Feature enhancements
- ServiceNow Plugin enhancements (CPLT2-6278)
-
The ServiceNow Plugin is now certified on Orlando, New York, and Madrid versions of ServiceNow.
The plugin includes the following enhancements:
Pipeline Snippet Generator All Pipeline steps provided by this plugin are visible in the Pipeline Snippet Generator. You can use the Snippet Generator UI to configure your Pipeline step and generate the Groovy code to copy and paste into your Pipeline.
New Pipeline steps Two new steps were added:
serviceNowCreateandserviceNowUpdate. The syntax for each one is available in the Snippet Generator. All four existing steps have moved to the "Advanced/Deprecated" section in Snippet Generator, but remain functionally the same.Credentials Plugin integration ServiceNow instance credentials are now managed using the Credentials Plugin.
- ElasticSearch 7 support for elasticsearch-reporter-plugin (CPLT2-6525)
-
Support for ElasticSearch 7 was added. Support for ElasticSearch 5 was dropped because it its end-of-life status.
- Updated Kubernetes plugin to 1.26.2 (CPLT2-6643)
-
The Kubernetes plugin was updated to version 1.26.2.
- Updated sidecar injector to 2.0.4 (CPLT2-6637)
-
Sidecar injector was updated to 2.0.4.
The update removed the use of an attribute that is not supported by OpenShift 3.11. In addition, Docker images are now published with the OS/Arch attribute, which is mandatory to run in OpenShift.
- CloudBees Slack Integration plugin: Developer experience improvements (STICKY-332)
-
To improve the user experience for users configuring their Slack and GitHub settings, we made various updates to the Personalized Slack Messaging feature, including adding a separate page for a user to configure themselves.
This update only affects installations that include the CloudBees Slack Integration Plugin.
- GitHub/Slack integration complete analytics metrics (STICKY-344)
-
To make more informed improvements to the Personalized Slack Messaging feature, we are now collecting data on the following:
-
Clicks on Slack message content (STICKY-163)
-
Each time a Slack message is sent to a user (STICKY-161)
-
Configuration of the CloudBees Slack Integration plugin: valid token, number of registered users, number of opted in users and number of opted out users (STICKY-160)
To make more informed improvements to the CloudBees SCM Reporting feature, we are now collecting data on the following:
-
Bitbucket builds including anonymous details of configurations analogous to that sent for GitHub (STICKY-553)
-
Clicks on links from GitHub to CI (STICKY-188)
-
How often notifications are being sent to GitHub and what kinds of notifications are being sent (STICKY-201)
-
How the CloudBees SCM Reporting plugin is configured and which optional features are in use (STICKY-294)
No identifying information is included in the data we collect. Data is only sent to CloudBees if you are opted in to statistics collection.
-
- SCM/Slack integration optional plugin dependencies added into CAP (STICKY-344)
-
We added a couple of plugins to CAP that were dependencies for the Slack/SCM app integrations including:
- Personalized Slack Messaging uses hibernation friendly URLs (STICKY-546)
-
Before, if a Managed Master was using hibernation, then it could happen that after a build the links to CloudBees CI shown in the GitHub pull request (PR) could point to a master which had since hibernated, leading to 503 errors.
Slack messages linking to CloudBees CI now check for a master with hibernation enabled and automatically select an alternate redirect URL which will automatically wake the master if needed and then open the desired page once it is ready.
Update only affects installations that include the CloudBees Slack Integration Plugin.
- CloudBees SCM Reporting uses hibernation friendly URLs (STICKY-170)
-
Before, if a Managed Master was using hibernation, then it could happen that after a build the links to CloudBees CI shown in the GitHub pull request (PR) could point to a master which had since hibernated, leading to 503 errors.
GitHub reporting links to CloudBees CI now check for a master with hibernation enabled and automatically select an alternate redirect URL which will automatically wake the master if needed and then open the desired page once it is ready.
Update only affects installations with the CloudBees SCM Reporting Plugin.
- Enable GitHub App wizard for CloudBees SCM Reporting (STICKY-541)
-
Before, to enable GitHub Checks, users had to create a GitHub App manually, which was tedious and error-prone.
Repository or organization folders associated with github.com using a personal access token can now be converted to use GitHub App authentication using a wizard. See Enabling GitHub App authentication for more information.
Currently this option is not offered for GitHub Enterprise due to an outstanding bug in that product’s implementation of app creation. - Bitbucket support added to CloudBees SCM Reporting plugin (STICKY-564)
-
The CloudBees GitHub Reporting feature now supports Bitbucket as an SCM option and has been renamed to CloudBees SCM Reporting.
Update only affects installations with the CloudBees SCM Reporting Plugin.
- Enable use of multiple webhook secrets when using GitHub App wizard (STICKY-329)
-
When using the GitHub App creation wizard to configure CloudBees SCM Reporting, even if CloudBees CI already has a webhook secret registered, the wizard can add another secret.
Update only affects installations with the CloudBees SCM Reporting Plugin.
- Plugin version mention in Checks feedback link (STICKY-458)
-
Before, it was hard to tell from feedback messages what version of the CloudBees SCM Reporting plugin was being run.
We now include the plugin version number in the feedback link displayed in the Checks tabs.
Update only affects installations with the CloudBees SCM Reporting Plugin.
- Manage Jenkins page layout update (CTR-1468)
-
With this release we have moved management links to the correct category under Manage Jenkins.
- Upgrade GitHub API and GitHub Branch Source plugins to OkHttp3 (NGPIPELINE-374)
-
The outdated OkHttp3 v2.7.5 library does not support modern features including TLS 1.3.
The GitHub API and GitHub Branch Source plugins have been updated to use newer OkHttp3 APIs with v3.12.12.
Resolved issues
- Switch from beta.kubernetes.io/os to kubernetes.io/os (CPLT2-6532)
-
In Kubernetes 1.14+, the "OS" node label changed from
beta.kubernetes.io/ostokubernetes.io/os. The Kubernetes Plugin tries to ensure that default Pod Templates run on Linux by applying anodeSelectorwith the Linux OS label. If the label applied by the Kubernetes Plugin does not match the label in the Kubernetes cluster, the Pod will not be scheduled due to anodeSelectorlabel mismatch.To resolve this issue, the Kubernetes Plugin now uses the
kubernetes.io/oslabel as the defaultnodeSelectorlabel.Pod Templates that do not specify a
nodeSelectorwill not be scheduled properly on Kubernetes clusters older than 1.14. Upgrade to Kubernetes 1.14+ to resolve the issue. To work around the issue on older versions of Kubernetes, manually apply thebeta.kubernetes.io/os=linuxnode selector to pod templates, or manually apply thekubernetes.io/os=linuxlabel to worker nodes. - Sidecar should handle Certificate Signing Request (CSR) renewal automatically (CPLT2-6615)
-
When the certificate used to secure the communications to sidecar injector expired, there was no mechanism to renew it and the sidecar injector was no longer usable.
To resolve this, a regular job has been added to the sidecar-injector chart so that the certificate is automatically renewed, if needed. When using
rbac.autoApproveCSR=false, a new CSR will need to be approved one month before certificate expiration. - Helm template evaluation error on OperationsCenter.RunAsUser (CPLT2-6622)
-
When using the OperationsCenter.RunAsUser attribute in a values.yaml file, the template evaluation fails with an error about incompatible types.
Additional type checks have been added to ensure successful template evaluation whether the attribute is passed through command or through values.yaml
- Sidecar injector is missing Service CA bundle in OpenShift Container Platform (OCP) 4 (CPLT2-6647)
-
The Service CA bundle is now included. It enhances security when accessing sidecar injector on OpenShift by relying on the Service CA available in the platform.
- Missing update/patch permissions for secrets (CPLT2-6628)
-
When recreating a master with the same name as before, the configuration-as-code bundle needs to be updated, but Operations Center is missing the corresponding permissions.
Operations Center now has the permission to update and patch secrets.
- Master restart logic can lead to missing Ingress/Service (CPLT2-6520)
-
When restarting a master, sometimes the associated service and/or ingress disappears.
The restart procedure now ensures service and ingress are in place after the restart.
- KubectlBuildWrapper is broken (CPLT2-6641)
-
A regression in KubectlBuildWrapper prevented its usage.
The regression has been fixed so that KubectlBuildWrapper can now be used.
- CVE-2019-15847 Correct the vulnerability (CPLT2-5958)
-
The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the
__builtin_darn intrinsicinto a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified.To resolve this, GCC was updated to 9.3.0 in the Alpine 3.12 base image. GCC was backported from trunk to 9.3.0.
- Add permission check for CloudBees ServiceNow Plugin(CPLT2-6369)
-
A potential security leak existed due to the HTTP method not being required.
To fix this, the POST HTTP method is required on calls to validate.
- Remove mock-security-realm from envelope (CPLT2-6613)
-
CloudBees CI on modern cloud platforms and CloudBees Jenkins Enterprise operations center images included the Mock Security Realm plugin, which is not intended for production usage, only exploration.
This plugin has been removed from the product. It may still be installed from the update center, if desired.
- Error when creating Slack message if Root URL is not configured (STICKY-573)
-
We now prevent errors with Personalized Slack Messaging if the Jenkins Root URL is not configured when the a Slack message is created.
Update only affects installations with the CloudBees Slack Integration Plugin.
- Check Sender object is initialized before sending an event (STICKY-548)
-
We created a safety check for the metrics we collect on SCM/Slack app integrations to be sent only if the queue and sender are initialized and ready.
- CloudBees SCM Reporting length limit of 64Kb for GitHub Checks (STICKY-535)
-
Before, when using the GitHub Checks tab, lengthy submissions such as from verbose test runs could exceed a GitHub limit and fail to notify anything at all (seen as an error in the system log).
With this fix, the reported text is truncated to fit within the limit as needed.
Update only affects installations with the CloudBees SCM Reporting Plugin.
NoAppsNoCheckscan fail to send notification for longEndBuildErrorin CloudBees SCM Reporting (STICKY-378)-
When not using a GitHub App and the Checks tab, certain notifications could attempt to use a long description text that GitHub would reject, leading to a warning in the CloudBees CI system log and a missing notification.
Now, descriptions are truncated to 140 characters; GitHub Apps/Checks tab notifications are not affected.
Update only affects installations with the CloudBees SCM Reporting Plugin.
- Prevent emojis from appearing in code blocks on GitHub Checks tab (STICKY-462)
-
Before, code blocks in the Checks tab coming from build results could have rendered emojis.
With this fix, the colon in an emoji-like sequence is now replaced with a similar-looking character which will not be misinterpreted.
Update only affects installations with the CloudBees SCM Reporting Plugin.
- Use random state for GitHub App installation flow (STICKY-495)
-
Before, when creating a new GitHub App by wizard, the state passed between CloudBees CI and GitHub used encrypted information about CloudBees CI, which was unnecessary.
With this fix, the state is now random and can be used only once.
Update only affects installations with the CloudBees SCM Reporting Plugin.
- End-build-error step arguments could be multiline strings (STICKY-457)
-
Before, when a Pipeline step which failed a build had a multiline argument, which is common for example for
shsteps, the summary in the Checks tab would be improperly formatted.With this fix, the step arguments are now elided if they do not fit on one line.
Update only affects installations with the CloudBees SCM Reporting Plugin.
- Security enforcer does not disable elements in the master UI (CTR-1780)
-
Since 2.222.1.1, the security settings enforced by operations center to Client Masters appeared as editable in the masters (Global Security configuration), but any change on them was not saved.
Now those settings are displayed as disabled again.
- Configuration as Code (CasC) for Masters export is not JSON (CTR-1854)
-
Configuration as Code bundle export was returning "application/json" as the media type; however, the content is YAML syntax. As there is no official IETF media type for YAML, this endpoint now returns "text/plain".
- [JENKINS-62545] Infinite loop in FlowGraphTable.addTreeSibling for corrupted flow graphs (NGPIPELINE-1222)
-
Traversing a Pipeline execution using the FlowGraphTable API (used primarily for the Pipeline Steps view) could cause infinite loops for corrupted Pipelines in rare cases.
With this fix, the FlowGraphTable API now returns an error if it detects that a Pipeline is corrupted in a way that would have previously caused an infinite loop.
- Plugin Catalog and CloudBees Configuration as Code should provide a way of specifying a proxy (FNDJEN-2078)
-
Configuration as Code for Masters cannot download plugins if they are under a proxy.
CloudBees Installation Manager now configures the proxy established in the jenkins.yaml file of the configuration bundle before attempting to download any plugin.