CloudBees Jenkins Distribution 2.263.2.2

3 minute read

RELEASED: 2021-01-13

Based on Jenkins LTS2.263.2-cb-2

Rolling release

New features

Update support-core to 2.72 (FNDJEN-3356)

CloudBees now supports the Jenkins Support Core plugin version 2.72 . For more information, see https://github.com/jenkinsci/support-core-plugin/releases.

Detect Insecure Pipeline Interpolation (Password Leaking) (NGPIPELINE-1277)

CloudBees CI now adds warnings on build and log pages when potentially unsafe Groovy constructions are used. For more information, see String interpolation.

Feature enhancements

Update Operations Center Context plugin dependencies (CTR-2603)

The Operations Center Context plugin is now using jQuery 3.5.1.

Dependency updates (CTR-2944)
  • Minimum jenkins-core upgraded to 2.263.1.2

  • Minimum nectar-license plugin version upgraded to 8.28

  • Minimum cloudbees-template plugin version upgraded to 4.49

  • Minimum script-security plugin version upgraded to 1.75

Change product license URL (CTR-736)

The URL of our license terms has changed to https://www.cloudbees.com/r/subscription.

Resolved issues

Trigger remote job widget is rendering '[' when error on path (CTR-2560)

An invalid path of the downstream job is now properly managed and displayed in the configuration of the Trigger builds on remote/local jobs build step.

Plugins from an https server with SNI certificates cannot be downloaded in Plugin Catalog through Installation Manager (FNDJEN-3070)

Before this release users were unable to download plugins defined in a plugin catalog from servers using SNI certificates.

CloudBees Installation Manager 2.89.0.33 allows downloading plugins from servers configured with SNI certificates. In addition, the new version follows redirections if needed for the plugin download.

Known issues

Regressions related to user-created content [CBCI-389]

This release contains multiple regressions related to files in user-created content served by the following CloudBees products:

  • CloudBees CI

  • CloudBees Jenkins Distribution

  • CloudBees Jenkins Platform

  • CloudBees Jenkins Enterprise

You may experience the following issues with user-created content:

  • If you use external artifact storage, like the Artifact Manager S3 Plugin or Compress Artifacts Plugin, it is not possible to download entire directories of archived artifacts as Zip files. Instead, you receive an error message.

  • Zip files containing directories of workspaces, archived artifacts, and similar user-created content do not include top-level directories anymore (typically called “archive” for archived artifacts, and the job name for workspaces), which can break expectations about Zip file structure, for example, in scripted clients.

  • File handles are not closed correctly whenever individual files are downloaded from workspaces, archived artifacts, and similar user-created content. This can result in Jenkins running out of file handles.

These issues are resolved in release 2.263.2.3.

Upgrade notes

CloudBees recommends that you start to prepare for the March release of Jenkins LTS as soon as possible. The March release will include important updates. If you use Jenkins LTS plugins that are not in the CloudBees Assurance Program (CAP), you should update them before upgrading your CloudBees products to ensure compatibility with the March release. If your company uses its own proprietary (non-CloudBees) plugins, CloudBees recommends that you test them against Jenkins version 2.266+ prior to the March release. And, as always, backing up your data before upgrading is strongly encouraged. For details about changes in the March Jenkins LTS release, see https://www.jenkins.io/blog/2020/11/10/spring-xstream/ and https://www.jenkins.io/doc/developer/views/table-to-div-migration/.

If upgrading from a rolling release older than 2.249.1.2, customers may experience technical difficulties. CloudBees ensures compatibility only between supported versions of the product and recommends upgrading early and often to avoid these difficulties. If you are having difficulties upgrading, contact CloudBees Support for assistance.

CloudBees Role-Based Access Control Plugin

With this upgrade, for security reasons, we are disabling the ability to configure RBAC groups and role filters at the views level.

See CloudBees Role-Based Access Control Plugin 5.42 for more information about the security vulnerability.

This change means that any previous groups or role filters created in a view will not be applied and you will not be able to configure them.

This update only affects the views themselves, not the items within them. Previous permissions applied to the items are still enforced.

If you were filtering roles on views before this upgrade, these filters will no longer work, so your users may have a more permissive permission scheme on the views.

CloudBees recommends running this script in your script console to determine if you have a configuration on your instance that will be affected by this change.

If you do have a configuration that will be affected by this change, you have two options:

  1. (CloudBees recommended approach) Recreate each view inside a folder and apply the RBAC configuration to the folder. The folder RBAC configuration is propagated to the view since it is inside the folder.

  2. Enable RBAC configuration on views by setting the system property nectar.plugins.rbac.groups.ViewProxyGroupContainer=true.

    This approach is not recommended for security reasons.

Revisions

Revision 2 (2021-01-14)

Release Notes

Upgraded Jackson2 API Plugin from 2.12.0 to 2.12.1 to fix regressions in the Docker plugin (JENKINS-64343)