CloudBees Jenkins Platform - Client Master 2.222.4.3

RELEASED: 2020-05-26

Based on Jenkins LTS2.222.4-cb-1

Rolling release

Security advisory

CloudBees Security Advisory 2020-05-26

This advisory announces vulnerabilities in Jenkins, CloudBees Jenkins Distribution, CloudBees Jenkins Platform and CloudBees Core.

Plugin modifications

Jenkins LTS

Upgraded Jenkins LTS from 2.222.2-cb-3 to 2.222.4-cb-1
Release Notes

Upgraded OWASP Markup Formatter Plugin from 1.8 to 2.0
Release Notes

Upgraded Blue Ocean Plugin from 1.22.0 to 1.23.2
Release Notes

Upgraded Bitbucket Pipeline for Blue Ocean from 1.22.0 to 1.23.2
Release Notes

Upgraded Common API for Blue Ocean from 1.22.0 to 1.23.2
Release Notes

Upgraded Config API for Blue Ocean from 1.22.0 to 1.23.2
Release Notes

Upgraded Common javascript libraries/utilities for Blue Ocean from 1.22.0 to 1.23.2
Release Notes

Upgraded Dashboard for Blue Ocean from 1.22.0 to 1.23.2
Release Notes

Upgraded Events API for Blue Ocean from 1.22.0 to 1.23.2
Release Notes

Upgraded Git Pipeline for Blue Ocean from 1.22.0 to 1.23.2
Release Notes

Upgraded GitHub Pipeline for Blue Ocean from 1.22.0 to 1.23.2
Release Notes

Upgraded i18n for Blue Ocean from 1.22.0 to 1.23.2
Release Notes

Upgraded JIRA Integration for Blue Ocean from 1.22.0 to 1.23.2
Release Notes

Upgraded JWT for Blue Ocean from 1.22.0 to 1.23.2
Release Notes

Upgraded Personalization for Blue Ocean from 1.22.0 to 1.23.2
Release Notes

Upgraded Pipeline REST API for Blue Ocean from 1.22.0 to 1.23.2
Release Notes

Upgraded Blue Ocean Pipeline Editor from 1.22.0 to 1.23.2
Release Notes

Upgraded Pipeline SCM API for Blue Ocean from 1.22.0 to 1.23.2
Release Notes

Upgraded REST API for Blue Ocean from 1.22.0 to 1.23.2
Release Notes

Upgraded REST Implementation for Blue Ocean from 1.22.0 to 1.23.2
Release Notes

Upgraded Web for Blue Ocean from 1.22.0 to 1.23.2
Release Notes

Upgraded Branch API Plugin from 2.5.5 to 2.5.6
Release Notes

Upgraded CloudBees Analytics Plugin from 1.13 to 1.16
Release Notes

Upgraded CloudBees Assurance Plugin from 2.138.0.12 to 2.138.0.13
Release Notes

Upgraded CloudBees CyberArk Credentials Provider Plugin from 1.0.4 to 1.0.5
Release Notes

Upgraded CloudBees Even Scheduler Plugin from 3.9 to 3.10
Release Notes

Upgraded CloudBees Folders Plugin from 6.10.1 to 6.12
Release Notes

Upgraded Jenkins Health Advisor by CloudBees Plugin from 3.0.1 to 3.1.0
Release Notes

Upgraded CloudBees Fast Archiving Plugin from 5.11 to 5.12
Release Notes

Upgraded CloudBees Label Throttling Plugin from 3.7 to 3.8
Release Notes

Upgraded CloudBees Monitoring Plugin from 2.8 to 2.9
Release Notes

Upgraded CloudBees Nodes Plus Plugin from 1.19 to 1.20
Release Notes

Upgraded CloudBees SSH Build Agents Plugin from 2.6 to 2.7
Release Notes

Upgraded CloudBees Template Plugin from 4.44 to 4.45
Release Notes

Upgraded CloudBees Pipeline: Templates Plugin from 3.5 to 3.6
Release Notes

Upgraded Jenkins Configuration as Code Plugin from 1.36 to 1.40
Release Notes

Upgraded Copy Artifact Plugin from 1.43.1 to 1.44
Release Notes

Upgraded Credentials Plugin from 2.3.3 to 2.3.7
Release Notes

Upgraded Credentials Binding Plugin from 1.21 to 1.23
Release Notes

Upgraded Declarative Pipeline Migration Assistant from 1.0.3 to 1.1.1
Release Notes

Upgraded Declarative Pipeline Migration Assistant API from 1.0.3 to 1.1.1
Release Notes

Upgraded Amazon EC2 Plugin from 1.49.1 to 1.50.2
Release Notes

Upgraded CloudBees Flow from 1.1.12 to 1.1.14
Release Notes

Upgraded GitHub API Plugin from 1.106 to 1.111
Release Notes

Upgraded GitHub Branch Source Plugin from 2.6.0 to 2.7.1
Release Notes

Upgraded UI library for Blue Ocean from 1.22.0 to 1.23.2
Release Notes

Upgraded Kube Agent Management Plugin from 1.1.31 to 1.1.32
Release Notes

Upgraded Kubernetes Plugin from 1.25.2 to 1.25.4
Release Notes

Upgraded Kubernetes Client API Plugin from 4.8.0-1 to 4.9.1-1
Release Notes

Upgraded LDAP Plugin from 1.21 to 1.24
Release Notes

Upgraded Mailer Plugin from 1.30 to 1.31
Release Notes

Upgraded Maven Plugin from 3.4 to 3.6
Release Notes

Upgraded Mercurial Plugin from 2.8 to 2.9
Release Notes

Upgraded CloudBees OpenShift CLI plugin from 1.6 to 1.7
Release Notes

Upgraded Operations Center Agent Plugin from 2.222.0.2 to 2.222.0.3
Release Notes

Upgraded Operations Center Analytics Configuration from 2.107.1.5 to 2.222.0.1
Release Notes

Upgraded Operations Center Analytics Reporter Plugin from 2.107.1.5 to 2.222.0.1
Release Notes

Upgraded Operations Center Client Plugin from 2.222.0.3 to 2.222.0.5
Release Notes

Upgraded Operations Center Context Plugin from 2.222.0.3 to 2.222.0.4
Release Notes

Upgraded Run Condition Plugin from 1.2 to 1.3
Release Notes

Upgraded Support Core Plugin from 2.67 to 2.68
Release Notes

Upgraded CloudBees WikiText Security Plugin from 3.12 to 3.13
Release Notes

Upgraded Pipeline Job Plugin from 2.38 to 2.39
Release Notes

Upgraded Pipeline SCM Step Plugin from 2.10 to 2.11

Compatible plugins

Amazon EC2 plugin

1.50.2 compatible optional
CloudBees Docker Build and Publish plugin

1.3.2 compatible optional
Pipeline

2.5 compatible optional
Jenkins Health Advisor by CloudBees

3.1.0 compatible optional
Pipeline: Input Step

2.11 compatible optional
Pipeline SCM API for Blue Ocean

1.23.2 compatible optional
Copy Artifact Plugin

1.44 compatible optional
Jenkins Mercurial plugin

2.9 compatible optional
JWT for Blue Ocean

1.23.2 compatible optional
Pipeline: Milestone Step

1.3.1 compatible optional
Pipeline: Declarative Extension Points API

1.6.0 compatible optional
CloudBees Flow

1.1.14 compatible optional
Email Extension Plugin

2.69 compatible optional
GitHub Pipeline for Blue Ocean

1.23.2 compatible optional
HTML Publisher plugin

1.22 compatible optional
External Monitor Job Type Plugin

1.7 compatible optional
Blue Ocean

1.23.2 compatible optional
Matrix Authorization Strategy Plugin

2.5 compatible optional
Pipeline: Step API

2.22 compatible installed by default
Matrix Project Plugin

1.14 compatible optional
Jenkins Jira plugin

3.0.15 compatible optional
CloudBees AWS Credentials Plugin

1.28 compatible optional
Trilead API Plugin

1.0.5 compatible optional
Maven Integration plugin

3.6 compatible optional
Command Agent Launcher Plugin

1.4 compatible installed by default
Jenkins Pub-Sub "light" Bus

1.13 compatible optional
Pipeline: Stage View Plugin

2.13 compatible optional
REST API for Blue Ocean

1.23.2 compatible optional
Pipeline: Multibranch

2.21 compatible optional
Bitbucket Branch Source Plugin

2.7.0 compatible optional
Personalization for Blue Ocean

1.23.2 compatible optional
Configuration as Code Plugin

1.40 compatible optional
i18n for Blue Ocean

1.23.2 compatible optional
Jenkins Design Language

1.23.2 compatible optional
Pipeline: Supporting APIs

3.4 compatible optional
Deployer Framework Plugin

1.2 compatible optional
REST Implementation for Blue Ocean

1.23.2 compatible optional
JavaScript GUI Lib: ACE Editor bundle plugin

1.1 compatible optional
Common API for Blue Ocean

1.23.2 compatible installed by default
Docker Pipeline

1.23 compatible optional
Pipeline implementation for Blue Ocean

1.23.2 compatible optional
Kubernetes Credentials Plugin

0.6.2 compatible optional
Pipeline: REST API Plugin

2.13 compatible optional
OAuth Credentials plugin

0.4 compatible optional
JIRA Integration for Blue Ocean

1.23.2 compatible optional
JAXB plugin

2.3.0.1 compatible installed by default
Pipeline: Stage Tags Metadata

1.6.0 compatible optional
Deployed On Column Plugin

1.8 compatible optional
Unique ID Library Plugin

2.2.0 compatible optional
Display URL for Blue Ocean

2.3.1 compatible optional
Google Cloud Storage plugin

1.5.1 compatible optional
Jenkins S3 publisher plugin

0.11.5 compatible optional
Pipeline: SCM Step

2.11 compatible optional
Jenkins Apache HttpComponents Client 4.x API Plugin

4.5.10-2.0 compatible installed by default
Pipeline: Stage Step

2.3 compatible optional
Pipeline: Declarative Agent API

1.1.1 compatible optional
Amazon Web Services SDK

1.11.723 compatible optional
Oracle Java SE Development Kit Installer Plugin

1.4 compatible installed by default
Jenkins Active Directory plugin

2.16 compatible optional
Events API for Blue Ocean

1.23.2 compatible optional
Pipeline: Job

2.39 compatible optional
JavaScript GUI Lib: jQuery bundles (jQuery and jQuery UI) plugin

1.2.1 compatible optional
Google Kubernetes Engine Plugin

0.8.1 compatible optional
Jenkins Parameterized Trigger plugin

2.35.1 compatible optional
Handy Uri Templates 2.x API Plugin

2.1.8-1.0 compatible optional
GitHub API Plugin

1.111 compatible optional
Blue Ocean Pipeline Editor

1.23.2 compatible optional
Google Compute Engine Plugin

4.2.0 compatible optional
NodeJS Plugin

1.2.9 compatible optional
Google OAuth Credentials plugin

1.0.0 compatible optional
Stack Trace Suppression Plugin

1.5 compatible optional
Jenkins promoted builds plugin

3.5 compatible optional
CloudBees Docker Hub/Registry Notification

2.4.0 compatible optional
Node Iterator API Plugin

1.5.0 compatible optional
Config API for Blue Ocean

1.23.2 compatible optional
Jenkins JSch dependency plugin

0.1.55.2 compatible optional
AWS Global Configuration Plugin

1.3 compatible optional
bouncycastle API Plugin

2.18 compatible installed by default
Pipeline: Model API

1.6.0 compatible optional
Dashboard for Blue Ocean

1.23.2 compatible optional
Pipeline: API

2.40 compatible installed by default
Bitbucket Pipeline for Blue Ocean

1.23.2 compatible optional
Server Sent Events (SSE) Gateway Plugin

1.23 compatible optional
Azure PublisherSettings Credentials Plugin

1.5 compatible optional
Conditional BuildStep

1.3.6 compatible optional
SSH Agent Plugin

1.19 compatible optional
Web for Blue Ocean

1.23.2 compatible optional
Favorite

2.3.2 compatible optional
Pipeline: Nodes and Processes

2.35 compatible optional
GitHub plugin

1.29.5 compatible optional
Pipeline: Declarative

1.6.0 compatible optional
Blue Ocean Core JS

1.23.2 compatible optional
JavaScript GUI Lib: Handlebars bundle plugin

1.1.1 compatible optional
Pipeline: Shared Groovy Libraries

2.16 compatible optional
Support Core Plugin

2.68 compatible installed by default
Build Timeout

1.19.1 compatible optional
Kubernetes Client API Plugin

4.9.1-1 compatible optional
Run Condition Plugin

1.3 compatible optional
jQuery plugin

1.12.4-1 compatible optional
Pipeline Graph Analysis Plugin

1.10 compatible optional
Durable Task Plugin

1.34 compatible optional
Pipeline: Basic Steps

2.19 compatible optional
Pipeline: GitHub Groovy Libraries

1.0 compatible optional
Git Pipeline for Blue Ocean

1.23.2 compatible optional
PAM Authentication plugin

1.6 compatible optional
Dashboard View

2.9.12 compatible optional
JavaScript GUI Lib: Moment.js bundle plugin

1.1.1 compatible optional
Pipeline: Groovy

2.80 compatible optional
Pipeline: Build Step

2.12 compatible optional
Autofavorite for Blue Ocean

1.2.4 compatible optional
Docker Commons Plugin

1.16 compatible optional
Google Metadata plugin

0.3.1 compatible optional

Proprietary plugins

CloudBees License Manager

9.42 proprietary installed by default
Operations Center Notification

1.0 proprietary optional
Notification API

1.2 proprietary optional
CloudBees Support Plugin

3.22 proprietary optional
User Activity Monitoring Plugin

1.1.5 proprietary optional
CloudBees Folders Plus Plugin

3.9 proprietary installed by default
CloudBees Nodes Plus Plugin

1.20 proprietary optional
CloudBees Amazon Web Services Deploy Engine Plugin

1.18 proprietary optional
CloudBees Even Scheduler Plugin

3.10 proprietary optional
CloudBees Update Center Data API

4.43 proprietary installed by default
CloudBees Blue Ocean Default Theme

0.6 proprietary installed by default
CloudBees Plugin Usage Plugin

1.10 proprietary optional
Operations Center Analytics Reporter

2.222.0.1 proprietary optional
Pipeline Event Step

1.7 proprietary optional
CloudBees Fast Archiving Plugin

5.12 proprietary optional
CloudBees Restart Aborted Builds Plugin

1.13 proprietary optional
CloudBees OpenShift CLI Plugin

1.7 proprietary optional
CloudBees WikiText Security Plugin

3.13 proprietary optional
Beekeeper Upgrade Assistant Plugin

2.138.0.13 proprietary installed by default
Operations Center Agent

2.222.0.3 proprietary installed by default
CloudBees Monitoring Plugin

2.9 proprietary optional
CloudBees Pull Request Builder for GitHub

1.13 proprietary optional
CloudBees SSH Build Agents Plugin

2.7 proprietary optional
CloudBees Analytics Plugin

1.16 proprietary installed by default
CloudBees Template Plugin

4.45 proprietary optional
CloudBees Pipeline: Groovy Checkpoint Plugin

2.10 proprietary optional
CloudBees Git Validated Merge Plugin

3.25 proprietary optional
CloudBees Amazon AWS CLI Plugin

1.5.12 proprietary optional
Kube Agent Management plugin

1.1.32 proprietary optional
Operations Center Cloud

2.222.0.2 proprietary optional
CloudBees Pipeline: Templates Plugin

3.6 proprietary optional
CloudBees Administrative Monitors Plugin

1.0.1 proprietary installed by default
CloudBees Groovy View Plugin

1.9 proprietary optional
CloudBees VMWare Autoscaling Plugin

4.3.9 proprietary optional
CloudBees CyberArk Credentials Provider Plugin

1.0.5 proprietary optional
CloudBees Jenkins Enterprise License Entitlement Check

8.27 proprietary installed by default
Operations Center Client Plugin

2.222.0.5 proprietary installed by default
Operations Center Analytics Configuration

2.222.0.1 proprietary optional
Operations Center Context

2.222.0.4 proprietary installed by default
CloudBees View Creation Filter Plugin

1.6 proprietary optional
CloudBees Label Throttling Plugin

3.8 proprietary optional
CloudBees Long-Running Build Plugin

1.14 proprietary optional
CloudBees Pipeline Stage View Extensions

2.4 proprietary optional
Trigger Restrictions

1.2 proprietary optional
CloudBees Backup Plugin

3.38.18 proprietary optional
CloudBees Role-Based Access Control Plugin

5.32 proprietary installed by default
CloudBees Quiet Start Plugin

1.6 proprietary optional
CloudBees Skip Next Build Plugin

4.5 proprietary optional

Verified plugins

Branch API Plugin

2.5.6 verified optional
Credentials Plugin

2.3.7 verified installed by default
SSH Credentials Plugin

1.18.1 verified optional
Credentials Binding Plugin

1.23 verified optional
Jackson 2 API Plugin

2.10.3 verified installed by default
Ant Plugin

1.11 verified optional
GitHub Branch Source Plugin

2.7.1 verified optional
Kubernetes plugin

1.25.4 verified optional
Jenkins Mailer Plugin

1.31 verified installed by default
Declarative Pipeline Migration Assistant API

1.1.1 verified optional
MapDB API Plugin

1.0.9.0 verified installed by default
JUnit Plugin

1.28 verified installed by default
Snakeyaml API Plugin

1.26.2 verified installed by default
WMI Windows Agents Plugin

1.6 verified optional
Display URL API

2.3.2 verified installed by default
SAML Plugin

1.1.5 verified optional
Metrics Plugin

4.0.2.6 verified installed by default
Config File Provider Plugin

3.6.3 verified optional
Structs Plugin

1.20 verified installed by default
SSH Build Agents plugin

1.31.2 verified optional
Jenkins MSBuild Plugin

1.29 verified optional
Variant Plugin

1.3 verified installed by default
Token Macro Plugin

2.12 verified installed by default
SCM API Plugin

2.6.3 verified installed by default
LDAP Plugin

1.24 verified optional
Jenkins Git plugin

4.2.1 verified optional
Declarative Pipeline Migration Assistant

1.1.1 verified optional
Jenkins MSTestRunner plugin

1.3.0 verified optional
Secure Requester Whitelist Plugin

1.5 verified optional
Javadoc Plugin

1.5 verified optional
Async Http Client

1.7.24.3 verified installed by default
Plain Credentials Plugin

1.7 verified optional
Authentication Tokens API Plugin

1.3 verified optional
Jenkins Git client plugin

3.0.0 verified optional
Script Security Plugin

1.71 verified installed by default
Jenkins GIT server Plugin

1.9 verified optional
Gradle Plugin

1.36 verified optional
Artifact Manager on S3 plugin

1.9 verified optional
Timestamper

1.11.2 verified optional
OWASP Markup Formatter Plugin

2.0 verified optional
Folders Plugin

6.12 verified installed by default