CloudBees CI on modern cloud platforms 2.190.2.2

The Helm chart now provides a way to set up a namespace to schedule controllers only.

Define affinity/anti-affinity rules for Operations Center

A common issue in installations with many controllers is "I have a cluster with a lot of controllers that aren’t being used most of the time". For those cases, CloudBees offers the managed controller hibernation feature, which helps you "turn off" idle or unused controllers.

Added compatibility with the Jenkins Configuration as Code Plugin to Secure Requester Whitelist Plugin

Problem: Controller provisioning is not compatible with OpenShift 4.1

Problem: Some fields shown as available in the values.yaml file of the Helm chart were actually unused.

Problem: Jenkins Autodiscovery was enabled by default on Operations Center and both generated useless noise and created potential security issues.

Problem: On startup, some deprecated JVM flags were used to control RAM usage.

Problem: Annotations are being cleared when sidecar-injector is used.

Upgraded Blue Ocean Plugin from 1.18.1 to 1.19.0. Blue Ocean was unable to show the visualization for Pipelines when build causes for the Pipeline were null. With this fix, Blue Ocean now checks if build causes are null before attempting to access them.

Upgraded CloudBees Jenkins Enterprise New User Experience from 1.2.22 to 1.2.24. When the authorization strategy on Operations Center was not RBAC (Role Based Access Control), Operation Center’s SSO (single sign-on) was not functioning properly, even when the user was granted access to the controller. Instead, after creating a team, users were redirected to the team controller login page. With this fix, Operations Center correctly propagates the security realm to the controller even when RBAC is not the authorization strategy.

Upgraded GitHub Branch Source Plugin from 2.5.6 to 2.5.8. Users were unable to override default webhook URLs to receive webhook events, for example, in cases where a Jenkins controller is behind a firewall and there is a proxy service to receive webhook events or the Jenkins controller is down and there is queuing service to collect webhook events to be delivered to Jenkins controller when it comes back up. With this fix, users can now use the JVM property jenkins.hook.url to configure a webhook URL.

Upgraded Jackson2 API Plugin from 2.9.9.1 to 2.9.10. Previous releases of Jackson were vulnerable to numerous CVEs listed in https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.10#databind which are fixed in this release.

Upgraded JIRA Plugin from 3.0.9 to 3.0.10. The previously provided version of the Jira plugin, 3.0.9, bundled Jackson 1.x in its dependencies making it vulnerable to CVE-2017-7525. This upgrade to Jira plugin version 3.0.10 excludes these Jackson libraries.

Upgraded Operations Center Context Plugin from 2.176.0.6 to 2.190.0.1.Maven jobs could not be moved/copied using the Move/Copy/Promote feature. With this fix, there is a new file (permalinks) inside the builds folder which is autogenerated by Jenkins core, and the Move/Copy operations are overwriting it now.

Upgraded Pipeline Event Step from 1.5 to 1.7. The JSON field that is present for all inherited classes of Cause "_class" was missing on BuildTriggerCause, which was an issue when using it with groovy code in Pipelines. With this fix, the field "_class" is now present again. When creating Pipelines with groovy scripts, JSON files that contained a null attribute would cause the build to fail, and an exception was fired, "org.kohsuke.stapler.export.NotExportableException: class net.sf.json.JSONNull doesn’t have @ExportedBean". With this fix, when creating Pipelines with groovy scripts, if the JSON file has a null value, Jenkins will remove the attribute from the JSON when exporting it.

Upgraded PubSub Light Plugin from 1.12 to 1.13. When used with the SSE Gateway Plugin, the PubSub “light” Bus Plugin was generating a memory leak. With this fix, the plugins no longer generate a memory leak.

Upgraded Script Security Plugin from 1.63 to 1.66. A cache used by the class loader for sandboxed Groovy scripts was cleared out every time the garbage collector ran. This clearing out could lead to performance issues for complex sandboxed scripts, particularly in environments where the garbage collector ran frequently, as it significantly reduced the effectiveness of the cache. The cache used by the class loader for sandboxed Groovy scripts is no longer cleared out by the garbage collector.

Upgraded SSE Gateway Plugin from 1.17 to 1.20. When used with the SSE Gateway Plugin, the PubSub “light” Bus Plugin was generating a memory leak. With this fix, the plugins no longer generate a memory leak.

Upgraded SSH Credentials Plugin from 1.17.1 to 1.17.3. SSH keys saved as credentials without a new line at the end of the key caused errors with downstream consumers of the SSH keys. With this fix, SSH keys saved as credentials without a new line at the end of the key now work as expected.

Problem: If the managed controller hibernation monitor service wasn’t present, the thread count in Operations Center grew steadily as the dashboard was viewed.

Problem: Installing a new version of the Master Provisioning Kubernetes plugin (for example, via an updated CloudBees Jenkins Operations Center Docker image) without any accompanying role changes for that service caused Kubernetes permissions errors. These errors could interfere with the calculation of a managed controller’s state.

Problem: Some fields in a globally configured PodTemplate were lost when applied to actual builds. This caused failures in AbstractYamlPodTemplateFilter, among other things.

Problem: the Templates feature had not been updated to match recent Jenkins changes in item renaming: there was an old rename UI (editing Name in Configure) in addition to the new UI (Rename link); and renaming templates did not work (an error was thrown).

Problem: Agents could wind up on the same nodes as controllers and agents.

Previously, we were packaging the kubernetes-client Java library with the master-provisioning plugin.

Problem: The OperationsCenter.JavaOpts Helm chart parameter did not work, due to a mistake in the chart’s expansion.

Problem: Some of the new fields (showRawYaml, yamlMergeStrategy) that are available in new versions of the Kubernetes plugin are not exposed through the pod-template CLI command.