CloudBees Jenkins Platform 2.277.1.2

7 minute read

RELEASED: 2021-03-11

Based on Jenkins

LTS2.277.1-cb-3

Rolling release

Critical issues

The setup wizard shows after updating an instance to 2.777.1.x

Issue

After updating an instance, the setup wizard is displayed.

Jenkins 2.277.1 removes the Upgrade Wizard that was no longer operational after Jenkins 2.0. This caused a regression for instances created before 2.4/2.7.1 LTS.

At the time of this writing, no fix is available for this issue.

Workaround

See the Jenkins upgrade guide for a workaround for this issue. On subsequent restarts, the setup wizard will no longer appear.

Important updates in the March release

The March release includes important updates. If you use Jenkins LTS plugins that are not in the CloudBees Assurance Program (CAP), you should update them before upgrading your CloudBees products to ensure compatibility with the March release. If your company uses its own proprietary (non-CloudBees) plugins, CloudBees recommends that you test them against Jenkins version 2.277.1 prior to updating your CloudBees products. And, as always, backing up your data before upgrading is strongly encouraged.

For details about changes in the March Jenkins LTS release, see:

Remove the jquery and jquery-detached plugins from your CloudBees Jenkins Platform instance

The jquery and jquery-detached plugins have been removed from all CloudBees Jenkins-based products and are no longer part of CloudBees Assurance Program. However, these plugins are not automatically uninstalled from your CloudBees Jenkins Platform instance as other plugins you use may still have dependencies on them. Please ensure that your CloudBees Jenkins Platform instance does not have any dependencies on these plugins, and then remove them. For instructions on how to check for dependencies in a particular plugin, refer to How to determine if a plugin is in use.

New features

None

Feature enhancements

CloudBees CasC for masters now supports environment variables at folder level (FNDJEN-3142, FNDJEN-3188)

You can now define environment variables that can be passed to the builds within a folder in the items.yaml file, which is part of the CloudBees CasC configuration bundle. You can also export environment variables used in Folders Plus as a part of the CloudBees CasC configuration bundle.

For more information, see Folders Plus plugin - Other features.

table to divs transitions (BEE-354, BEE-337, NGPIPELINE-1520, NGPIPELINE-1523, NGPIPELINE-1524, NGPIPELINE-1525, FNDJEN-2751, FNDJEN-3341, FNDJEN-3262, FNDJEN-3268, FNDJEN-3274, FNDJEN-3312, FNDJEN-3266)

In this release Jenkin LTS has migrated configuration pages away from tables to divs to improve the responsiveness and usability of the forms. All plugins in the CloudBees Assurance Program (CAP) have been updated to support this change.

Reduced requests for rate limit in github-branch-source plugin (NGPIPELINE-1636)

The github-branch-source plugin requests the rate limit repeatedly during a normal operation, which can result in up to 50% of requests being for rate limit.

This functionality has now been updated to use library functionality that automatically calculates and checks rate limit information before each request to the GitHub server. Now it rarely needs to request rate limit information as a separate query.

Increased readability of the form navigation tabs (NGPIPELINE-957)

The contrast between the text and the body of form navigation tabs is low and makes it hard to read for some people.

The contrast of the text on form navigation tabs has been increased so that they are easier to read.

Resolved issues

Saving a folder failed when using cloudbees-cyberark-credentials (CTR-3143)

Saving a folder was failing due to a bad interaction with the cyberark-credentials provider under specific conditions. The issue occurred when a user without the cyberark.configure permission attempted to save a folder that existed before the CyberArk provider was enabled for folders. Additionally, if the folder was not previously saved by a user with cyberark.configure permissions, the failure occurred and the user was unable to save the folder.

This issue has been resolved. The folder can be saved by any user with the required permissions. The CyberArk configuration at the folder level is readable, but not editable unless the user has the cyberark.configure permission.

Administrative monitors do not include the Jenkins Crumb (BEE-848)

The buttons in the administrative monitors, such as the “More Info” button, do not included a valid crumb in the request when they are clicked from the header. Now the buttons are fixed.

Preparation for compatibility with the internal changes in forms of the next Jenkins LTS (CTR-2123, CTR-2861, CTR-2874, CTR-2958, CTR-3027, CTR-3035, CTR-3053)

No user-facing changes. Internal changes were made to fix compatibility issues caused by the changes to form layouts in the March Jenkins LTS release.

jQuery updates (BEE-359, BEE-356, BEE-342, FNDJEN-3143)

Jenkins LTS has been upgraded to use the latest version of jQuery. All plugins under the CloudBees Assurance Program (CAP) have been upgraded to use the same version of jQuery. For more information on CAP, see CloudBees Assurance Program. The unsafe plugins jquery and jquery-detached have now been removed from all CloudBees products and are no longer part of CAP. Please note that these two plugins are not automatically uninstalled in your instance because other plugins in your installation may still have dependencies on them. For instructions on how to check for dependencies in a particular plugin, see How to determine if a plugin is in use.

Refresh metadata for update centers synchronously at startup (BEE-585)

If an update center needs to be refreshed after startup, it is refreshed asynchronously. However, if a plugin was removed from the offline update center and you attempt to install a plugin that depends on the removed plugin, the plugin fails to install until the metadata has been refreshed.

With this change, any local (file-based) update centers are synchronously refreshed during startup.

Pipeline durability settings ignored for CpsScmFlowDefinition with lightweight checkout (NGPIPELINE-1636)

Durability settings for a Pipeline are ignored during lightweight checkout.

This change fixes the bug where lightweight checkout incorrectly checked the instance type of the executable, preventing durability setting to be properly looked up.

RBAC performance issue fix, release 2.277.1.2 revision 3 (2021-03-19)

An issue with the Role-Based Access Control plugin was causing a negative impact to user interface performance while accessing nested folders and jobs on connected masters that had an authorization strategy managed by operations center. This issue has been resolved in release 2.277.1.2 revision 3, the cache now functions properly, and there is no performance impact.

This fix resolves the RBAC performance issue that was introduced with the 2.277.1.2 revision 2 release on March 18, 2021.

Known issues

The CloudBees navigation wrongly identifies CloudBees Jenkins Platform as CloudBees Software Delivery Automation (BEE-2561)

New navigation selections for CloudBees CI and CloudBees Software Delivery Automation were incorrectly added to the CloudBees Jenkins Platform UI. The navigation will be updated in a future version.

If you would like to learn more about CloudBees Software Delivery Automation and CloudBees Analytics or CloudBees CD/RO, please contact CloudBees for assistance.

RBAC performance issue, release 2.277.1.2 revision 2 (2021-03-18)

An issue with the Role-Based Access Control plugin can cause a negative impact to user interface performance while accessing nested folders and jobs on connected masters that have an authorization strategy managed by operations center. The issue is known, and the fix was published as part of 2.277.1.2 revision 3 on March 19, 2021.

This issue only affects the 2.277.1.2 revision 2 release.

Upgrade notes

CloudBees High Availability plugin

CloudBees has upgraded the JGroups dependency for the CloudBees High Availability plugin, which means instances with JGroups customized through the GUI fail to start and existing jgroups.xml files may no longer be compatible.

Users with instances using the CloudBees High Availability plugin with JGroups customized through the GUI (under Manage Jenkins > Configure System > High Availability Configuration) must be updated to 2.249.2.4 or higher.

Users with instances that have a customized jgroups.xml file in $JENKINS_HOME must update it manually (or switch to using our defaults). See Upgrade guide for instances running High Availability previous to 2.249.2.3 for more information on customizing the configuration.

The March release includes important updates. If you use Jenkins LTS plugins that are not in the CloudBees Assurance Program (CAP), you should update them before upgrading your CloudBees products to ensure compatibility with the March release. If your company uses its own proprietary (non-CloudBees) plugins, CloudBees recommends that you test them against Jenkins version 2.277.1 prior to updating your CloudBees products. And, as always, backing up your data before upgrading is strongly encouraged.

For details about changes in the March Jenkins LTS release, see:

Revisions

Revision 3 (2021-03-19)
RBAC performance issue fix, release 2.277.1.2 revision 3 (2021-03-19)

An issue with the Role-Based Access Control plugin was causing a negative impact to user interface performance while accessing nested folders and jobs on connected masters that had an authorization strategy managed by operations center. This issue has been resolved, the cache now functions properly, and there is no performance impact.

This fix resolves the RBAC performance issue that was introduced with the 2.277.1.2 revision 2 release on March 18, 2021.

Revision 2 (2021-03-18)

This revision includes security updates to address vulnerabilities in Jenkins, CloudBees Jenkins Distribution, CloudBees Jenkins Platform, and CloudBees CI.

CloudBees Security Advisory 2021-03-18

RBAC performance issue, release 2.277.1.2 revision 2 (2021-03-18)

An issue with the Role-Based Access Control plugin can cause a negative impact to user interface performance while accessing nested folders and jobs on connected masters that have an authorization strategy managed by Operations Center. The issue is known, and the fix will be published as part of an incremental release on March 19, 2021.

This issue only affects the 2.277.1.2 revision 2 release.

RBAC permissions bypass (BEE-174)

An issue with the Role-Based Access Control plugin authorization made it possible for users to view nested resources, even if they did not have permission to view the parent resources.

This issue has been resolved, and permissions are now checked on the parent container, in addition to the target container. Additionally, a new caching mechanism improves performance while browsing system resources. For more information, please see Restricting access and delegating administration with Role-Based Access Control - Troubleshooting