CloudBees Jenkins Enterprise 1.11.27

5 minute read
Critical regression fixes in 1.11.28

Version 1.11.28 release fixes some regressions found in release 1.11.27. Installing the new release 1.11.28 is highly recommended to avoid these issues.

If you are updating from version 1.11.27 and you applied the workarounds, remove any workarounds upon update.

CloudBees will no longer be supporting CloudBees Jenkins Enterprise 1.x after July 30, 2020. This end-of-life announcement allows CloudBees to focus on driving new technology and product innovation for CloudBees CI. For information on moving to CloudBees CI, please refer to CloudBees Jenkins Enterprise 1.x to CloudBees CI on modern cloud platforms migration guide which has been created to help you with the migration process. Existing customers can also contact their CSM to help ensure a smooth transition.

RELEASED: 2020-03-03

Based on Jenkins LTS2.204.3-cb-4

Rolling release

Security advisory

Security fixes

Private key leakage in EC2 plugin (FNDJEN-1435)

The generate key functionality was broken in this plugin.

The functionality has been removed.

Information Disclosure in CloudBees Amazon AWS CLI Plugin (CTR-1006)

Previously, a user with permission to see a job could list the AWS credential IDs available for a job, without the expected permission. The plugin now correctly restricts the ability to list the AWS credential IDs available for a job to users who can configure the job.

This only affects installations with the CloudBees AWS CLI plugin.

New features

  • S3 Publisher Plugin in the CloudBees Assurance Program (FNDJEN-1852)

    The 'S3 Publisher plugin' is now included in the CloudBees Assurance Program to guarantee its quality and integration inside CloudBees products. This plugin applies to all masters in CloudBees Jenkins Enterprise, CloudBees Jenkins Distribution, and CloudBees Core. It does not apply to the Operations Center.

Feature enhancements

Resolved issues

Deadlock between CJOC connection and Global Configuration save (CTR-1136)

If a master was connected to Operations Center while its global configuration was being saved via the web interface, the master→operations center communication thread and the HTTP request thread would deadlock. This deadlock would result in a master that could not communicate with Operations Center and eventually, if more global configuration saves were performed, a master that was unresponsive to the HTTP(s) requests.

The code has been updated to make the locking order consistent in both approaches, removing this deadlock.

This only affects installations that use the Operations Center Client Plugin.

The default Browsers role should grant View/Read (CTR-669)

Users who were assigned only the default Browsers role were unable to see all views, such as the pull requests tab of a GitHub multibranch project.

With this fix, users who are assigned the default Browsers role will now be granted the View/Read permission.

This only affects installations that use the CloudBees Role-Based Access Control Plugin.

RBAC group configured on View disappears after editing the View (CTR-1029)

When an RBAC group configured on a View was modified, the group configuration was removed.

With this fix, the RBAC group related to the View remains after the View is modified.

This only affects installations that use the CloudBees Role-Based Access Control Plugin.

Finish adding logging on SFTP with infradna-backup plugin (CTR-1042)

There was not enough information on job logging when using SFTP backup. With this fix, meaningful information has been added.

This only affects installations that use the CloudBees Backup Plugin.

Checkpoint step prints a warning (NGPIPELINE-676)

Using the checkpoint step in a Pipeline incorrectly caused the following warning to be written to the build log: "expected to call WorkflowScript.checkpoint but wound up catching suspend?; see:".

A warning is no longer displayed when using the checkpoint step.

This only affects installations that use the CloudBees Pipeline: Groovy Checkpoint Plugin.

Performance improvement of Display URL API plugin (NGPIPELINE-970,586)

The Display URL API plugin adds environment variables to builds containing the URL of the build in Jenkins. In order to compute the value of these variables, the plugin previously needed to load a large number of classes for each build, which could lead to performance issues. With this fix, the plugin no longer needs to perform significant class loading when contributing environment variables to builds.

This only affects installations that use the Display URL API plugin.

Blue Ocean View failed in IE and Edge (NGPIPELINE-955)

Opening the Blue Ocean View with a Microsoft Edge or Internet Explorer browser failed. With this fix, the packaging of the Server Sent Events (SSE) Gateway Plugin no longer causes the Blue Ocean View to fail in IE and Microsoft Edge browsers.

This only affects installations that use the Server Sent Events (SSE) Gateway Plugin.

Known issues

Critical CloudBees Jenkins Enterprise 1.X upgrade/patch required by March 31, 2020

Docker has restored the repositories that were unavailable and were causing CloudBees Jenkins Enterprise (CJE) 1.x controllers and workers to not initialize earlier today. However, Docker will be permanently shutting down repositories on which CJE1.X relied on as of March 31, 2020.

To avoid controller and worker failures, you must do one of the following: * Upgrade to CloudBees Jenkins Enterprise 1.11.27 OR * Patch controllers and workers on older versions. The patch cannot be applied to version 1.11.11 and earlier.

If left in its current state, after Docker shuts down these repositories on March 31, 2020, CJE 1.X controllers and workers will not initialize. To clarify, these are the virtual machines that are created and managed by the ‘cje’ command line tool, not Operations Center, Managed Masters, or build agents.

  • Version reverse proxy issue (JENKINS-60199)

    When Jenkins is run behind a reverse proxy, users may be redirected to a non-functional address ( upon login.

    This is caused by the issue 4573 in the embedded Jetty server. It only correctly processes the HTTP headers X-Forwarded-Host and X-Forwarded-Port when they are provided in a specific order.

    This issue does not affect CloudBees Core on modern cloud platforms, but other instances behind reverse proxies like httpd or haproxy may be affected.


    Set X-Forwarded-Host before X-Forwarded-Port in the reverse proxy configuration.

    Alternatively, for Apache, set ProxyPreserveHost On as documented in Running Jenkins behind Apache.

Version Form submissions are limited to 200000 characters (JENKINS-60409)

Users are unable to submit large forms to Jenkins. This issue can result in users being unable to make system configuration changes or replay pipelines, for example.

Workaround: Increase the max form size by passing -Dorg.eclipse.jetty.server.Request.maxFormContentSize=-1 as a Jenkins startup parameter.

Upgrade notes

End of life announcement

After assessing the viability of our supported plugins, CloudBees ended support for the CloudBees VMware Pool Autoscaling Plugin on April 30, 2020.

This end-of-life announcement allows CloudBees to focus on driving new technology and product innovation as well as maintaining existing products that are actively used by customers.

For more information regarding this end-of-life announcement, please contact your Customer Success Manager.