CloudBees Jenkins Distribution

3 minute read

RELEASED: 2019-09-25

Based on Jenkins LTS2.176.4-cb-3

Rolling release Security release

Security advisory

Resolved issues

  • Plugin catalog not working (CTR-606)

    Users using plugin catalogs with external Maven2 repository layout for plugin resolution were not able to push the plugin catalog to a client master, and were receiving class not found errors. With this fix, we now use the proper classloader to load the involved classes.

  • Configuration snippets issues (CTR-562)

    Configuration snippets from Operations Center could be applied before Jenkins was fully loaded, leading to loss of configuration. With this fix, configuration snippets are no longer applied until we are sure that the Jenkins configuration has been deserialized

When a master is disconnected from Operations Center, some but not all configuration snippets would be removed. With this fix, configuration snippets are no longer removed when a master is removed from an Operations Center cluster, so that the existing configuration can be tweaked or removed as desired.

  • Active authorization strategy issue (CTR-484)

    When the Operations Center authorization strategy was changed from the CloudBees Role Based Authorization strategy to something else, Team masters would still have a copy of the outdated configuration. This situation would allow users who had previously been granted Administrator permissions via the RBAC configuration to still have the Administrator permission even though they should no longer have this level of access. With this fix, if the authorization strategy in Operations Center is not CloudBees Role Based Authorization strategy, then the obsolete configuration will be removed from masters.

  • Managed Master contextual menu issues (CTR-504)

    In Operation Center, the Managed Master contextual menu showed actions that the user was not allowed to execute, so when they would try, they would get an error message. With this fix, the Managed Master contextual menu no shows only the actions that the user is allowed to execute.

  • Plugins list and Plugin Catalog optional fields (CTR-559)

    Client Master instances could not start if users used a configuration bundle without plugins and/or plugin catalogs. With this fix, the plugins list and plugin catalog fields are optional.

  • Moving Manage/Client masters issue (CTR-496)

    Using the Move/Copy/Promote option to move or delete a managed master for the second time was failing because the log file in the managed master’s old location was not properly closed before moving or deleting the files. With this fix, the log file in the managed master’s old location is closed before the master is moved or deleted and using Move/Copy/Promote works as expected.

  • Administrative monitor warning issues (CTR-558)

    The administrative monitor always warned about new versions of the configuration bundle if the client master had a link file. With this fix, the HttpLoader now has its own implementation of getUpstreamVersion, so the configuration is updated correctly.

  • Updates to the Backup plugin (CTR-429, -428)

    The Backup plugin included extraneous libraries that increased the artifact size unnecessarily. With this fix, we now exclude unnecessary dependencies from the httpclient artifact maven dependency.

The Backup plugin had an old version of common-compress as a dependency. With this fix, the Backup plugin has upgraded this out of date dependency.

  • Fix regression in rss (JENSEC-574)

    We fixed a regression in RSS and Atom feeds where an uninitialized variable resulted in partial entries.

  • CloudBees Workflow Template Plugin (NGPIPELINE-653, -677)

    Concurrent executions of the Pipeline Template Catalog CLI commands could cause erroneous behavior. With this fix, the Pipeline Template Catalog CLI commands are now synchronized with respect to other operations that modify Pipeline Template Catalogs so that catalogs are not modified concurrently.

The updateInterval value for Pipeline Template Catalogs could take on values not supported by the UI when using the Pipeline Template Catalog CLI commands. With this fix, the updateInterval value for Pipeline Template Catalogs is now normalized to the next largest (or equal) value that is supported by the UI when using the pipeline-template-catalogs CLI command.

  • Memory leak from Pub-Sub “light” Bus plugin (NGPIPELINE-515)

    In some cases (as in abruptly disconnected browsers) the Pub-Sub “light” plugin was not informed and was unable to store/send messages to some destinations, so some queues kept growing because of retries. With this fix, we have added some TTL (time to live) for the messages queue to discard them after a certain time if not successfully sent.

  • Unable to restart pipelines at checkpoints (NGPIPELINE-626)

    Pipelines could not be restarted from checkpoints in version 2.2 of CloudBees Pipeline Stage View Extensions. With this fix, pipelines are now able to be restarted from checkpoints.

Known issues