CloudBees CI on modern cloud platforms 2.176.4.3

The Pipeline Stage View plugin now supports Internet Explorer 11.

The Pipeline Input Step plugin has been updated to support the new Credentials API for binding credentials parameters to builds and supports user credentials as well as credential parameter name shadowing.

Global and folder credentials were too broadly accessible for certain pipeline use cases, and user credentials were not well supported by pipelines. User-scoped credentials associate credentials to users with manual unlocking of these credentials so that sensitive credentials can be isolated to trusted phases of pipelines and to trusted users.

Problem: Controller Provisioning is not compatible with OpenShift 4.1.

Bug fixed where the Helm Chart did not allow the client to terminate the TLS at a load balancer, and assumed the user would either terminate TLS at the Nginx-controller or not use TLS.

Problem: The working directory for the Kubernetes agent was /home/jenkins. This prevents agent Docker images from providing additional files in this directory.

Updated dependency on kubernetes-plugin to the 1.18 line.

Bump the version of the OpenJDK8 Docker parent image.

Users using plugin catalogs with external Maven2 repository layout for plugin resolution were not able to push the plugin catalog to a client controller, and were receiving class not found errors. With this fix, we now use the proper classloader to load the involved classes.

Configuration snippets from Operations Center could be applied before Jenkins was fully loaded, leading to loss of configuration. With this fix, configuration snippets are no longer applied until we are sure that the Jenkins configuration has been deserialized

When the Operations Center authorization strategy was changed from the CloudBees Role Based Authorization strategy to something else, team controllers would still have a copy of the outdated configuration. This situation would allow users who had previously been granted Administrator permissions via the RBAC configuration to still have the Administrator permission even though they should no longer have this level of access. With this fix, if the authorization strategy in Operations Center is not CloudBees Role Based Authorization strategy, then the obsolete configuration will be removed from controllers.

In Operation Center, the managed controller contextual menu showed actions that the user was not allowed to execute, so when they would try, they would get an error message. With this fix, the managed controller contextual menu no shows only the actions that the user is allowed to execute.

Client controller instances could not start if users used a configuration bundle without plugins and/or plugin catalogs. With this fix, the plugins list and plugin catalog fields are optional.

Using the Move/Copy/Promote option to move or delete a managed controller for the second time was failing because the log file in the managed controller’s' old location was not properly closed before moving or deleting the files. With this fix, the log file in the managed controller’s' old location is closed before the controller is moved or deleted and using Move/Copy/Promote works as expected.

The administrative monitor always warned about new versions of the configuration bundle if the client controller had a link file. With this fix, the HttpLoader now has its own implementation of getUpstreamVersion, so the configuration is updated correctly.

The Backup plugin included extraneous libraries that increased the artifact size unnecessarily. With this fix, we now exclude unnecessary dependencies from the httpclient artifact maven dependency.

We fixed a regression in RSS and Atom feeds where an uninitialized variable resulted in partial entries.

Concurrent executions of the Pipeline Template Catalog CLI commands could cause erroneous behavior. With this fix, the Pipeline Template Catalog CLI commands are now synchronized with respect to other operations that modify Pipeline Template Catalogs so that catalogs are not modified concurrently.

In some cases (as in abruptly disconnected browsers) the Pub-Sub “light” plugin was not informed and was unable to store/send messages to some destinations, so some queues kept growing because of retries. With this fix, we have added some TTL (time to live) for the messages queue to discard them after a certain time if not successfully sent.

Modifications to the JIRA configuration completed in the UI were not persisted on disk, only kept in memory. Therefore, after jenkins was restarted, the settings were lost. With this fix, the JIRA configuration are correctly saved on disk.

Pipelines could not be restarted from checkpoints in version 2.2 of CloudBees Pipeline Stage View Extensions. With this fix, pipelines are now able to be restarted from checkpoints.

When configuring new multibranch pipeline projects to build projects hosted on GitHub Enterprise servers, there was a bug that caused the apiUri field in that job’s config.xml file to be incorrectly set to point to github.com. With this fix, we no longer reset the apiUri field if it is already set. Instead, it retains its correctly calculated value of github-enterprise-server/api/v3.

Using the dir step inside of the withContainer step did not work correctly when running Docker 17.12 or older. With this fix, the dir step should now work correctly with older versions of Docker.

Upgraded CloudBees Pipeline Stage View Extensions from 2.2 to 2.3. Pipelines could not be restarted from checkpoints in version 2.2 of CloudBees Pipeline Stage View Extensions. With this fix, pipelines are now able to be restarted from checkpoints.

Improvements have been made to the documentation for deploying CloudBees Core on Modern Platforms on OpenShift using Helm.

Upgraded CloudBees Docker Pipeline Plugin from 1.18 to 1.19. Using the dir step inside of the withContainer step did not work correctly when running Docker 17.12 or older. With this fix, the dir step should now work correctly with older versions of Docker.

Upgraded GitHub Branch Source Plugin from 2.5.5 to 2.5.6. When configuring new multibranch pipeline projects to build projects hosted on GitHub Enterprise servers, there was a bug that caused the apiUri field in that job’s config.xml file to be incorrectly set to point to github.com. With this fix, we no longer reset the apiUri field if it is already set. Instead, it retains its correctly calculated value of github-enterprise-server/api/v3.

Upgraded CloudBees Backup Plugin from 3.38.13 to 3.38.14. The Backup plugin included extraneous libraries that increased the artifact size unnecessarily. With this fix, we now exclude unnecessary dependencies from the httpclient artifact maven dependency.

Upgraded JIRA Plugin from 3.0.8 to 3.0.9. Modifications to the JIRA configuration completed in the UI were not persisted on disk, only kept in memory. Therefore, after jenkins was restarted, the settings were lost. With this fix, the JIRA configuration are correctly saved on disk.

Users using plugin catalogs with external Maven2 repository layout for plugin resolution were not able to push the plugin catalog to a client controller, and were receiving class not found errors. With this fix, we now use the proper classloader to load the involved classes.

Configuration snippets from Operations Center could be applied before Jenkins was fully loaded, leading to loss of configuration. With this fix, configuration snippets are no longer applied until we are sure that the Jenkins configuration has been deserialized

When the Operations Center authorization strategy was changed from the CloudBees Role Based Authorization strategy to something else, team controllers would still have a copy of the outdated configuration. This situation would allow users who had previously been granted Administrator permissions via the RBAC configuration to still have the Administrator permission even though they should no longer have this level of access. With this fix, if the authorization strategy in Operations Center is not CloudBees Role Based Authorization strategy, then the obsolete configuration will be removed from controllers.

In Operation Center, the managed controller contextual menu showed actions that the user was not allowed to execute, so when they would try, they would get an error message. With this fix, the managed controller contextual menu no shows only the actions that the user is allowed to execute.

Client controller instances could not start if users used a configuration bundle without plugins and/or plugin catalogs. With this fix, the plugins list and plugin catalog fields are optional.

Using the Move/Copy/Promote option to move or delete a managed controller for the second time was failing because the log file in the managed controller’s' old location was not properly closed before moving or deleting the files. With this fix, the log file in the managed controller’s old location is closed before the controller is moved or deleted and using Move/Copy/Promote works as expected.

The administrative monitor always warned about new versions of the configuration bundle if the client controller had a link file. With this fix, the HttpLoader now has its own implementation of getUpstreamVersion, so the configuration is updated correctly.

Fixed a regression in RSS and Atom feeds where an uninitialized variable resulted in partial entries.

Concurrent executions of the Pipeline Template Catalog CLI commands could cause erroneous behavior. With this fix, the Pipeline Template Catalog CLI commands are now synchronized with respect to other operations that modify Pipeline Template Catalogs so that catalogs are not modified concurrently.

In some cases (as in abruptly disconnected browsers) the Pub-Sub “light” plugin was not informed and was unable to store/send messages to some destinations, so some queues kept growing because of retries. With this fix, we have added some TTL (time to live) for the messages queue to discard them after a certain time if not successfully sent.

CloudBees Security Advisory 2019-10-01