RELEASED: 2021-03-11
Based on Jenkins
LTS2.249.30-cb-4
Fixed release
Revisions
- Revision 3 (2021-03-19)
- RBAC performance issue fix, release 2.249.30.0.3 revision 3 (2021-03-19)
-
An issue with the Role-Based Access Control plugin was causing a negative impact to user interface performance while accessing nested folders and jobs on connected masters that had an authorization strategy managed by operations center. This issue has been resolved, the cache now functions properly, and there is no performance impact.
This fix resolves the RBAC performance issue that was introduced with the 2.249.30.0.3 revision 2 release on March 18, 2021.
- Revision 2 (2021-03-18)
-
This revision includes security updates to address vulnerabilities in Jenkins, CloudBees Jenkins Distribution, CloudBees Jenkins Platform, and CloudBees CI.
- RBAC performance issue, release 2.249.30.0.3 revision 2 (2021-03-18)
-
An issue with the Role-Based Access Control plugin can cause a negative impact to user interface performance while accessing nested folders and jobs on connected masters that have an authorization strategy managed by operations center. The issue is known, and the fix was published as part of 2.249.30.0.3 revision 3 on March 19, 2021.
This issue only affects the 2.249.30.0.3 revision 2 release.
- RBAC permissions bypass (BEE-174)
-
An issue with the Role-Based Access Control plugin authorization made it possible for users to view nested resources, even if they did not have permission to view the parent resources.
This issue has been resolved, and permissions are now checked on the parent container, in addition to the target container. Additionally, a new caching mechanism improves performance while browsing system resources. For more information, please see Restricting access and delegating administration with Role-Based Access Control - Troubleshooting