CloudBees CI on modern cloud platforms 2.235.1.2

Rolling release: 2020-06-22

Based on Jenkins LTS 2.235.1-cb-2

New features

Initial release of the Hibernation for Managed Master feature

Previously released as a Preview feature, the hibernation of Managed Masters feature is now fully supported. This feature helps you to "turn off" idle or unused Managed Masters. For details, see Managing Masters - Hibernation in Managed Masters.

Two new permissions added

To reflect the needs of medium to larger organizations, two new permissions have been introduced with Jenkins v2.222 which enable a CloudBees Core administrator to delegate some parts of administration to a user without having to grant them the powerful Overall/Administrator permission.

The two new permissions include:

  • Overall/Manage: safely grant a user the ability to manage a subset of CloudBees Core configuration options.

  • Overall/SystemRead: grant a user the ability to view most of CloudBees Core configuration options, but in read only mode.

    When using Role-based matrix authorization as your Global Security Authorization Strategy provided by the CloudBees Role-Based Access Control Plugin, the administrator can grant a user/group the Overall/Manage and/or Overall/SystemRead permission to enable this functionality.

    These new permissions are currently “Experimental” and disabled by default. To enable these new permissions, see Delegating Administration.

Feature enhancements

Update Kubernetes plugin dependency to 1.25.7 (CPLT2-6552)

This update addresses compatibility changes with the Kubernetes plugin.

Jenkins UI improvements (FNDJEN-2001), (FNDJEN-2076), FNDJEN-1902)

The following enhancements were made to the Jenkins UI as part of CloudBees' ongoing efforts to improve the usability of the UI:

  • Buttons were restyled.

  • The page footer was updated.

  • The user system fonts are now used.

  • Font sizes are now consistent across the application.

Replace Oracle JRE with OpenJDK in Windows distributables (PRD-2460)

Oracle JRE has been replaced with OpenJDK in Windows distributables. This was necessary to prevent potential Oracle licensing violations.

rootCA certificate will expire Oct 2021 (CTR-1724)

The rootCA certificate bundled with the CloudBees Jenkins Enterprise License Entitlement Check plugin will expire in Oct 2021, breaking the ability to check for new plugins or updates.

We added a new root certificate and code support for checking against multiple signing certificates.

Add telemetry for CloudBees High Availability (CTR-1898)

Data collection for the CloudBees Analytics Plugin

Add JCasC compatibility to Trigger Restrictions Plugin (CTR-1568, FNDJEN-2081)

The Trigger Restrictions plugin is now compatible with Jenkins Configuration as Code (JCasC).

JCasC compatibility with the CloudBees Skip Next Build Plugin (CTR-1567)

The CloudBees Skip Next Build Plugin is compatible with Jenkins Configuration as Code (JCasC).

Outdated okhttp v2.7.5 library does not support modern features including TLS 1.3. (NGPIPELINE-374)

Updated to use newer okhttp3 APIs with v3.12.12.

This update only affects instances with the GitHub Branch Source plugin.

Resolved issues

jenkins-agent configmap is missing latest updates (CPLT2-6549)

The jenkins-agent configmap hasn’t been updated with the Jenkins LTS counter part and didn’t have support for WebSockets.

The configmap now picks up the latest Jenkins LTS changes, which brings WebSocket support.

cloudbees-core-agent container fails when command and args are defined (CPLT2-6606)

Recent versions of the cloudbees/cloudbees-core-agent image had two volume directories owned by root. In certain customized configurations this could lead to failures to launch an agent pod.

These directories are now owned by the Jenkins user.

Managed Master - delete action not available in sidebar for every state (CTR-1726)

Before when a Managed Master was in an unknown state because there was a problem contacting the provisioner, there were no actions available to unblock the user.

With this fix, a Managed Master can now be deleted when it is in unknown state.

Confirmation window text misleading Persoalized Slack Messaging (STICKY-490)

The confirmation message displayed when deleting a user refers to the Slack token instead of the user.

The confirmation message now refers the user.

Update wording in Slack integration user administration (STICKY-489)

There were some typos and references to "Jenkins" in the user configuration page for the CloudBees CI Personalized Slack Messaging feature.

With this fix, the text now refers to "CloudBees CI" and the typos have been corrected.

Slack test message is misleading (STICKY-487)

The test message for the Personalized Slack Messaging feature was the same as the welcome message; however, the messages serve different purposes so the content was misleading.

With this fix, the test message is unique from the welcome message and conveys to the user the correct purpose of the message.

Syntax error is making the Helm chart fail (CPLT2-6638)

A syntax error in the Helm chart became fatal when using a recent Helm release that was built with Go 1.14.

An updated Helm chart version 3.15.1+94d2a6343fb6 was released to prevent this issue.

Add JCasC compatibility to git-validated-merge plugin (FNDJEN-2084)

Previous versions of git-validated-merge plugin were not tested to be compatible with JCasC.

The git-validated-merge-plugin is now tested to be compatible with JCasC.

Remove Availability option incompatible with permanent agents (CTR-1813)

In a CloudBees Jenkins operations center, creating a Permanent Agent with the Availability option Take this node off-line when idle" made the Jenkins instance crash because this Availability option is not compatible with Permanent Agents.

The Take this node off-line when idle Availability option is now only possible for Shared Agents.

Script Security plugin depended on and bundled an outdated version of caffeine. (NGPIPELINE-1172)

Script Security now depends on and bundles caffeine 2.8.2.

This update only affects instances with the Script Security plugin.

PathRemover should abort early after seeing a large number of exceptions (NGPIPELINE-1073)

In certain situations, it is possible for Jenkins to be unable to write or delete from disk during a build because of filesystem permissions. A customer reported a situation where this resulted in tens of thousands of FileSystmExceptions being thrown, which in turn ran the instance out of memory, triggering the OOM killer.

Instead of logging a needlessly large number of these exceptions, we log a reasonable number, 100 or less, and fail the build instead of trying to continue.

Known issues

None.

Upgrade notes

End of life announcement

As of July 1, 2020, CloudBees will no longer support Alpine container images. Red Hat Universal Base Image (UBI) images will be the standard going forward.

For information about UBI, see the Red Hat documentation.

The decision to move from Alpine to UBI was made because OpenJDK no longer supports Alpine. CloudBees has been building and maintaining these images. However, CloudBees is aware of DNS issues with some Kubernetes clusters that span from the Alpine base using muslc libraries as well as other binary differences when using the muslc vs standard c libraries.

Customers moving from Alpine to UBI container images should not see any impact from this change and should not need to migrate data.

This affects CloudBees Core on modern platforms only. CloudBees will continue to release Alpine images for CloudBees Jenkins Enterprise 1.x customers who have purchased extended support.

For more information regarding this end-of-life announcement, please contact your Customer Success Manager.