RELEASED: June 22, 2022
Security fixes
- Encrypt JGroups HA network messages (BEE-16793)
-
Before this fix, the communication between HA nodes regarding the election of the primary node was not encrypted.
With this fix all the underlying JGroups communication is encrypted. Refer to the Upgrade notes for more information.
- Security vulnerabilities were fixed and backported from Jenkins (BEE-16872)
-
Refer to CloudBees Security Advisory June 22, 2022 for more information.
- Security vulnerabilities were fixed and backported from Jenkins (BEE-18590)
-
Refer to CloudBees Security Advisory June 22, 2022 for more information.
Known issues
- Jenkins logs are not appended to the service log file in an RPM installation that uses Java 8 (BEE-20636)
-
If you use an RPM to upgrade the product while using Java 8, the Jenkins logs are no longer appended to the following configured service log by default:
/var/log/cloudbees-core-[cm|oc]/cloudbees-core-[cm|oc].logYou should migrate to Java 11 to resolve this issue. For more information, refer to Migrating to Java 11.
- Duplicate Pipeline Template Catalogs in the Configuration as Code jenkins.yaml file on each instance restart (BEE-12722)
-
If a Pipeline Template Catalog is configured in the CasC
jenkins.yamlfile and theidproperty is not defined, the catalog is duplicated on each instance restart and in the exported CasC configuration. - Jobs based on templates are not created using the correct template (BEE-19032)
-
When a job based on a template is created using CasC, the template used is a random one of the same type instead of the one that was selected.
- The CasC bundles synchronization step will be deprecated in February 2023 (BEE-17915)
-
A message about the step deprecation appears in every job’s execution logs and also on the configuration screen when a new job is defined.
Upgrade notes
- Encrypt JGroups HA network messages (BEE-16793)
-
-
The keystore used for encryption is automatically generated on startup, so there is a risk of multiple HA nodes trying to create the file at the same time if they are all restarted together. To avoid this, restart one of the HA nodes (any node is acceptable) and then restart the others.
-
If you are using a custom
jgroups.xmlfile, then add the following snippet to it to get message encryption:<SYM_ENCRYPT sym_algorithm="AES" keystore_name="${JENKINS_HOME}/jgroups_sym_encrypt.keystore" store_password="changeit" alias="jgroupsKey" />
-
- User Activity Monitoring Plugin database update (BEE-14611)
-
In the 2.332.3.2 release, the User Activity Monitoring Plugin was updated to use a new database. The new database is installed automatically when you upgrade to version 2.332.3.2 or later; however, historical data tracked by the plugin will not migrate to the new database. You may continue to use the User Activity Monitoring Plugin normally and user activity will be captured again, or you can migrate the data from the old database if you need historical data.
For more information about migrating the historical data, refer to Migrating historical User Activity Monitoring Plugin data.
- Migration to Java 11 will soon be required for new releases (BEE-42)
-
The Jenkins community will support the Java 11-specific features soon (Java 11 byte code) and then you cannot use a Java 8 runtime environment. Because CloudBees Jenkins Platform is based on the Jenkins LTS, future releases of CloudBees Jenkins Platform will have the same requirement.
CloudBees strongly recommends that you upgrade your CloudBees Jenkins Platform environment to run Java 11 as soon as possible. Some of the Java 11 updates may require action on your part, and there may be a specific order in which you should upgrade components in your environment. For more information, refer to Migrating to Java 11.
- Updated support for the new LTS 2.346 (BEE-16160)
-
Support was added for the new Jenkins LTS 2.346 release. The minimum required Jenkins version is now 2.303.
- When you upgrade to Java 11, you must update your Java garbage collection arguments (BEE-16018)
-
Garbage collection has been updated in Java 11. Many of the previously recommended arguments are no longer supported. When you upgrade your JDK to Java 11, you must also update your garbage collection configuration. Using unsupported Java arguments will result in startup failure.
For more information, refer to Adding Java arguments to the Jenkins service configuration file.
- Jenkins upgrade notes