CloudBees Jenkins Platform 2.332.1.4

RELEASED: 2022-03-09

New features

Signed Docker images (BEE-9386): CloudBees CI Docker images are now published with a signature, allowing you to verify their origin and authenticity.

For more information, refer to Verifying the CloudBees CI on traditional platforms Docker images.

Feature enhancements

A new Default version field has been added to the Configuration as Code (CasC) bundle location (BEE-15135)

A new Default version field has been added to the Configuration as Code bundle location on the Manage Jenkins Configure System screen. It allows you to specify the default version (a branch, tag, or commit) to check out controller CasC bundles from the SCM repository.

If a version is not specified or the specified version cannot be found, the first HEAD in the repository is used; typically the default main branch.

The Configuration as Code bundle location and synchronizing CasC bundles with the operations center’s internal storage are Preview features. For more information, refer to Adding controller CasC bundles to the operations center.

CasC for the operations center bundle validation has been improved (BEE-14739)

Operations center CasC bundle validation messages have been improved. CasC bundle validation codes has been added to help identify errors and warnings. The error and warning details are included in the operations center log files. This can useful if you have automation configured to parse the log files and identify problems. For more information, refer to Troubleshooting CasC for the operations center.

Validation is now performed on the CasC items.yaml file (BEE-10524)

The items.yaml file within the CasC Bundle is now validated to verify:

The YAML format is correct.
The kind (symbol) of the items are available in the instance. If the kind (symbol) is not available in the instance, a warning is generated, indicating the current file is invalid. However, the entire bundle may still be valid. For example, when creating items, specific plugins must first be installed. If the bundle contains an items.yaml file with the correct kind property for the item type, but the required plugin is not currently installed, a warning is returned. Since the plugin may be installed once the updated bundle has been applied to the instance, the warning indicates that you should verify the required plugin is included in the plugins.yaml file.
The roles that are applied to the items are defined in the RBAC configuration. If the roles are not defined, a warning is generated. If these roles are provided by an external resource, then you can ignore the warning.
The parent of the item must exist or must be defined in a separate YAML file and applied to the instance, before it is applied to the file currently being validated. If the parent of the item does not exist, an error is generated.

For more information, refer to Troubleshooting CasC for the operations center and Troubleshooting CasC for controllers.

Controller CasC bundle inheritance validator (BEE-10478)

The CasC bundle inheritance validator now verifies that the controller CasC bundle that is defined as the parent in the bundle descriptor exists at the same file system level as the child bundle. For more information, refer to Troubleshooting CasC for controllers.

Validation is now performed on the CasC jenkins.yaml file (BEE-6369)

The jenkins.yaml file within the CasC bundle is now validated to verify:

The YAML format is correct.
The configurators are valid in the instance. If the configurators are invalid, a warning is generated, indicating the current file is invalid. However, the entire bundle may still be valid. For example, when adding configurators, specific plugins must first be installed. If the bundle contains an items.yaml file with a valid configurator, but the required plugin is not currently installed, a warning is returned. Since the plugin may be installed once the updated bundle has been applied to the instance, the warning indicates that you should verify the required plugin is included in the plugins.yaml file.
The independent configuration sections are valid. If a configuration section is invalid, an error is generated.

For more information, refer to Troubleshooting CasC for the operations center and Troubleshooting CasC for controllers.

Validation is now performed on the controller CasC plugin-catalog.yaml file (BEE-6356)

The plugin-catalog.yaml file within the controller CasC bundle is now checked, to verify the plugin catalog is valid in the instance. For more information, refer to Troubleshooting CasC for controllers.

Added an Administrative Monitor message to recommended upgrading to Java 11 (BEE-15506)

A new message was added to the Administrative Monitor to encourage you to upgrade to Java 11 as soon as possible. The message will display if your CloudBees Jenkins Platform instance is not already running Java 11. The message states the following:

CloudBees strongly recommends that you upgrade your CloudBees CI on traditional platforms and CloudBees Jenkins Platform instances to Java 11 as soon as possible for the best experience. The ability to run the product on Java 8 may be removed from newer releases as of June 2022.

Support for Java 11 was added (BEE-42): Support for Java 11 was added in this version. CloudBees recommends that you upgrade your instances to Java 11 as soon as possible for the best experience.

In a future release, support for Java 8 will be discontinued and you will be unable to run new versions of the product on Java 8. Releases that occurred during the support window for Java 8 will continue to run on Java 8.

For more information, refer to CloudBees supported platforms.
Migrating the Operations center Server plugin from async-http-client to okhttp (BEE-12044): Previously, HTTP communication was managed by an old version of async-http-client.

In this release, the underlying HTTP library has been updated to use okhttp to provide support for Server Name Indication (SNI) and Java 11.

Resolved issues

Restored image encoding to UTF-8 (BEE-15083): In version 2.319.2.5, the default encoding for images was configured as ANSI_X3.4-1968, rather than UTF-8. This may have resulted in encoding issues in Jenkins.

In this release, the default encoding for the images was changed back to UTF-8. This issue has been resolved.

If using a local folder as the Configuration as Code bundle location, the operations center no longer runs of of disk space (BEE-15449): If you use a local folder as the Configuration as Code bundle location and an error occurs, a backup folder is automatically added to the operations center. Previously, if the local folder contained other files that were not part of a CasC bundle (for example, read-only files, hidden files, or SCM control files), polling synchronization failed and the backup folder was never deleted. Eventually, the operations center may have ran out of disk space, resulting in a No space left on device exception.

This issue has been resolved.
Fixed performance issues in the Metrics plugin (BEE-7218): Under certain conditions, the number of threads used by the Metrics plugin continually increases, leading to performance issues on the controller.

The plugin has been adapted to use a new API from Jenkins so that it limits the number of threads it creates.
Excessive logging in a controller’s log (BEE-14725): When a user could not be found in the operations center security realm, it caused excessive logging in a controller’s log.

The code was updated to handle the logging correctly.
The Advanced tab on the Plugin Manager page was broken with the latest UI changes (BEE-14970): A JavaScript error was shown in the Advanced tab on the Plugin Manager page.

The Advanced tab on the Plugin Manager page is now working correctly with the latest UI changes.
The Add parameter UI was not working (BEE-15612): When trying to configure a REST API call post build action, the Add parameter UI did not work.

Flexbox is now used to lay out the elements. This issue has been resolved.
Product images contain duplicate libraries with different versions (BEE-15862): Some of the product WAR files were bundled the same artifact at different versions. This led to several issues, depending on the operating environment and the library that was provided by the web container.

The artifact versions are now all aligned.
GitHub Enterprise server organization scanning results in failures (BEE-15927): In some situations, when using a GitHub Enterprise server organization, scanning failed with a NullPointerException.

This issue has been resolved. The scan now completes successfully.
The Catalog Import Log column icon on the Pipeline Template Catalog screen was broken (BEE-12721): This issue has been resolved. The icon is now properly displayed.
Fixed an incorrect RBAC migration of external groups to users (BEE-15662): Some security realms, such as SAML, are not able to resolve groups. This caused the Role-Based Access Control Plugin to migrate ambiguous member entries to users instead of leaving them ambiguous, to be resolved by the end user.

This issue has been resolved.
Fixed compatibility with Groovy 2.4.21 (BEE-14259): Groovy in Jenkins core was updated to 2.4.41, which caused an issue when renaming or moving CloudBees Template instances.

This fix makes the plugin compatible with Groovy 2.4.41.
Resolved potential Cascading Style Sheet (CSS) issues with the CloudBees Unified UI Plugin (BEE-14565): CloudBees has determined that an upcoming change to the Update Center in Jenkins Core 2.330 could potentially break functionality for the CloudBees Unified UI Plugin.

In anticipation of the Jenkins Core 2.330 update, CSS issues have been resolved for all tables. This change should prevent issues with the upcoming Jenkins Core release.
Terminology updates (BEE-12595): CloudBees is updating terminology to remove offensive text. During this ongoing initiative, “controller” replaces “master,” “agent” replaces “slave,” “allowlist” replaces “whitelist,” and “denylist” replaces “blacklist.”
Fixed compatibility issues with the Kubernetes plugin (BEE-14942): Two metrics, kubernetes-client.connections.running and kubernetes-client.connections.queues, were removed from the Kube Agent Management plugin to ensure compatibility with the latest version of the Kubernetes plugin.
Removed javax.mail dependency (BEE-14734): The javax.mail packages were removed from Jenkins core in version 2.331. The CloudBees Jenkins Enterprise License Entitlement Check was using one of the packages to validate email addresses.

Email validation was replaced with a regular expression match and the dependency on javax.mail was removed. This issue has been resolved.
Fixed duplicate tier badges in the CloudBees Plugin Manager (BEE-15972): When you sort the list of plugins in the CloudBees Plugin Manager, duplicate badges display by the title of the plugin.

This issue has been resolved. Now, tier badges are not duplicated, even when you sort and reorder the list of plugins.
Fixed the GitHub App icon (BEE-16008): When you viewed a GitHub organization folder, the Create GitHub App item in the left navigation displayed as a broken icon.

This issue has been resolved, the icon is properly rendered in this release.

Known issues

Git submodules are not supported when configuring an SCM as the Configuration as Code bundle location (BEE-15832): If you configure an SCM as the Configuration as Code bundle location and select Recursively update submodules for the selected Project Repository, an exception is returned.
Duplicate Pipeline Template Catalogs in the Configuration as Code jenkins.yaml file on each instance restart (BEE-12722): If a Pipeline Template Catalog is configured in the CasC jenkins.yaml file and the id property is not defined, the catalog is duplicated on each instance restart and in the exported CasC configuration.

Upgrade notes

Migration to Java 11 will soon be required for new releases (BEE-42): The Jenkins community will begin supporting Java 11-specific features soon (Java 11 byte code), at which point it will no longer be possible to use a Java 8 runtime environment. Because CloudBees Jenkins Platform is based on the Jenkins LTS, future releases of CloudBees Jenkins Platform will have the same requirement.

CloudBees strongly recommends upgrading your CloudBees Jenkins Platform environment to run Java 11 as soon as possible. Some of the Java 11 updates may require action on your part, and there may be a specific order in which you should upgrade components in your environment. For more information, refer to Migrating to Java 11.

Guava library upgrade (BEE-8569)

The Guava library has been upgraded from 11.0.1 to 31.0.1.

This upgrade removes the usage of deprecated methods for all plugins in the CloudBees Assurance Program. Please ensure that all other plugins (those not in the CloudBees Assurance Program and any custom developed plugins) are updated to a recent version that is compatible. If you have questions about this upgrade, contact CloudBees Support for assistance.

Updated minimum Jenkins version to LTS 2.332.1 (BEE-10651)

The minimum required Jenkins version was updated to the latest LTS, version 2.332.1.

Refer to the Jenkins LTS Upgrade Guide.

When upgrading to Java 11, you must update your Java garbage collection arguments (BEE-16018)

Garbage collection has been updated in Java 11. Many of the previously recommended arguments are no longer supported. When you upgrade your JDK to Java 11, you must also update your garbage collection configuration. Using unsupported Java arguments will result in startup failure.

For more information, refer to Adding Java arguments to the Jenkins service configuration file.

Jenkins agent-to-controller security changes affect several plugins

Jenkins 2.326 removes the ability to disable or customize the agent-to-controller-security system. The following plugins are known to be affected by this change:

Cobertura Plugin
Code Coverage API Plugin
Log Parser Plugin
Maven Integration Plugin
XUnit Plugin

After upgrading to Jenkins 2.326, you must update these plugins.

Other plugins may be affected as well. Refer to Agent → Controller Security Changes in 2.326 for more information.

Matrix Authorization Strategy plugin version 3.0 upgrade

Version 3.0 of the Matrix Authorization Strategy plugin extends the formats for permission assignments both internally and when used with the Job DSL and Configuration as Code plugins. With the upgrade to version 3.0, all past permission assignments are now considered ambiguous. While existing configurations can still be read, if the permission assignment configurations contain ambiguous entries, warnings will appear in the UI and in logs.

Downgrading to an earlier release of the plugin may cause problems once you have used version 3.0 or later to assign new permissions or migrate existing permission assignments. Earlier releases will not be able to load the updated, version 3.0 permission assignments.

Further, the Matrix Authorization Strategy plugin’s APIs have changed significantly. While some compatibility is retained, other plugins that depend on the Matrix Authorization Strategy plugin will likely need to be adapted to the changes, or they may behave in unexpected ways.

If you use any plugins that have a dependency on the Matrix Authorization Strategy plugin, you should make sure they are compatible with version 3.0 before you upgrade. For example, the Role-based Authorization Strategy plugin has been reported to be incompatible with version 3.0.

Customers that use the CloudBees Role-Based Access Control Plugin for authorization are not affected by this change in behavior.

If you configured the Matrix Authorization Strategy plugin’s job level permissions using the Job DSL plugin’s special syntax (authorization top-level element), you will not be able to assign unambiguous permissions in current releases of the Job DSL plugin, version 1.78.3 and earlier. Instead, you should use the syntax documented here using the authorizationMatrix child of the properties element.