CloudBees CI on modern cloud platforms 2.176.3.3

Rolling release: 2019-09-18

Based on Jenkins LTS 2.176.3-cb-6

Security advisories

New features

None

Resolved issues

Large number of GitHub repos issue (NGPIPELINE-306)

When selecting a Github repo while creating a Multi-Branch Pipeline project, if there are too many repos available to the Github user/owner, the drop down menu either takes a very long time or times out with an error. With this fix, we have added a New UI where users can directly enter their GitHub repository HTTPs URL to create a GitHub based Multi Branch Project.

Configuration screen behavior change (CPLT2-5718)

Problem: saving the configuration screen of a connected master redirected the administrator to the master’s dashboard, rather than back to the management screen in the operations center where navigation originated.

Fix: the browser is now redirected to the master’s management screen.

Removed debugging VM argument (CPLT2-5620)

Problem: The VM argument -XX:+PrintGCDetails can be useful for debugging but adds unnecessary volume to the logs.

Fix: Removed the -XX:+PrintGCDetails argument from Operations Center.

OpenJDK8 Docker parent image updates

The OpenJDK8 Docker parent images has been updated to include recent security fixes in the Java runtime.

Sidecar Injector based on Debian (CPLT2-5670)

Problem: The sidecar injector based on Debian had security issues due to Debian security vulnerabilities.

Fix: We created a new sidecar injector image which uses a different OS without these issues.

Fix Pipeline Event Step plugin issues (CTR-415, -513)

Several libraries where bundled in the Pipeline Event Step plugin that should have been loaded via plugin dependencies. With this fix, the incorrectly bundled libraries have been removed from the plugin.

The Pipeline Event Step plugin version 1.4 had PCT errors because of a detached plugin. With this fix, the matrix-auth dependency was added with test scope.

Update CloudBees Update Center plugin’s Jsoup (CTR-434)

The CloudBees Update Center plugin was using an outdated/unsupported dependency, JSoup 1.7.3., which contained a vulnerability. With this fix the CloudBees Update Center plugin was updated with JSoup 1.8.3.

Release Jackson API plugin update for 2.9.9.1 (JENSEC-514)

Two polymorphic deserialization CVEs were found and fixed in 2.9.9.1.

Pipeline: Groovy plugin (NGPIPELINE-614, -27, -582, -467)

The CPS method mismatch detection introduced in Pipeline: Groovy Plugin 2.71 incorrectly logged a warning for some kinds of Groovy metaprogramming where it should not have. CPS method mismatch warnings will no longer be logged for some kinds of Groovy metaprogramming.

Uses of CPS-transformed code in a non-CPS-transformed context in Pipelines did not fail cleanly or log a warning explaining the problem. With this fix, use of CPS-transformed code in a non-CPS-transformed context in Pipelines now logs a warning explaining the problem, and links to https://www.jenkins.io/redirect/pipeline-cps-method-mismatches/ which provides some guidance on how to fix common errors.

Calling overridden methods using super in some class hierarchies in a Pipeline could cause a StackOverflowException to be thrown due to an infinite loop. With this fix, super methods are now resolved correctly, preventing the infinite loop.

The whitelist for the Groovy sandbox was not set up correctly for script-level initializers, such as those for fields defined using @Field or fields defined on a sandboxed script that directly extends groovy.lang.Script or one of its subclasses. Because of this, these initializers were unable to call any method or reference any fields even if they were whitelisted. The whitelist for the Groovy sandbox is now set up correctly for script-level initializers.

JIRA Site doesn’t show credentials (NGPIPELINE-522)

JIRA Site at the folder level did not show credentials for non-admin users, even though the user has all the credentials related permissions. With this fix, credentials are displayed as expected.

Pipeline steps do not detect stray parameters (NGPIPELINE-588)

If a named argument passed to a Pipeline step did not correspond to an actual parameter of the step, the argument was silently ignored, masking common issues like misspelling the parameter. With this fix, a warning is now printed to the build log when a named argument passed to a Pipeline step does not correspond to any of the step’s parameters.

Org Property Migration issue (NGPIPELINE-584)

The Branch API plugin included an admin monitor that recommended that users install the Basic Branch Build Strategies plugin to migrate away from the "Automatic branch project triggering" property for organization folders because it was deprecated. An automated migration for this property in the Basic Branch Build Strategies plugin caused issues in some configuration, causing change requests to no longer be built, and causing errors when trying to rebuild an existing Pipeline job. The administrative monitor recommending Basic Branch Build Strategies Plugin be installed has been disabled along with the automated migration. The "Automatic branch project triggering" property for organization folders has been reinstated.

Update Durable Task Plugin (NGPIPELINE-582)

The wrapper process for shell steps stayed open for the entire life of the user-specified script, leaking JVM resources in some cases. With this fix, the wrapper process for shell steps now executes in the background.

The absolute path to sh on the master was used to launch shell scripts on agents when no default shell was specified. If the path on master did not match the path to sh on agents, the shell script would not execute. With this fix, agents now use sh without an absolute path if no default shell is specified.

The Powershell step did not propagate error codes in scripts correctly starting in version 1.23 of this plugin. With this fix, error codes in Powershell scripts now propagate correctly.

Update Workflow Durable Task Step plugin (NGPIPELINE-582)

If an agent being used by a Pipeline was removed (deconfigured) from Jenkins, the build would hang forever. With this fix, Pipeline builds now abort immediately if an agent they are using has been removed from Jenkins.

GitHub Webhook issues in BlueOcean (NGPIPELINE-551)

GitHub Webhooks were not created after new pipeline creation in BlueOcean. This issue was specific to pipelines created using BlueOcean. With this fix, webhooks are registered with GitHub on new pipelines created in BlueOcean.

Issues with the Pipeline Template Catalog UI (NGPIPELINE-525)

For users without Pipeline Template Catalog permissions, the left nav displayed only the icon for Pipeline Templates Catalog. Additionally, these same users could access an incomplete Pipeline Templates Catalog page. With this fix, we added new view-only permission, fixing the left nav and Pipeline Templates Catalog page to render data according to permissions.

GitHub Org Folders Discard Old Items issue (NGPIPELINE-173)

The Discard Old Items configuration for Organization Folders was easily misunderstood by users as being about artifacts and builds. With this fix, the Discard Old Items settings for Organization Folders and Multibranch Projects now have a description explaining their use.

Parallel step snippet generator error (NGPIPELINE-395)

The GDSL file provided by Jenkins to support syntax highlighting in IntelliJ IDEA did not support the parallel step, and incorrectly marked some step parameter types as Map when they should have been List. The parallel step is now correctly supported, and step parameter types have been fixed where appropriate.

Provisioning limits issues (CTR-16, -423)

There was confusion about applying provisioning limits to a Master when using Kubernetes Cloud. With this fix, the inline help has been updated to clarify provisioning limits behavior.

In Operations Center, when users configured Provisioning limits, the code was counting all the executors on the Jenkins instance, even the offline agents. With this fix, the code limits enforcement for nodes provisioning on the cloud by ignoring executors on offline nodes while computing the current count of executors.

Team folder must not include the rename option (CTR-432)

The rename action was available for team folders, and using this option would rename the folder on the filesystem, bypassing Team functions. With this fix, the "rename" menu item is removed for team folders. Users can still change the display name of the folder using folder settings if they want to rename the team on the UI.

Improve processing speed of the update center (CTR-442)

Clicking 'Check Now' in the Update Center was taking a long time to return. With this fix, we improved the processing speed of the 'Check now' button in Update Center.

Known issues

None