CloudBees Jenkins Enterprise - Managed Master 2.190.3.2

8 minute read
CloudBees will no longer be supporting CloudBees Jenkins Enterprise 1.x after July 30, 2020. This end-of-life announcement allows CloudBees to focus on driving new technology and product innovation for CloudBees CI. For information on moving to CloudBees CI, please refer to CloudBees Jenkins Enterprise 1.x to CloudBees CI on modern cloud platforms migration guide which has been created to help you with the migration process. Existing customers can also contact their CSM to help ensure a smooth transition.

RELEASED: Public: 2019-11-21

Based on Jenkins LTS2.190.3-cb-1

Rolling release

+ This advisory announces vulnerabilities in Jenkins, CloudBees Jenkins Distribution, CloudBees Jenkins Platform and CloudBees Core.

Verified plugins

  • Ant Plugin

    1.10 verified optional

  • Artifact Manager on S3 plugin

    1.6 verified optional

  • Async Http Client

    1.7.24.2 verified installed by default

  • Authentication Tokens API Plugin

    1.3 verified optional

  • Branch API Plugin

    2.5.4 verified optional

  • Config File Provider Plugin

    3.6.2 verified optional

  • Credentials Binding Plugin

    1.20 verified optional

  • Credentials Plugin

    2.3.0 verified installed by default

  • Display URL API

    2.3.1 verified installed by default

  • Folders Plugin

    6.9 verified installed by default

  • GitHub Branch Source Plugin

    2.5.8 verified optional

  • Gradle Plugin

    1.30 verified optional

  • JUnit Plugin

    1.28 verified installed by default

  • Jackson 2 API Plugin

    2.10.0 verified installed by default

  • Javadoc Plugin

    1.5 verified optional

  • Jenkins GIT server Plugin

    1.8 verified optional

  • Jenkins Git client plugin

    2.9.0 verified optional

  • Jenkins Git plugin

    3.12.1 verified optional

  • Jenkins MSBuild Plugin

    1.29 verified optional

  • Jenkins MSTestRunner plugin

    1.3.0 verified optional

  • Jenkins Mailer Plugin

    1.29 verified installed by default

  • Jenkins SSH Slaves plugin

    1.31.0 verified optional

  • Kubernetes plugin

    1.21.1 verified optional

  • LDAP Plugin

    1.20 verified optional

  • MapDB API Plugin

    1.0.9.0 verified installed by default

  • Metrics Plugin

    4.0.2.6 verified installed by default

  • OWASP Markup Formatter Plugin

    1.6 verified optional

  • Plain Credentials Plugin

    1.5 verified optional

  • SAML Plugin

    1.1.3 verified optional

  • SCM API Plugin

    2.6.3 verified installed by default

  • SSH Credentials Plugin

    1.18 verified optional

  • Script Security Plugin

    1.66 verified installed by default

  • Secure Requester Whitelist Plugin

    1.4 verified optional

  • Structs Plugin

    1.20 verified installed by default

  • Token Macro Plugin

    2.8 verified installed by default

  • Variant Plugin

    1.3 verified installed by default

  • WMI Windows Agents Plugin

    1.5 verified optional

Proprietary plugins

  • Beekeeper Upgrade Assistant Plugin

    2.138.0.10 proprietary installed by default

  • CloudBees Administrative Monitors Plugin

    1.0.1 proprietary installed by default

  • CloudBees Amazon AWS CLI Plugin

    1.5.10 proprietary optional

  • CloudBees Amazon Web Services Deploy Engine Plugin

    1.18 proprietary optional

  • CloudBees Analytics Plugin

    1.3 proprietary installed by default

  • CloudBees Backup Plugin

    3.38.14 proprietary optional

  • CloudBees Blue Ocean Default Theme

    0.5 proprietary installed by default

  • CloudBees Even Scheduler Plugin

    3.9 proprietary optional

  • CloudBees Fast Archiving Plugin

    5.9 proprietary optional

  • CloudBees Folders Plus Plugin

    3.8 proprietary installed by default

  • CloudBees Git Validated Merge Plugin

    3.25 proprietary optional

  • CloudBees Groovy View Plugin

    1.8 proprietary optional

  • CloudBees Jenkins Enterprise License Entitlement Check

    8.24 proprietary installed by default

  • CloudBees Label Throttling Plugin

    3.7 proprietary optional

  • CloudBees License Manager

    9.35 proprietary installed by default

  • CloudBees Long-Running Build Plugin

    1.12 proprietary optional

  • CloudBees Monitoring Plugin

    2.8 proprietary optional

  • CloudBees Nodes Plus Plugin

    1.18 proprietary optional

  • CloudBees OpenShift CLI Plugin

    1.4 proprietary optional

  • CloudBees PSE Tenant plugin

    1.0.15 proprietary optional

  • CloudBees Pipeline (Deprecated)

    1.9.1 proprietary optional

  • CloudBees Pipeline Stage View Extensions

    2.3 proprietary optional

  • CloudBees Pipeline: Groovy Checkpoint Plugin

    2.7 proprietary optional

  • CloudBees Pipeline: REST API (Deprecated)

    1.9.1 proprietary optional

  • CloudBees Pipeline: Templates Plugin

    3.3 proprietary optional

  • CloudBees Plugin Usage Plugin

    1.10 proprietary optional

  • CloudBees Pull Request Builder for GitHub

    1.13 proprietary optional

  • CloudBees Quiet Start Plugin

    1.5 proprietary optional

  • CloudBees Restart Aborted Builds Plugin

    1.12 proprietary optional

  • CloudBees Role-Based Access Control Plugin

    5.28 proprietary installed by default

  • CloudBees SSH Build Agents Plugin

    2.3 proprietary optional

  • CloudBees Skip Next Build Plugin

    4.2 proprietary optional

  • CloudBees Support Plugin

    3.22 proprietary installed by default

  • CloudBees Template Plugin

    4.41 proprietary optional

  • CloudBees Update Center Data API

    4.42 proprietary installed by default

  • CloudBees VMWare Autoscaling Plugin

    4.3.8 proprietary optional

  • CloudBees View Creation Filter Plugin

    1.5 proprietary optional

  • CloudBees WikiText Security Plugin

    3.9 proprietary optional

  • Kube Agent Management plugin

    1.1.18 proprietary optional

  • Managed Master New User Experience

    1.2.24 proprietary optional

  • Notification API

    1.2 proprietary optional

  • Operations Center Agent

    2.190.0.2 proprietary installed by default

  • Operations Center Analytics Configuration

    2.107.1.5 proprietary optional

  • Operations Center Analytics Reporter

    2.107.1.5 proprietary optional

  • Operations Center Client Plugin

    2.190.0.3 proprietary installed by default

  • Operations Center Cloud

    2.190.0.1 proprietary optional

  • Operations Center Context

    2.190.0.2 proprietary installed by default

  • Operations Center Notification

    1.0 proprietary optional

  • Palace Cloud Plugin

    2.0.11 proprietary optional

  • Pipeline Event Step

    1.7 proprietary optional

  • Trigger Restrictions

    1.2 proprietary optional

  • User Activity Monitoring Plugin

    1.1.5 proprietary optional

Compatible plugins

  • AWS Global Configuration Plugin

    1.3 compatible optional

  • Amazon EC2 plugin

    1.46.1 compatible optional

  • Amazon Web Services SDK

    1.11.594 compatible optional

  • Autofavorite for Blue Ocean

    1.2.4 compatible optional

  • Azure PublisherSettings Credentials Plugin

    1.5 compatible optional

  • Bitbucket Branch Source Plugin

    2.5.0 compatible optional

  • Bitbucket Pipeline for Blue Ocean

    1.19.0 compatible optional

  • Blue Ocean

    1.19.0 compatible optional

  • Blue Ocean Core JS

    1.19.0 compatible optional

  • Blue Ocean Pipeline Editor

    1.19.0 compatible optional

  • Build Timeout

    1.19 compatible optional

  • CloudBees AWS Credentials Plugin

    1.27 compatible optional

  • CloudBees Docker Build and Publish plugin

    1.3.2 compatible optional

  • CloudBees Docker Hub/Registry Notification

    2.4.0 compatible optional

  • CloudBees Flow

    1.1.10 compatible optional

  • Command Agent Launcher Plugin

    1.3 compatible installed by default

  • Common API for Blue Ocean

    1.19.0 compatible installed by default

  • Conditional BuildStep

    1.3.6 compatible optional

  • Config API for Blue Ocean

    1.19.0 compatible optional

  • Configuration as Code Plugin

    1.30 compatible optional

  • Copy Artifact Plugin

    1.43 compatible optional

  • Dashboard View

    2.9.12 compatible optional

  • Dashboard for Blue Ocean

    1.19.0 compatible optional

  • Deployed On Column Plugin

    1.8 compatible optional

  • Deployer Framework Plugin

    1.2 compatible optional

  • Display URL for Blue Ocean

    2.3.0 compatible optional

  • Docker Commons Plugin

    1.15 compatible optional

  • Docker Pipeline

    1.21 compatible optional

  • Durable Task Plugin

    1.30 compatible installed by default

  • Email Extension Plugin

    2.68 compatible optional

  • Events API for Blue Ocean

    1.19.0 compatible optional

  • External Monitor Job Type Plugin

    1.7 compatible optional

  • Favorite

    2.3.2 compatible optional

  • Form element path plugin

    1.8 compatible installed by default

  • Git Pipeline for Blue Ocean

    1.19.0 compatible optional

  • GitHub API Plugin

    1.95 compatible optional

  • GitHub Pipeline for Blue Ocean

    1.19.0 compatible optional

  • GitHub plugin

    1.29.4 compatible optional

  • HTML Publisher plugin

    1.21 compatible optional

  • Handy Uri Templates 2.x API Plugin

    2.1.7-1.0 compatible optional

  • JAXB plugin

    2.3.0.1 compatible installed by default

  • JIRA Integration for Blue Ocean

    1.19.0 compatible optional

  • JWT for Blue Ocean

    1.19.0 compatible optional

  • JavaScript GUI Lib: ACE Editor bundle plugin

    1.1 compatible optional

  • JavaScript GUI Lib: Handlebars bundle plugin

    1.1.1 compatible optional

  • JavaScript GUI Lib: Moment.js bundle plugin

    1.1.1 compatible optional

  • JavaScript GUI Lib: jQuery bundles (jQuery and jQuery UI) plugin

    1.2.1 compatible optional

  • Jenkins Active Directory plugin

    2.16 compatible optional

  • Jenkins Apache HttpComponents Client 4.x API Plugin

    4.5.10-2.0 compatible installed by default

  • Jenkins Design Language

    1.19.0 compatible optional

  • Jenkins Health Advisor by CloudBees

    3.0 compatible optional

  • Jenkins JIRA plugin

    3.0.10 compatible optional

  • Jenkins JSch dependency plugin

    0.1.55.1 compatible optional

  • Jenkins Mercurial plugin

    2.8 compatible optional

  • Jenkins Parameterized Trigger plugin

    2.35.1 compatible optional

  • Jenkins Pub-Sub "light" Bus

    1.13 compatible optional

  • Jenkins promoted builds plugin

    3.0 compatible optional

  • Kubernetes Client API Plugin

    4.6.0-2 compatible optional

  • Kubernetes Credentials Plugin

    0.4.1 compatible optional

  • Matrix Authorization Strategy Plugin

    2.5 compatible optional

  • Matrix Project Plugin

    1.14 compatible optional

  • Maven Integration plugin

    3.4 compatible optional

  • Node Iterator API Plugin

    1.5.0 compatible optional

  • NodeJS Plugin

    1.2.9 compatible optional

  • One-Shot Executor Plugin

    1.2 compatible optional

  • Oracle Java SE Development Kit Installer Plugin

    1.3 compatible installed by default

  • PAM Authentication plugin

    1.4.1 compatible optional

  • Personalization for Blue Ocean

    1.19.0 compatible optional

  • Pipeline

    2.5 compatible optional

  • Pipeline Graph Analysis Plugin

    1.10 compatible optional

  • Pipeline SCM API for Blue Ocean

    1.19.0 compatible optional

  • Pipeline implementation for Blue Ocean

    1.19.0 compatible optional

  • Pipeline: API

    2.37 compatible installed by default

  • Pipeline: Basic Steps

    2.18 compatible optional

  • Pipeline: Build Step

    2.9 compatible optional

  • Pipeline: Declarative

    1.3.9 compatible optional

  • Pipeline: Declarative Agent API

    1.1.1 compatible optional

  • Pipeline: Declarative Extension Points API

    1.3.9 compatible optional

  • Pipeline: GitHub Groovy Libraries

    1.0 compatible optional

  • Pipeline: Groovy

    2.74 compatible optional

  • Pipeline: Input Step

    2.11 compatible optional

  • Pipeline: Job

    2.35 compatible optional

  • Pipeline: Milestone Step

    1.3.1 compatible optional

  • Pipeline: Model API

    1.3.9 compatible optional

  • Pipeline: Multibranch

    2.21 compatible optional

  • Pipeline: Nodes and Processes

    2.34 compatible optional

  • Pipeline: REST API Plugin

    2.12 compatible optional

  • Pipeline: SCM Step

    2.9 compatible optional

  • Pipeline: Shared Groovy Libraries

    2.15 compatible optional

  • Pipeline: Stage Step

    2.3 compatible optional

  • Pipeline: Stage Tags Metadata

    1.3.9 compatible optional

  • Pipeline: Stage View Plugin

    2.12 compatible optional

  • Pipeline: Step API

    2.20 compatible installed by default

  • Pipeline: Supporting APIs

    3.3 compatible optional

  • REST API for Blue Ocean

    1.19.0 compatible optional

  • REST Implementation for Blue Ocean

    1.19.0 compatible optional

  • Run Condition Plugin

    1.0 compatible optional

  • SSH Agent Plugin

    1.17 compatible optional

  • Server Sent Events (SSE) Gateway Plugin

    1.20 compatible optional

  • Stack Trace Suppression Plugin

    1.5 compatible optional

  • Support Core Plugin

    2.62 compatible installed by default

  • Trilead API Plugin

    1.0.5 compatible optional

  • Unique ID Library Plugin

    2.2.0 compatible installed by default

  • Web for Blue Ocean

    1.19.0 compatible optional

  • bouncycastle API Plugin

    2.17 compatible installed by default

  • i18n for Blue Ocean

    1.19.0 compatible optional

  • jQuery plugin

    1.12.4-1 compatible optional

New features

  • Jenkins LTS 2.190.3-cb-1

    Upgraded Jenkins LTS from 2.190.2-cb-5 to 2.190.3-cb-1

  • Release Notes

    Upgraded Apache HttpComponents Client 4.x API Plugin from 4.5.10-1.0 to 4.5.10-2.0

  • Release Notes

    Upgraded CloudBees Analytics Plugin from 1.2 to 1.3

  • Release Notes

    Upgraded Bitbucket Branch Source Plugin from 2.4.6 to 2.5.0

  • Release Notes

    Upgraded CloudBees Jenkins Advisor Plugin from 2.9 to 3.0

  • Release Notes

    Upgraded Copy Artifact Plugin from 1.42.1 to 1.43

  • Release Notes

    Upgraded CloudBees Docker Pipeline Plugin from 1.19 to 1.21

  • Release Notes

    Upgraded Email-ext Plugin from 2.66 to 2.68

  • Release Notes

    Upgraded Git Client Plugin from 2.8.6 to 2.9.0

  • Release Notes

    Upgraded Jackson2 API Plugin from 2.9.10 to 2.10.0

  • Release Notes

    Upgraded Kube Agent Management Plugin from 1.1.17 to 1.1.18

  • Release Notes

    Upgraded Kubernetes Plugin from 1.19.3 to 1.21.1

  • Release Notes

    Upgraded Kubernetes Client API Plugin from 4.6.0-1 to 4.6.0-2

  • Release Notes

    Upgraded Matrix Authorization Strategy Plugin from 2.4.2 to 2.5

  • Release Notes

    Upgraded Operations Center Client Plugin from 2.190.0.1 to 2.190.0.3

  • Release Notes

    Upgraded Promoted Builds Plugin from 3.3 to 3.0

  • Release Notes

    Upgraded SAML Plugin from 1.1.2 to 1.1.3

  • Release Notes

    Upgraded SSH Credentials Plugin from 1.17.3 to 1.18

  • Release Notes

    Upgraded SSH Slaves Plugin from 1.30.2 to 1.31.0

  • Release Notes

    Upgraded Support Core Plugin from 2.60 to 2.62

  • Release Notes

    Upgraded Trilead API Plugin from 1.0.4 to 1.0.5

  • Release Notes

    Upgraded Windows Slaves Plugin from 1.4 to 1.5

Resolved issues

  • CloudBees Nodes Plus Plugin unrelated exception issue (CTR-761)

    Upgraded CloudBees Nodes Plus Plugin from 1.17 to 1.18. When the user set a 'blank' probe command for a node, an odd and unrelated exception was shown in the logs. With this fix, a blank command is treated as a command failure, and the cause is displayed in the node monitor and in the logs.

  • CloudBees RBAC Plugin XSS issue (CTR-735)

    Upgraded CloudBees Role-Based Access Control Plugin from 5.27 to 5.28. Stored XSS could have been submitted on group description, and anyone who checked the group description via tooltip would then trigger an XSS. With this fix, we now use MarkupFormatter to transform the content of the group’s description depending on what is configured in the Global Security section.

  • Operations Center Agent Plugin ClassicConnector issue (CTR-410)

    Upgraded Operations Center Agent Plugin from 2.190.0.1 to 2.190.0.2. In some cases, when the connection between master and OC failed, it was retried with a deprecated and insecure connector (ClassicConnector). With this fix, we have disabled ClassicConnector (by default), so it’s not used.

  • Operations Center Context Plugin XSS issue (CTR-760)

    Upgraded Operations Center Context Plugin from 2.190.0.1 to 2.190.0.2. An XSS vulnerability was possible when an item with a malicious display name was shown in the Move/Copy/Promote browser bar. With this fix, user input is sanitized before adding it to the HTML source, preventing an XSS vulnerability.

  • Jira Plugin upgrade (NGPIPELINE-743, -733)

    The previously provided version of the Jira plugin, 3.0.9, bundled Jackson 1.x in its dependencies which made it vulnerable to CVE-2017-7525. The upgrade to Jira plugin version 3.0.10 excludes these Jackson libraries.

Known issues

None