If you skip versions when you upgrade, refer to previous versions of the release notes for any relevant known issues or upgrade notes. The CloudBees supported platforms and CloudBees maintenance lifecycle policies pages contain additional information about what is supported in this release. |
Latest 2.479.3.1 Security release
Released: January 8, 2025
The Promoted Builds plugin was removed from CloudBees Assurance Program, and now the corresponding integration with the CloudBees Template system was also removed. This means that the template association of any existing promotion will be lost and no new ones can be created.
Modern cloud platforms
Traditional platforms
2.479.2.3 Security release
Released: November 27, 2024
The Hazelcast library used in High Availability (HA) controllers was upgraded from the 5.3 line to the 5.5 line. This transition does not support a rolling upgrade. If you were previously running 2.462.3.3 or 2.479.1.x (either of the October 2024 releases), the upgrade to this (or a newer version) should be automatic, but it will involve a temporary outage of the controller, similar to a simple restart of a non-High Availability (HA) controller. If you ran an older release, it is recommended that you first upgrade to one of the October releases; otherwise, you can upgrade directly but only by first manually turning off all replicas of the old version (for example, by using the Reprovision gesture in the case of a managed controller).
Modern cloud platforms
Traditional platforms
2.479.1.4 Security release
Released: November 13, 2024
Modern cloud platforms
Traditional platforms
2.479.1.3
Released: October 30, 2024
As of the CloudBees CI 2.479.1.3 release, Java 11 is no longer supported and you must migrate to Java 17. For information on how to migrate from Java 11 to Java 17, refer to Migrate to Java 17. Please contact CloudBees Support if you have any concerns or questions.
The OpenId Connect Authentication (oic-auth
) plugin now requires that the Issuer
is set to enforce security and there is no option to disable this requirement as it is mandated in the Open ID Connect specification.
As such, users who do not use automatic configuration via the well-known endpoint must first update to 4.355.v3a_fb_fca_b_96d4 and configure the Issuer
before updating to this version.
Additionally, if using manual configuration and a JWKS (JSON Web Key Set) Server URL
has not been specified, either enable disable token validation
or set the JWKS (JSON Web Key Set) Server URL
before you upgrade to this version.
Failure to do so will result in users unable to login, or CloudBees CI failing to start. Additionally, this removes the option to send the scopes when requesting the access token. Users of non-conformant OPs that require this functionality should remain on the previous version until the provider fixes their implementation.
Modern cloud platforms
Traditional platforms
2.462.3.3 Security release
Released: October 2, 2024
Upgrade to Apache Tomcat 10 required
The CloudBees CI 2.462.3.3 release for traditional platforms is the last release to support running CloudBees CI in Apache Tomcat 9. You must upgrade to Apache Tomcat 10 before the next CloudBees CI release. Please contact CloudBees Support if you have any concerns or questions.
End of support to run CloudBees CI in Apache Tomcat
If you run CloudBees CI in Apache Tomcat, it was deprecated and CloudBees CI’s support ends after October 2025. An Administrative Monitor was added to advise customers on how to migrate from Tomcat to a CloudBees Linux package. For more information about the migration, refer to Migrate CloudBees CI on traditional platforms from Tomcat to a CloudBees Linux package. Please contact CloudBees Support if you have any concerns or questions.
As of the CloudBees CI 2.462.3.3 release, this is the last release to support Java 11. In the next CloudBees CI release, Java 11 will not be supported. For information on how to migrate from Java 11 to Java 17, refer to Migrate to Java 17. Please contact CloudBees Support if you have any concerns or questions.
When changing the value of the storage class name using Configuration as Code bundles, the incorrect value of the storage class name is shown on the controller provisioning screen.
When using Configuration as Code to provision controllers, every controller item in the bundle may need to be updated by specifying the storageClassName
attribute for each clusterEndpoints
and kubernetes
objects. For example:
masterprovisioning: kubernetes: storageClassName: "nfs" clusterEndpoints: - id: ... jenkinsUrl: ... name: ... storageClassName: "nfs"
▼
jenkins-agent
ConfigMap (BEE-1436)If you have pod templates that leverage the jenkins-agent
ConfigMap, you need to migrate its configuration to the new idiom provided by the Kubernetes plugin.
* Check "Inject Jenkins agent in agent container" or add agentInjection: true
to the pod template step, or agentInjection true
in the declarative pipelines.
* Remove volume mounting in the jenkins-agent
ConfigMap, and the associated command (the new option injects the required command and arguments automatically).
The jenkins-agent
ConfigMap will be removed from the Helm chart in late 2025.
Modern cloud platforms
Traditional platforms
2.462.2.2
Released: September 4, 2024
To increase our security posture, we now use the distroless variant of Red Hat UBI to reduce the attack surface of our container images.
If you build a derivative container image based on the one that CloudBees provides, it is an incompatible change, and you will need to update it as our images no longer contain a package manager. This is the case for the operations center, the managed controller images, and also agent images.
If you use agent images, tools like which
, vi
, are no longer available. You can use the shell builtin command -v
as an alternative to which
. If you need additional tools for interactive agent debugging, consider using Kubernetes debug containers .
The following Dockerfile
example displays an image extension that adds a new system package.
FROM cloudbees/core-mm AS base FROM registry.access.redhat.com/ubi8 AS build COPY --from=base / /cbroot RUN dnf update -y && \ dnf install --installroot /cbroot -y --setopt=install_weak_deps=False <my-extra-package> && \ dnf clean --installroot /cbroot all FROM base COPY --from=build /cbroot/ .
▼
Modern cloud platforms
Traditional platforms
2.462.1.3 Security release
Released: August 7, 2024
Modern cloud platforms
Traditional platforms
2.452.4.1 Security release
Released: August 7, 2024
Modern cloud platforms
Traditional platforms
2.452.3.2
Released: July 10, 2024
Modern cloud platforms
Traditional platforms
2.452.2.4 Security release
Released: June 26, 2024
Modern cloud platforms
Traditional platforms
2.452.2.3
Released: June 12, 2024
Modern cloud platforms
Traditional platforms
2.452.1.2
Released: May 15, 2024
Modern cloud platforms
Traditional platforms
2.440.3.8 Security release
Released: May 2, 2024
Modern cloud platforms
Traditional platforms
2.440.3.7 Security release
Released: April 18, 2024
Modern cloud platforms
Traditional platforms
2.440.2.1 Security release
Released: March 20, 2024
Modern cloud platforms
Traditional platforms
2.440.1.4 Security release
Released: March 6, 2024
Modern cloud platforms
Traditional platforms
2.440.1.3
Released: February 21, 2024
If you are actively using devoptics
, you must:
-
Not upgrade the
devoptics
plugin to version 2.0 -
Not upgrade CloudBees CI Modern, to 2.440.1.3
-
Not update the JVM to Java 17 if you use CloudBees CI Traditional
If you are not actively using devoptics
, but have it installed:
-
Upgrade to version 2.0 to remove the incompatibility before upgrading CloudBees CI Modern or the JVM for CloudBees CI Traditional or
-
Uninstall the plugin
Prior to this update, the operations center would dynamically change the behavior of exposing a controller based on a runtime lookup to detect if the underlying Kubernetes infrastructure was OpenShift or not. However, this dynamic check could lead to the creation of an Ingress
object for a controller rather than a Route
.
After this update, the type needs to be set when configuring the Kubernetes endpoint. Existing configuration will migrate to auto detect but attempts will be made to replace it with the correct type.
Configuration as Code bundles now need to be updated to specify the concrete type of service exposure method and for Ingress types such as ingressClass
and IngressAnnotations
to be on the ContainerMasterProvisioningDescriptor
.
Example 1. View OpenShift CasC snippet:
masterprovisioning: kubernetes: clusterEndpoints: - id: "myEndpoint" name: "openshift"
▼
becomes:
masterprovisioning: kubernetes: clusterEndpoints: - id: "myEndpoint" name: "openshift" serviceExposure: "openShiftRoute"
▼
Example 2. View Generic Kubernetes CasC snippet:
masterprovisioning: kubernetes: clusterEndpoints: - id: "myEndpoint" ingressAnnotations: |- key1: value1 key2: value2 ingressClass: "myingressclass" name: "kubernetes"
▼
becomes:
masterprovisioning: kubernetes: clusterEndpoints: - id: "myEndpoint" name: "kubernetes" serviceExposure: ingress: ingressAnnotations: |- key1: value1 key2: value2 ingressClass: "myingressclass"
▼
Modern cloud platforms
Traditional platforms
2.426.3.3 Security release
Released: January 24, 2024
Modern cloud platforms
Traditional platforms
2.426.2.2 Security release
Released: December 13, 2023
Removal of unnecessary 'daemonize' dependency in the CloudBees CI traditional RPM.
We have removed the 'daemonize' package dependency from CloudBees CI traditional RPMs for both the Operations center and Controller, as it was not required in most scenarios. This change simplifies installation and upgrades, particularly in environments where access to the Extra Packages for Enterprise Linux (EPEL) repository is restricted.