Based on Jenkins
This advisory announces vulnerabilities in Jenkins, CloudBees Jenkins Distribution, CloudBees Jenkins Platform and CloudBees CI.
- Manage Jenkins page layout update (CTR-1468)
With this release we have moved management links to the correct category under Manage Jenkins.
- Upgrade GitHub API and GitHub Branch Source plugins to OkHttp3 (NGPIPELINE-374)
The outdated OkHttp3 v2.7.5 library does not support modern features including TLS 1.3.
The GitHub API and GitHub Branch Source plugins have been updated to use newer OkHttp3 APIs with v3.12.12.
- [JENKINS-62545] Infinite loop in FlowGraphTable.addTreeSibling for corrupted flow graphs (NGPIPELINE-1222)
Traversing a Pipeline execution using the FlowGraphTable API (used primarily for the Pipeline Steps view) could cause infinite loops for corrupted Pipelines in rare cases.
With this fix, the FlowGraphTable API now returns an error if it detects that a Pipeline is corrupted in a way that would have previously caused an infinite loop.
- Plugin Catalog and CloudBees Configuration as Code should provide a way of specifying a proxy (FNDJEN-2078)
Configuration as Code for Masters cannot download plugins if they are under a proxy.
CloudBees Installation Manager now configures the proxy established in the jenkins.yaml file of the configuration bundle before attempting to download any plugin.