CloudBees CI on modern cloud platforms 2.289.2.2

Rolling release: 2021-06-30

Based on Jenkins LTS 2.289.2-cb-3

Security advisories

Release highlights video

Select to watch a video describing the highlights of this release

Critical issues

Remove the jquery and jquery-detached plugins from your CloudBees CI instance

The jquery and jquery-detached plugins have been removed from all CloudBees Jenkins-based products and are no longer part of CloudBees Assurance Program. However, these plugins are not automatically uninstalled from your CloudBees CI instance as other plugins you use may still have dependencies on them. Please ensure that your CloudBees CI instance does not have any dependencies on these plugins, and then remove them. For instructions on how to check for dependencies in a particular plugin, refer to How to determine if a plugin is in use.

New features

View pod templates that are available in a controller (BEE-3454)

This new feature lets you view a page showing all the pod templates that are available to be used for jobs on the controller.

You can access the new page from the side panel on job pages, if you have Job/Configure permissions. For more information, refer to the Kubernetes agents documentation.

A new Original bundle tab has been added to the CloudBees Configuration as Code bundles screen (BEE-1268)

A new Original bundle tab has been added to the controller Configuration as Code bundles screen to export the original bundle that was applied when the controller was set up.

If a controller does not have the correct plugins or global configuration settings that were originally applied, you can export the original bundle and compare it to the current configuration, to determine if recent changes may have been incorrectly applied to the controller.

The Bundle Files tab has also been renamed to Current configuration and a new button added to export the entire current configuration in zip format.

For more information, refer to Configuration as Code (CasC) for Controllers.

A new CasC bundle column has been added to the operations center dashboard (BEE-1252)

A new CasC bundle column has been added to the operations center dashboard to easily determine the Configuration as Code (CasC) bundle assigned to a controller.

For more information, refer to Configuration as Code (CasC) for Controllers.

A new CloudBees Prometheus plugin has been added to the operations center and is included in the CloudBees Assurance Program (CAP) (BEE-2447)

The plugin exposes basic metrics in Prometheus format and collects:

  • Basic system metrics, such as garbage collection, memory pools, class-loading, and thread counts.

  • Metrics collected by the Metrics plugin for Jenkins, which is installed by default.

For more information, refer to CloudBees Prometheus plugin.

Feature enhancements

Split controllers across ALBs to accommodate larger deployments (BEE-5266)

When you use the Amazon Web Services Load Balancer Controller (ALB) for an Amazon EKS deployment, ALB default service quotas limit the number of controllers that can be deployed on a single ALB.

In AWS EKS deployments that use the ALB ingress, controllers are now split across multiple ALBs to better scale with environments that require additional controllers. For more information, refer to Installing CloudBees CI on modern cloud platforms on EKS

Upgraded the JGroups release used for the High Availability plugin to 4.2.15 (BEE-111)

The version of JGroups used for the High Availability plugin has been upgraded to 4.2.15. Additionally, a maximum length has been added for messages that are exchanged between nodes to prevent potential memory issues.

If you use a custom $JENKINS_HOME/jgroups.xml configuration, you should compare it to the new default configuration and update your custom configuration so that it contains the maximum length setting.

Enhanced logging for cluster operations (BEE-4688)

Any controllers that are scheduled for cluster operations now appear at the top of the build console. This enhancement can help you easily identify operations that have not yet been processed.

Resolved issues

Disable modification of namespace field when a volume exists (BEE-5019)

When a controller is already tied to a volume, its namespace can’t be modified anymore. This prevents you from manipulating a value that causes the controller to become inoperable.

Fixed support for OperationsCenter.Hostname value (BEE-5884)

If OperationsCenter.Hostname was omitted from the Helm values when you provisioned a controller, the controller was provisioned using a defined hostname. This caused the operations center URL to return an http 404 error.

The expected behavior has now been restored. When you omit OperationsCenter.Hostname, managed controllers are now provisioned without a host name.

Upgrade caused null pointer exception (BEE-2759)

An upgrade to the cloud class was causing a null value to be dereferenced, creating a null pointer exception.

This issue has been resolved. The null value is no longer dereferenced, preventing the null pointer exception from occurring.

Kubernetes agent widget doesn’t refresh automatically (BEE-5186)

An error was preventing the Kubernetes agent from automatically refreshing, leading to 404 errors.

This error has been resolved.

The CloudBees CI user interface previously had a different appearance from CloudBees Software Delivery Automation, including the navigation bar. (BEE-445)

Some aspects of the general CloudBees style are now applied to certain controls in CloudBees CI.

Users unable to sign in through LDAP (BEE-4650)

Users were unable to sign in through LDAP if the LDAP-configured root DN contained characters that were unsafe for a URL, for example, a space.

This has now been resolved. The plugin now works around the upstream issue to restore access.

Updated style on the Security Warnings Administrative Monitor (BEE-5493)

The message style used on the offline Security Warnings Administrative Monitor was updated so that it aligns with other administrative monitors.

Corrected user interface text for CloudBees Update Center (BEE-687)

The CloudBees Update Center was referenced using an outdated name.

The text was updated and it now refers to the CloudBees Update Center using the proper term.

Secret File credentials could not be shared with a connected controller (BEE-3244)

If you attempted to share the Secret File credentials from the operations center to a connected controller, and the file was too large, the operation failed with an exception.

This issue has been resolved. The size of the Secret File credentials file no longer prevents it from being shared. To apply this fix, you must update the plugin on both the operations center and the controller.

Replaced the Fast Archiver plugin as the default archiver (BEE-172)

Previously, the Fast Archiver plugin was enabled on controllers as the default archiver, even if you did not configure it.

Now the Jenkins Core archiver is enabled as the archiver by default, if you do not select another configurable option. For more information, refer to Managing artifacts with CloudBees Fast Archiving plugin.

Terminology updates (BEE-2360, BEE-2362, BEE-2385, BEE-2391, BEE-2397, BEE-2432, BEE-2436, BEE-2443, BEE-2444, BEE-2445, BEE-2494, BEE-2495, BEE-2532, BEE-2535, BEE-2536, BEE-2537, BEE-2539, BEE-5003, BEE-5192)

CloudBees is updating terminology to remove offensive text. During this ongoing initiative, “controller” replaces “master,” “agent” replaces “slave,” “allowlist” replaces “whitelist,” and “denylist” replaces “blacklist.”

A CasC bundle’s availability pattern cannot be defined programmatically (BEE-4848)

If using CloudBees CI 2.277.4.2 - 2.289.1.2, and you sent the casc-bundle/set-master-to-bundle HTTP API endpoint, no CasC bundles were available to assign to the controller and an error was returned.

A new casc-bundle/set-availability-pattern HTTP API endpoint has been added to programmatically define the availability pattern of a CasC bundle.

The casc-bundle/set-master-to-bundle HTTP API endpoint has been deprecated due to offensive terminology. The casc-bundle/set-controller-to-bundle endpoint should be used for all new applications.
Support for additional CasC HTTP API endpoints (BEE-4848 and BEE-5113)

The following HTTP API endpoints have been added for CasC, to correspond with functionality previously implemented in the user interface.

  • casc-bundle/set-global-availability-pattern-behavior to specify the default global availability pattern behavior.

  • casc-bundle/set-controller-to-bundle to assign a bundle to a controller.

    The casc-bundle/set-master-to-bundle HTTP API endpoint has been deprecated due to offensive terminology. The casc-bundle/set-controller-to-bundle endpoint should be used for all new applications.
  • casc-bundle/set-default-bundle to specify a default bundle that is pre-selected in the operations center controller configuration screen when setting up a new controller.

Support for additional CasC CLI commands (BEE-4848 and BEE-5113)

The following CLI commands have been added for CasC, to correspond with functionality previously implemented in the user interface.

  • casc-bundle-set-global-availability-pattern-behavior to specify the default global availability pattern behavior.

  • casc-bundle-set-controller to assign a bundle to a controller.

    The casc-bundle-set-master CLI command has been deprecated due to offensive terminology. The casc-bundle-set-controller command should be used for all new applications.
  • casc-bundle-set-default-bundle to specify a default bundle that is pre-selected in the operations center controller configuration screen when setting up a new controller.

A CasC bundle hot reload generated a NullPointerException if no updates were necessary (BEE-5443)

When signed in to a controller, if you selected Reload Configuration from the CloudBees Configuration as Code bundles screen, the reload failed with a NullPointerException exception if there was nothing to update.

This issue has been resolved and no longer results in an exception.

Users with the Overall/Manage permission should be allowed to perform a hot reload for a CasC bundle (BEE-3618)

Users with the Overall/Manage permission can now perform a hot reload for a CasC bundle. Previously, only users with the Overall/Administer permission could perform a hot reload.

Removed commons-compress dependency (BEE-5351)

A recent update added a dependency to the commons-compress library that is provided by Jenkins core. The component contained a flaw related to uncaught runtime exceptions.

This issue is resolved. The dependency was removed and the version packaged in Jenkins core will be used instead.

Fixed compatibility issues with Credentials and Credentials Binding plugins (BEE-6444)

Changes to the Credentials plugin version 2.5 and the Credentials Binding plugin version 1.25 caused the CloudBees Enhanced Credentials Masking plugin to no longer hide usernames and passwords outside of the withCredentials step.

The issues with the Credentials and Credentials Binding plugins have been resolved. The Enhanced Credentials Masking plugin now hides secrets as expected.

Known issues

Resolving a failed migration of the Role-Based Access Control (RBAC) plugin (BEE-5599)

In CloudBees Role-Based Access Control Plugin 5.42, CloudBees moved RBAC configurations from the config.xml file to a new file named nectar-rbac.xml. Migration data is now spread across multiple plugins, and if all of the plugins are not upgraded at the same time as the RBAC plugin, the RBAC migration may not be completed successfully.

If you upgrade plugins using the Beekeeper Upgrade Assistant, and you selected Allow automatic upgrades of plugins on restart, the migration to version 5.42 is successful. However, if you manually upgraded the RBAC plugin to version 5.42, the upgrade may not be complete. Refer to Migrating from versions prior to 5.42 for more information.