CloudBees Jenkins Enterprise 1.11.41

5 minute read
Regression in CloudBees Plugin Usage Plugin 2.0, 2.2

CloudBees Jenkins Enterprise versions 1.11.41 and 1.11.42 have a potential issue involving the CloudBees Plugin Usage Plugin versions 2.0 and 2.2:

This plugin produces the analysis.json file in $JENKINS/pup. On large instances, for example with many jobs, this file can be quite large. At the next restart of the controller, the plugin usage analyzer tries to parse this file and with large files this could take some time and it may block the start-up process of the controller thereby leading to longer startup time.

CloudBees recommends that you upgrade to CloudBees Jenkins Enterprise version 1.11.44 or later, or upgrade the CloudBees Plugin Usage Plugin to version 2.6. If you cannot upgrade to 1.11.44, it’s best to disable the CloudBees Plugin Usage Plugin (short name cloudbees-plugin-usage) until then. If Jenkins is not accessible, see Disabling a plugin when Jenkins is down

This issue is only a problem on startup. Another workaround is to remove the file $JENKINS/pup/analysis.json before starting or restarting Jenkins.

CloudBees will no longer be supporting CloudBees Jenkins Enterprise 1.x after July 30, 2020. This end-of-life announcement allows CloudBees to focus on driving new technology and product innovation for CloudBees CI. For information on moving to CloudBees CI, please refer to CloudBees Jenkins Enterprise 1.x to CloudBees CI on modern cloud platforms migration guide which has been created to help you with the migration process. Existing customers can also contact their CSM to help ensure a smooth transition.

RELEASED: 2020-12-03

Based on Jenkins LTS2.263.1-cb-3

Rolling release

Security advisory

Security advisory

Critical regression fixes in version

Version release fixes some critical regressions found in version

CloudBees CI on modern cloud platforms, CloudBees CI on traditional platforms Installing version is required to avoid these issues.

CloudBees Jenkins Enterprise CloudBees Jenkins Enterprise 1.x customers need to download and install using the 1.11.39 installer, which will bundle the corresponding operations center/managed controller versions.

CloudBees Jenkins Platform CloudBees Jenkins Platform operations center and CloudBees Jenkins Platform client controller (2.x.y.z) must be upgraded to version CloudBees Jenkins Platform operations center and CloudBees Jenkins Platform client controller (2.222.x.0.z) must be upgraded to version CloudBees Jenkins Platform operations center and CloudBees Jenkins Platform client controller (2.190.x.0.z) must be upgraded to version

CloudBees Jenkins Distribution No updates necessary.

Security fixes

Feature enhancements

Beekeeper Plugin Exceptions are now generally available (GA) (FNDJEN-3069)

For information about this feature, see Beekeeper plugin exceptions.

Dependency updates

The following dependency updates are included with this release:

  • Update minimum required Jenkins version to the latest LTS (2.263.1) (CTR-2577)

  • CloudBees Role-Based Access Control Plugin(nectar-rbac) dependency upgraded to version 5.49 (CTR-2752)

  • The CloudBees License plugin is now compatible with jQuery 3.5.x. (CTR-2602)

Update welcome screen UI - Implementation (FNDJEN-2242)

The Jenkins Welcome screen has been updated.

Users with the Overall/Manage permission can now restart and safe restart Jenkins (CTR-2527)

Some configurations that can be set with Configuration as Code for masters may require a restart of Jenkins or are quicker when using a restart. A user with the Overall/Manage permission can now restart Jenkins.

Resolved issues

Build widget broken when a user has Read permission on a running Pipeline but not its parents (NGPIPELINE-1546)

Users with Read permission on a running Pipeline but only Discover permission on one of its parents' folders were unable to view the main Jenkins dashboard due to errors in the build widget.

The build widget now operates correctly when users have Read access to a Pipeline but not its parents.

Fix for SECO-757 Jenkins log flooded with SSE gateway plugin-related warnings, which increase memory usage (NGPIPELINE-1507)

With Jenkins deployed on Tomcat, if BlueOcean users close tabs abruptly some internal queues can increase the number of Pipelines thereby generating a lot of events.

The default values of some timeouts now handle exceptions and clear queues more quickly.

Remove jQuery and upgrade frontend toolchain on cloudbees-workflow-ui-plugin (NGPIPELINE-1432)

CloudBees Pipeline Stage View Extensions bundled an outdated version of jQuery, and the dialog for deleting or resuming checkpoints had broken styles when running against Jenkins 2.249 or newer.

CloudBees Pipeline Stage View Extensions no longer bundles jQuery, and the styles of the dialog for deleting or resuming checkpoints now work correctly on all versions of Jenkins.

Performance slowdown when credentials cache file gets large (CTR-788)

A new cache implementation is now in OperationsCenterCredentialsProvider to avoid credentials duplication. The cache also periodically cleans out all entries with no updates/access in the last 48 hours.

Clarify that shared configuration is available to all master types (CTR-2583)

With this fix, the description of the Miscellaneous Configuration Container in operations center indicates that it applies to all masters types, not just Client Masters.

The restore of a backup fails with a digest check error when using Azure Storage (CTR-916)

There was an issue in backup creation when using Azure Storage that caused the backup to be created in Azure without the required digest metadata. Because the backup was created without the required digest metadata, restoring the backup would fail, as there was no digest to check integrity against it.

With this fix, the digest metadata is properly attached to the backup file and then used during the restore process.

The inline help referenced HUDSON_HOME (CTR-2702)

The inline help now references JENKINS_HOME as expected.

Form changes: promoted-builds plugin breaks with tables-to-divs changes (FNDJEN-2775)

No user-facing changes. Internal changes fixing compatibility issues of the plugin with the changes on the layout of the forms of the next LTS.

Known issues


Upgrade notes

If upgrading from a rolling release older than 2.303.2.3, customers may experience technical difficulties. CloudBees ensures compatibility only between supported versions of the product and recommends upgrading early and often to avoid these difficulties. If you are having difficulties upgrading, contact CloudBees Support for assistance.

snakeyaml:1.10 dependency removed (CTR-2511)

The snakeyaml:1.10 library contains a known security vulnerability. With this change we are removing the dependency on that library.

By removing the Snakeyaml dependency we are also removing old migration code, which means updates from versions of this plugin older than 1.1.0 (3 years old) will require a multi-step upgrade.

The multi-step upgrade involves two steps:

  1. Update to a version previous to this one.

  2. Update to this version.

    If users skip a step in the multi-step process, they could incur data loss.

CloudBees Role-Based Access Control Plugin

With this upgrade, for security reasons, we are disabling the ability to configure RBAC groups and role filters at the views level.

See CloudBees Role-Based Access Control Plugin 5.42 for more information about the security vulnerability.

This change means that any previous groups or role filters created in a view will not be applied and you will not be able to configure them.

This update only affects the views themselves, not the items within them. Previous permissions applied to the items are still enforced.

If you were filtering roles on views before this upgrade, these filters will no longer work, so your users may have a more permissive permission scheme on the views.

CloudBees recommends running this script in your script console to determine if you have a configuration on your instance that will be affected by this change.

If you do have a configuration that will be affected by this change, you have two options:

  1. (CloudBees recommended approach) Recreate each view inside a folder and apply the RBAC configuration to the folder. The folder RBAC configuration is propagated to the view since it is inside the folder.

  2. Enable RBAC configuration on views by setting the system property nectar.plugins.rbac.groups.ViewProxyGroupContainer=true.

    This approach is not recommended for security reasons.