CloudBees CI on modern cloud platforms 2.277.4.3

Rolling release: 2021-05-11

Based on Jenkins LTS 2.277.4-cb-2

Security advisories

CloudBees Security Advisory 2021-05-11

Critical issues

Remove the jquery and jquery-detached plugins from your CloudBees CI instance

The jquery and jquery-detached plugins have been removed from all CloudBees Jenkins-based products and are no longer part of CloudBees Assurance Program. However, these plugins are not automatically uninstalled from your CloudBees CI instance as other plugins you use may still have dependencies on them. Please ensure that your CloudBees CI instance does not have any dependencies on these plugins, and then remove them. For instructions on how to check for dependencies in a particular plugin, refer to How to determine if a plugin is in use.

Security fixes

Important Security Update - Action Required

The Jenkins community announced a new security vulnerability today. This issue was discovered by CloudBees security researchers as a part of their regular penetration testing.

CloudBees strongly recommends that you take immediate action to protect your Jenkins environment, including any version of CloudBees CI, CloudBees Jenkins Platform, CloudBees Jenkins Enterprise, CloudBees Jenkins Distribution, or Jenkins.

There are two ways to protect against this vulnerability. The first option is available only to customers running CloudBees CI, CloudBees Jenkins Platform, or CloudBees Jenkins Enterprise.

  1. If you are running CloudBees CI, CloudBees Jenkins Platform, or CloudBees Jenkins Enterprise, you can follow the steps in this Knowledge Base article to use the CloudBees Request Filter plugin to protect your environment. This approach does not require a restart or cause disruption to production workloads.

  2. You can upgrade to the version of CloudBees products mentioned in the CloudBees Security Advisory 2021-05-11.

    For more information, see the CloudBees Security Advisory 2021-05-11.

New features

None.

Feature enhancements

None.

Resolved issues

None.

Known issues

OperationsCenter.Hostname is no longer optional (BEE-3186)

The OperationsCenter.HostName field is optional. However, a known issue has changed its behavior so that the installation fails unless you provide one. Until the issue is resolved, you must either configure a hostname during the installation, or change settings in the system properties before you attempt the installation.

Refer to the links below for more information about how to configure the hostname or change the system properties:

Upgrade notes

Jenkins 2.277 upgrade notes