log.

flowRuntime reports existing CloudBees CI job when switching platforms

The flowRuntime response contains hasCIJobs=1 if a release was started from CloudBees CD/RO and the previous release run was triggered within CloudBees CI.

Catalog item objects cannot end in spaces on Windows agents

On Windows agents, "Export DSL" catalog item fails to export objects that end in spaces.

CI build logs are not accessible using getCIBuildLog without controller restart

When running getCIBuildLog for a CloudBees CI build, the build log cannot be accessed without restarting the build CloudBees CI controller. As a workaround, restart your CloudBees CI controller, and set up a number of executors, and getCIBuildLog can then be used to access the CloudBees CI build logs.

v10.2 and earlier legacy services may cause failed upgrades and break database consistency

Before upgrading from CloudBees CD/RO v10.2 and earlier, if legacy services exist in your system, upgrades may fail and database consistency break. Additionally, even if the upgrade returns successfully, it may still be impossible to run the validateDatabase API.

As a workaround, before upgrading from v10.2 and earlier, delete all legacy services and containers, and then perform the upgrade.

Undefined parameters returned in CloudBees CI job response

In CloudBees CI job responses, actual parameters are returned that are not defined within the job. Additionally, saving and reloading the tasks doesn’t clear undefined actual parameters.

Multi-select menu options don’t define specific projects of project objects

Currently, if a formal parameter depends on a dropdown menu to get project parameter dependencies for object-like parameters, such as projectName, you can select multiple options in dropdown menus. However, there is only an object name (or list of names in case of multi-select) in the parameter value with no connection to a project and without the ability to identify which object exists in which projects.

CloudBees does not recommend using multi-select options for parameters used as project parameter dependency for object-like parameters when configuring formal parameters. This applies for the following formal parameter types:

  • Application

  • Procedure

  • Pipeline

  • Release

  • Environment

Running a catalog item from the UI fails if both parameter form and formal parameter(s) are configured

Catalog items configured with both a parameter form and formal parameter(s) fail to run when executed in the UI. As a workaround, delete the formal parameter(s), and run the catalog item with the parameter form.

v10.2 and earlier legacy services may cause failed upgrades and break database consistency

When updating from v10.2 or earlier to v10.3 or later, your upgrade may fail and break database consistency if legacy services or containers exist in your system. Additionally, even if the upgrade completes successfully with legacy services or containers present, it may still be impossible to run the validateDatabase API.

As a workaround, before upgrading from v10.2 and earlier, delete all legacy services and containers, and then perform the upgrade. When upgrading a clustered deployment of CloudBees CD/RO, before running the installer to upgrade, delete the contents inside the broker-data directory, located at <DATA_DIR>/broker-data-<hostname>.

Catalog item parameters with dynamic default values are not populated automatically

In the Service catalog, for catalog item parameters with dynamic default values based on dependencies to another parameter, the default values are not automatically populated when the dependency is initially selected. However, the default values are automatically populated after selecting the dependency default value the second time.

Workaround: Select the dependency value and allow the page to reload, and then select the dependency value a second time. This should populate the remaining item parameters with dynamic default values.

SyncArtifactVersions procedure completes with success when it should fail

SyncArtifactVersions procedure completes with success, rather than showing a warning, when manifest is missing and overwrite = false.

Automation Platform UI requires artifacts to use English characters in their file names

When you use the Automation Platform UI to upload and publish artifact files with non-English characters in their file names, the operation fails with the following error: Upload file: Exit code 1: ERROR: Publish failure: Unexpected retrieval exception for repository error.

Must restart server to apply LDAP changes

Modifications of LDAP user data (such as email addresses) on an Active Directory server after registration in CloudBees CD/RO do not appear properly in user details (in the Automation Platform UI, the Deploy UI, or ectool) until the CloudBees CD/RO server is restarted.

Not all Elasticsearch operations can be performed in a red state

(Microsoft Windows platforms only) If the Elasticsearch cluster used by CloudBees Analytics is in the red state (meaning that it only partly functions and some data is unavailable), then upgrade, reconfigure, and uninstall operations will not work. Since the Elasticsearch service cannot be stopped when a cluster is in a red state, you must stop the Elasticsearch service process from the task manager before running the installer for these actions.

Microsoft Edge® doesn’t support SAML 2.0

The Microsoft Edge® browser does not work with SAML 2.0 and is missing a self-signed certificate during redirection from the identity provider to the service provider. Microsoft Edge® is not recommended for sign-in via SAML 2.0.

LANG environment variable must be set to en.US.UTF-8

The LANG environment variable must be set to en.US.UTF-8; otherwise, the upgrade fails. Refer to KBEC-00452 - Error installing CloudBees CD/RO 10.0.x when Lang environment variable is different than en.US.UTF-8 for details.

Schedules missing configuration do display runtime error prompts

Error prompts for runtimes started by a schedule are not visible if the schedule was created with a missing configuration.

Changing name in Release Dashboard changes stage status color

The stage inclusion status in the Release Dashboard changes color after a stage is renamed.

Steps that cannot access their child steps are not retried

If an application process step cannot expand to its child steps (because of an invalid run condition or an invalid formal parameter), then the step is not retried even if it uses retry on error error handling. The job eventually completes with an error.

Retry count missing from pipeline runtime page

The retry count for group tasks or rules using automated retry on error is missing from the Pipeline runtime page.

Email notifications are not supported for complex environment mapping

Multiple mapped environments with the same name from different projects are not supported in email notifications.

Path-to-production view missing from imported project

A project import might not include the path-to-production view.

All subreleases must be present to link to a release

All subreleases of a release must appear before the release in the DSL for the release-to-subrelease links to be created.

CloudBees Analytics report editor doesn’t include search by assignee

The ability to search by assignee in a Deployment Report is not available in the CloudBees Analytics report editor.

Additional Release Command Center configurations for Jira

If Release Command Center was set up for Jira for user stories and defects, and the JIRA project name was mapped to the release project name using the field mapping projectName:releaseProjectName, then before upgrading to 10.0, the field mapping must be updated to mention the actual release project name using the following field mapping format: "release-project-name-in-CloudBees CD/RO":releaseProjectName.

Approval by email on manual tasks

Approval by email on manual tasks should not expect parameters.

ectool export and ectool import should only be used between same server versions

If you use the ectool export to export your system configuration from a previous release, and then use ectool import to import the same configuration to a CloudBees CD/RO 10.0 server, some out-of-the-box content introduced in the releases since the version from which the full export was done, such as new or updated plugins, new catalog items, and persona-based menu items, may be missing in the CloudBees CD/RO server UI. It is recommended to use ectool export and ectool import only between servers at the same version.

SSO requires additional PHP configuration

SSO does not work unless PHP configuration is changed due to a security-related request. As a workaround, change session.cookie_samesite to "Strict" in /opt/electriccloud/electriccommander/apache/conf/php.ini and restart the web server.

No UI to run or review pre-v10.1 triggers

CloudBees CD/RO v10.1 introduced new triggers and an updated UI for them. Pre-v10.1 triggers will continue to work but there is no UI to review or run them.

Legacy definitions and references cause unexpected behavior for full data exports

Before using the export command to perform a full data export from the CloudBees CD/RO database, delete any legacy definitions and references to service objects from applications and releases.

Reverting changes is not possible for all objects

You can only revert changes for high-level design objects such as applications procedures, procedure steps, workflow definitions, and state definitions.

Restarting the CloudBees CD/RO server while new records are created for all tracked objects might take at least as long as an export or import of all projects (10 to 40 minutes for a large project).
Recursively traversing nested group hierarchies may cause performance issues

Enabling Recursively Traverse Group Hierarchy might impact system performance when the LDAP group hierarchy is traversed. The amount of impact varies with the configurations of the CloudBees CD/RO and LDAP servers, the depth of group hierarchy in the LDAP server, and the network latency between the servers. Ensure that your directory provider can handle the additional load for supporting nested group hierarchy traversal.

Disabling and re-enabling change tracking may cause performance issues

System performance might decrease if you disable change tracking at the server level and then re-enable it. Change tracking is enabled by default. For details about using change tracking, refer to change tracking.