CloudBees Jenkins Enterprise - Operations Center 2.190.3.2

6 minute read
CloudBees will no longer be supporting CloudBees Jenkins Enterprise 1.x after July 30, 2020. This end-of-life announcement allows CloudBees to focus on driving new technology and product innovation for CloudBees CI. For information on moving to CloudBees CI, please refer to CloudBees Jenkins Enterprise 1.x to CloudBees CI on modern cloud platforms migration guide which has been created to help you with the migration process. Existing customers can also contact their CSM to help ensure a smooth transition.

RELEASED: Public: 2019-11-21

Based on Jenkins LTS2.190.3-cb-1

Rolling release

+ This advisory announces vulnerabilities in Jenkins, CloudBees Jenkins Distribution, CloudBees Jenkins Platform and CloudBees Core.

Verified plugins

  • Async Http Client

    1.7.24.2 verified installed by default

  • Authentication Tokens API Plugin

    1.3 verified installed by default

  • Config File Provider Plugin

    3.6.2 verified optional

  • Credentials Binding Plugin

    1.20 verified installed by default

  • Credentials Plugin

    2.3.0 verified installed by default

  • Display URL API

    2.3.1 verified installed by default

  • Folders Plugin

    6.9 verified installed by default

  • JUnit Plugin

    1.28 verified installed by default

  • Jackson 2 API Plugin

    2.10.0 verified installed by default

  • Javadoc Plugin

    1.5 verified optional

  • Jenkins Mailer Plugin

    1.29 verified installed by default

  • Jenkins SSH Slaves plugin

    1.31.0 verified optional

  • Kubernetes plugin

    1.21.1 verified optional

  • LDAP Plugin

    1.20 verified optional

  • MapDB API Plugin

    1.0.9.0 verified installed by default

  • Metrics Plugin

    4.0.2.6 verified installed by default

  • OWASP Markup Formatter Plugin

    1.6 verified optional

  • Plain Credentials Plugin

    1.5 verified installed by default

  • SAML Plugin

    1.1.3 verified optional

  • SCM API Plugin

    2.6.3 verified installed by default

  • SSH Credentials Plugin

    1.18 verified installed by default

  • Script Security Plugin

    1.66 verified installed by default

  • Secure Requester Whitelist Plugin

    1.4 verified optional

  • Structs Plugin

    1.20 verified installed by default

  • Token Macro Plugin

    2.8 verified installed by default

  • Variant Plugin

    1.3 verified installed by default

Proprietary plugins

  • Beekeeper Upgrade Assistant Plugin

    2.138.0.10 proprietary installed by default

  • CloudBees Administrative Monitors Plugin

    1.0.1 proprietary installed by default

  • CloudBees Analytics Plugin

    1.3 proprietary installed by default

  • CloudBees Backup Plugin

    3.38.14 proprietary installed by default

  • CloudBees Blue Ocean Default Theme

    0.5 proprietary installed by default

  • CloudBees Castle Plugin - Core

    1.11.8.2 proprietary optional

  • CloudBees Castle Plugin - EBS backend

    1.11.8.2 proprietary optional

  • CloudBees Folders Plus Plugin

    3.8 proprietary installed by default

  • CloudBees Jenkins Enterprise License Entitlement Check

    8.24 proprietary installed by default

  • CloudBees Jenkins Enterprise New User Experience

    1.2.24 proprietary optional

  • CloudBees License Manager

    9.35 proprietary installed by default

  • CloudBees Monitoring Plugin

    2.8 proprietary installed by default

  • CloudBees Nodes Plus Plugin

    1.18 proprietary optional

  • CloudBees PSE - Analytics Dashboards

    1.0.3 proprietary optional

  • CloudBees PSE Mesos Metrics Plugin

    1.0.3 proprietary optional

  • CloudBees PSE Project Configuration Info Plugin

    1.1.6 proprietary optional

  • CloudBees PSE Tenant plugin

    1.0.15 proprietary optional

  • CloudBees Plugin Usage Plugin

    1.10 proprietary optional

  • CloudBees Quiet Start Plugin

    1.5 proprietary optional

  • CloudBees Restart Aborted Builds Plugin

    1.12 proprietary optional

  • CloudBees Role-Based Access Control Plugin

    5.28 proprietary installed by default

  • CloudBees SSH Build Agents Plugin

    2.3 proprietary optional

  • CloudBees Skip Next Build Plugin

    4.2 proprietary optional

  • CloudBees Support Plugin

    3.22 proprietary installed by default

  • CloudBees Update Center Data API

    4.42 proprietary installed by default

  • CloudBees Update Center Plugin

    4.46 proprietary installed by default

  • CloudBees VMWare Autoscaling Plugin

    4.3.8 proprietary optional

  • CloudBees WikiText Security Plugin

    3.9 proprietary optional

  • External Notification Plugin

    1.2 proprietary optional

  • Kube Agent Management plugin

    1.1.18 proprietary optional

  • Master Provisioning Core

    2.3.4 proprietary optional

  • Master Provisioning Kubernetes

    2.3.4 proprietary optional

  • Master Provisioning Mesos

    2.3.4 proprietary optional

  • Notification API

    1.2 proprietary optional

  • Operations Center Agent

    2.190.0.2 proprietary installed by default

  • Operations Center Analytics

    2.107.1.5 proprietary optional

  • Operations Center Analytics Configuration

    2.107.1.5 proprietary optional

  • Operations Center Analytics Feeder

    2.107.1.5 proprietary optional

  • Operations Center Analytics Kibana Dashboards

    2.107.1.5 proprietary optional

  • Operations Center Analytics Reporter

    2.107.1.5 proprietary optional

  • Operations Center Analytics Viewer

    2.107.1.5 proprietary optional

  • Operations Center Context

    2.190.0.2 proprietary installed by default

  • Operations Center Elasticsearch Provider

    2.190.0.1 proprietary installed by default

  • Operations Center Embedded elasticsearch

    2.73.0.1 proprietary optional

  • Operations Center JNLP Agent Controller Plugin

    2.190.0.1 proprietary optional

  • Operations Center Monitoring Plugin

    2.190.0.1 proprietary installed by default

  • Operations Center Notification

    1.0 proprietary optional

  • Operations Center Server Cluster Operations

    2.190.0.1 proprietary installed by default

  • Operations Center Server EC2 Cloud

    2.190.0.1 proprietary optional

  • Operations Center Server Kubernetes Cloud

    2.190.0.2 proprietary optional

  • Operations Center Server License Entitlement Check

    2.190.0.1 proprietary installed by default

  • Operations Center Server Plugin

    2.190.0.2 proprietary installed by default

  • Operations Center Server Role Based Access Control

    2.190.0.1 proprietary optional

  • Operations Center Single Sign-On Plugin

    2.190.0.1 proprietary installed by default

  • Operations Center Update Center Plugin

    2.190.0.1 proprietary installed by default

  • Palace Cloud Plugin

    2.0.11 proprietary optional

  • Palace Shared Cloud Plugin

    2.0.2 proprietary optional

  • User Activity Monitoring Plugin

    1.1.5 proprietary optional

Compatible plugins

  • Amazon EC2 plugin

    1.46.1 compatible optional

  • Amazon Web Services SDK

    1.11.594 compatible installed by default

  • CloudBees AWS Credentials Plugin

    1.27 compatible installed by default

  • CloudBees Flow

    1.1.10 compatible optional

  • Command Agent Launcher Plugin

    1.3 compatible installed by default

  • Common API for Blue Ocean

    1.19.0 compatible installed by default

  • Docker Commons Plugin

    1.15 compatible optional

  • Durable Task Plugin

    1.30 compatible installed by default

  • Email Extension Plugin

    2.68 compatible optional

  • Favorite

    2.3.2 compatible optional

  • Form element path plugin

    1.8 compatible installed by default

  • JAXB plugin

    2.3.0.1 compatible installed by default

  • JavaScript GUI Lib: ACE Editor bundle plugin

    1.1 compatible optional

  • JavaScript GUI Lib: jQuery bundles (jQuery and jQuery UI) plugin

    1.2.1 compatible optional

  • Jenkins Active Directory plugin

    2.16 compatible optional

  • Jenkins Apache HttpComponents Client 4.x API Plugin

    4.5.10-2.0 compatible installed by default

  • Jenkins Health Advisor by CloudBees

    3.0 compatible optional

  • Jenkins JSch dependency plugin

    0.1.55.1 compatible optional

  • Jenkins Pub-Sub "light" Bus

    1.13 compatible optional

  • Kubernetes Client API Plugin

    4.6.0-2 compatible optional

  • Kubernetes Credentials Plugin

    0.4.1 compatible optional

  • Matrix Authorization Strategy Plugin

    2.5 compatible optional

  • Matrix Project Plugin

    1.14 compatible optional

  • Maven Integration plugin

    3.4 compatible optional

  • Mock Security Realm

    1.3 compatible installed by default

  • Node Iterator API Plugin

    1.5.0 compatible installed by default

  • One-Shot Executor Plugin

    1.2 compatible optional

  • Oracle Java SE Development Kit Installer Plugin

    1.3 compatible installed by default

  • PAM Authentication plugin

    1.4.1 compatible optional

  • Pipeline: API

    2.37 compatible installed by default

  • Pipeline: Step API

    2.20 compatible installed by default

  • REST API for Blue Ocean

    1.19.0 compatible optional

  • SSH Agent Plugin

    1.17 compatible optional

  • Server Sent Events (SSE) Gateway Plugin

    1.20 compatible optional

  • Stack Trace Suppression Plugin

    1.5 compatible optional

  • Support Core Plugin

    2.62 compatible installed by default

  • Trilead API Plugin

    1.0.5 compatible installed by default

  • Unique ID Library Plugin

    2.2.0 compatible installed by default

  • View Job Filters

    1.27 compatible installed by default

  • bouncycastle API Plugin

    2.17 compatible installed by default

New features

  • Jenkins LTS 2.190.3-cb-1

    Upgraded Jenkins LTS from 2.190.2-cb-5 to 2.190.3-cb-1

  • Release Notes

    Upgraded Apache HttpComponents Client 4.x API Plugin from 4.5.10-1.0 to 4.5.10-2.0

  • Release Notes

    Upgraded CloudBees Analytics Plugin from 1.2 to 1.3

  • Release Notes

    Upgraded CloudBees Jenkins Advisor Plugin from 2.9 to 3.0

  • Release Notes

    Upgraded Email-ext Plugin from 2.66 to 2.68

  • Release Notes

    Upgraded Jackson2 API Plugin from 2.9.10 to 2.10.0

  • Release Notes

    Upgraded Kube Agent Management Plugin from 1.1.17 to 1.1.18

  • Release Notes

    Upgraded Kubernetes Plugin from 1.19.3 to 1.21.1

  • Release Notes

    Upgraded Kubernetes Client API Plugin from 4.6.0-1 to 4.6.0-2

  • Release Notes

    Upgraded Matrix Authorization Strategy Plugin from 2.4.2 to 2.5

  • Release Notes

    Upgraded Operations Center Kubernetes Cloud Plugin from 2.190.0.1 to 2.190.0.2

  • Release Notes

    Upgraded SAML Plugin from 1.1.2 to 1.1.3

  • Release Notes

    Upgraded SSH Credentials Plugin from 1.17.3 to 1.18

  • Release Notes

    Upgraded SSH Slaves Plugin from 1.30.2 to 1.31.0

  • Release Notes

    Upgraded Support Core Plugin from 2.60 to 2.62

  • Release Notes

    Upgraded Trilead API Plugin from 1.0.4 to 1.0.5

Resolved issues

  • CloudBees Nodes Plus Plugin unrelated exception issue (CTR-761)

    Upgraded CloudBees Nodes Plus Plugin from 1.17 to 1.18. When the user set a 'blank' probe command for a node, an odd and unrelated exception was shown in the logs. With this fix, a blank command is treated as a command failure, and the cause is displayed in the node monitor and in the logs.

  • CloudBees RBAC Plugin XSS issue (CTR-735)

    Upgraded CloudBees Role-Based Access Control Plugin from 5.27 to 5.28. Stored XSS could have been submitted on group description, and anyone who checked the group description via tooltip would then trigger an XSS. With this fix, we now use MarkupFormatter to transform the content of the group’s description depending on what is configured in the Global Security section.

  • Operations Center Agent Plugin ClassicConnector issue (CTR-410)

    Upgraded Operations Center Agent Plugin from 2.190.0.1 to 2.190.0.2. In some cases, when the connection between master and OC failed, it was retried with a deprecated and insecure connector (ClassicConnector). With this fix, we have disabled ClassicConnector (by default), so it’s not used.

  • Operations Center Context Plugin XSS issue (CTR-760)

    Upgraded Operations Center Context Plugin from 2.190.0.1 to 2.190.0.2. An XSS vulnerability was possible when an item with a malicious display name was shown in the Move/Copy/Promote browser bar. With this fix, user input is sanitized before adding it to the HTML source, preventing an XSS vulnerability.

  • Jira Plugin upgrade (NGPIPELINE-743, -733)

    The previously provided version of the Jira plugin, 3.0.9, bundled Jackson 1.x in its dependencies which made it vulnerable to CVE-2017-7525. The upgrade to Jira plugin version 3.0.10 excludes these Jackson libraries.

Known issues

None