CloudBees Jenkins Enterprise 1.11.42

5 minute read
Regression in CloudBees Plugin Usage Plugin 2.0, 2.2

CloudBees Jenkins Enterprise versions 1.11.41 and 1.11.42 have a potential issue involving the CloudBees Plugin Usage Plugin versions 2.0 and 2.2:

This plugin produces the analysis.json file in $JENKINS/pup. On large instances, for example with many jobs, this file can be quite large. At the next restart of the controller, the plugin usage analyzer tries to parse this file and with large files this could take some time and it may block the start-up process of the controller thereby leading to longer startup time.

CloudBees recommends that you upgrade to CloudBees Jenkins Enterprise version 1.11.44 or later, or upgrade the CloudBees Plugin Usage Plugin to version 2.6. If you cannot upgrade to 1.11.44, it’s best to disable the CloudBees Plugin Usage Plugin (short name cloudbees-plugin-usage) until then. If Jenkins is not accessible, see Disabling a plugin when Jenkins is down

This issue is only a problem on startup. Another workaround is to remove the file $JENKINS/pup/analysis.json before starting or restarting Jenkins.

CloudBees will no longer be supporting CloudBees Jenkins Enterprise 1.x after July 30, 2020. This end-of-life announcement allows CloudBees to focus on driving new technology and product innovation for CloudBees CI. For information on moving to CloudBees CI, please refer to CloudBees Jenkins Enterprise 1.x to CloudBees CI on modern cloud platforms migration guide which has been created to help you with the migration process. Existing customers can also contact their CSM to help ensure a smooth transition.

RELEASED: 2021-01-13

Based on Jenkins LTS2.263.2-cb-2

Rolling release

Security advisory

Security advisory

Critical regression fixes in version 2.249.3.2

Version 2.249.3.2 release fixes some critical regressions found in version 2.249.3.1.

CloudBees CI on modern cloud platforms, CloudBees CI on traditional platforms Installing version 2.249.3.2 is required to avoid these issues.

CloudBees Jenkins Enterprise CloudBees Jenkins Enterprise 1.x customers need to download and install using the 1.11.39 installer, which will bundle the corresponding operations center/managed controller versions.

CloudBees Jenkins Platform CloudBees Jenkins Platform operations center and CloudBees Jenkins Platform client controller (2.x.y.z) must be upgraded to version 2.249.3.2. CloudBees Jenkins Platform operations center and CloudBees Jenkins Platform client controller (2.222.x.0.z) must be upgraded to version 2.222.42.0.1-rev6. CloudBees Jenkins Platform operations center and CloudBees Jenkins Platform client controller (2.190.x.0.z) must be upgraded to version 2.190.33.0.2-rev6.

CloudBees Jenkins Distribution No updates necessary.

Security fixes

Feature enhancements

Update Operations Center Context plugin dependencies (CTR-2603)

The Operations Center Context plugin is now using jQuery 3.5.1.

Dependency updates (CTR-2944)
  • Minimum jenkins-core upgraded to 2.263.1.2

  • Minimum nectar-license plugin version upgraded to 8.28

  • Minimum cloudbees-template plugin version upgraded to 4.49

  • Minimum script-security plugin version upgraded to 1.75

Change product license URL (CTR-736)

The URL of our license terms has changed to https://www.cloudbees.com/r/subscription.

Resolved issues

Trigger remote job widget is rendering '[' when error on path (CTR-2560)

An invalid path of the downstream job is now properly managed and displayed in the configuration of the Trigger builds on remote/local jobs build step.

Plugins from an https server with SNI certificates cannot be downloaded in Plugin Catalog through Installation Manager (FNDJEN-3070)

Before this release users were unable to download plugins defined in a plugin catalog from servers using SNI certificates.

CloudBees Installation Manager 2.89.0.33 allows downloading plugins from servers configured with SNI certificates. In addition, the new version follows redirections if needed for the plugin download.

Known issues

Regressions related to user-created content [CBCI-389]

This release contains multiple regressions related to files in user-created content served by the following CloudBees products:

  • CloudBees CI

  • CloudBees Jenkins Distribution

  • CloudBees Jenkins Platform

  • CloudBees Jenkins Enterprise

You may experience the following issues with user-created content:

  • If you use external artifact storage, like the Artifact Manager S3 Plugin or Compress Artifacts Plugin, it is not possible to download entire directories of archived artifacts as Zip files. Instead, you receive an error message.

  • Zip files containing directories of workspaces, archived artifacts, and similar user-created content do not include top-level directories anymore (typically called “archive” for archived artifacts, and the job name for workspaces), which can break expectations about Zip file structure, for example, in scripted clients.

  • File handles are not closed correctly whenever individual files are downloaded from workspaces, archived artifacts, and similar user-created content. This can result in Jenkins running out of file handles.

These issues are resolved in release 2.263.2.3.

Upgrade notes

CloudBees recommends that you start to prepare for the March release of Jenkins LTS as soon as possible. The March release will include important updates. If you use Jenkins LTS plugins that are not in the CloudBees Assurance Program (CAP), you should update them before upgrading your CloudBees products to ensure compatibility with the March release. If your company uses its own proprietary (non-CloudBees) plugins, CloudBees recommends that you test them against Jenkins version 2.266+ prior to the March release. And, as always, backing up your data before upgrading is strongly encouraged. For details about changes in the March Jenkins LTS release, see https://www.jenkins.io/blog/2020/11/10/spring-xstream/ and https://www.jenkins.io/doc/developer/views/table-to-div-migration/.

If upgrading from a rolling release older than 2.303.2.3, customers may experience technical difficulties. CloudBees ensures compatibility only between supported versions of the product and recommends upgrading early and often to avoid these difficulties. If you are having difficulties upgrading, contact CloudBees Support for assistance.

CloudBees Role-Based Access Control Plugin

With this upgrade, for security reasons, we are disabling the ability to configure RBAC groups and role filters at the views level.

See CloudBees Role-Based Access Control Plugin 5.42 for more information about the security vulnerability.

This change means that any previous groups or role filters created in a view will not be applied and you will not be able to configure them.

This update only affects the views themselves, not the items within them. Previous permissions applied to the items are still enforced.

If you were filtering roles on views before this upgrade, these filters will no longer work, so your users may have a more permissive permission scheme on the views.

CloudBees recommends running this script in your script console to determine if you have a configuration on your instance that will be affected by this change.

If you do have a configuration that will be affected by this change, you have two options:

  1. (CloudBees recommended approach) Recreate each view inside a folder and apply the RBAC configuration to the folder. The folder RBAC configuration is propagated to the view since it is inside the folder.

  2. Enable RBAC configuration on views by setting the system property nectar.plugins.rbac.groups.ViewProxyGroupContainer=true.

    This approach is not recommended for security reasons.